Posts

How to avoid Online Fundraising Scams

You’ve probably heard of the gofundme.com site, where all sorts of stories are posted of people seeking donations. Some are tragic, others are trite. You may be touched by a particular story, perhaps one in which an entire family is killed in a house fire.

9DYou click the “Donate Now” button and donate $50. So just how do you know that family who died in the fire really existed?

Gofundme.com and similar sites are loaded with “campaigns,” just tons of them. Think of the logistics involved if these sites hired people to verify every campaign. This would require enormous amounts of time and a lot of people and expense.

People don’t think. They just assume every campaign is for real. Do you realize how easy it is to start a campaign? Gofundme.com, for instance, only requires that you have a Facebook account with a valid-looking profile picture of the campaign starter, and at least 10 Facebook friends (last I checked, anyways).

  • Who at Gofundme.com and similar sites verifies that the profile picture is that of the campaign starter?
  • Who at these sites verifies that the “friends” are legitimate, vs. all phony accounts or “friends” purchased from seedy overseas companies that create fake profiles?
  • Even if the avatar and friends are for real, how do these crowdfunding sites confirm the authenticity of the campaigns?

It’s all based on the honor system. You take their word for it, though some campaigns are high profile cases. People have given money to fake campaigns. How can you prevent getting conned?

  • Check the news to see if the campaign story really happened. But a house fire in a small town doesn’t always hit the Internet. Nor is it newsworthy that some housewife is trying to raise money to buy her disabled son a set of golf clubs. So stay with campaign stories that you know have occurred.
  • But again, a scammer could take a real story, pretend to know a victim and scam donators. So see if there’s a legitimate pathway to donate to the real people involved in the story, such as through their local police department.
  • Stick to reputable charity sites. Offline, never give money solicited over the phone.
  • Be leery of charity solicitations for very high profile cases, as these attract scammers.
  • If donations are solicited by snail mail, check the Better Business Bureau. Any scammer could create a legitimate sounding name: “American Association for Autistic Children.”

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

How to prevent your Pics from being lifted: Part 2 of 2

There are many reasons someone might right-click on your image and “Save image as…”

Porn, Sex and Dating Sites

  • A woman might steal your blog headshot and use it for her dating site profile.
  • A perv might take the picture of your child off your Facebook page and put it on a porn site.
  • A person who runs a racy dating site might take your image and use it to advertise his service.

Scams

  • Someone might use, without your knowledge, a photo of your house for a rental scam.
  • Your motorcycle, jet ski, boat, puppy…you name it…could be used for scam for-classified sale ads.
  • Your avatar may be used for a phony Facebook account to then be posted in the comments section of news articles pitching some get-rich-quick scheme.

Fantasy Lives

  • Your image could be used by a lonely person to create a fictitious Facebook account.
  • A person with a real Facebook account may be so desperate for friends that they use your photo to create a fake account to then add as a friend.
  • Someone you know may steal your photo (such as an ex-lover) and create a social media account in your name, then post things on it that make you look really bad.

How can you protect your digital life?

  • For your social media accounts, make sure your privacy settings are on their highest so that the whole world can’t see your life.
  • Watermark your images so that they have less appeal to image thieves, but keep in mind that they’ll have less appeal to you too.
  • It’s one thing when an image of your house was stolen for a rental scam, but it’s a whole new animal if an image of your naked body or you engaged in a sex act was stolen. So don’t put racy images online. Never.
  • Explain to your kids about the risks of stolen images.
  • Make sure their social media privacy settings are high.
  • It’s possible your smartphone automatically stores pictures you take online. Turn off this feature.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing identity theft prevention.

How to prevent your Pics from being lifted: Part 1 of 2

You need not be a celebrity or some big wig to suffer the devastating fallout of your online images (and videos) being stolen or used without your permission.

10DSo how does someone steal your image or use it without your permission?

Hacking

  • Hacking is one way, especially if passwords are weak and the answers to security questions can easily be figured out (e.g., “Name of your first pet,” and on your Facebook page there’s a picture of you: “My very first dog, Snickers”).
  • Malware can be installed on your device if the operating system, browser or security software is out of date.
  • But hackers may also get into a cloud service depending on their and your level of security.

Cloud Services

  • In 2014, the images of celebrities and others were stolen from their iCloud accounts. At the time, two factor authentication was not available to consumers.
  • Apple did not take responsibility, claiming that the hackers guessed the passwords of the victims. This is entirely possible as many use the same passwords for multiple accounts. It is reported that Jennifer Lawrence’s and Kate Upton’s passwords really were123qwe and Password1, respectively.

Social Media

  • Got a pretty avatar for your Facebook page? Do you realize how easy it is for someone to “Save image as…”?
  • Yup, someone could right-click on your provocative image, save it and use it for some sex site.
  • And it’s not just images of adults being stolen. Images of children have been stolen and posted on porn sites.
  • Stolen photos are not always racy. A stolen image could be of an innocent child smiling with her hands on her cheeks.
  • The thief doesn’t necessarily post his loot on porn or sex sites. It could be for any service or product. But the point is: Your image is being used without your authorization.

Sexting

  • Kids and teens and of course adults are sending sexually explicit images of each other via smartphone. These photos can end up anywhere.
  • Applications exist that destroy the image moments after it appears to the sender.
  • These applications can be circumvented! Thus, the rule should be never, ever, ever send photos via smartphone that you would not want your fragile great-grandmother or your employer to view.

How can you protect your digital life?

  • Long, strong passwords—unique for every single account
  • Change your passwords regularly.
  • Firewall and up-to-date antivirus software
  • Make sure the answers to your security questions can’t be found online.
  • If any of your accounts have an option for two-factor authentication, then use it.
  • Never open attachments unless you’re expecting them.
  • Never click links inside e-mails unless you’re expecting them.

Stay tuned to Part 2 of How to prevent your Pics from being lifted to learn more.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

How to Stop Sharing Your Location Information

The Internet helps us connect and share with people around the world, but there are some people with whom you definitely shouldn’t be sharing your information. Although it’s not pleasant to think about, it’s not just friends and family that can see your online posts, bad guys can too, including criminals and even sex offenders.

7WSo, when you take a photo of your kids in your backyard, know that if you post that picture on social media, a predator can potentially obtain the GPS coordinates of where that picture was shot.

This is because every time you take a picture, technical data is created and stored along with the image. This is called “EXIF data”, or exchangeable image file format. When this data includes location information, such as the exact GPS coordinates of where the photo was taken, the image is then “geotagged.”

The good news is you can view the EXIF data, and remove it to prevent predators from getting your location information. EXIF data will always be added to the storage of every picture you take; there’s no way to prevent this. But you can delete it.

Here’s how to prevent strangers from seeing your location information:

  • Select the image on your computer and right-hand click on it.
  • Select “properties.” You’ll find all the data here.
  • Go to the location, or EXIF data.
  • At the end of all the information you’ll see “Remove Properties and Personal Information.” This will wipe out the coordinates.
  • You should go through this process before posting photos online, because once they’re online, you can’t control who sees this information.
  • However, it will still be worth your while to strip this data from photos already posted online. For all you know, tomorrow is the day that a bad guy reads your location information, so today is the day to delete it.

Some people’s social media pages have an endless scroll of personal photos, including pictures of their children and teens. Be very selective of what you post online, and always delete the EXIF data before posting.

Save the pictures you don’t post for a hardcopy photo album. That way you’ll dramatically cut down on the time spent eradicating your location information, while increasing your online security.

Here’s some more tips to use location services safely:

  • Turn off the GPS function on your smartphone camera or digital camera. This is important if you are going to be sharing your images online. Instructions on how to turn off geotagging will vary, but we suggest referring to your phone or camera’s manual for further instructions on how to adjust this feature. You also might want to consider only letting certain apps (like maps) use your location data on your mobile device.
  • Check your privacy settings on social networks and photo sharing sites. Make sure that you are only sharing information with friends and family. Also, make sure that you only accept people into your network that you know in real life.
  • Be aware of the fact that the information you share on one social network may be linked to another.For instance, a photo you post to Twitter may automatically post to your Facebook profile. Because of this, it’s important that you check the privacy settings on all your accounts.
  • Finally, be careful about what images you’re sharing and when you are sharing them.Rather than uploading a picture that reveals your location the moment you take it, wait until you get home to upload it.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Mother Nature can ruin your business: Get ready for natural disasters now

September is almost over. This means National Preparedness Month is nearing its end. Nevertheless, you must be prepared all year long to stay safe. National Preparedness Month culminates September 30th with National PrepareAthon Day.

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294In the boxing ring, if you focus on the knockout punches too much, the quick sharp jabs are what may bring you down. This is how some businesses approach their security. They put too much emphasis on preventing that mountainous data breach, while smaller everyday threats sneak by.

Those smaller threats may be difficult to get at, and they can knock you out for good. A company may have all eyes on that Russian hacking ring, a fire or hurricane. But threats come in all flavors.

A business just can’t use all its artillery against the “big” threats, because this will create non-flexible tactics that unravel in the face of an unexpected threat.

Unless company leaders are psychic, they can’t anticipate every possible threat. But being narrowly focused is no good, either. Here are some tips on how to widen that focus and plan for disaster:

  • Certainly, gear up for the “big” threats like natural disasters and brick-and-mortar crimes. This includes having insurance plans, conducting evacuation training, and implementing additional protection like smoke detectors and fire extinguishers.
  • Create a list of as many possible threats you can think of. If you can conceive it, it probably can happen.
  • Come up with a backup location should your primary office location be rendered inoperable.
  • Create a core response team for any kind of disasters, and see to it that the members are easy to reach. Have a secondary team in place in case anyone in the primary core can’t function.
  • Establish post-disaster communication plans for employees, customers/clients and vendors. Have a list of backup vendors.
  • Create security plans that are flexible rather than rigid, and make sure they are regularly updated.
  • Back up all data. Have an onsite data backup as well as cloud backup.
  • Replace computers every 2-3 years. But don’t wait that long if the following symptoms of a croaking computer occur: odd noises during boot-up; things taking way too long; a blue screen.

The preparation and prevention tactics above apply to businesses and really, everyone. Employees should be rigorously trained on proactive security and tricks that cyber thieves use. To learn more about preparing your small business for disasters, download Carbonite’s e-book, “Five Things Small Businesses Need to Know about Disaster Recovery.”

#1 Best Selling Author Robert Siciliano CSP, CEO of IDTheftSecurity.com is a United States Coast Guard Auxiliary Flotilla Staff Officer of the U.S. Department of Homeland Security whose motto is Semper Paratus (Always Ready). He is a four time Boston Marathoner, Private Investigator and is fiercely committed to informing, educating, and empowering people so they can be protected from violence and crime in the physical and virtual worlds. As a Certified Speaking Professional his “tell it like it is” style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders. Disclosures.

7 Ways to protect Yourself Online

The biggest mistake that you can make to threaten your online safety is to treat the online world different—as far as your private information—than you would treat the physical world. In other words, if someone walked up to you and said, “Hi, can you please provide me with your name, address, birth date, home phone, cell phone, email, usernames, passowords all your friends names and all their contact info?” I think not.

9DWhat sane person would pass out cards with their Social Security number, birth date, full name, home address and bank account information to every stranger they walk past on the street? But essentially, that’s what many people do online.

Here are seven risky online behaviors:

  • Posting photos. As innocent as this sounds, photos of children have been known to get stolen and posted on child porn sites. Right click, save image as, then save to desktop; that’s all it takes. Does this mean never post photos of your kids? No. But save the picture of your naked two-year-old girl in the bathtub for your desktop. And don’t post vacation photos until after you return home.
  • Another thing about photos: Don’t post pictures of yourself engaging in activities that could come back to haunt you in some way. For example, you post a picture of yourself smoking while at a picnic. You apply for new health insurance and say you’re a nonsmoker. The insurance company might decide to view your social media pictures to catch you in the act.
  • Sounds innocent: You let your kids use your computer. But even if there are parental controls in place, your kids can still unknowingly let in a virus. Then you sit down to do some online banking…and the hacker whose virus is in your computer will then have your login credentials and bank account numbers, plus everything else. Ideally, you use a designated computer only for conducting sensitive online transactions.
  • A hacker sends (via bot) out 10,000 e-mails that are made to look like they’re from UPS. Out of 10,000 random recipients, chances are that a good number of them are waiting any day for a UPS shipment. This could be you. Will you open the e-mail and click on the link inside it? If you do, you’ll likely download a virus. This is a phishing scam. Contact the company by phone to verify the e-mail’s legitimacy. Better yet, just never click on the doggone links.
  • Do you know your apps? They most certainly know you—way too much, too. Applications for your phone can do the following: read your phone’s ID, continuously track your location, run your other applications, know your SIM card number and know your account number. Before downloading an app, find out what it can find out about you.
  • Don’t take silly online quizzes. Whoever’s behind them might just want to get as much information on you as possible with the idea of committing identity theft. Got some extra time? Read a book or do a crossword puzzle.
  • Never conduct business transactions using free Wi-Fi unless you have a virtual private network. Otherwise, anyone can cyber-see what you’re doing.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

How to prepare for Digital Disasters

Editor’s Note: In this week’s guest blog security expert Robert Siciliano explains how to protect your IT systems and your business from hardware failure. To learn more, download our new e-book, “5 Things Small Businesses Need to Know about Disaster Recovery.”

3DIt is September and that means National Preparedness Month: an ideal time to get involved in your community’s safety. Make plans to stay safe, and this includes keeping ongoing communications alive. National Preparedness Month culminates September 30th with National PrepareAthon! Day.

I can’t believe that people who heavily rely on a computer for business will still suddenly report to clients, “My computer crashed; can you resend me all the files?” What? Wait!

Why aren’t these people backing up their data on a frequent basis? If your computer is central to your business you should back up your data a minimum of once a day to protect against the following threats:

  • Computer hack
  • Unintentional deletion
  • Theft
  • Water or fire damage
  • Hard drive crash

To make daily data backups less daunting, carefully sift through all of your files to rid old, useless ones and organize still-needed ones. A mess of files with a common theme all over the desktop can be consolidated into a single folder.

Protecting your data begins with keeping your computer in a safe, secure, locked location, but this is only the first (and weakest) layer of protection. The next step is to automatically back up data to the cloud. The third layer is to use local backups, ideally use sync software that offers routine backups to multiple local drives. It’s also important to use antimalware security software to prevent attacks from hackers.

Additional Tips for Small Businesses Make de-cluttering a priority by deleting unnecessary digital files. This will help the computer run faster and help your daily backups run more quickly. Take some time to sift through your programs and delete the useless ones.

It’s also a good idea to clean up your disk regularly. Windows users can find the disk cleanup tool by going to the Performance Information and Tools section under the Control Panel.

Go to the control panel and hit “Hardware and Sound.” Then click “Power Options.” Choosing the recommended “balanced” power setting will benefit the hard drive.

Every two to three years, reinstall your operating system to keep your hard drive feeling like a spring chicken.

The prevention tactics above apply to businesses and really, everyone. Employees should be rigorously trained on proactive security and tricks that cyber thieves use. To learn more about preparing your small business against the common accidents of everyday life, download Carbonite’s e-book, “5 Things Small Businesses Need to Know about Disaster Recovery.”

#1 Best Selling Author Robert Siciliano CSP, CEO of IDTheftSecurity.com is a United States Coast Guard Auxiliary Flotilla Staff Officer of the U.S. Department of Homeland Security whose motto is Semper Paratus (Always Ready). He is a four time Boston Marathoner, Private Investigator and is fiercely committed to informing, educating, and empowering people so they can be protected from violence and crime in the physical and virtual worlds. As a Certified Speaking Professional his “tell it like it is” style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders. Disclosures.

10 Ways our Privacy is invaded

2POnce you become active online…and especially once you become “connected” with a smartphone…your privacy will be in sizzling hot demand—and in fact, you can bet that as you read this, it is already being invaded in ways that you couldn’t possibly imagine. Here are some of those ways, provided by wired.com:

  1. Someone could be collecting information on you via a keylogger: It’s a little tool that records your keystrokes, that someone secretly inserts into your computer. A keylogger, however, can also be deposited by malware that you unknowingly downloaded.
  2. Tracking technology that retailers use. You are in a large department store and must pass through several departments to get to the one you want. Your smartphone is connected during this time. The tracking technology scans your face (or maybe it doesn’t) and connects with your phone, identifying you as a potential customer for the goods that are in the departments you are passing through or near to. Next thing you know, you are getting hit with ads or e-mails for products that you have no interest in.
  3. Video surveillance. This is old as far as the technology timeline, but it is still a favorite among all sorts of people including those with twisted minds. Video cameras can even be hidden in your front lawn. They can also be found at ATMs, placed there by thieves, to record users’ PINs as they punch them in.
  4. E-mail monitoring. Your e-mails could be being monitored by a hacker who has remote viewing capabilities of your computer (because you unknowingly let in a virus).
  5. Personal drones—those small-enough-to-by-held-by-a-child aircraft that are remote controlled; they can be equipped with cameras to take pictures of you, and they can even follow you around.
  6. Public WiFi. Snoops and hackers can eavesdrop on your unsecured WiFi internet with the right hardware and software. Use Hotspot Shield to encrypt your data.
  7. And in addition to these ways your privacy could be invaded, a hacker could be spying on you through the little Webcam “hole” above your computer screen (a piece of masking tape over it will solve that problem).
  8. Peeping Tom. And of course, there is the old fashioned way of intruding upon someone’s privacy: stalking them (on foot or via car), or peering into their house’s windows.
  9. Reverse peephole. A person could tamper with a peephole on a house’s front door, apartment door or a hotel door, then be able to see what’s going on inside.
  10. Remote access technology can be malware installed on your device designed to extract all your sensitive data. Make sure to keep your devices security software updated.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

How to stop Browser Tracking

Maybe you don’t mind the ads for that bicycle rack following you around in cyberspace after you visited a site for all things bike, but browser trackers (“cookies”) also create a profile of you that gets sold to other advertisers and third parties.

2PAre you doomed to be stalked forever by bike ads? This is caused by third-party cookies. You can use third party software such as CCleaner, which can identify third-party cookies and clean out the cookies in your hard drive. It’s the third-party cookies that are the enemy. The first-party cookies come from the site you visit so that your subsequent visits to that site are easier.

After you rid the third-party cookies, you’ll have to alter your browser settings.

Google Chrome

  • In the upper right corner click the little lined box.
  • Select Settings, click Show advanced settings.
  • At Privacy click Content Settings.
  • Under Cookies check “Block third-party cookies and site data.” Hit Done.

Internet Explorer

  • In the top right corner, click on the gear.
  • Select Internet Options.
  • At the Privacy tab click Advanced.
  • Check “Override automatic cookie handling.”
  • Set the Third-party Cookies to Block. Hit Okay.

Firefox

  • Click the lined icon in the upper right corner.
  • Click Options or Preferences for PC or Mac, respectively.
  • At Privacy, under History, change “Firefox will” to “Use custom settings for history.”
  • Change “Accept third-party cookies” to Never.

Safari

  • Safari automatically has third-party cookies turned off, but to be sure:
  • Go to Privacy and select the option that blocks third-party cookies.

Additional Ways to Stop Cookies from Tracking You

Here are things you can do, courtesy of an article on the Electronic Frontier Foundation site. These steps should take you about 10 minutes to complete.

You need not worry that these tactics will negatively impact the ease at which you navigate the vast majority of websites. For websites that get testy about these changes, you can temporarily use a private browsing mode that has disabled settings.

  • Install AdBlock Plus. After installation, change filter preference so you can add EasyPrivacy. You’ll need to visit AdBlock Plus’s website.
  • Change Cookie Settings. Go into Chrome’s settings under Settings, then Show Advanced Settings. Under Privacy click on Content Settings. Hit “Keep local data only until I quit my browser / for current session.” Check “Block third-party cookies and site data.” This will force cookies to expire after you exit the browser and prevent third-party cookies from activating.
  • Install the extension “HTTPS Everywhere.” This will prevent websites from snooping in on you and will help shield you from third parties.

Turn off referers. Install an extension called Referer Control. Scroll down, locate “default referer for all other sites” and hit Block.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Stay Safe While Traveling this Summer

So, when you think about summer travel safety, what comes to mind? Which beach you’ll be lounging on? Sunburns? Shark attacks? While sunburns and vacation plans are rational concerns most have when traveling during the summer, shark attacks are a new one.

4WWith all of the news of recent shark attacks, people are now anxious about wading into the waters, despite the fact that the chances of getting mauled by a shark are a whopping one in 3.7 million. No guarantees, of course, but your odds are looking pretty good.

Conversely, the odds of getting your identity stolen or your other valuable information compromised while on or planning for these fun summer trips with the family are much higher. So instead of worrying about sharks this summer, let’s worry about the real predators out there —online hackers and phishing scammers.

In order to ensure you and your family’s online safety while on vacation, you first have to find an ideal and preferably well-rated vacation spot to travel. The Web is replete with scam sites touting glorious vacation spots for bargain prices. Be wary because a lot of these locations are fictitious or are actual pictures of someone’s home “stolen” from, for instance, someone’s family blog or social media profile. The thief will then put up a fraudulent ad for renters and will request a wired upfront payment.

Book travel plans only via legitimate, reputable sites. McAfee® WebAdvisor is a tool you can use that will help to warn you of most unsafe web pages. Make sure to check reviews of any private lodgings and use legitimate, well-known travel review sites.

We all love to share what we’re doing on social media, especially kids, but avoid using location services when possible. According to the recent Intel Security study : Realities of Cyber Parenting , one in three children who are active on social media turn on location services for some or all of their social media accounts which can alert thieves that you are not home, making you vulnerable to break-ins.

Many users are unaware of these features, but the service is available, and probably enabled on almost all of your most used apps, such as Facebook, Twitter, Instagram, etc. In order to fully protect your online data, when your computer devices are not in use, the Wi-Fi, location services and Bluetooth all should be turned off. Educate your kids to disable these services and not to download apps that request this information to run.

Additional Safety Measures You Can Take:

  • Lock your luggage
  • Do not post your travel plans online
  • If you’re taking any computer devices along, back up all their data first
  • Power down, password-protect, and lock these devices prior to travel
  • The person next to you on the plane can visually eavesdrop while you type in login information—beware. Better yet, avoid computer use while on the plane, and watch movies instead
  • Never use public Wi-Fi, at least for important transactions including purchases. Not only can thieves snatch data out of the air, but cybercriminals can also install public computers with data-stealing gadgets. If you must use public Wi-Fi for sensitive communications, use a virtual private network (VPN), which will scramble your data

Even after taking all of these precautions before and during your trip, your job is not done! Once you return home from your trip, it is vital that you make sure all of your information and charges are accurate. Make sure to immediately check your online credit card statements for unauthorized charges—before you invest time posting all about your trip on social media. Credit card fraud or identity theft can occur in well under 24 hours, so don’t put off checking your card status when you come home.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!