Posts

6 Tools to protect your Privacy Online

The more advanced that communications become, the more likely your personal information is getting leaked out—every time you search the Web, send texts or e-mails, etc. Your private data is literally “out there.” However, there are six software programs to protect your privacy online.

1PExpiration date tag. Files, photos and messages are tagged with an extinguish date, then erased from your smartphone. The iOS and Android application for this is Wickr and it’s free. The only content that passes the wire is encrypted. The user’s device will encrypt and decrypt.

Block the intrusion. Where you go on the Web is tracked so that advertisers know what to market to you, but this technology is intrusive. How would you like to return the favor? You can with the free Ghostery service, an extension for the main Web browsers. It records who’s tracking your online activity, providing you information on these entities. You can instruct Ghostery to block such activity.

Multi-prong privacy features. This free program produces disposable e-mail addresses; e-mails are forwarded to the user’s main address, but a detection of spam will shut off e-mails; a login and password manager will keep track of multiple passwords and also help generate strong new passwords.

These features come with an extension for the Firefox and Chrome browser and is called MaskMe. Additional masking features come for $5/month, such as a one-time credit card number.

Easy encryption setup. If that can ever be easy, GPG Suite has made it so. With this Mac-only software, you can set up public and private encryption keys. The encrypted message, which works with Apple’s Mail, is sent by clicking a lock. The GPG Keychain Access component searches for and stores another user’s public key, plus import and export keys. The suite is supported by donations.

Stay anonymous. Today’s technology can identify you simply based on your online search history. Your search terms are retained by search engines, but if this data gets in the wrong hands, it could spell big trouble, or more likely, just be plain embarrassing.

DuckDuckGo is the alternative, as it does not record your search terms or leave them with the site you visit. It doesn’t record your computer’s IP address or the browser’s user agent string.

 VPN Use a VPN to be protected from cookies that track where you’ve visited. Knowledge of where you’ve visited can be used against you by insurance companies and lawyers, to say the least; you just never know what can happen when something out there knows your every online move.

A VPN will encrypt your online sessions with an HTTPS security feature, protecting you from non-secure Wi-Fi such as at airports and hotels. VPN will mask your IP address from tracking cookies. Hotspot Shield is a VPN provider that’s compatible with Android, iOS, Mac and PC, running in the background once installed.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

10 Ways to Help Protect Yourself from Identity Theft

No one wants to be a victim of identity theft (at least not that I’m aware of). But even though we may say this, our actions don’t always indicate this—and actions speak louder than words.

10DSome of this information may seem basic or like common sense, but these are still tactics that identity thieves utilize because THEY WORK! So here are some tips to make sure you’re protecting your identity:

  1. Be careful when sharing personal information – Make sure you question who is asking for this information and why. Just because a site asks or even your doctor’s office form asks, doesn’t mean it’s absolutely necessary. Also make sure you understand how they are protecting your personal data.
  2. Don’t open attachments or clicks on links from people you don’t know – Whether this be via email, text message or social networking sites, exercise caution as these could be phishing messages designed to steal your personal information.
  3. Protect your home Wi-Fi connection – Not changing the default settings on your wireless router can lead to not only someone using your connection for free, but also to them accessing all the files on the devices that are connected to it. Using default settings is never a good idea for anything, but can have bigger implications with your Wi-Fi connection. Here’s tips on how to protect your Wi-Fi.
  4. Don’t shop or bank online from public computers – You don’t know if there is any security protection on these computers and if the Internet connection is secure. It’s just best not to do this.
  5. Don’t fall for 419 email scams – These are emails asking you help to get access to a big sum of money and in exchange you’ll get a portion of the money. Now come on…if a stranger asked you this in real life, would you believe them? Probably not…I mean…how many us really need to help a Nigerian prince? (Note: 419 refers to the article of the Nigerian Criminal Code dealing with fraud)
  6. Don’t accept all friend requests on social media – Remember that “friend” may not really be your friend. Only connect with people you know in the real world. And even then you should be careful when clicking on the links they post. I’d recommend you use a product like McAfee® SiteAdvisor® that provides easy, red, yellow and green site rating icons in your search results and in your Facebook, LinkedIn and Google+ feeds (for PC or Mac). It will also put up a warning screen if you click on a site we know to be dangerous (for PC, Mac or mobile)
  7. Carry as little possible with you – This includes credit cards, debit cards, your Social Security number or Identification card and scraps of paper with your PINs and passwords. You wallet or purse can be a treasure trove to thieves, so make sure to carry only what is absolutely necessary.
  8. Lock your mailbox – This may seem extreme, but many thieves raid mailboxes for credit card applications, fill then out and change the address, then they don’t pay the bill, and the debt collector comes looking for you! So ask the companies to stop sending you this mail and make sure your mailbox is locked
  9. Be careful what you put in your trash – Some thieves raid trash cans, especially if you have a locked mailbox. So that pre-approved credit card application that you relegated to the trash before it even entered your house is a gold mine for thieves. So make sure you employ the use of a cross-cut paper shredder before you throw these types of things away.
  10. And of course, make sure you have protection on all your devices – Comprehensive security on all your devices (not just your PCs) is a must these days. I use McAfee LiveSafe™ service, which protects all my PCs, Macs, smartphones and tablets. And it comes with McAfee SiteAdvisor that I mentioned above!

So remember, we all have to help ourselves by being proactive to protect our identities, both online and offline.

Stay safe!

 Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Change Your Password. World Password Day

We also say we want to be safe online. Yet sometimes our actions betray our words—especially if we’re using simple, short passwords for our online sites. Passwords with less than eight characters are the easiest to crack, especially if they include a proper noun or a word that’s in a dictionary. Hackers especially love passwords of all one character. Lose the “ilovedogs” password please.

WorldPasswordDayTake a look at your passwords. Are they simple and include an actual word, or are they long and unique?  World Password Day. Take the pledge and change your passwords.

And don’t balk about changing your passwords; you must change them to be safe online. Your password is your first line of defense—not only for your online accounts, but also on your devices. Be like Nike and “Just Do It!” Think about this if you’re reluctant to change them:

  •  Research shows that 90% of passwords are vulnerable to hacking
  • The most common password is “123456”  and the second most common password, is “password”
  • 1 in 5 Internet users have had their email or social networking account compromised or taken over without their permission

Now, believe it or not, a password of eight characters, even with various symbols and no dictionary words, can be cracked. However, a password the length of “Earthquake in the Sahara” would take over a million years to unearth. Ladies and gents, size does matter when it comes to passwords.

Ditch your old passwords

They may already be on the black market, and if not, it’s inevitable. Especially in this post Heartbleed time, we need to make sure we all change our passwords.

Think pass-sentence, not password

Just four words (with spaces) will make a killer password. Toss in punctuation. Create a sentence that makes no sense, like “Sharks swimming in the shower” and then add some space, numbers and special characters so it’s “Sh@rks swimming >n The Sh0wer!” That’s a 30-word password, technically known as a passphrase, and beats out #8xq3@2P. And which is easier to remember?

And don’t use something that a person who knows you might be able to guess: If you own five black cats, don’t make a passphrase of “I love black cats.”

Here’s a fun way to make a passphrase.

Make the change

Now that you have a passphrase that will take millions of years to crack, it’s time to make use of it. Sift through all of your accounts and change your passwords, using a different passphrase for each account, and not similar, either, for optimal uncrackability.

Once all of your new passwords (passphrases) are in place, you’ll have peace of mind, knowing that it would take millions of years for these passwords to be cracked.

Remember, there’s no better time than World Password Day to change your password!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

What is Social Engineering?

No, it’s not some new engineering field to develop social media sites. Social engineering has been around as long as the con artist has been around. The terms stems from the social science world where social engineering is deemed as an act of psychological manipulation.

social_engineeringIn our tech-laden world of today, social engineering still involves deceit but it’s used to deceive you into giving up personal or sensitive information for the bad guys’ financial gain. Social engineering can take many forms from an email, phone call, social networking site, text messages, etc., but they all have the same intent—to get you to part with valuable information.

Any one of us can be a target. And social engineering continues to be a tool that cybercriminals use because it works. They play on our emotions and our innate sense to want to trust others and be helpful. The also rely on the fact that many of us are not aware of the value of the information we possess and are careless about protecting it.

For instance, after major natural disasters or major news topics, like a hurricane or earthquake, cybercriminals sent out scores of bogus emails, calling for sympathy and donations for the victims, just so they could line their pockets.

In addition to sympathy, the bad guys also barter in fear, curiosity and greed. From emails offering fake lottery winnings (greed), to dangerous download sites advertising a preview of the latest Lady Gaga song (curiosity), to devious popup messages that warn you that your computer is at risk (fear), today’s cybercriminals are masters at manipulating our emotions.

And because their tricks often look legitimate, it can be hard for you to identify them. You could wind up accidentally infecting your machine, or sharing personal and financial information, potentially leading to monetary loss and even identity theft.

How can you protect yourself?

  • Never respond to a message from someone you don’t know and never click on a link in an unsolicited message, including instant messages, and any time the phone rings and they are requesting personal information consider it a scam.
  • Be suspicious of any offer that seems too good to be true, such as the lure of receiving thousands of dollars just for doing a wire transfer for someone else.
  • If you are unsure whether a request is legitimate, check for telltale signs that it could be a fake, such as typos and incorrect grammar. If you are still unsure, contact the company or organization directly. Financial institutions, and most sites, don’t send emails or text messages asking for your user name and password information.
  • When using social networking sites, don’t accept friend requests from people you don’t know, and limit the amount of personal information you post to your profile.
  • Consider using a safe browsing tool such as McAfee® SiteAdvisor® software, which tells you whether a website is safe right in your search results, helping you navigate away from phony sites.
  • Make sure your all your devices are protected with comprehensive security, like McAfee LiveSafe™ service that protects all your PCs, Macs, smartphones and tablets.

So remember to ask yourself if this is really legit, the next time you get a message that plays on your emotions. Stay safe online!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

What is Cookiejacking?

“Cookiejacking” may sound like someone taking a bite out of that delicious chocolate chip cookie you were planning to have after lunch, but it is actually an online security risk that could lead to your personal information falling into the hands of a cybercriminal.

2DBut to understand this risk, you first need to know about Internet cookies. An Internet cookie is a small text file that gets stored on your computer or mobile hard disk from a website that you have previously visited, so the next time you’re on that site, it alerts the site that you’re back.

The cookie holds information such as an identifier the site assigns to you, and any preferences or personal information you may have shared with that website, such as your name and email address. Cookies are the reason why you may see a message that says “Welcome back, John” when you revisit a website.

Now that you know what an Internet cookie is, you can better understand cookiejacking. This is when your device’s cookies are stolen, potentially giving thieves access to the information they hold.

This can be problematic when the cookies stored on your computer contain sensitive and personal data, such as your bank login information and social media account passwords. A cybercriminal could use the stolen information to access your accounts or impersonate you.

Of course, clicking on links in malicious emails or on risky websites increases the odds that you could fall victim to cookiejacking, so the more dangerous clicking you do, the more at risk you are.

How do you avoid cookiejacking?

Here are a few simple tips to help you avoid falling victim to this security concern:

  • Be careful where you click—Especially when playing games on social networks since this could be a trap set by a cookiejacker; all of your clicking will enable the thief to steal your cookies. Also be wary of links in emails, text messages and instant messages, especially if they’re from people you don’t know personally.
  • Use a safe search tool—Utilize a free browser plug-in, like McAfee® SiteAdvisor® that warns you if you are going to a risky site. For Android users, this feature is available as part of the free McAfee Mobile Security.
  • Consider using private browsing mode—The private browsing mode prevents access to cookie files already saved on your device, but more importantly, it stores cookies for the active session in memory. This means that a page crafted for cookiejacking cannot access older cookies nor active ones, because there is no path to them.
  • Install comprehensive security on all your devices—Make sure you protect all your devices with security like McAfee LiveSafe™ service that includes anti-malware, anti-spam, anti-phishing and a firewall so that you are less likely to be a click-jacking victim.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

6 ways College Grads can Protect Online Reputations

Here’s what you, the new college grad, can do to clean up and protect your reputation in the online world.

14DThese days, it’s crucial for college grads seeking jobs to have an online reputation that’s as clean as a whistle. I’m an online-security and ID theft expert, so trust me when I say that yes, employers DO take into account what you did at that party during your sophomore year.

How College Grads Can Clean up Their Online Reputation

A prospective employer will likely Google your name, then read the sites it’s on. And don’t assume that you’re protected by a “Joe Smith” kind of name. An astute employer will find the right Joe Smith.

One of the first things a new college grad should do, to prepare for a job interview, is to prepare for what the person hiring is likely to do (either before or after the interview): look you up online.

Find out what people are saying about you in cyberspace. Use a tool like Google Alerts, Tops, Social Mention and Sysmosys, among others. Monitor these on a daily basis.

If your own search turns up nothing bad about you on Facebook, Twitter, YouTube, LinkedIn and other biggies, this doesn’t mean nothing bad exists. Go deeper into the search results. Type in your middle name or just initial, or some associative fact like hometown name, to see if that alters results.

Cleaning up your online reputation, then, begins with seeing if it needs to be cleaned up in the first place. This is more important for a college grad than, say, getting that perfect manicure for job interviews or that perfect hair tinting job.

The prospective employer these days may be more interested in what your name pulls up in search engines than how perfectly coordinated your shoes are with your power suit.

Being digitally proactive keeps your online presence clean.

  1. Digital security is a must. We’ve all read about politicians, celebrities, news organizations and major corporations who’ve been hacked and negative stuff was posted from their accounts. Even when you regain control of your hacked account those unwanted posts can leave searchable breadcrumbs.  Make sure your devices are protected with antivirus, antispyware, antiphishing and a firewall. Secure free Wifi connections with Hotspot Shield VPN.
  2. New college grads should invest time picking apart their Facebook page and any other kind of social media where they have the ability to change what’s on it. Delete anything relating to drinking, sex, drugs, being tired all the time, political and religious views, use of offensive words, anything that fails to benefit your reputation online.
  3. Even a comment like “Old people are bad drivers” can kill your chances of landing a job. Think before you post.
  4. Unfortunately, if someone has posted something negative about you on their blog, there’s nothing you can do unless you want to pay something like $2,000 to hire a company to knock negative Google results deep into the search pages (a prospective employer probably will not go past a few pages deep once they locate information about you). But paying someone is a viable option you should consider.
  5. A college grad can protect their online reputation by never using their name when signing up for a forum board where they may make posts that, to a prospective employer, make the job seeker look bad. If you want to post on the comments page for Fox Sports, for instance, don’t use your real name.
  6. Don’t even use your real name for signing onto support sites for medical conditions, for that matter. You just never know what may rub a prospective employer the wrong way.

The college grad’s reputation needs to appear as perfect and “pure” as possible in the online world.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Online Tax Time Scams: How to Avoid

Filing your taxes online is convenient but also comes with some potential security problems. My job as an expert in all things online-security is to spell out what these online tax scam risks are and how to avoid them. As you get ready to file your taxes this year, here are some things you should know about.

9DThere were billions of fraudulent refunds that the IRS discovered for just 2012. Both consumers and business owners (small to medium) are being targeted by hackers during tax time. Following are tax time scams that are related to online filing:

  • Phishing: If you get an unsolicited email that seems to be from the IRS or similar, requesting personal information (especially bank account information, passwords or PINs) or claiming you’re being audited, it’s time to smell a big rotting phish. The IRS will never contact you via email, text message or social media. Make sure you don’t click on any links or open or download any attachments if you even suspect that the message is fake. Report any time of phishing to phishing@irs.gov.
  • The fake IRS agent: Crooks will pose as IRS agents and contact you by email or phone. They’ll already have a few details about you, probably lifted off your Facebook page, using this information to convince you they’re the real deal. If you sense a scam, go to IRS.gov/phishing.
  • The rogue tax preparer: It’s best to use a reputable tax return service, rather than an independent-type preparer. After all, some of these preparers have been known to charge extra high fees for getting you a bigger return, or steal some of your refund.

Additional Tips for Online Tax Time Scam Protection

  • Protect your data. From the moment they arrive in your mailbox, your personal information (financial institution numbers, investment records, Social Security numbers, etc.) must be secured. Don’t give personal information over the phone, through the mail or on the Internet unless you have initiated the contact and are sure of the recipient.
  • Chuck the papers. Opt for electronic statements to be received via email to eliminate paper statements coming into your mail box where thieves could get at them.
  • Check and monitor your statements. To ensure that you’re not a victim, the best thing to do is to monitor you monthly bank statements and do a credit report at least once a year.
  • Use a clean machine. Make sure that the computer you use is not infected or compromised. The operating system and browser should be updated. It should have comprehensive, up to date security software, like McAfee LiveSafe™ service, which protects all your devices, you data and your identity.

If you’re vigilant and follow these guidelines and you won’t have to deal with online (or offline) tax time scams. You can also watch this video from the IRS.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

What is a Denial-of-Service Attack?

You may have heard news reports about popular websites such as CNN, Amazon and Yahoo! being taken down by a DoS attack, but have you ever wondered what DoS means?

3DThis common tech term stands for “denial-of-service,” where an attacker attempts to prevent legitimate users from accessing a website entirely or slowing it down to the point of being unusable.  The most common and obvious type of DoS attack occurs when an attacker “floods” a network with useless information.

When you type a URL for a particular website into your browser, you are sending a request to that site’s computer server to view the page. The server can only process a certain number of requests at once, so if an attacker overloads the server with requests, it can’t process your request. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying access to legitimate users.

A distributed denial-of-service (DDos) attack is one where a site is attacked, but not by just one person or machine. DDos are attacks on a site by two or more persons or machines. These attacks are usually done by cybercriminals using botnets (remote computers that are under their control), to bombard the site with requests. Cybercriminals create botnets by infecting a collection of computers—sometimes hundreds or thousands—with malware that gives them control of the machines, allowing them to stage their attack.

There is also an unintentional DoS where a website ends up denied, not due to a deliberate attack by a single individual or group of individuals, but simply due to a sudden enormous spike in popularity. This can happen when an extremely popular website posts a prominent link to a second, less well-prepared site, for example, as part of a news story. The result is that a significant proportion of the primary site’s regular users–potentially hundreds of thousands of people—click that link in the space of a few hours, having the same effect on the target website as a DDoS attack. When Michael Jackson died in 2009, websites such as Google and Twitter slowed down or even crashed.1

While this can be an inconvenience to you, as you may not be able to complete transactions or access your banking site, there’s no real danger for you. But unbeknownst to you, your computer or mobile device could be part of the botnet that is causing a DDos attack.

To make sure you’re not part of a DDos attack:

  • Pay attention if you notice that your Internet connection is unusually slow or you can’t access certain sites (and that your Internet connection is not down)
  • Make sure you have comprehensive security installed on all your devices, like McAfee LiveSafe™ service
  • Be careful when giving out your email address, clicking on links and opening attachments, especially if they are from people you don’t know
  • Stay educated on the latest tactics that hackers and scammers use so that you’re aware of tricks they use

“Web slows after Jackson’s death”BBC News

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Meeting a Stranger: Safety Tips for Online and In-Person

A simple yet comprehensive guide to staying safe when meeting a stranger in person or dealing with one online.

1SDI have been involved in the security industry for years, and one of the most common questions I get is how to be safe when meeting a stranger online or in person.

Safety Tips for Online Stranger Encounters

  • When online, give out as little info as possible.
  • If possible, meet people on sites that scrutinize their users, though even an extensive profile can be convincingly faked. Do your homework on these sites.
  • Don’t rely only on profiles. Seek out their name online to see what comes up.
  • Use a disposable e-mail address (or phone number) service or app.
  • Speak on the phone first; it’s harder for a man to pretend he’s a woman this way.

In-Person Safety Tips with Strangers

  • Use your smartphone to share where you’ll be with family and friends. There are apps that will let trusted people view where you’re at.
  • Choose more than one meeting place (well-lit, very public). This is because you may want to go to a second location if it’s a date, or if it’s a buy-sell, the other person may get lost.
  • For a buy-sell, bring someone with you.
  • For dating or business, bring minimal cash, only the amount you expect to pay for an item. Keep extra cash (for haggling) separate and unseen by the stranger.
  • If the stranger must come to your home to view an item you’re selling, leave your front door open. Try to have someone with you.
  • Do a background check on anyone whose house you’re going to (such as to clean or babysit).

Safe Strategies with Strangers

  • Never get into a car with a stranger.
  • Arrange a nearby meeting place for you and trusted friends, after your blind date or business meeting. If it’s a blind date, your friends could be across the street having dinner; only one text message away.
  • Stick to your meeting place plans; don’t veer off-course.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

VPN for Online Security: Hotspot Shield

Online users need a VPN (virtual private network), a kind of service that gives you online security, and Hotspot Shield’s service has a free version. A VPN hides your device’s IP address and interferes with any company trying to track your browsing patterns.

7WMany online companies take peoples’ data without their authorization, and then share it with other entities—again without the user’s permission. A virtual private network will put a stop to this invasion.

Thanks to the fiasco with Edward Snowden and the political messes happening in Venezuela and other parts of the world, many people are turning to VPN services like Hotspot Shield. When you surf the ‘Net on a public network (including using social media), your personal information is up for grabs in the air by vultures.

Why is VPN online security important?

Your personal data is out there literally in the air, to get mopped up by Internet entities wanting your money—or oppressive governments just wanting to snoop or even block internet access to the rest of the world. If you use your device when traveling, you’re at particular risk for suffering some kind of data breach or device infection.

The unprotected public networks of hotel, airport and coffee house Wi-Fis mean open season for crooks and snoops hunting for unprotected data transmissions. The VPN protects these transmissions of data.

In fact, Hotspot Shield was used to escape the prying of government online censors during the Arab Spring uprisings. This VPN has been downloaded hundreds and hundreds of thousands of times.

This VPN service comes with periodic pop-up ads and some banner ads for the free version, but the $30 per year version is free of ads and has malware protection.

What else does a VPN like Hotspot Shield do?

Users are protected from cookies that track where the users visit online. If your online visits are getting tracked, this information can be used against you by lawyers and insurance companies. And who knows what else could happen when tech giants out there know your every cyber move.

More on Hotspot Shield’s VPN

  • Compresses bandwidths. All the traffic on the server side, before it’s sent to the user’s device, is compressed. This way users can stretch data plans.
  • Security. All of your online sessions are encrypted: HTTPS (note the “S”) is implemented for any site you visit including banking sites. You’re protected from those non-secure Wi-Fi networks and malware.
  • Access. Think of the protection as a steel tunnel through which you access the Internet.
  • Privacy. Your IP address is masked, and so is your identity, from tracking cookies.

Hotspot Shield is compatible with iOS, Android, Mac and PC. It runs in the background once it’s installed and guards all of your applications.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.