Posts

Florida City Pays Hackers $600,000 after Scam

Riviera Beach, a city in Florida, has agreed to pay a $600,000 ransom to hackers who attacked its network.

This week, the City Council voted to pay the demands after coming up with no other option to meet the demands of the hackers. It seems that the hackers got access to the system when a staff member clicked on a link in an email, which uploaded malware to the network. The malware disabled the city’s email system, direct deposit payroll system and 911 dispatch system.

According to Rose Anne Brown, the city’s spokesperson, they had been working with independent security consultants who recommended that they pay the ransom. The payment is being covered by the city’s insurance. Brown said that they are relying on the advice of the consultants, even though the stance of the FBI is to not pay off the hackers.

There are many businesses and government agencies that have been hit in the US and across the world in recent years. The city of Baltimore, for instance, was asked to pay $76,000 in ransom just last month, but that city refused to pay. Atlanta and Newark were also hit with demands.

Just last year, the US government accused a programmer from North Korea of creating and attacking banks, governments, hospitals, and factories with a malware attack known as “WannaCry.” This malware affected entities in over 150 countries and the loses totaled more than $81 million.

The FBI hasn’t commented on the attack in Riviera Beach, but it did say that almost 1,500 ransomware attacks were reported in 2018, and the victims paid about $3.6 million to the hackers.

Hackers often target areas of computer systems that are vulnerable, and any organization should consistently check its systems for flaws. Additionally, it’s important to train staff about how hackers lure victims by using emails. You must teach them, for instance, not to click on any email links or open emails that look suspicious. It is also imperative that the system and its data, and even individual computers, are backed up regularly.

Most of these attacks come from foreign entities, which make them difficult to track and prosecute. Many victims just end up paying the hacker because the data is precious to them. They also might work with some type of negotiator to bring the ransom down. In almost all cases, the attackers will do what they say and allow the victims to access their data, but not all of them do. So, realize that if you are going to pay that you still might not get access to the data. Ransomware simply should not happen to your network. If all your hardware and software is up to date and you have all the necessary components and software that your specific network requires based on its size and the data you house then your defenses become a tougher target. Additionally, proper security awareness training will prevent the criminals from bypassing all those security controls and keep your network secure as it needs to be.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Beware of Conference Invitation Scams

Conference invitation scams are those that involve a scammer sending invitations out to events with the intention of scamming the invitees. These might be real events or fake events, and the scammers target people including business professionals, lecturers, CEOs, researchers, philanthropists, and more. The goal here is to steal the identities of these people, and eventually get money by taking advantage of their victims.

Spotting a Scam

There are usually some pretty clear signs that you could be dealing with a scam involving a conference invitation. Here are some things to look for:

  • The invitation has typos or bad grammar
  • The invitation seems very random or out of no where
  • The conference name sounds like a conference you might be family with, such as Tech Crunch, but it’s spelled differently, like TekCrunch
  • The invitation asks that you pay a premium price to attend, which includes accommodation and transportation
  • Payment options don’t include credit cards
  • The invitation is overly flattering
  • There is a sense of urgency pushing you to send personal information
  • The greeting on the invitation is questionable, i.e. “Salutations.”
  • The invitation asks for sensitive information in return for “covering” your conference cost, accommodations, and transportation.
  • The conference is held in a different country, i.e. Asia or the Middle East
  • The landing page doesn’t have a physical address or landline number
  • The invitation sounds too good to be true

How Do These Scams Work?

In general, the scammer begins the scam by sending an email to a target victim and invited them to attend or speak at a conference. The scammer usually uses the victim’s social media pages to get information about them, which helps them to create a more personalized email.

The victim is told to register for the conference, which involves giving personal information. Additionally, they could be asked to pay a fee to attend, which could be over $1,000, depending on how long the conference is said to last. Usually, this is where the sense of urgency comes into play, as the scammer will say the conference is filling up or they need to know if they can count on the victim to speak. If not, of course, they must find another speaker, so the victim must confirm as soon as possible.

If the targeted victim complies with this and sends their information, the scammer may have enough information to steal the victim’s identity. Additionally, the scammer can use the name of the victim to promote the conference, especially if it is someone well-known in the industry.

If the victim goes through with all of this, they will quickly find out that they have been scammed. A scammer might also try scamming people who are actually going to a legitimate conference. They claim that they are part of the organization running the conference, and they need information and to collect fees. Of course, since the victim already signed up for the conference, it is easy to believe this scam without giving it a second thought.

Protecting Yourself from Invitation Scams

Here are some tips and tricks that you can use to protect yourself from these types of scams:

  • If you get an email similar to ones described here, don’t respond.
  • You should investigate any invitation that you are not sure of.
  • Do not agree to send money, and only pay with a credit card.
  • Don’t agree to give any personal information; a conference organizer doesn’t need to know your Social Security Number
  • Research the event and try to match up the information that you were given in the invitation email.
  • Copy and paste some of the email into Google to see if others have reported that this is a scam.

What to Do if You are a Victim If you have become a victim of a conference invitation scam, there are steps you should take immediately. First, get in touch with your financial institutions, like banks and credit card companies, and make them aware of this. Next, you should contact the location police and authorities in the area where the conference is allegedly supposed to be held. You should also get in touch with the Better Business Bureau about the company, and you can report the scam online via the BBB’s Scam Tracker or the Federal Trade Commission’s Online Complaint Assistant.  Finally, you can also report the scam to the FBI through its Internet Crime Complaint Center.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

WARNING: You or Your Members Could be Targets of List Scams

There are scammers out there targeting conference exhibitors and attendee. What are they looking for? Credit card numbers, money wires and personal information that they can use to steal identities. One of the ways that scammers get this information is by using invitation or list scams. Basically, if you are registered for a conference, speaking at a conference, a conference vendor or just “in the business”, you might get an email…or several emails…that invite you to a conference or offer to sell you a list of attendees, and their contact information, which may be beneficial to you…but is it too good to be true? Definitely.

Robert Siciliano, CSP, SAFR.ME

These Lists are Lies

Along with conference invitation scams, many associations are targets of list scams. A quick search of “Attendee List Sales Scam” pulls up numerous associations whose members and anyone interested in marketing to these members are being targeted by criminals to purchase non-existent lists.

Though it might sound great to get a list of all attendees of a conference, including their contact information, you might be surprised to know that these lists are lies. On top of that, getting this information might not even be legal.

Think about it for a second. When you signed up for a conference, did you choose to opt-in to have your personal information shared with others? Probably not, and that also means that most of the other attendees did not do this either.

To find out if the list is possibly legit, take a look at the show’s policies. Do they give information to third parties? Do they rent or sell lists of attendees? Is the name of the company that contacted you on the list of their third-party vendors? If this checks out, the list could be legitimate. If not, it’s probably a lie.

If you think you are dealing with a liar, the first thing you should do is plug the company that contacted you into the Better Business Bureau’s website. If it is a scam, you should certainly see information proving that. If not, but you aren’t interested, just unsubscribe. If you think that you are dealing with a scammer, don’t reply or even unsubscribe. Instead, just delete the email and don’t take any action. Many of these scammers are simply looking for active email addresses.

More Conference Invitation Scams

Another scam involves telling attendees about exhibitors that don’t even exist. This can push you into wanting to sign up for the conference, but in reality, the conference, itself, might not even exist, and in this case, you could just be giving your hard-earned money to a scammer.

So, if you find yourself in this situation, the first thing you want to do is research. One step is to look up the person who contacted you online, such as on LinkedIn, and see if they are who they say they are. Another thing to do is to contact the conference venue and ask if the event is being held there. You can also check the contract for refund or cancellation information. You also should do some research about the reputation of the contactor company. Finally, always make sure that you pay for any conference with a credit card. This way, with zero liability policy’s, you can get your money back, and every legitimate conference company is happy to accept credit cards. 

But Wait…There’s More

Another scam associated with trade shows and conferences is to contact attendees about hotel reservations, but once you pay…it’s all a scam. Usually, these scammers will contact the attendees and say that they represent the hotel for the conference. They will tell you that rates are significantly rising or that it is sold out, so you must act immediately…however, they will say that they need the full amount up front.

When in doubt about this type of scam, you should always contact the trade show organizers yourself, and then ask who the booking rep is. You should also give them the name of the company that you believe is scamming you so they can advise others of the scam.

Know Your Options

  • It is very important when you are signed up to present or attend a conference that you only engage with the company that is running the conference
  • If in doubt, confirm with the company that the offers from third-party claims are correct.
  • You can also get an official exhibitor list of official vendors.
  • Keep in mind that these legitimate companies might have your personal information, but they would not release your personal contact information with third-parties.
  • Some exhibitors might get the mailing address of attendees, which you can opt out of. Most of this is harmless, of course, but that doesn’t mean that all of these lists are.

Wi-Fi Hacks

Finally, you want to watch out for wi-fi hacking. This is a common scam for conference goers. When you attend a conference or trade show, you probably just expect that you will get free wi-fi, right? This allows you to take care of business and ensure that your booth runs smoothly. Hackers know this, of course, so they set up nearby and create fake networks. Once you connect to these networks, they can come into your device, take your information, and even watch everything you are doing online.

Keep in mind that these fake networks look remarkably similar to the legitimate networks set up by the conference. So, always double check before connecting, and if you are ever in doubt, make sure to ask one of the conference or trade show organizers. They can confirm that you are on the right network. There are always going to be scammers out there, especially when you are attending a trade show or conference. There are just too many opportunities for scams, and they can’t say no. Fortunately, by following the advice above and by reporting any suspicious activity, you can not only make sure that you, yourself aren’t falling for these scams, but also help others to not fall for this type of nefarious scheme.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

How To Determine a Fake Website

There are a lot of scammers out there, and one of the things they do is create fake websites to try to trick you into giving them personal information. Here are some ways that you can determine if a website is fake or not:

How Did I Get Here?

Ask yourself how you got to the site. Did you click a link in an email? Email is the most effective ways scammers direct their victims to fake sites. Same thing goes with links from social media sites, Danger Will Robinson! Don’t click these links. Instead, go to websites via a search through Google or use your bookmarks, or go old school and type it in.

Are There Grammar or Spelling Issues?

Many fake sites are created by foreign entities using “scammer grammar”. So their English is usually broken, and they often make grammar and spelling mistakes. And when they use a translating software, it may not translate two vs too or their vs there etc.

Are There Endorsements?

Endorsements are often seen as safe, but just because you see them on a site doesn’t mean they are real. A fake website might say that the product was featured by multiple news outlets, for instance, but that doesn’t mean it really was. The same goes for trust or authenticating badges. Click on these badges. Most valid ones lead to a legitimate site explaining what the badge means.

Look at the Website Address

A common scam is to come up with a relatively similar website URL to legitimate sites. Ths also known as typosquatting or cybersquatting. For instance, you might want to shop at https://www.Coach.com for a new purse. That is the real site for Coach purses. However, a scammer might create a website like //www.C0ach.com, or //www.coachpurse.com.  Both of these are fake. Also, look for secure sites that have HTTPS, not HTTP. You can also go to Google and search “is www.C0ach.com legit”, which may pull up sites debunking the legitimacy of the URL.

Can You Buy With a Credit Card? 

Most valid websites take credit cards. Credit cards give you some protection, too. If they don’t take plastic, and only want a check, or a wire transfer, be suspect, or really don’t bother.

Are the Prices Amazing?

Is it too good to be true? If the cost of the items on a particular page seem much lower than you have found elsewhere, it’s probably a scam. For instance, if you are still looking for a Coach purse and find the one you want for $100 less than you have seen on other valid sites, you probably shouldn’t buy it.

Check Consumer Reviews

Finally, check out consumer reviews. Also, take a look at the Better Business Bureau listing for the company. The BBB has a scam tracker, too, that you can use if you think something seems amiss. Also, consider options like SiteJabber.com, which is a site that collects online reviews for websites. Just keep in mind that some reviews might be fake, so you really have to take a broad view when determining if a site is legit or one to quit.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

10 Ways to Prevent Holiday Shopping Scams

The winter holidays: a time for festivities and … fraud-tivities.

Gift Card Grab

Never, ever enter your credit card or other sensitive information to claim a gift card that comes via email.

Never Buy Over Public WiFi

Shopping over public WiFi means your credit card, bank account or login data could get picked up by a cyber thief. Use a VPN.

Coupon Cautious

If a coupon deal seems too good to be true, then assume it is. End of story. Next.

Password Housekeeping

  • Change the passwords for all your sensitive accounts.
  • No two passwords should be the same.
  • Passwords should be a random salad of upper and lower case letters, numbers and symbols – at least 12 total.
  • A password manager can ease the hassle.

Two Step Verification

  • A login attempt will send a one-time numerical code to the user’s phone.
  • The user must type that code into the account login field to gain access.
  • Prevents unauthorized logins unless the unauthorized user has your phone AND login credentials.

Think Before You Click

  • Never click links that arrive in your in-box that supposedly linking to a reputable retailer’s site announcing a fantastic sale.
  • Kohl’s, Macy’s, Walmart and other giant retailers don’t do this. And if they do, ignore them.
  • So who does this? Scammers. They hope you’ll click the link because it’ll download a virus.
  • The other tactic is that the link will take you to a mock spoofed site of the retailer, lure you into making a purchase, and then a thief will steal your credit card data.

Bank and Credit Card Security

  • Find out what kind of security measures your bank has and then use them such as caps on charges or push notifications.
  • Consider using a virtual credit card number that allows a one-time purchase. It temporarily replaces your actual credit card number and is worthless to a thief.

Job Scams

Forget the online ad that promises $50/hour or $100 for completing a survey. If you really need money then get a real job.

Monthly Self-Exam

For financial health: Every month review all your financial statements to see if there is any suspicious activity. Even an unknown charge for $1.89 is suspicious, because sometimes, crooks make tiny purchases to gage the account holder’s suspicion index. Report these immediately.

Https vs. http

  • The “s” at the end means the site is secure.
  • Do all your shopping off of https sites.
  • In line with this, update your browser as well.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Google Alert Scams

If you want to know the latest on “any topic”, just sign up for Google Alerts. Google will e-mail you notifications of new information coming online. I have Google Alerts for “Home Invasion” “Identity Theft” “Burglary” “Computer Security” and many more.

So what could be so harmful about receiving alerts about topics or people who are famous for being famous or your favorite presidential candidate?

  • A scamster creates a website and inserts popular search terms such as “Kate Middleton” or “Donald Trump.”
  • If you signed up for Donald Trump, you’ll not only receive legitimate alerts from Google, but also links originating from the scammer’s site. You won’t know which is which.
  • These fraudsters have figured out a way to circumvent Google’s security.
  • Clicking on these links could download malware into your computer.

In another example Intel Security’s McAfee does the “Most Dangerous Celebrity” survey based on malicious search results. They then determine which searched celebrity sites produce the most malware.

What can you do?

  • A tell-tale clue of a scam is that when you hover over the link inside your e-mail, the URL doesn’t correlate to the alleged source of the news. If it doesn’t match up, skip it. A scammer’s URL isn’t going to have what appears to be a legitimate news outlet address.
  • Narrow your search down. So if you want the latest in Trump’s polls, type “Donald Trump polls” in the Google Alert field. Otherwise, just leaving it as “Donald Trump” will not only flood your in-box, but it will be much more likely that some of those “alerts” will be fraudulent.
  • Another way to narrow the parameters is to set the alerts for “news,” “blogs,” “best results” and “United States.”
  • Be very suspicious of URLs that do not end in a dot-com, net, org or other familiar suffix. Often, scammy URLs come from foreign countries where the suffix is different, such as “fr” for France or .ru for Russia or .cn for China.
  • If a link appears to be fraudulent, report it to Google.com/alerts.

If you’re signed up for Google Alerts for numerous topics, consider cancelling some of these, especially if it’s a hot topic that makes headlines nearly every day, such as the presidential race—which you’re bound to see anyway simply by visiting a reputable news site.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Beware of the CEO E-mail Scam

Beware of the B.E.C. scam, says a report at fbi.gov. The hackers target businesses and are good at getting what they want.

emailThe hackers first learn the name of a company’s CEO or other key figure such as the company’s lawyer or a vendor. They then figure out a way to make an e-mail, coming from them, appear to come from this CEO, and send it to employees.

The recipients aren’t just randomly selected, either. The hackers do their homework to find out which employees handle money. They even learn the company’s particular language, says the fbi.gov article. The company may be a big business, small enterprise and even a non-profit organization.

Once they get it all down, they then request a wire transfer of money. This does not raise red flags in particular if the company normally sends out wire transfer payments.

This CEO impersonation scam is quite pervasive, stinging every state in the U.S. and occurring in at least 79 other nations. The fbi.gov article cites the following findings:

  • Between October 2013 and February 2016, complaints came in from 17,642 victims. This translated to over $2.3 billion lost.
  • Arizona has been hit hard by this scam, with an average loss per scam coming in at between $25,000 and $75,000.

Companies or enterprises that are the victim of this scam should immediately contact their bank, and also request that the bank contact the financial institution where the stolen funds were transferred to.

Next, the victim should file a complaint with the IC3.

How can businesses protect themselves from these scam e-mails?

  • Remember, the hacker’s e-mail is designed to look like it came from a key figure with the organization. This may include the type of font that the key figure normally uses in their e-mails; how they sign off (e.g., “Best,” “Thanks a bunch,”), and any nicknames, such as “Libbie” for Elizabeth. Therefore, contact that person with a separate e-mail (not a reply to the one you received) to get verification, or call that individual.
  • Be suspicious if the e-mail’s content focuses on a wire transfer request, especially if it’s urgent.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Security Appreciation lacking

What’s it gonna take for companies to crack down on their cybersecurity? What’s holding them back? Why do we keep hearing about one company data breach after another?

1SWell, there’s just not enough IT talent going around. The irony is that most company higher-ups admit that cybersecurity is very important and can even name specific situations that could compromise security, such as

having multiple vendors vs. only a single vendor; not having quality-level encryption in place; allowing employees to bring their own mobile devices to work and use them there for business; and having employees use cloud services for business.

Many even admit that they lack confidence in preventing a sophisticated malware onslaught and are worried about spear phishing attacks.

So as you can see, the understanding is out there, but then it kind of fizzles after that point: Businesses are not investing enough in beefing up their cybersecurity structure.

Let’s first begin with signs that a computer has been infected with malware:

  • It runs ridiculously slow.
  • Messages being sent from your e-mail—behind your back by some unknown entity.
  • Programs opening and closing on their own.

What can businesses (and people at home or traveling) do to enhance cybersecurity?

  • Regularly back up all data.
  • All devices should have security software and a firewall, and these should be regularly updated.
  • Got an e-mail from your boss or company SEO with instructions to open an attachment or click a link? Check with that person first—by phone—to verify they sent you the attachment or link. Otherwise, this may be a spear phishing attempt: The hacker is posing as someone you normally defer to, to get you to reveal sensitive information.
  • Mandate ongoing security training for employees. Include staged phishing e-mails to see who bites the bait. Find out why they bit and retrain them.
  • Never open e-mails with subject lines telling you an account has been suspended; that you won a prize; inherited money; your shipment failed; you owe the IRS; etc. Scammers use dramatic subject lines to get people to open these e-mails and then click on malicious links or open attachments that download viruses.
  • Install a virtual private network before you use public Wi-Fi.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Online Shopping and Counterfeit Goods – The Facts Don’t Lie

As the holiday season creeps upon us, research shows that an astonishing 24% people who are buying online have been duped by scammers. Whether you are buying shoes, electronics or the latest fashions and accessories, research companies are showing that you are at risk of being duped.

9DWhen you look at the overall shopping behavior of consumers, we see that about 34% do all of their shopping online, and during the holiday season, this number rises to 39% of all consumers. That is a lot of people for counterfeiters to focus on.

Mark Frost, the CEO of MarkMonitor, explains that it is crucial for customers to stay aware of the possibility of buying counterfeit goods, especially during the holidays. Most of us are looking for a bargain, and this is exactly why we tend to jump on these deals. On top of this, counterfeiters have gotten very good at making these fake goods look almost identical to the real deal, and it is near impossible, in some cases, for the untrained eye to tell them apart. Here are some more facts:

People are Exposed to Online Counterfeit Goods All of the Time

With so many counterfeit goods out there, you have likely been exposed to them, or even made a purchase. Younger people are more at risk of buying these goods, and when looking at those in the 18-34 year old range, almost 40% had purchased counterfeit goods in the past.

In addition to these goods, about 56% of people have received counterfeit emails, or those that seem as if they are coming from a certain company, such as Nike, but in reality, all of the items are fake. Fortunately, only about one in 20 consumers are likely to click on these links, but that means that about 5% of consumers are directed to these sites, too, and may get caught up in the bargains.

This is a Global Issue

Statistics also show that about 64% of global consumers are worried about online security. These same consumers report that they feel safer buying from local extensions, such as .de, .uk and .co.

Attitudes Towards Buying Counterfeit Goods

One of the most alarming facts that come up in these studies is that about 20% of consumers continue the purchase of their goods, even after finding themselves on a website with counterfeit goods.

As you continue your holiday shopping, make sure to keep these facts in mind and make sure to research any site you choose to buy from, even those that look like they may be legitimate.

Shoppers need to be cautious when searching online to spread their holiday cheer and MarkMonitor suggests checking this list twice to find out if websites are naughty or nice:

  1. Check the URL: In a practice known as “typosquatting” fraudulent sites will often be under a misspelled brandname.com, attempting to trick consumers into thinking they are on a reputable website.
  2. Check the Price: Counterfeiters have been getting very smart about pricing lately and not discounting their wares as heavily as before, but deep discounts – especially on unknown e-commerce sites – are a tip-off that consumers should do a lot more checking before buying.
  3. Check the “About” and the “FAQs” pages: Though some sites look professional at first glance, but are not always so careful about these pages. Check for spelling and grammatical errors.
  4. Check for reviews: Many fraudulent websites’ reputations proceed them. Search for what people are saying about the site and include the term ‘scam’ with the site name to see if they are known to be a risky site.  

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures.

8 Ways to Ensure Safe and Secure Online Shopping this Holiday Season

So, who’s on your holiday gift list this year? That list is a lot longer than you think; consider all the names of hackers that have not yet appeared on it. Scammers will do whatever it takes to get on your holiday gift list! Here’s how to keep these cyber thieves out of your pocket:

  • Before purchasing from a small online merchant, see what the Better Business Bureau says and also search Google for reviews.
  • If you see an unexpected e-mail allegedly from a retailer you shop at, don’t open it. Scammers send out millions of trick e-mails that appear to be from major retailers. They hope to trick gullible shoppers into clicking on them and revealing sensitive information. So many of these scam e-mails get sent out that it’s common for someone to receive one that appears to be from a store they very recently purchased from.
  • When shopping online at a coffee house or other public spot, sit with your back to a wall so that “visual hackers” don’t spy over your shoulder. Better yet, avoid using public Wi-Fi for online shopping.
  • Back up your data. When shopping online it’s highly probable you’ll stumble upon an infected website designed to inject malicious code on your device. Malware called “ransomware” will hold your data hostage. Backing up your data in the cloud to Carbonite protects you from having to pay the ransom.
  • Save all your financial, banking and other sensitive online transactions for when you’re at home to avoid unsecure public Wi-Fi networks.
  • Change all of your passwords to increase your protection should a retailer you shop at fall victim to a data breach. Every account of yours should have a different and very unique password.
  • Ditch the debit card; a thief could drain your bank account in seconds. Use only credit cards. Why? If a fraudster gets your number and you claim the unauthorized purchase within 60 days, you’ll get reimbursed.
  • Review your credit card statements monthly and carefully. Investigate even tiny unauthorized charges, since thieves often start out small to “test the waters.”

Robert Siciliano is an expert in personal privacy, security and identity theft. Learn more about Carbonite Personal plans. See him discussing identity theft prevention. Disclosures.