Posts

Tips to Stay Digitally Safe on Spring Break

Give me a break! In the next month, students will get the week off for spring break—a much needed reward after months of hard work and, for some, gnarly winter weather. Spring break means free time, family vacations, trips with friends, and timeless memories.

7WBut, spring break can pose some risks to your online reputation and your identity. So whether you are going to party it up in the Caribbean or you are taking the kids to Disney World, here are some tips to keep you digitally safe this spring break.

  1. Don’t bring more technology than you have to. Do you really need to bring your laptop, tablet, and smartphone on your beach vacation? The more devices you bring, the more chances for someone to steal or compromise your device and your personal data.
  2. Backup your data. No matter what devices you decide to bring, make sure you back them up before you leave. You don’t know what will happen on your trip, don’t risk your data.
  3. Share when you get home. It’s tempting to share that family picture with Mickey, but it could alert thieves that you aren’t home. Wait until you return home before you share your vacation pictures online.
  4. Review your privacy settings. Just because you aren’t sharing anything from your spring break on social media, doesn’t mean that your friends aren’t. Check up on your privacy settings so you can manage who sees your content, and as best as possible, what others say about you. That embarrassing video of your belly flop doesn’t need to be seen by everyone.
  5. Be careful when using public Wi-Fi. Don’t log on to bank/credit card sites or shop online when using a public Internet connection. You don’t know who else is on your network.
  6. Install security software on all your devices. Use comprehensive security software likeMcAfee LiveSafe™ service to protect your devices no matter where you are.

Have a great spring break!

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Everyone is vulnerable to Attack

There’s the war on drugs, the war on terrorism, the war on cancer and the war on cyber threats. In fact, more people are vulnerable to cyber attacks than they are to the first three threats combined.

7WSo pervasive is this threat that President Obama fully recognizes that everyone is at risk. He even signed an executive order recently in the hopes of promoting the sharing of more cybersecurity related data between the government and the private sector.

Recently President Obama presented a speech at Stanford University; the attendees included government officials and leaders in the tech world. He admitted that the government is a bit befuddled over how to provide the private sector with protection from cyber threats. And don’t forget that many hackers operate overseas, making them tougher to track down.

Obama’s message is that it’s difficult for the government to simultaneously protect the public and not be intrusive into peoples’ privacy.

He referred to the cyber world as the “Wild Wild West,” but it sounds more like the Wild Wicked Web. But he likens it to the Old West because people want the government to play the role of sheriff.

With practically the entire world online (even people living in huts along rivers have computers), everyone’s a potential victim.

Obama has really been putting his foot down hard about this, having begun in 2013, when the so-called cybersecurity framework was formulated—a scheme that’s designed to enhance cyber security, and this protocol has been put in place by some major corporations.

But Obama hasn’t stopped there. In January he announced plans for additional protection for the private sector.

Nevertheless, many people, including business decision makers, believe that the Obama Administration isn’t moving fast enough. They want to see these plans in writing, but these executive orders have not been made obtainable, perhaps making some tech leaders feel that Obama isn’t taking things quite as seriously as he says he wants to.

Regardless, the onus of responsibility is on you good reader. Nobody is going to protect your device or data better than you. Keep reading, keep your devices updated and maintain your awareness of various scams because criminals are getting better and better every day.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. Disclosures.

What happens when a Bank Account is hacked?

Who’d ever think that 50 years ago, your money was safer in your bank account than it is today in this “modern” age: remote theft. If you bank with a large or small bank, your account may be at risk by hacking rings.

7WHowever, most of the time, but not always, if your account is drained by a cyber thief, the bank will cover it for you.

The latest information is that a big attack is planned in the spring, but it’s the “It’s easier to get one dollar from a million people than it is to get a million bucks from one person” type of attack plan. The apparent hacking plan involves stinging mass numbers of banking customers via the customers’ computers.

Because banks are a favorite target for cyber thieves, financial institutions are always improving their cyber security. However, criminals get into bank accounts by suckering customers into revealing personal information; we’re talking thieves who don’t directly hack the bank, but hack YOU.

  • Never click links inside e-mails—including those that SEEM to be coming from PayPal, Chase or whatever institution you use.
  • Typically, these scam messages are constructed by thieves posing as your bank. They tell you your account is about to be compromised, or there are suspicious withdrawals or something else to grab your attention, and that to correct the problem, you must visit their site and enter some information. This is a scam to get your login information! The phony site that the link goes to is constructed to look exactly like the authentic bank sites.
  • If you’re not convinced these scammy e-mails you got have gone to a million other people, then phone your bank and inquire about the message.
  • Never use the “remember your computer” option that banks offer. Forget the convenience; just deal with the login hassle every time for better security.
  • Don’t hide your savings in your house because you figure they’re safer there. If you follow the aforementioned rules, your money will be far safer in your bank than hidden inside your toddler’s teddy bear.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

10 Ways to protect Yourself while traveling

Some thieves specialize in hanging around tourist spots to spot the tourists and make them victims of hands-on crime such as purse snatching or a mugging. But don’t wait till you’re aimlessly wandering the piazza with your face buried in a huge map to take precautions against less violent forms of crime.
1S

  1. Before traveling, make copies of your driver’s license, medical insurance card, etc., and give these to a trusted adult. Have another set of copies in your home. Scan them and email to yourself.
  2. Never post your travel plans on social media until you return. You never know who’s reading about you.
  3. Before departing from home, make sure your credit card company and bank know of your travel plans.
  4. Clear your smartphone or other device of personal data that’s not essential for your trip.
  5. Travel on a light wallet. Take two credit cards with you in case one is lost or stolen. Have with you the phone numbers for your bank and credit card company, just in case.
  6. Avoid using Wi-Fi in coffee houses, airports and other public areas other than to just read celebrity gossip or catch the news. Use a VPN. Google it.
  7. When traveling internationally, read up on the safety of food and water and get whatever shots you may need.
  8. Never give your credit card number to the hotel staff (or at least, anyone identifying themselves as hotel staff) over the phone in your hotel room. The call could be coming from a thief posing as hotel staff telling you they need your number again.
  9. Never leave anything out in your hotel room that reveals personal information, such as a credit card receipt, passport, checkbook, medical insurance card, etc. If the room does not have a safe, then have these items on you at all times.
  10. Use only an ATM that’s inside a bank, never a free-standing one outdoors somewhere. Cover the keypad with your other hand as you enter the PIN to thwart ATM skimmers.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Post Holiday Online Shopping Security

When it comes to online security, don’t let your guard down just because the holiday shopping frenzy has passed. In fact, this may be the very time to put your guard up even higher.

4HThough it’s smart to have your radar on for the scammers during the holidays, the scammers don’t exactly go slithering back under their slimy rocks once the New Year is here. So here’s how to be safe online during, and after, the holiday season.

  • Never click a link inside an e-mail. Better yet, delete, without even opening, any e-mails with subject lines promising great offers, gifts, prizes, money or other hyped-up things.
  • If you don’t see the “https” before the Web address in the address bar, the site is not secure. A secure site always has “https” preceded by a padlock symbol.
  • Be suspicious of “too good to be true” offers that are tweeted or messaged through social media.
  • Do you shop on eBay? Then shop on eBay, not through e-mails supposedly sent by eBay. These are scams.
  • Speaking of eBay, always review the feedback of the seller.
  • Another thing to look for is the domain name of anything you received via e-mail. Scammers typosquat or cybersquat on legitimate domains.
  • You can upgrade your protection by doing your online shopping only with reputable, well-known retailers. Though some purchases will be an exception (e.g., home-baked chocolate chip cookies), other purchases like electronics, appliances, linens and consumables should be purchased from trusted merchants.
  • Shop online only when your connection is secure; Unless you use a VPN, never shop in cyberspace from a hotel’s, airport’s or café’s Wi-Fi connection. And make sure your computer’s security is always updated.
  • Never use a debit card online, because if a scammer takes your money, it will be gone that instant from your checking account. With a credit card, at least you won’t have to pay the bill if the fraud is reported within 60 days.
  • Never make an online purchase with your checking account—this means money being withdrawn before you receive the product…that you might never receive anyways.
  • Check credit card statements every two weeks if it’s set up online, and check every paper statement.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention.

Mobile Employees Are a Security Risk

Not too long ago, the office computer filled an entire room. Now, it fills the palms of one-third of employees—those workers who use only the mobile device for their jobs. Security, however, lags behind in keeping up with this growing trend. This is the BYOD generation: bring your own device (to work).

8DIT departments need to keep one step ahead of this fast-growing trend. It’s here to stay, and one reason is because it’s responsible for significantly pumping up productivity. Employers love this. More productivity = higher profits. You’d think that some of these increased profits would be reinvested in security training that correlates to the BYOD movement, since the BYOD movement strongly correlates with an increase in data breaches and risks of breaches.

But it’s not. Organizations still aren’t seeing the light.

A recent Ponemon Institute survey reveals that for a large portion of employees, the mobile device is a first-line medium for conducting business. That one-third figure mentioned earlier is forecasted to jump to 50 percent over the next 12 months.

With all the improvements in productivity comes a corresponding jump in the risks of data breaches—both intentional and accidental. The survey reveals that 52 percent of the participants said that security training for smartphones was shelved in the name of sharpening worker productivity.

Another finding: One-third of businesses don’t even have existing security programs for the BYOD’ers. About three-quarters of respondents said that their existing security was lax. And don’t think that security risks mean only computer viruses, phishing e-mail scams, being lured to malicious websites, being tricked into downloading malware, etc.

There’s a huge risk in the form of roving eyes. A “visual hacker” uses his eyes, and sometimes with the assistance of binoculars or a mobile device camera, to prowl for unguarded computer screens in public like at airports, hotels and coffee houses. He swipes sensitive data by recording it with a camera or seeing it and then writing down what he sees or even memorizing it. Workers can prevent “shoulder surfing” with the ePrivacy Filter software by the 3M company. Combine this software with a 3M Privacy Filter, and the user will be able to thwart a hacker hovering over his or her shoulder from virtually any angle.

The typical business, says the survey, handles 20,000 mobiles, and that number is fast-rising. This will heap on the pressure to implement solid security plans. Managing each device won’t be cheap, either, but a pricey stitch in time will save an obscene expense times nine.

Sixty percent of the survey takers said that mobiles have made employees rather lazy with security awareness. There’s definitely a human factor involved with all of this that businesses must address.

If employees want to use mobiles to conduct business, they should also embrace the responsibility that comes with the use of these devices—that of being willing to learn how to keep the sensitive data that’s stored in these devices safe, and also being willing to learn how to recognize social engineering and other cyber criminal tricks.

Robert Siciliano is a Privacy Consultant to 3M discussing Identity Theft and Privacy on YouTube. Disclosures.

How The Internet of Things can go very wrong

The Internet—one of history’s greatest inventions—is also one of history’s greatest platforms for crime. Here are ways things can go very wrong with the Internet of Things.

2DMed-hacking. Researchers have hacked many medical devices. Though it apparently hasn’t happened in the real world, yet, but it looks like it’s only a matter of time before medical equipment becomes hacked, such as automatic insulin pumps and pacemakers. The FDA is quite new to looking into this potential.

Sauna house. It’s possible for a hacker, if not currently, then in the near future, to get into your connected thermostat and kick it up to 120 degrees. Yes, it’s great to control the thermostat when you’re away from home…but someone else who has too much time on his hands might think that’s great, too!

Smartphones. Maybe one day it will be smarter to go back to the dumb phone. At least a dumb phone can’t be used by a hacker to turn things upside down for you, such as getting ahold of your financial account numbers or sensitive photos.

Your printer can get hacked. Someone could remotely bust into it and view your documents. A crook can infect your home printer with a Trojan to not only spy, but install malware. And if your printer is potentially a target for hackers, imagine what else around your house could be, such as your router and any other gadget that’s connected to the Internet.

From carjack to car-hack. A connected car can be hacked via its wireless enabled radio, with commands then going to the steering wheel or brakes. Know any computer geniuses who hate you and know your car is connected?

Satellite airline equipment is vulnerable to malicious invasions; this has potential repercussions to the communications involving airplanes and ships. This kind of hacking can go as far as tricking a plane to redirect its course.

The TSA carry-on baggage scanner can be hacked into and then used to get weapons past TSA checkpoints. There’s even a feature that can show fake images on the X-ray screen.

So, don’t worry about any of this. But DO something about it. At a minimum lock down your wireless with encryption. Routers come with WPA/2 security and it should be activated. Otherwise deploy antivirus, antispyware, antiphishing and a firewall.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Steps to Manage a secure online backup

Cyber storage does not always = secure backup. Users of cloud storage have many potential tools at hand to beef up security. And just because cloud services have some loopholes doesn’t mean you should just throw in the towel, as the saying goes, and figure “What’s the point?”. Here are some ways to beef up cloud storage security and manage your online backup.1D

  • Take inventory of what’s stored in your cloud account. Evaluate how important each data item is. If the cloud service can access your data, you may want to make some adjustments, since some of your data might not be compatible with the service’s terms.
  • Consider encrypting your most sensitive data if you don’t want to remove it from the cloud and then back it up locally.
  • Don’t put all your data in one basket, either. Suppose all your data is stored in one cloud service, and that service gets hacked or something else happens and you lose your data—or it’s in the hands of thieves. If you use more than one cloud service, then at least if one gets hacked, you’re not totally screwed. Think of this as being like having your precious jewels locked in several small safes throughout your house, rather than in one giant safe. What are the odds that an intruder will find all the safes and get into all of them?
  • If your cloud account has any devices, services or applications linked, very carefully inspect and modify their settings to optimize security. Discard useless, old, unused connections so they don’t become portals to your data.
  • Use two-factor authentication on every cloud password when available. If the service doesn’t offer two-factor, consider dumping it.
  • Make your answers to security questions crazy-nutty, but also memorable.
  • Assess your cloud passwords. They should be very different from each other. If you can’t handle memorizing a bunch of long, convoluted passwords (which are the best kind), use a password manager.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Beware These College-Related Scams

The last group of college students has headed off to school for another semester of dorm rooms, late-night library sessions, and the occasional college party. For many students, college is the first time they’ve lived away from home. They are young, open to new things, and sometimes, naïve. These traits make them prime targets for scams.

9DHere are some of the most popular college scams:

  • Fake College Websites
    Here’s how this works. Scammers copy a college’s website but use a fictitious name on the site (in essence creating a spoofed site). They use this site to collect application fees and gather personal information. They even go so far as to send out rejection letters to applicants to try and “maintain” their credibility. But all this application will get you is financial loss and the potential to be victim for future phishing scams.
  • Diploma Mills
    These are unaccredited colleges or universities that provide illegal degrees and diplomas for money. Many spoofed college websites are also used as diploma mills. Though some diploma mills may require students to buy books, do homework and even take tests, the student will be passed no matter what. In some cases, users get a diploma simply by purchasing it. In any case, you’re out of money and have no valid diploma.
  • Fake Scholarships
    Let’s face it. College is not cheap. Therefore, many students look for scholarships to help ease the financial cost. Scammers profit on this need by creating fake scholarships, which require you to submit a fee when applying for the money. You never see a dime and you’ve lost that application fee as well as given up some of your personal info.
  • Wi-Fi Scams
    Computers are an essential part of the college experience and wi-fi connectivity is a necessity. So while you may not want to pay or can’t afford to pay for wi-fi connectivity, you need to be careful when using free wi-fi as hackers can easily intercept your communications.

So while college is a time to learn and experience new things, you also want to avoid getting scammed. So here’s some tips on how to make sure you don’t get taken by one of these scams:

  • To protect yourself, develop the habit of not giving personal information to strangers and double check the authenticity of the organization.
  • Before sending in any online application, double check the accreditation for any college or university. In the United States, you can do that on the Department of Education site.
  • Verify that a scholarship is valid, by checking with an organization like FinAid.org.
  • Avoid doing any sensitive transactions like shopping or banking when using free wi-fi connections.

Yes, there are plenty of scams out there. But with common sense and a willingness to double-check, students can avoid being lured in.

Have a great school year!

For more tips on how to stay safe online, follow McAfee on Twitter or like them on Facebook.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Is private NSA proof E-mail possible?

You can buy encryption tools to prevent people from reading the contents of your e-mails should they intercept them. But what about those who have NSA-caliber resources and skills?

7WThe problem is that encryption services usually leave wide open the e-mail’s metadata: e.g., sender, recipient, subject line and timestamp.

But a new service, ShazzleMail, delivers e-mail straight from sender to recipient without any metadata.

ShazzleMail software is downloaded, then encrypts e-mails, but your device must be switched on so that the recipient could download the e-mail.

If the recipient doesn’t have ShazzleMail, they’ll get a message headline, “Secure Message from Jack Jones,” plus a message text: “Jack Jones has sent you a secure, encrypted e-mail via ShazzleMail. Click to View.” ShazzleMail is free, though there’s an enterprise version for a monthly fee of $5.

Can a hacker defeat ShazzleMail? Well, without any metadata, how can a hacker track the message’s path? There’s no middleman; the messages go straight from sender to recipient. ShazzleMail says, however, that it’s not fool-proof against the NSA if the NSA wants to really go at it. Nevertheless, ShazzleMail puts a lot more barbed wire on that fence.

And then there’s Enlocked, which offers “military-grade e-mail security” for professionals by encrypting e-mails before they’re sent. However, the metadata is visible. This is a big problem if the mere communication between two parties is significant, or the timeline or whom the parties are is very telling.

Another option is Raellic Systems, which has software that lets users select from three levels of privacy.

Hushmail is another contender. They state: Hushmail can protect you against eavesdropping, government surveillance, unauthorized content analysis, identity theft and email forgery. When you are using Hushmail, the connection between your computer and the Hushmail server is protected by encryption. That means that if someone is eavesdropping on your Internet connection, they will not be able to read the traffic that you send to the Hushmail website. This is especially important if you are using your computer on a public or office network, or if you are using a wireless connection that is not encrypted.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.