Posts

Your ransomware profile: passwords, profiles and protection

If your computer password contains the name of your dog, your favorite vacation spot, and an easy-to-remember numerical sequence, then you are breaking some basic rules of password safety. Even though “BusterBermuda789” might seem impenetrable to you, this is a password security experts say is vulnerable.

ransomwareHere are five things to know about passwords:

  • A long, strong password goes a long way in helping prevent hacking.
  • Every account should have a different password.
  • A hacker’s password-cracking software can easily expose any password composed of an actual word or proper name, or keyboard sequences. (i.e. Mike123)
  • Passwords should be a jumbled mix of upper and lower case letters, numbers and characters.
  • A password manager tool will make all of this easy for you. Here is one of password manager tool that can help you get started creating stronger passwords.

Need to Know: Four data protection tips

  1. Look out for suspicious emails: Hackers send out phishing emails to trick recipients into clicking a link or attachment that downloads a virus. Or, the link may take them to a website that tricks them into typing out login information. Fraudulent e-mails that look as if they could be from your bank, employer, medical plan carrier, the IRS, UPS, etc. But these will typically ask you do things the IRS and your bank would not. It’s unlikely that your bank lost your account information, and now needs it urgently. Also ignore any email claiming you won a prize, or inherited money. Make sure not to click on any attachments in an email. Attachments are a common way that cybercriminals spread ransomware.
  2. Use 2FA when available. Always choose 2FA – two-factor authentication – option whenever it’s available. Two-factor authentication is when a login attempt to an account prompts a text known as a One-Time Password (OTP) or voice-call to your phone with a unique numerical code that you can enter in a login field. Sign up for it if your account offers it. Yes, hackers have been known to lure users into texting them that special code. Always be suspect of any requests for your OTP.
  3. Protect online profiles. Many hackers get personal information from social media and then use those data pieces to figure out user names and your answers to security questions on your various accounts. Think about it: Do you really need to post the names of all your kids and pets, your wedding anniversary date (which you then might use in a password combination) and tell everyone where you work? It might be time to consider more carefully what you make public. And always make sure your settings are kept private, not public.
  4. Web and Wi-Fi safety. Consider multiple email addresses – not just multiple passwords – to distinguish from business and social contacts. Avoid Wi-Fi at hotels, coffee shops, etc. These are prevalent and convenient, yes, but extremely vulnerable. Never conduct financial transactions on public Wi-Fi. Use a VPN to secure Wi-Fi in remote locations. Your home network should use WPA-2 and not WEP connection. Ignore pop-ups.

A new level of awareness is needed as computer users navigate their professional and personal lives, and realize they are vulnerable – and their data is at risk – every time they log on to a system. Keep simple tips like this close by in order to avoid ransomware and other cyber threats.

Robert is a security analyst, author and media personality who specializes in personal security and identity theft and appears regularly on Good Morning America, ABC News and The TODAY Show.

The Password Reset Isn’t How to Remember a Password

Consider a keychain for a moment. For most of us, a keychain holds all of our necessities such as home keys, car keys, work keys and even forgotten keys, that we aren’t quite sure what to do with. Now, think about this. What if your keychain had keys that look identical, but each key only opens one door.

5DIf you are like most people, this key scenario is almost identical to the way you treat your account passwords online. What happens when you want to use a key, but you don’t know which one goes with which door? It can be very easy to forget and identify the key to the door or the password to the website.

What do you do in this situation? You probably wouldn’t have a friend that had a key to your home, and you certainly don’t want to break down the door. Should you call a locksmith every time you forget which key works? This sounds ridiculous, right? Well, it is no different than using the password reset feature when it comes to forgetting the password on a website. Instead, step up your password game.

Don’t Change Your Password Every Time You Forget It

You wouldn’t want to call a locksmith every time you lock yourself out of the house, and you should not rely on a password reset feature every time you forget your password.

  • If you have a number of accounts and don’t want the hassle of creating strong, long passwords, consider a password manager.
  • These services will help you to create a strong, secure password for every website you frequent, plus you will have a single master password, that allows you to manage it all.
  • A password manager eliminates having to reset a password.

Create the Best Password for Your Online Accounts

When it comes to creating the best password for any online account, According to Bill Carey, VP Marketing for the RoboForm Password Manager “It’s not a matter of if your password will be leaked, it’s a matter of when.  So protect yourself by using a strong and unique password for every website.”

  • Passwords must be a minimum of eight characters long, and they should include mismatched numbers, characters and letters.
  • The best passwords do not spell any words.
  • Use a password for each account, especially if using high-value websites such as banking sites.
  • Make sure to change your passwords regularly.

Robert Siciliano is a personal privacy, security and identity theft expert to RoboForm discussing identity theft prevention. Disclosures.

6 Ways to prevent Social Engineering Attacks

Hacking isn’t just about weak passwords and single-factor authentication. A lot of it occurs because people can be so easily tricked into giving up personal information: the craft of social engineering. Example: “Download this video of Kim K fully naked!” How many men would be lured into clicking this gateway to a viral infection? We are a sad species.

11DThe victim isn’t always a goofball like this. They can be a tech support agent tricked into resetting a password and handing it over. Often, the victims don’t even know they were targeted until well after the fact, if ever.

  1. Just say no—to giving out personal information. Social engineering can occur over the phone: someone pretending to be your bank, asking for your private information. Always contact any institution for verification they want your private data before blindly giving it out.
  2. Be scrupulous with security questions. Don’t answer ones that a hacker can easily get the answer to, such as “City you were born.” Choose the most obscure questions from the list. If all seem rather basic, though, then give answers that make no sense, such as “Planet Neptune” for the city you were born in. If you fear being unable to remember these answers, put the answers in an encrypted file or password manager.
  3. Do you get e-mails about password resets? Be careful. Contact the service provider to see if the e-mail is legitimate.
  4. You’ve probably heard this before, but here it is again: Never use the same password for multiple accounts! In the same vein, don’t use the same security questions, even though the list of security questions from one service provider to the next is usually the same list of questions. Do your best to use as much of a variety of questions as possible, and don’t forget, you can always give crazy answers to the same question for different accounts.
  5. Keep an eye on your accounts and their activity. Account providers such as Gmail have dashboards that show where you’re logged in and what tools or apps are connected. This includes financial and social media accounts.
  6. Beware of emails coming from anyone, for any reason that require you to click links for any reason. Social engineering via email is one of the true successful ways to con someone. Just be ridiculously aware.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Your Strong Password Isn’t so Strong

Banks rely on usernames and passwords as a layer of protection and authentication to prevent criminals from accessing your accounts. However researchers now show that your password—even though it may be a relatively “strong” one, might not be strong enough.

When you create a password and provide it to a website, that site is supposed to then convert them to “hashes” as Ars Technica explains “Instead, they work only with these so-called one-way hashes, which are incapable of being mathematically converted back into the letters, numbers, and symbols originally chosen by the user. In the event of a security breach that exposes the password data, an attacker still must painstakingly guess the plaintext for each hash—for instance, they must guess that “5f4dcc3b5aa765d61d8327deb882cf99” is the MD5 hashes for “password”.

But Ars did an experiment with some newbie technologist all the way up to expert hackers to see what they could do to crack the hash.

“The characteristics that made “momof3g8kids” and “Oscar+emmy2″ easy to remember are precisely the things that allowed them to be cracked. Their basic components—”mom,” “kids,” “oscar,” “emmy,” and numbers—are a core part of even basic password-cracking lists. The increasing power of hardware and specialized software makes it trivial for crackers to combine these ingredients in literally billions of slightly different permutations. Unless the user takes great care, passwords that are easy to remember are sitting ducks in the hands of crackers.”

How to get hacked

Dictionary attacks: Avoid consecutive keyboard combinations— such as qwerty or asdfg. Don’t use dictionary words, slang terms, common misspellings, or words spelled backward. These cracks rely on software that automatically plugs common words into password fields. Password cracking becomes almost effortless with a tool like “John the Ripper” or similar programs.

Simple passwords: Don’t use personal information such as your name, age, birth date, child’s name, pet’s name, or favorite color/song, etc. When 32 million passwords were exposed in a breach last year, almost 1% of victims were using “123456.” The next most popular password was “12345.” Other common choices are “111111,” “princess,” “qwerty,” and “abc123.”

Reuse of passwords across multiple sites: Reusing passwords for email, banking, and social media accounts can lead to identity theft. Two recent breaches revealed a password reuse rate of 31% among victims.

Protect yourself:

  1. Make sure you use different passwords for each of your accounts.
  2. Be sure no one watches when you enter your password.
  3. Always log off if you leave your device and anyone is around—it only takes a moment for someone to steal or change the password.
  4. Use comprehensive security software and keep it up to date to avoid keyloggers (keystroke loggers) and other malware.
  5. Avoid entering passwords on computers you don’t control (like computers at an Internet café or library)—they may have malware that steals your passwords.
  6. Avoid entering passwords when using unsecured Wi-Fi connections (like at the airport or coffee shop)—hackers can intercept your passwords and data over this unsecured connection.
  7. Don’t tell anyone your password. Your trusted friend now might not be your friend in the future. Keep your passwords safe by keeping them to yourself.
  8. Depending on the sensitivity of the information being protected, you should change your passwords periodically, and avoid reusing a password for at least one year.
  9. Do use at least eight characters of lowercase and uppercase letters, numbers, and symbols in your password. Remember, the more the merrier.

10. Strong passwords are easy to remember but hard to guess. Iam:)2b29! — This has 10 characters and says “I am happy to be 29!” I wish.

11. Use the keyboard as a palette to create shapes. %tgbHU8*- Follow that on the keyboard. It’s a V. The letter V starting with any of the top keys. To change these periodically, you can slide them across the keyboard. Use W if you are feeling all crazy.

12. Have fun with known short codes or sentences or phrases. 2B-or-Not_2b? —This one says “To be or not to be?”

13. It’s okay to write down your passwords, just keep them away from your computer and mixed in with other numbers and letters so it’s not apparent that it’s a password.

14. You can also write a “tip sheet” which will give you a clue to remember your password, but doesn’t actually contain your password on it. For example, in the example above, your “tip sheet” might read “To be, or not to be?”

15. Check your password strength. If the site you are signing up for offers a password strength analyzer, pay attention to it and heed its advice.

While you must do your part to manage effective passwords, banks are working in the background to add additional layers of security to protect you. For example, financial institutions are incorporating complex device identification, which looks at numerous characteristics of the online transaction including the device you are using to connect. iovation, an Oregon-based security firm, goes a step further offering Device Reputation, which builds on complex device identification with real-time risk assessments. iovation knows the reputations of over 1.3 billion devices in iovation’s device reputation knowledge base. By knowing a devices reputation, banks can better determine whether a particular device is trustworthy before a transaction has been approved.

Robert Siciliano, personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

Weak Passwords Can Cost You Everything

If your computer or mobile was hacked or your passwords were cracked and your data was lost or if all the websites you have an account with were hacked and all that information was the hands of a criminal, how devastated will you be?

In McAfee’s study on the value of digital assets, consumers estimated the total value of all their digital assets on multiple devices at an average of $35,000. Digital assets include: music downloads, videos, photos, apps, emails, text messages, health/financial/insurance records, resumes/CVs, portfolios, contacts, recipes, etc.

Nowadays, if you’re shopping, banking or using social media sites online, you need a user name and password. If you’re like most people, you probably take the easy way out and use the same user name and password for every new site you access.

The challenge is that some sites let you use numbers and symbols in your password and some don’t, or the user name you want may be taken. And an even bigger problem is with all those valuable assets we store on our devices, you are leaving yourself open to exposure by using the same password everywhere—if one account ends up getting hacked, all your accounts could be hacked.

Did you know that?

Over 60% of us have 3+ digital devices

55% of us store digital assets on these devices that would be impossible to recreate, re-download or re-purchase

Over 75% of us visit 5 or more sites regularly that require passwords

63% of us use easy to remember passwords or use the same password for most sites

17% of us do little to nothing to protect our passwords

You need a better plan

Make sure you use different passwords for each of your accounts

Always log off if you leave your device and anyone is around and don’t use the “remember me” function on your browser or mobile apps

Avoid entering passwords on computers you don’t control (like computers at an Internet café or library) or when using unsecured Wi-Fi connections (like at the airport or a coffee shop)

Don’t tell anyone your password—your trusted friend now might not be your friend in the future

Depending on the sensitivity of the information being protected, you should change your passwords periodically, and avoid reusing a password for at least one year.

Use comprehensive security software on ALL your devices (not just your PC!), like McAfee®LiveSafe, that comes with a password manager that securely stores your usernames and passwords to your favorite sites, and logs in for you—with just one click

Here’s some tips on how to create a strong password. Remember, your password is often your first line of defense—protect yourself!

And don’t forget to play The $35,000 Question game on Facebook for a chance to win some prizes, while learning about protecting your digital assets!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures.

Simplify and Secure Your Passwords

It seems that almost every site on the Web requires a password. At least twice a week, I get an email from someone who wants me to join yet another site, which requires yet another username and password.

You can cop out and use the same username and password combination, but that’s always possible since some sites let you use numbers and symbols in your password and some don’t, or the user name you want may be taken. Besides that’s just asking for trouble. If you use the same password for your banking account, Gmail account, and your medical account you are leaving yourself open to exposure—if one account ends up getting hacked, all those accounts could be hacked.

But how do you manage all those user names and passwords without having a cheat sheet in a file on your computer or stuck on post-it notes next to your computer? Neither option provides the security you should reserve for passwords.

The key to surviving this is to make a small investment in a password management service that stores your passwords on a security-restricted site that you can access from any device as long as you have an Internet connection. The best thing about a password manager is that you ultimately have just the one master password to remember, which gets you access to all the different passwords for each site.

Password managers also allow you to instantly create secure and complex passwords for each of your accounts, so that you don’t end up using the same one for every account. Usually trying to create complex passwords can be tiresome and it isn’t easily remembering them all, but with a password manager it remembers all your passwords for you.

You might ask how having one password manager that holds the “key” to all my user names and passwords safe? Well it’s much safer than what you’re most likely using today and most of these password managers utilize a high-level of encryption that can’t easily be cracked.

The real security vulnerability is with your own computer and devices and any existing or future malware that it may have that could record your keystrokes or take screenshots. To prevent this, you need to make sure you have a clean device and run scans on a regular basis.

Never forget your passwords again with McAfee SafeKey password manager tool. McAfee SafeKey is available with McAfee All Access and it securely stores your usernames and passwords for your favorite sites, and logs in for you—with just one click. And it works and syncs across all your PC, Mac, iPhone or Android devices.

Robert Siciliano is an Online Security Expert to McAfeeDisclosures.

Do You Share Passwords with Your Partner?

Do you? I do and I’ve been doing it since I said “I do.” And if you are married or at least in a committed lifelong relationship, knowing each other’s passwords is probably expected. Today, sharing passwords has become a sign of commitment, a signal of love and devotion, like a varsity sweater or friendship ring. But what’s happens when the relationship goes sour (with a divorce rate of 50% to back me up here)?

Chances are good, that your significant other (if they have your passwords) will engage in revenge tactics with your account after a breakup. Despite public awareness of data leaks and high profile celebrity photo scandals, we continue to take risks by sharing personal information and intimate photos with our partners and friends, thus putting ourselves at risk for a “revenge”  situation.

28% of people have regretted (once they broke up) sending intimate content and 32% have asked their ex-partner to delete the personal content. But despite these risks, 36% of Americans still plan to send sexy or romantic photos to their partners via email, text and social media on Valentine’s Day.

People need to be more informed about the consequences of sharing so much private information with their partners. Sharing passwords with your partner might seem harmless, but it could and often does result in critical personal information falling into the wrong hands and landing on a public platform for all to see.

Today, McAfee released the study, Love, Relationships, and Technology: When Private Data Gets Stuck in the Middle of a Breakup, which examines at the pitfalls of sharing personal data in relationships and discloses how breakups can lead to exposure of private data.

Of those surveyed, the actions one’s partner took that led to a person exposing personal data are:

Lying (45.3%)

Cheating (40.6%)

Breaking up with me (26.6%)

Calling off Wedding (14.1%)

Posting pictures with someone else (12.5%)

Other (12.5%)

To make sure this doesn’t happen to you, I’ll make it easy for you. Think twice—digital is forever. It will haunt you and follow you. Just don’t do it.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!   Disclosures.

What Makes My Passwords Vulnerable?

There is no such thing as a truly secure pass­word. There are only more secure or less secure passwords. Passwords are currently the most convenient and effective way to control access to your accounts.

Most people aren’t aware of the numerous com­mon techniques for cracking passwords:

Dictionary attacks: There are free online tools that make password cracking almost effortless. Dictionary attacks rely on software that automatically plugs com­mon words into password fields. So, don’t use dictionary words, slang terms, common misspellings, or words spelled backward. Avoid consecutive keyboard combinations such as qwerty or asdfg.

Cracking security questions: When you click the “Forgot Password” link within a webmail service or other website, you’re asked to answer a question or series of questions to verify your identity. Many people use names of spouses, kids, other relatives, or pets in security questions or as passwords themselves. These types of answers can be deduced with a little research, and can often be found on your social media profile. Don’t use traceable personal information in your security questions or passwords.

Simple passwords: When 32 million passwords were exposed in a breach last year, almost 1% of victims were using 123456. The next most popular password was 12345. Other common choices are 111111, princess, qwerty, and abc123. Avoid these types of passwords, which are easily guessed.

Reuse of passwords across multiple sites: When one data breach compro­mises passwords, that same login infor­mation can often be used to hack into users’ other accounts. Two recent breaches revealed a password reuse rate of 31 percent among victims. Reusing passwords for email, banking, and social media accounts can lead to identity theft.

Social engineering: As previously described, social engineering is the act of manipulating others into performing cer­tain actions or divulging confidential information, and can be used as an alter­native to traditional hacking. Social engineering can be employed to trick tar­gets into disclosing passwords.

One day we will develop a truly secure password, perhaps a cross-pollination of various access control tools such as biometrics, dynamic-based biometrics, image-based access, and multi-factor authentication. In the meantime, protect your information by creating a secure password that makes sense to you, but not to others.

Use different passwords for each of your accounts.

Be sure no one watches as you enter your password.

Always log off if there are other people in the vicinity of your laptop or other device. It only takes a moment for some­one to steal or change your password.

Use comprehensive security software and keep it up to date to avoid keystroke log­gers and other malware.

Avoid entering passwords on computers you don’t control, such as at an Internet café or library. These computers may have malware that steals passwords.

Avoid entering passwords when using unsecured Wi-Fi connections, such as at an airport or in a coffee shop. Hackers can intercept your passwords and other data over this unsecured connection.

 

Robert Siciliano is an Online Security Expert to McAfee. See him discussing identity theft on YouTube.(Disclosures)

15 Tips To Better Password Security

Protect your information by creating a secure password that makes sense to you, but not to others.

Most people don’t realize there are a number of common techniques used to crack passwords and plenty more ways we make our accounts vulnerable due to simple and widely used passwords.

How to get hacked

Dictionary attacks: Avoid consecutive keyboard combinations— such as qwerty or asdfg. Don’t use dictionary words, slang terms, common misspellings, or words spelled backward. These cracks rely on software that automatically plugs common words into password fields. Password cracking becomes almost effortless with a tool like John the Ripper or similar programs.

Cracking security questions: Many people use first names as passwords, usually the names of spouses, kids, other relatives, or pets, all of which can be deduced with a little research. When you click the “forgot password” link within a webmail service or other site, you’re asked to answer a question or series of questions. The answers can often be found on your social media profile. This is how Sarah Palin’s Yahoo account was hacked.

Simple passwords: Don’t use personal information such as your name, age, birth date, child’s name, pet’s name, or favorite color/song, etc. When 32 million passwords were exposed in a breach last year, almost 1% of victims were using “123456.” The next most popular password was “12345.” Other common choices are “111111,” “princess,” “qwerty,” and “abc123.”

Reuse of passwords across multiple sites: Reusing passwords for email, banking, and social media accounts can lead to identity theft. Two recent breaches revealed a password reuse rate of 31% among victims.

Social engineering: Social engineering is an elaborate type of lying. An alternative to traditional hacking, it is the act of manipulating others into performing certain actions or divulging confidential information.

How to make them secure

  1. Make sure you use different passwords for each of your accounts.
  2. Be sure no one watches when you enter your password.
  3. Always log off if you leave your device and anyone is around—it only takes a moment for someone to steal or change the password.
  4. Use comprehensive security software and keep it up to date to avoid keyloggers (keystroke loggers) and other malware.
  5. Avoid entering passwords on computers you don’t control (like computers at an Internet café or library)—they may have malware that steals your passwords.
  6. Avoid entering passwords when using unsecured Wi-Fi connections (like at the airport or coffee shop)—hackers can intercept your passwords and data over this unsecured connection.
  7. Don’t tell anyone your password. Your trusted friend now might not be your friend in the future. Keep your passwords safe by keeping them to yourself.
  8. Depending on the sensitivity of the information being protected, you should change your passwords periodically, and avoid reusing a password for at least one year.
  9. Do use at least eight characters of lowercase and uppercase letters, numbers, and symbols in your password. Remember, the more the merrier.

10. Strong passwords are easy to remember but hard to guess. Iam:)2b29! — This has 10 characters and says “I am happy to be 29!” I wish.

11. Use the keyboard as a palette to create shapes. %tgbHU8*- Follow that on the keyboard. It’s a V. The letter V starting with any of the top keys. To change these periodically, you can slide them across the keyboard. Use W if you are feeling all crazy.

12. Have fun with known short codes or sentences or phrases. 2B-or-Not_2b? —This one says “To be or not to be?”

13. It’s okay to write down your passwords, just keep them away from your computer and mixed in with other numbers and letters so it’s not apparent that it’s a password.

14. You can also write a “tip sheet” which will give you a clue to remember your password, but doesn’t actually contain your password on it. For example, in the example above, your “tip sheet” might read “To be, or not to be?”

15. Check your password strength. If the site you are signing up for offers a password strength analyzer, pay attention to it and heed its advice.

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing how to protect yourself from identity theft on CounterIdentityTheft.com. (Disclosures)

 

Check Your Password Security

Passwords are the bane of the security community. We are forced to rely on them, while knowing they’re only as secure as our operating systems, which can be compromised by spyware and malware. There are a number of common techniques used to crack passwords.

Dictionary attacks: These rely on software that automatically plugs common words into password fields. Password cracking becomes almost effortless with a tool like John the Ripper or similar programs.

Cracking security questions: When you click the “forgot password” link within a webmail service or other site, you’re asked to answer a question or series of questions. The answers can often be found on your social media profile. This is how Sarah Palin’s Yahoo account was hacked.

Simple passwords: When 32 million passwords were exposed in a breach last year, almost 1% of victims were using “123456.” The next most popular password was “12345.” Other common choices are “111111,” “1234567,” “12345678,” “123456789,” “princess,” “qwerty,” and “abc123.” Many people use first names as passwords, usually the names of spouses, kids, other relatives, or pets, all of which can be deduced with a little research.

Reuse of passwords across multiple sites: Reusing passwords for email, banking, and social media accounts can lead to identity theft. Two recent breaches revealed a password reuse rate of 31% among victims.

Social engineering: Social engineering is an elaborate type of lying. An alternative to traditional hacking, it is the act of manipulating others into performing certain actions or divulging confidential information.

There are a number of ways to create more secure passwords. One option is to create passwords based on a formula, using a familiar name or word, plus a familiar number, plus the first four words of the website where that password will be used. Mix in a combination of upper and lowercase letters, and you have a secure password. Using this formula, your Bank of America password could be “Dog7Bank,” for example. (Add one capital letter and an asterisk to your password, and it can add a couple of centuries to the time it would take for a password cracking program to come up with it.)

Password managers can also help generate and store secure passwords. Some people like Lastpass. Another incredibly efficient and secure service is Roboform, which has a “Generate” tab in its browser toolbar that creates passwords that can’t be guessed, like “ChF95udk.” All your passwords are backed up on a secure encrypted server and can sync on multiple PCs.

It is just as important is to make sure your PC is free of malicious programs like spyware and keylogging software. Beware of RATs, or Remote Access Trojans, which can capture every keystroke typed, take a snapshot of your screen, and even take rolling video of your screen with a webcam. But what’s most damaging is the possibility of a RAT gaining full access to your files, including any passwords being stored by a password manager.

Use antivirus and anti-spyware software and firewalls, and set up your PC to require administrative rights in order to install any new software.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses hackers using social engineering to hack email on Fox News. Disclosures