Posts

15 Social Media Security Tips

1. Realize that you can become a victim at any time. Not a day goes by when we don’t hear about a new hack. With 55,000 new pieces of malware a day, security never sleeps.

2. Think before you post. Status updates, photos, and comments can reveal more about you than you intended to disclose. You could end up feeling like some silly politician as you struggle to explain yourself.

3. Nothing good comes from filling out a “25 Most Amazing Things About You” survey. Avoid publicly answering questionnaires with details like your middle name, as this is the type of information financial institutions may use to verify your identity.

4. Think twice about applications that request permission to access your data. You would be allowing an unknown party to send you email, post to your wall, and access your information at any time, regardless of whether you’re using the application.

5. Don’t click on short links that don’t clearly show the link location. Criminals often post phony links that claim to show who has been viewing your profile. Test unknown links at Siteadvisor.com by pasting the link into the “View a Site Report” form on the right-hand side of the page.

6. Beware of posts with subjects along the lines of, “LOL! Look at the video I found of you!”  When you click the link, you get a message saying that you need to upgrade your video player in order to see the clip, but when you attempt to download the “upgrade,” the malicious page will instead install malware that tracks and steals your data.

7. Be suspicious of anything that sounds unusual or feels odd. If one of your friends posts, “We’re stuck in Cambodia and need money,” it’s most likely a scam.

8. Understand your privacy settings. Select the most secure options and check periodically for changes that can open up your profile to the public.

9. Geolocation apps such as Foursquare share your exact location, which also lets criminals know that you aren’t home, so reconsider broadcasting that information.

10. Use an updated browser. Older browsers tend to have more security flaws.

11. Choose unique logins and passwords for each of the websites you use. I’m a big fan of password managers, which can create and store secure passwords for you.

12. Check the domain to be sure that you’re logging into a legitimate website. So if you’re visiting a Facebook page, look for the www.facebook.com address.

13. Be cautious of any message, post, or link you find on Facebook that looks at all suspicious or requires an additional login.

14. Make sure your security suite is up to date and includes antivirus, anti-spyware, anti-spam, a firewall, and a website safety advisor.

15. Invest in identity theft protection. Regardless of how careful you may be or any security systems you put in place, there is always a chance that you can be compromised in some way. It’s nice to have identity theft protection watching your back.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss social media scammers on CNN. (Disclosures)

 

Phishers Using Holidays and Social Media to Target

Recent reports of “The Oak Ridge National Laboratory, home to one of the world’s most powerful supercomputers, has been forced to shut down its email systems and all Internet access for employees since late last Friday, following a sophisticated cyberattack.”

The sophisticated cyber attack was reported to be the lowly unsophisticated phishing email.

Phishing is emerging as sophisticated due to ways in which the phish emails are disguised to look like legitimate communications often from other trusted employees on the inside.

The criminals behind these emails are doing their research on company websites finding key individuals to model and following up their research on Facebook and LinkedIn to make their phish emails more personal.

And while criminals are still targeting “whales” or CEOs of major corporations and their officers, they are using similar attacks on consumers, as well.

McAfee Labs discovered an attack this week with the subject line “Easter Greeting” that was spammed broadly and is currently hitting inboxes around the globe.  The e-mail that depicts a colorful picture of a bunny, chicks, and eggs has the subject line, “Easter Greeting From Alex.”  The clickable text at the bottom of the message reads “Download Animated Greeting Here” which is a booby trapped message that leads directly to malware and puts an infected PC under the control of the attacker who attempts to steal passwords and other personal information.

Since the threat has already been identified by McAfee Labs, McAfee software will protect customers against it.

This event is a good reminder for consumers to keep these basic computer safety rules in mind:

Don’t click on links in e-mail messages and be extra suspicious of messages like this Easter Greeting.  If you think it is legitimate, ask the supposed sender by sending a separate e-mail if they sent you a greeting.

Run a full, up-to-date suite of security software.

Ensure your operating system and other applications have the latest patches.

With more than 11 million victims just last year identity theft is a serious concern.  McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your financial accounts. Educate and protect yourself – please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing identity theft on YouTube. (Disclosures)

Using Social Media Passwords With Critical Accounts

For some social networking sites, security is not a top priority. Some do not protect your data with the same vigilance you could expect from your bank, for example. Nor do social media require strong passwords. And if you use the same passwords for more critical sites, like webmail or online banking, having your social networking account compromised can make those other accounts vulnerable as well.

Last year, 32 million passwords were posted online after a data breach at RockYou, a company that creates applications for social networking sites. The breach revealed the weakness of most people’s social networking passwords.

InformationWeek reports, that all the major sites have the same minimum password length of six characters. And password complexity checks are few and far between.

Of the 32 million people whose passwords were exposed, almost 1% had chosen “123456.” The next most popular password was “12345.” “Princess,” “qwerty,” and “abc123” were other common choices.

In another instance, phishers posted thousands of Hotmail addresses and the associated passwords in an online forum. These passwords were equally obvious. Those used most frequently included “111111,” “123456,” “1234567,” “12345678,” and “123456789.” Many of the phishing victims used people’s first names as passwords, most likely the names of their kids, spouses, and so on. 60% of the exposed passwords contained either all numbers or all lowercase letters.

Naturally, anyone using an insecure password is far more likely to be hacked. It is crucial to have strong, secure passwords for all online accounts, including social media accounts. And it is equally important to use different passwords for different accounts. Using the same password for social media sites as for critical accounts, like webmail and online banking, is an invitation for identity theft.

To protect your identity, observe basic security precautions. Consumers should also consider an identity theft protection product that offers daily credit monitoring, proactive identity surveillance, lost wallet protection, and alerts when suspicious account activity is detected. McAfee Identity Protection includes all these features, plus live help from fraud resolution agents if your identity is ever compromised. For more tips on protecting yourself, please visit www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him

discuss hacked email passwords on Fox News. (Disclosures)

Americans Waking Up to Social Media Privacy

There have been thousands of privacy related news reports over the past year depicting social networks, Google, marketers and advertisers as evil privacy violators who are slowly sucking dry whatever privacy we have left. Facebook has been raked over the coals by advocates and watchdogs who say their tactics violate their own policies. In response, numerous lawsuits have been filed and government agencies have put the pressure on everyone involved to come up with a serious solution.

It is evident that without some type of government oversight that the “self policing” done by all those who stand to gain financially by selling our data will continue to spin out of control to the point where privacy will be something of the past.

My stance as a security professional has always been on the “privacy is dead, get over it” side of the fence. I’ve always been of the belief that the data out there is as a result of the public’s own doing and if they don’t want the world to know their private thoughts they shouldn’t post it.  As they say, “the cat is out of the bag”.

However, my concern is not that the self exposed private data is out for the world to see is a violation of a person’s privacy, but what can be done with the data to affect ones security position.

Now as a result of all this attention to privacy, in a recent study published in the Wall Street Journal, about 36% of American adults said they were “very concerned” about their privacy on social-networking sites in 2010, compared with 30% who felt that way last year. The shift was particularly noticeable among people over age 44; 50% of people age 54 to 64 described themselves as “very concerned,” compared with 32% who said that in 2009.

In response, the WSJ further reports The Obama administration is preparing a stepped-up approach to policing Internet privacy that calls for new laws and the creation of a new position to oversee the effort, according to people familiar with the situation.

This is definitely a good thing as the US significantly lags behind Canada and Europe among others in regards to privacy.

Certainly I care about privacy and wish there was more. But the fact remains that the fundamental issue that affects ones well being is security. Too much information leaked may damage ones social standing in some ways and if you don’t want it out there then don’t put it out there. And considering marketers and advertisers have taken it up a notch, they definitely need to be watched by the watchdogs. But in the end, what’s most important is how that data can be used to hurt or harm you.

Home Security Source

Robert Siciliano personal security expert to Home Security Source discussing Facebook Apps leaking data on Fox News.

Police Warn Burglars Are Using Social Networks

The sage advice used to be “don’t tell the world you are on vacation via your outgoing answering machine.” Then we pretty much eliminated answering machines and the advice pertained to voicemail. As we got more technology, the same message was don’t tell the world you are on vacation via your emails auto responder.

For a few years now I’ve been warning people about how vulnerable they are when they post their whereabouts in social media. And it looks like the bad-guy figured it out and is taking advantage of peoples’ naiveté.

In Nashua, NH, police busted a bunch of burglars they say used Facebook as a tool to gather intelligence on who is home and who is not home.

Police said they recovered between $100,000 and $200,000 worth of stolen property as a result of an investigation.  Police said there were 50 home burglaries in the city in August. Investigators said the suspects used social networking sites such as Facebook to identify victims who posted online that they would not be home at a certain time.

“Be careful of what you post on these social networking sites,” said Capt. Ron Dickerson. “We know for a fact that some of these players, some of these criminals, were looking on these sites and identifying their targets through these social networking sites.”

It is obvious to me that none of these homes had home security systems, alarms or cameras. Due to the fact they were successfully burglarized. And once an intruder enters your home and does their dirty deed, your “castle” and how you feel in it is never the same.

Protecting yourself is real simple. Be cautious about what you post on social media and consider an investment in a home security system.

Robert Siciliano personal security expert to Home Security Source discussing Social Media and giving out to much information on the CBS Early Show. Disclosures.

Facebook + Hackers – Privacy = You Lose

I’m as sick of writing about it as you are sick of reading about it. But because Facebook has become a societal juggernaut: a massive inexorable force that seems to crush everything in its way, we need to discuss it because it’s messing with lots of functions of society.

We should all now know that whatever you post on Facebook is not private. You may think it is, but it isn’t. Even though you may have gone through all kinds of privacy settings and locked down your profile, Facebook has changed them up internally so many times that they may have defaulted to something far less private then what you previously set.

Furthermore, no matter how private you have set them to, if you friend someone who you don’t know (like that human resource officer), they see what’s “private” and anyone on the “inside” can easily replicate anything you post to the world.

The activist groups waging what amounts to an undeclared war against the social-networking site for the last year, complete with no fewer than three letters to federal regulators claiming Facebook’s actions are illegal said that they’re hardly ready to declare a truce.

Attacks targeting Facebook users will continue, and they could easily become even more dangerous. Computerworld reports “There are limitations to what Facebook can do to stop this,” said Patrik Runald, a U.K.-based researcher for Websense Security Labs. “I wouldn’t be surprised to see another attack this weekend. Clearly, they work.”

Websense has identified more than 100 variations of the same Facebook attack app used in the two attacks, all identical except for the API keys that Facebook requires.

What does this mean to you?

For crying out loud stop telling the world you hate your boss, neighbor, students’ teachers, or spouse and you’d like to boil a bunny on the stove to teach them a lesson. I guarantee even if you are kidding, someone won’t like it. What you say/do/post, lasts forever.

Stop playing the stupid 3rd party games. When you answer “25 questions about whatever” that data goes straight into the hands of some entity that you would never have volunteered it to.

Make sure you PC is secured. Keep your operating system up to date with security patches and anti-virus and don’t download anything from any email you receive or click links in the body of any email. Once you start messing with these files you become a Petri dish spreading a virus.

Robert Siciliano personal security expert to Home Security Source discussing Facebook scams on CNN.