Posts

Set Privacy on these Social Media Apps

Just like older generations never thought that the dial phone in the kitchen could be dangerous (think phone scams), today’s kids don’t have a clue how hazardous smartphone apps can really be. They are a godsend to pedophiles, scammers and hackers. And let’s not forget other kids who just want to be cruel bullies.

14DParents should have informative discussions with their kids about the various apps out there. And it’s okay to forbid particular apps you aren’t comfortable with. Like Musicly, search “Musicly safe for kids” and see why. Apps aren’t as innocent as you think. They are potential gateways to some real creepsters out there—and that’s putting it mildly.

Applications have safety settings. Do you know what they are? How they work?

Instagram

  • A person with or without an Instagram account can view your images unless you have the security setting on for “Private Account” under “Options.”

Snapchat

  • Enable the self-destruct feature to destroy communications quickly after they are sent.
  • But don’t rely on this entirely, because it takes only seconds for the recipient to screenshot the text or sext into cyberspace.
  • Set the “Who Can Contact Me” setting to “My Friends” so that strangers posing as 13-year-olds don’t get through to your child.

Whisper

  • Don’t let the name fool you; Whisper is not anonymous, thanks to geotagging.
  • Go to your iPhone’s settings and change the location access to “Never.”

Kik

  • Kik is not anonymous, contrary to popular belief, because anyone can get ahold of a youth’s username on other social media, making it possible to then contact that person on Kik.
  • Under “Notifications” disable “Notify for New People.” This will put strangers’ messages in a separate list.
  • Don’t share usernames.

Askfm

  • This question-and-answer service attracts cyberbullies.
  • In the privacy settings, uncheck “Allow Anonymous Questions.”
  • The user should remain anonymous.

Omegle

  • This video-chatting service is a draw for pedophiles.
  • It should never be linked to a Facebook account.

Your worries are fully justified. Words, images, and video, are very powerful. Though the age of e-communications is here to stay, so are psychos. It’s their world too. Your kids, unfortunately, must share it with them, but that doesn’t mean they have to receive communications from them or be “friends” with them.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Stop being a blabber on Social Media

Are you a cyber-blabber? Even a post about your daily afternoon foray to the sub sandwich shop could get you in trouble: A burglar reading this knows when to rob your house. But it doesn’t end there. STOP THE MADNESS!

14DThe Giants: Facebook and Twitter

  • Be careful what you post on Facebook and tweet about. It can be used against you in court, even something as innocuous as: “I’m training for my very first 10K.” Not good if you’re suing someone who hit your car for back pain and suffering.
  • Lawyers will take the time to scroll the Facebook timeline and your tweet history for evidence that can kill your case.

Reputation and Safety

  • Seemingly harmless posts and tweets can indicate to burglars when it’s a good time to break into your house.
  • Worse, posts and tweets can indicate to pedophiles when and where to lure your child into their car.
  • Less malevolent, but potentially annoying though, are the data mining companies that piece together your tidbits to then design an ad campaign targeted towards you.
  • Are your posts replete with language? This won’t look good to a potential employer. Nor will endless posts about how fatigued you always are.
  • That image of your young child’s specially hand-crafted spanking paddle won’t go over well with the mother you were recently interviewed by for a nanny position.

I think you are starting to get it.

Obsessions

  • Facebook and Twitter can certainly amplify a pre-existing whacked sense of priorities. An example is that of obsessively checking your friend’s page to see what new thing she’s bragging about, then getting worked up with anger that you can’t match this, such as a new sports car.

Solutions

  • Set a timer out for, say, 30 minutes a day, and that’s your limit on Facebook and Twitter.
  • Avoid social media for one week to kill your hunger for obsessing over a family member’s bigger house, fancier car and more prestigious job.
  • Set your privacy settings on high.

Stop making inane posts about everything that happens to you. Nobody will go to bed in distress just because they didn’t read that you had an upset stomach after eating too much at BurgerVille.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Social Media Scams on the rise

Social media is a conduit for thieves to get personal data (they can use it, for instance, to open up a credit line in the victim’s name). Though many people are concerned their personal information will get in the wrong hands, the funny thing is that they continue posting personal information—way too personal.

14DThe FBI’s Internet Crime Complaint Center says that social media is a fertile area for criminals to scam people.

Phishing

You are lured to a phony website that masquerades as your bank or some other important account. The lure might be a warning that you’ll lose your account unless you click the link to reactivate it. Once on the site, you’re then lured into typing in your login information—that the scammer will then use to gain access to your account.

  • Never click these links!
  • Use antivirus/malware protection!

Clickjacking

You’re lured into clicking on a link. Once you do this, trouble begins, either with a download of malware or you being suckered into revealing account information—to the thief on the other end.

Recently I was perusing the FB page of a person I knew from school, and a recent post was what appeared to be a video in still format, ready to be clicked for viewing.

And what was the lure? A man’s head and torso on a road, his severed legs nearby, with the caption saying that this motorcyclist’s cam had recorded his fatal accident. This was surely a scam because the photo has been around for quite some time with only scant information. Now suddenly there’s a video of the accident? Yeah, right.

  • Don’t click on any videos purporting to show something like “Footage Shows Shark Biting Man in Half” or “Top 20 Blondes of All Time—Naked!”
  • Even the “Share” and “Like” buttons could be malicious. Skip these. These days you can’t be too careful, what with all the foaming cyber criminals out there.

Doxing

Doxing is that of leaking someone’s personal identifying data into cyberspace without their permission, potentially leading to ID theft, among other problems.

  • Think twice before you post personal details on social media. Enough seemingly trivial details could add up to something significant to a savvy fraudster.

Make sure your privacy settings are at their highest, but this is only an adjunct to being very judicious about what you post.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

Question: Should You worry about Kids on Social Media?

With all the increased news coverage of kids running off with adults they met online, and kids dying by suicide supposedly due to online bullying, many parents are wondering if their worries about their kids being online are justified.

14DWe hardly hear about how social media has benefited kids. There’s nothing inherent about electronic communications or electronic media that makes it bad for kids. There will always be bad people out there—online and offline.

An article on commonsensemedia.org lists multiple ways good things can come to kids who use social media.

  • Makes friendships stronger. The site did a study called Social Media, Social Life: How Teens View Their Digital Lives. More than half the participants said that social media has benefited their friendships. Only four percent said it hurt them. And 29 percent reported social media made them feel more extroverted, while just five percent said it made them feel more introverted.
  • Creates a sense of belonging. The article points out a study from Griffith University and the University of Queensland in Australia that concluded that teens today are less lonely than they were in past decades. The ease of being connected makes kids less isolated.
  • Online community support. Online communities exist for just about everything, so that even the most geekiest, nerdiest outcast can find a group who accepts him or her. This includes support groups for kids whose parents are divorced and kids who are cutters.
  • Expressing themselves. And this doesn’t just mean venting, but social media allows kids to put up their creative work and learn how to become more skilled.

Being helpful. Instead of thinking that social media is bad for kids, consider that kids can be good for social media. Think of how many opportunities exist for kids to do something good, to help a person out—by posting uplifting messages and artwork, to name a few ways.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

How Hackers use LinkedIn to Scam

Hackers love LinkedIn because it links them in—straight through the portal of the targeted company. Geez, how much easier could this be, what with all the publically-exposed e-mail addresses of key players (and also worker bees) in big companies that someone wants to hack.

4DAn article on blog.sungardas.com was written by a white-hatter (his job is to try to hack his clients’ systems so that they know how to make them more impenetrable to the bad guys). The author says he’d make a beeline to LinkedIn if he became a black-hatter.

In addition to all of those revealed e-mail addresses, the hacker could also learn (without hacking, of course) what a business’s e-mail structure is. He can then compile a list of employees for his social engineering attacks. (Can you just see him watering at the mouth over this—like putting a sizzling steak in front of a dog.)

A phishing campaign could trick the targets into giving up crucial information—essentially handing the company key to the hacker. The crook, however, knows better than to pull this stunt on IT employees. But fertile territory includes employees in the marketing, accounting and customer service departments.

Maybe you’ve read that every professional these days absolutely should have a LinkedIn account. You can bet that every hacker agrees!

Companies need to come up with a way to prevent hackers from sneaking into their network via that bastion of essentiality known as LinkedIn.

The penetration-tester, in his article recommends that businesses do the following:

Social engineering training. Workers must be aggressively trained in how to sniff out a phishy-smelling e-mail. No corners should be cut with this training program, which should include ongoing staged attacks.

A statement clarifying communication about security information. To help prevent employees from giving out sensitive information to the wrong people, the company must figure out how communication will be conducted, then get it down on paper. For example, “E-mails from our company will never ask you to reveal your username and password.”

Definitive reporting process for suspicious activity. Employees need to have, on paper again, specific instructions in how to report suspicious activity, such as a questionable e-mail. These instructions should be simple and to the point.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

6 Tips for Protecting Your Social Media Accounts

10 years ago, many of us were hearing about social media for the first time. Now, social media plays a giant role in our lives, allowing us to share pictures, connect with family and friends, and get updated news. Through social media, we can express ourselves to our inner circle and the world.

14DSo how devastating would it be if someone got a hold of your social media accounts?

They could really wreak some havoc, like sending dirty links to all of your followers on Twitter. Or worse, take personal information in order to steal your identity, which could take years to fix. Sadly, breaking into your social media account can be easy—just one wrong click on a phishing scam or using a weak password that is easy to guess

Luckily, there are a few things you can do to protect your social media accounts from hackers. Here are my tips:

  1. Discard unused applications. Take inventory of your social media accounts to see if there are any third-party applications that have access to your personal social data. Delete the ones you don’t use or don’t need. And make sure you are ok with what information they are accessing from your social profile/account as these can be gateways to your account for hackers.
  2. Be careful who you friend online. Only accept friend requests from people you know in real life. Often hackers will send requests so they can see the information you are sharing to help them take advantage of
  3. Sharing is not always caring. Double check your privacy settings to control who sees your posts. Also, be careful what you share online—think of what you post online as being there forever, even if you have privacy setting enabled. For example, sharing that you’re away on vacation could inform a thief that you’re not home and indicate to them it’s a good time to rob you.
  4. Use strong passwords. Using “password” as a password isn’t going to cut it. The strongest passwords are at least eight characters in length, preferably 12; contain a combination of upper and lower case letters, symbols and numbers, and are unique to each account. For more information on how to create strong passwords, go to passwordday.org. And don’t forget to join us to celebrate World Password Day on May 7th. If you have trouble remembering and keeping track of all your user names and passwords, a safe option is to use a password manager. I like, which allows you to log into sites and apps using multiple factors that are unique to you, like your face and fingerprints and the devices you own.
  5. Multi-factor authentication. Imagine a hacker has your password, username and email and even knows the answer to your secret question. He can get into your account. But if you’ve enabled multi-factor authentication, the hacker will need another factor to truly access your account. So without your phone, fingerprint, face or whatever factor you’ve set up, the game’s over for him. With True Key, you have to keep you safe online.
  6. Use security software. Of course, keep all your devices updated with comprehensive security software like McAfee LiveSafe™ service.

Don’t let hackers hack into your digital life! For other tips, check out @IntelSec_Home on Twitter or like them on Facebook!

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

The Security Costs of being too Social

One of the arguments against being very virtually social is that nobody is SO important that everyone wants to know, for instance, that this person is going to be at the local sports bar watching the Super Bowl (or almost nobody; sad to say, some celebrities have half the world following them).

14DAnother argument, however, against tweeting and posting your every move is that this tells burglars when you’ll be away from your house.

So, you’re important enough to post every detail of your life on Facebook…but NOT important enough to be the victim of crime, right?

WRONG.

Maybe you’re not so virtually chatty, but other people actually tweet and post from the sports bar to keep followers updated about their emotions regarding the big game. At the same time, these folks are letting burglars know they’re away from home and not returning too soon.

Why You Should Curb Cyber Socializing

  • It’s true: People have been burglarized because the thieves found out they were on vacation or away via their social media posts.
  • Because posting your whereabouts in social media could lead to a burglary, you’ll have to pay for the natural fallout of the crimes, such as a homeowner’s insurance deductible and a higher premium rate due to multiple claims.
  • You could even lose any claim-free discount on your policy.
  • Though carriers won’t deny coverage if your car was stolen as a result of something you tweeted, the carriers want you to know how potentially risky it is to make personal posts, such as, “Hey, the whole gang’s going to my Uncle’s lake house to watch the Super Bowl on his monster flat screen!”
  • Save the mundane updates for after the event, when you get back home: “Hey y’all, just got back from watching the game at Uncle Budd’s…I’m gonna call in sick tomorrow ‘cause I’m so upset that we lost!” Which as you can see, is just as stupid, because you’ll get fired.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Social Media Identity Theft leads to Arrest

Are you one who believes you’re too smart, too savvy, to get your identity stolen in the social media world? Nobody thinks this will happen to them, and Stephanie Francis, 24, was no exception to that way of thinking.

http://www.dreamstime.com/royalty-free-stock-image-keyboard-recycle-button-green-white-icon-image35645776A report from firstcoastnews.com that the Jacksonville, Florida woman claims her identity was stolen—on social media of all places—and that the thief used it to create a phony Facebook account. This is interesting because there’s probably a ton of Facebook accounts under the name of “Stephanie Francis.” But there’s more to a fake Facebook account than using a name that a lot of other users have.

Francis says she’s being charged with a crime and wants to know how she can protect herself. As just mentioned, there’s more to this than just a duplicate of a common name. Francis explains in the article, “Someone created a Facebook with my name and picture on it and has been stalking my ex-boyfriend.”

This is just too easy to do: Find an online picture of the person, for instance, who bullied you in high school (it could be from an article announcing their promotion at a company, who knows?), then sign up on Facebook using that person’s name and photo for the profile page. How easy is that? And if you do anything illegal like stalk the bully’s ex-wife, the authorities will blame the bully! Social media is a magnet for cybercrime.

Francis has been charged with cyber stalking. She’s contacted Facebook and law enforcement, and the case has now gone to court. How did the imposter learn of her ex-boyfriend? Is this detail of Francis’s life in her social media posts? Maybe the imposter is a coworker and overheard her tell someone about the ex-boyfriend.

This case not only teaches the lesson of be careful what you post online, but also whom you share in person the details of your life—how loudly you talk, and who might be nearby to overhear.

Francis has created a Facebook account under a different name and faces another trip to court to try to resolve the situation.

Perhaps this mess could have been prevented:

  • Create a super strong password that would take a hacker’s machine two million years to crack.
  • Think! Think! Think before you post on social media!
  • Make your FB account as private as possible.
  • Seel out your likeness on social and the moment you discover an imposter, report it.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

7 Small Business Social Media Risks

Many executives are concerned about social media related risks (e.g., data security and ID theft), but far fewer actually have any social media training.

4DA recent survey of executives puts the concerns into four categories: disclosure of confidential information; damaged brand reputation; ID theft; and legal and compliance violations.

Another feature that the survey unveiled was that 71 percent of the participants believed that their company was worried about potential risks, but they also thought these risks could be avoided or resolved.

Over half the respondents said that their company lacked any social media risk assessment strategy.

Here’s another striking finding: 33 percent of businesses had a social media policy; 27 percent of participants reported no such policy; and the remaining 40 percent consisted of an even split: those who said their company was planning on creating such a policy, and those who said their organization had some other related policy.

Solutions

While social media can bring benefits to businesses, namely in the realm of marketing exposure, they can also bring in lots of trouble as far as security issues.

How can companies find the right balance in between the two extremes of either banning social media altogether and allowing free reign of social media? Below are some solutions.

#1. Ban the ban. First of all, don’t outright ban access to social media. Otherwise, this can lead to other security issues. Furthermore, an employee who really wants to gain access to social media will dodge security, making the organization more susceptible.

#2. Execute policies. Do implement some kind of structure that regulates employee activity regarding social media. Employees need guidelines for proper use, which would also include what not to do.

#3. Social networks should be limited. There are hundreds of social networks—many uses are served, ranging from movies to music. But there are other uses that are not so innocent and less secure. Learn about these and make sure employees know not to go near them.

#4. No default settings. Default settings typically leave networks very vulnerable to attack. Settings should be locked down; most social networks do provide privacy settings and these must be managed at the highest level.

#5. URL lengthening service. Employees should never click on a shortened URL without first decoding it to see where it leads to. Shortened URLs can be pasted into an URL lengthening service.

#6. Train IT personnel. Don’t effectuate policies from the bottom up, but rather, from the top on down. Those in charge of managing technology need to be fully geared up with the risks of social media.

#7. Keep security updated. A business network always needs to be up to date with its security.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

IT Guys get duped Pretty Girl on Social Media

Defenses of a U.S. government agency were duped by an experimental scam created by security experts.

9DThe “scam” involved Emily Williams, a fictitious attractive woman with a credible online identity (including a real photo that was allowed by a real woman), posing as a new hire at the targeted agency.

Within 15 hours, the fake Emily had 55 LinkedIn connections and 60 for Facebook, with the targeted agency’s employees and contractors. Job offers came, along with offers from men at the agency to assist her with her new job.

Around Christmastime the security experts placed a link on Emily’s social media profiles linking to a Christmas card site they created.

Visitations to this site led to a chain of events culminating in the security team stealing highly sensitive information from the agency. Partner companies with the agency were also compromised.

The experimenters got what they sought within one week. The penetration scam was then done on credit card companies, banks and healthcare organizations with very similar results.

An authentic attacker could have easily compromised any of the partner companies, then attacked the agency through them, making the assault more difficult to detect.

Recap: The scam began from the ground up, inflating Emily’s social network till it enabled the attack team to suck in security personnel and executives. Most of the people who assisted Emily were men. A similar experiment using a fake male profile had no success.

Preventing getting suckered into Social Media Scams

  • For agencies and other organizations, social engineering awareness training is crucial, and must be done constantly, not the typical annually.
  • Suspicious behavior should always be questioned.
  • Suspicious behavior should be reported to the human relations department instead of shared on social networks.
  • Work devices should not be used for personal activities.
  • Access to various types of data should be protected with separate and strong passwords.
  • The network should be segmented to guard against scammers infiltrating a network segment simply because an employee with access to another segment was compromised.
  • Learn from this. Reverse engineer this same scenario in your own life or organization to see how this might happen to you.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.