Posts

Case allows Employees to run amok on Social Media

Lesson learned: If you run a fast-food restaurant or any company for that matter, you’d better treat your employees right. After all, they have a legal right to tweet all they want about you.

14DA Chipotle Mexican Grill in Havertown, PA, had a ban in place: Employees are prohibited from using social media to spread “inaccurate information” or “disparaging, false or misleading statements.”

But the National Labor Relations Board recently deemed that this rule violates federal labor law, even though an employee, James Kennedy, had tweeted less-than-favorable information about working conditions and had also circulated a petition (that the franchise tried to ban).

Chipotle violated the NRLA, according to the administrative law judge, when it demanded that Kennedy cease tweeting and delete the other tweets.

Another violation on Chipotle’s part was the firing of Kennedy, who had refused to stop circulating a petition among coworkers after a manager ordered him to do so. Kennedy’s use of social media was a protected activity under the law, and so was his circulation of the petition. The establishment was ordered to reinstate Kennedy and pay him lost wages.

Just what exactly was Chipotle’s rule about circulating a petition? It barred employees from doing this even during non-working hours and within visual or hearing range of patrons.

Chipotle was ordered by the NLRB to reverse its rules pertaining to social media and solicitation of petitions. And believe it or not, Chipotle even had a policy in place that banned discussing politics on the job. This ban, too, was lifted, courtesy of NRLB’s order.

Chipotle corporate was also required to make sure that all of its employees in the U.S. would be made aware of these policy reversals.

As of August 19, neither Chipotle nor its legal team have responded to any requests to comment.

Frankly, as an employer, this ruling is scary. And knowing employees often blather on about anything and everything, this ruling may open a can of worms that can’t be put back in.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Set Privacy on these Social Media Apps

Just like older generations never thought that the dial phone in the kitchen could be dangerous (think phone scams), today’s kids don’t have a clue how hazardous smartphone apps can really be. They are a godsend to pedophiles, scammers and hackers. And let’s not forget other kids who just want to be cruel bullies.

14DParents should have informative discussions with their kids about the various apps out there. And it’s okay to forbid particular apps you aren’t comfortable with. Like Musicly, search “Musicly safe for kids” and see why. Apps aren’t as innocent as you think. They are potential gateways to some real creepsters out there—and that’s putting it mildly.

Applications have safety settings. Do you know what they are? How they work?

Instagram

  • A person with or without an Instagram account can view your images unless you have the security setting on for “Private Account” under “Options.”

Snapchat

  • Enable the self-destruct feature to destroy communications quickly after they are sent.
  • But don’t rely on this entirely, because it takes only seconds for the recipient to screenshot the text or sext into cyberspace.
  • Set the “Who Can Contact Me” setting to “My Friends” so that strangers posing as 13-year-olds don’t get through to your child.

Whisper

  • Don’t let the name fool you; Whisper is not anonymous, thanks to geotagging.
  • Go to your iPhone’s settings and change the location access to “Never.”

Kik

  • Kik is not anonymous, contrary to popular belief, because anyone can get ahold of a youth’s username on other social media, making it possible to then contact that person on Kik.
  • Under “Notifications” disable “Notify for New People.” This will put strangers’ messages in a separate list.
  • Don’t share usernames.

Askfm

  • This question-and-answer service attracts cyberbullies.
  • In the privacy settings, uncheck “Allow Anonymous Questions.”
  • The user should remain anonymous.

Omegle

  • This video-chatting service is a draw for pedophiles.
  • It should never be linked to a Facebook account.

Your worries are fully justified. Words, images, and video, are very powerful. Though the age of e-communications is here to stay, so are psychos. It’s their world too. Your kids, unfortunately, must share it with them, but that doesn’t mean they have to receive communications from them or be “friends” with them.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

32 Million Twitter Pass for sale Add two-factor NOW

The Dark Web, according to LeakedSource, got ahold of 33 million Twitter account details and put them up for sale. Twitter thus locked the accounts for millions of users.

5DTwitter, however, doesn’t believe its servers were directly attacked. So what happened? The bad guys may have created a composite of data from other breached sources. Or, they could have used malware to steal passwords off of devices.

Nevertheless, the end result meant that for many Twitter accounts, there was password exposure—leading to the lockdown of these accounts. The owners of these accounts had to reset their password after being notified of this by e-mail.

Some users who did not receive this e-mail notification will find that their accounts are locked.

An Ounce of Prevention

  • Go through the passwords of all of your vital accounts, and see which ones are unique, long and strong. You’ll likely need to change many passwords, as most people use simple to remember passwords that often contain keyboard sequences and/or words/names that can be found in a dictionary, such as 890Paul. These are easily cracked with a hacker’s software.
  • Who’d ever think that Facebook’s chief executive Mark Zuckerberg’s Twitter account could be hacked? It was, indeed, and it’s believed this was possible due to him reusing the username of his LinkedIn account several years ago.
  • So it’s not just passwords that are the problem; it’s usernames. Not only should these be unique, but every single account should have a different username and password. However if a username is an email address, you can’t do much here.
  • Passwords and usernames should be at least eight characters long.
  • Use more than just letters and numbers-use characters if accepted (e.g., #, $, &).
  • So Paul’s new and better password might be: Luap1988($#.
  • Sign up with the account’s two-factor authentication. Not all accounts have this, but Twitter sure does. It makes it impossible for a crook to sign into your account unless he has your cell phone to receive the unique verification code that’s triggered with every login attempt.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Parents: do You know your Teen’s Social Media Platforms?

With all the apps out there that individualize communication preferences among teens, such as limiting “sharing,” parents should still hold their breath. Face it, parents: times have changed. It’s your duty to discuss these applications with your kids. And parents should also familiarize themselves with the so-called temporary apps.14D

  • Temporary messages do not vanish forever.
  • Are anonymous applications really anonymous?
  • How temporary is “temporary”?

Kik Messenger

  • Users can stay anonymous and conduct all sorts of communication.
  • Has perks, like seeing if someone read your message.
  • Has drawbacks, such as accidentally sending content to more people than the user intended.
  • Easy to end up communicating with anonymous strangers.
  • Involves ads disguised as communication.

Ask.fm

  • Kids anonymously ask questions, e.g., “How do I conceal my eating disorder from my parents?” This question is benign compared to others on the site, though many users are innocent teens just hanging out.
  • This kind of site, though, promotes cyberbullying.

Whisper

  • Intended for adults, this app is where you post what’s eating you.
  • Some posts are uplifting and inspirational, while others are examples of human depravity.
  • Replete with references to drugs, liquor and lewd behavior—mixed in with the innocent, often humorous content.

Yik Yak

  • For users wanting to exchange texts and images to nearby users—hence having a unique appeal to teens.
  • And it’s anonymous. Users have made anonymous threats of violence via Yik Yak.
  • Due to the bond of communicating with local users and the anonymity, this medium is steeped in nasty communication.
  • Threats of violence will grab the attention of law enforcement who can turn “anonymous” into “identified.”

Omegle

  • This anonymous chat forum is full of really bad language, sexual content, violence, etc.
  • The app’s objective is to pair teens up with strangers (creepy!).
  • Yes, assume that many users are adult men—and you know why.
  • Primarily for sexual chat and not for teens, but teens use it.

Line

  • Texting, sending videos, games, group chats and lots of other teeny features like thousands of emoticons.
  • The Hidden Chat feature allows users to set a self-destruct time of two seconds to a week for their messages.
  • For the most part it’s an innocent teen hub, but can snare teens into paying for some of the features.

Burn Note

  • Text messages are deleted after a set time period.
  • Texts appear one word at a time.
  • Burn Note can promote cyberbullying—for obvious reasons.

Snapchat

  • Users put a time limit on imagery content before it’s erased. So you can imagine what some of the imagery might be.
  • And images aren’t truly deleted, e.g., Snapsaved (unrelated to Snapchat) can dig up any Snapchatted image, or, the recipient can screenshot that nude image of your teen daughter—immortalizing it.

REPEAT: Face it, parents: times have changed. It’s your duty to discuss these applications with your kids. And parents should also familiarize themselves with the so-called temporary apps.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

LinkedIn targeted by Scammers

LinkedIn is a free service that allows professional people to network with each other. Often, a LinkedIn member will receive an e-mail from another LinkedIn member “inviting” them to join their network. Sometimes, the inviter is someone the recipient doesn’t know, but the recipient will link up anyways. And that’s the problem.

14DA report at www.secureworks.com says that Dell SecureWorks Counter Threat Unit™ (CTU) researchers discovered 25 phony LinkedIn profiles.

With this particular phony network (called TG-2889), most of the intended victims live in the Middle East. The profiles are convincing, including some having over 500 connections.

Signs of Fraudulence

  • Profile photos appear on other, unrelated sites.
  • Duplicate summary profiles, some duplicated from other sites.
  • “Supporter persona” profiles use same basic template and have other similarities.

Using phony profiles, the scammers aim to lure legitimate LinkedIn users into giving up personal information that the “threat actors” can then use either against them (like getting into their bank account) or scamming their associated company out of money.

Or, as evidenced by that one-fourth of the targets work in telecommunications, the scammers may be planning on stealing data from telecommunications companies.

TG-2889 is doing a pretty good job of maintaining the fake profiles, as they regularly make revisions, continues the secureworks.com report. This suggests that a new campaign is planned, perhaps one targeting the aerospace industry, since at least one fake profile mentions Northrup Grumman.

It’s also likely that some TG-2889 profiles have not been identified, and let’s also assume that LinkedIn is tainted with even more bogus profiles from other threat actors.

For Legitimate LinkedIn Users

  • If you suspect a profile is fake, cyber-run for the hills.
  • Link up with profiles of only people you know.
  • Be leery of interacting with members you don’t know even if they appear to be part of the network of someone you do know.
  • If you get a job offer through LinkedIn, don’t respond via that conduit. Instead contact directly the employer for verification.
  • For employers: Have you instructed your employees in proper use of the LinkedIn system? Are you sure they are not abusing it (either intentionally or non-intentionally), which could put your company at risk?

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Catphishing is a Heartless Scam

When someone online presents as a different person than their true self, this is called catphishing, and it occurs on online dating sites.
heartbleed

  • Google the name of the object of your interest. Obviously, “Kelly Smith” and “John Miller” won’t get you far, but “Jaycina McArthur” just might. What comes up?
  • See if they have social media accounts, as these suggest they’re a real person. But the absence doesn’t prove they’re a phony, either. Not every legitimate person is into the social media thing.

Here are warning signs:

  • More than one profile on a social media site.
  • Few friends or followers on social media (but then again…this doesn’t prove they’re a catphisher. Remember, Hitler had a million followers, and Christ had only 12!).
  • Photos don’t include other people.
  • Photos are headshots rather than of activities.
  • They find a way to contact you other than through the matchmaking service.
  • They quickly show neediness and request money.
  • They quickly proclaim “you’re the one” despite never having met you in person.

Additional Steps

  • Right click their photos to see where else they are online. Is it them on other sites or some model’s or real estate agent’s picture?
  • Copy and paste excerpts from their profiles and see if they show up elsewhere.
  • It may seem counterintuitive, but if you’re interested, ask for a face-to-face correspondence early on in the relationship (like a week or so into it) so that you don’t waste time getting dragged down by what ultimately turns out to be a catphisher.
  • If the person doesn’t use Skype, ask for a local meeting in a crowded public spot (assuming it’s a local person).
  • If they back down from a face-to-face meeting, be suspicious. They’re not necessarily after your money, but that 6-2, 180pound stud might actually be a 5-7, 240 pound guy who’s 10 years older than what his profile says.
  • Don’t reveal private information like where you work. Make sure there’s nothing revealing about your location on your social media profiles. A catphisher will want this information.
  • Be highly suspicious of someone who wants to know a heck of a lot about you—like if your parents live in town, what kind of home you live in, how much you earn, etc.

Trust your gut. If he or she sounds too perfect, they’re probably fakes.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Question: Should You worry about Kids on Social Media?

With all the increased news coverage of kids running off with adults they met online, and kids dying by suicide supposedly due to online bullying, many parents are wondering if their worries about their kids being online are justified.

14DWe hardly hear about how social media has benefited kids. There’s nothing inherent about electronic communications or electronic media that makes it bad for kids. There will always be bad people out there—online and offline.

An article on commonsensemedia.org lists multiple ways good things can come to kids who use social media.

  • Makes friendships stronger. The site did a study called Social Media, Social Life: How Teens View Their Digital Lives. More than half the participants said that social media has benefited their friendships. Only four percent said it hurt them. And 29 percent reported social media made them feel more extroverted, while just five percent said it made them feel more introverted.
  • Creates a sense of belonging. The article points out a study from Griffith University and the University of Queensland in Australia that concluded that teens today are less lonely than they were in past decades. The ease of being connected makes kids less isolated.
  • Online community support. Online communities exist for just about everything, so that even the most geekiest, nerdiest outcast can find a group who accepts him or her. This includes support groups for kids whose parents are divorced and kids who are cutters.
  • Expressing themselves. And this doesn’t just mean venting, but social media allows kids to put up their creative work and learn how to become more skilled.

Being helpful. Instead of thinking that social media is bad for kids, consider that kids can be good for social media. Think of how many opportunities exist for kids to do something good, to help a person out—by posting uplifting messages and artwork, to name a few ways.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

6 Tips for Protecting Your Social Media Accounts

10 years ago, many of us were hearing about social media for the first time. Now, social media plays a giant role in our lives, allowing us to share pictures, connect with family and friends, and get updated news. Through social media, we can express ourselves to our inner circle and the world.

14DSo how devastating would it be if someone got a hold of your social media accounts?

They could really wreak some havoc, like sending dirty links to all of your followers on Twitter. Or worse, take personal information in order to steal your identity, which could take years to fix. Sadly, breaking into your social media account can be easy—just one wrong click on a phishing scam or using a weak password that is easy to guess

Luckily, there are a few things you can do to protect your social media accounts from hackers. Here are my tips:

  1. Discard unused applications. Take inventory of your social media accounts to see if there are any third-party applications that have access to your personal social data. Delete the ones you don’t use or don’t need. And make sure you are ok with what information they are accessing from your social profile/account as these can be gateways to your account for hackers.
  2. Be careful who you friend online. Only accept friend requests from people you know in real life. Often hackers will send requests so they can see the information you are sharing to help them take advantage of
  3. Sharing is not always caring. Double check your privacy settings to control who sees your posts. Also, be careful what you share online—think of what you post online as being there forever, even if you have privacy setting enabled. For example, sharing that you’re away on vacation could inform a thief that you’re not home and indicate to them it’s a good time to rob you.
  4. Use strong passwords. Using “password” as a password isn’t going to cut it. The strongest passwords are at least eight characters in length, preferably 12; contain a combination of upper and lower case letters, symbols and numbers, and are unique to each account. For more information on how to create strong passwords, go to passwordday.org. And don’t forget to join us to celebrate World Password Day on May 7th. If you have trouble remembering and keeping track of all your user names and passwords, a safe option is to use a password manager. I like, which allows you to log into sites and apps using multiple factors that are unique to you, like your face and fingerprints and the devices you own.
  5. Multi-factor authentication. Imagine a hacker has your password, username and email and even knows the answer to your secret question. He can get into your account. But if you’ve enabled multi-factor authentication, the hacker will need another factor to truly access your account. So without your phone, fingerprint, face or whatever factor you’ve set up, the game’s over for him. With True Key, you have to keep you safe online.
  6. Use security software. Of course, keep all your devices updated with comprehensive security software like McAfee LiveSafe™ service.

Don’t let hackers hack into your digital life! For other tips, check out @IntelSec_Home on Twitter or like them on Facebook!

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Social Media Identity Theft leads to Arrest

Are you one who believes you’re too smart, too savvy, to get your identity stolen in the social media world? Nobody thinks this will happen to them, and Stephanie Francis, 24, was no exception to that way of thinking.

http://www.dreamstime.com/royalty-free-stock-image-keyboard-recycle-button-green-white-icon-image35645776A report from firstcoastnews.com that the Jacksonville, Florida woman claims her identity was stolen—on social media of all places—and that the thief used it to create a phony Facebook account. This is interesting because there’s probably a ton of Facebook accounts under the name of “Stephanie Francis.” But there’s more to a fake Facebook account than using a name that a lot of other users have.

Francis says she’s being charged with a crime and wants to know how she can protect herself. As just mentioned, there’s more to this than just a duplicate of a common name. Francis explains in the article, “Someone created a Facebook with my name and picture on it and has been stalking my ex-boyfriend.”

This is just too easy to do: Find an online picture of the person, for instance, who bullied you in high school (it could be from an article announcing their promotion at a company, who knows?), then sign up on Facebook using that person’s name and photo for the profile page. How easy is that? And if you do anything illegal like stalk the bully’s ex-wife, the authorities will blame the bully! Social media is a magnet for cybercrime.

Francis has been charged with cyber stalking. She’s contacted Facebook and law enforcement, and the case has now gone to court. How did the imposter learn of her ex-boyfriend? Is this detail of Francis’s life in her social media posts? Maybe the imposter is a coworker and overheard her tell someone about the ex-boyfriend.

This case not only teaches the lesson of be careful what you post online, but also whom you share in person the details of your life—how loudly you talk, and who might be nearby to overhear.

Francis has created a Facebook account under a different name and faces another trip to court to try to resolve the situation.

Perhaps this mess could have been prevented:

  • Create a super strong password that would take a hacker’s machine two million years to crack.
  • Think! Think! Think before you post on social media!
  • Make your FB account as private as possible.
  • Seel out your likeness on social and the moment you discover an imposter, report it.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

8 Ways to bullet proof your Social Accounts

There are ways to keep the hackers at bay—for the most part, anyways, since no protection is 100 percent efficient.

14D#1 Password protect.

A device lost or stolen puts all your accounts at risk. Even simply placing your devices on your desk, they can be accessed by a nosy spouse, contractor or baby sitter, putting your accounts at risk. All of your devices should be protected by a password or some kind of passcode, and set to lock up or hibernate after a certain period of inactivity. The lock can be a fingerprint or even a picture password.

Even if you’re the only person who uses your device, having a password is very important because you never know when someone may be able to abscond with your device, then pose as you in your Facebook account.

#2 Log out.

Setting your device to automatically get you onto a social media site eliminates the hassle of having to enter your username and password every time you want to visit the site. However, if the wrong person gets ahold of your computer, mobile or tablet, that person can easily get into your social media accounts. Log out.

#3 Remove apps you don’t use.

If your accounts like Facebook and Twitter are linked to a bunch of third-party apps and services that have accumulated over time, sift through these and knock out the ones you don’t use.

Each third-party app has the potential to act as a portal to hackers. In fact, every so often, go through these to weed out ones you don’t need anymore. Even legitimate applications can open doors of opportunity to hackers because their databases can become infiltrated.

#4 Two-step Verification.

With this, the login process has an extra step if you sign in on a different device. This means that crooks can’t get on with only your password and username. They need the extra code of two-step.

For instructions on how to set this up for social media, here are some common sites that provide them: Facebook, Twitter, Google, Gmail, Tumblr, Dropbox

#5 Don’t get reeled in.

Don’t blindly click on links in e-mails or instant messenger programs! Even if the link comes from a sender you know, that “sender” could actually be a fake sender line generated by a hacker.

Contact the person separately in a new e-mail and ask if they sent you a link. If the link is from a business, go to the business’s site rather than clicking its alleged link in your e-mail.

Though Web browsers and e-mail programs can spot these “phishing” attacks, they miss some; just don’t click on links inside an e-mail.

#6 Encrypt internet connections.

Whenever connecting to any critical account make sure the page you are connecting to is HTTPS, which the “S” makes it a “secure” page. Otherwise on open unsecured, unencrypted wireless, connect only using security software such as Hotspot Shield which encrypts all your wired and wireless communications.

#7 Easy Passwords.

The easier a password is for you to handle and remember, the easier it is for a hacker to crack. Stop using “princess” and 123456 as your passwords. Use a gibberish of characters that have no pattern and do not use words that can be found in a dictionary.

A password manager can help you manage a ton of passwords. Use different passwords for all of your accounts and include upper and lower case letters.

#8 Beef up password resets.

Review the social network’s password reset procedure. See if there are other measures they offer for restoring a hacked account, and get those activated. An example would be Facebook’s Trusted Contacts feature.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.