Posts

32 Million Twitter Pass for sale Add two-factor NOW

The Dark Web, according to LeakedSource, got ahold of 33 million Twitter account details and put them up for sale. Twitter thus locked the accounts for millions of users.

5DTwitter, however, doesn’t believe its servers were directly attacked. So what happened? The bad guys may have created a composite of data from other breached sources. Or, they could have used malware to steal passwords off of devices.

Nevertheless, the end result meant that for many Twitter accounts, there was password exposure—leading to the lockdown of these accounts. The owners of these accounts had to reset their password after being notified of this by e-mail.

Some users who did not receive this e-mail notification will find that their accounts are locked.

An Ounce of Prevention

  • Go through the passwords of all of your vital accounts, and see which ones are unique, long and strong. You’ll likely need to change many passwords, as most people use simple to remember passwords that often contain keyboard sequences and/or words/names that can be found in a dictionary, such as 890Paul. These are easily cracked with a hacker’s software.
  • Who’d ever think that Facebook’s chief executive Mark Zuckerberg’s Twitter account could be hacked? It was, indeed, and it’s believed this was possible due to him reusing the username of his LinkedIn account several years ago.
  • So it’s not just passwords that are the problem; it’s usernames. Not only should these be unique, but every single account should have a different username and password. However if a username is an email address, you can’t do much here.
  • Passwords and usernames should be at least eight characters long.
  • Use more than just letters and numbers-use characters if accepted (e.g., #, $, &).
  • So Paul’s new and better password might be: Luap1988($#.
  • Sign up with the account’s two-factor authentication. Not all accounts have this, but Twitter sure does. It makes it impossible for a crook to sign into your account unless he has your cell phone to receive the unique verification code that’s triggered with every login attempt.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Parents: do You know your Teen’s Social Media Platforms?

With all the apps out there that individualize communication preferences among teens, such as limiting “sharing,” parents should still hold their breath. Face it, parents: times have changed. It’s your duty to discuss these applications with your kids. And parents should also familiarize themselves with the so-called temporary apps.14D

  • Temporary messages do not vanish forever.
  • Are anonymous applications really anonymous?
  • How temporary is “temporary”?

Kik Messenger

  • Users can stay anonymous and conduct all sorts of communication.
  • Has perks, like seeing if someone read your message.
  • Has drawbacks, such as accidentally sending content to more people than the user intended.
  • Easy to end up communicating with anonymous strangers.
  • Involves ads disguised as communication.

Ask.fm

  • Kids anonymously ask questions, e.g., “How do I conceal my eating disorder from my parents?” This question is benign compared to others on the site, though many users are innocent teens just hanging out.
  • This kind of site, though, promotes cyberbullying.

Whisper

  • Intended for adults, this app is where you post what’s eating you.
  • Some posts are uplifting and inspirational, while others are examples of human depravity.
  • Replete with references to drugs, liquor and lewd behavior—mixed in with the innocent, often humorous content.

Yik Yak

  • For users wanting to exchange texts and images to nearby users—hence having a unique appeal to teens.
  • And it’s anonymous. Users have made anonymous threats of violence via Yik Yak.
  • Due to the bond of communicating with local users and the anonymity, this medium is steeped in nasty communication.
  • Threats of violence will grab the attention of law enforcement who can turn “anonymous” into “identified.”

Omegle

  • This anonymous chat forum is full of really bad language, sexual content, violence, etc.
  • The app’s objective is to pair teens up with strangers (creepy!).
  • Yes, assume that many users are adult men—and you know why.
  • Primarily for sexual chat and not for teens, but teens use it.

Line

  • Texting, sending videos, games, group chats and lots of other teeny features like thousands of emoticons.
  • The Hidden Chat feature allows users to set a self-destruct time of two seconds to a week for their messages.
  • For the most part it’s an innocent teen hub, but can snare teens into paying for some of the features.

Burn Note

  • Text messages are deleted after a set time period.
  • Texts appear one word at a time.
  • Burn Note can promote cyberbullying—for obvious reasons.

Snapchat

  • Users put a time limit on imagery content before it’s erased. So you can imagine what some of the imagery might be.
  • And images aren’t truly deleted, e.g., Snapsaved (unrelated to Snapchat) can dig up any Snapchatted image, or, the recipient can screenshot that nude image of your teen daughter—immortalizing it.

REPEAT: Face it, parents: times have changed. It’s your duty to discuss these applications with your kids. And parents should also familiarize themselves with the so-called temporary apps.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

LinkedIn targeted by Scammers

LinkedIn is a free service that allows professional people to network with each other. Often, a LinkedIn member will receive an e-mail from another LinkedIn member “inviting” them to join their network. Sometimes, the inviter is someone the recipient doesn’t know, but the recipient will link up anyways. And that’s the problem.

14DA report at www.secureworks.com says that Dell SecureWorks Counter Threat Unit™ (CTU) researchers discovered 25 phony LinkedIn profiles.

With this particular phony network (called TG-2889), most of the intended victims live in the Middle East. The profiles are convincing, including some having over 500 connections.

Signs of Fraudulence

  • Profile photos appear on other, unrelated sites.
  • Duplicate summary profiles, some duplicated from other sites.
  • “Supporter persona” profiles use same basic template and have other similarities.

Using phony profiles, the scammers aim to lure legitimate LinkedIn users into giving up personal information that the “threat actors” can then use either against them (like getting into their bank account) or scamming their associated company out of money.

Or, as evidenced by that one-fourth of the targets work in telecommunications, the scammers may be planning on stealing data from telecommunications companies.

TG-2889 is doing a pretty good job of maintaining the fake profiles, as they regularly make revisions, continues the secureworks.com report. This suggests that a new campaign is planned, perhaps one targeting the aerospace industry, since at least one fake profile mentions Northrup Grumman.

It’s also likely that some TG-2889 profiles have not been identified, and let’s also assume that LinkedIn is tainted with even more bogus profiles from other threat actors.

For Legitimate LinkedIn Users

  • If you suspect a profile is fake, cyber-run for the hills.
  • Link up with profiles of only people you know.
  • Be leery of interacting with members you don’t know even if they appear to be part of the network of someone you do know.
  • If you get a job offer through LinkedIn, don’t respond via that conduit. Instead contact directly the employer for verification.
  • For employers: Have you instructed your employees in proper use of the LinkedIn system? Are you sure they are not abusing it (either intentionally or non-intentionally), which could put your company at risk?

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Catphishing is a Heartless Scam

When someone online presents as a different person than their true self, this is called catphishing, and it occurs on online dating sites.
heartbleed

  • Google the name of the object of your interest. Obviously, “Kelly Smith” and “John Miller” won’t get you far, but “Jaycina McArthur” just might. What comes up?
  • See if they have social media accounts, as these suggest they’re a real person. But the absence doesn’t prove they’re a phony, either. Not every legitimate person is into the social media thing.

Here are warning signs:

  • More than one profile on a social media site.
  • Few friends or followers on social media (but then again…this doesn’t prove they’re a catphisher. Remember, Hitler had a million followers, and Christ had only 12!).
  • Photos don’t include other people.
  • Photos are headshots rather than of activities.
  • They find a way to contact you other than through the matchmaking service.
  • They quickly show neediness and request money.
  • They quickly proclaim “you’re the one” despite never having met you in person.

Additional Steps

  • Right click their photos to see where else they are online. Is it them on other sites or some model’s or real estate agent’s picture?
  • Copy and paste excerpts from their profiles and see if they show up elsewhere.
  • It may seem counterintuitive, but if you’re interested, ask for a face-to-face correspondence early on in the relationship (like a week or so into it) so that you don’t waste time getting dragged down by what ultimately turns out to be a catphisher.
  • If the person doesn’t use Skype, ask for a local meeting in a crowded public spot (assuming it’s a local person).
  • If they back down from a face-to-face meeting, be suspicious. They’re not necessarily after your money, but that 6-2, 180pound stud might actually be a 5-7, 240 pound guy who’s 10 years older than what his profile says.
  • Don’t reveal private information like where you work. Make sure there’s nothing revealing about your location on your social media profiles. A catphisher will want this information.
  • Be highly suspicious of someone who wants to know a heck of a lot about you—like if your parents live in town, what kind of home you live in, how much you earn, etc.

Trust your gut. If he or she sounds too perfect, they’re probably fakes.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Question: Should You worry about Kids on Social Media?

With all the increased news coverage of kids running off with adults they met online, and kids dying by suicide supposedly due to online bullying, many parents are wondering if their worries about their kids being online are justified.

14DWe hardly hear about how social media has benefited kids. There’s nothing inherent about electronic communications or electronic media that makes it bad for kids. There will always be bad people out there—online and offline.

An article on commonsensemedia.org lists multiple ways good things can come to kids who use social media.

  • Makes friendships stronger. The site did a study called Social Media, Social Life: How Teens View Their Digital Lives. More than half the participants said that social media has benefited their friendships. Only four percent said it hurt them. And 29 percent reported social media made them feel more extroverted, while just five percent said it made them feel more introverted.
  • Creates a sense of belonging. The article points out a study from Griffith University and the University of Queensland in Australia that concluded that teens today are less lonely than they were in past decades. The ease of being connected makes kids less isolated.
  • Online community support. Online communities exist for just about everything, so that even the most geekiest, nerdiest outcast can find a group who accepts him or her. This includes support groups for kids whose parents are divorced and kids who are cutters.
  • Expressing themselves. And this doesn’t just mean venting, but social media allows kids to put up their creative work and learn how to become more skilled.

Being helpful. Instead of thinking that social media is bad for kids, consider that kids can be good for social media. Think of how many opportunities exist for kids to do something good, to help a person out—by posting uplifting messages and artwork, to name a few ways.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

6 Tips for Protecting Your Social Media Accounts

10 years ago, many of us were hearing about social media for the first time. Now, social media plays a giant role in our lives, allowing us to share pictures, connect with family and friends, and get updated news. Through social media, we can express ourselves to our inner circle and the world.

14DSo how devastating would it be if someone got a hold of your social media accounts?

They could really wreak some havoc, like sending dirty links to all of your followers on Twitter. Or worse, take personal information in order to steal your identity, which could take years to fix. Sadly, breaking into your social media account can be easy—just one wrong click on a phishing scam or using a weak password that is easy to guess

Luckily, there are a few things you can do to protect your social media accounts from hackers. Here are my tips:

  1. Discard unused applications. Take inventory of your social media accounts to see if there are any third-party applications that have access to your personal social data. Delete the ones you don’t use or don’t need. And make sure you are ok with what information they are accessing from your social profile/account as these can be gateways to your account for hackers.
  2. Be careful who you friend online. Only accept friend requests from people you know in real life. Often hackers will send requests so they can see the information you are sharing to help them take advantage of
  3. Sharing is not always caring. Double check your privacy settings to control who sees your posts. Also, be careful what you share online—think of what you post online as being there forever, even if you have privacy setting enabled. For example, sharing that you’re away on vacation could inform a thief that you’re not home and indicate to them it’s a good time to rob you.
  4. Use strong passwords. Using “password” as a password isn’t going to cut it. The strongest passwords are at least eight characters in length, preferably 12; contain a combination of upper and lower case letters, symbols and numbers, and are unique to each account. For more information on how to create strong passwords, go to passwordday.org. And don’t forget to join us to celebrate World Password Day on May 7th. If you have trouble remembering and keeping track of all your user names and passwords, a safe option is to use a password manager. I like, which allows you to log into sites and apps using multiple factors that are unique to you, like your face and fingerprints and the devices you own.
  5. Multi-factor authentication. Imagine a hacker has your password, username and email and even knows the answer to your secret question. He can get into your account. But if you’ve enabled multi-factor authentication, the hacker will need another factor to truly access your account. So without your phone, fingerprint, face or whatever factor you’ve set up, the game’s over for him. With True Key, you have to keep you safe online.
  6. Use security software. Of course, keep all your devices updated with comprehensive security software like McAfee LiveSafe™ service.

Don’t let hackers hack into your digital life! For other tips, check out @IntelSec_Home on Twitter or like them on Facebook!

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Social Media Identity Theft leads to Arrest

Are you one who believes you’re too smart, too savvy, to get your identity stolen in the social media world? Nobody thinks this will happen to them, and Stephanie Francis, 24, was no exception to that way of thinking.

http://www.dreamstime.com/royalty-free-stock-image-keyboard-recycle-button-green-white-icon-image35645776A report from firstcoastnews.com that the Jacksonville, Florida woman claims her identity was stolen—on social media of all places—and that the thief used it to create a phony Facebook account. This is interesting because there’s probably a ton of Facebook accounts under the name of “Stephanie Francis.” But there’s more to a fake Facebook account than using a name that a lot of other users have.

Francis says she’s being charged with a crime and wants to know how she can protect herself. As just mentioned, there’s more to this than just a duplicate of a common name. Francis explains in the article, “Someone created a Facebook with my name and picture on it and has been stalking my ex-boyfriend.”

This is just too easy to do: Find an online picture of the person, for instance, who bullied you in high school (it could be from an article announcing their promotion at a company, who knows?), then sign up on Facebook using that person’s name and photo for the profile page. How easy is that? And if you do anything illegal like stalk the bully’s ex-wife, the authorities will blame the bully! Social media is a magnet for cybercrime.

Francis has been charged with cyber stalking. She’s contacted Facebook and law enforcement, and the case has now gone to court. How did the imposter learn of her ex-boyfriend? Is this detail of Francis’s life in her social media posts? Maybe the imposter is a coworker and overheard her tell someone about the ex-boyfriend.

This case not only teaches the lesson of be careful what you post online, but also whom you share in person the details of your life—how loudly you talk, and who might be nearby to overhear.

Francis has created a Facebook account under a different name and faces another trip to court to try to resolve the situation.

Perhaps this mess could have been prevented:

  • Create a super strong password that would take a hacker’s machine two million years to crack.
  • Think! Think! Think before you post on social media!
  • Make your FB account as private as possible.
  • Seel out your likeness on social and the moment you discover an imposter, report it.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

8 Ways to bullet proof your Social Accounts

There are ways to keep the hackers at bay—for the most part, anyways, since no protection is 100 percent efficient.

14D#1 Password protect.

A device lost or stolen puts all your accounts at risk. Even simply placing your devices on your desk, they can be accessed by a nosy spouse, contractor or baby sitter, putting your accounts at risk. All of your devices should be protected by a password or some kind of passcode, and set to lock up or hibernate after a certain period of inactivity. The lock can be a fingerprint or even a picture password.

Even if you’re the only person who uses your device, having a password is very important because you never know when someone may be able to abscond with your device, then pose as you in your Facebook account.

#2 Log out.

Setting your device to automatically get you onto a social media site eliminates the hassle of having to enter your username and password every time you want to visit the site. However, if the wrong person gets ahold of your computer, mobile or tablet, that person can easily get into your social media accounts. Log out.

#3 Remove apps you don’t use.

If your accounts like Facebook and Twitter are linked to a bunch of third-party apps and services that have accumulated over time, sift through these and knock out the ones you don’t use.

Each third-party app has the potential to act as a portal to hackers. In fact, every so often, go through these to weed out ones you don’t need anymore. Even legitimate applications can open doors of opportunity to hackers because their databases can become infiltrated.

#4 Two-step Verification.

With this, the login process has an extra step if you sign in on a different device. This means that crooks can’t get on with only your password and username. They need the extra code of two-step.

For instructions on how to set this up for social media, here are some common sites that provide them: Facebook, Twitter, Google, Gmail, Tumblr, Dropbox

#5 Don’t get reeled in.

Don’t blindly click on links in e-mails or instant messenger programs! Even if the link comes from a sender you know, that “sender” could actually be a fake sender line generated by a hacker.

Contact the person separately in a new e-mail and ask if they sent you a link. If the link is from a business, go to the business’s site rather than clicking its alleged link in your e-mail.

Though Web browsers and e-mail programs can spot these “phishing” attacks, they miss some; just don’t click on links inside an e-mail.

#6 Encrypt internet connections.

Whenever connecting to any critical account make sure the page you are connecting to is HTTPS, which the “S” makes it a “secure” page. Otherwise on open unsecured, unencrypted wireless, connect only using security software such as Hotspot Shield which encrypts all your wired and wireless communications.

#7 Easy Passwords.

The easier a password is for you to handle and remember, the easier it is for a hacker to crack. Stop using “princess” and 123456 as your passwords. Use a gibberish of characters that have no pattern and do not use words that can be found in a dictionary.

A password manager can help you manage a ton of passwords. Use different passwords for all of your accounts and include upper and lower case letters.

#8 Beef up password resets.

Review the social network’s password reset procedure. See if there are other measures they offer for restoring a hacked account, and get those activated. An example would be Facebook’s Trusted Contacts feature.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

7 Social Media Security Tips To Protect Your Business

Your employee’s online life could open your business to some serious dangers.

1SMany small businesses recognize the benefits of having a social media presence for customer service and long-term marketing purposes. However, many are slow to recognize social media’s security issues and how employees’ own social presence can add to the company’s security issues.

Some companies restrict internal access. Others may prevent employees from having any corporate association outside of work on their own social platforms. This is due to the fact that whatever an employee says outside of work publicly can have a significant impact on the organization.

Turns out the robbers scanned the teller’s social media sites based on searching the name of the bank as employer.

Last year I presented a robbery response program to a credit union. My presentation came after a mock robbery was staged, using real cops acting as masked robbers with guns. The robbers came in, guns blazing and screaming profanities, and, quite frankly, were very disturbing in their delivery. Some tellers cried, others cowered. Pregnant women were not allowed to participate and for good reason: Cops make great robbers!

At the end of the robbery, we all circled and discussed what happened. The teller who received the robbery note read it aloud, stating: “Your husband works at the Main Street Garage. We intercepted him when he was opening this morning. He is in a trunk at an undisclosed location. If you hit the silent alarm and the police come, we will kill him.”

Turns out the robbers scanned the teller’s social media sites based on searching the name of the bank as employer. Once done, they looked up her spouse’s place of employment. They were able to learn what time he opened and closed the shop. Scary.

Follow these social media security tips for small business to prevent security issues just as scary:

Institute a policy. Social media policies must be in place to regulate employee access and establish guidelines for appropriate behavior. Policies must specifically state what can and cannot be said, referring to slang, abusive language, etc. Employers should train their employees on proper use, as well. At this point, many of the mistakes have already been made; a quick search for “social media policy” will return lots of great ideas.

Consider a no-employment disclosure. Request employees leave their employment status blank when setting up a social site profile. Employees represent their employer 24/7/365, so what an employee says on or off the job and online directly reflects on his or her employer and, as stated in my credit union story, can be used against the organization.

Limit access to social networks. There are numerous social networks serving different uses, from wine and recreation to music to movies, used for everything from friending to finding a job. Some are more or less appropriate, and others are less than secure. Employee association with a social network that is considered off-color in any way will come back and haunt the company.

Train IT personnel. Policies and procedures begin from the top down. Managers and IT personnel responsible for managing technology need to be fully up to speed with social media security risks and set leadership examples.

Maintain ongoing monitoring and security. Once a policy is in place, it needs to be updated and enforced, and employees’ online lives must constantly be scrutinized. Invest in consulting, hardware, software and anti-virus protection, and update critical security patches for your operating system to make sure your business network is up to date.

Lock down social settings. Require employees to learn about and incorporate maximum privacy settings. Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave the networks wide open for attack.

Don’t completely eliminate social media. Eliminating access to social media opens an organization up to other business security issues. Employees who want access will get it—and when this happens, they sometimes go around firewalls, making the network vulnerable.

How do you ensure social media security in your business? Share your experiences in the comments.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

7 Small Business Social Media Risks

Many executives are concerned about social media related risks (e.g., data security and ID theft), but far fewer actually have any social media training.

4DA recent survey of executives puts the concerns into four categories: disclosure of confidential information; damaged brand reputation; ID theft; and legal and compliance violations.

Another feature that the survey unveiled was that 71 percent of the participants believed that their company was worried about potential risks, but they also thought these risks could be avoided or resolved.

Over half the respondents said that their company lacked any social media risk assessment strategy.

Here’s another striking finding: 33 percent of businesses had a social media policy; 27 percent of participants reported no such policy; and the remaining 40 percent consisted of an even split: those who said their company was planning on creating such a policy, and those who said their organization had some other related policy.

Solutions

While social media can bring benefits to businesses, namely in the realm of marketing exposure, they can also bring in lots of trouble as far as security issues.

How can companies find the right balance in between the two extremes of either banning social media altogether and allowing free reign of social media? Below are some solutions.

#1. Ban the ban. First of all, don’t outright ban access to social media. Otherwise, this can lead to other security issues. Furthermore, an employee who really wants to gain access to social media will dodge security, making the organization more susceptible.

#2. Execute policies. Do implement some kind of structure that regulates employee activity regarding social media. Employees need guidelines for proper use, which would also include what not to do.

#3. Social networks should be limited. There are hundreds of social networks—many uses are served, ranging from movies to music. But there are other uses that are not so innocent and less secure. Learn about these and make sure employees know not to go near them.

#4. No default settings. Default settings typically leave networks very vulnerable to attack. Settings should be locked down; most social networks do provide privacy settings and these must be managed at the highest level.

#5. URL lengthening service. Employees should never click on a shortened URL without first decoding it to see where it leads to. Shortened URLs can be pasted into an URL lengthening service.

#6. Train IT personnel. Don’t effectuate policies from the bottom up, but rather, from the top on down. Those in charge of managing technology need to be fully geared up with the risks of social media.

#7. Keep security updated. A business network always needs to be up to date with its security.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.