Social Networking Security Awareness

One in five online consumers has been a victim of cybercrime in the past two years. Social networking is a direct link to the problem. While social networks allow you to keep in touch with family and friends, there are issues to be concerned about.

Most concerns revolve around online reputation management, identity theft, or physical security issues. Social networking creates a risk of posting content that will be damaging to yourself, your profile being hacked or your credentials being compromised, or inviting burglars to your home by publicizing your whereabouts.

Facebook faces a security challenge that few companies, or even governments, have ever faced: protecting more than 500 million users of a service that is under constant attack. I’m a huge proponent of “personal responsibility,” and that means that you are ultimately responsible for protecting yourself.

Keep your guard up. Cybercriminals target Facebook frequently. Every time you click on a link, you should be aware of the risks.

Be careful about making personal information public. Sharing your mother’s name, your pet’s name, or your boyfriend’s name, for example, provides criminals with clues to guess your passwords.

Technology can help make social networking more secure. The most common threats to Facebook users are links to spam and malware sent from compromised accounts. Consumers must be sure to have an active security software subscription, and not to let it lapse.

Get a complimentary antivirus software subscription from McAfee. Simply “like” McAfee’s Facebook page, go to “McAfee 4 Free,” and choose your country from the dropdown menu to download a six-month subscription to McAfee’s AntiVirus Plus software. The software protects users’ PCs from online threats, viruses, spyware, other malware, and includes the award-winning SiteAdvisor website rating technology. After the six-month McAfee AntiVirus Plus subscription period, Facebook users may be eligible for special discount subscription pricing.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss hackers hacking social media on Fox Boston. (Disclosures)

Your “Status” is Important to Others

People have always paid attention to your status. Now they do it on social media. Status is your “standing” in society. It could mean whether you are married, employed, rich, poor, saving the world, up to no good, home or not.

Status in terms of home security begins with your whereabouts.

By now we should all know posting your whereabouts (or where you aren’t) can be an invitation for criminals to break into your home while you are gone. It’s simply not a good idea to post you are not home and your house is vacant. On the other hand it is a great idea to have home security cameras and an alarm system.

Furthermore, if you travel, contrary to what some might suggest, I’ve never thought it was a good idea to place your status on a “stop mail” list at the post office.  It’s the same thing with stopping delivery of your newspaper. Once you are on that list, it is known you are away. The best case scenario for both issues is to have a trusted friend, family member or neighbor grab your mail and newspaper for you. Never list your vacation plans on social media. The last thing you need to be doing on Facebook is telling the world you are 2000 miles away.

In Houston, two dumb criminals, one a teller at a bank that was just robbed and her boyfriend posted their status as “IM RICH” and “WIPE MY TEETH WITH HUNDREDS”  were arrested shortly after someone notified police on their status.

People are definitely paying attention to your status, so secure your social media.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse on Fox News Live. Disclosures

Facebook Commenting Only Keeps the Honest, Honest

You’re probably familiar with the comments sections of blogs and online newspapers. It’s where people write nice, harmonious, agreeable comments about the article, the article’s author, and the President. No, wait that must have been a dream I had.

I have always felt that a lack of accountability in the commenting process unfortunately brings out the worst in people. Today, anonymous Internet commentary is similar to prank phone calls prior to the introduction of caller ID.

Of course, what is or is not appropriate depends on one’s political, social, and economic perspective, and in many cases, anonymous comments can influence the direction of an online dialogue. Some commenters rely on their anonymity to avoid angering their employers. But most do so in order to freely post awful comments, because they themselves are not so nice. Writers put themselves out there every day, exposing themselves to the world, subject to every person’s inner mean side, cloaked in cowardly anonymity.

Facebook has rolled out a tool that allows any website to attach faces to comments, which would create a certain degree of accountability.

According to InfoWorld, “TechCrunch, which implemented Facebook Comments as an experiment, reports that while the total volume of comments is down significantly, the comment nastiness quotient is approaching zero – except, apparently, for nasty comments about their new commenting system.”

I see this as a positive. There is enough nastiness in the world and we all need to tone it down. Do your research on this issue. There are plenty of colorful opinions on what Facebook Commenting may mean. Many are for it, and many more are against.

Robert Siciliano personal and home security specialist to Home Security Source discussing social media identity theft on Fox Boston. Disclosures.

The Consequences of a Teacher’s Facebook Comments

We should all know by now that nothing you post on Facebook is private. You may have gone through all the privacy settings to thoroughly lock down your profile, but even so, you can never be sure that your posts will remain hidden. Facebook alters their privacy settings so frequently, you never know when or how the defaults will change. No matter how strict your privacy settings are, accepting a friend request from a stranger (who may be a human resource officer, for example) allows him or her to see your private comments, which can always be easily copied, pasted, and shared with the world.

The New York Post reported, that a Brooklyn NY teacher said some bad stuff regarding her fifth-graders referencing the death of a 12-year-old Harlem school girl who drowned on a class trip.

While on a field trip, the teacher used her Blackberry to post, “After today, I’m thinking the beach is a good trip for my class. I hate their guts.” When a Facebook friend asked, “Wouldn’t you throw a life jacket to little Kwami?” she wrote back, “No, I wouldn’t for a million dollars.”


Normally, this is when I would explain that it is never a good idea to announce to the world how much you hate your boss, neighbor, students’ teachers, or spouse, and that you’d like to boil a bunny on the stove to teach them a lesson. I guarantee that even if you are kidding, someone will be offended. Everything you do on the Internet lasts forever.

However, I’d rather encourage anyone with a position of authority and responsibility for others to please, go ahead and post your feelings, thoughts, and motivations as loudly and as clearly as possible. We want to know who you really are. It’s best that you come out of the closet now, so you can be removed from your position if necessary.

Robert Siciliano personal and home security specialist to Home Security Source discussing sharing too much information online on Fox News. Disclosures.

Prankster Creates and Kills Fake Social Media Profiles

This is just weird, but what about social media isn’t weird? We “friend” people we’ve never met. We share our plans, location, and mother’s maiden name with the world.

In New Zealand, weird can be defined as a 28-year-old Auckland woman who created and used several fake online profiles depicting young, pretty women to befriend unsuspecting high school boys.

I can definitely see my 16-year-old self falling for this.

Sometimes, after creating a fake Facebook profile, the woman would use her other online personas to break the news that her fictitious creation had been killed, referring her high-school friends to a tribute website where they could leave messages mourning the dead young woman. So far, around 40 of this scammer’s young victim’s have been identified.

What a bizarre prank, playing on the emotional wellbeing of a kid!

Making it even more macabre, the scammer borrowed profile pictures of real Facebook users, as well as pictures of their children, friends, and family, and created memorial videos eulogizing them. Posing as the mother of one of her creations, she informed one boy that her daughter was in the hospital after a suicide attempt.

The woman committing these acts is either extremely disturbed or extremely intelligent. Either way, it’s very creative and probably prone to copycats. This woman should be banned from the Internet entirely.

Social media sites could go a long way in terms of protecting their users by incorporating device reputation management. Once a user has been banned, device reputation allows websites to analyze the history of that user’s computer or other device, which may have been used for spam, phishing attempts, predatory behavior, profile misrepresentation, or even credit card fraud.  Device reputation alerts businesses to suspicious behavior, uncovers the device’s true location, and exposes hidden relationships to other high-risk accounts and devices.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses social media scams on CNN. (Disclosures)

Predators Using Social Media to Stalk Kids

All the advice one hears when told how to keep your kids safe on the internet from your home computer goes out the window when a mobile phone and other portable devices are introduced into the child’s life.

The sage advice was to put a PC in the living room and monitor your kids activity. Today that becomes impossible when there are tablets, iPads, mobile phones, laptops, online games and webcams. All these technologies provide new opportunities for the bad guy.

Child predators are often those who gravitate towards trusted positions in society where they have direct access to kids. Others hang out in Internet chat rooms and slowly groom their victims. Now many of them are on hundreds of different social networks.

In 2010 the CyberTipline received more than 223,000 reports of nefarious online behavior.“The increase in the number of reports of child pornography and online sexual solicitation of children is alarming,” said Ernie Allen, President & CEO of NCMEC.  “The child pornography images we are receiving are becoming more violent and the victims much younger.  We are even seeing infants being sexually abused.”

With the openness of social media, predators know what a kid likes, doesn’t like, who their friends are, and often their phone numbers, where they live, go to school, sports teams they play on etc. The list goes on and on.

Many of today’s social media sites are also incorporating location based services which allow the user to broadcast their location via a Smartphone or their home. Pictures and status updates can be tagged with relatively accurate positions giving way to much information for the criminal. suggests Allowing kids to go online without supervision or ground rules is like allowing them to explore a major metropolitan area by themselves. The Internet, like a city, offers an enormous array of entertainment and educational resources but also presents some potential risks. Kids need help navigating this world.

Robert Siciliano personal and home security specialist to Home Security Source discussing Internet Predators on Fox Boston.

10 Social Media Security Considerations

Social media security issues involve identity theft, brand hijacking, privacy issues, online reputation management, and users’ physical security.

Social media provides opportunities for criminals to “friend” their potential victims, creating a false sense of trust they can use against their victims through phishing or other scams.

Register your full name on the most trafficked social media sites, and do the same for your spouse and kids. If your name is already taken, include your middle initial, a period, or a hyphen. You can do this manually or speed up the process by using

Get free alerts. Set up Google alerts for your name and kids’ names, and you’ll get an email every time one of your names pops up online. You should be aware if someone is using your name or talking about you.

Discuss social media with your kids. Make sure they aren’t sharing personal information that would compromise their own or your family’s security with their “friends.” Monitor what they do online. Don’t sit in the dark, hoping they are using the Internet appropriately. Be prepared not to like what you see.

Be discreet. What you say, do, and post online exists forever. There is no way to completely delete a digital post. Keep it professional, and be aware that someone is most likely monitoring you, possibly including your employer.

Maintain updated security. Make sure your hardware and your software are up to date. Update your antivirus definitions, your critical security patches, and so on.

Lock down settings. Most social networks have privacy settings. Don’t rely on the defaults. Instead, set these preferences as securely as possible. The main social media websites offer tutorials, which you should use.

Always delete messages from unfamiliar users. I get messages from scammers all the time, and I’m sure you do, too.

Don’t share personal information through games or applications. Nothing good can come from publishing “the 25 most amazing things about you.”

Always log off social media sites before walking away from the PC. If you ever use a friend’s or a public PC, this habit will save lots of aggravation.

Don’t use geolocation features, which literally track your every move in order to announce your location to the world. There’s no reason to allow anyone, anywhere, to stalk you. And don’t post status updates sharing the fact that your home is vacant.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses hackers hacking social media on Fox Boston. Disclosures

10 Types of Criminal Social Media Impersonators

Social media is the fifth form of mainstream media. At this point, most people know how to use social media, and how to navigate the various websites. But what most users don’t yet realize is how social media can be used against them.

Social media identity theft occurs for a number of reasons.

1.    An online impersonator may attempt to steal your clients or potential clients.

2.    Impersonators may squat on your name or brand, hoping to profit by selling it back to you or preventing you from using it.

3.    Impersonators who pose as legitimate individuals or businesses can post infected links that will infect the victim’s PC or network with a virus that gives hackers backdoor access.

4.    Impersonators sell products or services and offer deals with links to spoofed websites in order to extract credit card numbers.

5.    An impersonator poses as you, and even blogs as you, in order to damage your name or brand. Anything the impersonator writes that is libelous, defamatory, or just plain wrong hurts your reputation and can even make you the target of a lawsuit.

6.    Impersonators harass you or someone you know, perhaps as revenge over a perceived slight.

7.    An impersonator steals a name or brand that has leverage, such as an employee, celebrity, or Fortune 500 company, as a form of social engineering, in order to obtain privileged access.

8.    An impersonator may be obsessed with you or your brand and simply wants to be associated with you.

9. An impersonator might parody you or your brand by creating a tongue-in-cheek website that might be funny and obviously spoofed, but will most likely not be funny to you.

10. An impersonator poses as an attractive woman or man interested in a relationship in order to persuade potential victims to send naked photos, which can then be used for extortion.

Social media sites could go a long way in protecting their users by incorporating device reputation management.  Rather than looking at the information provided by the user (which in this case could be an impersonator), go deeper to identify the computer being used so that negative behaviors are exposed early and access to threatening accounts are denied before your business reputation is damaged and your users abused.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses social media Facebook scammers on CNN. Disclosures.

Managing A Digital Life: Teachers Friending Kids

Teachers in numerous Massachusetts cities and towns are not allowed to “friend’’ students on Facebook or other social networking sites, and a number of other school districts south of Boston are considering a similar ban.

The Boston Globe reports that many communities are working on policies governing school staff’s use of Facebook, “inspired in part by ‘model’ rules on the subject distributed this fall by the Massachusetts Association of School Committees.”

The Massachusetts Association of School Committees rules are designed for administrators to “annually remind staff members and orient new staff members concerning the importance of maintaining proper decorum in the online, digital world as well as in person.’’

Teachers should be reluctant to add students as friends on Facebook, as Facebook and other social media sites blur the lines in the student and teacher relationship.

Growing up, we knew nothing about our teachers. They were authority figures that didn’t seem to exist in the real world. If we ever saw a teacher in public, at a mall, wearing regular clothes, we fell into a state of shock!

Now, because of the personal information made available on teachers’ Facebook profiles, students know more than they should about their teachers’ personal lives. They know if a teacher’s relationship status is “Complicated,” and that over the weekend he “Partied like it was 1999.”

One argument against students and teachers establishing online friendships is the need for a distinction between personas in and outside the classroom, and a necessary distance between students and teachers, in order to maintain respect and define a teacher as “a role model, mentor, and advice giver – not a ‘friend.’”

Ultimately, the teacher-student relationship is all about guiding the student through a set curriculum involving reading, writing, arithmetic, and so on. This is and has always been a professional relationship, not a social one. Social media facilitates a social relationship. Call me “old school,” but it doesn’t seem right for students and teachers to connect in this way.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses child predators online on Fox News. Disclosures

Please Hack Me. My Password is 123456

Robert Siciliano Identity Theft Expert

Is this you? Are you a hackers delight? Are you a lazy lima bean begging to be hacked? Recently, there were 32 million passwords stolen last month from a social media site. Upon observation, researchers determined 1 percent of the 32 million people it studied had used “123456” as a password. The second-most-popular password was “12345.” Others in the top 20 included “qwerty,” “abc123” and “princess.”

In another breach thousands of email addresses and their passwords were phished by identity thieves and posted in an online forum. Researchers parsed the hacked passwords and broke them down into categories based on their level of security. For example some of the passwords were very weak “111111” “123456” “1234567” “12345678” “123456789” made the top list. Many of the stolen passwords were people’s first names which of course could be kids, spouses, etc. Obviously, anyone who uses an insecure password like this is more likely to get hacked due to their laziness and less than sophisticated approach to security. 60% of the passwords contained either all numbers or all lowercase letters.

Beefing up passwords using a password manager is much easier. Combine uppercase and lowercase letters, as well as numbers and characters. Don’t use consecutive letters or numbers, and never use names of pets, family members, or close friends. Instead use the first letters of phrases: Full moons on Saturday bring out whackos @12am!: is FmoSbow@12am! That’s a strong password that no sane person will enter manually. But a password manager makes it possible.

I’ve tried every possible password manager on the planet. There is only one that I have found to be incredibly efficient and secure. Roboform. This thing works great. I have it on 5 PCs and the iPhone and they all sync automatically.

Robert Siciliano personal security expert to Home Security Source discussing Hacked email on Fox News