Posts

Protecting Yourself from Cyber Extortion

You might not think that you could ever be a victim of cybercrimes, but you would be incorrect. You are just as much of a possible victim than anyone else, and you have to know how to protect yourself.

passwordOne of the easiest ways that hackers can get victims is to trick people into clicking links in emails or opening attachments. Something as simple as this can easily lead to viruses and other security issues, like ransomware, and no one is ready to deal with this.

Cyber extortion is on the rise, and it involves infecting a computer with ransomware, which means the victim will not be able to access their files unless they pay money via bitcoin to the attacker. This software is installed when the victims click on links in emails.

Many of these emails ask for information that is sensitive. If you get one of these emails, you should have alarm sounding off. If you don’t, you could, blindly, give the hacker information about you, such as your passwords, account numbers, or worse.

Extortion Prevention

Here are some things that you can do to prevent yourself from cyber extortion:

  • Install a password manager software
  • Don’t use the following in your passwords: words or names that are obviously yours, any keyword sequence (ZXCVB), any password under eight characters, or anything easy to guess.
  • Make sure every account has a unique password.
  • If an account offers it, enable two-factor authentication. Each time you try to log in, you cannot gain access to the account unless you insert a one time code, which is delivered to your phone via text. If someone contacts you and asks for a code like this, you should hear alarm bells in your head.
  • Create passwords with a mix of letters, symbols, and numbers. Randomly choose these like a toddler would if they were typing and add them to your password manager.
  • Don’t ever click on any link that comes to you via email unless you confirm its legitimacy with the sender. A single click might download a virus, or you might be directed to a site that can lure you into typing your username, password, and other information. A red flag that you might be at risk of doing this is if you get an email that says, “Your Account Was Suspended.”
  • Often, these emails seem like they come from a source you trust like PayPal, a bank, the IRS, or your employer.
  • You also might see a sense of urgency in these emails, such as “Act within 24 hours” or “You must…”
  • Don’t open any attachments including those from a person or company that claims they want to offer you a job.
  • Do not post any sensitive personal information on your social media accounts. Hackers can use this information to figure out login information.
  • Have a business email account and a personal one.
  • Don’t connect to public Wi-Fi and do anything like shopping or banking. If you don’t have a choice, you can browse by using a VPN, virtual private network.

Some of this might sound like a pain, or even inconvenient, but believe it or not, you are a target for hackers, and they are just waiting for you to take the bait.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Why use a VPN?

If you want to be a pro at privacy, here’s a tip: When it’s time to go online, whether it’s at an airport lounge, coffee house, hotel, or any other public Wi-Fi spot, don’t log into any of your accounts unless you use a virtual private network (VPN).

8DA VPN is a technology that creates a secure connection over an unsecured network. It’s important to use because a hacker can potentially “see” your login information on an unsecured network. For instance, when you log in to your bank account, the hacker may be able to record your information, and even take money from your account.

Here are a few other important things to remember about unsecured networks:

  • It’s possible for cyber snoops to see your transactions, including email.
  • Snoopers and bad hackers can spy on the sites you visit and will know the passwords and usernames you use to access any account.
  • A Wi-Fi spot itself can be malicious, in that it was set up by a cybercriminal.
  • Even a reputable Wi-Fi spot, like that at a name-brand hotel, could be tainted. Hackers can use software to hijack Internet connections and trick users into using fake web addresses.

The good news is that you can subscribe to a VPN service for a low monthly fee. Now, if you have a VPN, you can feel at ease logging into any site on public Wi-Fi, because a VPN scrambles, or encrypts, all cyber transmissions. So to a snoop or hacker, your passwords, email messages and everything else will appear as unintelligible garble.

In addition to encrypting your transactions, most VPNs will conceal your device’s IP address. What you’re doing and which sites you are visiting will be under lock and key. This will stop companies from snatching users’ browsing habits and other data and sharing it with other online entities.

So, if your schedule doesn’t permit you the luxury of doing all your important Web surfing on your secure home Wi-Fi, and you often find yourself logging on to your bank’s site or other accounts while you’re away from home, remember that you really need a VPN. Because, when you are on an unsecured network, everything you do on your computer gets laid out on a silver platter for the cyberthugs.

Your information could be compromised, or your device could get infected and crash, wiping out all of your files.

A hacker might even threaten to wipe out your files if you don’t pay a ransom. The bottom line is that anything is possible when using public Wi-Fi, but VPNs can end all these concerns.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Protect your small business against viruses with these tips

It is September and it’s National Preparedness Month—a great time to get involved in the safety of your community. Make plans to stay safe, and this includes maintaining ongoing communications. National Preparedness Month culminates September 30th with National PrepareAthon! Day.

6DI learned in high school biology class that one of the things that distinguishes life forms from inanimate objects is that living things replicate. Therefore, a computer virus is, well, alive; it replicates itself. It’s alive enough to cause billions of dollars of destruction from the time it attacks a computer network until the disaster is cleaned up.

But just what is a computer virus?

Not only does this nasty program file duplicate itself, but it can spread to other computers without human involvement.

Unlike a virus with DNA, a tech virus usually doesn’t produce symptoms to give you an early warning. But it’s hell-bent on harming your network for financial gain.

Though a virus is malicious, it may impersonate something harmless, which is why the user lets it in. One type of virus is spyware— which allows your computer to run smoothly as always, while the spyware enables criminals to watch your login activities.

Though viruses often corrupt in secret, others can produce symptoms including:

  • Computer programs and smartphone applications open and close spontaneously.
  • Computer runs very slowly for no apparent reason.
  • Someone you know emails you about the global email you recently sent out promoting a product you have nothing to do with.

You can protect yourself or your business from a virus in the following ways:

  • A malment is a common way to let a virus into your computer. This is a malicious attachment that, when clicked, downloads the virus. The email message tricks employees into clicking that attachment. Unless it’s been confirmed by the sender that you’ll be receiving an attachment shortly, never open attachments. Or at a minimum, scan them with antivirus software.
  • Never open an attachment sent out of the blue by the IRS, company bank, credit union, medical carrier, etc.
  • Apply the above rules to links inside emails. A “phishing” email is designed to look legitimate, like it came from the bank. Click on the link and a virus is released. Or, the link takes you to a site that convinces you to update some login credentials—letting the hacker know your personal information.
  • Never use public Wi-Fi unless you have a VPN (virtual private network) encryption software.
  • All devices should have continually updated security software including a firewall.
  • Browser and operating system as well should be updated with the latest versions.
  • Prevent unauthorized installations by setting up administrative rights.
  • Employees, from the ground to the top, should be aggressively trained in these measures as well as bring-your-own-device protocols.
  • Back up your data. Why? Because when all else fails and your data and devices have been destroyed by malware, a cloud backup allows you to not only recover all your data, but it helps you sleep at night.

The prevention tactics above apply to businesses and really, everyone. Employees should be rigorously trained in how malware works and other tricks that cyber thieves use. To learn more about preparing your small business against viruses, download Carbonite’s e-book, “5 Things Small Businesses Need to Know about Disaster Recovery.”

#1 Best Selling Author Robert Siciliano CSP, CEO of IDTheftSecurity.com is a United States Coast Guard Auxiliary Flotilla Staff Officer of the U.S. Department of Homeland Security whose motto is Semper Paratus (Always Ready). He is a four time Boston Marathoner, Private Investigator and is fiercely committed to informing, educating, and empowering people so they can be protected from violence and crime in the physical and virtual worlds. As a Certified Speaking Professional his “tell it like it is” style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders. Disclosures.

Don’t’s and Do’s when using Public Wi-Fi

Curl up in a chair at your favorite coffee house, the aroma of premium coffee filling the air, take a few sips of your 700 calorie latte, and then enter cyberspace. Little do you know that you could have a stalker. Or two. Or 3,000. Because public Wi-Fi is there for the picking for hackers. Online transmissions can be intercepted. The credit card number that you enter onto that retailer’s site can be “seen.”

3WDon’t Do These at a Public Wi-Fi Site

  • Never leave your spot without your device on you—not even for a moment. You may come back and still see your computer where you left it…but a thief may have installed a keylogger into it to capture your keystrokes.
  • Do not e-mail messages of a sensitive or serious nature.
  • When your computer begins seeking out a network to connect to…do not let it just drift to the first one it wants; see if you can choose one.
  • Don’t leave on your file sharing.
  • If you’re not using your wireless card, then do not leave it on.
  • Don’t do banking or any other sensitive activities.
  • Don’t position your device so that someone nearby can see the screen.

Yes, Do These when at a Public Wi-Fi Spot

  • Look around before you settle into a nice spot.
  • Sit somewhere so that your back is facing a wall.
  • Assume all Wi-Fi links are suspicious—kind of like assuming all drivers are drunk whenever you go out driving. A wireless link may have been set up by a hacker.
  • See if you can confirm that a given Wi-Fi link is legitimate.
  • Assume that if the connection name is similar to the Wi-Fi spot, that this could mean that the hacker was clever. Inquire of the manager of the coffee shop, hotel, etc., for information about their Wi-Fi access point.
  • You should consider using your cell phone for sensitive activities such as online shopping.
  • But cell phone or not, see if you could avoid visiting sites that can make it easier for hackers to nab your data—sites such as banking, social media and any site where your credit card information is stored.

Use a VPN. This stands for virtual private network. What a VPN does is create an impervious tunnel through which your data travels. Hackers cannot penetrate this tunnel, nor can they “see” through it. Your data is safe. The tunnel encrypts all of your banking and other sensitive transactions, as well as sensitive e-mail communications, plus downloads, you name it. With a virtual private network, you will not have to worry about a thief or snoop intercepting your transmissions.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

What’s the difference between VPNs and Proxies and which Option is more secure?

If you are overseas somewhere and want to access your Facebook page…don’t be surprised if you can’t do this. In fact, you won’t even be able to get onto the Facebook site (or YouTube, for that matter), depending on what country that you are visiting. This is because some countries limit website access for their citizens.

4WYou can get around this with a VPN (virtual private network) or proxy server. However, they are not one and the same. Let’s look at the features of each.

VPN

  • A VPN does the so-called scrambling or encryption of data so that hackers can’t tell what you are doing. To put this another way, a VPN provides a “tunnel” through which your data goes. This tunnel cannot be penetrated. Your transmissions are hidden, unable to be viewed.
  • This protected data includes e-mail communications, login information, instant messages, which sites you visit, downloads and more.
  • A VPN is private communication over a public network and can be used on all types of devices.
  • A VPN will alter your IP address, making it seem that you are using your computer somewhere other than the country that prohibits access to Facebook. You can navigate Facebook with ease while visiting that country.

Proxy Server

  • This makes the user anonymous. The proxy server does the job of anonymizing. The server of the site you want to visit receives requests from this anonymous server. As a result, even if you are in that country that bans Facebook access, it will have no idea where you are located. Hence, you can get on Facebook.
  • Your data, transmissions, etc., however, are not hidden by any tunnel or scrambled (encrypted).
  • Therefore, with the proxy server, even though you can spend hours on Facebook or YouTube in that foreign country…any transmissions or activities you conduct can be intercepted by a hacker if you are using public Wi-Fi.

Now if you have a VPN with the proxy server, this solves that problem. Nobody will be able to snoop or steal data like your credit card information when you shop online.

However, there is no point in having both, when one can do the entire job: the virtual private network. Think of a VPN as having a built-in proxy server.

Hotshot Shield is a VPN that encrypts all of your online activities in that non-penetrable tunnel, while at the same time making it impossible for your location to be identified. You are essentially anonymous. Hotshot Shield works for both wireless and wired connections.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Why Hacking is a National Emergency

Foreign hackers, look out: Uncle Sam is out to get you. President Obama has issued an order that allows the State Department and Treasury Departments to immobilize the financial assets of anyone out-of country suspected of committing or otherwise being involved in cyber crimes against the U.S.

7WkThis order, two years in the making, covers hacking of anything. The order refers to hacking as a national emergency. Imagine if entire power grids were hacked into. Yes, a national emergency.

Another reason hacking is a national crisis is because the guilty parties are so difficult to track down. Hackers are skilled at making it seem that an innocent entity is guilty. And a major hacking event can be committed by just a few people with limited resources.

However, the order has some criticism, including that of assigning it an over-reaction to the Sony data breach. But it seems that the government can never be too vigilant about going after hackers.

Proponents point out that the order allows our government greater flexibility to go after the key countries where major hacks come from, like Russia and China. This flexibility is very important because the U.S. has a crucial financial relationship with these countries. And that needs to be preserved.

For instance, there’d be little adverse impact to the U.S. if our government choked off the bank accounts of isolated hackers who were part of the Chinese government, vs. strangling the entire Chinese government.

In short, the activities of small hacking groups or individual hackers within a foreign government will be dealt with without penalizing the entire government—kind of like doing away with punishing the entire fourth grade class because one kid threw a spitball.

Hacking is now elevated to terrorism status; the order is based on the anti-terrorism bill. So foreign hackers, you’ve been warned; the U.S. is not reluctant to level you because the order allows for sparing your government as a whole from being sanctioned.

You can do your part to protect the Homeland simply by protecting your own devices using antivirus, antispyware, antiphishing and a firewall. Keep your devices operating system updated and uses a VPN when on public WiFi.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing identity theft prevention.

How to prevent being tracked

You worry about being hacked, but what about being tracked? Yes, there are hackers and then there are trackers.

8DInternet tracking namely refers to the user’s browsing habits being followed. But there are ways to make the trackers harder to tag behind you.

  • Duhh, a fake name. What an innovative idea! It’s amazing how many people have their real name splashed all over cyberspace. Sure, you should use it for LinkedIn, and also Facebook if you want your childhood classmates to find you. But do you really need to use it for accounts like Disqus that allow you to post comments to articles? If you want to provide feedback to a site, must you use your real full name?
  • Use a virtual private network (VPN), as this will mask your IP address and others from tracking you. A VPN will encrypt your activities on open WiFi too. Hotspot Shield is a VPN provider; it’s compatible with iOS, Android, Mac and PC.
  • Now you may think, “What’s so bad about being tracked? So what if cookies know I keep clicking on all the Miley Cyrus articles?” Well true, so what.
  • But what if cookies also find that you’ve been clicking on an awful lot of articles about heavy weight training? You’ve been doing research for an article you want to write for your latest magazine assignment or maybe your son is interested in weightlifting. What if this timeline coincides with when you’re suing someone for smashing into your car while you were in it, causing back injury? The defendant’s attorney may uncover you’ve been researching heavy weight training, and this doesn’t look good for someone claiming a bad back.
  • Before you begin browsing, make sure you’re logged out of social networks. This means finding the “logout” or “sign-out” tab and clicking its options, rather than just closing out the site tab. Otherwise, more tracking.
  • Make sure your cookies are cleared before and after browsing.
  • If you use Twitter, go to the basic account settings to a box called “Tailor Twitter based on my recent website visits,” and make sure it’s unchecked.
  • Have JavaScript blocked when filling out forms. An extension called NoScript will block companies from using JavaScript for tracking you when you fill out their forms. However, think hard before you do this, because there are so many additional uses for JavaScript, and if you have a browser add-on that blocks it, it will probably slow loading times. Techy people will know how to set up the add-on so that it blocks JavaScript only for certain companies.
  • Disposable e-mail address. You can be tracked with your e-mail address—unless it’s a disposable one. Some services provide addresses that dissipate after a few minutes, while others provide addresses for longer use. Your e-mail carrier may also provide the option of creating additional e-mail addresses by adding characters to your name in the primary e-mail, so that these additional e-mails can be used and forwarded to the original.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

6 Ways to halt Online Tracking

“On the Internet, you can be ANYBODY!”

1PNot quite. Remaining anonymous in cyber space isn’t as easy as it used to be. Your browsing habits can be tracked, leading to your true identity. But there are things you can do to remain as anonymous as possible.

  • Don’t feel you must use your full, real name when filling out forms or whatever, just because it’s asked or even a “required field.” Of course, you’ll want to use your real name when registering online with a bank, for instance, or making a purchase. But sometimes, the real name just isn’t necessary, such as when registering with a site so that you can post comments on its news articles, or registering with an online community so that you can participate in forums.
  • Stop “liking” things. Does your vote really matter in a sea of thousands anyways? But you can still be tracked even if you don’t hit “like” buttons, so always log off of social media sites when done. This means hit the “log out” button, not just close out the page.
  • Twitter has options to control how much it tracks you, so check those out.
  • Clear your browser cookies automatically every day.
  • Use a disposable e-mail address; these expire after a set time.
  • Firefox users get a browser add-on called NoScript to block JavaScript. JavaScript gets information on you, especially when you fill out a form. However, JavaScript has many other functions, so if you block it, this may impair ease of use of the websites you like to navigate.

Virtual Private Network

You may not think it’s a big deal that your browsing habits get tracked, but this can be used against you in a way that you cannot possibly imagine.

For example, you suffer whiplash injury in a car accident and want to sue the erroneous driver who caused it. However, your nephew asks your advice on weight lifting equipment, so you decide to visit some websites on weight lifting equipment since you know a lot about this.

The defendant’s attorney gets wind of this online search and can use it against you, claiming you don’t really have any whiplash injuries. How can you prove you were searching this information for your nephew?

A VPN will scramble your browsing activities so that you can freely roam the virtual world wherever you are without worrying you’re being tracked. Your IP address will be hidden. One such VPN service is Hotspot Shield, which can be used on iOS, Android, Mac and PC.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

How to recognize Online Risks

Would you give up your bank account and credit card numbers to a stranger on the street after he approaches and asks for them? Of course not. But that’s essentially what people do when they’re tricked by online crooksters into revealing sensitive personal information, including their Social Security numbers.

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294One of the most common ways this is done is through phishing.

  • The phishing attack is when the thief sends out thousands of the same e-mail. If enough people receive the message, sooner or later someone will take the bait.
  • The bait may be a notice you’ve won a prize; a warning that your bank account has been compromised or that you owe back taxes; an alert that something went wrong with your UPS delivery; or something about your medical insurance.
  • These subject lines are designed to get you to open the e-mail and then follow its instructions to remedy the problem—instructions to the tune of typing out your personal information including passwords.
  • Sometimes the fraudster has already gained information from a victim and will use that to make the victim think that the phishing e-mail is legitimate.
  • These e-mails contain links; never click on them. They’re designed to entice people into giving up personal information, or, the site they take you to will download a virus to your computer.
  • Sometime the e-mail will contain an attachment. Opening it can download a virus.
  • What if the e-mail appears to be legitimate, complete with company logo, colors, design and details about you? Contact the company first, by phone, to see if they sent out such an e-mail. Don’t click any link to get on the company’s site; instead go there via typing into the URL field.
  • You may have heard that hovering over the link will show its true destination, but this isn’t always the case.
  • Remind yourself that you are not special: Why would YOU inherit money from some strange prince in a foreign country?

Passwords

  • Passwords should never contain words or names that can be found in a dictionary. I know you so desperately want to include the name of your favorite football team in it, but don’t. Such passwords are easier for hackers to crack.
  • Never use keyboard sequences; again, a hacker’s tool can find these.
  • Make a password almost impossible to crack by making it at least 12 characters, a mix of upper and lower case letters, and include numbers and other symbols.
  • Use a different password for every account.

Anti-malware Software

  • You should have a complete system that’s regularly updated.
  • Have a firewall too.

Virtual Private Network

  • Download Hotspot Shield to encrypt your data on public WiFi hotspots.
  • Shield your IP address from webtracking companies who desire your information to sell you stuff or from search engines who hand that data over to the government.

Secure Sites

  • Whenever possible, visit only sites that have https rather than http, because the “s” means it’s a secure site.

A padlock icon before the https means the site is secure.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Strengthen Your Digital Defenses with the 5 Habits of Practically Unhackable People

At the start of the year, we all made our resolutions for 2015. Now it’s March—how are you doing on your resolutions? If you’ve already broken a few, no worries; New Year’s doesn’t have the monopoly on making goals to better yourself. This is especially true with digital safety. At a time when there are so many security breaches, it’s important to commit to strengthening your digital defenses year-round.

1DWhen making goals, it’s important to emulate people who have already mastered what you’re trying to learn. So in this case, what do super secure people do to stay safe online? Intel Security has the answer—here are the 5 habits of practically unhackable people:

  1. Think before they click. We click hundreds of times a day, but do we really pay attention to what we click on? According to the Cyber Security Intelligence Index, 95% of hacks in 2013 were the result of users clicking on a bad link. Avoid unnecessary digital drama, check the URL before you click and don’t click on links from people you don’t know.
  2. Use HTTPS where it matters. Make sure that sites use “https” rather than “http” if you’re entering any personal information on the site. What’s the difference? The extra “S” means that the site is encrypted to protect your information. This is critical when you are entering usernames and passwords or financial information.
  3. Manage passwords. Practically unhackable people use long, strong passwords that are a combination of upper and lower case letters, numbers, and symbols. Yet, unhackable people don’t always memorize their passwords; instead, they use a password manager. A password manager remembers your passwords and enters them for you. Convenient, right? Check out True Key™ by Intel Security, the password manager that uses biometrics to unlock your digital life. With True Key, you are the password.
  4. Use 2-factor authentication (2FA) all day, every day. When it comes to authentication, two is always better than one. 2FA adds another layer of security to your accounts to protect it from the bad guys so if you have the option to use 2FA, choose it. In fact Intel Security True Key uses multiple factors of authentication.
  5. Know when to VPN. A VPN, or virtual private network, encrypts your information, which is especially important when using public Wi-Fi. Practically unhackable people know that they don’t always need a VPN, but know when to use one.

To learn more about the 5 habits of practically unhackable people, go here. Like what you see? Share the five habits on Twitter for a chance to win one of five prize packs including a $100 gift card to Cotopaxi or Hotels.com.*

You don’t need to wait for another New Year to resolve to become a digital safety rock star – start today!

*Sweepstakes is valid in the U.S. only and ends May 16, 2015. For more information see the terms and conditions at intel.com/5habits.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.