10 Ways to Secure Your Wireless Network – by wirelessInternetReviews.com

June 12, 2011

A link to this article was sent to me by one of the gals at Wireless Internet Reviews suggesting that you, my readers, would be interested in the information.  I think she’s right, and this is an issue that many of you fail to address so here it is…

Threats to your wireless networks are numerous and varied, and so protecting it requires a number of different safeguards as well. In this article, we’ll discuss what those threats are, and ten specific steps you can take to secure your wireless network:

  1. WPA2 encryption – Wireless Protected Access (2nd generation) is the preferred method – vs. the older WPA and WEP (Wireless Encryption Protocol) – for securing your network. Encryption is the encoding – or scrambling – of your data between the router and your PC, to avoid it being captured by others. Only PC’s with the proper WPA2 security password will be able to decode the data. Set your router to Enable Encryption, and select WPA2.
  2. Admin Password – Every router manufacturer has a configuration web page which the user can access to change default settings of their router. The Admin password is also a default setting, which is commonly known to hackers. You need to change it to your own password when you first access the web page.
  3. SSID – Your SSID, or Service Set Identifier is also preset from the factory and ought to be changed in order to discourage attacks on your network.
  4. MAC Address Filtering – Every PC has its own MAC address, which can be found via the Command prompt and typing in: ipconfig/all , then Enter. By selecting MAC Address filtering, only PC’s with authorized MAC addresses may access your network. You can enable it at the manufacturer’s website, and add your network’s authorized MAC addresses there as well.
  5. Firewall – Apart from your router’s built-in firewall, which only prevents access to your PC, you will need firewall protection for each individual PC on your network.
  6. Range Limit – Determine how much coverage area your network requires, then select your router accordingly, and position it such that the signal stays within that range.  Some routers also provide the option of reducing its transmitting power.
  7. Anti WiFi Paint – A paint has been developed that contains certain chemicals that effectively block radio signals. It can be applied to your walls to restrict access to your wireless network.
  8. Disable Remote Administration – Ensure that your router is set to disable remote administration. This will require you to perform any configuration of the network via a wired connection, but it will also prevent hackers from gaining administrative control of your network.
  9. Turn off SSID Broadcasting – This will render your network invisible to nearby PC’s and, therefore, unable to access it.
  10. Assign Static IP Addresses to your network’s PC’s. This can seem like a tedious, even counter-intuitive step. Although using dynamic IP addresses seems like it would create a moving target for unwanted visitors, the truth is that they can often find these addresses in your DHCP pool. It’s better to select a private range of IP addresses and assign one to each PC.

Have questions or want to leave a comment on this article? Go to http://wirelessinternetreviews.com/industry-news/10-ways-to-secure-your-wireless-network/.

Linda

Advertisements

Will you ‘Gift’ Your Identity to Criminals this Holiday Season?

November 18, 2012

Between careless clicks, falling for scams, and companies’ data breaches your identity is under escalating threat as crooks find ever more ways to use your information.

And the Holidays represent prime hunting for thieves.

In fact, the onslaught is so aggressive that Identity theft claims more than 15 million victims a year in the U.S, and has become the fastest growing crime in the country. And it costs an average of $3,500 for victims to restore their identities, according to new data by the Hanover Insurance Group.

That of course doesn’t include the aggravation and increased risk victims will have to live with for the rest of their lives.  That increase in risk is due to the amount of information about you that doesn’t change. Typically, ID theft victims only change their credit card numbers and PINs. A few change their password(s) and even fewer change their Social Security Number (it’s hard to do).  But you can’t change your birthdate, your name, your mother’s maiden name, your address, your employer, etc., and these pieces of information help future thieves re-associate the information needed to impersonate you.

As your making your lists, and checking them twice, review this 9 step checklist to deter ID thieves:

  1. Secure your computers, laptops, tablets and smartphones with anti-virus, anti-spyware, and security tools.
    Keep them current and use them unfailingly-as automatically as locking your door when you leave the house. A computer that does not have security software installed and up-to-date will become infected with malicious software in an average of four minutes. That malicious software will steal your information and put you at risk for crimes.
  2. You must have anti-virus and anti-spyware software installed and up-to-date. If your computer or phone isn’t protected from Trojans, viruses and other malware, your financial information, passwords and identity will be stolen.
  3. Secure your internet connection – Make sure your computer’s firewall is on. If you use a wireless network it needs to be encrypted so someone who is lurking outside the house can’t collect your information. Never use a public WiFi service for any type of financial transaction or other type of sensitive information transfer.
  4. Use caution on public WiFi hotspots. Do not log onto sensitive sites (banking, shopping…) from an unsecured connection.  When using a public computer, uncheck the box for remembering your information.
  5. Use strong, unique passwords for every site. Creating strong memorable passwords is easy and can actually be fun – and the payoff in increased safety is big. The key aspects of a strong password are length (the longer the better); a mix of letters, numbers, and symbols; and no tie to your personal information. Learn how with my blog Safe passwords don’t have to be hard to create; just hard to guess.
  6. Watch your surroundings. Pay attention to who is around you so that they do not see you type your passwords, credit card numbers, PIN’s, etc., or read sensitive information you may be sharing.
  7. Put a credit freeze on your accounts. Block ID thieves from opening new accounts under your name by freezing or blocking access to your credit files. Learn more about creating a credit freeze here.
  8. Pay attention to messaging risks.
    1. Think twice before you open attachments or click links in messages -even if you know the sender-as these can be used to transmit spam and viruses to your computer.
    2. Never respond to messages asking you to provide personal information, especially your account number or password, even if it seems to be from a business you trust. Reputable businesses will not ask you for this information in e-mail.
    3. Never click on links provided in messages, unless you are sure of the sender. Instead, use a search engine to find the website yourself.
    4. Don’t forward spam. Whether it’s a cute ‘thought of the day’, ‘set of jokes’, ‘amazing photo’,  ‘recipe tree’ or similar email, if you don’t personally know the sender the email is surely a scam designed to collect the email accounts – and relationships – of everyone you share it with.
  9. Don’t trade personal information for “freebies.”   Online freebies come in two forms:
    1. The free games, free offers, and ‘great deals’. Just as in the physical world, if these types of offers sound too good to be true, they probably are. Not only will these collect and sell your personal information, these ‘deals’, and ‘free’ applications are usually riddled with spyware, viruses or other malicious software.
    2. Through survey’s, sweepstakes, quizzes, and the like. These marketing tools are designed for one purpose – to get as much information from you as they can, so they can sell that to interested parties. Even the most innocuous ‘survey’s learn far more than you imagine, and they may give you malicious software or download tracking cookies, so just skip these entirely.
  10. Trust your instincts.   Online and offline, your instincts play a critical role in your protection. If something feels ‘off’, go with your instinct. You don’t have to explain your reasoning to anyone.
  11. Shred sensitive documents. Do not throw bank statements, bills, or other sensitive material in the garbage.

 

Following these steps will significantly reduce your chances of falling victim to ID theft, but nothing will eliminate your risk entirely. This means that monitoring your credit reports is often the best way to identify whether you have fallen victim.

 

Check your credit reports.  Under the Fair Credit Reporting Act, you have the right to one free credit disclosure in every 12-month period from each of the three national credit reporting companies: Experian – http://www.experian.com/consumer-products/triple-advantage.html, Equifax – http://www.econsumer.equifax.com, TransUnion – http://www.truecredit.com/?cb=TransUnion&loc=2091

  • Request a free credit report from one of the three companies for yourself, your spouse, and any minors over the age of 13 living at home to check for credit fraud or inaccuracies that could put you at financial risk. (Although exact figures are difficult to get, the latest data shows that at least 7 percent of identity theft targets the identities of children.) The easiest way to do this is through AnnualCreditReport.com.
  • You can also pay for credit monitoring services that will alert you to any suspicious activity or changes in your credit scores.

 

If your identity has been stolen or compromised, take immediate action:

  1. Contact your credit card companies and financial institutions of all affected accounts. Monitor your accounts closely for any fraudulent charges or withdrawals and notify the companies immediately.  Check to ensure charges are removed from your account, and retain documents of the incidents.
  1. If your Social Security number has been compromised, contact the Social Security Administration Inspector General, they will determine if you need to get a new number.
  2. Alert the credit bureaus and request a fraud alert be placed on your accounts. This will require that companies call you before opening a line of credit.
  1. Report the incident to the police, you should be asked to fill out an identity theft report, and you’ll want to keep a copy of that report as you may need to show this to prove to creditors that your identity was indeed stolen.
  1. Notify your health insurance company; don’t let your ID theft become medical ID theft!
  1. If the problem is large, consider hiring a reputable service that helps restore your credit.
  1. Recognize the emotional impact ID theft may have on you.  Given the severity of an incident, and whether you knew the person who stole your identity or not, the emotional toll of dealing with ID theft can be high. Be sure to take care of yourself and to reach out to others for support if needed.

Additional Resources:

Linda


6 Steps to Avoiding Black Friday Scams

November 21, 2011

The onslaught of holiday advertisements is in full swing, flooding mailboxes, inboxes, TV, websites, and mobile phones, and these ads will continue increasing until all last minute shopping has been done as retailers try to squeeze out every possible dollar in holiday revenue. And then there will be the after-holiday sales…

Chances are you will be among the 90% of consumers who say they expect to shop for gifts online this year, a 1% increase over last year. You might even be among the 15% who are expected to purchase gifts through a mobile device [i].  In fact, 60% of smartphone or tablet owners plan to use their device for a range of holiday shopping purposes this year, according to a new report by Prosper Mobile Insights.

This report indicates that among respondents saying they will use their mobile device for shopping this season, 60% expect to use their device as a “mobile mall,” with 56.7% primarily using their device to plan and research purchases, and one-third will use them to make at least 50% of their holiday purchases.

Whether you are shopping for others or for yourself, knowing how to get a great deal takes a lot more than just looking at the price tag.

Fortunately, learning 6 basic precautions will turn you into a savvy and much safer online shopper.

  1. Start with a secure internet environment. If your computer, tablet or cell phone isn’t protected from viruses and other malware your financial information and passwords will be stolen as you make purchases (as will everything else you store on your computer or do online). This concept is so basic, yet far less than half of the US population adequately protects their computers – and only 4% have security protection on their tablets or smartphones[ii].
    1. You must have anti-virus and anti-spyware software installed and up-to-date. If your computer or phone isn’t protected from Trojans, viruses and other malware, your financial information, passwords and identity will be stolen. If the cost of security software is prohibitive, at least use one of the free services available – just search on ‘best free antivirus’, and ‘best free mobile antivirus’ to see your options. If you don’t think you need mobile security software consider this; BullGuard security identified 2,500 different types of mobile malware in 2010[iii].
    2. Secure your internet connection. Make sure your computer’s firewall is on. If you use a wireless network it needs to be encrypted so someone who is lurking outside the house can’t collect your information. If you need a free firewall, search for ‘best free firewall’. Never use a public WiFi service for any type of financial transaction or other type of sensitive information transfer.
  2. Identify trustworthy companies. You need to either know the company – or know their reputation.
    1. If you already know the store, shopping their online store is very safe. If there’s a problem you can always walk into the local store for help. If you already know the online store’s reputation you will also be very safe.
    2. If you don’t know the store, it may still be the best option; you just need to take a few more steps. Search online for reviews from other users to see what their experiences were with the company, and conduct a background check by looking at sites that review e-stores (for example, Epinions, BizRate, Better Business Bureau). If the store isn’t listed as a legitimate site by one of these sources, or the store has a lot of negative reviews, DON’T SHOP THERE. It’s that easy.
  3. Know how to avoid scams. The holiday season is primetime for email and web scammers because they know millions of people will be spending billions of dollars online. To give you a sense of just how much money changes hands, last December (2010), $32.6 Billion dollars were spent on internet shopping sites[iv].  The best way to avoid scams is simple. NEVER, ever, click on a link in an email or on website advertisement no matter how reputable the host website or email sender may be. The website ad or email may be a really good fake, or the website or email account may have been hijacked by spammers. Instead, use a search engine and find the deal or store yourself – if you can’t find the deal on the legitimate store’s site you know that ‘offer’ was a scam. Click here to learn more about identifying scams.
  4. Protect personal information. Many ecommerce and mobile commerce sites encourage you to create a user account, but unless you truly plan to shop there often you’ll be better off not doing so. If you do choose to create a profile, do not let the store keep your financial information on file. All you really need to purchase something should be your name, mailing address, and your payment information.
    1. If the merchant asks for more information – like your bank account, social security, or driver’s license numbers, NEVER provide these. Some reputable companies will ask additional questions about your interests, but these should always be optional and you should be cautious about providing responses.
    2. Keep in mind that the company may not have strong security measures in place. The lack of strong security precautions in many companies is a real concern. Huge companies like Sony have been hacked multiple times and consumer’s passwords, names and financial information has been stolen. And unfortunately, many smaller businesses have even fewer safeguards in place to protect your data – so give them as little as possible! To learn more about these risks, see Small Business Owners Suffer from False Sense of Cyber Security.
  5. Make payments safely using a credit card or well respected payment service. Credit card purchases limit your liability to no more than $50 of unauthorized charges if your financial information is stolen, and the money in your bank account is untouched. Most debit cards do not offer this protection – and even when they do, you’re the one out of funds in the meantime. However, you probably don’t have a credit card, so striking a deal with a parent or guardian to put the charges on their card – with you handing them the cash – may be a good option.  Or, you can use a payment service like PayPal that hides your financial information from the online store and can be set up to take money out of your bank account. Do not use checks, cashier’s checks, wire transfers, or money orders as these carry high risks for fraud.
  6. Do your research. Just because a store claims to have the lowest price, doesn’t mean they actually have the best deal.
    1. Comparing the advertised price of an item doesn’t give you the full picture. You have to look at the final price – that includes any shipping, handling or taxes to see which deal may be really be the better bargain.  Some companies show lower prices, but make up the discount by charging high shipping fees.
    2. Check the company’s return policy. Some companies charge fairly steep return fees for shipping and restocking, so if you think the item may be returned factor this into the price as well.
    3. Look for online coupons or discounts. Lots of stores offer special deals if you just take the time to look for them. Typing the store’s name and ‘coupon’ is usually all it takes to discover whether extra discounts may apply.  
    4. No matter how great the ‘deal’ if you can’t afford it or it’s over your budget, it isn’t a deal. Learning financial responsibility now will set you up for financial security for the rest of your lives. And in spite of all the glittery ads, many of the best gifts don’t cost money.

 

Happy shopping!

Linda



74% of Consumers Concerned about Security when Making Mobile Payments

October 4, 2011

New research by the Ponemon Institute paints a sobering picture of consumer concerns when conducting transactions via a mobile device.  In addition to the 74% who are concerned about their online security when making mobile payments, 72% were worried about becoming the victim of online fraud.

Other findings:

  • Of those polled, 29% said they used their phones to engage in mobile banking, while 67% believe they are either completely or partially protected when engaged in mobile banking.
  • 51% use mobile transactions for the convenience it offers, and 25% do so because they believe it provides increased security.

The research concludes that consumers attitude regarding their security in online transactions more to do with how active they are online – the more frequently they make online transactions the safer they feel when doing so. Yet the researchers admonish companies that they are not off the hook; noting that the best way to increase consumer confidence is to increase company spending and oversight on providing rigorous security.

6 things you can do to be safer when transacting online:

  1. Secure your computers and smartphones with anti-virus, anti-spyware, and tools.
    Keep them current and use them unfailingly-as automatically as locking your door when you leave the house. A computer that does not have security software installed and up-to-date will become infected with malicious software in an average of four minutes. That malicious software will steal your information and put you at risk for crimes.
    1. You must have anti-virus and anti-spyware software installed and up-to-date. If your computer or phone isn’t protected from Trojans, viruses and other malware, your financial information, passwords and identity will be stolen. This concept is so basic, yet only 20% of the US population adequately protects their computers. If the cost of security software is prohibitive, use a free service.
    2. Secure your internet connection – Make sure your computer’s firewall is on. If you use a wireless network it needs to be encrypted so someone who is lurking outside the house can’t collect your information. If you need a free firewall, click here. Never use a public WiFi service for any type of financial transaction or other type of sensitive information transfer.
    3. Use added protection on sensitive financial information with passwords or store on a flash drive, CD or external hard drive For added protection all year, keep your finances inaccessible to anyone who uses (or hacks into) your computer. You can do this by password protecting individual files or folders on your computer, or choose to keep this information on a flash drive or CD that you keep in your safe or other secure location.
  2. Use caution on public WiFi hotspots. Do not log onto sensitive sites (banking, shopping…) from an unsecured connection.  When using a public computer, uncheck the box for remembering your information.
  3. Use strong, unique passwords for every site. Creating strong memorable passwords is easy and can actually be fun – and the payoff in increased safety is big. The key aspects of a strong password are length (the longer the better); a mix of letters, numbers, and symbols; and no tie to your personal information. Learn how with my blog Safe passwords don’t have to be hard to create; just hard to guess
  4. Watch your surroundings. Pay attention to who is around you so that they do not see you type your passwords, credit card numbers, PIN’s, etc., or read sensitive information you may be sharing.
  5. Put a credit freeze on your accounts. Block ID thieves from opening new accounts under your name by freezing or blocking access to your credit files. Learn more about creating a credit freeze here.
  6. Check your credit reports. Under the Fair Credit Reporting Act, you have the right to one free credit disclosure in every 12-month period from each of the three national credit reporting companies: Experian – http://www.experian.com/consumer-products/triple-advantage.html, Equifax – http://www.econsumer.equifax.com, TransUnion – http://www.truecredit.com/?cb=TransUnion&loc=2091
    1. Request a free credit report from one of the three companies for yourself, your spouse, and any minors over the age of 13 living at home to check for credit fraud or inaccuracies that could put you at financial risk. (Although exact figures are difficult to get, the latest data shows that at least 7 percent of identity theft targets the identities of children.) The easiest way to do this is through AnnualCreditReport.com.
    2. You can also pay for credit monitoring services that will alert you to any suspicious activity or changes in your credit scores.

Linda


It’s not Just British Tabloids; Cell &Email Snooping is Increasing

August 3, 2011

The phone hacking scandal that’s rocked Britain, shut down the 168-year-old News of the World tabloid, led to the resignation of high ranking British police officials and Downing Street’s communications director, and put Rupert Murdoch in the hot-seat is but one symptom of an overall increase in cell and email snooping.

While the British scandal centers around the hacking of a murdered schoolgirl’s phone, and the subsequent hacking of phones belonging to rich and famous people, relatives of slain servicemen killed in Iraq and Afghanistan, and possibly the families of British victims of the 9/11 attacks, most cell phone and email hacking is much more mundane.

According to a July 2011 Retrevo Gadgetology Report, snooping by romantic partners via email and cell phone is on the rise. – And they didn’t survey those who are snooping on ex’s.

Among their findings:

  • Overall, 33% of respondents said they had checked the email or call history of someone they were dating without them knowing in 2011, up 43% from 23% in 2010.
  • 47% of respondents younger than 25 have snooped, up 24% over 2010.
  • 41% of women admit to having checked the email/call history of a romantic partner or spouse, 28% higher than the 32% of men who have done so.
  • 32% of overall respondents say they would secretly track a spouse/partner using an electronic device if they suspected wrongdoing. This includes 33% of women and 31% of men, giving women a 6% edge.
  • 59% of overall parents say they would secretly track a child using an electronic device if they suspected wrongdoing. This includes 64% of mothers and 53% of fathers, making women 21% more likely to snoop on a child.
  • Slightly more married couples snoop on their spouses (37%).
  • The number of parents snooping is highest among parents of teenagers, with 60% snooping on their kids and possibly for good reason, as 14% of those parents reported finding something they were concerned about.
  • Overall, adults are 84% more likely to secretly track a child than a spouse/partner. This differential is 94% for women and 71% for men.
  • 34% of parents of children age 13-19 have used Facebook to learn more about the parents of their children’s friends. This makes parents of teens the most likely of all parents of children younger than 20 to snoop on Facebook in this way, followed by parents of children age 6-12 (29%) and children age 0-5 (25%).

­­­­9 Steps to avoid becoming a phone or email hacking victim

A few basic precautions can significantly reduce the chances your phone or email will be hacked by friends or romantic partners, ex-friends or -romantic partners, students, teachers, parents, children, or others you know.

  1. PIN/password protect your cell phone and email.  Strong, unique, PIN numbers and passwords are a must.  Choosing ‘password’ or something else obvious doesn’t cut it. The same goes for PIN numbers. You must change your phone’s default PIN number to something unique. Choosing easy to guess numbers like your birthdate or ‘1234’ is asking for trouble.
    1. Once you have created safe logins don’t tell anyone what they are and change them periodically.
  2. Be consistent about locking your phone and email accounts. All the passwords in the world are useless if you leave your account/phone unlocked and unattended. Make a habit of locking accounts whenever you are not in control of the device – whether it’s your phone or your computer.
  3. Do not use any automatic sign-in functionality or password reminder tools on shared computers.  If you do, everyone who shares the computer may have full access to your accounts.  XXXXXX Similarly, many phone services allow you to call your own voicemail without having to enter your PIN if you call from your own phone number. While this is convenient for you, it’s even more convenient for someone else who wants to hear your voice messages.  The problem is that your voicemail isn’t actually checking to see if the call came from your phone, it just checks to see if it came from your phone number which is very easy to spoof or fake.  All someone has to do is use a service like SpoofCard that allows a user to make their number appear to be whatever number they want it to be – like yours. Then they dial ‘their’ number to hear your messages.  By the way, SpoofCard now allows you to spoof SMS’s as well. Just imagine how much additional damage this can cause in the hands of a bully, stalker, or other freak with malicious intent.  To best protect yourself, skip the convenience of automatically retrieving your voice messages, and set your voicemail to require your PIN to keep would-be snoopers at bay.
  4. Use strong, up-to-date security products on your cell phone and computers. All it takes to learn everything on your device is one little piece of malware – and there are only two things between you and an infection: 1) Strong security software, and 2) your ability to spot fraud.
    1. Strong security software: Most professional hackers collect passwords using malware that has been installed on your computer or mobile phone, and savvier snoopers can do the same. Be sure your anti-virus and anti-malware programs are up to date.  Also be sure that any operating system updates are installed. See my blog Are You a Malware Magnet? 4 simple steps can make all the difference and Malware reaches New Highs, Spam Dips; Mobile Malware New Frontier.
    2. Your ability to spot fraud: Spam and scams come at us from all angles; in the mailbox in front of your home (junk mail) in your email inbox, via IM, social networking sites, chats, forums, websites, and sadly, now also on your phone. Learn these  14 Steps to Avoiding Scams, and practice on some of the examples (scroll further down the webpage) to see how well you can avoid the common consumer pitfalls scammers want you to stumble over.
  5. Avoid logging into accounts when using public wireless networks – you don’t know if these are safe or compromised. See my blog Like Lambs to the Slaughter? Firesheep Lets Anyone be a Hacker. Since many smartphone users use free WiFi hotspots to access data (and keep their phone plan costs down) smartphones are also more susceptible when leveraging public networks.
  6. Validate the legitimacy of any program/game/app before downloading it.  See my blogs Windows Getting Safer, but Study Finds that 1 of Every 14 Programs Downloaded is Later Confirmed as Malware and More Mobile Apps Caught Inappropriately Collecting User Info and Installing Malware.
  7. Check your computer and phone for monitoring tools. Family safety tools are designed to help parents protect their children, but all too often these tools are used to monitor spouses, friends, ex’s, etc. To know if you are being monitored – and all your interactions recorded and reported – you’ll need to check for monitoring tools. Online Tech Tips has an article titled How to detect computer & email monitoring or spying software that can be quite helpful.
  8. On phones, consider who sees your monthly statement. If family members have access to your statements, they can see who you called (phone number look up), who called you, and the times of day these occurred. This is also true of your text messages. If this is more information that you want snooped through, get your own plan and don’t leave your statements lying around.
  9. Don’t use location tools that track and broadcast your location.  There are two types of location tools, those that you can ping to get information like driving directions, and those that track your location to broadcast to others. If you don’t want to be snooped, tracked or stalked, don’t use a tool that can track you.

Applying these precautions to your mobile and email usage will not guarantee that you aren’t snooped or hacked, but they will go a long way towards protecting you from the snoops in your life.  If nearly half (47%) of the under-20 crowd are snooping, the non-snooping half had better start defending.

Linda


Teen Online Safety Basics

July 29, 2011

Internet safety isn’t about a bunch of rules telling you “never do this”, or trying to scare you into safe behavior. Internet safety is about avoiding being ripped off, disrespected, bullied, scammed, or stalked while you’re just trying to have a good time online. You don’t need to be sold on all the really great opportunities the Internet offers, but you do need to understand how to dodge problems.

Staying safer just takes learning a few things

Most of you are already pretty good at using the online sites you’re interested in or have friends that help you. Over 60 percent of you have already taken steps to be safer online.

But there is a real difference between the steps you’ve taken to be safe online and what it really takes to be safe and savvy online. The difference has nothing to do with how skilled you are at using Internet services – even the most advanced Web developer has to learn how to be safe online because the dangers come from other people, not programming code.

You are a commodity

The way ‘free’ services make money is not by selling advertising. What they sell is access to you, and information about you to advertisers, marketers and researchers, and others. Your information is also used by others looking to track people for various purposes.

Every piece of information you post, and every action you take online has commercial value to someone. That isn’t necessarily a bad thing. Your information helps companies provide you ads that are more targeted to your interests, it helps researchers know what kind of products to design, and so on. But your information is also used in negative and sometimes criminal ways. For example:

  • By someone who wants to embarrass or bully you
  • Plagiarists who want to claim your content as their own
  • By companies who want to use your information in ways that act against your interests
    • Insurance companies are using information posted on blogs to deny coverage of medical claims, car accident claims, and so on.
    • Companies may reject your job application; find reasons to fire you, and so on.
    • Your school applications may be rejected
  • By criminal organizations or individuals building profiles of people to scam, steal identities, hijack computers, find interesting homes to break into or cars to steal,  people to physically harm, and so on

As you provide information consider how it is being sold, bought, or simply taken and make sure you’re okay with potential outcomes. Learn how information as a commodity relates to taking surveys, chat, discussion boards, and forums, online datingcreating safe personal e-mail aliases, sharing Images and Video, and gaming online.

Why the terms and conditions matter on your profiles and sites

You may be surprised to learn that many sites you are likely to use include in their usage terms the right to use any of your information in any way they choose. If they own your content and profile, and your information is ‘repurposed,’ there isn’t much you can do about it. If you don’t like the terms and conditions, find another site.

If you don’t understand what the settings and permissions really mean, they might not be what you intend

Example 1) This 23-year-old set her social networking site to private. But on this ‘private’ page we learn much more than she imagined.

Her first name is Jessica, her last name is Massing (look at the URL). We know what she looks like and her ethnic background. How she dresses says a lot about the group she hangs with as well as her socio-economic status. We also know what city and state she lives in. Finding her phone number and address is just a search away. Finding articles about her in her local newspaper or on her school Web site is just a matter of another search.

What Jessica didn’t understand is that setting her social networking site to private wasn’t enough to protect her identity when ‘private mode’ still shows her photo, name, URL, city, state, and when she last logged in. With this much information, stealing her identity isn’t hard, cyberbullying is one click away, customizing a scam to match her interests is easy, and so is showing up on her doorstep. To make this so-called private page be private she should have changed her profile picture to something less identifiable, taken her city (at least) out of her profile, used a nickname instead of her real name, and made her URL anonymous.

Example 2) Chelsea assumed that because her social networking site was set to private, invitations to parties she sent would also be private. This wasn’t correct and she was shocked when several people that she didn’t know RSVP’d. She was also upset to discover she’d just posted her address publicly.

Identity theft is a big issue for teens

Lots of teens get tripped up because they figure they don’t have enough money in their bank account to matter – if someone really wants to steal their $54.13, they would go for it. But this is the wrong way to look at it. It’s not what you have in your account that interests a criminal, it’s how far they can put you in debt.

A criminal is not likely to steal anything from your bank account because it would tip you off. What they’re interested in is getting a $40k loan using your identity. Because you are not likely to be checking your credit history it can be years before you discover that your credit rating is ruined and you owe money; and it’s really hard to fix this years later.

Your money isn’t the only part of your reputation malicious or criminal people may be interested in. Your reputation and photos are other elements of your identity that can be stolen, and trying restore these may be even more difficult than restoring your credit. Learn how to avoid being a victim of Identity theft.

Getting and giving friends respect online

You know what’s okay to say about your friends in the physical world, but there are some differences you need to consider when talking to others or about others online.

The first thing to consider is who will see your words online. In face-to-face conversations you see who you’re talking to and modify your comments to fit the situation. Over the phone you know who’s on the call. Online you may or may not know who will see what you say. If someone else’s site or your site is locked down to just friends you both know, you can use the same considerations as you would face-to-face or over the phone. If you don’t know who else may see the interaction you have to assume that anyone could see it and respect your friends’ privacy as you would expect them to respect yours. It’s rude to expose information about someone – including pictures and videos — without their permission. The only way you’ll know what they want kept private is to ask them; and the only way for them to know what you want private is to tell them.

Who is exposing you online?

You may be surprised to learn how much your friends expose about you and how much you may inadvertently be exposing about them. This example is taken from the public social networking site of a girl who made her profile anonymous. She didn’t give her name, used a photo of her cat, didn’t provide her age or city, and only mentioned her state. But three comments by friends completely exposed her.

Her name is Blanche O’connelly, her birth date is July 16th, and she turned 16 in 2006. Had you looked at the time you would know where her party was going to be held, where she lives, where she goes to school (her state combined with the school’s team name gives it away), where to find her at the game, and how to identify her (she’ll be with her friend and you know what her friend looks like). A friend has also provided her telephone number.

In addition, all of these friends have photos of Blanche on their sites – you know who Blanche is because under the photos it lists who is in the pictures.

That’s a lot of information to expose about someone who went to great lengths to remain private. There are two problems here: though Blanche did a lot to protect her privacy, she didn’t tell her friends that her privacy was important to her and Blanche’s friends were disrespectful by posting identifiable information about her without first learning her privacy boundaries.

Another problem occurs when a bunch of friends have private sites and share lots of information, then one friend decides to make her site public without first asking her friends what information she should remove (and then removing it) to respect their privacy.

Information is permanent

Many teens, are very casual with giving out personal information online because they fail to fully understand the ramifications of doing so. You will rarely feel any immediate negative consequences for giving out information. Much of the time you may never understand that there is a connection between something we, a friend, or family member posted and a subsequent consequence.

Think of each piece of information as a drop of water. When a drop of water lands, it is either absorbed, evaporates, or becomes part of a body of water and is indistinguishable from any other drop. This is not the case with online information.

Today each drop of information is collected into personal virtual buckets. The information rarely disappears; instead, it accumulates, slowly building a comprehensive picture of your identities and lives. Small details about your appearance, where you live, go to school and work, financial status, emotional vulnerabilities, and the lives of those close to us all add up.

Comments, actions, or images once posted online may stay long after you delete the material from your site or request a friend to delete your information from their site. You won’t know who else has downloaded what you wrote or what search engine crawled and stored a photo. You can’t know who else sees your comments and judges you by them, nor will you have the opportunity in most cases to explain.

If you want to shed an earlier image and move in new directions, your previous postings may make it difficult. Perhaps an old relationship that you do not want to be associated with any longer remains online for anybody to see. You may have had embarrassing moments documented that won’t go away.

Anyone – those with good intentions as well as those with intent to do harm – can dip into your virtual bucket and search for your information years from now. It may be the admissions director at a school to a potential employer, or your future children or in-laws. Or it could be an identity thief or any other kind of predator, or anyone in your life who wants to lash out at you, can cause harm.

What seemed like a good idea at the time may come back to bite you in a variety of ways. So think before you post. It is far easier to think twice and refrain from posting than it is to try to take it back.

Cell Phones

Cell phones have only been available to the general public for 16 years! It’s hard to know how we lived without them. However, having a cell phone is not a right; it’s a privilege and with privilege comes responsibility.

Phones are powerful tools that can be used in positive ways, or used in ways that cause real harm. You are responsible for protecting the safety, privacy and reputation of yourself, your family and others when using a phone. This includes never sharing your location publicly, or giving out your phone number indiscriminately, and so on.

Sexting is one of the stupidest thing tweens, teens, and adults do with their phones. Once you share an image with anyone YOU HAVE NO CONTROL over where it goes next. Have you ever asked someone for a nude/semi-nude pic and not shared it? Not likely, the purpose of getting photos is to show others.

Potential problems from sexting for teens include: Humiliation, Bullying, Sexual exploitation, extortion, Criminal charges – in some areas this can have you labeled a sex offender for life, get you kicked off sports teams or other extracurricular activities, make it difficult to get scholarships or jobs.

Girls in particular get pressured to send sexting images/videos and perhaps the best thing you can do is be prepared with how you say NO to this question. Here are 3 basic strategies: 1)keep it humorous, 2)get firm, 2)turn it around on the asker:

  1. I heard your question, did you hear my answer?
  2. You asked, I answered, don’t ask again.
  3. Why don’t YOU send me your pic, then I’ll share it will all my friends and let it go viral. Let’s see what it does to YOUR reputation first.
  4. My parents check my text messages; you want my dad/mom reading your request? I don’t.”
  5. Gee, can you say stupid?
  6. Let me save us some time, the next 2,000 times you ask, the answer will still be no.
  7. Have a parent text the guy – ‘don’t ask again’. Or send a text from her phone that says “This is ____’s dad, don’t ask again”.
  8. You want a naked pic? Fine, one. Then never ask again.  – Then send a pic of a bear butt or something similar.  Some girls send a nude baby pic of themselves (or of a random baby), and a few take pictures wearing a ‘boob’ shirt…

Prevent Hacking

A few basic precautions can significantly reduce the chances your phone or email will be hacked by friends or romantic partners, ex-friends or -romantic partners, other students, teachers, parents, children, or others you know.

  1. PIN/password protect your cell phone and email.  Strong, unique, PIN numbers and passwords are a must.  Choosing ‘password’ or something else obvious doesn’t cut it. The same goes for PIN numbers. You must change your phone’s default PIN number to something unique. Choosing easy to guess numbers like your birthdate or ‘1234’ is asking for trouble.
    1. Once you have created safe logins don’t tell anyone what they are and change them periodically.
  2. Be consistent about locking your phone and email accounts. All the passwords in the world are useless if you leave your account/phone unlocked and unattended. Make a habit of locking accounts whenever you are not in control of the device – whether it’s your phone or your computer.
  3. Do not use any automatic sign-in functionality or password reminder tools on shared computers.  If you do, everyone who shares the computer may have full access to your accounts.Similarly, many phone services allow you to call your own voicemail without having to enter your PIN if you call from your own phone number. While this is convenient for you, it’s even more convenient for someone else who wants to hear your voice messages.The problem is that your voicemail isn’t actually checking to see if the call came from your phone, it just checks to see if it came from your phone number which is very easy to spoof or fake.  All someone has to do is use a service like SpoofCard that allows a user to make their number appear to be whatever number they want it to be – like yours. Then they dial ‘their’ number to hear your messages.  SpoofCard now allows you to spoof SMS’s as well. Just imagine how much additional damage this can cause in the hands of a bully, stalker, or other freak with malicious intent – the mean call or message may look like it is from someone’s phone even when it isn’t.  To best protect yourself, skip the convenience of automatically retrieving your voice messages, and set your voicemail to require your PIN to keep would-be snoopers at bay.
  4. Use strong, up-to-date security products on your cell phone and computers. All it takes to learn everything on your device is one little piece of malware – and there are only two things between you and an infection: 1) Strong security software, and 2) your ability to spot fraud.
    1. Strong security software: Most professional hackers collect passwords using malware that has been installed on your computer or mobile phone, and savvier snoopers can do the same. Be sure your anti-virus and anti-malware programs are up to date.  Also be sure that any operating system updates are installed. See my blog Are You a Malware Magnet? 4 simple steps can make all the difference and Malware reaches New Highs, Spam Dips; Mobile Malware New Frontier.
    2. Your ability to spot fraud: Spam and scams come at us from all angles; in the mailbox in front of your home (junk mail) in your email inbox, via IM, social networking sites, chats, forums, websites, and sadly, now also on your phone. Learn these  14 Steps to Avoiding Scams, and practice on some of the examples (scroll further down the webpage) to see how well you can avoid the common consumer pitfalls scammers want you to stumble over.
  5. Avoid logging into accounts when using public wireless networks – you don’t know if these are safe or compromised. Read Like Lambs to the Slaughter? Firesheep Lets Anyone be a Hacker. Since many smartphone users use free WiFi hotspots to access data (and keep their phone plan costs down) smartphones are also more susceptible when leveraging public networks.
  6. Validate the legitimacy of any program/game/app before downloading it.  Read Windows Getting Safer, but Study Finds that 1 of Every 14 Programs Downloaded is Later Confirmed as Malware and More Mobile Apps Caught Inappropriately Collecting User Info and Installing Malware.
  7. Check your computer and phone for monitoring tools. Family safety tools are designed to help parents protect their children, but all too often these tools are used to monitor spouses, friends, ex’s, etc. To know if you are being monitored – and all your interactions recorded and reported – you’ll need to check for monitoring tools. Online Tech Tips has an article titled How to detect computer & email monitoring or spying software that can be quite helpful.
  8. On phones, consider who sees your monthly statement. If family members have access to your statements, they can see who you called (phone number look up), who called you, and the times of day these occurred. This is also true of your text messages. If this is more information that you want snooped through, get your own plan and don’t leave your statements lying around.
  9. Don’t use location tools that track and broadcast your location.  There are two types of location tools, those that you can ping to get information like driving directions, and those that track your location to broadcast to others. If you don’t want to be snooped, tracked or stalked, don’t use a tool that can track you.

Applying these precautions to your mobile and email usage will not guarantee that you aren’t snooped or hacked, but they will go a long way towards protecting you from the snoops in your life.  If nearly half (47%) of the under-20 crowd are snooping, the non-snooping half had better start defending.

Create Strong Passwords

Creating strong passwords is actually easy.  You don’t have to memorize multiple passwords like Wt4e-79P-B13^qS. But few people know the secrets to strong safe passwords and as a result, you may be using just one password even though you know it’s unsafe and that if it gets compromised all of your Web information is exposed. Or you use several passwords, but they are all short simple words or include numbers that relate to your life they are still too easy to guess.

The key aspects of a strong password are length (the longer the better); a mix of letters (upper and lower case), numbers, and symbols; with no ties to your personal information, and no dictionary words.

The good news is you don’t have to memorize awful strings of random letters numbers and symbols in order to incorporate all of these aspects into your passwords; you simply need a few skills.

The secret is to make passwords memorable but hard to guess. Learning a few simple skills will make creating strong memorable passwords easy. Creating them can actually be fun – and your payoff in increased safety is huge.

First, look at a few weak passwords to understand why these put you at risk:

  • Password – The word “Password” is the most commonly used password and it is pathetically weak – as are ‘default’ and ‘blank’. These are simple words and easily guessed or broken with a hacker program that uses a dictionary assault on the password.
  • Monard1968Though this uses 10 characters and includes letters and numbers, names that are associated with you or your family, or uses other identifying information such as birth year, are easily hacked.
  • F1oweR – Though it mixes up capitols and numbers, it is too short and substituting the number 1 for the letter l is easy to guess.

To avoid these easy to guess or hack passwords try one or more of the following tricks:

Use a phrase and incorporate shortcut codes or acronyms: These examples let you use phrases that either mean something to you, or you associate with a type of website. For example, the ‘all for one and one for all’ may be the password for a social networking site where it’s all about sharing. It could be phrase about money for a banking site, and so on.

  • 2BorNot2B_ThatIsThe? (To be or not to be, that is the question – from Shakespeare)
  • 4Score&7yrsAgo (Four score and seven years ago – from the Gettysburg Address)
  • John3:16=4G (Scriptural reference)
  • 14A&A41dumaS (One for all and all for 1 – from The Three Musketeers)

Use passwords with common elements, but customized to specific sites: These examples tell a story using a consistent style so if you know how you write the first sections, and you’re on the login page for a site you’ll know what to add.

  • ABT2_uz_AMZ! (About to use Amazon)
  • ABT2_uz_BoA! (About to use Bank of America)
  • Pwrd4Acct-$$ (Password for account at bank)
  • Pwrd4Acct-Fb (Password for account at Facebook)

Play with your keyboard: It isn’t just the numbers and letters you see, it can also be a canvas to draw on.

  • 1qazdrfvgy7, is really hard to remember unless you know that it’s a W! Make letters, shapes, and more by ‘drawing’ on the keyboard.

Add emoticons: While some websites limit the types of symbols you can use, most allow a wide range. Make your symbols memorable by turning them into smiley faces to instantly boost your password power.

  • Commonly allowed symbols:
  • Some basic smiley faces:

 

C?U2canCRE8Pwords;-) (See? You too can create passwords J)

Now create your own strong, memorable passwords!


Responding to Spam Volumes, Hotmail Adds “My Friend’s been Hacked” Feature

July 21, 2011

Sending spam from legitimate user’s email accounts has become rampant as spammers switch from using botnets. This week alone, I’ve received spam sent via my mother’s and two friend’s email accounts – and received frantic calls asking how to fix the problem. Read more on fixing the problem later in this blog.

To address the nearly 30% of Hotmail generated through compromised accounts, Microsoft has launched a new feature in Hotmail. Called “my friend’s been hacked” and found under the “Mark as” dropdown, a simple click allows friends to report compromised accounts directly to Hotmail.

Microsoft’s Dick Craddock explains that “when you report that your friend’s account has been compromised, Hotmail takes that report and combines it with the other information from the compromise detection engine to determine if the account in question has in fact been hijacked. It turns out that the report that comes from you can be one of the strongest “signals” to the detection engine, since you may be the first to notice the compromise.”

Once Hotmail has marked the account as compromised, two steps are taken:

  • The account can no longer be used by the spammer
  • You (or your compromised friend) are put through an account recovery flow that helps them take back control of their account.

What’s really cool about the work the Hotmail team has done is that it can be used to report problems with accounts hosted by other email providers as well. So for example, Yahoo! or Gmail receives a notice from Hotmail if one of their user’s accounts has been compromised and can take action.

Additionally, the Hotmail team has recognized that weak passwords are a large part of the problem – it’s just too easy for spammers to hack flimsy passwords. To address this, the service will soon roll out a new feature requiring stronger passwords. If you’re currently using a common password, you may be asked to strengthen it in the future.

Changing spam tactics

The takedown of the Rustock botnet dealt a telling blow to spammers and dropped spam volumes by almost 30% overnight (see Kudos to MSFT for Strangling the Rustock Spambot) and highlights a vulnerability in the botnet approach. Not only did spammers have to pay to rent the botnets, their distribution method could be shut off in one well-researched swoop.

A report out this month by Commtouch explains this shift in tactics sayingThe move away from botnet spam can be attributed to the use of IP reputation mechanisms that have been increasingly successful in blacklisting zombie IP addresses and therefore blocking botnet spam.

The blocking of spam from compromised accounts based on IP address is more difficult for many anti-spam technologies, since these accounts exist within whitelisted IP address ranges (such as Hotmail or Gmail).

One of the primary aims of the larger malware outbreaks and phishing attacks of this quarter is therefore to acquire enough compromised accounts to make spamming viable. The catch for spammers: While spam from compromised accounts is less likely to get blocked by IP reputation systems, the volumes that can be sent are lower due to the thresholds imposed on these accounts. This at least partially accounts for the lower spam volumes seen this quarter.”

What to do if your email account is hacked

  1. Check your security. Most hackers collect passwords using malware that has been installed on your computer or mobile phone. Be sure your anti-virus and anti-malware programs are up to date.  Also be sure that any operating system updates are installed. See my blog Are You a Malware Magnet? 4 simple steps can make all the difference
  2. Change your password and make it stronger after your anti-virus and anti-malware programs are updated. Learn how to create stronger passwords in my blog Safe passwords don’t have to be hard to create; just hard to guess.
  3. Practice greater safety online.
    1. Learn to spot spam and scams
    2. Secure your home’s wireless network
    3. Avoid logging into accounts when using public wireless networks – you don’t know if these are safe or compromised. See my blog Like Lambs to the Slaughter? Firesheep Lets Anyone be a Hacker
    4. Validate the legitimacy of any program/game/app before downloading it.  See my blogs Windows Getting Safer, but Study Finds that 1 of Every 14 Programs Downloaded is Later Confirmed as Malware

Linda


Windows Getting Safer, but Study Finds that 1 of Every 14 Programs Downloaded is Later Confirmed as Malware

June 7, 2011

With all the news about Mac malware making Apple devices more vulnerable, Microsoft has announced that Windows is getting safer – particularly if you’re using Windows 7.

There are some pretty interesting discoveries in Microsoft’s most recent Security Intelligence Report covering the second half of 2010, and it’s worth the full read if you’re at all technically inclined.  Here are a few points I found particularly interesting:

  1. It really pays to upgrade your Windows OS to increase your security. A Windows 7 64-bit system (their most recently released Windows client) has the lowest infection rates at 2.5 infections per thousand computers.
    In comparison:
    1. Windows 7 32-bit systems have infection rates of 3.8 per thousand computers.
    2. Windows Vista SP2 32-bit PCs have a rate of 7.5 infections per thousand computers.
    3. Windows XP SP3 32-bit machines have an infection rate of 15.9 for every thousand computers.
  2. Malware infections are a global scourge – but not all parts of the globe are equally plagued.  The US, Mexico and Central and South America, France, Spain, Parts of the Arab world and Russia are hardest hit. This map paints a clear picture of the problem areas.
  3. The prevalence of various types of malware threats changes based on country factors.  For example, the U.S., England and Russia have significant issues with Miscellaneous Trojans, but are less likely than other countries to struggle with password stealers and backdoors.
  4. Though most phish scams target financial sites, it’s the phishes through social networks that get most of the impressions – an impression is measured as a single instance of a user attempting to visit a known phishing site with Internet Explorer. Phishing impressions that targeted social networks increased from a just 8.3% of all impressions in January to a whopping 84.5% of impressions in December. This trend was especially stark in the last four months of the year.Also note the increased focus on targeting gaming sites early in the year, the report suggests that with the tremendous success of phishing via social networks, the focus on gaming declined, but they expect to see this increase again when social networkers become more savvy to the attacks and new methods of delivery need to be found.

  5. Adding to our understanding of the phishing threats covered in MSFT’s security report is an article on the IEBlog that talks about how the company’s SmartScreen technology in IE9 is helping to block social engineering attacks.  The following are excerpts from the blog:

For context, recent studies show that despite the headlines that exploits of software vulnerabilities get, people browsing the Web are more likely to face a socially engineered attack. Recent articles have compared different approaches to protecting people. Application Reputation is a natural extension of the current protections introduced in IE7 & IE8 that block phishing sites and sites that distribute malicious programs.

…User-downloaded malware is a huge problem and getting bigger.

…IE blocks between 2 and 5 million attacks a day for IE8 and IE9 customers. Since the release of IE8, SmartScreen has blocked more than 1.5 billion attempted malware attacks. From our experience operating these services at scale, we have found that 1 out of every 14 programs downloaded is later confirmed as malware.

These reports paint a very sobering picture on the state of internet security, but there are clear steps you can take today to decrease your chances of malware infections – not matter which operating system, browser, or device type you are using.

Here’s a 12 point checklist to get you started on the road to Internet security and safety. If you want more detail, look to http://ilookbothways.com for straightforward practical advice on how to steer clear of Internet hazards whether you’re sending e-mail, dating online, making purchases or socializing – and whether you are on a computer, or your phone.

  1. Secure your computers and smartphones with anti-virus, anti-spyware, and tools.
    Keep them current and use them unfailingly-as automatically as locking your door when you leave the house. A computer that does not have security software installed and up-to-date will become infected with malicious software in an average of four minutes. That malicious software will steal your information and put you at risk for crimes.

    1. You must have anti-virus and anti-spyware software installed and up-to-date. If your computer or phone isn’t protected from Trojans, viruses and other malware, your financial information, passwords and identity will be stolen. This concept is so basic, yet only 20% of the US population adequately protects their computers. If the cost of security software is prohibitive, use a free service.
    2. Secure your internet connection – Make sure your computer’s firewall is on. If you use a wireless network it needs to be encrypted so someone who is lurking outside the house can’t collect your information. If you need a free firewall, click here. Never use a public WiFi service for any type of financial transaction or other type of sensitive information transfer.
    3. Use added protection on sensitive financial information with passwords or store on a flash drive, CD or external hard drive For added protection all year, keep your finances inaccessible to anyone who uses (or hacks into) your computer. You can do this by password protecting individual files or folders on your computer, or choose to keep this information on a flash drive or CD that you keep in your safe or other secure location.
  2. Use strong, unique passwords for every site. Creating strong memorable passwords is easy and can actually be fun – and the payoff in increased safety is big. The key aspects of a strong password are length (the longer the better); a mix of letters, numbers, and symbols; and no tie to your personal information. Learn how with my blog Safe passwords don’t have to be hard to create; just hard to guess
  3. Review the privacy terms and settings. This needs to be done for every social site you use. Create an environment of safety for yourself by understanding how any website you use treats your privacy and information. That fine print may tell you the company can own, resell, rent, or give your information to anyone they want. If it does, find a more respectful site.
  4. Discuss online safety with your family and friends.  Decide together how you will help protect each other’s privacy online and set rules that reflect your personal values. Decide what information about yourself you are willing to have shared online, and with whom you are willing to share it. This includes asking friends to put your email address on the Bcc: line if they are including you on an email to people that you don’t know. Learn more here https://ilookbothways.com/?s=bcc.
  5. Be selective about who you interact with online and what information you make public.
    1. The risks are relatively low when you stick with people you know—your family, and friends. Going into public chat rooms or opening your blog up to the general public, for example, significantly increases your risk.
    2. Think carefully before you post online any information that can personally identify you, a family member, or friend on a public site like a blog, in online white pages, on job hunt sites, or in any other place anyone on the Internet can see the information. Sensitive information includes real name, birth date, gender, town, e-mail address, school name, place of work, and personal photos.
  6. Pay attention to messaging risks.
    1. Think twice before you open attachments or click links in messages -even if you know the sender-as these can be used to transmit spam and viruses to your computer.
    2. Never respond to messages asking you to provide personal information, especially your account number or password, even if it seems to be from a business you trust. Reputable businesses will not ask you for this information in e-mail.
    3. Never click on links provided in messages, unless you are sure of the sender. Instead, use a search engine to find the website yourself.
    4. Don’t forward spam. Whether it’s a cute ‘thought of the day’, ‘set of jokes’, ‘amazing photo’,  ‘recipe tree’ or similar email, if you don’t personally know the sender the email is surely a scam designed to collect the email accounts – and relationships – of everyone you share it with.
  7. Don’t trade personal information for “freebies.”   Online freebies come in two forms:
    1. The free games, free offers, and ‘great deals’. Just as in the physical world, if these types of offers sound too good to be true, they probably are. Not only will these collect and sell your personal information, these ‘deals’, and ‘free’ applications are usually riddled with spyware, viruses or other malicious software.
    2. Through survey’s, sweepstakes, quizzes, and the like. These marketing tools are designed for one purpose – to get as much information from you as they can, so they can sell that to interested parties. Even the most innocuous ‘survey’s learn far more than you imagine, and they may give you malicious software or download tracking cookies, so just skip these entirely.
  8. Periodically review your internet contacts, and online activities.   Internet housekeeping is important. Review who you have as contacts, and who can see your online profiles periodically to prune out everyone you no longer have a close relationship with. Review any images and content you’ve posted online to see if collectively these tell more about you than should be known.
  9. Check your credit reports.  Under the Fair Credit Reporting Act, you have the right to one free credit disclosure in every 12-month period from each of the three national credit reporting companies—TransUnion, Experian, and Equifax.
    1. Request a free credit report from one of the three companies for yourself, your spouse, and any minors over the age of 13 living at home to check for credit fraud or inaccuracies that could put you at financial risk. (Although exact figures are difficult to get, the latest data shows that at least 7 percent of identity theft targets the identities of children.) The easiest way to do this is through AnnualCreditReport.com.
    2. You can also pay for credit monitoring services that will alert you to any suspicious activity or changes in your credit scores.
  10. Block people you don’t want to interact with.   You don’t have to accept invitations to be friends with people just because they ask. Women in particular can find it difficult to turn someone down – and creeps and crooks count on this very thing. If you don’t want to be friends, delete the request. If you are already connected with someone you would rather not be, block them from your social sites. You can also block their email account so they can never contact you through email, and block their phone number from calling or sending text messages to your phone.  YOU get to choose who, how, and when you are contacted.
  11. Trust your instincts.   Online and offline, your instincts play a critical role in your protection. If something feels ‘off’, go with your instinct. You don’t have to explain your reasoning to anyone.
  12. If you are exploited, it is not your fault.   Following the fourteen steps outlined above can go a long way to keeping you safe, but bad things sometimes do happen. If you fall victim to a scam, fraudster, abuser or criminal, don’t blame yourself. The only person guilty is the abuser or criminal.  You didn’t cheat, scam, lie, threaten, harm, steal, or abuse yourself in some other way, so don’t lay a burden of guilt where none belongs. Don’t let the abuser or criminal shame you into silence. Speak out and get the help you need.

For even more information and help, check out these two blogs:

Linda


Every 3 Seconds an Identity is Stolen – Don’t Be Next

June 5, 2011

Between careless clicks, falling for scams, and companies’ data breaches, your identity is under escalating threat as crooks find ever more ways to use your information.  In fact, the onslaught is so aggressive that a new Javelin Research 2010 Identity Fraud Survey calculated that a new identity is stolen every 3 seconds.

You are worth a lot of money – even if your wallet is feeling the economic pinch.  It’s not just your financial identity criminals are after, they may also want to impersonate you, steal your medical identity, or go after the identity of your children.

The results of having your identity stolen can be devastating. The FTC’s website lists the following ways in which they are seeing ID thieves use consumers’ personal information:

  • They may call your credit card issuer to change the billing address on your credit card account. The imposter then runs up charges on your account. Because your bills are being sent to a different address, it may be some time before you realize there’s a problem.
  • They may open new credit card accounts in your name. When they use the credit cards and don’t pay the bills, the delinquent accounts are reported on your credit report.
  • They may establish phone or wireless service in your name.
  • They may open a bank account in your name and write bad checks on that account.
  • They may counterfeit checks or credit or debit cards, or authorize electronic transfers in your name, and drain your bank account.
  • They may file for bankruptcy under your name to avoid paying debts they’ve incurred under your name, or to avoid eviction.
  • They may buy a car by taking out an auto loan in your name.
  • They may get identification such as a driver’s license issued with their picture, in your name.
  • They may get a job or file fraudulent tax returns in your name.
  • They may give your name to the police during an arrest. If they don’t show up for their court date, a warrant for arrest is issued in your name.

In addition to these losses, you may have also your social security or other government benefits stolen, your reputation damaged, and your medical records hijacked.

The good news is that you can beat the odds of falling victim with a few basic preventative steps.

What this means to you

Here’s a 12 point checklist to get you started on the road to ID theft protection. If you want more detail, look to http://ilookbothways.com for straightforward practical advice on how to

  1. Secure your computers and smartphones with anti-virus, anti-spyware, and tools.
    Keep them current and use them unfailingly-as automatically as locking your door when you leave the house. A computer that does not have security software installed and up-to-date will become infected with malicious software in an average of four minutes. That malicious software will steal your information and put you at risk for crimes.

    1. You must have anti-virus and anti-spyware software installed and up-to-date. If your computer or phone isn’t protected from Trojans, viruses and other malware, your financial information, passwords and identity will be stolen. This concept is so basic, yet only 20% of the US population adequately protects their computers. If the cost of security software is prohibitive, use a free service.
    2. Secure your internet connection – Make sure your computer’s firewall is on. If you use a wireless network it needs to be encrypted so someone who is lurking outside the house can’t collect your information. If you need a free firewall, click here. Never use a public WiFi service for any type of financial transaction or other type of sensitive information transfer.
    3. Use added protection on sensitive financial information with passwords or store on a flash drive, CD or external hard drive For added protection all year, keep your finances inaccessible to anyone who uses (or hacks into) your computer. You can do this by password protecting individual files or folders on your computer, or choose to keep this information on a flash drive or CD that you keep in your safe or other secure location.
  2. Use caution on public WiFi hotspots. Do not log onto sensitive sites (banking, shopping…) from an unsecured connection.  When using a public computer, uncheck the box for remembering your information.
  3. Use strong, unique passwords for every site. Creating strong memorable passwords is easy and can actually be fun – and the payoff in increased safety is big. The key aspects of a strong password are length (the longer the better); a mix of letters, numbers, and symbols; and no tie to your personal information. Learn how with my blog Safe passwords don’t have to be hard to create; just hard to guess
  4. Watch your surroundings. Pay attention to who is around you so that they do not see you type your passwords, credit card numbers, PIN’s, etc., or read sensitive information you may be sharing.
  5. Put a credit freeze on your accounts. Block ID thieves from opening new accounts under your name by freezing or blocking access to your credit files. Learn more about creating a credit freeze here.
  6. Discuss online safety with your family and friends.  Decide together how you will help protect each other’s identity online and set rules that reflect your choices. Decide what information about yourself you are willing to have shared online, and with whom you are willing to share it. This includes asking friends to put your email address on the Bcc: line if they are including you on an email to people that you don’t know. Learn more here https://ilookbothways.com/?s=bcc.
  7. Be selective about who you interact with online and what information you make public.
    1. The risks are relatively low when you stick with people you know—your family, and friends. Going into public chat rooms or opening your blog up to the general public, for example, significantly increases your risk.
    2. Think carefully before you post online any information that can personally identify you, a family member, or friend on a public site like a blog, in online white pages, on job hunt sites, or in any other place anyone on the Internet can see the information. Sensitive information includes real name, birth date, gender, town, e-mail address, school name, place of work, and personal photos.
  8. Pay attention to messaging risks.
    1. Think twice before you open attachments or click links in messages -even if you know the sender-as these can be used to transmit spam and viruses to your computer.
    2. Never respond to messages asking you to provide personal information, especially your account number or password, even if it seems to be from a business you trust. Reputable businesses will not ask you for this information in e-mail.
    3. Never click on links provided in messages, unless you are sure of the sender. Instead, use a search engine to find the website yourself.
    4. Don’t forward spam. Whether it’s a cute ‘thought of the day’, ‘set of jokes’, ‘amazing photo’,  ‘recipe tree’ or similar email, if you don’t personally know the sender the email is surely a scam designed to collect the email accounts – and relationships – of everyone you share it with.
  9. Don’t trade personal information for “freebies.”   Online freebies come in two forms:
    1. The free games, free offers, and ‘great deals’. Just as in the physical world, if these types of offers sound too good to be true, they probably are. Not only will these collect and sell your personal information, these ‘deals’, and ‘free’ applications are usually riddled with spyware, viruses or other malicious software.
    2. Through survey’s, sweepstakes, quizzes, and the like. These marketing tools are designed for one purpose – to get as much information from you as they can, so they can sell that to interested parties. Even the most innocuous ‘survey’s learn far more than you imagine, and they may give you malicious software or download tracking cookies, so just skip these entirely.
  10. Check your credit reports.  Under the Fair Credit Reporting Act, you have the right to one free credit disclosure in every 12-month period from each of the three national credit reporting companies: Experian – http://www.experian.com/consumer-products/triple-advantage.html, Equifax – http://www.econsumer.equifax.com, TransUnion – http://www.truecredit.com/?cb=TransUnion&loc=2091
    1. Request a free credit report from one of the three companies for yourself, your spouse, and any minors over the age of 13 living at home to check for credit fraud or inaccuracies that could put you at financial risk. (Although exact figures are difficult to get, the latest data shows that at least 7 percent of identity theft targets the identities of children.) The easiest way to do this is through AnnualCreditReport.com.
    2. You can also pay for credit monitoring services that will alert you to any suspicious activity or changes in your credit scores.
  11. Trust your instincts.   Online and offline, your instincts play a critical role in your protection. If something feels ‘off’, go with your instinct. You don’t have to explain your reasoning to anyone.
  12. Shred sensitive documents. Do not just throw bank statements, bills, or other sensitive material in the garbage.

If your identity has been stolen or compromised, take action.

If your identity has been stolen or compromised, act immediately.

  1. Contact your credit card companies and financial institutions of all affected accounts. Monitor your accounts closely for any fraudulent charges or withdrawals and notify the companies immediately.  Check to ensure charges are removed from your account, and retain documents of the incidents.
  2. If your Social Security number has been compromised, contact the Social Security Administration Inspector General, they will determine if you need to get a new number.
  3. Alert the credit bureaus and request a fraud alert be placed on your accounts. This will require that companies call you before opening a line of credit.
  4. Report the incident to the police. You should be asked to fill out an identity theft report, and you’ll want to keep a copy of that report as you may need to show this to prove to creditors that your identity was indeed stolen.
  5. If the problem is large, consider hiring a service that helps restore your credit.
  6. Recognize the emotional impact ID theft may have on you.  Given the severity of an incident, and whether you knew the person who stole your identity or not, the emotional toll of dealing with ID theft can be high. Be sure to take care of yourself and to reach out to others for support if needed.

Additional Resources:

Linda


Symantec Delivers Threat Report and Excellent Tools that Explain Risks to Consumers

April 18, 2011

A newly released Symantec  Internet Security Threat Report shows the company recorded over 3 billion malware attacks in 2010, and found that these threats not only skyrocketed in volume, they had also made substantial advances in their level of sophistication.

According to the report, the 5 biggest threats are:

  1. Targeted attacks against companies attempting to steal information.
  2. Social networking threats in which information about individuals is collected through the internet and social networks and leveraged to earn victims trust or masquerade as friends.
  3. Zero-Day exploits that exploit vulnerabilities within operating systems and services.
  4. Attack kits that bring advanced technical exploits to common crooks that otherwise wouldn’t have the skills to create online exploits – think of these like attack-in-a-box packages.
  5. Mobile threats that extend the basic business model behind cybercrimes to mobile devices as phones reach the capability and mass adoption necessary to make the exploits profitable.  Learn more about mobile threats in my blogs: It’s No Accident – Mobile Money and Mobile Malware Set to Go Big in 2011, and McAfee Threat Predictions for 2011 – Mobile: Usage is rising in the workplace, and so will attacks

The Report Made Easy

For consumers, Symantec’s report can be easily be understood through two great tools:

  • A nice info-graphic they put together to illustrate 2010’s year in numbers:

 


What this means to you

Here’s a 12 point checklist to get you started on the road to Internet security and safety. If you want more detail, look to http://ilookbothways.com for straightforward practical advice on how to steer clear of Internet hazards whether you’re sending e-mail, dating online, making purchases or socializing – and whether you are on a computer, or your phone.

  1. Secure your computers and smartphones with anti-virus, anti-spyware, and tools.
    Keep them current and use them unfailingly-as automatically as locking your door when you leave the house. A computer that does not have security software installed and up-to-date will become infected with malicious software in an average of four minutes. That malicious software will steal your information and put you at risk for crimes.
    1. You must have anti-virus and anti-spyware software installed and up-to-date. If your computer or phone isn’t protected from Trojans, viruses and other malware, your financial information, passwords and identity will be stolen. This concept is so basic, yet only 20% of the US population adequately protects their computers. If the cost of security software is prohibitive, use a free service.
    2. Secure your internet connection – Make sure your computer’s firewall is on. If you use a wireless network it needs to be encrypted so someone who is lurking outside the house can’t collect your information. If you need a free firewall, click here. Never use a public WiFi service for any type of financial transaction or other type of sensitive information transfer.
    3. Use added protection on sensitive financial information with passwords or store on a flash drive, CD or external hard drive For added protection all year, keep your finances inaccessible to anyone who uses (or hacks into) your computer. You can do this by password protecting individual files or folders on your computer, or choose to keep this information on a flash drive or CD that you keep in your safe or other secure location.
  2. Use strong, unique passwords for every site. Creating strong memorable passwords is easy and can actually be fun – and the payoff in increased safety is big. The key aspects of a strong password are length (the longer the better); a mix of letters, numbers, and symbols; and no tie to your personal information. Learn how with my blog Safe passwords don’t have to be hard to create; just hard to guess
  3. Review the privacy terms and settings. This needs to be done for every social site you use. Create an environment of safety for yourself by understanding how any website you use treats your privacy and information. That fine print may tell you the company can own, resell, rent, or give your information to anyone they want. If it does, find a more respectful site.
  4. Discuss online safety with your family and friends.  Decide together how you will help protect each other’s privacy online and set rules that reflect your personal values. Decide what information about yourself you are willing to have shared online, and with whom you are willing to share it. This includes asking friends to put your email address on the Bcc: line if they are including you on an email to people that you don’t know. Learn more here https://ilookbothways.com/?s=bcc.
  5. Be selective about who you interact with online and what information you make public.
    1. The risks are relatively low when you stick with people you know—your family, and friends. Going into public chat rooms or opening your blog up to the general public, for example, significantly increases your risk.
    2. Think carefully before you post online any information that can personally identify you, a family member, or friend on a public site like a blog, in online white pages, on job hunt sites, or in any other place anyone on the Internet can see the information. Sensitive information includes real name, birth date, gender, town, e-mail address, school name, place of work, and personal photos.
  6. Pay attention to messaging risks.
    1. Think twice before you open attachments or click links in messages -even if you know the sender-as these can be used to transmit spam and viruses to your computer.
    2. Never respond to messages asking you to provide personal information, especially your account number or password, even if it seems to be from a business you trust. Reputable businesses will not ask you for this information in e-mail.
    3. Never click on links provided in messages, unless you are sure of the sender. Instead, use a search engine to find the website yourself.
    4. Don’t forward spam. Whether it’s a cute ‘thought of the day’, ‘set of jokes’, ‘amazing photo’,  ‘recipe tree’ or similar email, if you don’t personally know the sender the email is surely a scam designed to collect the email accounts – and relationships – of everyone you share it with.
  7. Don’t trade personal information for “freebies.”   Online freebies come in two forms:
    1. The free games, free offers, and ‘great deals’. Just as in the physical world, if these types of offers sound too good to be true, they probably are. Not only will these collect and sell your personal information, these ‘deals’, and ‘free’ applications are usually riddled with spyware, viruses or other malicious software.
    2. Through survey’s, sweepstakes, quizzes, and the like. These marketing tools are designed for one purpose – to get as much information from you as they can, so they can sell that to interested parties. Even the most innocuous ‘survey’s learn far more than you imagine, and they may give you malicious software or download tracking cookies, so just skip these entirely.
  8. Periodically review your internet contacts, and online activities.   Internet housekeeping is important. Review who you have as contacts, and who can see your online profiles periodically to prune out everyone you no longer have a close relationship with. Review any images and content you’ve posted online to see if collectively these tell more about you than should be known.
  9. Check your credit reports.  Under the Fair Credit Reporting Act, you have the right to one free credit disclosure in every 12-month period from each of the three national credit reporting companies—TransUnion, Experian, and Equifax.
    1. Request a free credit report from one of the three companies for yourself, your spouse, and any minors over the age of 13 living at home to check for credit fraud or inaccuracies that could put you at financial risk. (Although exact figures are difficult to get, the latest data shows that at least 7 percent of identity theft targets the identities of children.) The easiest way to do this is through AnnualCreditReport.com.
    2. You can also pay for credit monitoring services that will alert you to any suspicious activity or changes in your credit scores.
  10. Block people you don’t want to interact with.   You don’t have to accept invitations to be friends with people just because they ask. Women in particular can find it difficult to turn someone down – and creeps and crooks count on this very thing. If you don’t want to be friends, delete the request. If you are already connected with someone you would rather not be, block them from your social sites. You can also block their email account so they can never contact you through email, and block their phone number from calling or sending text messages to your phone.  YOU get to choose who, how, and when you are contacted.
  11. Trust your instincts.   Online and offline, your instincts play a critical role in your protection. If something feels ‘off’, go with your instinct. You don’t have to explain your reasoning to anyone.
  12. If you are exploited, it is not your fault.   Following the fourteen steps outlined above can go a long way to keeping you safe, but bad things sometimes do happen. If you fall victim to a scam, fraudster, abuser or criminal, don’t blame yourself. The only person guilty is the abuser or criminal.  You didn’t cheat, scam, lie, threaten, harm, steal, or abuse yourself in some other way, so don’t lay a burden of guilt where none belongs. Don’t let the abuser or criminal shame you into silence. Speak out and get the help you need.

Linda