Tags: identity fraud, identity proofing, identity protection, Identity Theft, password, password manager, password security
For anyone who goes online, it’s impossible to hack-proof yourself, but not impossible to make a hacker’s job extremely difficult. Here are three things to almost hack-proof yourself.
Two-factor authentication. Imagine a hacker, who has your password, trying to get into your account upon learning he must enter a unique code that’s sent to your smartphone. He doesn’t have your smartphone. So he’s at a dead-end.
The two-factor authentication means you’ll get a text message containing a six-digit number that’s required to log into your account from someplace in public or elsewhere. This will surely make a hacker quickly give up. You should use banks and e-mail providers that offer two-factor. Two factor in various forms is available on Gmail, iCloud, PayPal, Twitter, Facebook and many other sites.
Don’t recycle passwords. If the service for one of your accounts gets hacked, the exposed passwords will end up in the hands of hackers, who will invariably try those passwords on other sites. If you use this same password for your banker, medical health plan and Facebook…that’s three more places your private information will be invaded.
And in line with this concept of never reusing passwords, don’t make your multiple passwords sound schemed (e.g., Corrie1979, Corry1979, Corree1979) for your various accounts, because a hacker’s penetration tools may figure them out.
Use a password manager. With a password manager, you’ll no longer be able to claim not being able to remember passwords or “figure out” how to create a strong password as excuses for having weak, highly crackable passwords. You’ll only need to know the master password. All of your other passwords will be encrypted, penetrable only with the master password.
A password manager will generate strong passwords for you as well as conduct an audit of your existing passwords.Filed Under: Identity Theft
Selling your house can spell a lot of trouble whether you do it yourself or hire a real estate agent. Agents have little training on safety and security and home owners even less so. Here are safety tips.
- Prior to a showing, get information on the potential buyer. Google their names to see what comes up. They can also complete a buyer’s questionnaire, seek one online, and you can chat with them on the phone.
- Find out if the buyer is bringing along young children. Kids get into everything and are hazard to themselves. See if arrangements can be made otherwise. If this is not possible, try to arrange to have a friend or family member keep an eye on the kids during the showing.
- Make sure the path to your front door is clear of any debris, yard equipment, toys, etc., that can be a tripping hazard. Also make sure that no rugs inside are bunched up, and that the floors and all the steps are clear of any objects that the buyer can trip over. Warn the buyer of any sharp edges, like that from cocktail tables, that they might walk into. Make sure there’s no moisture or slick areas on the floors.
- If you have a dog, keep it locked in a crate during the showing. Don’t wait for the buyer to come over to do this; put the dog in the crate ahead of time, since the buyer might arrive early.
- Show your property only during the daylight.
- Use the buddy system, bring a friend or relative over to assist. Arrange to have someone present in the home during the showing, and visible to the buyer, perhaps a friend in the living room reading.
- Make sure that the door is closed and locked once the buyer enters your home. But at the same time, be closest to the exit in case something goes wrong.
- If another family member is in the home during the showing, and especially if you don’t know where in the house they are at any given moment, knock on any closed doors before entering as you don’t want to startle the other resident by just opening up the door.
- Put away in a safe or completely remove all valuables. If you see someone steal something, do not confront them. Leave quickly (yes, leave your own house with someone still in it) and call the police.
Imagine it. You sit down at your computer about to do your daily perusal of Buzzfeed or check out The Financial Times but your homepage is now some weird search engine you’ve never seen before. Guess what? You’ve been hijacked.
Browser hijacking is when your Internet browser (eg. Chrome, FireFox, Internet Explorer) settings are modified. Your default home or search page might get changed or you might get a lot of advertisements popping up on your computer. This is done through malicious software (malware) called hijackware. A browser hijacker is usually installed as a part of freeware, but it can also be installed on your computer if you click on an attachment in an email, visit an infected site (also known as a drive-by download), or download something from a file-sharing site.
Once your browser has been hijacked, the cybercriminal can do a lot of damage. The program can change your home page to a malicious website, crash your browser, or install spyware. Browser hijackers impede your ability to surf the web as you please.
Why do criminals use browser hijackers?
Like other malware and scams, hijacked browsers can bring in a good chunk of money for the hacker. For example, one browser hijacker, CoolWebSearch, redirects your homepage to their search page and the search results go to links that the hijacker wants you to see. As you click on these links, the cybercriminal gets paid. They can also use information on your browsing habits to sell to third parties for marketing purposes.
Browser hijackers are annoying and sometimes they can be tough to get rid of. Here are some ways to prevent your browser from getting hijacked:
- Carefully read end user license agreement (EULA)documents when installing software. Often times, mentions of browser hijackware are hidden in the EULA, so when you accept the user agreements, you might be unknowingly accepting malware.
- Be cautious if you download software from free sites. As the old saying goes, free is not always free—you may be getting additional items with your free download.
- Keep your browser software up-to-date.
- Use comprehensive security software, like the McAfee LiveSafe™ service, to keep all your devices protected.
Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.Filed Under: hackers
Tags: Facebook privacy, facebook safety tips, facebook scam, kids online safety
Lock this guy up for good. That’s a most fitting motto for Brandon McIntyre, 22, who pretended he was “Katie Thompson” on Facebook and threatened to kill a girl’s family if she refused to go on trips with him.
This New Jersey nutcase made another ridiculous threat (ridiculous, because, how could he think that even young victims could take him seriously?) to a 12-year-old, telling her he was a cop who’d have her expelled from school and sent to state prison for failing to obey a police officer. The “order” was to send him explicit photos of herself.
Posing as a police officer, he even told a woman via texting he’d have her daughter taken away if she refused to go on a date with him. He could get 30 years in federal prison and fines totaling half a million dollars.
The next predator was a bit more convincing, using Facebook to talk a boy into ducking out of his home in the middle of the night to meet him. Adam Brown, 21, was caught by the victim’s mother. Brown got the boy’s confidence first by posting videos of himself and telling jokes. The boy’s mother worked nights and his grandmother watched him and his siblings.
One night she returned to find their dog acting strange; she discovered the boy wasn’t in his bed. She contacted him via cell and he said he was just out walking. She drove out and picked him up, took away his phone and computer, and demanded his passwords. She then gained access to the cyber dialogue between him and Brown. In the dialogue, Brown told the boy that the boy was cute. And the dialogue got worse. The boy actually met Brown, who had threatened suicide if he refused.
His mother told Brown, after contacting him, to cease contact with her son, but he contacted him again and made creepy comments.
- Get full access to your kids social accounts.
- Monitor their device activity without notice.
- Have in-depth detailed conversations about how predators lure kids.
- Read every news report about these issues and discuss with your kid.
- Turn off all wireless and wired internet at night so kids can’t have access.
Tags: cybercrime, cybersafety, email and web security, intel, internet security, malware, mobile security, online safety, protecting kids online, social networking
The recent celebrity photo hacks are an unfortunate reminder of how devastating or embarrassing it can be to have your data compromised. But celebrities are not the only ones getting hacked. Cybercriminals aren’t choosy—they’ll send malicious texts, emails, and website links to Jennifer Lawrence and your grandma. And while the celebrity hacks are more publicized, the fact is, every day, hundreds of ordinary people are falling prey to phishing scams.
So how can you protect yourself from these cybercriminals? The best defense is actually you.
Many of these scams involve a similar thing—the click. So if you learn how to click wisely, 95% of cybercrime techniques—including phishing, bad URLs, fake text messages, infected pdfs, and more—are eliminated.
And that’s the idea behind Intel Security’s new campaign, #ClickSmart. Intel Security wants to empower you with the skills and sense to avoid those dastardly scams.
Here are some tips to get you started
- Check URLs for misspellings or interesting suffixes. For example, if you see www.faceboook.ru, don’t click it.
- Only open texts and emails from people you know. But even if you do know the sender, be wary for any suspicious subject lines or links. Hackers can try to lure you through your friends and family.
- Beware of emails, texts, and search results offering anything for free. If it sounds too good to be true, then it probably isn’t true.
Are you ready to take the #ClickSmart challenge? If so, go to digitalsecurity.intel.com/clicksmart and see if you’re a Click head or a Click wizard.
To learn more on how to #ClickSmart, join @IntelSecurity, @McAfeeConsumer, @cyber, @GetCyberSafe, @STOPTHNKCONNECT for Twitter chat on October 14th at 12 PM PT. Use #ChatSTC to join in on the conversation. Click here for more information.
Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.Filed Under: cyber crime
Hacking isn’t just about weak passwords and single-factor authentication. A lot of it occurs because people can be so easily tricked into giving up personal information: the craft of social engineering. Example: “Download this video of Kim K fully naked!” How many men would be lured into clicking this gateway to a viral infection? We are a sad species.
The victim isn’t always a goofball like this. They can be a tech support agent tricked into resetting a password and handing it over. Often, the victims don’t even know they were targeted until well after the fact, if ever.
- Just say no—to giving out personal information. Social engineering can occur over the phone: someone pretending to be your bank, asking for your private information. Always contact any institution for verification they want your private data before blindly giving it out.
- Be scrupulous with security questions. Don’t answer ones that a hacker can easily get the answer to, such as “City you were born.” Choose the most obscure questions from the list. If all seem rather basic, though, then give answers that make no sense, such as “Planet Neptune” for the city you were born in. If you fear being unable to remember these answers, put the answers in an encrypted file or password manager.
- Do you get e-mails about password resets? Be careful. Contact the service provider to see if the e-mail is legitimate.
- You’ve probably heard this before, but here it is again: Never use the same password for multiple accounts! In the same vein, don’t use the same security questions, even though the list of security questions from one service provider to the next is usually the same list of questions. Do your best to use as much of a variety of questions as possible, and don’t forget, you can always give crazy answers to the same question for different accounts.
- Keep an eye on your accounts and their activity. Account providers such as Gmail have dashboards that show where you’re logged in and what tools or apps are connected. This includes financial and social media accounts.
- Beware of emails coming from anyone, for any reason that require you to click links for any reason. Social engineering via email is one of the true successful ways to con someone. Just be ridiculously aware.
A chain is only as strong as its weakest link. This common phrase can be applied to almost anything. In the security industry we call this a “vulnerability” or the “path of least resistance”. In your home, in regards to home security, this weak link is often your front or back door. If you take a close look at your existing door and frame, you will see the door jamb, where the lock and deadbolt enter, is made of half inch to three quarter inch pine wood in most residential doors. And if you’ve even seen 10 year olds in karate class demonstrate chopping three quarter pine with their bare hands, then you know how vulnerable this jamb is if a 200 pound man either kicks your door or shoulders it.
Door reinforcement products were created to due to necessity because an overwhelming number of home burglaries and invasions happen because of that weak link (door jamb) in your door. There are a few variations of door reinforcement technology and here we discuss “door frame reinforcement”. Typically made of steel, this device can be up to four feet long and is installed on the door jamb center, over the existing strike plates. Braces come in different styles.
When I bought my existing home, I knew right away I needed to reinforce my doors. I did some searching online and found the “Door Devil”. After installing, I reached out to the engineers who created this simple but effective device and here’s what they had to say:
So, what is the “Door Devil Kit?” It’s doorway reinforcement component device.
Who needs the DDK?
A deadbolt is held in place by less than one measly inch of soft wood in most American doorframes. Just about any determined hoodlum could kick through it.
Explain the origins of the Door Devil.
There was a rash of burglaries several years ago, even though most of the houses had alarm systems. But the intruders were gone before the cops arrived—kick down the door, ransack, then flee.
The solution was to reinforce the doors, which could be done with two metal strips attached to the doorframe. But just several weeks later, a burglar kicked down one of these doors. We had the right idea but the wrong application.
Okay then, what about Spiderman who can scale a house and get in through a window?
A very determined thief may find a way into one’s house no matter what. But kicking a door is very common because crooks know that a window alarm will immediately go off. Plus, they know neighbors could hear a window shattering. A burglar may also avoid windows due to the threat of broken glass.
I have a gun and I won’t hesitate to use it.
What if you’re not home? And if you’re home…can you get to your gun before the intruder could get his hands around your throat? And if you can fight back, what if he’s in and out before you can get to him, like, say…you’re in the bathroom when he busts in?
Got it. How well does the Door Devil work?
It’s fabulous. Though there are two verified instances in which cops used a ram to dismantle a door after several attempts. But the doorframe and hardware remained intact, thanks to the Door Devil.
Does the Door Devil replace a monitored alarm system?
Never. The Door Devil is one more layer of protection. Alarm systems go a long way at preventing burglaries, but homes with alarms do get targeted. After all, a burglar has a little time to disarm the alarm, but few intruders are skilled at and not intimidated by this. Sometimes the thief doesn’t consider the possibility of an alarm. Sometimes the intruder doesn’t care if there’s an alarm and just wants money for his next drug fix. But a smarter, more experienced burglar knows that a house with an alarm probably has more valuables. So as you can see, the alarm isn’t the be-all end-all. You need layers.
Who should get a Door Devil?
Really, anyone who is aware enough that well over a million home are broken into every year, most resulting is financial and sentimental losses, and others in tragic deaths. Remember, we are all about layers. Alarms, window locks and films to beef up windows, cameras, dogs, signage and door reinforcement. For $60 to $80, the Door Devil is great for those who can’t afford an alarm system too. It’s also perfect for damaged doorframes, and of course, for doors that can be kicked through. It can be installed in 30-45 minutes on a typical U.S. doorframe—a 98 percent chance of fitting.
Otherwise, the product can be recessed. To find out, pinch two dimes together. That’s the thickness of the Door Devil. It just makes so much sense to add this to a home that’s already got an alarm system. I mean, how many burglars enter through the chimney, and I already explained why most don’t choose windows.Filed Under: home security
Tags: credit card, credit card breach, Credit card fraud, credit card security
Imagine being overseas, and in the process of using your credit card to make a purchase—and it’s declined—and you have no currency or checkbook. Nightmare.
The decline could be to prevent fraudulent use; perhaps it was recently reported lost, but then found or the country you are in is known for fraud. To clear this up, you must call the card company and tell them that the purchase you want to make is legitimate.
Realize that the card issuer cannot allow more transactions until they verify that the attempted charge is valid.
Prior to travel as well as during, there are things you should do to minimize the problem of declined charges.
- Make sure your cell phone is set up for international use so you don’t miss a call from your card issuer.
- Make sure all your cards are signed.
- Before leaving, notify your card company that you’ll be traveling overseas; this way they can monitor your transactions.
- Before leaving, make sure your debit and gift cards are authorized for international use with merchants and ATMs.
- Bring with you the phone numbers for all of your cards. This includes non-800 numbers.
- Make sure you know whether or not your cards come with a foreign transaction fee.
- Have all the card numbers documented.
- Get a chip-and-pin card from your card company and bank. Chip and PIN is most prevalent outside the USA.
- See to it that your card won’t be overdrawn while you’re traveling. Consider any auto drafts that can inflate the balance.
- Have your PIN memorized.
- If you plan on cash advances from an ATM, makes sure to have a PIN enabled for your card.
- Don’t have the card company contact you by SMS text messaging if you don’t have an international data plan. Or just get a data plan. Make sure the company has a working cell phone number and e-mail address.
- Enable the feature, in your account settings, that yields an alert (e-mail or text) every time you pay with the card.
- Install your bank or credit card companies mobile app to alert you of any approval issues or potential fraud
- Don’t let a service person, like at a restaurant, leave your table with your card to swipe it. Go with them if needed. This may not always be possible.
- Always review your receipts against your card statements to make sure there are no duplicate charges.
- Check your accounts online when you travel to reconcile all account activity. Do this from a device you have control over opposed to a hotel or business center PC.
- If your billing ZIP code is required, make sure you carefully punch it into the keypad. If more than one invalid entry is made, the card can be disabled.
- If someone calls and tells you that your card has been suspended due to fraud, and they ask for your credit card number, address or SSN, consider this a scam. The card issuer will not likely want personal information, and instead will want you to confirm past transactions.
- Whenever using free public WiFi have Hotspot Shield installed on your wireless device to prevent data snooping and encrypt your wireless data.
- A fraud-hold on your card cannot be cleared until you contact the card company or bank to straighten things out. Make sure you know what the phone dialing patterns are for the country you plan on visiting—before you embark on the travel.
Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.Filed Under: Credit Cards
- If you must bring a laptop, use it as a shell to access data remotely. Leave private information behind. If this is not possible, bring it with you in the form of an encrypted memory stick or have it stored online to download later.
- Always use comprehensive security software whenever connecting online.
- If you anticipate bringing your laptop or other devices along, have an IT expert install on it disk encryption software. Better yet, have the whole hard drive encrypted: This would be worthless in the hands of a thief.
- Install a VPN: virtual private network. The VPN will allow you to get onto websites that are blocked in some foreign countries like China. A VPN will also protect data as it’s transmitted through the air, scrambling it so that hackers can’t understand it.
- Use multiple layers of protection. For example, if your device has the capability, use a fingerprint scanner to verify the user’s identity in addition to password protecting your device. Any combination of these features might be built into the hardware, software or available as a peripheral.
- To prevent visual hacking (people spying on what you’re doing on your computer), use a privacy screen. 3M makes a great one. And be careful where you choose to work on your computer. Don’t have your back facing the open where someone can easily peer over your shoulder or even record what’s on your screen from a distance.
- Never leave your devices in a hotel room or unattended while you head off to the restroom or take a break from a conference meeting. Just suck it up and take it with you.
If a loved-one has gone missing, the first thing you should do is call the police. That sounds obvious, but how many times have you read about parents or spouses who delayed calling the police (even though they weren’t involved in the abduction)?
- A myth is that there’s a waiting period before the police will take the report seriously. If your 14-year-old has been missing for two hours, call the police. Don’t wait 24 hours.
- Call the police daily. You should have the officer’s name who took the case; repeatedly contact that officer. The squeaky wheel finds the missing.
- In the case of an adult, check the missing person’s last known address—with permission—to look for clues: notes, belongings, mobile phone, wallet, signs of a struggle, blood, something left cooking, running water, etc.
- Contact the person’s family, friends and other contacts. Were there any fights? Talk to coworkers and bosses. Find out if there were any financial problems or signs of depression.
- Check with hospitals, medical examiners and coroners. Ask for the individual by name. Also ask if there’s any unidentified patients who fit the description of the missing person.
- Check social media; there may be a cyber trail.
- If a child is missing, contact the National Center for Missing & Exploited Children.
- Contact NamUs (National Missing and Unidentified Persons System); here you can upload information about the missing individual.
- Put up fliers. This is very effective for increasing awareness. There have been numerous cases in which the missing person called to have the fliers taken down. Post the fliers where the missing person goes often, and use a photo of the person smiling to evoke more community sympathy.
- Contact the media. This can put the heat on the police to get the case solved. Contact TV stations, newspapers and the websites of media and launch a mission.
- Hire a private investigator. Rates range from $50 to $150 an hour. Shop around good for one, preferably one with a solid record of successful cases.
- Never give up hope or action. Also get involved with support groups.