A phishing e-mail is sent by a cyberthief to trick its recipient into revealing sensitive information so that the crook could steal money from the recipient or gain access to a business’s classified information. One way to lure an employee is for the crook to make the e-mail appear like it was sent by the company’s CEO. Often, phishing e-mails have urgent subject lines like “Your Chase Bank Balance Is Negative.”
Why do so many employees (and mainstream users) fail to recognize a phishing e-mail? Strong security awareness training at companies is lacking. Perhaps the company simply tosses a few hardcopy instructions to employees. Perching them before videos isn’t enough, either.
Security awareness training needs to also include staged phishing attacks to see which employees grab the bait and why they did so. With a simulated phishing attack approach, employees will have a much better chance of retaining anything they’ve learned. It’s like teaching a kid to hit a homerun; they won’t learn much if all they do is read instructions and watch videos. They need to swing at balls coming at them.
The return on investment from staged phishing attacks will more than offset the cost of this extra training. Living the experience has proven to be a far more effective teacher than merely reading about it or listening to a lecture. As straightforward as this sounds, this approach is not the rule in companies; it’s the exception.
Even rarer is when phishing simulation is ongoing rather than just an annual or semiannual course. But just because it’s rare doesn’t mean it’s not that effective. Companies tend to cut corners any way they can, and foregoing the phishing simulations is often at the top of the list of investments to nickel-and-dime.
If you want to see how gullible your employees (or family and friends) are to phishing e-mails, which again, are geared towards tricking the recipients to click on a malicious link or attachment, pay a visit to Phish.io.
Here you can register, and this free service will send phishing e-mails to your specified recipients. However, these are harmless tests and will not lead to anything negative—other than to reveal who can be duped.Filed Under: Phishing
The Internet has almost as many videos as there are stars in the heavens. And you know that some have to be hoaxes. Sometimes it’s obvious, while other times it’s easy to be fooled. For example, the hoax of the “angel” intercepting a truck just about to run over a bicyclist is obviously fake. Isn’t it?
But what about the video of the man cut in half by a bus while riding a bicycle, lying on the ground, staring at his intestines, talking for a full five minutes, while his pelvis and legs lie catty-corner to him? That video looks eerily real.
And so did the enormously viral one of the Syrian refugees holding the ISIS flags and assaulting German police officers.
There are free, non-techy ways to check if a video or image is a fake, from an article at gizmodo.com:
Simply right-click an image, and a selection box will appear. Click “Search Google for this image.” Different sources for the same image will appear, but this won’t necessarily rule out a hoax.
For example, multiple links to the man cut in half appear, and the dates of postings differ, but there’s no way to rule out a hoax based on just this information.
However, suppose there’s a photo of a female ghost crashing a funeral photo. A reverse image search shows that ghost’s face as identical to the image of a mommy blogger on her blog; it’s safe to assume the ghost image is a hoax (aren’t they all?).
Go to YouTube DataViewer. Plug in the suspect video’s URL. Any associated thumbnail image plus upload time will be extracted. You now can find the earliest upload and see if anything is suspicious. Alongside that you can do a reverse image on the thumbnails and see what you get.
FotoForensics can detect photoshopping or digital manipulation. If you want to pursue a video, you’ll need to plug in the URL of a still shot, like the ones you see after a video has ended that clutter up the video space. FotoForensics uses a tool called ELA, and you’ll have to do some reading on it before understanding how it works.
WolframAlpha can look at weather conditions at a certain time and location, such as “weather in Davie, Florida at (time) and (date). So if the weather in a suspect image with a date and location doesn’t match what Wolfram turns up, consider it a fake.
Jeffrey’s Exif Viewer
Images taken with smartphones and digital cameras contain tons of data called EXIF, including date, time and location of image shoot. See if the date, time and location don’t jive with what the suspect image conveys. Jeffrey’s Exif Viewer is one such EXIF reader.
So, did your ex really take a trip to Paris, as she stands there with the Eiffel Tower behind her? And is her new beau for real, or was he “shopped” in off of a male fitness model site?Filed Under: online safety online security
With Cyber Monday, you don’t have to camp outside in the cold overnight so you can be the first person busting through the doors like on Black Friday. But you still may get trampled to a pulpby cyber scammers waiting for their prey.
- You know that old mantra: If it’s too good to be true, it probably is. Be highly suspicious of outrageously great deals, and also assume that e-mails that link to unbelievable savings are scams. You may think it won’t hurt to just “check it out,” but consider the possibility that simply clicking on the link will download a virus to your computer.
- Back up your data. Shopping online means it’s inevitable that you’ll stumble upon an infected website designed to inject malicious code into your computer or phone. “Ransomware” will hold your data hostage. Backing up your data in the cloud to Carbonite protects you from having to pay the “ransom.”
- Say “No” to debit cards. At least if you purchase with a credit card, and the sale turns out to be fraudulent, the credit card company will likely reimburse you. Try getting your money back from a scam with a debit card purchase. Good luck.
- If you’re leery about using a credit card online, see if the issuer offers a one-time use credit card. If someone steals this one-time number, it’s worthless for a second purchase.
- Make sure you understand the online merchant’s shipping options.
- When completing the purchase, if the merchant wants you to fill in information that makes you think, “Now why do they need to know that?” this is a red flag. See if you can purchase the item from a reputable merchant.
- Never shop online using public Wi-Fi such as at a hotel, coffee house or airport.
If the retailer’s URL begins with “https” and has a padlock symbol before that, this means the site uses encryption (it’s secure). If it doesn’t, don’t buy from that merchant if the product is something you can buy from a secure site. Of course, I don’t expect, for instance, Veronikka’s Death by Chocolate Homemade Cookies to have an encrypted site, but if you’re looking for more common merchandise, go with the big-name retailers.Filed Under: cyber crime cybersecurity
What do you really know about water storage? Below you’ll find information that you probably never even thought of before, or information that contradicts what you’ve always believed to be correct.
Storage barrels. These can remain on cellar or basement cement that’s not heated. Cooler cement will not transfer toxins into the barrels. However, garage cement will get heated by the driveway, so in that case, place barrels on floor boards. In addition, some of your water should be stored in portable bottles for easier handling.
Reusing bottles. Filling old juice and soda bottles with water is fine as long as the plastic is rated “PET” or “PETE.” Don’t use milk jugs. If you’re still concerned about leached plastic chemicals, treat the water at the time of consumption, not before you store it.
Boiling (212 degrees). A full boil is not necessary to kill bacteria; heating at 160 degrees for 30 minutes, or 185 degrees for three minutes, will burn less fuel than boiling for the popular 10 minutes.
Pool water. The FDA says pool water is safe to drink up to 4 PPM of chlorine.
Nearby river. Make sure you have iodine tablets ready. Keep in mind during a water shortage, the river will be bedlam, what with everyone else going for it.
Amount stored. Don’t just store a month’s worth. A disaster could cause a year-long or even several-year water shortage.
How much water does one person need? One gallon a day. But this includes for hygiene and cooking, and unforeseen medical needs.
Food vs. water. Though food has calories and water has zero, water is much more important to the body. A few days without any water and you’ll be dragging yourself on the ground, whereas a few days without food, but with plenty of water, and you’ll still be in good shape. And sports drinks and soda do not replace water.
Taste. Stored water will taste bad because it’s been without oxygen. Before drinking, pour it back and forth between two glasses to replenish oxygen.Filed Under: home security home security ideas
This application for your mobile device will change things in a huge way:
- Locks down smartphones with a finger-based biometric password
- Multi-factor authentication all-in-one
- It’s called BioTect-ID
Layers of protecting your online accounts have historically involved the password, a PIN, security questions or combinations of these which isn’t that secure. However getting into your devices requires even less – a single password, connecting dots with your finger or nothing at all. Some devices can be accessed with stronger security using your fingerprint or in some cases a combination of biometrics like face scan, voice or fingerprints.
Now you may be convinced that a physical biometric, such as your fingerprint, palm pattern or face scan are so unique that they’re impossible to hack, but guess what: These are all hackable. In fact, a cyber crook could steal, for instance, your face or fingerprint image—for all time—and then what? You’re out of luck.
So why have that possibility looming over you? Why not eliminate it with the BioTect-ID app? You have only one voice, one fingerprint, one palm, etc., but fingering in a hand written password means you can change the gesture biometric or the “drawing” of the password any time—because this is a behavior, not a static physical characteristic. Nobody can steal your gesture, not even your identical twin.
BioTect-ID is also very privacy-conscious because there is nothing invasive about recording a gesture.
The choice of which biometric to use becomes a very important consideration. The Internet of Things (IOS) will see our devices increase in value as they control our home access, record our health scores and process/retain many other aspects of our personal lives. The use of biometrics will increase dramatically to protect our privacy and security. But you want to choose carefully. Remember your unchanging physical body information will be hugely attractive to thieves who can steal your identity or use it for other purposes. But you can’t steal the BioTect-ID information.
Here’s how the BioTect-ID multi-factor authentication works.
- With your mouse or finger, create a four-character password.
- BioTect-ID “learns” your unique finger/hand movements as you do this.
- To access your mobile phone, you “draw” your password into the BioTect-ID application.
- If you are the registered owner, you get access — with bad guys out of luck.
BioTect-ID even solves the big problem of physical data being irreplaceable because it is a gesture biometric also known as a “dynamic” biometric, rather than something like a fingerprint or facial recognition.
This is such exciting news from Biometric Signature ID that we just have to run through it again:
- The first biometric app that does not require invasive information about a body part like your eyes.
- The only privacy-conscious biometric security app in existence.
- Passwords cannot be stolen, not even borrowed, and of course, can’t be lost.
- Just draw your password with your finger, stylus or mouse, and this gesture will be captured.
- Only this gesture will unlock (and lock) your smartphone, and it takes only seconds.
- Easily reset your password at will.
- The strongest identity authentication on the planet.
Don’t wait about getting this kind of protection, because biometrics is increasingly becoming a part of modern day life.
The final frontier of privacy is your body, and by continuing to rely upon body-part biometrics, you keep that door open enough for a hacker to copy and, essentially, retain a part of your body. There goes your privacy, to say the least.
The gesture-based, multi-factor authentication is poised to change the future of cyber protection. But not before this technology gets adequate awareness and support. We need to get this groundbreaking technology out there into the minds of Internet users.
Here is how you’ll benefit with the BioTect-ID:
- Peace of mind, knowing that even the most brilliant hacker will never be able to duplicate or steal your gesture.
- Elimination of having to keep body-part details in files
- Keeping your privacy and security safe from being exposed against your control
- Being the first to benefit from this cutting-edge security technology
You can actually receive early edition copies of the app for reduced prices and get insider information if you become a backer on Kickstarter for a couple of bucks. Go to www.biosig-id.com to do this.Filed Under: biometric Password Manager passwords
A bug bounty refers to the reward a bad-guy hacker gets upon discovering a vulnerability, weakness or flaw in a company’s system.
But whom better to ask than a burglar, right? Same with a company’s computer systems: The best expert may be the black hat or better, white hat hacker.
An article at bits.blogs.nytimes.com says that Facebook, Google, Microsoft, Dropbox, PayPal and Yahoo are on the roster of companies that are offering hackers bounties for finding “bugs” in their systems.
A “zero day bug” refers to an undiscovered flaw or security hole. Cybercriminals want to know what these zero day bugs are, to exploit for eventual hacking attempts. There is a bustling black market for these non-identified bugs.
Compounding the issue is that it is becoming easier for Joe Hacker to acquire the skills to infiltrate—skills that common hackers never would have had just a few years ago, and especially a decade ago. So you can see how important it is for businesses to hire the best at finding these bugs and rewarding them handsomely.
So yes, hackers are being paid to report bugs. The bits.blogs.nytimes.com article says that Facebook and Microsoft even sponsor an Internet Bug Bounty program. Such a program should have been started long ago, but it took some overlooked bugs to motivate these technology companies to offer the bounties.
Heartbleed is an example. Remember that? It was a programming code mistake that affected certain SSL certificates—which help protect users on a secure website. As a result, over a dozen major tech companies began an initiative to, as the bits.blogs.nytimes.com article says, “pay for security audits in widely used open-source software.”
So as clever as bug bounties sound, it shouldn’t be regarded as the be-all end-all solution. How about an incentive to get developers to implement secure, mistake-free coding practices? Well, companies are trying. And they keep trying. But with humans behind the technology, there will always be mistakes.Filed Under: hackers
There should be more TV commercials for preventing identity theft—it’s nearly epidemic. But also epidemic is the lack of identity security that people have when traveling. Here are some ways to avoid having your identity stolen while traveling:
- Prior to leaving for your trip, clean out your purse and wallet. Figure out what you really need for the trip, then bring only those items.
- Contact the post office to put your mail on vacation hold.
- Get a home-screen-locking password for your smartphone.
- Equip your computer devices with encryption software.
- Your smartphone should have lock/locate/wipe software.
- Bring your driver’s license with you even if you don’t plan on driving anywhere, for ID; don’t rely on your passport alone. The driver’s license and international ID should have online backups made.
- When using public Wi-Fi (even in your hometown), use only WEP, WPA and WPA2 networks, and visit only the sites that have the padlock symbol and “https” before their URLs. That’s how you know they are secure.
- Arrange to have enough cash with you to make the majority (if not all) of your travel purchases. Avoid using a debit card because if it gets compromised, you won’t be able to get reimbursed.
- Back up your data prior to leaving and every day when away. Prior to your trip and during, make sure to have local and cloud backup set up on your devices. Cloud backup such as Carbonite will update your data based on custom settings as frequently as you require.
- Even if you have encryption software, avoid financial transactions when using the hotel’s computer. The person using it after you could be a skilled cyber thief, or the person before you could have plugged a keylogger into the computer.
- Avoid isolated ATM kiosks. Use those only inside a bank. Shield your fingers when using the keypad. Promptly destroy the receipts.
- Never give private information over the phone to hotel staff. The “staff” could be a thief posing as an employee. When personal information is involved, always deal face to face at the front desk.
- Any documents or paperwork with private information should be locked inside your hotel room’s safe at all times unless in use.
- Give your phone number out only to service personnel who absolutely need it.
- Have your credit put on freeze status (unless you plan on applying for a loan very soon).
- Get ID theft protection.
- Review your credit card statements monthly and look for unexpected charges.
After receiving medical treatment, many people never look over the paperwork (save for bill total) and just shove it into some folder in a file cabinet. But medical identity theft is very much out there; know the signs:
- You’re denied coverage because you allegedly have a condition you were never diagnosed with.
- A collection agency is hounding you about unpaid medical bills you never had.
- Your credit report shows medical collection notices.
- The bill is for treatment you didn’t receive.
- Your health care provider says you’ve reached your coverage limit.
Thieves steal identities to use the victim’s medical coverage, and this could prove life threatening to the victim depending on the victim’s health status. This is why you should keep records for all medical visits and treatments. Read everything carefully as though you’re searching for mistakes or mis-matched information. Keep records of all associated phone calls and e-mails.
But remember this: You always have a right to all of your records, so don’t let any resistance from the carrier make you give up.
- If you run into problems getting any records, learn about your state’s health privacy laws.
- Obtaining copies may require a fee.
- Request a copy of “accounting of disclosures.” This tells who has ever received copies of your medical records, and when and why.
- Look for mistakes and request corrections from the provider via certified mail.
- If someone has stolen your medical identity, the provider may not want to turn over the records to you. Check the provider’s Notice of Privacy Practices and appeal to the contact person listed there.
- With all that said, you should get the records within 30 days. If not, report this to the U.S. Department of Health and Human Services Office for Civil Rights.
Medical identity theft can result in you not receiving coverage for major treatment. Here are tips from vitals.lifehacker.com for prevention of this crime:
- Never reveal your Medicare number to anybody in public, even if it’s a person inside a medical clinic lobby approaching you and offering a free service for Medicare users.
- Never give your Medicare number over the phone. No exceptions, even if the caller is claiming to be from Medicare.
- Check all medical bills for any odd charges, duplicate charges or errors.
- If a charge appears unauthorized, promptly report it to the provider. If that doesn’t help, escalate it to Medicare if you’re on Medicare.
- Contact the Federal Trade Commission if you suspect medical identity theft.
Every time you have a medical procedure done, including routine checkups and treatment for minor issues, paperwork is generated. You should have copies of every single paper. This is one line of defense against medical identity theft.
- Being billed for treatment or diagnostics you never received.
- Being told you’ve maxed out your coverage limit when you haven’t.
- A collection agency claiming you owe a debt that you don’t owe.
- Being denied coverage for a “pre-existing” condition that you don’t have.
- Paperwork showing you saw a doctor you never did or were prescribed a drug you never were is a red flag.
- An e-mail from your provider that requests you reveal sensitive information like your Medicare number is a big red flag. The subject line may be urgent, such as “Your Medical Coverage May Be Terminated.” Never click links inside these e-mails or fill out forms in them; instead contact your provider via phone. However, e-mails like these are scams; the thief knows if he sends 50,000 such e-mails out with his special software, a predictable percentage of recipients will “see” themselves in the message.
- A one-ring phone call may be a thief who just obtained your medical records to see if your number is legitimate. Never call back.
- If you suspect medical identity theft, keep strict records of all associated correspondence.
- Immediately obtain all records if you already haven’t, including the “accounting of disclosures”; you have this legal right, even if you get flack from the provider. Contact the provider’s patient representative or ombudsman for assistance.
- If you spot mistakes, even small, insist they be corrected.
Nevertheless, it’s usually not easy to detect medical ID theft. So let’s look at this in more detail:
- If a collection agency contacts you, request they provide information immediately; promptly contact your provider and carrier.
- Examine your credit report to see if it’s plummeted due to unpaid medical bills. The three major credit reporting agencies issue the reports free.
- If your provider offers online access to your files, sign up for this service, then inspect it for mistakes.
- Request records of imaging procedures.
- If no online access is available, have your doctor read the results or send a snail mail copy.
It’s about time: a biometric for your smartphone that will change the way you think about biometric security.
This revolutionary biometric comes from Biometric Signature ID and it’s called BioTect-ID, and though it’s a biometric, it does not involve any so-called invasiveness of collecting body part information. The world’s first biometric password involves multi-factor authentication and just your finger—but not prints!
All you need to make this technology work to lock down your mobile device is a four-character password. But you can also draw a symbol like a star, leaf, a shining sun or smiley face as your password.
So suppose your password is PTy5 or a star. And suppose the wrong person learns this. In order for that person to get into your locked phone, they will have to literally move their finger exactly as you did to draw the “PTy5” or the star. This will be impossible.
BioTect-ID’s technology captures your finger’s movements, its gestures, and this biometric can’t be stolen or replicated.
BioTect-ID doesn’t stop there, however. The finger gesture biometric is only one component of the overall security. You’ve probably heard of “two-factor” authentication. This is when, in addition to typing in your password or answering a security question, you receive a text, phone call or e-mail showing a one-time numerical security code. You use that code to gain access. But this system can be circumvented by hackers.
And the traditional biometrics such as fingerprints and voice recognition can actually be stolen and copied. So if, say, your fingerprint is obtained and replicated by a cyber thief…how do you replace that? A different finger? What if eventually, the prints of all fingers are stolen? Then what? Or how do you replace your voice or face biometrics?
Biometrics are strong security because they work. But they have that downside. It’s pretty scary.
BioTect-ID solves this problem because you can replace your password with a new password, providing a new finger gesture to capture, courtesy of the patented software BioSig-ID™. Your finger movement, when drawing the password, involves:
- And more, including if you write your password backwards or outside the gridlines.
Encryption software stores these unique-to-you features.
Now, you might be wondering how the user can replicate their own drawing on subsequent password entries. The user does not need to struggle to replicate the exact appearance of the password, such as the loop on the capital L. Dynamic biometrics captures the user’s movement pattern.
So even though the loop in the L on the next password entry is a bit smaller or longer than the preceding one, the movement or gesture will match up with the one used during the enrollment. Thus, if a crook seemingly duplicates your L loop and other characters as far as appearance, his gestures will not match yours—and he won’t be able to unlock the phone.
In fact, the Tolly Group ran a test. Subjects were given the passwords. None of the 10,000 login attempts replicated the original user’s finger movements. Just because two passwords look drawn the same doesn’t mean they were created with identical finger gestures. Your unique gesture comes automatically without thinking—kind of like the way you walk or talk. The Tolly test’s accuracy was 99.97 percent.
Now doesn’t this all sound much more appealing than the possibility that some POS out there will steal your palm print—something you cannot replace?
Let’s get BioTect-ID’s technology out there so everyone knows about this groundbreaking advance in security. Here is what you’ll achieve:
- You’ll be the first to benefit from this hack-proof technology
- You’ll have peace of mind like you’ve never had before
- Eliminated possible exposure of your body parts data kept in files
You can actually receive early edition copies of the app for reduced prices and get insider information if you become a backer on Kickstarter for a couple of bucks. Go to www.biosig-id.com to do this.Filed Under: biometric passwords