April 1st, 2015
Jackie here. When you want quick and easy… buy a kit. We use kits for making salads, DIY crafts, etc. Scammers use kits for something much more sinister… stealing your information. Phishing kits are an inexpensive way for thieves to launch information stealing campaigns. Let’s take a look at what phishing kits are and how you can protect yourself from phishing attacks.
What Are Phishing Kits?
Phishing kits enable scammers to quickly and easily steal your information. Little technical knowledge or expertise is needed when using a kit. Scammers simply buy the kit (sometimes for as little as $2) and install it, no programming needed. This allows thieves to jump in and start stealing information quickly. Unfortunately for those of us that aren’t thieves, phishing kits are bad news because they make the process of stealing information much simpler.
Phishing kits are often loaded on to legitimate blogs and websites when hackers compromise these sites. This makes having up to date anti-virus software even more important because you don’t have to be visiting dodgy websites to be at risk.
How Do They Work?
Phishing kits can snatch your login information when you visit websites. It might look just like the login page for your bank, but it might not be. When you enter your username and password, the phishing kit gathers the information and sends it back to the scammer. Sometimes you’ll even be successfully logged into the site (using a trick where scammers input the information for you on the legitimate site) to keep you from realizing you’ve been compromised.
How Can I Protect Myself?
Protecting yourself from phishing kits requires diligence. While there isn’t a 100% guarantee you can protect your computer, here are a few tips that can reduce your risk:
Be Cautious with Links- Stop and think before you click that link. Hovering over a link to see where it is headed it always a good idea.
Watch for Bad Grammar- If you notice blatantly bad grammar in an email, send it to the trash. Scammers often use bad spelling and grammar in their phishing emails. Phishing is getting more sophisticated these days, so watch for strange requests for personal information in unsolicited emails.
Update Your Computer- Make sure your anti-virus software is up to date. Also update your various software programs. Thieves often exploit vulnerabilities in programs, which software updates may correct.
Check the Reputation- You can check the reputation of a site before you visit. This reputation checker from Norton is one tool that can help.
Try an Incorrect Password- If you’re unsure whether a login page is legitimate, try the wrong password first. Often, phishing pages won’t return an error message.
Phishing kits are scary business, but if you follow smart browsing principles, you can do a lot to protect yourself.
March 22nd, 2015
Jackie here. Do you have a Lenovo device? Recent reports indicate that the company has been shipping devices pre-installed with a type of malware known as “Superfish”. What do you need to know to protect your privacy?
What is Superfish?
Superfish is a type of malware that comes pre-installed on some Lenovo devices. When you hear malware, you might think scammers and ID theft. This malware is different. It monitors your internet usage and inserts ads into your searches. At the very least it’s a pesky privacy violation, but some security experts worry that thieves could potentially use it to steal your information. It can also interfere with security certificates on secure sites making it risky to connect to online banking.
To find out if your computer is loaded with Superfish, head to this website and wait a few seconds. The website will perform a quick check and let you know if Superfish is operating on your device.
What Can You Do About Superfish?
If you do find Superfish on your computer, take action. Security experts have found ways to use Superfish to compromise computers and thieves probably have too. Amid public backlash Lenovo has released a way to uninstall the malware. Head to their support site and use the removal tools provided on your device.
March 19th, 2015
Jackie here. When you’ve got work to do on the go, nothing beats a laptop. Are you keeping yours safe? Proper care for your laptop is much more involved than just storing it in a padded case. Try these tips to boost your laptop security and keep your identity safe.
Treat It Like Cash- Would you leave a $100 bill on the table of your local coffee shop while you run to the counter for your order? Then don’t leave your laptop. OnGuardOnline recommends treating your laptop like cash. This will help keep your laptop out of the wrong hands.
Give It a Password- If your laptop doesn’t have a password, set one up today. A password is a great first line defense against prying eyes. Make sure you store your password in your mind, not on a paper inside of your laptop case. The same rule applies for passwords to bank accounts, email, and other sensitive websites.
Ditch the Laptop Case- A laptop doesn’t have to live in a laptop case. Storing it in other, more discreet cases may be a bit safer. Consider stowing your laptop in a small padded cover inside of a backpack instead of the traditional case.
Alarm It- If you use a laptop often, you may want to invest in a laptop alarm or lock. These can help you keep an eye on your laptop even when you have to momentarily look away.
Pay Attention- If your laptop is out, pay attention. Be aware of your surroundings. Thieves don’t have to physically take your laptop to capitalize on your information. Looking over your shoulder can yield usernames, passwords, account numbers, and more if you’re not watching.
Use Anti-Virus Software- Don’t connect to the internet without up to date anti-virus software. Since laptops aren’t always turned on (like a home computer) they can easily get behind in their updates. It’s a good idea to pull out your laptop and manually update software before a big trip out of town or some other occasion where you will be frequently connecting to public wi-fi.
Be Careful with Wi-Fi- It’s always safer to avoid entering personal information over a public Wi-Fi network. If you’re using your laptop out and about, you’ll need to have a plan to use Wi-Fi safely. These tips from Microsoft may help you as you create your plan.
Turn Off Your Wi-Fi Connection When Not In Use- Turn off your Wi-Fi connection when you aren’t using the internet.
Now that you’ve got some tips, try your hand at this fun laptop security game from the FTC and see how you do.
January 26th, 2015
Jackie here. Do you have a webcam? If you do, there’s one type of malware you need to be aware of: the Remote Access Trojan (RAT). RATs have been used to hack into webcams and spy on their users without their knowledge. It isn’t just celebrities and politicians that are at risk; everyday people have been victims of RAT spying using their webcams and the spying is becoming more common. Here’s what you need to know to protect yourself.
Remote Access Trojans (RATs) – What Are They?
Remote Access Trojans, also known as RATs, are a type of malware that allows for remote control of a device. This malware allows the perpetrator to access your computer files, to view your computer activities (and to obtain account information, passwords, etc.), to alter programs on your computer, and to spy on victims through their webcams (basically anything you can do, the perpetrator can access too). This type of malware is hard to catch as it doesn’t really change how your computer works and doesn’t typically show up in lists of running programs.
Webcam Spying- How Common is the Problem?
RATs are a common type of malware, but it is unknown exactly how prevalent they are since they aren’t easily discovered. Last year, hundreds were arrested for selling access to computers infected with RATs. A recent article on the problem from the Atlantic also mentions cases of school districts, computer stores, and others using RATs to spy on people without their knowledge.
RATs sound scary and they are, but luckily good computer practices can go a long way in protecting your device. If you follow the advice we share often here on the blog, you’ll likely be doing most of the
things on this list already. Here are some important ways to protect yourself from RATs.
Use Antivirus Software- Your computer should always be protected with an up to date antivirus program. Make sure you’re performing your regularly scheduled scans.
Install Your Updates- Updates to software programs might be annoying, but they often include security fixes. Automatic updates are a great way to make sure your computer is always up to date.
Be Careful with Attachments- Be extremely careful when downloading attachments even if they appear to be from someone you know. Legitimate accounts can be compromised, so if an email seems suspicious (even if it’s from someone you know) don’t open the attachment.
Avoid Illegal Downloads- Sites where you can download pirated movies, games, etc. are a big source of malware. Steer clear of illegal downloads.
Cover or Unplug Your Webcam- When you aren’t using your webcam, unplug it or cover it. This applies to both webcams that are part of your computer and those that clip on.
December 17th, 2014
Jackie here. Have you ever wondered how they figure out what problems malware causes or how to eliminate the problem once you’ve got it? I recently read an interesting article on the topic. It’s quite technical if you’re into the nuts and bolts of things and it provides a look into the hidden world of malware detection. Here are a few simplified points for those of us that don’t thrive on the overly technical, but if you do, check out the full article for all the details.
The Old Way- Deconstructing the Code to See What it Does
Back when computers were simpler and malware wasn’t so prevalent, malicious programs were often analyzed by hand. The coding language would be carefully examined to figure out what it did. Then the malicious program was run on a clean computer to test if the results were as expected.
Today things aren’t so simple. There are many different programming languages used, making it harder to take the code apart and analyze it. Additionally, there is so much more malware out there and new programs are designed every day. There’s simply too much to analyze malware using the old, manual method.
What Are They Doing Today?
Today they use a variety of methods for figuring what malware does so they can find it when it does infect your computer. Let’s take a look at a few:
Compare Before and After- One useful method runs malware on a device and then compares the “after” files with the “before”. Seeing how malware changed a device can help to determine what the malware is doing. This can often be tricky though as thousands of changes are made, some important and some not.
Virtual Computers- Often they’ll run malware on virtual computers, basically a software program that functions like a computer, to see how it functions. This works well most of the time, but not on some malware that functions differently in a virtual environment. This allows multiple malware programs to be run at once and keeps malware from shutting down a machine or hiding in inaccessible files. Virtual machines also speed up the process of finding malware since they can track changes and save analysts a lot of time.
The changes found can help to spot malware, rootkits, and other problems quickly, keeping your information and identity safer. Thieves are stepping up their game and looking for new ways to compromise computers, but it is comforting to know that computer security companies are too.
October 31st, 2014
Jackie here. Have you heard about the security risk in USB devices? A flaw in the firmware of the devices allows malicious code to hide right on the device and install on your computer when the USB is inserted. The scariest part is that this problem is almost undetectable except to IT professionals with reverse engineering skills. You can scan the device, delete the files, and think the USB is clean while malware hides in the background.
What Devices Have a Problem?
Most people assume that the USB devices in question are primarily thumb drives, the little USB memory sticks that can easily transport files, but this malicious software can hide on almost any device using a USB, including keyboards, smartphones with a USB connector (which is almost all of them), and many other devices.
What Can Happen to an Infected Computer?
If an infected USB device is plugged into a computer, hackers can potentially control the computer from afar and take control of the keyboard, replace software with corrupted versions, spy on communications, and even hijack your internet connection to funnel traffic to other sites. Once infected, your computer can transmit the bug to other USB devices.
What Can I Do?
If you’re suddenly afraid of every USB device on the planet, you can relax a bit. This problem is scary, but there are a few things you can do to protect yourself. Here are some tips:
Be Careful Where You Plug- Since hackers can use other computers to infect your USB devices, be careful when plugging in. Don’t connect your devices to unknown computers. Your best bet is to limit connecting your USB devices to your own personal computers so you know that your devices are clean. It might be convenient to charge your phone from a random computer, but pulling out the wall charger is much safer.
Get Your Devices from Reputable Sources- Buying your devices from a trusted source is another way to protect yourself. Buying used USB devices is potentially risky, but you’re probably safe buying them new from a reputable company.
Don’t Let Unknown Devices Connect with Your Computer- When someone has access to your USB ports, they have access to your computer. Limit the devices that you allow to connect with your computer to those you know. Remember, people don’t always know they have a problem since the flaw in USB devices allows malicious software to hide out of sight.
The Problem is in the Device- Malicious software can hide on USB devices so you don’t even know it is there. Deleting all the files on a thumb drive won’t fix the problem. Remember that even if you don’t see the problem, it could be there.
Until a solution to this problem is found, let’s all be a little more careful with our USB devices.
October 20th, 2014
Jackie here. Have you ever had questions about the legitimacy of a website? There’s an easy way to check things out. I recently discovered a website checking tool recommended by the Identity Theft Resource Center (ITRC). This tool allows you to check out your favorite sites to see which are safe and which are not. It is fun and free to use. Check it out!
Using the Website Checker
To check out websites on your own head to the Site Safety Center from Trend Micro. Enter the URL of the site in question in the box right below the words, “Is It Safe?” then click on “Check Now” to see the results.
Within seconds you should receive a report about the site in question. Websites are divided into four categories: safe, dangerous, suspicious, and untested. I ran a report on a few of my most used sites (including Facebook and Gmail); everything I checked came up safe. This could be a useful tool for checking new websites, especially if you’re a little concerned about them. When it comes to ID theft and online safety, it’s always best to be safe rather than sorry.
I found the checker to be very easy to use. Best of all, it doesn’t cost a dime. This is one tool that I’m definitely bookmarking for future use. While this tool doesn’t guarantee a site’s safety, it is a good starting point.
Have you tried the website safety checker? What do you think?
September 26th, 2014
Jenna here. This week was full of new developments in the world of data security and protection. We have two articles that discuss the recently discovered ‘Shellshock’ bug and how you can protect your home computer as well as an informative piece about a scam that’s making the rounds on eBay.
‘Shellshock’ Computer Bug May Be As Serious As ‘Heartbleed’ Vulnerability, Huffington Post
Safe from Shellshock: How to protect your home computer from the Bash shell bug, PC World
eBay scam listings redirect users to phishing websites, Slashgear
September 25th, 2014
Jackie here. Is your email inbox as cluttered as mine? To fight the backlog of unread messages, I’ll sometimes go through and unsubscribe from newsletters and promotional emails that I’m no longer interested in. Last week I read an interesting article about those unsubscribe links. While I’ll certainly continue to use the tool, I’ll surely use more caution when I click in the future. Here’s what I learned.
Unsubscribe Links Share More Information than You Might Intend- When you click unsubscribe you’re not just removing your name from a list. You are providing the sender of the email with some valuable information about your email address. You’re telling them that the email address is real and that it is used. If a spammer is the one sending you messages, this makes your email address much more valuable and may lead to more spammy emails coming your way.
You Might Be Sharing Information about Your Computer and Email Provider Too- Some spam emails require you to jump through special hoops so you’ll provide even more information about yourself. If you are asked to send an email with the word “Unsubscribe” you may be sharing information about the specific email provider you use. If you click on a link that leads to another website you may be telling the sender information about your computer, IP address, operating system, and internet browser.
There is a Risk of Malware- We’ve warned you about the danger of malicious links hidden in innocent looking emails. Unsubscribe links are the perfect place for scammers to hide these links and cause you to unknowingly install malware on your computer. Always think before you click!
Are All Unsubscribe Links Dangerous?
With those warnings out of the way, I want to remind you that all unsubscribe links aren’t dangerous. They can be a powerful tool for managing your inbox and controlling what you want and don’t want to see. A good rule of thumb is to use the unsubscribe links for emails that aren’t spammy (if you signed up for a particular newsletter and are just tired of receiving it for example), but to use caution if an email appears from an unknown source or from someone that you haven’t shared your contact details with. If you’re not sure, marking an email as spam is a good way to get rid of the email without exposing yourself to unsubscribe links that could be harmful.
September 17th, 2014
Jackie here. According to internet speculation, Google may soon start offering accounts to children under the age of 13. While this is exciting news for parents that are already setting up accounts for their young children, it does bring about a few identity and privacy concerns that parents should be aware of. Before your child signs up for an online account, they need to be aware of the potential threats that wait online. If Google does start offering these accounts (or when other similar companies inevitably do), here are some essentials to teach your kids before signing them up for their first solo account.
Ask Before You Share Personal Information
Phishing scams are a risk to all of us, but especially to children that may be unfamiliar with the tactics that scammers use. Teach your children to check with you before they click on links or share information online. As they become more confident in what is and is not appropriate to share, you can loosen these restrictions. This will not only protect your child from ID theft, but can help them avoid other pitfalls of oversharing online; once information is out there, you can’t ever get it back.
Does Your Child Know about ID Theft?
Although 7 or 8 may seem a bit young to start teaching about identity theft, this is a reality your kids need to understand before they have their own online accounts. Teach your children about ID theft and how to avoid it. StaySafeOnline.org has a wonderful collection of resources for teaching children of all ages about online safety, including ID theft.
Read Policies Carefully
As companies begin to offer accounts to children under 13 it will be interesting to see what privacy provisions are in place and what restrictions these accounts may have. We’ve encouraged you to read privacy policies many times and this certainly would continue to hold true on accounts for your children. Read the policies carefully (possibly with your child) and know what you’re agreeing to share before you sign up. This is an excellent opportunity to teach your child about the importance of knowing what companies will do with your information before you sign up for accounts.
You Can Still Monitor Their Accounts
Just because an account technically belongs to your child doesn’t mean that you can’t monitor it as a parent. Sit down with your child occasionally and look at their online accounts. Point out potential problems and solutions. These first accounts shouldn’t be solely the responsibility of your child, but rather an opportunity to start teaching principles that will keep your child safe online for a lifetime.
Not All Children Will be Ready
If Google does start offering accounts to children, that doesn’t mean you have to sign up. Parents are responsible for deciding which online activities are appropriate for their children. If you aren’t comfortable with the new accounts, your child doesn’t have to obtain one.
What do you think about accounts for children? Will you be signing your child up if these accounts become available?
July 29th, 2014
Robert Siciliano, Identity Theft Expert
Cyber criminals go after brand names like vultures, infiltrating company websites, hijacking mobile applications and tainting online ads, among other tricks.
Some corporate websites aren’t as secure as business leaders think they are—and cyber thieves know this. They use the “watering hole” technique to infiltrate the system. Ever see an animal TV show in which the lions wait in the brush, camouflaged, for their unsuspecting prey to approach the lone body of water? You know the rest.
Think of the company’s website as the watering hole. The company typically uses “landing pages” to entice people to their main site, but leave the landing pages up after they’ve served their purpose. Here’s where trouble starts, fewer resources are devoted to monitoring or updating these pages, allowing hackers to pounce on the vulnerabilities and insert malicious code, luring visitors to malicious sites using the trusted reputation of the brand..
Ultimately, the brand name becomes associated with this. Some examples as reported by Forbes.com:
1. The nbc.com home page was infected with the Citadel/Zeus installation malware.
2. The U.S. Veterans of Foreign Wars’ website was infected with malware.
3. Third-party app stores are a source of downloaded malware, since these are usually un-policed. Apps can be repackaged with mal-code, creating an association of bad with the brand name of that app. The mal-code could gather personal data on the purchaser, which is then sold to data brokers, violating user privacy, making the user think pretty negatively about the brand name.
4. Malvertisements are malicious ads that crooks place on legit websites. These normal-appearing ads spread bad things around, and do NOT have to be clicked to trigger a viral attack.
5. Banner ads can also be the target of injected mal-code.
6. These clever crooks will even pose as an actual name-brand company and put up legitimate ads on a website, but then replace those with mal-ads over the weekend—which go undetected because IT departments are lax on the weekends. After oh, say, a few million computers and mobiles are infected, the thieves stick the original, legit ad back in, which makes their crime difficult to track.
Third-party networks place a lot of ads, making it very hard to hunt down malvertising fraud. This complexity can make it virtually impossible for companies to protect themselves against 100% of malicious attacks.
Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures.
April 25th, 2014
Jenna here. This week was another week filled with interesting perspectives and informative stories relating to data security and privacy. We’ve selected our top stories from the week: an update on the Heartbleed bug we discussed last week, info about Facebook’s potential plan to harness ‘private content’ as well as a story about the huge cost of identity theft.
Assessing the Damage from Heartbleed, ABC News
Facebook Sets Its Sights On Your ‘Private Content’, Forbes
Prosecutor: ID Theft Scheme Cost U.S. Treasury $10M, Washington Post
April 18th, 2014
Jenna here. This week, a security flaw known as ‘Heartbleed’ made headlines and sent shockwaves through the business community. In case you missed any key information, we wanted to share some articles we found to be especially informative from the past week.
Here’s How to Protect Yourself From the Massive Security Flaw That’s Taken Over the Internet, Business Insider
‘Heartbleed’ Hackers Hit Two Websites, ABC News
Heartbleed Roundup: Hacking Made Easy, First Victims Come to Light and Heartbleed Hacker Arrested, Forbes
For more information, you can also visit the Heartbleed website: http://heartbleed.com/
April 15th, 2014
Jackie here. Do you click on pop-ups or sign up for free trial offers online? These two behaviors, along with many others, may increase your risk of ID theft and online fraud. In a report published by AARP called Caught in the Scammers Net, several activities were shown to increase your risk of being an identity theft victim. How do your browsing habits stack up? Check out this list of the top 10 things NOT to do online. Avoiding these potentially dangerous behaviors could help keep you and your family safer.
- Clicking on Pop Ups- You see an interesting pop up, what should you do? Don’t click on it! Clicking on pop ups is a risky online behavior. Instead, close the pop up immediately and access websites by visiting them directly. You can even install or enable a pop up blocker on your web browser to eliminate the temptation to click. Not all pop-ups are harmful, but it’s often better to be safe than sorry.
- Selling Products on eBay- While there are a lot of great opportunities for buying and selling products on auction sites like eBay, there is also some risk. The AARP study found that selling items on auction sites increased your risk of fraud. If you do choose to sell, be careful and be on the lookout for fraud—check your credit reports and bank statements carefully.
- Opening Emails from Unknown Senders- Do you open emails from people you don’t know? This can be a risky behavior, especially if you follow links or open attachments. When opening an unknown email can’t be avoided, use caution and never share personal information with the sender.
- Downloading Apps- I love a good app just as much as the next person, but each time I download a new one, I carefully review it. Choose apps only from a reputable marketplace and carefully analyze user reviews before downloading. If you want a great app that will actually help you protect your identity, check out the AllClear ID app.
- Being Impulsive- Do you click before you think? Take time to analyze before you do things online. Many scams can be avoided with a little caution.
- Signing Up for Free Trial Offers- We all love getting things for free, but is the freebie worth sacrificing your identity for? Be cautious of limited time free trial offers.
- Purchasing Through a Payment Transfer Website- When it comes to spending money, be very cautious online. Avoid sites that ask you to transfer money to a third party or to an unknown recipient.
While you can’t avoid every item on this list, reducing the number of risky behaviors you help you stay safe from online fraud. The study authors found that of 15 risky behaviors, nearly 1 in 5 American respondents had engaged in at least 7. More than half of the respondents (65%) had received at least 1 online scam offer during 2013.
April 10th, 2014
Jackie here. Before you open that RTF attachment, stop and think! Microsoft recently issued a warning about RTF files, encouraging all users to avoid opening them. Apparently hackers have found a way to utilize this file type to gain control of your computer. Play it safe and avoid all RTF (Rich Text Format) files until the problem is resolved. This file extension is commonly used in Microsoft Word, but other formats like .doc or .docx are available and are still safe to use.
The Better Business Bureau shared the warning in a post on their blog. The compromised files are “booby trapped” which can mean big destruction should the file be opened. These files have the potential to gain control of your computer, leading to the potential for ID theft.
Until a security fix is available Microsoft recommends disabling the opening of all RTF files. This way you won’t forget and accidentally open a file, or compromise your computer when a user that doesn’t know about the problem opens a file. You can do so easily from Microsoft’s site using a special tool created just for the problem. Midway down the page you’ll see a button labeled “Enable this fix it”. Click and follow the on-screen instructions. You can disable the fix once the problem is resolved using the same process and the “Disable this fix it” link.
March 28th, 2014
Jackie here. At times it feels like my entire life is on my computer. Family pictures, important work documents, financial records, favorite games, valuable software, and more fill my hard drive. I would be tempted to pay a pretty penny to keep my computer files if they were ever held ransom by a scammer. Cyber criminals are betting that many consumers feel just like me; they are using a clever new malware scam called Cryptolocker to take computers hostage. Pay up or your files are lost forever, so they say.
Cryptolocker is spread through malicious email links and “drive-by downloads” silently infecting computers and encrypting their hard drives. Once the encryption is complete the scammers demand a payment of $300 for the encryption code. If you don’t pay you’ll never see your files again. Do pay and you’re left at the scammer’s mercy; will they really send the encryption key? There is no other solution.
You don’t want to be a victim of this scam. Protect yourself by using caution when clicking on email links and by keeping your security software up to date. Another way to stay safe is to regularly back up your computer. An external hard drive works well as long as it’s disconnected from your computer when not actively in use (otherwise Cryptolocker will attempt to encrypt your back up too).
Have you backed up your files recently? What would you do if Cryptolocker were to strike your home or work computer?
March 21st, 2014
Jackie here. There’s a new type of malware out there and it’s a scary one. This malware travels through the air, targeting computers in the area. You don’t have to be connected to the same network as the hacker or install unknown software; simply being in close proximity is enough. This malware is called air-gap malware. If you haven’t heard of it yet, keep reading for more information below.
What is Air-Gap Malware?
A common strategy for dealing with a malware infected computer on a network is to disconnect the computer in question. This gives you time to work out the issues with the problem computer without worrying about spreading the virus throughout the network. It’s a strategy known as air-gapping, creating a barrier between the infected computer and the rest.
Air-Gap malware is the hacker’s solution to the air-gap. Since the virus can’t travel through the network using traditional means, it travels through the air, infecting any computer in the area, not just those that share a network. How does it work? Basically, it uses sound waves to transmit malicious code making use of things like sound cards and microphones in place of a network connection.
The sound is high frequency and isn’t something that can be heard by the natural ear, but that doesn’t stop computers from hearing and using the transmitted code.
How Do You Protect Yourself from Air-Gap Malware?
There is no easy way to protect yourself from air-gap malware. Luckily, you probably don’t have to worry about it too much, at least right now. The technique requires a very skilled hacker and is likely to only be employed by those targeting a specific network.
November 29th, 2013
Benjamin here, AllClear ID Investigator. In 2011 there was a study that reported 1 in 3 Americans are arrested by age 23. Futhermore, the FBI reports a total of 13,120,947 arrests in the United States for crimes, excluding traffic violations, for the year 2010. Many times, an arrest occurs after a lapse in judgment and will not be repeated. Most people simply want to move on and put the experience behind them. However, in many instances a mug shot and record of the original charge is now on Google for all to see. Making matters worse, the website responsible will only remove it with payment.
Where is the Information Coming From?
The site “Mugshots.com” is where these Google searches are pulling from. Here you find not only the police photo, but also the arrest information as well. Mugshots.com offers an escape link that can remove the information from Google searches within 7 business days for a fee up to $600.00. If an individual wants to file a complaint, they must do so through a licensed attorney–increasing the out-of-pocket expense to remove the image.
The fact that this appears on Google under the person’s name may prohibit potential employers from accepting applications for candidates interested in getting a job. One instance of poor decision making is now availably for all to see online, unless you are able to pay the fees to have the mugshot taken down. The site appears to be following the law and using the Freedom of Information Act to acquire the images and arrest records from the police. A lot of these cases are plea bargained to lesser charges or misdemeanors and some may have even been dismissed by the court or found innocent if a trial was held–this does not prohibit the mugshot from being published.
Recently, Google released an algorithm update that prevents mugshot sites such as these from appearing at the top of their search results in an attempt to offer more online privacy to individuals.
November 25th, 2013
Jenna here. Here are our favorite articles we’ve come across in the last week. We have information about what tech companies are doing to thwart NSA data collection efforts, a disturbing trend called ‘route hijacking’ that could affect data security online, and an interesting perspective on the use of drones.
Twitter Joins Google, Facebook with ‘Forward Secrecy’ Security, NBC News
Where’s Your Data Going? Hacks Redirect Traffic Through Distant Lands, NBC News
Drones Offer Journalists A Wider View, New York Times
November 25th, 2013
Jackie here. You’d be surprised what information hackers can learn about you if they try. An investigative journalist decided to put hackers to the test; the amount of material they were able to obtain in just a short while was astonishing. This journalist’s experiences are probably similar to what most of us would face in the same situation.
Putting Hackers to the Test
The journalist teamed with a group of white hat hackers (the good guys that help companies to protect themselves from potential vulnerabilities) and gave them permission to delve into his life. The only rules: no breaking the law and leave his children out of it. He even kept the process a secret from his wife to keep the experiment as real as possible.
The hackers devised a plan. They researched their target online, looking for potential vulnerabilities. They then used these vulnerabilities and the information gathered to start looking for ways to access the journalist’s information. Some methods failed while others were very successful. Some of the methods employed included dropping a flash drive that would load malware on a computer when plugged in (in hopes someone would find it and open it to look for the owner) and trying to capture information sent over a home Wi-Fi.
With the treasure trove of information we all store electronically, it’s no surprise that the hackers were able to discover a wealth of information about the journalist. They discovered his Social Security number, online banking credentials, Twitter and Facebook logins and much more. The hackers were even able to access Amazon accounts and lock down Apple devices by registering them as stolen.
In an online world, information may not be as safe as you think it is. That’s one reason why each of us must remain vigilant in protecting our identities. Run your credit, monitor your bank accounts, and do all you can to protect your personal information.
November 18th, 2013
Jackie here. I’ve always been intrigued by biometric verification. The thought of never having to remember a password again sounds wonderful, especially on those days when I can’t remember which password I used for an account and am trying to reset it (having a different password for every account gets confusing). Biometric technologies may sound like something from the future, but surprisingly, many are available today. Perhaps someday you’ll be able to use your thoughts instead of a password to login to your Twitter or Facebook account.
This article from the New York Times provides an interesting look into some of the biometric identifiers that are being studied and used. One of the latest to hit the market is Apple’s new fingerprint scanner, but many other biometric options may soon be available for mass market use.
Biometric Technology Possibilities
One interesting option currently in development is a heartbeat monitoring device called Nymi. It’s a small wristband that monitors heart patterns (unique like a fingerprint). The wristband acts as a biometric identifier, creating unique passcodes based on your body’s heart rhythms. When the band is put on, it scans a person’s heart patterns. This verification then remains in place until the band is removed. One of the selling points for the Nymi is the difficulty
in gaining unauthorized access to a heartbeat; fingerprints are left everywhere, but a heart rhythm would require up-close, physical access to copy.
While not yet available, the Nymi will be a fairly affordable choice. Preorders on their website are $79, charged upon shipment in 2014. The complete list of compatible devices, programs, etc. won’t be available until closer to the release date.
Other interesting biometric possibilities include a brainwave scanner under study at the University of California, Berkley and face and voice identification under study by the FIDO Alliance. Some of the more advanced biometric technologies won’t be available for a few years, but it appears this might be an emerging trend in account and password security. Users want an easier (and more secure) solution to passwords and biometric technologies might provide the answer.
November 13th, 2013
Jackie here. Do you read blogs? I do and I often find the comment section more interesting than the post itself. While reading blog post comments isn’t risky in and of itself, it can lead to trouble if you start clicking on links. Links commonly found in blog post comments can lead to malware and phishing sites, potentially increasing your ID theft risk. Enjoy those comments, but be careful!
Malware and Blog Comments- What’s the Link?
Most blogging platforms give commenters an opportunity to link to their own website (or a website of their choosing). This is a helpful feature for bloggers since it helps them to establish relationships with their readers. It can also give fellow readers a chance to discover new blogs and websites in the process.
However people other than bloggers use this feature as well. They may use blogs to build back-links to their website and to promote products and services. Scammers also take advantage of the ability to post on websites with comments. They may post links to spam-related, phishing, or malware sites hoping to lure in a few guests.
Since you have no idea who is actually posting comments on a blog, be careful when clicking on links, especially if the comment looks suspicious. Here are a few tips for recognizing potentially harmful comments:
- Generic Praise- Comments that are very generic may be spammy. Look for comments like, “Excellent post. I enjoyed reading this information.” Generic comments might look like praise, but they are probably there just to promote a link, possibly a dangerous one.
- Blatant Advertising- Another tactic, although much less subtle, is to post ads directly in blog comments. These ads may direct readers to sites for weight loss products, work from home opportunities, etc. These ads are often caught and removed by bloggers, but may slip through if a blogger doesn’t regularly monitor their comments.
- Keyword Links- Another tactic involves linking to keywords in a comment. You click on a keyword to follow the link and could potentially end up installing malware on your computer.
Enjoy reading blog comments, but do so with caution. You never know where scammers, spammers and ID thieves are lurking.
November 11th, 2013
Jackie here. Do you ever post something online and then wish you could make it go away? A new California law will give teens this very right. It entitles teens to assistance in erasing online postings they later regret. This law has the potential to help protect teens from ID theft as well as future embarrassment. The law was signed in late September and will go into effect January 2015.
About the Law
The law requires online platforms directed at minors to offer an option for deleting content they later regret. While online privacy laws like COPPA apply only to children to under 13, this law applies to all minors (those under the age of 18). It’s an important protection for teens who sometimes post before they think.
In addition to requiring sites to assist teens with deleting postings, the law also adds prohibitions for the online advertising of things like guns and alcohol to those under 18. The law does not require sites to remove information about a minor posted by someone else or to remove content for which a minor was paid.
Implications for ID Theft and Privacy
Even with this new law, teens still need to think before they post online. While the law will enable teens to remove information they post themselves, there are no protections for information posted by others. This means that embarrassing party shots or inappropriate video could still make its way online. In addition, posts with your location or personal information can still find its way into the wrong hands, leading to ID theft. Content has a way of going viral, and once this happens you can’t always get it back.
While the law does give teens new options for deleting information posted online, it is important to remember that many social media websites already offer options for deleting and cleaning up profiles which are available to us all, young and old. Teens aren’t the only ones that post things online that shouldn’t and we should all take time to examine our social media profiles and clean up any sensitive or embarrassing information. Knowing what you’re posting and who can see it is an important part of protecting yourself from ID theft and maintaining a good online presence.
November 7th, 2013
Jackie here. Are your kids online? Have you taken the opportunity to teach them about the dangers lurking on the internet? Today’s online kids need to be aware of predators, bullies, scams and of course identity theft. Here are some tips for introducing your child to the internet, specifically where their identity is concerned.
Before letting your kids online, set boundaries with them. Establish family guidelines for when they can use the internet, what sites they can visit, and what they can share online. For example, you may want to have younger children wait until they are a bit older before allowing them to use social media websites.
Crucial to your child’s online safety is the ability to determine what they can safely share. Sharing personal or family information has the potential to lead to ID theft. Help your children to learn appropriate sharing by creating guidelines for what they can and cannot share.
Teach About Links
Following malicious links can lead to malware and other viruses being installed on your family’s computer. Teach your children about links and explain that not all links are safe to follow. Consider giving your children, especially young children, a list of sites that are safe to use. You may also want to create guidelines for which purposes they can access the internet (school, research, etc.).
Monitor Their Usage
Social media carries many identity theft risks. If you allow your child to use sites like Facebook and Twitter, monitor their accounts closely. Be sure to look at privacy settings to ensure they aren’t sharing information without knowing it.
Teach your children to be choosy about their Facebook friends. Teach them to avoid accepting friend requests from strangers and those they don’t know very well.
Keep the Computer Visible
Having the family computer in a visible and accessible area (like the family room) is a good way to foster communication and encourage questions. Let your children know that you will be checking in on them and help them with questions and problems they may encounter.
Install Monitoring Software
You may want to use monitoring software to keep tabs on your child’s internet usage. Pay attention to the sites they visit and consider blocking sites that you don’t feel comfortable with your child using. Children often aren’t aware that they are visiting a site that can be unsafe, so it’s a good idea for parents to keep tabs on this as well.
Teach About ID Theft
ID theft is a serious risk online, even more so for children. Teach your child about common ID theft risks like phishing, malware, etc. This article from the Identity Theft Resource Center has great resources for teaching children about cyber security.
Before your child gets online, make sure they are ready. For more tips, check out this article from the Better Business Bureau..
November 6th, 2013
Jenna here. We have 3 great articles for our readers this week. There’s an informative read about why complying with new children’s online privacy rules may be more difficult than anticipated, a security warning for android smart phone users, and evidence that suggests most Americans actually support the NSA spying efforts if it means increased security. Take a look!
Want to Comply with Online Privacy Laws for Kids? Good Luck!, BloombergBusinessweek
Custom Features Incur Security Flaws In Popular Android Smartphones, Security Dark Reading
Poll: Public Supports NSA Spying On Their Email, Neighbors and Foreign Leaders, TechCrunch
October 28th, 2013
Allison here. Cybersecurity Awareness Month is almost over, but knowing about cyber security and how it affects is relevant year-round. The security of websites, Internet connections, and the businesses you frequent all affect how secure your personal information and identity are. Here are nine cybersecurity facts that you need to be aware of:
- The federal government has suffered a nearly 680 percent increase in cyber security breaches in the past six years. (Face the Facts USA)
- Sean Henry, an assistant director of the FBI, says that so far this year, cyber criminals have stolen over $100 million from US banks. (The Congressional Cybersecurity Caucus)
- The financial industry successfully withstood three waves of distributed denial of service attacks beginning in September 2012. (Banking.com)
- Nation-states, not hackers, are most likely to launch successful cyber terrorist attacks against classified networks and critical infrastructure. They have the necessary discipline, resources, and commitment. (CIO.com)
- About 10% of all social media users have received a cyber-threat. More than 600,000 accounts are compromised every day on Facebook alone. (Floridatechonline.com)
- A whopping 59% of employees steal proprietary corporate data when they quit or are fired. (Ponemon Institute)
- The National Nuclear Security Administration, an arm of the Energy Department, records 10 million attempted hacks a day. (Defense News)
- 53% of U.S companies expressed little to no confidence to stopping security breaches in the next 12 months. (Rolandtech.com)
- The estimated annual cost of global cybercrime over $100 billion. (Go-gulf.com)
October 22nd, 2013
Aaron here, AllClear ID Investigator. Pennsylvania’s Commonwealth Computer Recycling, has discovered a security risk for individuals attempting to recycle their computers and electronics in the state.
While the company recognizes the importance of following the statewide Covered Device Recycling Act, this law prohibits people from putting electronic devices in landfills to protect the environment. However, this law leaves citizens responsible for properly disposing of their computer’s information. If an electronic device isn’t disposed of properly, it can open the door for ID theft due to the wealth of personal information that many people store on their devices today. In many cases, the trouble starts with recycling programs that do not have the security needed to correctly dispose of computers and devices holding sensitive data.
Customers looking to recycle their computer or device are often asked to drop their items off at an unsecure location. Those items are sometimes picked through for those deemed valuable–most of the time this includes items such as cell phones and laptops that often contain a wealth of personal information.
It is recommended that individuals wishing to dispose of electronics do so at events held by certified recyclers. All employees at Commonwealth Computer Recycling undergo rigorous background checks and the company offers onsite hard drive disposal to ensure safe handling. Events are held throughout the year and participants can watch as their hard drives are destroyed on site. If you are not a Pennsylvania resident, look for certified electronics recyclers in your area before you choose to dispose of your old electronic device.
October 18th, 2013
Jackie here. Facebook’s privacy policies are under fire again, this time from the FTC. The government organization is examining whether Facebook’s new policy is in violation of their 2011 agreement with regulators. With so much personal information at their access, Facebook’s privacy policies seem to be constantly under dispute; keeping up to date with what Facebook shares is important in protecting your personal information and your identity.
Changes to the Policy
One of the changes that is bringing about the most controversy involves Facebook’s ability to use personal information for advertising. The change grants Facebook permission to use a person’s name, image, and Facebook content for advertising purposes. Although this was already allowed under the old policy, the wording has been changed, removing terms like “subject to the limits you place”. This removes the user’s ability to opt out and control this feature as much and grants Facebook broad rights to use their users and their associated content for advertising.
Another big change drawing fire is also related to advertising, but involves the privacy rights of minors. By accepting the data use policy parents agree to grant Facebook the right to use their minor child for advertising.
The changes have infuriated privacy groups and others. More than 20 groups that advocate for teen rights (including the American Academy of Pediatrics and the National Coalition for Youth) have asked the FTC to block the proposed changes. Facebook claims the changes were required as a part of their recent settlement for privacy violations.
Finding the balance between privacy and profitability has proved difficult for Facebook. Whether or not these changes do in fact go into effect, they do provide a great reminder to examine your privacy settings and to avoid sharing anything you don’t want the world to know online.
October 16th, 2013
Tamara here, AllClear ID Investigator. Almost everyone has an email account, and is aware that it may be targeted by cyber criminals in a number of ways. Here, I am going to provide a few tips that will help prevent you from falling victim to a cyber criminal.
Tip #1: Your user ID and password are the gateway to your email. To prevent your email being hacked, it’s smart to have a complex password. A complex password usually consists of letters, numbers, and symbols, does not repeat your user name, and does not include your personal information (name, date of birth, etc.). In addition, try to avoid using your email for multiple accounts, and definitely avoid using a password that has previously been compromised. Using multi word phrases which are phonetically spelled make for strong passwords, also. Using a password manager will help you choose a password and store it for later use, a great tool for keeping track of your more complex passwords.
Tip #2: The devices where you access your email themselves may be a risk factor. Public networks, or even your personal smartphone or computer, may be infected with malware or keyloggers, giving the criminals access to all information there. It is always a good idea to not check your email from a public computer. Be sure the operating system of your device is updated.
Tip #3: Be wary of phishing and scam emails. Don’t open an email from a suspicious source, and don’t click on links from emails that you don’t recognize. For example, you get an email from someone claiming to be one of your friends or family members stating they are stranded and need money. The best thing to do is to call that person, or reach out to them in another method, as that person’s email most likely has been hacked and is being used by a criminal. Before sending any money or agreeing to any contracts, research and confirm it is not a scam.
Tip #4: Inbox maintenance is also important. Remember that old email from years ago which contains your or your contact’s personal information? Yes, delete that (and then remove it from the trash bin). If your account does end up getting hacked, that information will not be compromised.
Tip #5: Finally, you’re done accessing your email. Log out to prevent others from accessing it. Here’s to being on top of the game!
October 9th, 2013
Jenna here. We’ve talked about talked about War Driving before, but we recently stumbled across a YouTube video that shows just how easy it is for experienced hackers to commit this crime. If you haven’t already, check out our first post to find tips about how to secure your home network to make sure you don’t fall victim to this ID theft tactic.