April 18th, 2014
Jenna here. This week, a security flaw known as ‘Heartbleed’ made headlines and sent shockwaves through the business community. In case you missed any key information, we wanted to share some articles we found to be especially informative from the past week.
Here’s How to Protect Yourself From the Massive Security Flaw That’s Taken Over the Internet, Business Insider
‘Heartbleed’ Hackers Hit Two Websites, ABC News
Heartbleed Roundup: Hacking Made Easy, First Victims Come to Light and Heartbleed Hacker Arrested, Forbes
For more information, you can also visit the Heartbleed website: http://heartbleed.com/
April 15th, 2014
Jackie here. Do you click on pop-ups or sign up for free trial offers online? These two behaviors, along with many others, may increase your risk of ID theft and online fraud. In a report published by AARP called Caught in the Scammers Net, several activities were shown to increase your risk of being an identity theft victim. How do your browsing habits stack up? Check out this list of the top 10 things NOT to do online. Avoiding these potentially dangerous behaviors could help keep you and your family safer.
- Clicking on Pop Ups- You see an interesting pop up, what should you do? Don’t click on it! Clicking on pop ups is a risky online behavior. Instead, close the pop up immediately and access websites by visiting them directly. You can even install or enable a pop up blocker on your web browser to eliminate the temptation to click. Not all pop-ups are harmful, but it’s often better to be safe than sorry.
- Selling Products on eBay- While there are a lot of great opportunities for buying and selling products on auction sites like eBay, there is also some risk. The AARP study found that selling items on auction sites increased your risk of fraud. If you do choose to sell, be careful and be on the lookout for fraud—check your credit reports and bank statements carefully.
- Opening Emails from Unknown Senders- Do you open emails from people you don’t know? This can be a risky behavior, especially if you follow links or open attachments. When opening an unknown email can’t be avoided, use caution and never share personal information with the sender.
- Downloading Apps- I love a good app just as much as the next person, but each time I download a new one, I carefully review it. Choose apps only from a reputable marketplace and carefully analyze user reviews before downloading. If you want a great app that will actually help you protect your identity, check out the AllClear ID app.
- Being Impulsive- Do you click before you think? Take time to analyze before you do things online. Many scams can be avoided with a little caution.
- Signing Up for Free Trial Offers- We all love getting things for free, but is the freebie worth sacrificing your identity for? Be cautious of limited time free trial offers.
- Purchasing Through a Payment Transfer Website- When it comes to spending money, be very cautious online. Avoid sites that ask you to transfer money to a third party or to an unknown recipient.
While you can’t avoid every item on this list, reducing the number of risky behaviors you help you stay safe from online fraud. The study authors found that of 15 risky behaviors, nearly 1 in 5 American respondents had engaged in at least 7. More than half of the respondents (65%) had received at least 1 online scam offer during 2013.
April 10th, 2014
Jackie here. Before you open that RTF attachment, stop and think! Microsoft recently issued a warning about RTF files, encouraging all users to avoid opening them. Apparently hackers have found a way to utilize this file type to gain control of your computer. Play it safe and avoid all RTF (Rich Text Format) files until the problem is resolved. This file extension is commonly used in Microsoft Word, but other formats like .doc or .docx are available and are still safe to use.
The Better Business Bureau shared the warning in a post on their blog. The compromised files are “booby trapped” which can mean big destruction should the file be opened. These files have the potential to gain control of your computer, leading to the potential for ID theft.
Until a security fix is available Microsoft recommends disabling the opening of all RTF files. This way you won’t forget and accidentally open a file, or compromise your computer when a user that doesn’t know about the problem opens a file. You can do so easily from Microsoft’s site using a special tool created just for the problem. Midway down the page you’ll see a button labeled “Enable this fix it”. Click and follow the on-screen instructions. You can disable the fix once the problem is resolved using the same process and the “Disable this fix it” link.
March 28th, 2014
Jackie here. At times it feels like my entire life is on my computer. Family pictures, important work documents, financial records, favorite games, valuable software, and more fill my hard drive. I would be tempted to pay a pretty penny to keep my computer files if they were ever held ransom by a scammer. Cyber criminals are betting that many consumers feel just like me; they are using a clever new malware scam called Cryptolocker to take computers hostage. Pay up or your files are lost forever, so they say.
Cryptolocker is spread through malicious email links and “drive-by downloads” silently infecting computers and encrypting their hard drives. Once the encryption is complete the scammers demand a payment of $300 for the encryption code. If you don’t pay you’ll never see your files again. Do pay and you’re left at the scammer’s mercy; will they really send the encryption key? There is no other solution.
You don’t want to be a victim of this scam. Protect yourself by using caution when clicking on email links and by keeping your security software up to date. Another way to stay safe is to regularly back up your computer. An external hard drive works well as long as it’s disconnected from your computer when not actively in use (otherwise Cryptolocker will attempt to encrypt your back up too).
Have you backed up your files recently? What would you do if Cryptolocker were to strike your home or work computer?
March 21st, 2014
Jackie here. There’s a new type of malware out there and it’s a scary one. This malware travels through the air, targeting computers in the area. You don’t have to be connected to the same network as the hacker or install unknown software; simply being in close proximity is enough. This malware is called air-gap malware. If you haven’t heard of it yet, keep reading for more information below.
What is Air-Gap Malware?
A common strategy for dealing with a malware infected computer on a network is to disconnect the computer in question. This gives you time to work out the issues with the problem computer without worrying about spreading the virus throughout the network. It’s a strategy known as air-gapping, creating a barrier between the infected computer and the rest.
Air-Gap malware is the hacker’s solution to the air-gap. Since the virus can’t travel through the network using traditional means, it travels through the air, infecting any computer in the area, not just those that share a network. How does it work? Basically, it uses sound waves to transmit malicious code making use of things like sound cards and microphones in place of a network connection.
The sound is high frequency and isn’t something that can be heard by the natural ear, but that doesn’t stop computers from hearing and using the transmitted code.
How Do You Protect Yourself from Air-Gap Malware?
There is no easy way to protect yourself from air-gap malware. Luckily, you probably don’t have to worry about it too much, at least right now. The technique requires a very skilled hacker and is likely to only be employed by those targeting a specific network.
November 29th, 2013
Benjamin here, AllClear ID Investigator. In 2011 there was a study that reported 1 in 3 Americans are arrested by age 23. Futhermore, the FBI reports a total of 13,120,947 arrests in the United States for crimes, excluding traffic violations, for the year 2010. Many times, an arrest occurs after a lapse in judgment and will not be repeated. Most people simply want to move on and put the experience behind them. However, in many instances a mug shot and record of the original charge is now on Google for all to see. Making matters worse, the website responsible will only remove it with payment.
Where is the Information Coming From?
The site “Mugshots.com” is where these Google searches are pulling from. Here you find not only the police photo, but also the arrest information as well. Mugshots.com offers an escape link that can remove the information from Google searches within 7 business days for a fee up to $600.00. If an individual wants to file a complaint, they must do so through a licensed attorney–increasing the out-of-pocket expense to remove the image.
The fact that this appears on Google under the person’s name may prohibit potential employers from accepting applications for candidates interested in getting a job. One instance of poor decision making is now availably for all to see online, unless you are able to pay the fees to have the mugshot taken down. The site appears to be following the law and using the Freedom of Information Act to acquire the images and arrest records from the police. A lot of these cases are plea bargained to lesser charges or misdemeanors and some may have even been dismissed by the court or found innocent if a trial was held–this does not prohibit the mugshot from being published.
Recently, Google released an algorithm update that prevents mugshot sites such as these from appearing at the top of their search results in an attempt to offer more online privacy to individuals.
November 25th, 2013
Jenna here. Here are our favorite articles we’ve come across in the last week. We have information about what tech companies are doing to thwart NSA data collection efforts, a disturbing trend called ‘route hijacking’ that could affect data security online, and an interesting perspective on the use of drones.
Twitter Joins Google, Facebook with ‘Forward Secrecy’ Security, NBC News
Where’s Your Data Going? Hacks Redirect Traffic Through Distant Lands, NBC News
Drones Offer Journalists A Wider View, New York Times
November 25th, 2013
Jackie here. You’d be surprised what information hackers can learn about you if they try. An investigative journalist decided to put hackers to the test; the amount of material they were able to obtain in just a short while was astonishing. This journalist’s experiences are probably similar to what most of us would face in the same situation.
Putting Hackers to the Test
The journalist teamed with a group of white hat hackers (the good guys that help companies to protect themselves from potential vulnerabilities) and gave them permission to delve into his life. The only rules: no breaking the law and leave his children out of it. He even kept the process a secret from his wife to keep the experiment as real as possible.
The hackers devised a plan. They researched their target online, looking for potential vulnerabilities. They then used these vulnerabilities and the information gathered to start looking for ways to access the journalist’s information. Some methods failed while others were very successful. Some of the methods employed included dropping a flash drive that would load malware on a computer when plugged in (in hopes someone would find it and open it to look for the owner) and trying to capture information sent over a home Wi-Fi.
With the treasure trove of information we all store electronically, it’s no surprise that the hackers were able to discover a wealth of information about the journalist. They discovered his Social Security number, online banking credentials, Twitter and Facebook logins and much more. The hackers were even able to access Amazon accounts and lock down Apple devices by registering them as stolen.
In an online world, information may not be as safe as you think it is. That’s one reason why each of us must remain vigilant in protecting our identities. Run your credit, monitor your bank accounts, and do all you can to protect your personal information.
November 18th, 2013
Jackie here. I’ve always been intrigued by biometric verification. The thought of never having to remember a password again sounds wonderful, especially on those days when I can’t remember which password I used for an account and am trying to reset it (having a different password for every account gets confusing). Biometric technologies may sound like something from the future, but surprisingly, many are available today. Perhaps someday you’ll be able to use your thoughts instead of a password to login to your Twitter or Facebook account.
This article from the New York Times provides an interesting look into some of the biometric identifiers that are being studied and used. One of the latest to hit the market is Apple’s new fingerprint scanner, but many other biometric options may soon be available for mass market use.
Biometric Technology Possibilities
One interesting option currently in development is a heartbeat monitoring device called Nymi. It’s a small wristband that monitors heart patterns (unique like a fingerprint). The wristband acts as a biometric identifier, creating unique passcodes based on your body’s heart rhythms. When the band is put on, it scans a person’s heart patterns. This verification then remains in place until the band is removed. One of the selling points for the Nymi is the difficulty
in gaining unauthorized access to a heartbeat; fingerprints are left everywhere, but a heart rhythm would require up-close, physical access to copy.
While not yet available, the Nymi will be a fairly affordable choice. Preorders on their website are $79, charged upon shipment in 2014. The complete list of compatible devices, programs, etc. won’t be available until closer to the release date.
Other interesting biometric possibilities include a brainwave scanner under study at the University of California, Berkley and face and voice identification under study by the FIDO Alliance. Some of the more advanced biometric technologies won’t be available for a few years, but it appears this might be an emerging trend in account and password security. Users want an easier (and more secure) solution to passwords and biometric technologies might provide the answer.
November 13th, 2013
Jackie here. Do you read blogs? I do and I often find the comment section more interesting than the post itself. While reading blog post comments isn’t risky in and of itself, it can lead to trouble if you start clicking on links. Links commonly found in blog post comments can lead to malware and phishing sites, potentially increasing your ID theft risk. Enjoy those comments, but be careful!
Malware and Blog Comments- What’s the Link?
Most blogging platforms give commenters an opportunity to link to their own website (or a website of their choosing). This is a helpful feature for bloggers since it helps them to establish relationships with their readers. It can also give fellow readers a chance to discover new blogs and websites in the process.
However people other than bloggers use this feature as well. They may use blogs to build back-links to their website and to promote products and services. Scammers also take advantage of the ability to post on websites with comments. They may post links to spam-related, phishing, or malware sites hoping to lure in a few guests.
Since you have no idea who is actually posting comments on a blog, be careful when clicking on links, especially if the comment looks suspicious. Here are a few tips for recognizing potentially harmful comments:
- Generic Praise- Comments that are very generic may be spammy. Look for comments like, “Excellent post. I enjoyed reading this information.” Generic comments might look like praise, but they are probably there just to promote a link, possibly a dangerous one.
- Blatant Advertising- Another tactic, although much less subtle, is to post ads directly in blog comments. These ads may direct readers to sites for weight loss products, work from home opportunities, etc. These ads are often caught and removed by bloggers, but may slip through if a blogger doesn’t regularly monitor their comments.
- Keyword Links- Another tactic involves linking to keywords in a comment. You click on a keyword to follow the link and could potentially end up installing malware on your computer.
Enjoy reading blog comments, but do so with caution. You never know where scammers, spammers and ID thieves are lurking.
November 11th, 2013
Jackie here. Do you ever post something online and then wish you could make it go away? A new California law will give teens this very right. It entitles teens to assistance in erasing online postings they later regret. This law has the potential to help protect teens from ID theft as well as future embarrassment. The law was signed in late September and will go into effect January 2015.
About the Law
The law requires online platforms directed at minors to offer an option for deleting content they later regret. While online privacy laws like COPPA apply only to children to under 13, this law applies to all minors (those under the age of 18). It’s an important protection for teens who sometimes post before they think.
In addition to requiring sites to assist teens with deleting postings, the law also adds prohibitions for the online advertising of things like guns and alcohol to those under 18. The law does not require sites to remove information about a minor posted by someone else or to remove content for which a minor was paid.
Implications for ID Theft and Privacy
Even with this new law, teens still need to think before they post online. While the law will enable teens to remove information they post themselves, there are no protections for information posted by others. This means that embarrassing party shots or inappropriate video could still make its way online. In addition, posts with your location or personal information can still find its way into the wrong hands, leading to ID theft. Content has a way of going viral, and once this happens you can’t always get it back.
While the law does give teens new options for deleting information posted online, it is important to remember that many social media websites already offer options for deleting and cleaning up profiles which are available to us all, young and old. Teens aren’t the only ones that post things online that shouldn’t and we should all take time to examine our social media profiles and clean up any sensitive or embarrassing information. Knowing what you’re posting and who can see it is an important part of protecting yourself from ID theft and maintaining a good online presence.
November 7th, 2013
Jackie here. Are your kids online? Have you taken the opportunity to teach them about the dangers lurking on the internet? Today’s online kids need to be aware of predators, bullies, scams and of course identity theft. Here are some tips for introducing your child to the internet, specifically where their identity is concerned.
Before letting your kids online, set boundaries with them. Establish family guidelines for when they can use the internet, what sites they can visit, and what they can share online. For example, you may want to have younger children wait until they are a bit older before allowing them to use social media websites.
Crucial to your child’s online safety is the ability to determine what they can safely share. Sharing personal or family information has the potential to lead to ID theft. Help your children to learn appropriate sharing by creating guidelines for what they can and cannot share.
Teach About Links
Following malicious links can lead to malware and other viruses being installed on your family’s computer. Teach your children about links and explain that not all links are safe to follow. Consider giving your children, especially young children, a list of sites that are safe to use. You may also want to create guidelines for which purposes they can access the internet (school, research, etc.).
Monitor Their Usage
Social media carries many identity theft risks. If you allow your child to use sites like Facebook and Twitter, monitor their accounts closely. Be sure to look at privacy settings to ensure they aren’t sharing information without knowing it.
Teach your children to be choosy about their Facebook friends. Teach them to avoid accepting friend requests from strangers and those they don’t know very well.
Keep the Computer Visible
Having the family computer in a visible and accessible area (like the family room) is a good way to foster communication and encourage questions. Let your children know that you will be checking in on them and help them with questions and problems they may encounter.
Install Monitoring Software
You may want to use monitoring software to keep tabs on your child’s internet usage. Pay attention to the sites they visit and consider blocking sites that you don’t feel comfortable with your child using. Children often aren’t aware that they are visiting a site that can be unsafe, so it’s a good idea for parents to keep tabs on this as well.
Teach About ID Theft
ID theft is a serious risk online, even more so for children. Teach your child about common ID theft risks like phishing, malware, etc. This article from the Identity Theft Resource Center has great resources for teaching children about cyber security.
Before your child gets online, make sure they are ready. For more tips, check out this article from the Better Business Bureau..
November 6th, 2013
Jenna here. We have 3 great articles for our readers this week. There’s an informative read about why complying with new children’s online privacy rules may be more difficult than anticipated, a security warning for android smart phone users, and evidence that suggests most Americans actually support the NSA spying efforts if it means increased security. Take a look!
Want to Comply with Online Privacy Laws for Kids? Good Luck!, BloombergBusinessweek
Custom Features Incur Security Flaws In Popular Android Smartphones, Security Dark Reading
Poll: Public Supports NSA Spying On Their Email, Neighbors and Foreign Leaders, TechCrunch
October 28th, 2013
Allison here. Cybersecurity Awareness Month is almost over, but knowing about cyber security and how it affects is relevant year-round. The security of websites, Internet connections, and the businesses you frequent all affect how secure your personal information and identity are. Here are nine cybersecurity facts that you need to be aware of:
- The federal government has suffered a nearly 680 percent increase in cyber security breaches in the past six years. (Face the Facts USA)
- Sean Henry, an assistant director of the FBI, says that so far this year, cyber criminals have stolen over $100 million from US banks. (The Congressional Cybersecurity Caucus)
- The financial industry successfully withstood three waves of distributed denial of service attacks beginning in September 2012. (Banking.com)
- Nation-states, not hackers, are most likely to launch successful cyber terrorist attacks against classified networks and critical infrastructure. They have the necessary discipline, resources, and commitment. (CIO.com)
- About 10% of all social media users have received a cyber-threat. More than 600,000 accounts are compromised every day on Facebook alone. (Floridatechonline.com)
- A whopping 59% of employees steal proprietary corporate data when they quit or are fired. (Ponemon Institute)
- The National Nuclear Security Administration, an arm of the Energy Department, records 10 million attempted hacks a day. (Defense News)
- 53% of U.S companies expressed little to no confidence to stopping security breaches in the next 12 months. (Rolandtech.com)
- The estimated annual cost of global cybercrime over $100 billion. (Go-gulf.com)
October 22nd, 2013
Aaron here, AllClear ID Investigator. Pennsylvania’s Commonwealth Computer Recycling, has discovered a security risk for individuals attempting to recycle their computers and electronics in the state.
While the company recognizes the importance of following the statewide Covered Device Recycling Act, this law prohibits people from putting electronic devices in landfills to protect the environment. However, this law leaves citizens responsible for properly disposing of their computer’s information. If an electronic device isn’t disposed of properly, it can open the door for ID theft due to the wealth of personal information that many people store on their devices today. In many cases, the trouble starts with recycling programs that do not have the security needed to correctly dispose of computers and devices holding sensitive data.
Customers looking to recycle their computer or device are often asked to drop their items off at an unsecure location. Those items are sometimes picked through for those deemed valuable–most of the time this includes items such as cell phones and laptops that often contain a wealth of personal information.
It is recommended that individuals wishing to dispose of electronics do so at events held by certified recyclers. All employees at Commonwealth Computer Recycling undergo rigorous background checks and the company offers onsite hard drive disposal to ensure safe handling. Events are held throughout the year and participants can watch as their hard drives are destroyed on site. If you are not a Pennsylvania resident, look for certified electronics recyclers in your area before you choose to dispose of your old electronic device.
October 18th, 2013
Jackie here. Facebook’s privacy policies are under fire again, this time from the FTC. The government organization is examining whether Facebook’s new policy is in violation of their 2011 agreement with regulators. With so much personal information at their access, Facebook’s privacy policies seem to be constantly under dispute; keeping up to date with what Facebook shares is important in protecting your personal information and your identity.
Changes to the Policy
One of the changes that is bringing about the most controversy involves Facebook’s ability to use personal information for advertising. The change grants Facebook permission to use a person’s name, image, and Facebook content for advertising purposes. Although this was already allowed under the old policy, the wording has been changed, removing terms like “subject to the limits you place”. This removes the user’s ability to opt out and control this feature as much and grants Facebook broad rights to use their users and their associated content for advertising.
Another big change drawing fire is also related to advertising, but involves the privacy rights of minors. By accepting the data use policy parents agree to grant Facebook the right to use their minor child for advertising.
The changes have infuriated privacy groups and others. More than 20 groups that advocate for teen rights (including the American Academy of Pediatrics and the National Coalition for Youth) have asked the FTC to block the proposed changes. Facebook claims the changes were required as a part of their recent settlement for privacy violations.
Finding the balance between privacy and profitability has proved difficult for Facebook. Whether or not these changes do in fact go into effect, they do provide a great reminder to examine your privacy settings and to avoid sharing anything you don’t want the world to know online.
October 16th, 2013
Tamara here, AllClear ID Investigator. Almost everyone has an email account, and is aware that it may be targeted by cyber criminals in a number of ways. Here, I am going to provide a few tips that will help prevent you from falling victim to a cyber criminal.
Tip #1: Your user ID and password are the gateway to your email. To prevent your email being hacked, it’s smart to have a complex password. A complex password usually consists of letters, numbers, and symbols, does not repeat your user name, and does not include your personal information (name, date of birth, etc.). In addition, try to avoid using your email for multiple accounts, and definitely avoid using a password that has previously been compromised. Using multi word phrases which are phonetically spelled make for strong passwords, also. Using a password manager will help you choose a password and store it for later use, a great tool for keeping track of your more complex passwords.
Tip #2: The devices where you access your email themselves may be a risk factor. Public networks, or even your personal smartphone or computer, may be infected with malware or keyloggers, giving the criminals access to all information there. It is always a good idea to not check your email from a public computer. Be sure the operating system of your device is updated.
Tip #3: Be wary of phishing and scam emails. Don’t open an email from a suspicious source, and don’t click on links from emails that you don’t recognize. For example, you get an email from someone claiming to be one of your friends or family members stating they are stranded and need money. The best thing to do is to call that person, or reach out to them in another method, as that person’s email most likely has been hacked and is being used by a criminal. Before sending any money or agreeing to any contracts, research and confirm it is not a scam.
Tip #4: Inbox maintenance is also important. Remember that old email from years ago which contains your or your contact’s personal information? Yes, delete that (and then remove it from the trash bin). If your account does end up getting hacked, that information will not be compromised.
Tip #5: Finally, you’re done accessing your email. Log out to prevent others from accessing it. Here’s to being on top of the game!
October 9th, 2013
Jenna here. We’ve talked about talked about War Driving before, but we recently stumbled across a YouTube video that shows just how easy it is for experienced hackers to commit this crime. If you haven’t already, check out our first post to find tips about how to secure your home network to make sure you don’t fall victim to this ID theft tactic.
September 25th, 2013
Jackie here. Do you store your personal information in the cloud? The internet has made it easy to access files from almost anywhere: I can check my email when I’m on vacation, and share files easily with coworkers and friends. Cloud computing is certainly convenient, but some people worry about storing their information and important files online. They want to have more control of their information, and are willing to sacrifice the convenience of cloud computing for the privacy of traditional storage.
If you want to keep your files off the internet and avoid the cloud, check out this article from the BBB and try a few of these tips:
- Use Your Hard Drive- If you want to avoid the cloud, use your hard drive instead. Many of the latest computer models have smaller hard drives to account for the increased use of cloud storage. If you want to store all of your files on your hard drive, choose a computer with a large enough hard drive or utilize external storage options.
- Skip Online Storage Programs- While there are many great options for storing your files online, you’ll find that there are plenty of options available for storing information on your computer as well. Instead of Flickr for photo storage, try iPhoto. Microsoft Word is a good alternative to Google Docs. Rather than sharing files with Dropbox, use an encrypted USB drive. You might have to do a little more research to find the best programs to use, but there are many alternatives to cloud storage if you’re willing to seek the options out.
- Use Desktop Email- Web based email providers store your emails on the cloud. If you want your emails stored locally, choose a traditional desktop email provider like Outlook. Be aware though that if your computer crashes, you might lose all of your email files if they aren’t backed up. If you don’t use cloud storage, backup is very important.
If you want to increase your privacy and control where your files are stored, these tips will help you limit your reliance on cloud storage.
September 23rd, 2013
Jackie here. Pick your poison: privacy or spam. I’ve never really viewed the two as being linked until I stumbled across an interesting article on Forbes. The article explains that information gathering can lead to more targeted advertising, thus replacing spam with useful pitches. When someone’s selling something you want, it doesn’t feel like spam, rather a useful reminder or a helpful suggestion.
Balancing privacy and spam is where things get tricky though. While I hate spam, I hate feeling intruded upon even more. And I’m not alone. One of the biggest problems internet companies face is finding ways to target advertising without giving their customers the creeps. While companies like Facebook and Google collect huge amounts of information about you, they must walk a fine line in creating targeted advertising: too little and their ads are spammy (and not profitable) and too much and internet users worry about sharing information with these companies.
Which do you prefer: privacy or relevant online content? For many of us, I think the balance falls somewhere in the middle. But, if you want more privacy online there are a few things you can do.
- Opt Out of Behavioral Advertising- In many cases, you can opt out of targeted advertising by making a request to the company. New companies are constantly being added to the list, so you may need to check back often to keep your settings up to date. Generally, the requests must be resubmitted each time you delete your cookies, but some companies do make browser add-ons that will save your advertising preferences when you delete your cookies.
- Check Your Information- Being aware of what information companies have can help you to control what you share. You can view your stored data from Facebook here and from Google by logging in here.
- Avoid Personalization- While personalization can be nice, it comes with a loss of privacy. Companies can’t personalize their content without knowing who you are and what you like. Avoid personalization if you’re worried about privacy. Many companies offer opt-outs for their personalization services. You can learn about opting out of personalization on Pinterest here.
Spam or privacy- which one do you choose?
September 20th, 2013
Allison here. There have been many stories in the news lately about companies who sell your personal information, or those that don’t take many steps to protect it. The infographic below from SIGNix shows what sites may put your information at risk, but also has several affordable tools you can use on your computer and on your phone to protect your data from being tracked. Highlights from the infographic include:
- The NSA Surveillance program can see your Facebook posts, the duration of your phone calls, and the phone numbers you dialed.
- An identity is stolen every three seconds in the United States
September 17th, 2013
Jackie here. It used to be that computer scams and viruses were only a worry for PC users, but lately Mac viruses have been making appearances as well. This “FBI Ransomware” scam is nothing new, but this time it targets both PC and Mac users. If you have a computer, watch out for this scam; we don’t want you to become a victim.
This scam is a common one, popping up from time to time. Here’s how it works: you visit a website and suddenly a window appearing to be from the FBI pops up. The URL is usually some variation of FBI.gov. The message informs you that you have violated the law and that your computer has been frozen. The message instructs victims to pay a fine using a prepaid card to unlock their computer.
This scam might seem scary, but it isn’t actually from the FBI and you don’t need to pay a fine. Paying money via prepaid card will get you nothing, and will set you back financially. The FBI doesn’t freeze computers or solicit fines using this method.
What this scam will get you is a virus, probably some sort of malware. Malware is installed on your computer when you visit certain sites or click on certain links. Paying a fine won’t fix the problem; instead you need to handle this just like you would any virus. Make sure your anti-virus software is up to date and run a scan on your computer. Then head the Better Business Bureau website for step by step instructions to unlock your computer.
Mac or PC, this ransomware scam is no joke. If you come across it, don’t pay the fine and immediately report it.
September 9th, 2013
Jenna here. The NSA encryption-cracking story was a big one last week, so we’ve rounded up our favorite explanations for our readers. We hope this brings some clarity and perspective to the subject.
N.S.A. Able to Foil Basic Safeguards of Privacy on Web, New York Times
The NSA Can Beat Almost ANy Type of Encryption, Gizmodo
Report: NSA Cracked Most Online Encryption, Yahoo!
September 3rd, 2013
Allison here. We’ve talked about online tracking and data collection a lot on this blog, and now we are extending the discussion to online health research. Common websites that many people use to do quick online searches about their health symptoms, such as WebMD, the National Institutes of Health, and Weight Watchers, all have at least one third-party element that tracks user data, research suggests.
About the Health Tracking Research
Marco Huesch, a researcher at the University of Southern California, Los Angeles, conducted preliminary research with 20 high-traffic medical websites to see which ones tracked his data. Of the 20, 13 had third-party elements that tracked user data. Five of the 20 sites had social media plug-ins which can be problematic as they allow tracking whether or not you’re logged in to the social media site. You don’t even have to press the “like” or “share” buttons to get these add-ons to track you.
There aren’t any regulations on this practice, so the best thing for consumers to do is to use free privacy tools to detect the online tracking. DoNotTrackMe and Ghostery were two that Huesch used as part of his research to see the third-party elements that were tracking him. With Do Not Track, you can also tell your browser that you wish to opt out of the third-party tracking.
August 29th, 2013
Jackie here. Are you concerned about privacy when you shop online? If you aren’t, you may want to start thinking about it. Every click is recorded, monitored, and tracked by marketers and others. Protecting your privacy might seem impossible, but it’s not. There are a few strategies you can use to protect your identity when shopping online.
Cookies are small bits of information stored on your computer to help websites recognize you and provide personalized content. Since cookies are used primarily for identifying, they can unmask your anonymity when shopping online. To keep your purchasing and browsing history a little more private, block cookies on your internet browser. This makes it more difficult for marketers and others to keep track of you online.
While blocking (or regularly deleting) cookies is an important step in protecting your privacy, it won’t always stop you from being identifiable. Cookies are easily blocked and deleted, but a new technology is being used that identifies website visitors using the unique aspects of their system (fonts, screen size, etc.). This new method of identifying users is much more difficult to block.
Do Not Track
Another way to tell marketers to get lost is to use the “Do Not Track” setting on your browser. This alerts websites that you do not want your actions tracked online. In most browsers this is a simple setting that you can enable in just a few clicks.
Use a Separate Email Address
Create a separate email account for online shopping. Use this email address when signing up for newsletters, loyalty cards, etc. to shield yourself from unwanted advertisements.
Make Informed Choices
Who is tracking you? You can find out using a free tool known as Ghostery. This browser extension helps you to identify tracking tags so you can remove undesired ones. Knowing who is tracking you and what they are doing with your information will help you make informed choices about your privacy.
Read Privacy Policies
Another important strategy for protecting your identity when shopping online is to familiarize yourself with the privacy policies on the websites you visit. Understand what information they collect, how they collect it and who they will share it with.
Shopping online is anything but anonymous. Try these strategies to protect your identity and fight ID theft.
August 28th, 2013
Allison here. Currently, Google finds and flags over 10,000 suspicious sites each day, but oftentimes you never hear about these sites until you try to access one and see a warning message pop up. Or, worse, you learn the hard way and end up with malware on your computer. A new program developed by Google will help you learn where malware and phishing attacks are coming from before they come to you, as Google adds malware reports to its Transparency Report.
About the new Transparency Report
The new Transparency Report now includes information regarding the number of unsafe websites found each week, the breakdown of how many of these unsafe sites are attack sites or compromised sites, and the average webmaster response time for cleaning up a compromised site. There’s also a new Malware Dashboard, which is designed to assess the state of web security and where malware is distributed across the world. Web users can use this data to learn how many people are receiving warnings, where malicious sites are hosted around the world, and how quickly websites (and how many websites) are being re-infected after having malware removed.
Google updates its reporting weekly. It’s most recent reporting reveals that over 36,000 new malware sites were discovered, over 33,000 of these sites were legitimate sites that were compromised, and that it takes an average of 44 days for a webmaster or website owner to remove the malware. These additions to the Transparency Report should help you protect your computer from malware and other malicious sites that could lead to id theft.
August 22nd, 2013
Allison here. In the past year, over three-fourths of businesses had a mobile security incident of some kind. For almost half of these businesses, the cost of the incident (including fixing the problem, business losses, time spent detecting the problem, etc.) was over six figures. This rise in mobile security breaches is at least partly a result of the increase in the number of mobile devices and other technologies that store information. According to an annual mobile security report produced by Checkpoint Software Technologies Ltd, the main reasons for the high rate of mobile security incidents include:
- More Personal Mobile Devices Connecting to the Corporate Network – When asked, 45 percent of companies that allow personal mobile devices say they have more than 5 times as many personal mobile devices as they had two years ago.
- Corporate Information Not Managed on Mobile Devices – Even with the rise in mobile security incidents, 63 percent of businesses do not manage corporate information on personal devices, leaving it vulnerable to more security breaches.
- Increase in Customer Information on Mobile Devices—More than half of the businesses surveyed stated they store sensitive customer information on mobile devices. This large amount of personal data causes id thieves and hackers to target mobile devices more frequently, as they are a potential gold mine of personal information.
August 20th, 2013
Allison here. Last month, a major legislative update took effect for the Children’s Online Privacy Protection Act, which we’ve talked about before. These new rules make firms more responsible for data collection by third parties, forbidding them from using digital identifiers, like cookies, to track kids and to send ads based on that information. The update also forces companies to delete data they do collect on kids as soon as possible, and to obtain parental permission when websites and apps collect photos or geo-location data from children.
What is COPPA?
Changes to COPPA
These new changes don’t apply directly to sites like Facebook, which technically doesn’t allow children under the age of 13 to create a profile. Yet, the changes might affect app developers and advertisers who target kids on the site, so sites like Facebook (which don’t allow kids, but kids are on anyway) might have to be more restrictive with allowing third party advertisers on their site.
These changes are intended to give parents more control over the data collected from their children while placing more responsibility on web and app companies to protect children online. However, the increased regulation is not foolproof. Experts warn parents that they need to make sure children don’t circumvent these new restrictions, in which parents may need to grant permission for companies to collect info from their children via email, by providing a fake email address. Monitoring children while they are online is still a critical component of keeping them safe, even with these updates to COPPA. The FTC has said that it will “continue to be mindful of the impact of the Rule on businesses”, and will exercise discretion in deciding when and who to punish for any infractions.
August 17th, 2013
Ben here, AllClear ID Investigator. Yahoo announced that they would soon be resetting accounts that have remained stagnant for over a year. This decision would allow active users the opportunity to take over the username of their choice. Yahoo’s senior vice president Jay Rossiter states that this is Yahoo’s “next big push” and they want to give “loyal users and new folks the opportunity to sign up for the Yahoo! ID they’ve always wanted”. However, a change like this brings up ID theft concerns for many people. Yahoo had downplayed these concerns, claiming they have put a lot of thought into this move, and have deemed it a good one.
ID Theft Concerns
The concerns one would have in recycling usernames would be that the new sign-ups with recycled names could go on to take over the personality of the old account owner. Dylan Casey, Yahoo’s senior director for consumer platforms said “Can I tell you with 100-percent certainty that it’s absolutely impossible for anything to happen? No, But we’re going to extraordinary lengths to ensure that nothing bad happens to our users.”
There are other concerns that these dormant accounts are being used as alternate emails for password resets. Users might have registered a Yahoo email as the point of contact in case their other email service was compromised. There have been suggestions that a reset message could either not be received or be received by the wrong person. Additionally, there are concerns that those signing up could be using recycled names and pretend to be the old user, accessing their accounts or personal information. Yahoo stated that they will be notifying other services, such as Google and Amazon, of which accounts have been deactivated. They will also unsubscribe the reused email addresses from mailing lists and marketing opportunities before they are issued to new users.
The first of the sweeps will occur on July 15, with Yahoo already notifying affected users that they have 30 days to log into their account and keep active. “We’ve put a lot of thought, a lot of resources dedicated to this project” Dylan Cassey insisted. Only time will tell if this decision is a good one.
August 2nd, 2013
What is Fingerprinting?
You’d be surprised at how effective this technology is. The Electronic Frontier Foundation found that 94% of computers that use Flash or Java have unique identities. Does your computer? Check out what information you’re sharing (and see if you can uniquely identified) by visiting this site. I was surprised to learn that my computer had a unique identity. One software engineer indicated that fingerprinting allows their company to identify 98% of internet users (odds are you’re one of them).
What Can You Do?
If you’re worried about fingerprinting, the solution isn’t as simple as deleting your cookies. There really isn’t anything you can do about it. Remember that your online activities aren’t anonymous. The best way to protect your online identity from id thieves and hackers is to be smart about the sites you visit and to share personal information only when necessary.
Learn more about fingerprinting here.