November 29th, 2013
Benjamin here, AllClear ID Investigator. In 2011 there was a study that reported 1 in 3 Americans are arrested by age 23. Futhermore, the FBI reports a total of 13,120,947 arrests in the United States for crimes, excluding traffic violations, for the year 2010. Many times, an arrest occurs after a lapse in judgment and will not be repeated. Most people simply want to move on and put the experience behind them. However, in many instances a mug shot and record of the original charge is now on Google for all to see. Making matters worse, the website responsible will only remove it with payment.
Where is the Information Coming From?
The site “Mugshots.com” is where these Google searches are pulling from. Here you find not only the police photo, but also the arrest information as well. Mugshots.com offers an escape link that can remove the information from Google searches within 7 business days for a fee up to $600.00. If an individual wants to file a complaint, they must do so through a licensed attorney–increasing the out-of-pocket expense to remove the image.
The fact that this appears on Google under the person’s name may prohibit potential employers from accepting applications for candidates interested in getting a job. One instance of poor decision making is now availably for all to see online, unless you are able to pay the fees to have the mugshot taken down. The site appears to be following the law and using the Freedom of Information Act to acquire the images and arrest records from the police. A lot of these cases are plea bargained to lesser charges or misdemeanors and some may have even been dismissed by the court or found innocent if a trial was held–this does not prohibit the mugshot from being published.
Recently, Google released an algorithm update that prevents mugshot sites such as these from appearing at the top of their search results in an attempt to offer more online privacy to individuals.
November 25th, 2013
Jenna here. Here are our favorite articles we’ve come across in the last week. We have information about what tech companies are doing to thwart NSA data collection efforts, a disturbing trend called ‘route hijacking’ that could affect data security online, and an interesting perspective on the use of drones.
Twitter Joins Google, Facebook with ‘Forward Secrecy’ Security, NBC News
Where’s Your Data Going? Hacks Redirect Traffic Through Distant Lands, NBC News
Drones Offer Journalists A Wider View, New York Times
November 25th, 2013
Jackie here. You’d be surprised what information hackers can learn about you if they try. An investigative journalist decided to put hackers to the test; the amount of material they were able to obtain in just a short while was astonishing. This journalist’s experiences are probably similar to what most of us would face in the same situation.
Putting Hackers to the Test
The journalist teamed with a group of white hat hackers (the good guys that help companies to protect themselves from potential vulnerabilities) and gave them permission to delve into his life. The only rules: no breaking the law and leave his children out of it. He even kept the process a secret from his wife to keep the experiment as real as possible.
The hackers devised a plan. They researched their target online, looking for potential vulnerabilities. They then used these vulnerabilities and the information gathered to start looking for ways to access the journalist’s information. Some methods failed while others were very successful. Some of the methods employed included dropping a flash drive that would load malware on a computer when plugged in (in hopes someone would find it and open it to look for the owner) and trying to capture information sent over a home Wi-Fi.
With the treasure trove of information we all store electronically, it’s no surprise that the hackers were able to discover a wealth of information about the journalist. They discovered his Social Security number, online banking credentials, Twitter and Facebook logins and much more. The hackers were even able to access Amazon accounts and lock down Apple devices by registering them as stolen.
In an online world, information may not be as safe as you think it is. That’s one reason why each of us must remain vigilant in protecting our identities. Run your credit, monitor your bank accounts, and do all you can to protect your personal information.
November 18th, 2013
Jackie here. I’ve always been intrigued by biometric verification. The thought of never having to remember a password again sounds wonderful, especially on those days when I can’t remember which password I used for an account and am trying to reset it (having a different password for every account gets confusing). Biometric technologies may sound like something from the future, but surprisingly, many are available today. Perhaps someday you’ll be able to use your thoughts instead of a password to login to your Twitter or Facebook account.
This article from the New York Times provides an interesting look into some of the biometric identifiers that are being studied and used. One of the latest to hit the market is Apple’s new fingerprint scanner, but many other biometric options may soon be available for mass market use.
Biometric Technology Possibilities
One interesting option currently in development is a heartbeat monitoring device called Nymi. It’s a small wristband that monitors heart patterns (unique like a fingerprint). The wristband acts as a biometric identifier, creating unique passcodes based on your body’s heart rhythms. When the band is put on, it scans a person’s heart patterns. This verification then remains in place until the band is removed. One of the selling points for the Nymi is the difficulty
in gaining unauthorized access to a heartbeat; fingerprints are left everywhere, but a heart rhythm would require up-close, physical access to copy.
While not yet available, the Nymi will be a fairly affordable choice. Preorders on their website are $79, charged upon shipment in 2014. The complete list of compatible devices, programs, etc. won’t be available until closer to the release date.
Other interesting biometric possibilities include a brainwave scanner under study at the University of California, Berkley and face and voice identification under study by the FIDO Alliance. Some of the more advanced biometric technologies won’t be available for a few years, but it appears this might be an emerging trend in account and password security. Users want an easier (and more secure) solution to passwords and biometric technologies might provide the answer.
November 13th, 2013
Jackie here. Do you read blogs? I do and I often find the comment section more interesting than the post itself. While reading blog post comments isn’t risky in and of itself, it can lead to trouble if you start clicking on links. Links commonly found in blog post comments can lead to malware and phishing sites, potentially increasing your ID theft risk. Enjoy those comments, but be careful!
Malware and Blog Comments- What’s the Link?
Most blogging platforms give commenters an opportunity to link to their own website (or a website of their choosing). This is a helpful feature for bloggers since it helps them to establish relationships with their readers. It can also give fellow readers a chance to discover new blogs and websites in the process.
However people other than bloggers use this feature as well. They may use blogs to build back-links to their website and to promote products and services. Scammers also take advantage of the ability to post on websites with comments. They may post links to spam-related, phishing, or malware sites hoping to lure in a few guests.
Since you have no idea who is actually posting comments on a blog, be careful when clicking on links, especially if the comment looks suspicious. Here are a few tips for recognizing potentially harmful comments:
- Generic Praise- Comments that are very generic may be spammy. Look for comments like, “Excellent post. I enjoyed reading this information.” Generic comments might look like praise, but they are probably there just to promote a link, possibly a dangerous one.
- Blatant Advertising- Another tactic, although much less subtle, is to post ads directly in blog comments. These ads may direct readers to sites for weight loss products, work from home opportunities, etc. These ads are often caught and removed by bloggers, but may slip through if a blogger doesn’t regularly monitor their comments.
- Keyword Links- Another tactic involves linking to keywords in a comment. You click on a keyword to follow the link and could potentially end up installing malware on your computer.
Enjoy reading blog comments, but do so with caution. You never know where scammers, spammers and ID thieves are lurking.
November 11th, 2013
Jackie here. Do you ever post something online and then wish you could make it go away? A new California law will give teens this very right. It entitles teens to assistance in erasing online postings they later regret. This law has the potential to help protect teens from ID theft as well as future embarrassment. The law was signed in late September and will go into effect January 2015.
About the Law
The law requires online platforms directed at minors to offer an option for deleting content they later regret. While online privacy laws like COPPA apply only to children to under 13, this law applies to all minors (those under the age of 18). It’s an important protection for teens who sometimes post before they think.
In addition to requiring sites to assist teens with deleting postings, the law also adds prohibitions for the online advertising of things like guns and alcohol to those under 18. The law does not require sites to remove information about a minor posted by someone else or to remove content for which a minor was paid.
Implications for ID Theft and Privacy
Even with this new law, teens still need to think before they post online. While the law will enable teens to remove information they post themselves, there are no protections for information posted by others. This means that embarrassing party shots or inappropriate video could still make its way online. In addition, posts with your location or personal information can still find its way into the wrong hands, leading to ID theft. Content has a way of going viral, and once this happens you can’t always get it back.
While the law does give teens new options for deleting information posted online, it is important to remember that many social media websites already offer options for deleting and cleaning up profiles which are available to us all, young and old. Teens aren’t the only ones that post things online that shouldn’t and we should all take time to examine our social media profiles and clean up any sensitive or embarrassing information. Knowing what you’re posting and who can see it is an important part of protecting yourself from ID theft and maintaining a good online presence.
November 7th, 2013
Jackie here. Are your kids online? Have you taken the opportunity to teach them about the dangers lurking on the internet? Today’s online kids need to be aware of predators, bullies, scams and of course identity theft. Here are some tips for introducing your child to the internet, specifically where their identity is concerned.
Before letting your kids online, set boundaries with them. Establish family guidelines for when they can use the internet, what sites they can visit, and what they can share online. For example, you may want to have younger children wait until they are a bit older before allowing them to use social media websites.
Crucial to your child’s online safety is the ability to determine what they can safely share. Sharing personal or family information has the potential to lead to ID theft. Help your children to learn appropriate sharing by creating guidelines for what they can and cannot share.
Teach About Links
Following malicious links can lead to malware and other viruses being installed on your family’s computer. Teach your children about links and explain that not all links are safe to follow. Consider giving your children, especially young children, a list of sites that are safe to use. You may also want to create guidelines for which purposes they can access the internet (school, research, etc.).
Monitor Their Usage
Social media carries many identity theft risks. If you allow your child to use sites like Facebook and Twitter, monitor their accounts closely. Be sure to look at privacy settings to ensure they aren’t sharing information without knowing it.
Teach your children to be choosy about their Facebook friends. Teach them to avoid accepting friend requests from strangers and those they don’t know very well.
Keep the Computer Visible
Having the family computer in a visible and accessible area (like the family room) is a good way to foster communication and encourage questions. Let your children know that you will be checking in on them and help them with questions and problems they may encounter.
Install Monitoring Software
You may want to use monitoring software to keep tabs on your child’s internet usage. Pay attention to the sites they visit and consider blocking sites that you don’t feel comfortable with your child using. Children often aren’t aware that they are visiting a site that can be unsafe, so it’s a good idea for parents to keep tabs on this as well.
Teach About ID Theft
ID theft is a serious risk online, even more so for children. Teach your child about common ID theft risks like phishing, malware, etc. This article from the Identity Theft Resource Center has great resources for teaching children about cyber security.
Before your child gets online, make sure they are ready. For more tips, check out this article from the Better Business Bureau..
November 6th, 2013
Jenna here. We have 3 great articles for our readers this week. There’s an informative read about why complying with new children’s online privacy rules may be more difficult than anticipated, a security warning for android smart phone users, and evidence that suggests most Americans actually support the NSA spying efforts if it means increased security. Take a look!
Want to Comply with Online Privacy Laws for Kids? Good Luck!, BloombergBusinessweek
Custom Features Incur Security Flaws In Popular Android Smartphones, Security Dark Reading
Poll: Public Supports NSA Spying On Their Email, Neighbors and Foreign Leaders, TechCrunch
October 28th, 2013
Allison here. Cybersecurity Awareness Month is almost over, but knowing about cyber security and how it affects is relevant year-round. The security of websites, Internet connections, and the businesses you frequent all affect how secure your personal information and identity are. Here are nine cybersecurity facts that you need to be aware of:
- The federal government has suffered a nearly 680 percent increase in cyber security breaches in the past six years. (Face the Facts USA)
- Sean Henry, an assistant director of the FBI, says that so far this year, cyber criminals have stolen over $100 million from US banks. (The Congressional Cybersecurity Caucus)
- The financial industry successfully withstood three waves of distributed denial of service attacks beginning in September 2012. (Banking.com)
- Nation-states, not hackers, are most likely to launch successful cyber terrorist attacks against classified networks and critical infrastructure. They have the necessary discipline, resources, and commitment. (CIO.com)
- About 10% of all social media users have received a cyber-threat. More than 600,000 accounts are compromised every day on Facebook alone. (Floridatechonline.com)
- A whopping 59% of employees steal proprietary corporate data when they quit or are fired. (Ponemon Institute)
- The National Nuclear Security Administration, an arm of the Energy Department, records 10 million attempted hacks a day. (Defense News)
- 53% of U.S companies expressed little to no confidence to stopping security breaches in the next 12 months. (Rolandtech.com)
- The estimated annual cost of global cybercrime over $100 billion. (Go-gulf.com)
October 22nd, 2013
Aaron here, AllClear ID Investigator. Pennsylvania’s Commonwealth Computer Recycling, has discovered a security risk for individuals attempting to recycle their computers and electronics in the state.
While the company recognizes the importance of following the statewide Covered Device Recycling Act, this law prohibits people from putting electronic devices in landfills to protect the environment. However, this law leaves citizens responsible for properly disposing of their computer’s information. If an electronic device isn’t disposed of properly, it can open the door for ID theft due to the wealth of personal information that many people store on their devices today. In many cases, the trouble starts with recycling programs that do not have the security needed to correctly dispose of computers and devices holding sensitive data.
Customers looking to recycle their computer or device are often asked to drop their items off at an unsecure location. Those items are sometimes picked through for those deemed valuable–most of the time this includes items such as cell phones and laptops that often contain a wealth of personal information.
It is recommended that individuals wishing to dispose of electronics do so at events held by certified recyclers. All employees at Commonwealth Computer Recycling undergo rigorous background checks and the company offers onsite hard drive disposal to ensure safe handling. Events are held throughout the year and participants can watch as their hard drives are destroyed on site. If you are not a Pennsylvania resident, look for certified electronics recyclers in your area before you choose to dispose of your old electronic device.
October 18th, 2013
Jackie here. Facebook’s privacy policies are under fire again, this time from the FTC. The government organization is examining whether Facebook’s new policy is in violation of their 2011 agreement with regulators. With so much personal information at their access, Facebook’s privacy policies seem to be constantly under dispute; keeping up to date with what Facebook shares is important in protecting your personal information and your identity.
Changes to the Policy
One of the changes that is bringing about the most controversy involves Facebook’s ability to use personal information for advertising. The change grants Facebook permission to use a person’s name, image, and Facebook content for advertising purposes. Although this was already allowed under the old policy, the wording has been changed, removing terms like “subject to the limits you place”. This removes the user’s ability to opt out and control this feature as much and grants Facebook broad rights to use their users and their associated content for advertising.
Another big change drawing fire is also related to advertising, but involves the privacy rights of minors. By accepting the data use policy parents agree to grant Facebook the right to use their minor child for advertising.
The changes have infuriated privacy groups and others. More than 20 groups that advocate for teen rights (including the American Academy of Pediatrics and the National Coalition for Youth) have asked the FTC to block the proposed changes. Facebook claims the changes were required as a part of their recent settlement for privacy violations.
Finding the balance between privacy and profitability has proved difficult for Facebook. Whether or not these changes do in fact go into effect, they do provide a great reminder to examine your privacy settings and to avoid sharing anything you don’t want the world to know online.
October 16th, 2013
Tamara here, AllClear ID Investigator. Almost everyone has an email account, and is aware that it may be targeted by cyber criminals in a number of ways. Here, I am going to provide a few tips that will help prevent you from falling victim to a cyber criminal.
Tip #1: Your user ID and password are the gateway to your email. To prevent your email being hacked, it’s smart to have a complex password. A complex password usually consists of letters, numbers, and symbols, does not repeat your user name, and does not include your personal information (name, date of birth, etc.). In addition, try to avoid using your email for multiple accounts, and definitely avoid using a password that has previously been compromised. Using multi word phrases which are phonetically spelled make for strong passwords, also. Using a password manager will help you choose a password and store it for later use, a great tool for keeping track of your more complex passwords.
Tip #2: The devices where you access your email themselves may be a risk factor. Public networks, or even your personal smartphone or computer, may be infected with malware or keyloggers, giving the criminals access to all information there. It is always a good idea to not check your email from a public computer. Be sure the operating system of your device is updated.
Tip #3: Be wary of phishing and scam emails. Don’t open an email from a suspicious source, and don’t click on links from emails that you don’t recognize. For example, you get an email from someone claiming to be one of your friends or family members stating they are stranded and need money. The best thing to do is to call that person, or reach out to them in another method, as that person’s email most likely has been hacked and is being used by a criminal. Before sending any money or agreeing to any contracts, research and confirm it is not a scam.
Tip #4: Inbox maintenance is also important. Remember that old email from years ago which contains your or your contact’s personal information? Yes, delete that (and then remove it from the trash bin). If your account does end up getting hacked, that information will not be compromised.
Tip #5: Finally, you’re done accessing your email. Log out to prevent others from accessing it. Here’s to being on top of the game!
October 9th, 2013
Jenna here. We’ve talked about talked about War Driving before, but we recently stumbled across a YouTube video that shows just how easy it is for experienced hackers to commit this crime. If you haven’t already, check out our first post to find tips about how to secure your home network to make sure you don’t fall victim to this ID theft tactic.
September 25th, 2013
Jackie here. Do you store your personal information in the cloud? The internet has made it easy to access files from almost anywhere: I can check my email when I’m on vacation, and share files easily with coworkers and friends. Cloud computing is certainly convenient, but some people worry about storing their information and important files online. They want to have more control of their information, and are willing to sacrifice the convenience of cloud computing for the privacy of traditional storage.
If you want to keep your files off the internet and avoid the cloud, check out this article from the BBB and try a few of these tips:
- Use Your Hard Drive- If you want to avoid the cloud, use your hard drive instead. Many of the latest computer models have smaller hard drives to account for the increased use of cloud storage. If you want to store all of your files on your hard drive, choose a computer with a large enough hard drive or utilize external storage options.
- Skip Online Storage Programs- While there are many great options for storing your files online, you’ll find that there are plenty of options available for storing information on your computer as well. Instead of Flickr for photo storage, try iPhoto. Microsoft Word is a good alternative to Google Docs. Rather than sharing files with Dropbox, use an encrypted USB drive. You might have to do a little more research to find the best programs to use, but there are many alternatives to cloud storage if you’re willing to seek the options out.
- Use Desktop Email- Web based email providers store your emails on the cloud. If you want your emails stored locally, choose a traditional desktop email provider like Outlook. Be aware though that if your computer crashes, you might lose all of your email files if they aren’t backed up. If you don’t use cloud storage, backup is very important.
If you want to increase your privacy and control where your files are stored, these tips will help you limit your reliance on cloud storage.
September 23rd, 2013
Jackie here. Pick your poison: privacy or spam. I’ve never really viewed the two as being linked until I stumbled across an interesting article on Forbes. The article explains that information gathering can lead to more targeted advertising, thus replacing spam with useful pitches. When someone’s selling something you want, it doesn’t feel like spam, rather a useful reminder or a helpful suggestion.
Balancing privacy and spam is where things get tricky though. While I hate spam, I hate feeling intruded upon even more. And I’m not alone. One of the biggest problems internet companies face is finding ways to target advertising without giving their customers the creeps. While companies like Facebook and Google collect huge amounts of information about you, they must walk a fine line in creating targeted advertising: too little and their ads are spammy (and not profitable) and too much and internet users worry about sharing information with these companies.
Which do you prefer: privacy or relevant online content? For many of us, I think the balance falls somewhere in the middle. But, if you want more privacy online there are a few things you can do.
- Opt Out of Behavioral Advertising- In many cases, you can opt out of targeted advertising by making a request to the company. New companies are constantly being added to the list, so you may need to check back often to keep your settings up to date. Generally, the requests must be resubmitted each time you delete your cookies, but some companies do make browser add-ons that will save your advertising preferences when you delete your cookies.
- Check Your Information- Being aware of what information companies have can help you to control what you share. You can view your stored data from Facebook here and from Google by logging in here.
- Avoid Personalization- While personalization can be nice, it comes with a loss of privacy. Companies can’t personalize their content without knowing who you are and what you like. Avoid personalization if you’re worried about privacy. Many companies offer opt-outs for their personalization services. You can learn about opting out of personalization on Pinterest here.
Spam or privacy- which one do you choose?
September 20th, 2013
Allison here. There have been many stories in the news lately about companies who sell your personal information, or those that don’t take many steps to protect it. The infographic below from SIGNix shows what sites may put your information at risk, but also has several affordable tools you can use on your computer and on your phone to protect your data from being tracked. Highlights from the infographic include:
- The NSA Surveillance program can see your Facebook posts, the duration of your phone calls, and the phone numbers you dialed.
- An identity is stolen every three seconds in the United States
September 17th, 2013
Jackie here. It used to be that computer scams and viruses were only a worry for PC users, but lately Mac viruses have been making appearances as well. This “FBI Ransomware” scam is nothing new, but this time it targets both PC and Mac users. If you have a computer, watch out for this scam; we don’t want you to become a victim.
This scam is a common one, popping up from time to time. Here’s how it works: you visit a website and suddenly a window appearing to be from the FBI pops up. The URL is usually some variation of FBI.gov. The message informs you that you have violated the law and that your computer has been frozen. The message instructs victims to pay a fine using a prepaid card to unlock their computer.
This scam might seem scary, but it isn’t actually from the FBI and you don’t need to pay a fine. Paying money via prepaid card will get you nothing, and will set you back financially. The FBI doesn’t freeze computers or solicit fines using this method.
What this scam will get you is a virus, probably some sort of malware. Malware is installed on your computer when you visit certain sites or click on certain links. Paying a fine won’t fix the problem; instead you need to handle this just like you would any virus. Make sure your anti-virus software is up to date and run a scan on your computer. Then head the Better Business Bureau website for step by step instructions to unlock your computer.
Mac or PC, this ransomware scam is no joke. If you come across it, don’t pay the fine and immediately report it.
September 9th, 2013
Jenna here. The NSA encryption-cracking story was a big one last week, so we’ve rounded up our favorite explanations for our readers. We hope this brings some clarity and perspective to the subject.
N.S.A. Able to Foil Basic Safeguards of Privacy on Web, New York Times
The NSA Can Beat Almost ANy Type of Encryption, Gizmodo
Report: NSA Cracked Most Online Encryption, Yahoo!
September 3rd, 2013
Allison here. We’ve talked about online tracking and data collection a lot on this blog, and now we are extending the discussion to online health research. Common websites that many people use to do quick online searches about their health symptoms, such as WebMD, the National Institutes of Health, and Weight Watchers, all have at least one third-party element that tracks user data, research suggests.
About the Health Tracking Research
Marco Huesch, a researcher at the University of Southern California, Los Angeles, conducted preliminary research with 20 high-traffic medical websites to see which ones tracked his data. Of the 20, 13 had third-party elements that tracked user data. Five of the 20 sites had social media plug-ins which can be problematic as they allow tracking whether or not you’re logged in to the social media site. You don’t even have to press the “like” or “share” buttons to get these add-ons to track you.
There aren’t any regulations on this practice, so the best thing for consumers to do is to use free privacy tools to detect the online tracking. DoNotTrackMe and Ghostery were two that Huesch used as part of his research to see the third-party elements that were tracking him. With Do Not Track, you can also tell your browser that you wish to opt out of the third-party tracking.
August 29th, 2013
Jackie here. Are you concerned about privacy when you shop online? If you aren’t, you may want to start thinking about it. Every click is recorded, monitored, and tracked by marketers and others. Protecting your privacy might seem impossible, but it’s not. There are a few strategies you can use to protect your identity when shopping online.
Cookies are small bits of information stored on your computer to help websites recognize you and provide personalized content. Since cookies are used primarily for identifying, they can unmask your anonymity when shopping online. To keep your purchasing and browsing history a little more private, block cookies on your internet browser. This makes it more difficult for marketers and others to keep track of you online.
While blocking (or regularly deleting) cookies is an important step in protecting your privacy, it won’t always stop you from being identifiable. Cookies are easily blocked and deleted, but a new technology is being used that identifies website visitors using the unique aspects of their system (fonts, screen size, etc.). This new method of identifying users is much more difficult to block.
Do Not Track
Another way to tell marketers to get lost is to use the “Do Not Track” setting on your browser. This alerts websites that you do not want your actions tracked online. In most browsers this is a simple setting that you can enable in just a few clicks.
Use a Separate Email Address
Create a separate email account for online shopping. Use this email address when signing up for newsletters, loyalty cards, etc. to shield yourself from unwanted advertisements.
Make Informed Choices
Who is tracking you? You can find out using a free tool known as Ghostery. This browser extension helps you to identify tracking tags so you can remove undesired ones. Knowing who is tracking you and what they are doing with your information will help you make informed choices about your privacy.
Read Privacy Policies
Another important strategy for protecting your identity when shopping online is to familiarize yourself with the privacy policies on the websites you visit. Understand what information they collect, how they collect it and who they will share it with.
Shopping online is anything but anonymous. Try these strategies to protect your identity and fight ID theft.
August 28th, 2013
Allison here. Currently, Google finds and flags over 10,000 suspicious sites each day, but oftentimes you never hear about these sites until you try to access one and see a warning message pop up. Or, worse, you learn the hard way and end up with malware on your computer. A new program developed by Google will help you learn where malware and phishing attacks are coming from before they come to you, as Google adds malware reports to its Transparency Report.
About the new Transparency Report
The new Transparency Report now includes information regarding the number of unsafe websites found each week, the breakdown of how many of these unsafe sites are attack sites or compromised sites, and the average webmaster response time for cleaning up a compromised site. There’s also a new Malware Dashboard, which is designed to assess the state of web security and where malware is distributed across the world. Web users can use this data to learn how many people are receiving warnings, where malicious sites are hosted around the world, and how quickly websites (and how many websites) are being re-infected after having malware removed.
Google updates its reporting weekly. It’s most recent reporting reveals that over 36,000 new malware sites were discovered, over 33,000 of these sites were legitimate sites that were compromised, and that it takes an average of 44 days for a webmaster or website owner to remove the malware. These additions to the Transparency Report should help you protect your computer from malware and other malicious sites that could lead to id theft.
August 22nd, 2013
Allison here. In the past year, over three-fourths of businesses had a mobile security incident of some kind. For almost half of these businesses, the cost of the incident (including fixing the problem, business losses, time spent detecting the problem, etc.) was over six figures. This rise in mobile security breaches is at least partly a result of the increase in the number of mobile devices and other technologies that store information. According to an annual mobile security report produced by Checkpoint Software Technologies Ltd, the main reasons for the high rate of mobile security incidents include:
- More Personal Mobile Devices Connecting to the Corporate Network – When asked, 45 percent of companies that allow personal mobile devices say they have more than 5 times as many personal mobile devices as they had two years ago.
- Corporate Information Not Managed on Mobile Devices – Even with the rise in mobile security incidents, 63 percent of businesses do not manage corporate information on personal devices, leaving it vulnerable to more security breaches.
- Increase in Customer Information on Mobile Devices—More than half of the businesses surveyed stated they store sensitive customer information on mobile devices. This large amount of personal data causes id thieves and hackers to target mobile devices more frequently, as they are a potential gold mine of personal information.
August 20th, 2013
Allison here. Last month, a major legislative update took effect for the Children’s Online Privacy Protection Act, which we’ve talked about before. These new rules make firms more responsible for data collection by third parties, forbidding them from using digital identifiers, like cookies, to track kids and to send ads based on that information. The update also forces companies to delete data they do collect on kids as soon as possible, and to obtain parental permission when websites and apps collect photos or geo-location data from children.
What is COPPA?
Changes to COPPA
These new changes don’t apply directly to sites like Facebook, which technically doesn’t allow children under the age of 13 to create a profile. Yet, the changes might affect app developers and advertisers who target kids on the site, so sites like Facebook (which don’t allow kids, but kids are on anyway) might have to be more restrictive with allowing third party advertisers on their site.
These changes are intended to give parents more control over the data collected from their children while placing more responsibility on web and app companies to protect children online. However, the increased regulation is not foolproof. Experts warn parents that they need to make sure children don’t circumvent these new restrictions, in which parents may need to grant permission for companies to collect info from their children via email, by providing a fake email address. Monitoring children while they are online is still a critical component of keeping them safe, even with these updates to COPPA. The FTC has said that it will “continue to be mindful of the impact of the Rule on businesses”, and will exercise discretion in deciding when and who to punish for any infractions.
August 17th, 2013
Ben here, AllClear ID Investigator. Yahoo announced that they would soon be resetting accounts that have remained stagnant for over a year. This decision would allow active users the opportunity to take over the username of their choice. Yahoo’s senior vice president Jay Rossiter states that this is Yahoo’s “next big push” and they want to give “loyal users and new folks the opportunity to sign up for the Yahoo! ID they’ve always wanted”. However, a change like this brings up ID theft concerns for many people. Yahoo had downplayed these concerns, claiming they have put a lot of thought into this move, and have deemed it a good one.
ID Theft Concerns
The concerns one would have in recycling usernames would be that the new sign-ups with recycled names could go on to take over the personality of the old account owner. Dylan Casey, Yahoo’s senior director for consumer platforms said “Can I tell you with 100-percent certainty that it’s absolutely impossible for anything to happen? No, But we’re going to extraordinary lengths to ensure that nothing bad happens to our users.”
There are other concerns that these dormant accounts are being used as alternate emails for password resets. Users might have registered a Yahoo email as the point of contact in case their other email service was compromised. There have been suggestions that a reset message could either not be received or be received by the wrong person. Additionally, there are concerns that those signing up could be using recycled names and pretend to be the old user, accessing their accounts or personal information. Yahoo stated that they will be notifying other services, such as Google and Amazon, of which accounts have been deactivated. They will also unsubscribe the reused email addresses from mailing lists and marketing opportunities before they are issued to new users.
The first of the sweeps will occur on July 15, with Yahoo already notifying affected users that they have 30 days to log into their account and keep active. “We’ve put a lot of thought, a lot of resources dedicated to this project” Dylan Cassey insisted. Only time will tell if this decision is a good one.
August 2nd, 2013
What is Fingerprinting?
You’d be surprised at how effective this technology is. The Electronic Frontier Foundation found that 94% of computers that use Flash or Java have unique identities. Does your computer? Check out what information you’re sharing (and see if you can uniquely identified) by visiting this site. I was surprised to learn that my computer had a unique identity. One software engineer indicated that fingerprinting allows their company to identify 98% of internet users (odds are you’re one of them).
What Can You Do?
If you’re worried about fingerprinting, the solution isn’t as simple as deleting your cookies. There really isn’t anything you can do about it. Remember that your online activities aren’t anonymous. The best way to protect your online identity from id thieves and hackers is to be smart about the sites you visit and to share personal information only when necessary.
Learn more about fingerprinting here.
July 31st, 2013
Allison here. When it comes to online safety, not all Internet browsers are created equal. Some people do like to dump on Internet Explorer for being outdated or “oldschool”, but it turns out it’s actually
the best at keeping you safe. Information security research firm NSS Labs, Inc. tested the five leading browsers against a sample of 754 “active and malicious” web addresses to see what percentage were caught by each browser’s defenses. Below is a ranking of browsers by level of protection:
Google Chrome- 83.16%
The primary reason for the huge differences in safety is that Google Chrome, Firefox, and Safari all use Safe Search, a system that blocks URLs labeled as “malicious” in a database compiled by Google. According to the data, this defense alone is only 10% effective at protecting your computer against malware. However, Chrome uses an additional protection that also evaluates the safety of an executable file (such as a malware code embedded in a website) instead of just the URL .
What makes Internet Explorer so effective is that it has its own line of defenses called SmartScreen. It does what Google Safe Search and Download Protection do, but with much more effectiveness. The URL-based portion of the protection system blocked over 83% of the malware. This test only included the latest versions of each of these browsers, so earlier versions may not be as strong in their security.
July 10th, 2013
Jackie here. Recently the FBI issued a warning about criminals using photo sharing sites to spread malicious software and commit fraud. The criminals are using online auction and sale sites to advertise vehicles or other items. They don’t include a picture with the listing and instead provide a link to see pictures in an online gallery or send a photo as an email attachment. The photo sharing sites or attached photos are actually a ploy to infect the victim’s computer.
Once the computer has been infected, the user is automatically directed to copycat sites that appear identical to the site they were using. The fake site is run entirely by the criminals, everything from customer support to recommended payment sources. Any money paid for the item through the recommended escrow service will be lost. The victim loses their money and never receives the merchandise.
Tips for Avoiding this Scam
If you do a lot of buying online, be on the lookout for this scam or similar ones. These tips will help you protect yourself:
- Bargain Prices Might Indicate a Problem- If someone is selling an item for much less than it is worth, it might be a scam. Be cautious of severely underpriced items, especially when shopping online.
- Protect Your Computer- Your computer needs anti-virus protection. Make sure you install a reputable program on your computer and that you regularly update both your anti-virus protection and your firewall.
- Only Click on Trusted Links- When someone emails you a link, be careful. In this scam the link to a photo sharing site can potentially infect your computer with malware, but scams use malicious links. Be very cautious when clicking on links in your email. In some cases it is safer to enter the desired web address yourself rather than following the link.
A picture’s worth a thousand words, but in the case of this scam a picture is worth your identity. Be careful when shopping online and remember if a potential seller is doing things that seem bit strange (like sending you to another site to see pictures) they might be involved in a scam of some sort.
July 9th, 2013
Allison here. Recently, Facebook issued a notification on its blog informing customers about a data breach of sorts that occurred last month. You might have missed it because it was published on a Friday under the title, “Important Message from Facebook’s White Hat Program.” This wasn’t a traditional data breach, and the error has since been fixed, but here’s a quick recap of what happened:
About the Security Flaw
Let’s say that George joins Facebook, and the only contact information he shares is his email. He doesn’t share where he lives, his phone number, where he works, or anything else. Just his email. Now, George’s friend Jimmy joins Facebook and allows Facebook to take a look at his contact list and to cross list all that information. Jimmy has George’s email, but also his phone number, so not only does Facebook suggest that Jimmy and George connect, but it also has that additional information of a phone number associated with George. Facebook, because of the bug that’s now been fixed, now has much more personal information about George than George ever agreed to share with the company.
Now, George and Jimmy have a mutual friend Bob, who also joins Facebook and lets the social network peek at his contact list. Let’s say Bob has additional information on George, such as where he lives and where he works. Because of the cross listing, all that information gets uploaded as well and added on as information about George.
On top of that, Facebook allows you to download your information and to back up everything you downloaded. This is fine, except that part of the bug is that you could actually download more information than you uploaded. So, if Jimmy tried to download what he uploaded, he could actually get everything that Bob uploaded, including that additional information about George that Jimmy didn’t have before.
It’s great that this bug has been fixed, but there is no guarantee that someone didn’t download your information before the bug was fixed. It does not appear that there is any way to discover who has downloaded your information, or what other information could be out there about you other than what you knowingly shared with Facebook. If you are a Facebook user (and if you’re not for that matter), monitor your accounts, email, and junk mail for any signs of id theft.
July 1st, 2013
Jackie here. Protecting your data and keeping it secure from hackers requires constant vigilance. It isn’t enough to simply put a few security practices in place and assume your information is protected. Staying informed about potential security blunders is essential. Hackers are constantly changing their methods and new technologies create new security pitfalls that you should actively safegaurd against.
Your responsibilities for data protection don’t end with your home network. If you own or run a small business, you also have a responsibility to secure your company’s network. Breaches are common, both in small businesses and larger ones. In fact, many business owners make common security mistakes that they don’t realize could potentially compromise their entire network. This article provides great insight into a few solutions for common security problems. Keep reading to learn more below.
Create a Security Policy for Outside Devices
Allowing non-company devices to connect to your company network can potentially bring security problems, especially if the outside devices aren’t properly secured. Bring Your Own Device policies are popular, but if you allow outside devices to connect to your network you need to ensure that these devices meet your security standards. One way to do this is to implement mobile security protocols that protect the network from malware even when outside devices are connecting.
If your company offers Wi-Fi connections to visiting customers, you will also want to take steps to secure your data. Don’t allow customers to connect directly to the company network. Instead set up a guest network that secures confidential company information and protects your network from potentially infected devices.
Think Security When Using the Cloud
Small business owners often utilize the vast storage possibilities and collaboration potential of the cloud. Online storage and collaboration allows small businesses to utilize talent across the world and makes for easy sharing. It’s a great opportunity, but does require a little extra care. If you’re using a cloud-based service, make sure it is properly secured. Choose a professionally maintained system that offers monitoring and firewalls. Additionally, you want your data to be secured and protected. Don’t just choose a cloud service on a whim; carefully research each one’s security practices. When you choose a cloud based service you rely on their security to protect your data.
Test Third Party Apps
Each new program you introduce into your network has the potential to introduce vulnerabilities to your system. It is essential to test each application against your company network. Test each application you use with your network security system to ensure that security protocols are compatible. Don’t allow third-party applications to become the downfall to your otherwise flawless security practices.
Talk to us. How do you secure your small business data?
June 24th, 2013
Jackie here. What type of privacy personality are you? Microsoft recently launched a new privacy tool to help consumers better understand how they share online. The tool uses a simple quiz to assign a privacy type, and then offers tips for your specific style of sharing. While the information provided definitely serves as an advertisement for Microsoft, it is still a good check-in to think about how and what you are sharing online. This article on USA Today has some great information about the new tool.
The Privacy Quiz
If you’re interested in taking Microsoft’s privacy quiz head on over to http://www.yourprivacytype.com/. The quiz is 11 questions covering things like your social media usage, places you access the internet, privacy settings, etc. While taking the quiz, I enjoyed thinking about my various privacy settings and practices, and was even reminded that it had been awhile since I deleted the cookies on my computer. Often, we get so caught up in what we do online that privacy is easy to forget and this quiz serves as a fun reminder.
After the quiz your results will be tabulated and you’ll learn your privacy type. I was considered “Privacy Please” which means that I strive to keep my personal information to myself online. Other privacy personalities you may see include Carefree Surfer, Digital Veteran and The Moderate. What personality are you?
If you have a few minutes to spare and you are interested in exploring a new way to see how you interact online, this privacy quiz might be an interesting activity. Once you learn your privacy type, use this information to create a plan of your own for staying safe online; we have some great tips here on the blog. As the internet becomes a bigger part of our everyday lives, maintaining online privacy is becoming more important as well.