January 31st, 2014
Jackie here. We’ve talked a lot about protecting your kids from identity theft. Have you ever considered the impact your kids might have on YOUR credit score? Children and teens use the internet a lot and if they aren’t careful they could potentially expose people in your house to identity theft. Teach your kids how to stay safe online. This important lesson won’t just protect them, but will protect your identity as well.
To keep your identity safe and teach your kids good online behavior, make sure they understand these essential internet safety rules:
Do your teens know how to create a password? A strong password should be a combination of letters (upper and lowercase), numbers and symbols. Teach your kids to avoid words found in the dictionary, names of pets and nicknames. Any ‘common knowledge’ information that can easily be discovered online by a savvy ID thief (think birthdays and maiden names) should also not be used as passwords. For more password tips, check out these articles on our blog; we talk about password safety often.
Never Download Without Approval
That free game might be a lot of fun, but it could be exposing your computer to spyware and capturing sensitive important entered on your computer. To help you kids to master the art of smart downloading, have them ask you for approval first. You can teach them which downloads are safe and which are identity theft traps—reading the data usage policies of the apps is a good place to look for information about if and how your personal info will be tracked.
Be Careful Who You Friend
Facebook and other social media sites are big draws for teen users. Make sure your children only accept friend requests from actual friends they know in-person. Accepting friend requests from unknown people can expose personal and family information to strangers. Take time to go through your children’s social media accounts with them, making sure that they are using good practices when selecting friends. You may also want to review privacy settings with your teen occasionally.
Don’t Share Personal Information Via Email
Does your child know how to identify a phishing email or a scam? Teach your child how to recognize email scams as children may be more likely to fall victim or to share personal family information that could lead to identity theft.
Teaching your teen good internet practices won’t just protect them; it could also keep you safe from identity theft.
December 2nd, 2013
Jenna here. The news was chock-full of interesting and informative stories for this week, but we’ve managed to narrow down our favorites for you here. We have an article about a new delivery method Amazon wants to use to get packages to you quicker (hint: drones aren’t just a tool for the military to use), and a follow-up to that article about ways drones may actually help you in the future, as well as a great article about online privacy and expert tips on how to increase your own.
Amazon Testing Drones For 30 Minute Delivery Using Service Called Amazon Prime Air, Forbes
Amazon Prime Air, Sushi Delivery and More Ways Drones Might Be Used, ABC News
http://abcnews.go.com/Technology/amazon-prime-air-ways-drones-future/story?id=21070635 (Think of all the privacy implications!)
Online Privacy: How Secure Are You? , The Guardian
November 28th, 2013
Tamara here, AllClear ID Investigator. Documents containing personal information, such as tax returns, birth certificates, living wills, insurance forms, and others, are commonplace in the lives of many people. As ID theft is the fastest growing white-collar crime in the nation, individuals are taking steps to ensure those documents are stored in a secure location. A safe, locked desk or a bank vault may be used for the physical storage of the documents themselves. But what is the most secure way to store sensitive data online?
Online Storage Considerations
The first, and, quite possibly the most important place to start, is to encrypt the data. There are a number of encryption services available. The Advanced Encryption Standard (AES) (used by the National Security Agency) which includes 128, 192, or 256 bits, is recommended. The best method to encrypt the data is to encrypt it offline. Though there are many secure programs available to encrypt the data, they are only as strong as their weakest link. If their sites get hacked, or an employee improperly accesses their data, the data which was uploaded into that system unencrypted is then compromised. Before you choosing an encryption service, be sure to thoroughly research it before enrolling.
Ok, so, now your data is encrypted. Where would one store it? There are services that offer encryption entwined with their technology. Some services only allow you to access the files once they are posted, some offer other individuals (that you determine, such as a family member or legal representative) to access the files. Some cloud services will allow other entities access to your files if they are informed of illegal activity or subpoenaed. Each service offers varying amounts of storage size, and charge different costs.
Whatever your need, take all factors into consideration before choosing the method of the storage of your personal documents, and research your options. Those documents are important, and it’s best to keep them safe, and private.
November 25th, 2013
Jenna here. Here are our favorite articles we’ve come across in the last week. We have information about what tech companies are doing to thwart NSA data collection efforts, a disturbing trend called ‘route hijacking’ that could affect data security online, and an interesting perspective on the use of drones.
Twitter Joins Google, Facebook with ‘Forward Secrecy’ Security, NBC News
Where’s Your Data Going? Hacks Redirect Traffic Through Distant Lands, NBC News
Drones Offer Journalists A Wider View, New York Times
November 25th, 2013
Jackie here. You’d be surprised what information hackers can learn about you if they try. An investigative journalist decided to put hackers to the test; the amount of material they were able to obtain in just a short while was astonishing. This journalist’s experiences are probably similar to what most of us would face in the same situation.
Putting Hackers to the Test
The journalist teamed with a group of white hat hackers (the good guys that help companies to protect themselves from potential vulnerabilities) and gave them permission to delve into his life. The only rules: no breaking the law and leave his children out of it. He even kept the process a secret from his wife to keep the experiment as real as possible.
The hackers devised a plan. They researched their target online, looking for potential vulnerabilities. They then used these vulnerabilities and the information gathered to start looking for ways to access the journalist’s information. Some methods failed while others were very successful. Some of the methods employed included dropping a flash drive that would load malware on a computer when plugged in (in hopes someone would find it and open it to look for the owner) and trying to capture information sent over a home Wi-Fi.
With the treasure trove of information we all store electronically, it’s no surprise that the hackers were able to discover a wealth of information about the journalist. They discovered his Social Security number, online banking credentials, Twitter and Facebook logins and much more. The hackers were even able to access Amazon accounts and lock down Apple devices by registering them as stolen.
In an online world, information may not be as safe as you think it is. That’s one reason why each of us must remain vigilant in protecting our identities. Run your credit, monitor your bank accounts, and do all you can to protect your personal information.
November 19th, 2013
Jackie here. Every time I get on social media I’m surprised to see how many of my friends are sharing scams, potentially risky links, and more personal information than they should. We talk about social media safety often, but all too often we get online and forget. Even those of us that are fairly savvy at recognizing scams can get fooled as identity thieves and scammers improve their tactics. We might talk about the risks of social media often, but it’s always a good time for a reminder.
I recently read an article written for information professionals about the increasing skill behind online attacks.. Today’s scammers don’t just post a link on someone’s Facebook timeline hoping to get a few clicks. They devise careful plans, created to maximize the number of victims and fool even the most cautious internet user. Although the article was written for those managing company networks, it has some great information we can all use to protect ourselves online.
Friends Aren’t Always as They Seem
Social media feels like a safe place. It’s where we go to chat with friends, network with colleagues, and unwind after a long day. Although you may be choosy about who you friend and which pages you like, accounts can be compromised, so don’t just randomly click on links. Thieves want to increase the odds of potential victims clicking on their infected links. They may steal profiles of users with large followings and distribute their links using the stolen profiles. Friends aren’t the only source of potentially risky links. Scammers may also use trusted profiles of large organizations to distribute their content.
Being vigilant before clicking links is important, but it won’t always keep you safe. In addition, be sure that your computer security is up to date. Install and use anti-virus software, make sure your programs are regularly updated and watch for potential problems. Be aware that friends, favorite businesses, and others may be compromised and sharing risky content. Trust goes a long way into making a scam work; social media scams can be so successful because of the natural trust we place in our friends and associates.
Special Interest Sites Are a Target
Another favorite place for scammers this year is special interest websites. These sites may not have a lot of visits from the general public, but they are a popular place for those with specific interests, careers, etc. Scammers choose targeted victims and then devise plans to compromise them through specific websites they are likely to frequent.
This type of attack is known as a watering hole attack. By poisoning a few select websites and installing malware, scammers can gain access to larger websites with stronger security. For example, thieves may target a company that sells security software and that has access to security certificates and login information for other companies. This type of attack can lead to thieves being able to access information they would otherwise be unable to.
Social media and online threats are constantly changing, but their intent is always the same: to steal information and make a profit. Protect yourself online by being aware of the risks and by closely monitoring your personal information to discover problems quickly.
November 18th, 2013
Jackie here. I’ve always been intrigued by biometric verification. The thought of never having to remember a password again sounds wonderful, especially on those days when I can’t remember which password I used for an account and am trying to reset it (having a different password for every account gets confusing). Biometric technologies may sound like something from the future, but surprisingly, many are available today. Perhaps someday you’ll be able to use your thoughts instead of a password to login to your Twitter or Facebook account.
This article from the New York Times provides an interesting look into some of the biometric identifiers that are being studied and used. One of the latest to hit the market is Apple’s new fingerprint scanner, but many other biometric options may soon be available for mass market use.
Biometric Technology Possibilities
One interesting option currently in development is a heartbeat monitoring device called Nymi. It’s a small wristband that monitors heart patterns (unique like a fingerprint). The wristband acts as a biometric identifier, creating unique passcodes based on your body’s heart rhythms. When the band is put on, it scans a person’s heart patterns. This verification then remains in place until the band is removed. One of the selling points for the Nymi is the difficulty
in gaining unauthorized access to a heartbeat; fingerprints are left everywhere, but a heart rhythm would require up-close, physical access to copy.
While not yet available, the Nymi will be a fairly affordable choice. Preorders on their website are $79, charged upon shipment in 2014. The complete list of compatible devices, programs, etc. won’t be available until closer to the release date.
Other interesting biometric possibilities include a brainwave scanner under study at the University of California, Berkley and face and voice identification under study by the FIDO Alliance. Some of the more advanced biometric technologies won’t be available for a few years, but it appears this might be an emerging trend in account and password security. Users want an easier (and more secure) solution to passwords and biometric technologies might provide the answer.
November 11th, 2013
Jenna here. Our favorite articles for the week are here! We have information about how to safely donate to typhoon relief efforts, a surprising story about how often teens worry about online privacy, and a follow-up on the Adobe data breach.
3 Things to Consider Before Donating to Typhoon Haiyan Relief Charities, ABC News
Teens Fret Over Online Privacy, Theft: US Study, Business Recorder
Stolen Adobe Passwords Turn Up on Web, Security Firm Says, ABC News
November 11th, 2013
Jackie here. Do you ever post something online and then wish you could make it go away? A new California law will give teens this very right. It entitles teens to assistance in erasing online postings they later regret. This law has the potential to help protect teens from ID theft as well as future embarrassment. The law was signed in late September and will go into effect January 2015.
About the Law
The law requires online platforms directed at minors to offer an option for deleting content they later regret. While online privacy laws like COPPA apply only to children to under 13, this law applies to all minors (those under the age of 18). It’s an important protection for teens who sometimes post before they think.
In addition to requiring sites to assist teens with deleting postings, the law also adds prohibitions for the online advertising of things like guns and alcohol to those under 18. The law does not require sites to remove information about a minor posted by someone else or to remove content for which a minor was paid.
Implications for ID Theft and Privacy
Even with this new law, teens still need to think before they post online. While the law will enable teens to remove information they post themselves, there are no protections for information posted by others. This means that embarrassing party shots or inappropriate video could still make its way online. In addition, posts with your location or personal information can still find its way into the wrong hands, leading to ID theft. Content has a way of going viral, and once this happens you can’t always get it back.
While the law does give teens new options for deleting information posted online, it is important to remember that many social media websites already offer options for deleting and cleaning up profiles which are available to us all, young and old. Teens aren’t the only ones that post things online that shouldn’t and we should all take time to examine our social media profiles and clean up any sensitive or embarrassing information. Knowing what you’re posting and who can see it is an important part of protecting yourself from ID theft and maintaining a good online presence.
October 14th, 2013
Allison here. A new study from USC researchers found that in a sample of 15 million tweets, about one in five revealed the tweeter’s location through the tweet. Although that 20% includes tweets that are intentional, such as those saying the person is at a great new restaurant or celebrating a home run at a baseball game, some of these tweets also divulged location inadvertently.
About six percent of users opt-in to Twitter’s platform to broadcast their location with every tweet. Most of the 20% divulged their physical location directly through active location monitoring or social check-ins. However, about 2% of these are inadvertent, where location is revealed through the use of a hashtag, for example.
To find out if you’ve been sharing too much location information on your Twitter account, the researchers have developed a free tool called Geosocial Footprint to assess the location footprint of your account. The tool assesses your 200 most recent tweets for signals similar to the ones they researched, and then analyzes your risk and offers suggestions on how to minimize your risk. Remember, even though your social media networks can make you feel safe, you may be inadvertently increasing your risk of ID theft.
August 29th, 2013
Jackie here. Are you concerned about privacy when you shop online? If you aren’t, you may want to start thinking about it. Every click is recorded, monitored, and tracked by marketers and others. Protecting your privacy might seem impossible, but it’s not. There are a few strategies you can use to protect your identity when shopping online.
Cookies are small bits of information stored on your computer to help websites recognize you and provide personalized content. Since cookies are used primarily for identifying, they can unmask your anonymity when shopping online. To keep your purchasing and browsing history a little more private, block cookies on your internet browser. This makes it more difficult for marketers and others to keep track of you online.
While blocking (or regularly deleting) cookies is an important step in protecting your privacy, it won’t always stop you from being identifiable. Cookies are easily blocked and deleted, but a new technology is being used that identifies website visitors using the unique aspects of their system (fonts, screen size, etc.). This new method of identifying users is much more difficult to block.
Do Not Track
Another way to tell marketers to get lost is to use the “Do Not Track” setting on your browser. This alerts websites that you do not want your actions tracked online. In most browsers this is a simple setting that you can enable in just a few clicks.
Use a Separate Email Address
Create a separate email account for online shopping. Use this email address when signing up for newsletters, loyalty cards, etc. to shield yourself from unwanted advertisements.
Make Informed Choices
Who is tracking you? You can find out using a free tool known as Ghostery. This browser extension helps you to identify tracking tags so you can remove undesired ones. Knowing who is tracking you and what they are doing with your information will help you make informed choices about your privacy.
Read Privacy Policies
Another important strategy for protecting your identity when shopping online is to familiarize yourself with the privacy policies on the websites you visit. Understand what information they collect, how they collect it and who they will share it with.
Shopping online is anything but anonymous. Try these strategies to protect your identity and fight ID theft.
August 22nd, 2013
Allison here. In the past year, over three-fourths of businesses had a mobile security incident of some kind. For almost half of these businesses, the cost of the incident (including fixing the problem, business losses, time spent detecting the problem, etc.) was over six figures. This rise in mobile security breaches is at least partly a result of the increase in the number of mobile devices and other technologies that store information. According to an annual mobile security report produced by Checkpoint Software Technologies Ltd, the main reasons for the high rate of mobile security incidents include:
- More Personal Mobile Devices Connecting to the Corporate Network – When asked, 45 percent of companies that allow personal mobile devices say they have more than 5 times as many personal mobile devices as they had two years ago.
- Corporate Information Not Managed on Mobile Devices – Even with the rise in mobile security incidents, 63 percent of businesses do not manage corporate information on personal devices, leaving it vulnerable to more security breaches.
- Increase in Customer Information on Mobile Devices—More than half of the businesses surveyed stated they store sensitive customer information on mobile devices. This large amount of personal data causes id thieves and hackers to target mobile devices more frequently, as they are a potential gold mine of personal information.
August 8th, 2013
Allison here. Wouldn’t it be great if there was a website where you could download and access all the information that companies and data brokers have acquired from you online? Then, after you have access and have seen this information, you can pick and choose what you want to share and for what purpose? Well, FTC Commissioner Julie Brill has come up with just this idea, and is pushing the ‘Reclaim Your Name” concept to give consumers more control over their data.
About Reclaim Your Name
Reclaim Your Name is intended to allow consumers more control over the data companies have about them, and even to tell certain companies not to use their data if it’s being used for marketing purposes. Consumers would also be able to find out how brokers are collecting data and to correct errors in information used for major decisions such as credit, insurance, and employment. Although the campaign has been ongoing for a year now, Brill says that some industry leaders have expressed interest in the idea. Privacy policies and data brokerage have been scrutinized for the past year by the FTC as well as representatives in the House and Senate, placing more pressure on companies to change their big data practices.
So far, Reclaim Your Name seems to be gaining popularity. Time will tell whether or not this program becomes reality, and what impact it will have on big data, privacy, and id theft.
August 2nd, 2013
What is Fingerprinting?
You’d be surprised at how effective this technology is. The Electronic Frontier Foundation found that 94% of computers that use Flash or Java have unique identities. Does your computer? Check out what information you’re sharing (and see if you can uniquely identified) by visiting this site. I was surprised to learn that my computer had a unique identity. One software engineer indicated that fingerprinting allows their company to identify 98% of internet users (odds are you’re one of them).
What Can You Do?
If you’re worried about fingerprinting, the solution isn’t as simple as deleting your cookies. There really isn’t anything you can do about it. Remember that your online activities aren’t anonymous. The best way to protect your online identity from id thieves and hackers is to be smart about the sites you visit and to share personal information only when necessary.
Learn more about fingerprinting here.
July 31st, 2013
Allison here. When it comes to online safety, not all Internet browsers are created equal. Some people do like to dump on Internet Explorer for being outdated or “oldschool”, but it turns out it’s actually
the best at keeping you safe. Information security research firm NSS Labs, Inc. tested the five leading browsers against a sample of 754 “active and malicious” web addresses to see what percentage were caught by each browser’s defenses. Below is a ranking of browsers by level of protection:
Google Chrome- 83.16%
The primary reason for the huge differences in safety is that Google Chrome, Firefox, and Safari all use Safe Search, a system that blocks URLs labeled as “malicious” in a database compiled by Google. According to the data, this defense alone is only 10% effective at protecting your computer against malware. However, Chrome uses an additional protection that also evaluates the safety of an executable file (such as a malware code embedded in a website) instead of just the URL .
What makes Internet Explorer so effective is that it has its own line of defenses called SmartScreen. It does what Google Safe Search and Download Protection do, but with much more effectiveness. The URL-based portion of the protection system blocked over 83% of the malware. This test only included the latest versions of each of these browsers, so earlier versions may not be as strong in their security.
July 3rd, 2013
Jackie here. Last year, Allison wrote an insightful article about online tracking here on the AllClear ID blog. Since that time, many privacy advocates have been working to find a solution to the increasing problem of online tracking. Talks have been in the works for almost two years now to create an international Do Not Track standard, but little progress has been made since the parties involved have difficulty agreeing on the best way to provide privacy protections to internet users.
Early in May, the parties involved sat down for a face-to-face meeting to further negotiate tracking standards. Reaching a consensus has been difficult since different parties have different concerns. Advertisers, for example, want it to be difficult to turn off online tracking, while privacy advocates want the process to be simple. The May meeting was called to determine if a compromise could be reached, and if talks should continue or if they should stop negotiations. After much debate, it was concluded that talks should proceed in an effort to meet the industry’s July deadline.
A July 2013 deadline is in place for the new standards to be created and much will be needed to achieve this goal. The W3C, an online organization spearheading the talks, published some of the details on a recent blog.. Here are a few highlights:
• Do Not Track Should Be User Choice- DNT settings need to reflect a choice by internet users. The industry is working to explore anti-tampering measures to ensure that DNT settings reflect a user’s actual choice.
• Data Retention Periods Will Be Explored- Collected data should be stored for specific periods of time. They plan to work on creating guidelines for data retention timelines and transparency guidelines so users understand how long collected data will be stored.
Will the industry be able to come to a Do Not Track consensus before their July 2013 deadline? For the deadline to be met, all parties involved will have to be open to compromise. It will be interesting to see what solutions the W3C can create to help better protect our online privacy. Learn more here.
June 13th, 2013
Allison here. Facebook cloning is a new type of identity theft where someone creates an exact replica of your profile and sends friend requests to all of your friends. It’s not hard to do, as the cloner simply needs to add you as a friend, copy and paste the information, and he or she has everything to create the clone. This form of id theft doesn’t just hurt you, but it can also hurt your friends and family.
A resident of Hawaii had this happen to her around a month ago. She discovered the scam when a friend of hers said he had given the clone his credit card number, after her clone account requested it. As the scammer behind the clone account had all of the woman’s profile information, he or she was able to replicate the profile perfectly, making friends and family think it was a legitimate account.
There are three primary ways to stop this from happening to you:
- The first is to remove your email from your Facebook profile. Once a possible cloner or hacker has access to this, then it’s only a matter of time before s/he guesses the password and gets in.
- The second is to change the privacy setting on your profile. Make it so that only friends can see what you post.
- The third is to add only people you know and trust. Since cloners get to your information by adding you as a friend, you want to avoid adding people you don’t know.
April 30th, 2013
Allison here. In less than a year, Microsoft will terminate extended support for Windows XP. This means more than just a lack of help for the 39% of people who use XP as their operating system; it also means a potential lack of security. Once the support ends, there won’t be any more security updates, so those still running Windows XP will be extremely vulnerable to malware, viruses, and other problems.
Windows XP may be popular, and a very good operating system, but it may be time to start thinking about switching to a new operating system in preparation for this end of support. It’s over a decade old, and Microsoft had extended the deadline for terminating support more than once. However, it’s unlikely that Microsoft will keep security support going, despite XP’s popularity. There are several upgrades to choose from, such as Windows 7 and Windows 8, or Vista.
Update all of your tech gadgets
While you’re at it, it may be a good idea to upgrade all of your Microsoft products. Actually, it’s probably best to upgrade or update all of your computer and tech gadgets, whether it’s through downloading the latest version or the newest security patches, or another method of boosting your security. It turns out that a lot of Microsoft is terminating its extended support for a lot of products over the next 18 months, so upgrading your support as soon as possible is a great idea.
Overall, the end of many of Microsaoft’s security updates highlights the importance of updating your programs, and of having technology that can handle the latest upgrades (I dumped my Mac a few years ago because it could no longer handle my Internet browser updates). In protecting yourself from id theft, hackers, and scammers, it’s not just a matter of having the latest version of a product, or the sleekest design.
April 19th, 2013
Tamara here, AllClear ID Investigations. The internet is a wonderful thing, and many people perform financial transactions and other tasks requiring personal information, passwords, and user names online daily. However, there are the cyber criminals who are looking to capture that information for illegal use, making the internet a tool we should use with some caution. One of the many tricks criminals and id thieves try to use to capture our information is called a keylogger.
Keyloggers can be installed manually by the criminal or inadvertently by the user from a malicious website or email. Once installed, the program will record each keystroke made, giving the id thief access to user names, passwords, and any other information that is typed into the computer.
One way to combat this is to use an anti-virus or anti-malware software that will scan for harmful programs such as keyloggers, and hopefully catch them before any data is transmitted. Another approach would be to use keystroke encryption. With keystroke encryption, it would not matter whether or not a keylogger is installed on the device, your data would be protected from unwanted access.
What is Keystroke Encryption?
Keystroke encryption happens between the hardware and the operating system of the computer. When you type the keystrokes, they are encrypted before being sent to the application you are using, and will appear as gibberish to anyone who is monitoring your computer. There are a number of different companies offering keystroke encryption technology to install on your computer, and most of the options are fairly inexpensive. Keystroke encryption can be a useful tool in the fight against id theft, and is something we think warrants some thought.
April 11th, 2013
Jenna here with AllClear ID. The law surrounding email and online communications privacy may soon undergo changes, as many lawmakers feel our current law, the Electronic Communications Privacy Act of 1986, is severely outdated. In late March, the House Judiciary Committee will hold the first of several hearings to consider whether to increase protections for emails and electronic communication, boosting online privacy.
The Current Law
Under the Electronic Communications Privacy Act, the only law currently on the books, police need a subpoena, issued without a judge’s approval, to read emails and electronic communications that have been opened, or that are more than 180 days old. Many privacy advocates argue that this law is out of date, and needs to be modernized to “reflect our current digital economy”, in the words of House Judiciary Committee Chairman Bob Goodlatte.
To update our existing bill, legislation requiring police to obtain a warrant (issued by a judge) before accessing any private online communications was put forth for committee to consider in a series of hearings. These hearings will provide a chance to discover other lawmakers’ opinions on increasing the privacy standards, as well as to determine whether or not the legislation would face strong opposition from law enforcement groups.
While it will take time before any decision is reached on the legislation, it appears to be a step toward protecting online communications from unnecessary access. We will keep you updated with news about the proposed legislation as it comes out. What do you think of the proposed changes?
April 8th, 2013
Jackie here. Facebook is a place to connect and share with friends, family and associates. We’ve talked before about the importance of managing your Facebook privacy settings and carefully choosing the information you post online. A recent study suggests that many Facebook users are sharing more than they used to, especially with those you might not realize you’re sharing with: app developers, Facebook itself, and advertisers.
The study takes a in-depth look at the evolution of Facebook and the data users have shared from its early days in 2005 until 2011. The study specifically examined what users from Carnegie Mellon University shared. They choose several different pieces of information (like address, phone number, etc.) to compare over the years throughout their data set.
Evolution of Facebook
It’s important to note that during this time Facebook has evolved dramatically. Once it was a social experience for college students only, and now it has become the go-to social network for people across the world. The information early users shared was visible only to those in their university network, while it now (depending on privacy settings) can be seen by practically anyone. As Facebook has evolved so has the way we share; after all, the purpose of social networking is to learn about and share with others.
We Share Less with Unknown Users
As Facebook evolved, the information people openly shared with the public (those not in our networks) decreased dramatically. This could be due, in part, to more privacy controls and a better understanding of how sharing information can lead to id theft. Even as Facebook created new categories for sharing information, the amount of public information has decreased.
We Share More with Friends and ‘Silent Listeners”
As more opportunities to share information were created, people started using privacy controls to share less with the public, but they began sharing more with their friends. This means more information is available, even if it isn’t visible to the public. ‘Silent Listeners’ are those that can see Facebook data that aren’t on your friends list. They include Facebook, advertisers, and app developers. Changing privacy settings and policies have encouraged users to share more with these types of listeners, even though users might not know it. Third party ‘silent listeners’ may have access to a great amount of data about you and your friends including birthdates, anniversaries, ‘likes’, and more.
Knowing what we share online is important for id theft protection. As social networking sites like Facebook evolve, it is important for us to constantly evaluate what we are willing to share. This study provides an interesting look to how we share and interact on Facebook.
April 5th, 2013
Jackie here. I love public Wi-Fi. It’s nice being able to connect to the internet on the go without having to worry about how many bytes I have left on my data plan. Businesses are starting to take note, and free Wi-Fi hotspots are popping up everywhere from the local coffee shop to the library, and even at parks around the country. But, this convenience does come with some risk. How do you keep yourself and your identity safe when using public Wi-Fi? Here are a few tips:
- Choose Secure Hotspots When Possible- Secure Wi-Fi hotspots are your safest choice when sending sensitive information. Look for hotspots that use WPA encryption and require a password to log-in. If you aren’t using a secure hotspot, know that your information may be at risk and be selective about the sites you visit and the information you share. Watching a video on YouTube will put you at less of a risk for id theft than logging into your bank account over an unsecured connection.
If you aren’t using a secure hotspot:
- Choose Https Over Http- There is an easy way to tell if you are using a secure website. Look up at the web address and see if it begins with http or https. That little ‘s’ tacked onto the end means extra security for you. On many sensitive sites like Facebook and Gmail, you can choose to always have an https connection by changing your security settings. If you’re using public Wi-Fi, https is always the safest choice for sending sensitive information or logging into sites that contain your info.
- Get a One Time Log-In- Some accounts may offer a one-time password if you’re worried about security. For Facebook send ‘otp’ in a text message to 32665 from a mobile number linked to your account (you may be charged, depending on your plan). This service may be available for some of your other accounts; contact the company and ask if it’s available.
- Log Out of Accounts- When you finish using an account, log out. Staying logged into accounts when using unsecured Wi-Fi could potentially allow hackers or id thieves to access the information inside. An easy solution: stop using automatic log-ins and log yourself in and out each time you need to access an account.
- Consider a VPN- A VPN, or a virtual private network, turns an unsecured internet connection into your own private oasis. It automatically encrypts information coming in and out of your computer, providing you with identity theft protection even when you aren’t using a secure W-Fi- hotspot. A VPN is a great choice for those that regularly connect online using Wi-Fi. Check out this great article on our blog for more information about VPNs.
- Stay Updated- Malware, viruses, and other dangers to your computer can be waiting for an unsuspecting Wi-Fi user so they can attack. Anti-virus software and the latest updates on your computer and firewall are essential. Before using an unknown Wi-Fi connection make sure your computer is up to date and if you’re prompted to install an update over a Wi-Fi connection, make sure you trust the source
Wi-Fi certainly is convenient and if you’re careful, can be a safe way to connect and share when you are on the go. Just remember the risks and be aware that the things you access might be visible to hackers and identity thieves.
For more information check out this article from the FTC; the accompanying video has some especially great tips.
March 28th, 2013
Jackie here. Have you signed up for an online Social Security account? Earlier this year Social Security announced that the agency is expanding the services available online for those with a my Social Security account. These accounts aren’t just for those receiving benefits; anyone over 18 can sign up for an account by visiting www.socialsecurity.gov/myaccount. If you have an account, or would like to sign up for one, here are some things to keep in mind to protect your privacy:
Create Your Account and Keep It Safe
When you sign up for an online social security account, you will be asked to provide some personal information to verify your identity. Once you’ve been verified by the system you will then create a username and password. When creating passwords for sensitive accounts like this one, a secure password is essential. Here are some tips for creating your password:
- Don’t Reuse- Remembering a variety of different passwords is difficult, but it is important for keeping your identity safe. Don’t reuse the password that you use on other accounts and never use words or simple phrases that id thieves can easily guess.
- Combine Letters, Numbers, and Symbols- A combination of letters (both upper and lowercase), numbers, and symbols will make your password safer. Rather than tacking a symbol at the end of your password, mix things up and intersperse each element throughout the password. For other great password tips head to our blog.
Always keep your login information for this account personal, just like you would your social security number. Be on the alert for phishing emails since there have been reports of scam emails that appear to be from my Social Security. Don’t sign up for accounts for anyone but yourself, even if someone asks for your help.
Look for Signs of ID Theft
These online Social Security accounts potentially hold some benefits for id theft prevention. Previously, your Social Security Earnings Statements would only come every few years, but with an online account, you can check as often as you like. Keep an eye out for employers you have never worked for on your benefits statement, this could be a sign of id theft. In addition, check on your benefit information at least once a year to ensure no one else is claiming benefits using your identity.
As with any online account there are potential benefits and risks to signing up for a my Social Security online account, but these tips will help you minimize those risks.
January 24th, 2013
Jackie here. A few days ago on Facebook we shared a link to an article talking about the Java security flaw. If you haven’t had a chance to read it yet, check it out here and make sure that you check in on our Facebook page from time to time for the latest id theft news and updates.
Recently, the Department of Homeland Security urged all computer users to disable Java, citing a security flaw that is present in all versions of the program. Hackers can exploit this flaw and use Java to gain access to all information stored on the host computer including banking information, user names, passwords, etc.
After the news broke, Oracle (the company that runs Java) has provided an updated version of Java 7 that should fix some of the security flaws, but experts indicate that this isn’t enough and that computer users should keep Java disabled until a more comprehensive fix is available.
If you are running Java on your computer (and you probably are) and you haven’t disabled it yet, now is a great time. One of the easiest ways to disable the program is to uninstall it from your computer and reinstall later when the issue has been resolved. If you aren’t sure whether or not your computer has Java enabled you can check on Java’s website by selecting “Do I have Java?” from the main screen.
Checking if you have Java, and temporarily disabling it if you do, is a quick and easy way to keep your identity safer, and to protect your valuable information from id theft.
January 8th, 2013
Jackie here. The holiday season might be almost over, but if you’re still in the celebrating mood, we’ve got the perfect solution: Data Privacy Day. It’s a great opportunity to learn more about protecting yourself, your identity, and your personal information. Data Privacy Day is held every year on January 28th, and is filled with events, education, and the opportunity to renew your commitment to making smart privacy choices. How will you celebrate this year?
Learn More About Privacy
In an online world, privacy can be elusive and difficult to protect. The websites you visit may leave cookies on your computers that track your behavior from website to website. The information you provide to an online retailer, if stolen, can be used by thieves to commit identity theft. Your mobile phone can provide sensitive location information to others through pictures and location tracking. But, being informed is one of your best weapons. When you know the risks to your privacy, you can decide how best to protect yourself. StaySafeOnline, the organizer of Data Privacy Day, has created a list of resources that you can use to learn more about your data privacy options in an online world. Check it out here.
Commit to Protecting Privacy
Attend an Event
Getting out with others can be the best way to celebrate. Many schools, cities and organizations have planned events for Data Privacy Day this year. Check out this listing of events and see if there’s one in your area. If there isn’t an existing event, you can even plan one of your own.
Become a Champion
AllClear ID supports Data Privacy Day. We know that your personal information is valuable (and in the wrong hands can lead to a host of problems like identity theft). We’ve decided to support this important day by becoming a Champion. Check out this list of other supporting businesses here.
How will you celebrate Data Privacy Day this year? Whether you get out and go to an event or learn more about online privacy, make sure you do something. January 28th is a great reminder to all of us to protect our sensitive information and to understand what we might be sharing each time we get online.
December 26th, 2012
Jackie here. Facebook is a place to share our everyday lives with others, and a big part of that sharing involves photos. Whether you’re posting a cute photo of your new baby or sharing pictures of that fun cruise you took over the holidays, it is important to be careful when posting pictures online. We’ve talked in the past about the dangers of sharing credit card pictures and about the virus that can steal pictures off your hard drive, but these aren’t your only concerns when sharing pictures. Facebook’s new Photo Sync feature is convenient, but with it comes some new concerns for protecting your identity.
What is Photo Sync?
The Photo Sync feature is brand new to Facebook, so if you haven’t heard of it yet, you’re not alone. When you enable the Photo Sync feature, pictures you take with your mobile phone are automatically transferred to Facebook and stored in a private area. This feature makes it easy to choose which photos you want to eventually share, and since all your photos are already uploaded to Facebook, you don’t have to wait to post any of them.
What’s the Risk?
Photo Sync sounds convenient and it certainly can be, but before you enable this feature, make sure you consider the id theft implications.
Uploaded photos will be private unless you decide to share, but that doesn’t mean you are the only person who could have access to them. Have you ever forgotten to log off of your Facebook account and had someone else gain access when using your computer? Have friends ever “hacked” your Facebook using your mobile phone? While these photos will be stored in a private area, they will be accessible to anyone with access to your account, potentially opening the door for others to post photos you never intended to make public. Furthermore, even though photo sync stores photos in a private area until you post them, they are still online and could potentially be accessed by hackers with the appropriate skills.
Another concern involves potential glitches. Facebook isn’t perfect and it has made mistakes with sharing things it shouldn’t in the past. Posting personal photos to the site automatically could potentially lead to some embarrassing moments should a glitch occur in the future.
If you do choose to enjoy the convenience of Photo Sync make sure you do so with caution. Know that once enabled, every photo you take will be automatically shared with the site so use caution when taking pictures. Also make sure you continue to use smart practices with your Facebook account to ensure only you have access. This means setting strong passwords, logging off when not using the program and setting up screen locks on your smart phone to prevent unauthorized access.
Learn more about Photo Sync here.
December 20th, 2012
Jackie here with Part 3 of our series on common e-commerce scams. We’ve covered some pretty serious scams (like botnets and phishing) in Parts 1 and 2,but we aren’t done yet. This post is the final one in this series; once you’ve finished reading it, you’ll be ready to shop online with confidence knowing the biggest potential threats you face.
E-Commerce Threat #3- Friendly Fraud
Friendly fraud doesn’t sound like much of a threat, but to merchants it can be serious business. It involves legitimate customers that purchase an item or service with their own card and then dispute the charges. The credit card companies will often hold the merchant responsible for the final bill, even when they properly verified the card and the customer actually received the item. While this scam may not affect most consumers, it is always good to be aware of the various scams happening in the e-commerce world.
There are a few things merchants can do to protect themselves from friendly fraud. They include:
- Requiring a Signature Upon Receipt- One way that merchants can protect themselves is to require a signature by the consumer before delivering actual physical goods. Many mail carriers and shipping companies offer this as an option when shipping packages.
- Verify the Security Code- Another way to combat friendly fraud is by requiring consumers to provide the three digit security code found on the back of the credit card. This proves that the consumer actually has possession of the physical card and can be very useful when disputing chargebacks.
- Verbal Signatures- In call center transactions recording a verbal signature before authorizing a purchase can prove that the customer was present and did authorize the charge.
E-Commerce Threat #2- Account Takeover
Imagine discovering that your accounts had been accessed by someone other than yourself. Money was transferred or purchases were authorized, all without your consent. You may not have discovered this was even happening for months because you’ve stopped receiving bank statements and can no longer access your online accounts. This scary scenario is an example of account takeover, or someone else taking control of your financial accounts by adding themselves or changing contact information.
Some of the most common methods thieves employ when engaging in account takeover are to:
- Change the Physical Address for the customer
- Add Themselves as a Registered User
- Change the Email Address on the Account
- Get a Credit or Debit Card Issued in Their Name
- Change the Account Phone Number
- Change the Online Account Password
- Change the PIN on a Card
- Obtain Checks
This form of id theft can be devastating to the financial health of both businesses and consumers. One of the best ways to protect yourself is to keep your personal information safe. Generally thieves gain the initial access to your accounts using your personal information. They may employ tactics like social engineering to gain additional information once they have the first critical pieces. Keep your eyes open for phishing emails and the like since the information thieves garner with them may then be used for account takeover.
E-Commerce Threat #1- Clean Fraud
Clean fraud is a very sophisticated type of online fraud. As businesses develop methods for uncovering and catching id thieves, the thieves continue to get smarter and to develop new strategies so they can continue to profit through id theft. Clean fraud requires thieves that have a lot of personal information and can easily appear as a legitimate customer, even when they are not.
In this type of fraud it may appear that an actual consumer is making the purchase, and these purchases are often automatically making their way through the fraud filters, only to be charged back to businesses when the accounts are ultimately discovered to be fraudulent.
Businesses can protect themselves from this type of fraud by staying involved in the ordering and verification process. It is important for them to carefully analyze each purchase to ensure that it is indeed legitimate. One big warning sign of clean fraud are multiple accounts with the same user id or email address. Another tactic businesses can employ is separating the returning customers from the new ones and holding purchases for a period of time between the order and delivery for new customer.
Being a safe online shopper means being aware of the threats you face online. An informed shopper is a safe shopper and can be one of the worst enemies to an identity thief. For more information check out the scam alert from the IC3 that inspired this post.
December 18th, 2012
Jackie here. I’m back with Part 2 of our series on common e-commerce scams. We want your online shopping to be filled with great deals and amazing finds, but free of id theft. We have talked about common e-commerce scams a fair amount already, but we want you to be fully informed about what risks are out there before you shop online. Understanding the major scams that are out there will help you protect yourself from id theft and know a scam when you see one. Part 3 is coming soon!
E-Commerce Threat #6- Re-Shipping
I’ve certainly seen the re-shipping scam a time or two. It is commonly disguised as a work at home opportunity, in which the scammer will solicit you to “help” them with packaging and re-shipping items. You may receive several items in the mail that you are to repackage and send out using postage paid envelopes. In return you are paid with a money order or check (Warning- it’s probably fake).
These scams rely on people looking for work or for an easy work at home opportunity. The scammer uses their victim to smuggle goods or ship stolen items from place to place for them. Since the payment you receive is probably fake, you can end up being responsible for bank and overdraft fees, which can get expensive.
One tip for avoiding this scam is simple. Follow the age old advice, “If it looks too good to be true, it probably is.” Offers to pay you simply for sticking something in an envelope and dropping it in the mailbox should raise a red flag. You can also check out this website from the US Postal Service for more information about this and other similar scams. If you haven’t had an opportunity to read our post on scam websites from November, now’s a great time to review it and find out what to watch for.
E-Commerce Threat #5- Affiliate Fraud
Affiliate fraud isn’t just a problem for businesses and affiliates; it can affect consumers too. This type of scam involves using company affiliate programs (or referral programs) fraudulently to make a profit. This scam can have many faces and its methods are always evolving.
In particular, businesses with affiliate programs really need to watch out for this type of scam. Fraudsters may submit fake leads in exchange for a payment, create fake traffic or divert people to a site with false information. I’ve been a victim of this type of scam before. My computer was infected with a redirect virus that would send me to various affiliate owned sites rather than directing me to the web addresses I entered. I recognized the problem immediately, but still had to endure the long battle with getting the malware removed and the expense of getting my computer professionally serviced.
As a consumer you can protect yourself from this scam by being aware. Signing up for offers from pop-up ads or clicking on unknown links could put you at risk. You should also watch for fake affiliates that have no direct relationship with the actual merchant. You may think you’re buying a product from an affiliate company when in fact you’re being scammed. Keep your eyes open and know that affiliate fraud is out there.
E-Commerce Threat #4- ID Theft
We’ve talked a lot about the various e-commerce scams that are out there in this series, but the one that is nearest and dearest to our hearts here at AllClear ID is id theft. This threat can be devastating both to your finances and to your emotions. Luckily we can help you watch for it, prevent it and discover it.
Our blog is packed with tips for keeping your identity safe (visit the Identity Theft Protection Tips section of our blog), but as a quick refresher we’ll share a couple here:
- Choose Strong Passwords- A strong password can be a great defense against id theft. If you create online shopping accounts, make sure that you use a strong, unique password each time. We recommend using a combination of letters (both uppercase and lowercase), numbers and symbols.
- Limit The Information You Share- Keep the personal information you share to a minimum. Id thieves need information and if you keep yours personal they will have a much harder time stealing your identity.
- Watch for Scams- As you go about shopping and sharing online (and in your off-line life as well) be on the lookout for scams. Know what information you are sharing and with whom. Scams are out there, but you can avoid many if you keep your eyes open and remain informed.
Check back often. Our final section, Part 3, is coming soon!
December 17th, 2012
Allison here with AllClear ID. As defined by the Department of Justice, identity theft includes, “crimes in which someone wrongfully obtains and uses another person’s personal data in some way that involves fraud or deception, typically for economic gain.” Using this definition, online impersonation can technically be considered identity theft, but is there more to the story? Should there be one kind of penalty for identity theft and another kind of penalty for online impersonation? Let’s take a closer look.
A recent news story talked about a Texas woman who started to receive phone calls of a sexual nature from unknown men. When she finally asked one how he got her number, he replied that he saw it in an ad on Craigslist. As it turns out, the ad was posted by the girlfriend of her ex-husband, who claimed she posted the ad as a “joke” when she was confronted about it. The girlfriend was ultimately charged with online impersonation, but many people may think this was an act of identity theft as well.
Texas law defines online impersonation as “creat[ing] a webpage or send[ing] an email or an instant message on the Internet using the name or domain name of another person with the intent to harm, defraud, intimidate or threaten another person or persons.” The way the law is phrased outlines a key difference between identity theft and online impersonation: identity theft is meant to benefit the thief, while online impersonation is meant to harm someone other than the impersonator.
Furthermore, identity theft typically involves stealing very specific personal information, like a social security number or a credit card number. It often involves much more than using the name or telephone number of another, and usually necessitates some credit report cleanup on the part of the victim.
While these distinctions do not make either identity theft or online impersonation easier to deal with, there is one more distinct difference between the two crimes: the ability of consumers to take proactive measures to protect themselves. With identity theft, there are a variety of measures someone can take to secure their personal information and to prevent it from ending up in the wrong hands. We’ve talked about many of these before. Online impersonation is much more difficult to safeguard against, since theoretically all someone needs is a name and possibly a phone number to impersonate another person over the internet. Both identity theft and online impersonation can have serious consequences for the victims, and should therefore be criminalized under the law. However, the aftermath of identity theft is often much more far-reaching than that of online impersonation, which raises the question as to whether the two crimes should require different penalties for perpetrators.
December 14th, 2012
Jackie here. Shopping online sure is convenient, but it isn’t without risk. Every time you share your credit card number you are exposing yourself to potential fraudsters and increasing your id theft risk. That doesn’t mean you shouldn’t shop online, but it does mean that you need to be informed when you do. To help you navigate safely through the many potential threats you’ll face, we’ve prepared a series of blog posts outlining 9 of the biggest threats pertaining to e-commerce. This is a three part post, so check back often. Parts 2 and 3 will be coming soon.
E-Commerce Threat #9- Triangulation
Triangulation may sound fancy, but the scam is actually quite simple. Let’s say you’re searching for a pair of shoes and find ones you love for a super low price from a retailer you aren’t familiar with. You buy the shoes with your credit card, provide your personal information, and wait for your package to arrive. Once your order is placed the thieves get to work. They don’t actually have any shoes to sell, so they find them from another retailer, buy them with a stolen credit card number, and ship them to you. You get your shoes, so there is no indication of a problem with the transaction. However, the fraudster now has access to your credit card number which they can use to continue the scam.
Triangulation is tricky because it often takes people awhile to notice the fraud, and it can be difficult to uncover the original source of the problem, giving thieves plenty of time to continue scamming. The best way to protect yourself against triangulation is to shop from known retailers. Businesses have the ability to watch for scams like triangulation and keep an eye out for single consumers that make purchases with multiple shipping addresses, especially if the purchaser is buying similar items each time.
E-Commerce Threat #8- Phishing
Phishing (also called Pharming or Whaling) is an id theft threat we talk about often here on the AllClear ID blog. You can read past posts on phishing using this link. This scam involves emails sent out to trick consumers into providing personal information like usernames, passwords, financial information and more. The scammers may tell you you’ve won a prize and need to provide banking details to collect it, or may pose as a company you know asking you to verify your account information.
Phishing can be hard to detect, since scammers often pose as companies with whom you do business, but there are some ways to protect yourself:
- Use a Spam Filter- If you never see a phishing email, you are less likely to give your sensitive information to a scammer. Spam filters can automatically remove suspect emails from your inbox. While you should periodically check your spam folder for legitimate emails, be wary of ones that ask for personal information.
- Never Verify Information Via Email- Companies won’t ask you to verify your personal information over email. If you do receive a request, contact the company directly by phone using a known number for them rather than replying to the email.
- Look for Spelling and Grammar Problems- Many phishing emails are poorly written and feature a host of spelling and grammatical errors.
- Be Wise- If something looks too good to be true, it probably is. Be very cautious when someone offers you a share of their lottery winnings, a mystery inheritance, amazing discounts on your car insurance, etc.
E-Commerce Threat #7: Botnets
Botnets can turn your home computer into a zombiethat can be controlled remotely by someone else. Most of the time infected users don’t even know that they have a problem. These botnet scams can be used to commit id theft, fraud and other online scams, and botnet use is becoming increasingly common. By some estimates 4 million new computers are infected every month.
Protecting yourself from botnets is as simple as using smart computer practices. No one can be completely protected, but if you install anti-virus software, keep your computer software updated and are careful about what you download, you can greatly reduce your risk. Be especially cautious if you are asked by a pop-up to add some sort of anti-virus program as this is a common way that botnets are installed. This article Allison wrote in April will teach you more about this potential threat.
There you have it, the first three threats in our top 9 e-commerce threats countdown. Check back often; threats 6,5 and 4 will be coming your way soon!