May 28th, 2015
AllClear ID proudly sponsors and provides financial support to the ITRC. For more information on the ITRC’s financial support relationships please visit their website.
Just about everything is online these days. Many items that used to require going to a store to purchase can now be acquired from the comfort of your living room or on the go with your smartphone or tablet. Shopping isn’t the only thing that can be done online, either. It’s also possible to look for jobs, apartments, and service providers online. While the rise of online marketplaces has made shopping, job hunting, and apartment searches more convenient, it has also made us more vulnerable to scams and identity theft. Here are some tips to protect yourself while using online marketplaces.
Make sure that you do not give out your Personally Identifying Information (PII) until the right time. If a potential employer has not scheduled an in-person interview with you, but needs your Social Security number to run a background check, that’s a huge red flag. In addition, you should make sure that you have seen any housing you are looking at renting or buying before you offer up your PII or any type of deposit. You should do more than just drive by, as well. Just because a building is actually there doesn’t mean it is for rent, so do yourself a favor and ask questions of the landlord or manager and don’t be afraid to voice any concern you may have. Only once you are sure the property is legitimately available should you supply the information for a credit check needed to obtain the apartment.
Avoid alternative payment methods when transacting online. Wire transfers, specifically via Western Union, are often used in scams. While this may be an obvious red flag when you are buying or selling something online, this can also be used in employment or housing scams. A potential employer may state that they will pay you via Western Union, or ask that you pay your first month’s rent via wire transfer. These are most likely scams and should be avoided. Other forms of payment that can be a red flag for fraud are cashier’s checks, money grams, and personal checks. These can be made fraudulently and liability will be transferred to the person taking the payment if false funds are deposited into their bank account.
Most importantly, remember who is responsible for activities on online marketplaces. Most online marketplaces have a robust amount of information on avoiding scams while using their sites. Why do they do this? Because scammers are increasing their efforts to scam more and more people every day. You must remember, though, that online marketplaces ARE NOT, by law responsible for any nefarious activity taking place on their websites. Look at it this way – if you went into a department store and an employee ripped you off you could complain to the management of the department store and could reasonably expect for the situation to be resolved. This is not the case with sites such as Craigslist, eBay and others. The people you are doing transactions with, whether they be property managers, potential employers or merchants, are not associated with the site itself and therefore the site is not responsible for their actions. The bottom line is that if something does go wrong, there’s usually not going to be anyone to fix the problem for you.
All of these warnings make online marketplaces sound like risky places to conduct business. However, by being cautious with your information you can navigate your way through transactions to get what you need, when you need it. Keeping these tips in mind can help you avoid fraud, scams and identity theft.
May 4th, 2015
Jackie here. A weak password is a problem, but what’s the solution? Yahoo rolled out a new password system that generates an ever-changing password for their users. Best of all, this password comes on demand, so you don’t have to remember a thing (and its only 4 digits). Will this new idea become a viable alternative to the password?
A New Password Every Time
Do you have a hard time remembering your account passwords? Yahoo’s new system eliminates the need to remember a password by texting you one each time you want to log in. Simply activate the system, register your phone, and never remember your Yahoo password again.
If you have a Yahoo account and want to sign up, here’s what to do:
• Log In- use your existing password
• Enable On-Demand Passwords- You’ll find this option in the security settings.
• Register Your Phone- Follow the process to register your phone. You’ll need to use a phone that can receive text messages.
• Log In- The next time you go to log in, you won’t see a spot for a password, but rather a button that says, “Send My Password”. Click the button and a 4 digit password will be sent to your phone.
Yahoo hopes this system will provide a replacement to the password and will make their site more user-friendly and boost online security.
What do you think of Yahoo’s new password system? Will you try it?
April 14th, 2015
Jackie here. There’s a scam making its way around Facebook and other social media sites that could leave your computer ridden with malware if you aren’t careful. Here’s what you need to know:
What is Malicious Tagging?
This scam uses a practice known as malicious tagging. A friend will appear to share a video (often one with adult content) to their wall with the names of many friends tagged. If you’re tagged, you’ll receive a notification and likely want to view the video. If you click to view the video, a pop-up will appear that encourages you to update your video player software (like Flash Player). Click to update and you’ll unknowingly install malware on your computer. This malware not only steals personal information (potentially leading to ID theft), but also takes over your Facebook, tagging your friends in the malicious video and perpetrating the scam once again.
What Can You Do?
This scam is a scary one, but there are ways to protect yourself and your friends.
Just Because it’s from a Friend, Doesn’t Mean It’s Safe- We tend to trust links and videos shared by friends, but on social media, this isn’t always a wise choice. Your friend’s accounts may be compromised and they may be unknowingly sharing malicious links. If something seems suspicious, steer clear, even if it’s shared by a trusted friend. To spot a potential scam, look out for postings that seem out of the norm for your friends – if they don’t usually share videos with friends, double check with them before you watch.
Beware of Required Updates- Stay on top of your computer, plug-in, and software updates on your own (automatic updates are an easy way to do this). If an update notification pops up when you attempt to watch a video or follow a link, decline the update and head to the applicable website to do it yourself. Here are some tools to help you stay on top of the updating game:
Firefox’s Plug-In Checker- If you use Firefox, try the Plug-In Checker to see what needs updating. You’ll see which plug-ins are potentially vulnerable and will have access to easy links to update.
Chrome Plug-Ins- Chrome users can head to Chrome’s help page on Plug-Ins for links to supported plug-ins and their updates.
Microsoft Update Page- This help page from Microsoft has tips and tools for keeping your computer up to date.
Report It- If you come across spam or potentially malicious content on Facebook, report it. This helps Facebook to find and remove the bad content and may protect other friends from falling victim.
Think Before You Click- If something is touted as “exclusive”, “one-of-a-kind”, etc. keep your eyes open for a scam.
Stay on the lookout for malicious tagging and don’t fall victim.
February 17th, 2015
Jackie here. Every time I pop on Facebook, I spot a scam or two. Do you know a Facebook scam when you see one? Keep your eyes open for these red flags and use caution when you see an advertisement or offer on Facebook that looks suspicious. Make Facebook a place for friends and family, not falling victim to ID theft.
You aren’t going to receive free airline tickets just for sharing a post or receive money from a wealthy benefactor by clicking “like”. Free can be risky on Facebook. That doesn’t mean you won’t find the occasional giveaway on the site (many legitimate bloggers and companies use Facebook to spread the word about promotions), but when you do, be cautious. Remember, there’s a big difference between giving away one blender to a single winner and offering a free iPad to anyone that wants one. When in doubt, use caution before entering a contest of giveaway.
If a video promises the answer to becoming an instant millionaire, a sneak peak at a naked celeb, or a high speed car crash destined to be the next viral sensation, don’t watch it. Many of these videos are scams. Click on the video and you’ll be asked to download viewing software (complete with hidden malware). When you need that video fix, head to YouTube instead.
Don’t be fooled by offers to tweak your profile, change your Facebook background, or perform some other service to your account in exchange for your username and password. Your login credentials are yours and yours alone. Never share them with third parties.
Are celebrities sending you friend requests? It’s likely a scam. Choose your friends carefully and be very cautious when friending those you don’t know personally. Double red flag if this new friend asks you to send them money.
Facebook and other social network sites are great ways to stay in touch with friends and family, but that doesn’t mean they are 100% safe. Use caution when you come across offers that seem too good to be true, or when a distant friend asks you to send them money – these are likely scams. Which of these Facebook scams have you seen?
October 28th, 2014
Jackie here. As we head toward Election Day November 4th, our thoughts may be focused on candidates, propositions, and ballot measures, but an important part of each election is the actual physical part of voting. Currently, voters must vote by mail or head in to their local polling place to vote. An interesting article on CIO talks about the amazing possibilities that cyber voting could bring as it has the potential to bring the democratic process to more people than ever before. While I’d certainly love to vote online, I do recognize the risks and hope that before this option becomes available, security problems are all resolved.
Many Benefits to Voting Online
I love being able to vote, but finding time to get to your local polling place can be difficult. Ballots by mail are an option, but not always fully utilized by those that need them. Online voting has the potential to remove many of the hurdles to voting and to increase voter turnout amongst the young that already spend a majority of their time on the internet. Online voting could also reduce the need for voting day staffing, eliminate some of the difficulty finding venues, etc. It would certainly be convenient, but are the risks worth the benefits?
Online Voting- Coming Soon or Many Years Off?
The internet is inherently plagued with security issues, some of which would surely find their way into the online voting system. One technology expert estimates that large scale online voting could be 30 to 40 years away. Votes are valuable, and just as thieves find ways to hack into secure banking databases, they would certainly have incentive to try and compromise voting systems.
Another potential issue comes from the fact that elections are often run by small city and county governments. Implementing online voting wouldn’t just be a matter of creating one federal system; each area would need to implement their own systems and combat security issues, placing a burden on smaller districts with fewer resources.
Although there are some difficulties in getting online voting started, it isn’t necessarily years off. Several countries have started using online voting already, including Switzerland and Brazil. Other countries are working on creating internet voting systems for future elections.
Would you enjoy the convenience of voting online? Why or why not?
October 20th, 2014
Jackie here. Have you ever had questions about the legitimacy of a website? There’s an easy way to check things out. I recently discovered a website checking tool recommended by the Identity Theft Resource Center (ITRC). This tool allows you to check out your favorite sites to see which are safe and which are not. It is fun and free to use. Check it out!
Using the Website Checker
To check out websites on your own head to the Site Safety Center from Trend Micro. Enter the URL of the site in question in the box right below the words, “Is It Safe?” then click on “Check Now” to see the results.
Within seconds you should receive a report about the site in question. Websites are divided into four categories: safe, dangerous, suspicious, and untested. I ran a report on a few of my most used sites (including Facebook and Gmail); everything I checked came up safe. This could be a useful tool for checking new websites, especially if you’re a little concerned about them. When it comes to ID theft and online safety, it’s always best to be safe rather than sorry.
I found the checker to be very easy to use. Best of all, it doesn’t cost a dime. This is one tool that I’m definitely bookmarking for future use. While this tool doesn’t guarantee a site’s safety, it is a good starting point.
Have you tried the website safety checker? What do you think?
September 24th, 2014
Jackie here. Have you ever fallen victim to a “Click Bait” video scam? I know that I have friends and family that certainly have. These scams lure you in by promising some kind of shocking video. When you click the link to see the clip, a pop up appears that directs you to update your video player. Click the link and you’ll actually install malware, not a video player onto your computer.
What is “Click Bait” and How to Avoid It
“Click Bait” is a term for something that entices you to click on a link or video. Like a fish to a lure, these scams use your curiosity to get you to click. Often, the scams focus around recent events (for example, you might see a video promising some shocking ice bucket challenge footage right now) and typically promise outrageous, appalling, or scandalous footage of some sort. Rather than acting as a supplement to written text, these videos force you to click on them to learn the full story.
One of the best ways to avoid scams like these is to click with caution. Just because a friend shared it doesn’t mean something is safe. Your friend’s account could be compromised or they could simply be tricked by the scam. Don’t click unless you’re sure it’s safe. Reputable news outlets are generally a safer place to view video content than random sites or unsolicited emails.
I try to avoid updating video players and other software in response to a pop up. Automatic updates can help keep your software up to date so you don’t ever have to remember to update on your own. If you do need to update, consider doing it yourself manually rather than clicking on a pop up. Use the pop up as a reminder to go to the website yourself for the update.
Here’s more information on this scam from the Better Business Bureau.
September 17th, 2014
Jackie here. According to internet speculation, Google may soon start offering accounts to children under the age of 13. While this is exciting news for parents that are already setting up accounts for their young children, it does bring about a few identity and privacy concerns that parents should be aware of. Before your child signs up for an online account, they need to be aware of the potential threats that wait online. If Google does start offering these accounts (or when other similar companies inevitably do), here are some essentials to teach your kids before signing them up for their first solo account.
Ask Before You Share Personal Information
Phishing scams are a risk to all of us, but especially to children that may be unfamiliar with the tactics that scammers use. Teach your children to check with you before they click on links or share information online. As they become more confident in what is and is not appropriate to share, you can loosen these restrictions. This will not only protect your child from ID theft, but can help them avoid other pitfalls of oversharing online; once information is out there, you can’t ever get it back.
Does Your Child Know about ID Theft?
Although 7 or 8 may seem a bit young to start teaching about identity theft, this is a reality your kids need to understand before they have their own online accounts. Teach your children about ID theft and how to avoid it. StaySafeOnline.org has a wonderful collection of resources for teaching children of all ages about online safety, including ID theft.
Read Policies Carefully
As companies begin to offer accounts to children under 13 it will be interesting to see what privacy provisions are in place and what restrictions these accounts may have. We’ve encouraged you to read privacy policies many times and this certainly would continue to hold true on accounts for your children. Read the policies carefully (possibly with your child) and know what you’re agreeing to share before you sign up. This is an excellent opportunity to teach your child about the importance of knowing what companies will do with your information before you sign up for accounts.
You Can Still Monitor Their Accounts
Just because an account technically belongs to your child doesn’t mean that you can’t monitor it as a parent. Sit down with your child occasionally and look at their online accounts. Point out potential problems and solutions. These first accounts shouldn’t be solely the responsibility of your child, but rather an opportunity to start teaching principles that will keep your child safe online for a lifetime.
Not All Children Will be Ready
If Google does start offering accounts to children, that doesn’t mean you have to sign up. Parents are responsible for deciding which online activities are appropriate for their children. If you aren’t comfortable with the new accounts, your child doesn’t have to obtain one.
What do you think about accounts for children? Will you be signing your child up if these accounts become available?
September 16th, 2014
Ben here, AllClear ID Investigator. This year is the 11th year of National Cyber Security Awareness Month (NCSAM), which will be celebrated in October. NCSAM is a collaborative effort under the leadership of the US Department of Homeland Security and the National Cyber Security Alliance. The overall theme of this year is Our Shared Responsibility, pulled from their mission statement “The Internet is a shared resource and securing it is Our Shared Responsibility.”
The main theme will be STOP.THINK.CONNECT. and NCSAM wants to focus on all the ways you can protect yourself from cyber threats and identity theft. Some tips they will cover include the importance of keeping security software current, automating software updates, protecting all devices that connect to the internet and scanning any plug in devices. Furthermore, be wary of communications that force you to act immediately or offers that are too good to be true. Back up and store your files safely.
Weekly themes will focus on different cybersecurity issues throughout October:
Week 2 (October 6-10) Secure Development of IT Products – this week will educate what to look for in software products from design, development, testing and maintenance.
Week 3 (October 13-17) Critical Infrastructure and The Internet of Things – this week will highlight the importance of protecting critical infrastructure and the ability of objects and devices that transfer data.
Week 4 (October 20-24) Cybersecurity for Small and Medium-Sized Businesses and Entrepreneurs – strong cybersecurity practices are vital, even for small and medium-sized businesses. This week will focus on what these organizations can do to protect themselves, customers and employees.
Week 5 (October 27-31) Cybercrime and Law Enforcement – this week will help educate law enforcement officers on how to assist their communities, educating the public about identity theft, fraud, phishing and other crimes.
There are several ways you can get involved with NCSAM. I encourage you to check out their Twitter chat series STOP.THINK.CONNECT at http://www.stopthinkconnect.org/get-involved/twitter-chats/ or just use #ChatSTC to join on the chat dates. There are posters you can print out and tips to share with colleagues and students to spread the word in October at http://www.staysafeonline.org/ncsam/get-involved/ with downloadable icons and material.
You can also visit a list of free security check ups that many computer security vendors are offering. http://www.staysafeonline.org/ncsam/free-security-check-ups/ will lead you to links to check for known viruses, spyware and more.
September 2nd, 2014
Jenna here. We’ve been getting a lot of complaints and questions from customers about an uptick in the amount of phishing emails they have been receiving lately, so we thought it would be a good idea to give a little refresher. Stephen, from our IT team, has some great advice for spotting a phishing email:
What is Phishing?
Generally speaking, phishing is an attempt to gain information illegitimately by posing as a legitimate person or organization. This is usually done with an email that appears to be from a trusted person or business.
How to Spot a Phishing Email
While phishing messages are very obvious, there are others that can be quite difficult to spot. Here are some ways to spot illegitimate messages:
1. Sender Address – A quick review of the sender’s address can sometimes expose a phishing attack. Obviously, email addresses like firstname.lastname@example.org are not legitimate. Additionally, as in the example below, docusign’s actual domain is docusign.com rather than docusign.net.
2. Bogus or Misleading Link Addresses – One of the best ways to spot a phishing attempt is by hovering your mouse over the links without clicking on them. Below is an example of a phishing attempt. By hovering over the link (in this case made to appear as a “View Documents” button), we can tell that the target of the link does not go to DocuSign.com. In this case, the root of the site is an IP address rather than an actual domain. Keep an eye out for links going to something like http://188.8.131.52/docusign/. Though links may contain legitimate company names, they do not actually go to legitimate sites.
3. Addressees (both TO and CC) – If a message goes to a bunch of your old or illegitimate addresses, it’s probably a scam. This indicates that the message was just blasted out to randomly generated addresses, addresses accumulated from several composed (and likely sold) lists, or any combination of these. These types of messages are often illegitimate.
4. Poor spelling and grammar – Official emails are often composed using templates or at least proof read. If there are obvious spelling or grammatical errors, the message may be illegitimate.
5. You didn’t initiate the action – If the message requests personal or company information from you and you have had no prior interaction with this individual, it may be a phishing attack.
6. Email from a governmental organization – Most governmental organizations do not use email as their primary form of communication. An exception to this would be if you specifically requested the use of email communication for your account.
7. Something just doesn’t look right – This last one is more of a “gut” feeling. If they are making an offer that’s too good to be true or something just seems weird about what they are asking or where they are requesting you go online, be cautious of clicking on anything.
April 15th, 2014
Jackie here. Do you click on pop-ups or sign up for free trial offers online? These two behaviors, along with many others, may increase your risk of ID theft and online fraud. In a report published by AARP called Caught in the Scammers Net, several activities were shown to increase your risk of being an identity theft victim. How do your browsing habits stack up? Check out this list of the top 10 things NOT to do online. Avoiding these potentially dangerous behaviors could help keep you and your family safer.
- Clicking on Pop Ups- You see an interesting pop up, what should you do? Don’t click on it! Clicking on pop ups is a risky online behavior. Instead, close the pop up immediately and access websites by visiting them directly. You can even install or enable a pop up blocker on your web browser to eliminate the temptation to click. Not all pop-ups are harmful, but it’s often better to be safe than sorry.
- Selling Products on eBay- While there are a lot of great opportunities for buying and selling products on auction sites like eBay, there is also some risk. The AARP study found that selling items on auction sites increased your risk of fraud. If you do choose to sell, be careful and be on the lookout for fraud—check your credit reports and bank statements carefully.
- Opening Emails from Unknown Senders- Do you open emails from people you don’t know? This can be a risky behavior, especially if you follow links or open attachments. When opening an unknown email can’t be avoided, use caution and never share personal information with the sender.
- Downloading Apps- I love a good app just as much as the next person, but each time I download a new one, I carefully review it. Choose apps only from a reputable marketplace and carefully analyze user reviews before downloading. If you want a great app that will actually help you protect your identity, check out the AllClear ID app.
- Being Impulsive- Do you click before you think? Take time to analyze before you do things online. Many scams can be avoided with a little caution.
- Signing Up for Free Trial Offers- We all love getting things for free, but is the freebie worth sacrificing your identity for? Be cautious of limited time free trial offers.
- Purchasing Through a Payment Transfer Website- When it comes to spending money, be very cautious online. Avoid sites that ask you to transfer money to a third party or to an unknown recipient.
While you can’t avoid every item on this list, reducing the number of risky behaviors you help you stay safe from online fraud. The study authors found that of 15 risky behaviors, nearly 1 in 5 American respondents had engaged in at least 7. More than half of the respondents (65%) had received at least 1 online scam offer during 2013.
January 31st, 2014
Jackie here. We’ve talked a lot about protecting your kids from identity theft. Have you ever considered the impact your kids might have on YOUR credit score? Children and teens use the internet a lot and if they aren’t careful they could potentially expose people in your house to identity theft. Teach your kids how to stay safe online. This important lesson won’t just protect them, but will protect your identity as well.
To keep your identity safe and teach your kids good online behavior, make sure they understand these essential internet safety rules:
Do your teens know how to create a password? A strong password should be a combination of letters (upper and lowercase), numbers and symbols. Teach your kids to avoid words found in the dictionary, names of pets and nicknames. Any ‘common knowledge’ information that can easily be discovered online by a savvy ID thief (think birthdays and maiden names) should also not be used as passwords. For more password tips, check out these articles on our blog; we talk about password safety often.
Never Download Without Approval
That free game might be a lot of fun, but it could be exposing your computer to spyware and capturing sensitive important entered on your computer. To help you kids to master the art of smart downloading, have them ask you for approval first. You can teach them which downloads are safe and which are identity theft traps—reading the data usage policies of the apps is a good place to look for information about if and how your personal info will be tracked.
Be Careful Who You Friend
Facebook and other social media sites are big draws for teen users. Make sure your children only accept friend requests from actual friends they know in-person. Accepting friend requests from unknown people can expose personal and family information to strangers. Take time to go through your children’s social media accounts with them, making sure that they are using good practices when selecting friends. You may also want to review privacy settings with your teen occasionally.
Don’t Share Personal Information Via Email
Does your child know how to identify a phishing email or a scam? Teach your child how to recognize email scams as children may be more likely to fall victim or to share personal family information that could lead to identity theft.
Teaching your teen good internet practices won’t just protect them; it could also keep you safe from identity theft.
December 2nd, 2013
Jenna here. The news was chock-full of interesting and informative stories for this week, but we’ve managed to narrow down our favorites for you here. We have an article about a new delivery method Amazon wants to use to get packages to you quicker (hint: drones aren’t just a tool for the military to use), and a follow-up to that article about ways drones may actually help you in the future, as well as a great article about online privacy and expert tips on how to increase your own.
Amazon Testing Drones For 30 Minute Delivery Using Service Called Amazon Prime Air, Forbes
Amazon Prime Air, Sushi Delivery and More Ways Drones Might Be Used, ABC News
http://abcnews.go.com/Technology/amazon-prime-air-ways-drones-future/story?id=21070635 (Think of all the privacy implications!)
Online Privacy: How Secure Are You? , The Guardian
November 28th, 2013
Tamara here, AllClear ID Investigator. Documents containing personal information, such as tax returns, birth certificates, living wills, insurance forms, and others, are commonplace in the lives of many people. As ID theft is the fastest growing white-collar crime in the nation, individuals are taking steps to ensure those documents are stored in a secure location. A safe, locked desk or a bank vault may be used for the physical storage of the documents themselves. But what is the most secure way to store sensitive data online?
Online Storage Considerations
The first, and, quite possibly the most important place to start, is to encrypt the data. There are a number of encryption services available. The Advanced Encryption Standard (AES) (used by the National Security Agency) which includes 128, 192, or 256 bits, is recommended. The best method to encrypt the data is to encrypt it offline. Though there are many secure programs available to encrypt the data, they are only as strong as their weakest link. If their sites get hacked, or an employee improperly accesses their data, the data which was uploaded into that system unencrypted is then compromised. Before you choosing an encryption service, be sure to thoroughly research it before enrolling.
Ok, so, now your data is encrypted. Where would one store it? There are services that offer encryption entwined with their technology. Some services only allow you to access the files once they are posted, some offer other individuals (that you determine, such as a family member or legal representative) to access the files. Some cloud services will allow other entities access to your files if they are informed of illegal activity or subpoenaed. Each service offers varying amounts of storage size, and charge different costs.
Whatever your need, take all factors into consideration before choosing the method of the storage of your personal documents, and research your options. Those documents are important, and it’s best to keep them safe, and private.
November 25th, 2013
Jenna here. Here are our favorite articles we’ve come across in the last week. We have information about what tech companies are doing to thwart NSA data collection efforts, a disturbing trend called ‘route hijacking’ that could affect data security online, and an interesting perspective on the use of drones.
Twitter Joins Google, Facebook with ‘Forward Secrecy’ Security, NBC News
Where’s Your Data Going? Hacks Redirect Traffic Through Distant Lands, NBC News
Drones Offer Journalists A Wider View, New York Times
November 25th, 2013
Jackie here. You’d be surprised what information hackers can learn about you if they try. An investigative journalist decided to put hackers to the test; the amount of material they were able to obtain in just a short while was astonishing. This journalist’s experiences are probably similar to what most of us would face in the same situation.
Putting Hackers to the Test
The journalist teamed with a group of white hat hackers (the good guys that help companies to protect themselves from potential vulnerabilities) and gave them permission to delve into his life. The only rules: no breaking the law and leave his children out of it. He even kept the process a secret from his wife to keep the experiment as real as possible.
The hackers devised a plan. They researched their target online, looking for potential vulnerabilities. They then used these vulnerabilities and the information gathered to start looking for ways to access the journalist’s information. Some methods failed while others were very successful. Some of the methods employed included dropping a flash drive that would load malware on a computer when plugged in (in hopes someone would find it and open it to look for the owner) and trying to capture information sent over a home Wi-Fi.
With the treasure trove of information we all store electronically, it’s no surprise that the hackers were able to discover a wealth of information about the journalist. They discovered his Social Security number, online banking credentials, Twitter and Facebook logins and much more. The hackers were even able to access Amazon accounts and lock down Apple devices by registering them as stolen.
In an online world, information may not be as safe as you think it is. That’s one reason why each of us must remain vigilant in protecting our identities. Run your credit, monitor your bank accounts, and do all you can to protect your personal information.
November 19th, 2013
Jackie here. Every time I get on social media I’m surprised to see how many of my friends are sharing scams, potentially risky links, and more personal information than they should. We talk about social media safety often, but all too often we get online and forget. Even those of us that are fairly savvy at recognizing scams can get fooled as identity thieves and scammers improve their tactics. We might talk about the risks of social media often, but it’s always a good time for a reminder.
I recently read an article written for information professionals about the increasing skill behind online attacks.. Today’s scammers don’t just post a link on someone’s Facebook timeline hoping to get a few clicks. They devise careful plans, created to maximize the number of victims and fool even the most cautious internet user. Although the article was written for those managing company networks, it has some great information we can all use to protect ourselves online.
Friends Aren’t Always as They Seem
Social media feels like a safe place. It’s where we go to chat with friends, network with colleagues, and unwind after a long day. Although you may be choosy about who you friend and which pages you like, accounts can be compromised, so don’t just randomly click on links. Thieves want to increase the odds of potential victims clicking on their infected links. They may steal profiles of users with large followings and distribute their links using the stolen profiles. Friends aren’t the only source of potentially risky links. Scammers may also use trusted profiles of large organizations to distribute their content.
Being vigilant before clicking links is important, but it won’t always keep you safe. In addition, be sure that your computer security is up to date. Install and use anti-virus software, make sure your programs are regularly updated and watch for potential problems. Be aware that friends, favorite businesses, and others may be compromised and sharing risky content. Trust goes a long way into making a scam work; social media scams can be so successful because of the natural trust we place in our friends and associates.
Special Interest Sites Are a Target
Another favorite place for scammers this year is special interest websites. These sites may not have a lot of visits from the general public, but they are a popular place for those with specific interests, careers, etc. Scammers choose targeted victims and then devise plans to compromise them through specific websites they are likely to frequent.
This type of attack is known as a watering hole attack. By poisoning a few select websites and installing malware, scammers can gain access to larger websites with stronger security. For example, thieves may target a company that sells security software and that has access to security certificates and login information for other companies. This type of attack can lead to thieves being able to access information they would otherwise be unable to.
Social media and online threats are constantly changing, but their intent is always the same: to steal information and make a profit. Protect yourself online by being aware of the risks and by closely monitoring your personal information to discover problems quickly.
November 18th, 2013
Jackie here. I’ve always been intrigued by biometric verification. The thought of never having to remember a password again sounds wonderful, especially on those days when I can’t remember which password I used for an account and am trying to reset it (having a different password for every account gets confusing). Biometric technologies may sound like something from the future, but surprisingly, many are available today. Perhaps someday you’ll be able to use your thoughts instead of a password to login to your Twitter or Facebook account.
This article from the New York Times provides an interesting look into some of the biometric identifiers that are being studied and used. One of the latest to hit the market is Apple’s new fingerprint scanner, but many other biometric options may soon be available for mass market use.
Biometric Technology Possibilities
One interesting option currently in development is a heartbeat monitoring device called Nymi. It’s a small wristband that monitors heart patterns (unique like a fingerprint). The wristband acts as a biometric identifier, creating unique passcodes based on your body’s heart rhythms. When the band is put on, it scans a person’s heart patterns. This verification then remains in place until the band is removed. One of the selling points for the Nymi is the difficulty
in gaining unauthorized access to a heartbeat; fingerprints are left everywhere, but a heart rhythm would require up-close, physical access to copy.
While not yet available, the Nymi will be a fairly affordable choice. Preorders on their website are $79, charged upon shipment in 2014. The complete list of compatible devices, programs, etc. won’t be available until closer to the release date.
Other interesting biometric possibilities include a brainwave scanner under study at the University of California, Berkley and face and voice identification under study by the FIDO Alliance. Some of the more advanced biometric technologies won’t be available for a few years, but it appears this might be an emerging trend in account and password security. Users want an easier (and more secure) solution to passwords and biometric technologies might provide the answer.
November 11th, 2013
Jenna here. Our favorite articles for the week are here! We have information about how to safely donate to typhoon relief efforts, a surprising story about how often teens worry about online privacy, and a follow-up on the Adobe data breach.
3 Things to Consider Before Donating to Typhoon Haiyan Relief Charities, ABC News
Teens Fret Over Online Privacy, Theft: US Study, Business Recorder
Stolen Adobe Passwords Turn Up on Web, Security Firm Says, ABC News
November 11th, 2013
Jackie here. Do you ever post something online and then wish you could make it go away? A new California law will give teens this very right. It entitles teens to assistance in erasing online postings they later regret. This law has the potential to help protect teens from ID theft as well as future embarrassment. The law was signed in late September and will go into effect January 2015.
About the Law
The law requires online platforms directed at minors to offer an option for deleting content they later regret. While online privacy laws like COPPA apply only to children to under 13, this law applies to all minors (those under the age of 18). It’s an important protection for teens who sometimes post before they think.
In addition to requiring sites to assist teens with deleting postings, the law also adds prohibitions for the online advertising of things like guns and alcohol to those under 18. The law does not require sites to remove information about a minor posted by someone else or to remove content for which a minor was paid.
Implications for ID Theft and Privacy
Even with this new law, teens still need to think before they post online. While the law will enable teens to remove information they post themselves, there are no protections for information posted by others. This means that embarrassing party shots or inappropriate video could still make its way online. In addition, posts with your location or personal information can still find its way into the wrong hands, leading to ID theft. Content has a way of going viral, and once this happens you can’t always get it back.
While the law does give teens new options for deleting information posted online, it is important to remember that many social media websites already offer options for deleting and cleaning up profiles which are available to us all, young and old. Teens aren’t the only ones that post things online that shouldn’t and we should all take time to examine our social media profiles and clean up any sensitive or embarrassing information. Knowing what you’re posting and who can see it is an important part of protecting yourself from ID theft and maintaining a good online presence.
October 14th, 2013
Allison here. A new study from USC researchers found that in a sample of 15 million tweets, about one in five revealed the tweeter’s location through the tweet. Although that 20% includes tweets that are intentional, such as those saying the person is at a great new restaurant or celebrating a home run at a baseball game, some of these tweets also divulged location inadvertently.
About six percent of users opt-in to Twitter’s platform to broadcast their location with every tweet. Most of the 20% divulged their physical location directly through active location monitoring or social check-ins. However, about 2% of these are inadvertent, where location is revealed through the use of a hashtag, for example.
To find out if you’ve been sharing too much location information on your Twitter account, the researchers have developed a free tool called Geosocial Footprint to assess the location footprint of your account. The tool assesses your 200 most recent tweets for signals similar to the ones they researched, and then analyzes your risk and offers suggestions on how to minimize your risk. Remember, even though your social media networks can make you feel safe, you may be inadvertently increasing your risk of ID theft.
August 29th, 2013
Jackie here. Are you concerned about privacy when you shop online? If you aren’t, you may want to start thinking about it. Every click is recorded, monitored, and tracked by marketers and others. Protecting your privacy might seem impossible, but it’s not. There are a few strategies you can use to protect your identity when shopping online.
Cookies are small bits of information stored on your computer to help websites recognize you and provide personalized content. Since cookies are used primarily for identifying, they can unmask your anonymity when shopping online. To keep your purchasing and browsing history a little more private, block cookies on your internet browser. This makes it more difficult for marketers and others to keep track of you online.
While blocking (or regularly deleting) cookies is an important step in protecting your privacy, it won’t always stop you from being identifiable. Cookies are easily blocked and deleted, but a new technology is being used that identifies website visitors using the unique aspects of their system (fonts, screen size, etc.). This new method of identifying users is much more difficult to block.
Do Not Track
Another way to tell marketers to get lost is to use the “Do Not Track” setting on your browser. This alerts websites that you do not want your actions tracked online. In most browsers this is a simple setting that you can enable in just a few clicks.
Use a Separate Email Address
Create a separate email account for online shopping. Use this email address when signing up for newsletters, loyalty cards, etc. to shield yourself from unwanted advertisements.
Make Informed Choices
Who is tracking you? You can find out using a free tool known as Ghostery. This browser extension helps you to identify tracking tags so you can remove undesired ones. Knowing who is tracking you and what they are doing with your information will help you make informed choices about your privacy.
Read Privacy Policies
Another important strategy for protecting your identity when shopping online is to familiarize yourself with the privacy policies on the websites you visit. Understand what information they collect, how they collect it and who they will share it with.
Shopping online is anything but anonymous. Try these strategies to protect your identity and fight ID theft.
August 22nd, 2013
Allison here. In the past year, over three-fourths of businesses had a mobile security incident of some kind. For almost half of these businesses, the cost of the incident (including fixing the problem, business losses, time spent detecting the problem, etc.) was over six figures. This rise in mobile security breaches is at least partly a result of the increase in the number of mobile devices and other technologies that store information. According to an annual mobile security report produced by Checkpoint Software Technologies Ltd, the main reasons for the high rate of mobile security incidents include:
- More Personal Mobile Devices Connecting to the Corporate Network – When asked, 45 percent of companies that allow personal mobile devices say they have more than 5 times as many personal mobile devices as they had two years ago.
- Corporate Information Not Managed on Mobile Devices – Even with the rise in mobile security incidents, 63 percent of businesses do not manage corporate information on personal devices, leaving it vulnerable to more security breaches.
- Increase in Customer Information on Mobile Devices—More than half of the businesses surveyed stated they store sensitive customer information on mobile devices. This large amount of personal data causes id thieves and hackers to target mobile devices more frequently, as they are a potential gold mine of personal information.
August 8th, 2013
Allison here. Wouldn’t it be great if there was a website where you could download and access all the information that companies and data brokers have acquired from you online? Then, after you have access and have seen this information, you can pick and choose what you want to share and for what purpose? Well, FTC Commissioner Julie Brill has come up with just this idea, and is pushing the ‘Reclaim Your Name” concept to give consumers more control over their data.
About Reclaim Your Name
Reclaim Your Name is intended to allow consumers more control over the data companies have about them, and even to tell certain companies not to use their data if it’s being used for marketing purposes. Consumers would also be able to find out how brokers are collecting data and to correct errors in information used for major decisions such as credit, insurance, and employment. Although the campaign has been ongoing for a year now, Brill says that some industry leaders have expressed interest in the idea. Privacy policies and data brokerage have been scrutinized for the past year by the FTC as well as representatives in the House and Senate, placing more pressure on companies to change their big data practices.
So far, Reclaim Your Name seems to be gaining popularity. Time will tell whether or not this program becomes reality, and what impact it will have on big data, privacy, and id theft.
August 2nd, 2013
What is Fingerprinting?
You’d be surprised at how effective this technology is. The Electronic Frontier Foundation found that 94% of computers that use Flash or Java have unique identities. Does your computer? Check out what information you’re sharing (and see if you can uniquely identified) by visiting this site. I was surprised to learn that my computer had a unique identity. One software engineer indicated that fingerprinting allows their company to identify 98% of internet users (odds are you’re one of them).
What Can You Do?
If you’re worried about fingerprinting, the solution isn’t as simple as deleting your cookies. There really isn’t anything you can do about it. Remember that your online activities aren’t anonymous. The best way to protect your online identity from id thieves and hackers is to be smart about the sites you visit and to share personal information only when necessary.
Learn more about fingerprinting here.
July 31st, 2013
Allison here. When it comes to online safety, not all Internet browsers are created equal. Some people do like to dump on Internet Explorer for being outdated or “oldschool”, but it turns out it’s actually
the best at keeping you safe. Information security research firm NSS Labs, Inc. tested the five leading browsers against a sample of 754 “active and malicious” web addresses to see what percentage were caught by each browser’s defenses. Below is a ranking of browsers by level of protection:
Google Chrome- 83.16%
The primary reason for the huge differences in safety is that Google Chrome, Firefox, and Safari all use Safe Search, a system that blocks URLs labeled as “malicious” in a database compiled by Google. According to the data, this defense alone is only 10% effective at protecting your computer against malware. However, Chrome uses an additional protection that also evaluates the safety of an executable file (such as a malware code embedded in a website) instead of just the URL .
What makes Internet Explorer so effective is that it has its own line of defenses called SmartScreen. It does what Google Safe Search and Download Protection do, but with much more effectiveness. The URL-based portion of the protection system blocked over 83% of the malware. This test only included the latest versions of each of these browsers, so earlier versions may not be as strong in their security.
July 3rd, 2013
Jackie here. Last year, Allison wrote an insightful article about online tracking here on the AllClear ID blog. Since that time, many privacy advocates have been working to find a solution to the increasing problem of online tracking. Talks have been in the works for almost two years now to create an international Do Not Track standard, but little progress has been made since the parties involved have difficulty agreeing on the best way to provide privacy protections to internet users.
Early in May, the parties involved sat down for a face-to-face meeting to further negotiate tracking standards. Reaching a consensus has been difficult since different parties have different concerns. Advertisers, for example, want it to be difficult to turn off online tracking, while privacy advocates want the process to be simple. The May meeting was called to determine if a compromise could be reached, and if talks should continue or if they should stop negotiations. After much debate, it was concluded that talks should proceed in an effort to meet the industry’s July deadline.
A July 2013 deadline is in place for the new standards to be created and much will be needed to achieve this goal. The W3C, an online organization spearheading the talks, published some of the details on a recent blog.. Here are a few highlights:
• Do Not Track Should Be User Choice- DNT settings need to reflect a choice by internet users. The industry is working to explore anti-tampering measures to ensure that DNT settings reflect a user’s actual choice.
• Data Retention Periods Will Be Explored- Collected data should be stored for specific periods of time. They plan to work on creating guidelines for data retention timelines and transparency guidelines so users understand how long collected data will be stored.
Will the industry be able to come to a Do Not Track consensus before their July 2013 deadline? For the deadline to be met, all parties involved will have to be open to compromise. It will be interesting to see what solutions the W3C can create to help better protect our online privacy. Learn more here.
June 13th, 2013
Allison here. Facebook cloning is a new type of identity theft where someone creates an exact replica of your profile and sends friend requests to all of your friends. It’s not hard to do, as the cloner simply needs to add you as a friend, copy and paste the information, and he or she has everything to create the clone. This form of id theft doesn’t just hurt you, but it can also hurt your friends and family.
A resident of Hawaii had this happen to her around a month ago. She discovered the scam when a friend of hers said he had given the clone his credit card number, after her clone account requested it. As the scammer behind the clone account had all of the woman’s profile information, he or she was able to replicate the profile perfectly, making friends and family think it was a legitimate account.
There are three primary ways to stop this from happening to you:
- The first is to remove your email from your Facebook profile. Once a possible cloner or hacker has access to this, then it’s only a matter of time before s/he guesses the password and gets in.
- The second is to change the privacy setting on your profile. Make it so that only friends can see what you post.
- The third is to add only people you know and trust. Since cloners get to your information by adding you as a friend, you want to avoid adding people you don’t know.
April 30th, 2013
Allison here. In less than a year, Microsoft will terminate extended support for Windows XP. This means more than just a lack of help for the 39% of people who use XP as their operating system; it also means a potential lack of security. Once the support ends, there won’t be any more security updates, so those still running Windows XP will be extremely vulnerable to malware, viruses, and other problems.
Windows XP may be popular, and a very good operating system, but it may be time to start thinking about switching to a new operating system in preparation for this end of support. It’s over a decade old, and Microsoft had extended the deadline for terminating support more than once. However, it’s unlikely that Microsoft will keep security support going, despite XP’s popularity. There are several upgrades to choose from, such as Windows 7 and Windows 8, or Vista.
Update all of your tech gadgets
While you’re at it, it may be a good idea to upgrade all of your Microsoft products. Actually, it’s probably best to upgrade or update all of your computer and tech gadgets, whether it’s through downloading the latest version or the newest security patches, or another method of boosting your security. It turns out that a lot of Microsoft is terminating its extended support for a lot of products over the next 18 months, so upgrading your support as soon as possible is a great idea.
Overall, the end of many of Microsaoft’s security updates highlights the importance of updating your programs, and of having technology that can handle the latest upgrades (I dumped my Mac a few years ago because it could no longer handle my Internet browser updates). In protecting yourself from id theft, hackers, and scammers, it’s not just a matter of having the latest version of a product, or the sleekest design.
April 19th, 2013
Tamara here, AllClear ID Investigations. The internet is a wonderful thing, and many people perform financial transactions and other tasks requiring personal information, passwords, and user names online daily. However, there are the cyber criminals who are looking to capture that information for illegal use, making the internet a tool we should use with some caution. One of the many tricks criminals and id thieves try to use to capture our information is called a keylogger.
Keyloggers can be installed manually by the criminal or inadvertently by the user from a malicious website or email. Once installed, the program will record each keystroke made, giving the id thief access to user names, passwords, and any other information that is typed into the computer.
One way to combat this is to use an anti-virus or anti-malware software that will scan for harmful programs such as keyloggers, and hopefully catch them before any data is transmitted. Another approach would be to use keystroke encryption. With keystroke encryption, it would not matter whether or not a keylogger is installed on the device, your data would be protected from unwanted access.
What is Keystroke Encryption?
Keystroke encryption happens between the hardware and the operating system of the computer. When you type the keystrokes, they are encrypted before being sent to the application you are using, and will appear as gibberish to anyone who is monitoring your computer. There are a number of different companies offering keystroke encryption technology to install on your computer, and most of the options are fairly inexpensive. Keystroke encryption can be a useful tool in the fight against id theft, and is something we think warrants some thought.