Zone Alarm and Identity Guard

• Tweet

July 21st, 2009 - Posted by Kent

If you've perused our Internet security software comparisons, you've probably noticed that we have two offers which look similar: Identity Guard with free Zone Alarm internet security software, and Zone Alarm with a free year of Identity Guard Good Start identity theft protection. They sound similar, but the offers are not quite the same. Here's how they stack up:

Identity Guard offers a free Zone Alarm subscription for as long as you use their Total Protection service. The cost is $14.99 a month, or roughly $180 a year.

Zone Alarm offers you one free year of Identity Guard's Good Start product. One year of Zone Alarm is $39.95.

Which is a better deal? The Zone Alarm offer is definitely cheaper, although Identity Guard's Good Start is definitely scaled-down from the Total Protection service, and it's only free for one year (it's $49.95 a year after that). Still, for people primarily looking for Internet security software, it's not a bad way to try out identity theft protection services.

If, on the other hand, you think you'll want robust identity theft protection services straight away, the offer from Identity Guard is your best bet. You'll pay more, but the value of both services combined can't be beat.

How long do negative items remain on your credit report?

• Tweet

July 20th, 2009 - Posted by Caitlin

On Friday, Consumerist gave a detailed explanation of the time it takes for various negative items to fall off your credit report. Most debts stay on your report for 7 years, but there are several exceptions.

Delinquencies stay on your report for up to 7 years after the first missed payment. If, however, your payment was less than 60 days late, the ding to your credit score should expire within a couple of years. If the original lender sells your debt to a collector, the delinquency will remain on your report for a full 7 years, even if you pay the collector. A chapter 13 bankruptcy drops off after 7 years, but a chapter 7, 11 or 12 stays on your credit report for 10 years. Collection accounts drop off 7 years after the original delinquency date. Closed accounts drop off after 7 years if they have delinquencies, or 10 if there was a positive balance. Child support judgments, small claims and civil judgments drop off 7 years after the judgment is filed. Tax liens drop off after 7 years if they are paid, or 15 if they are unpaid. Hard credit inquiries drop off after 2 years. Paid positive accounts stay for 10 years. Positive open credit information, of course, remains on your credit report indefinitely.

Consumerist also points out that many credit scoring models only consider the past 24 months, and that if you have 24 months of high re-established credit, most lenders will consider you "rehabilitated."

Credit report monitoring is the best way to stay on top of the ups and downs in your credit history. Most of the credit report monitoring services reviewed on NextAdvisor.com also include free reports and, in some cases, free scores. To learn more, see our reviews and comparison chart. You can also check out our credit report FAQs for more information.

Web-based email insecurity can lead to identity theft

• Tweet

July 17th, 2009 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

I recently appeared on Fox and Friends to discuss email hacking. Dave Briggs, a FOX & Friends Weekend co-host, lost access to his Hotmail email account when hackers were able to guess either his password or his qualifying question. (He admitted that his password was not as strong as it should have been.) The hackers locked Briggs out of his own account and spammed all of his contacts with a fraudulent email that appeared to be written by Briggs himself, claiming that he was trapped in Malaysia and requesting that someone help him by transferring money via Western Union. Only after persistently contacting Hotmail administrators was Briggs able to regain control of his own email account.

Twitter was targeted by a similar hack, which led to a data breach. It is likely that the hacker guessed the answer to a Twitter employee's security question and reset the employee's password. On Wednesday, Twitter co-founder Biz Stone blogged, "About a month ago, an administrative employee here at Twitter was targeted and her personal email account was hacked. From the personal account, we believe the hacker was able to gain information which allowed access to this employee's Google Apps account which contained Docs, Calendars, and other Google Apps Twitter relies on for sharing notes, spreadsheets, ideas, financial details and more within the company."

And of course, Sarah Palin's Yahoo email account was hacked into last year, during the presidential campaign. The hacker explained how easy it was in Wired.

Web-based email rocks! Since you're no longer tethered to a PC-based client, you can access your email from anywhere. And all the data saved in your email account will be safe if your PC crashes. Many web-based email providers offer gigabytes of free storage and other useful tools like documents, RSS readers, and calendars. Life in the cloud is easier and more convenient. But is it secure?

PC Pro reported on a study run by Microsoft Research and Carnegie Mellon University, which measured the reliability and security of the questions that the four most popular webmail providers use to reset account passwords. AOL, Google, Microsoft, and Yahoo all rely on personal questions to authenticate users who have forgotten their passwords. The study found that the "secret questions" used by all four webmail providers were insufficiently reliable authenticators, and that the security of personal question appears much weaker than passwords themselves. Yahoo claims to have updated all their personal questions in response to this study, but AOL, Google, and Microsoft have yet to make any changed.

Once a hacker has your email address, he or she can simply go to the "forgot password" section of your email provider's website and respond to a preselected personal question that you answered when signing up for the account. With a little research, the hacker has a good shot at finding the correct answer.

Some of the current questions could be answered using information found on a user's social networking profile, or through a website like Ancestry.com or Genealogy.com. Some answers might be found in the user's trash. Some questions seek opinions, rather than facts. For example, "Who is your favorite aunt?" requires an opinion in response, but if a hacker knew the names of all your aunts, he or she could enter them all one by one. Some questions would be more difficult to answer. Unfortunately, if you signed up for your web-based email account over a year ago, before these email hacks became more common, your questions may be even easier to answer.

Gmail's current personal questions are:

• What is your frequent flyer number?
• What is your library card number?
• What was your first phone number?
• What was your first teacher's name?
• Write my own question

Yahoo's current personal questions are:

• What is the first name of your favorite uncle?
• Where did you meet your spouse?
• What is your oldest cousin's name?
• What is your oldest child's nickname?
• What is the first name of your oldest niece?
• What is the first name of your oldest nephew?
• What is the first name of your favorite aunt?
• Where did you spend your honeymoon?

I suggest that you check out the "forgot password" section on your own web-based email account, to see your current personal question. If it's easy to answer, or would only require a little research to solve, update the question with one that you create based on opinion, as opposed to fact. And keep in mind that most people list "pizza" as their favorite food and "liver" as their least favorite. So be creative. You should also beef up your password. Combine uppercase and lowercase letters, as well as numbers. Don't use consecutive numbers, and never use names of pets, family members, or close friends.

You can protect yourself from identity theft by getting a credit freeze. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. You should also invest in identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses hacked email on FOX & Friends.

[youtube]http://www.youtube.com/watch?v=WlD8Nu9nmCc[/youtube]

Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Google certifies email from selected sources

• Tweet

July 16th, 2009 - Posted by Kent

How do you know if an email is really from the person or company you think it's from? Email spoofing is a big problem these days. Just about everyone has received an email purporting to come from a trusted entity like eBay, PayPal, Chase, or a member of Canadian parliament. How do you know if it's for real?

Google is working on a solution. Initially it has implemented technology to make sure that email coming to your Gmail account from eBay and PayPal really is coming from eBay and PayPal. It works through a process of authentication standards; basically, eBay and PayPal have the keys and Google has the lock. Only emails that have the keys will fit the lock and wind up in your inbox. It's a good first step, and we applaud Google, PayPal, and eBay for working together to fight email spoofing.

At this point it only works with through Google's Gmail, and only with email from eBay and PayPal. Internet security software is another layer of protection you can use to help identify phishing emails and nullify their effects. To find out which ones offer the best protection, check out our Internet security software reviews.

Who really falls for spam, anyway?

• Tweet

July 16th, 2009 - Posted by Kent

Any conversation about spam usually comes down to this assertion: that spam is so obviously fraudulent that no one could ever fall for it, right? I worked for five years hunting spam for one of the web's big three search engines, and here's the truth: spam is so cheap, that spammers only need a few people to fall for their methods for them to make a living. That's common knowledge among spammers and those who hunt them. Even though I mostly worked with search engine spam, the principal is the same for email. Every day at my job, we stared in disbelief at clearly fraudulent websites wondering just who would ever click on them.

Remember that PT Barnum quote, "there's a sucker born every minute"? Well, he didn't actually say it. But that doesn't make the sentiment any less true.

According to a recent survey covered in PC World: "about one in six consumers have at some time acted on a spam message, affirming the economic incentive for spammers to keep churning out millions of obnoxious pitches per day." Yup, one out of every six of us has been a sucker at some time. But it's important to look at what they mean by "acted on." It just means they opened a piece of spam email; it doesn't necessarily mean that they actually bought the Viagara.

So, how many bought? PC World points to another study, this one conducted by the University of California, showing that, "the number people who actually made a purchase following a spam pitch was just a fraction of a percent." With a customer base that low, how do they make money?

We're back to the idea of margins. Spam is cheap; it's not a quality business. But also, not all spam is designed to drive a transaction. Some of it is just designed to infect your computer with malware. Access to infected computers is often sold on the black market to other hackers. This can happen with email or search engine spam.

We're told that in the first study, "nearly two-thirds of the 800 polled felt they were somewhat experienced in Internet security." Anecdotally, I can tell you that even experienced Internet users will admit to being phished or tricked into clicking on spam, whether through email, a social networking site, or a search engine result.

As the article suggests, you should keep your machine patched with regular software updates. Also, be careful what you click on. Finally, consider using some type of Internet security software that can alert you to malicious links and protect your system from viruses and unauthorized access. You can see our comparisons and read our reviews here.

Tweets link to identity theft

• Tweet

July 16th, 2009 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

"Misty Buttons" just started following me on Twitter. She's curvaceous, bodacious and isn't getting her needs met. Apparently, she needs me to meet those needs. It is, of course, a tempting offer that someone, somewhere may accept. But I'm going to pass.

Twitter porn and cybercrime are one and the same. Criminal hackers use porn to lure unsuspecting Twitter users into their lairs, where they distribute malicious software and solicit credit card data. In some cases, their victims may deserve to be scammed. Clicking on the links that these ne'er-do-wells post on their Twitter feeds can have a devastating effect on your PC and your bank account.

Internet security software provider McAfee reported a 500% increase in malware in 2008. That's more than the past five years combined. And the FBI reported a 33% increase in Internet crime last year. According to a survey of 1000 firms, companies coping with data breaches lost an average of $4.6 million in intellectual property. This is all due to insufficient hardware, outdated software and the various ruses, such as those perpetrated by Misty Buttons, that trick technology users into opening a door to criminals.

But it isn't just obvious Twitter porn that you need to watch out for. It's also seemingly legitimate links posted by those you follow. Criminals have figured out that Twitter is a social network that brings people together. Strangers follow you, and you often reciprocate, following them back and bringing them into your network. As with email phishing scams, criminals post tweets highlighting current events, with links that lead to malicious sites or direct malware downloads. Numerous news outlets have reported on malicious tweets purporting to point to news about Michael Jackson, Obama, Farrah Fawcett, Iraq and even the Sonia Sotomayor's Supreme Court confirmation hearings. The shortened URLs that are necessary to keep tweets within the 140 character limit help mask these scams. As explained here on NextAdvisor:

Whenever a complete URL is too long or cumbersome, many users turn to URL shortening services like TinyURL. Unfortunately, a condensed URL that appears harmless can easily lead to a malware download or phishing site, rather than the destination you were expecting. What appears to be a link to a friend's home video may actually be pointing you toward the Koobface virus. Hackers can target a single URL shortening service and intentionally misroute millions of users.

How to protect yourself:

1. Before you click on shortened URLs, find out where they lead by pasting them into a URL lengthening service like TinyURL Decoder or Untiny.
2. Install anti-virus protection and keep it updated.
3. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
4. Invest in identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses identity theft.

[youtube]http://www.youtube.com/watch?v=pqCJqwkeTVo[/youtube]

Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Carrie Bradshaw learned the hard way

• Tweet

July 15th, 2009 - Posted by Caitlin

I was flipping through the channels the other night when I came across an old episode of Sex and the City. It happened to be "My Motherboard, Myself," from season four, in which Carrie's laptop crashes. Aiden, Miranda, and the Tekserve technician all ask, "When was the last time you backed up?"  Carrie responds, "Um, I don't do that." She calls Miranda and whines, "No one talks about backing up. You've never used that expression with me before, ever, but apparently, everybody's secretly running home at night and backing up their work."

[youtube]http://www.youtube.com/watch?v=rQSJScOiai8[/youtube]

So I was sitting on the couch, watching this scene, thinking that Carrie is such an idiot. And then it occurred to me that, although I am well aware of the importance of backing up, I have not been backing up my own work! I am a way bigger idiot than Carrie! So, naturally, I hurried to the online backup service reviews at NextAdvisor.com and quickly remedied the situation. Because feeling dumber than Carrie Bradshaw is very unpleasant!

Next Advisor web hosting guide: The cPanel

• Tweet

July 15th, 2009 - Posted by Kent

Web hosting is a service that allows you to put content (such as a blog, website, photo album) on the Internet, at a specific domain that you own. Sounds simple enough, but what does that actually look like? Once you pay your fee, what do you actually get, and what do you do next?

The first thing you should do is get comfortable with your web host's control panel. The control panel is the fundamental way you manage your web hosting. This includes installing your blog, looking at visitor statistics, changing settings, managing files, installing web site creators, adding subdomains, the list goes on. In fact, there are so many things that most control panels are a little overwhelming. Here's the popular cPanel control panel, which powers a number of web hosting solutions, including Web Hosting Pad, Just Host, Host Gator, HostPapa, IX Web Hosting, and others :

There are a lot of choices here (click here for a full view). In fact there are way more than you probably need, at least right now. The good news is that you don't really need to know all of them. On the left you'll find a bunch of statistics related to your account. You'll find this more useful further down the road. Right now, a lot of it will be blank. Taking up most of the page is the menu of options, looking a bit like a Windows operating system circa 2001. The nice thing is, you can actually rearrange these panels, so you can drag the ones you use least down at the bottom.

The most common modules you'll probably want to use first are Email Accounts (located under Mail), and the various blog and sitebuilding add-ons grouped together as Fantastico Deluxe (under Software/Services).

Email is very easy to set-up on cPanel, simply choose a user name and a password (it will even create one for you, if you prefer). The mailbox quota is optional, and best left at its default. cPanel will create your email address and then provide you with the configuration settings for your email program.

Fantastico De Luxe is a different beast altogether, in fact it's a whole other control panel. It's your one-stop shop for add-on modules like WordPress (for blogging), CubeCart (for creating a shopping cart), 4Images Gallery (for building an image gallery), and Soholaunch (for creating a website). It looks like the Macintosh operating system circa 2001. On the left you see your options. Next to that, you see the add-ons you have installed (if any).

For the sake of demonstration, let's install WordPress. WordPress is the web's most popular platform for blogging. First, click the WordPress link on the left. When you see the WordPress installation screen, click "new installation."

Now you need to make some decisions, the most important being where you'd like to install your blog. If you want it to be the page that people see when they arrive at your website, just leave this space blank. If you plan on having the blog as part of a bigger website, you might want to put this at a directory like: blog (so type "blog" into that box).

You'll also need a username for the blog. It's also time for another password. Since WordPress does not ask you to confirm the password make sure you write it down. Or, better yet, copy and paste it into a text file. Your admin nickname will be visible to people who view your blog, so choose something you want people to see. Next, enter an email address (notifications will be sent to you at this address). Your blog needs a name, which doesn't have to be the same as your domain. Finally, you can enter a description, which can be as simple or complex as you want. You can always change title and description later.

You will get one more screen telling you everything is working right and ready for installation. You can ignore the bit about the MySQL user, because you won't need to know that. Just click "finish installation." When it's been installed correctly, you'll see a confirmation of your information, including the url where you will administer your blog. As Fantastico suggests, you should bookmark it.

The process of installing other modules will be similar. If you want to get back to your cPanel, just click the "control panel" icon at the upper left.

Those are the basics. If you've done the above you'll now have your own email address and blog set up.

What's next? Try building a site. Depending on your web host, some site builders are located in the Fantastico panel, and some will be found in the cPanel. Or try an offline site builder like Adobe Dreamweaver, Apple iWeb, or Microsoft Expression.

ATM fraud increases identity theft risk

• Tweet

July 15th, 2009 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

According to a recent survey, ATM fraud is becoming increasingly common. 70% of financial institutions reported an increase in ATM and debit card fraud claims from 2007 to 2008, and those numbers are expected to rise even further in 2009. Much of this new fraud has resulted from recent major data breaches, such as the TJX and Heartland hacks.

Hacking into a database and compromising cards numbers and PINs is not particularly difficult. It's even easier to affix hardware to the face of an ATM machine and skim the information off the magnetic strip. Once the data has been compromised, identity thieves clone cards and turn that data into cash as quickly as possible.

BankInfoSecurity.com recently published "7 Growing Threats to Financial Institutions." In a similar vein, here are 7 growing threats to you.

1. Skimming – This occurs when easily obtainable hardware is attached to the face of an ATM. The hardware records the user name, card number and PIN, and the user rarely notices the scam.
2. Ghost ATMs – A card reader is blocked off and replaced with hardware that prevents a transaction and records user data.
3. Dummy ATMs – An ATM is purchased, programmed to record data, and installed whereever there is foot traffic. These machines are often found on eBay and either powered by car batteries or plugged into a nearby outlet.
4. PIN IDs – Sophisticated criminal hackers break into a database or skim magnetic strips. Then they use hacking software to plug in various commonly used PINs at an online banking site. When the software finds a match, the criminals gain access to another account.
5. Automated PIN changes – Criminals use a bank's telephone system to changed a customer's PIN. They may attempt to change the customer's Automatic Number Identification through a system that telephone companies use to identify a caller's directory number. This can be accomplished via caller ID spoofing, in which criminals use a few pieces of the cardholder's personal information to verify them as a bank customer.
6. SMS attacks – Also known as "smishing" or "phexting," these are phishing messages sent via text message. Texts usually appear to be from a bank, requesting the customer's user name and password.
7. Malware – Researchers found a virus that specifically infects ATMs, takes over the machine and logs card numbers and PINs.

So how do you protect yourself? First and foremost, pay close attention to your bank statements and refute unauthorized transactions within 30 days. Pay close attention when using an ATM. Look for red flags, such as an odd looking configuration on the face of the machine, wires or double stick tape, or if your card seems to get stuck. Don't just use any ATM. Choose ATMs at secure locations. Use strong PINs. Combine numbers and upper and lowercase letters whenever possible. Delete phishing texts or emails immediately. Make sure that your Internet security software is up to date, and invest in identity theft protection. Because when all else fails, it's good to have someone watching your back.

Robert Siciliano, identity theft speaker, discusses ATM skimming.

Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of 2 books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

More changes at Facebook

• Tweet

July 15th, 2009 - Posted by Caitlin

Facebook's gradual evolution from private to public continues. The social networking site has begun making status messages, photos and videos visible to the general public, rather than only the user's approved friends. For the present, only certain users, whose profiles are already set as public, will find that their posts are now visible to everyone by default. But since the constant changes to Facebook's privacy settings tend not to be as transparent as users might like or expect, it's worth taking a look at your own account settings and figuring out just how much information you are broadcasting to the entire Internet. Although Facebook's new position is to encourage users to make their information as public as possible, we suggest that you think twice before going that route. You can still keep your profile as private as you'd like, but you'll need to be proactive about it, by actively taking advantage of the privacy options that are available.

Carelessly exposing your personal information can put you at risk of identity theft. To learn more about how to protect your identity on Facebook, check out our Facebook Identity Theft Protection Guide. And if you're interested in learning about identity theft protection services, see our reviews and comparison chart.