High tech harassment in social media
October 9th, 2009 - Posted by Robert Siciliano
Robert Siciliano is a NextAdvisor.com Expert Guest Blogger
Technology keeps providing new opportunities for harassment: social media identity theft, cell phone abuse, online bullying, the list goes on.
Over a year ago, I appeared on The Tyra Show to discuss high tech harassment. I met a family from Washington, who found that several of their phones had been hacked and were being used to spy on and harass them. The hacker was able to turn a compromised phone on and off, use the phone's camera to take pictures, and use the speakerphone to record their private conversations. Every time they rerun the episode, I get emails from more victims.
In an even more shocking instance of high tech harassment, a hacker took over a woman's Facebook account while she was on a camping trip, with no Internet and no cell phone service. The hacker impersonated this woman, but instead of attempting to scam her family and friends out of cash, he used her Facebook profile to post suicidal messages, including, "My only friend is the handgun in the back of my closet," and, "I don't want a funeral or memorial, I want it to be like I never existed." After two and a half hours of Facebook drama, the victim happened to regain cell phone reception and discovered twenty voicemail messages begging her not to do "anything drastic." By the time her son was able to get in touch with her, there were police gathered outside her home, preparing to break down the door.
In this incident, the victim was the mother of a Navy Seal who died in Iraq. It's believed that she was targeted because of her charity work celebrating the lives of deceased military personnel.
But this can happen to anybody. To protect yourself, strengthen your passwords. Use a combination of upper and lowercase letters as well as numbers, and avoid easily guessed words that can be found in the dictionary, names of pets or children, or birth dates. Make sure that your computer has updated Internet security software. Don't access social networking websites from public computers that could contain spyware. Don't click on links in messages "friends" encouraging you to download a video or view pictures, as this is becoming a common ruse in social media. Avoid all the third party applications, which are risky and can be fronts for malicious software.
And invest in identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.
Robert Siciliano, identity theft speaker, discusses hacked email on Fox & Friends.
[youtube]http://www.youtube.com/watch?v=WlD8Nu9nmCc[/youtube]
Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.
Can I use Carbonite to move my documents and music to a new computer?
October 8th, 2009 - Posted by Kent
The following post in our Reader Question series is an actual user submitted question. To maintain the integrity of the original question, we do not edit or change reader questions in any way.
Q: We are buying a new computer. Can we use carbonite to back up our documents and music and then recover to the new computer? We don't intend to use the old computer once we install the new one
A: Earlier this week a reader wrote in with a similar question, asking if Carbonite online backup could be used to facilitate a complete migration to a new machine. We won't repeat too much of what we said there, but to summarize: yes, you can, though it's a bit slower than with a direct connection, due to network speeds and the necessities of encrypting and decrypting the data.
Here's something we didn't say: once you move your data, you're not done. First, be sure all your data was transferred successfully and there's nothing else (such as preferences or email messages) that you'll miss. Secondly, you have to securely erase that old hard drive. There's a good article over at Microsoft.com that discusses this process in much greater depth, but third-party disc reformatting software is probably your best bet (that or physical destruction of the drive itself).
Not erasing that hard drive could leave you open to identity theft. If you sell, donate, or throw away that old laptop (and really, you shouldn't throw it away—that's bad for the earth) your data is out there.
A real-life use case for SugarSync
October 8th, 2009 - Posted by Kent
One of the nice things about testing online services is that sometimes they really come in handy while you're testing them. Over the last few weeks I've had some friends in town from Germany. They were so captivated by California that they easily filled up the 2GB of storage on their camera's memory card before their trip was half done. I offered to let them put the photos on my Mac, then we'd burn them to CDs.
Only it didn't happen quite like that. There were cable cars to catch and cocktails to be had. We got the photos backed up on the Mac, but never quite got the CDs burned. Later, with our friends back in Germany, and the photos still in San Francisco, we needed an ingenious solution that didn't involve four CDs and the Deutsche Post. It came in the form of online backup provider SugarSync.
I downloaded the SugarSync client at home (though I could have just used the web interface). I dragged the photos over to the proper folder. Once the photos were uploaded I chose to share the folder. I was given a unique url for the location of the photos that I emailed to my friends in Germany. They can now download them at their leisure. And I actually did the last two steps on my iPhone, while waiting for the bus.
SugarSync is not the only service we reviewed that allows online sharing. You can read our reviews and check out our comparisons here.
More phishing news…
October 7th, 2009 - Posted by Caitlin
Today, the FBI charged 53 defendants with conspiracy to commit bank fraud and wire fraud, the largest number ever charged in a cybercrime case. 33 have already been arrested and the remainder are being sought by law enforcement. Egyptian authorities charged 47 defendants linked to the same phishing operation. The arrests follow a multinational investigation known as "Operation Phish Phry," which began in 2007.
According to the FBI, hackers in Egypt used phishing techniques to obtain banking information and other sensitive personal data, which they supplied to associates in the United States. The U.S. hackers used the stolen data to withdraw funds from their victims' bank accounts. They then wired a portion of the proceeds back to the hackers in Egypt.
Keith Bolcar, acting assistant director of the FBI in Los Angeles, commented, "The sophistication with which Phish Phry defendants operated represents an evolving and troubling paradigm in the way identity theft is now committed. Criminally savvy groups recruit here and abroad to pool tactics and skills necessary to commit organized theft facilitated by the computer, including hacking, fraud and identity theft, with a common greed and shared willingness to victimize Americans."
It is easy to dismiss phishing emails by catagorizing them as spam, a mere nuisance. But phishers are not harmless. They are collecting data that can and will be used for identity theft. When anyone requests your confidential account information, whether it's a username and password or banking information, pause and consider the circumstances before you obediently hand over the data. And, just in case your personal details do find their way out into the world, despite your best efforts, consider investing in identity theft protection.
National Protect Your Identity Week begins on October 17th
October 7th, 2009 - Posted by Robert Siciliano
Robert Siciliano is a NextAdvisor.com Expert Guest Blogger
The National Foundation for Credit Counseling has announced its second annual National Protect Your Identity Week, which will occur from October 17 through 24. National Protect Your Identity Week is intended to educate consumers about identity theft protection. The Council of Better Business Bureaus has partnered with the NFCC to sponsor this initiative, and a number of other national organizations will also lend their support as Protect Your Identity Week Coalition Members.
To learn about relevant educational events in your area, including identity theft workshops, credit report reviews, and on site shredding, go to ProtectYourIDNow.org, where you'll also find identity theft prevention tips, videos, an interactive quiz to assess your risk of identity theft, and resources for victims.
This year, ProtectYourIDNow.org has added a new feature, a blog where I will post daily during Protect Your Identity Week, and weekly therafter, in order to provide insight, information, and advice on topics relevant to identity theft. My goal is to keep the public informed and ten steps ahead of the bad guys. (Of course, I hope you'll also continue to follow me here at NextAdvisor.com, along with the excellent advice of Caitlin, Kent and Joe.)
The Identity Theft Resource Center subdivides identity theft into five categories:
- Business/commercial identity theft (in which the thief uses the victim's business name to obtain credit)
- Criminal identity theft (in which the thief poses as the victim when apprehended for a crime)
- Financial identity theft (in which the thief uses the victim's identity to obtain goods and services)
- Identity cloning (in which the thief uses the victim's information to assume his or her identity in daily life)
- Medical identity theft (in which the thief uses the victim's information to obtain medical care or drugs)
I will be discussing these and other fraud related issues on an ongoing basis. In the meantime, take basic steps to protect your own identity. You can attempt to prevent new account fraud by getting a credit freeze, setting up your own fraud alerts, or investing in an identity theft protection service.
Robert Siciliano, identity theft speaker, discusses social media identity theft.
[youtube]http://www.youtube.com/watch?v=JwFC0jfxTco[/youtube]
Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.
Phishers expose email account information
October 7th, 2009 - Posted by Caitlin
A massive phishing scam resulted in the exposure of tens of thousands of email addresses and passwords. One list, containing 10,000 Hotmail, MSN, and Live.com addresses and passwords, was posted online at PasteBin, a website commonly used by developers to share code. A second list soon emerged, containing 20,000 email addresses and passwords from a number of different service providers, including Hotmail, Yahoo, AOL, Gmail, Comcast, and Earthlink. Google later discovered a third list, but has not disclosed the number of exposed accounts. Google has forced password resets on the affected Gmail accounts, and several other email providers have released statements encouraging users to be cautious when opening links and attachments from unknown sources, to regularly update their Internet security software, and to change their passwords often.
An analysis of the first list of 10,000 email addresses and passwords revealed that the most commonly used password was "123456," which was used 64 times. 42% of the passwords on the list consist entirely of lowercase letters, and 19% contained only numbers. The average password length was eight characters, and nearly 20% were only six characters long. Only 6% of the passwords used a combination of upper and lowercase letters and numbers.
Clearly, Internet users need to be more educated about phishing scams and secure passwords. A phishing scam involves an email may appear to be from a trusted institution, such as a bank or popular social networking site. The email prompts the recipient to follow a link to a fake version of a familiar website, where, if all goes to plan, the victim will be conned into revealing data such as bank account information or a username and password. Often, there are inconsistencies in the email or website that reveal the scam, but as phishing scams become increasingly sophisticated, it is more difficult to recognize the tricks. One way to avoid these scams is to pay close attention to the sender's email address and to the URL of the link. If even one character is off, it is likely that you are dealing with a phisher. It's safest to type the correct URL into your web browser's address bar yourself, or to use a link saved in your bookmarks menu, rather than clicking on a link in an email. In addition, you should be alert for any other inconsistencies.
Users should also recognize the importance of secure passwords. Your password should consist of both upper and lowercase letters as well as numbers, and it should not be a single word that can be found in a dictionary. You should change your passwords occasionally, and you should not reuse the same password for multiple websites. If a hacker obtains your Facebook password, which is the same as your email password, and your email account contains an email with banking information, you have made it quite easy for the hacker to steal your identity.
In addition to using common sense and creating secure passwords, you should be sure to install and update Internet security software and consider investing in identity theft protection, which helps prevent and detect the end result of the most nefarious Internet scams.
Student Identity Theft Protection Guide
October 6th, 2009 - Posted by Caitlin
Identity theft is the fastest growing crime in the United States, and an increasing number of identity theft victims are children. Minors are particularly vulnerable targets since their parents don't normally check their credit reports, which can allow the crime to go undetected for years. And in some cases, lack of credit history makes it easier to obtain credit in a child's name.
What you may not realize is that college students are just as susceptible as children, if not more so. Many colleges and universities continue to use students' Social Security numbers for identification purposes, which means that these sensitive digits could be plastered on ID cards, grades, and other official paperwork. Students are often bombarded with preapproved credit offers, and may also receive letters regarding financial aid. Since students move frequently and may neglect to forward their mail, sensitive information is more likely to fall into the wrong hands. And since almost 30% of college students ignore their checking and credit card balances, they are far less likely to notice if they do become victims of fraud.
We have compiled a list of tips to help college students prevent identity theft.
1. Protect your sensitive personal information.
Your sensitive personal information can be used to withdraw money from your bank account, make fraudulent charges on your credit cards, or to accumulate debt in your name. Sensitive personal information includes your Social Security number, credit card and bank account numbers, any other personal finance data (such as paperwork regarding financial aid), your driver's license number, medical information, and even your date of birth, address, and phone number.
Your Social Security number is the key to your identity. In the hands of an identity thief, it can be used to open new accounts in your name. You should never carry your Social Security number or card with you in your wallet. If you haven't already memorized your Social Security number, do so. You might consider leaving your Social Security card at your parents' house, and making a photocopy of it that can be locked up and brought out only when needed. If your college uses Social Security numbers as your student ID, request a new student ID with a randomized number that is not tied to your Social Security number. When filling out paperwork, you should only provide your Social Security number when absolutely necessary. In many cases, you will be asked for your Social Security number as a matter of course rather than necessity, in which case it is perfectly acceptable to decline.
Paperwork that includes sensitive personal information should be stored in a safe, unobtrusive place, such as a locked file cabinet. Don't leave these types of documents in your backpack or purse, and keep track of your wallet. Your dormitory and campus may feel safe and comfortable, but it is not uncommon for identity thieves to take advantage of that trusting environment. Your roommate and new friends may seem perfectly nice, but there's no need to tempt them by leaving your sensitive personal information lying around for the taking.
2. Protect your laptop.
Your laptop almost certainly contains a wealth of sensitive personal information. This access to your identity is far more valuable than the computer itself. That's why it's crucial to take a few basic precautions to protect your laptop and the information it contains.
One of the best ways to prevent laptop theft is to be conscious of the fact that laptops are extremely tempting and relatively easy targets for thieves. Never leave your laptop unattended in a library, café, or other public place. Don't leave your laptop in your dorm room with the door unlocked. You may want to consider purchasing a lock that secures your laptop to a desk or table. There are also alarms that will alert you if someone attempts to move your laptop, or if you and your laptop are separated by more than a set distance, as well as laptop tracking and recovery services. At the very least, you should label your laptop with your name and contact information, write down the serial number, and put a brightly colored sticker or other identifying mark on your laptop so that you can recognize it easily.
Use passwords to protect the information stored on your computer. Ideally, you should not store any passwords on your computer, or allow your web browser to remember passwords. If you must, at least be sure to use a strong primary log-in password to prevent unauthorized access to your laptop. Memorize this password, and don't save it or write it down anywhere on or around your computer. Whenever you are finished using your laptop, be sure to log out. For additional protection, you can encrypt sensitive data and disable instant message logging.
And of course, Internet security software is essential. Hackers use spyware, viruses, and phishing to gain access to your files, your passwords, your bank account and credit card numbers, and your PINs. The best way to thwart cybercriminals is to install software that offers thorough protection against a variety of threats, and set that software to update automatically. Since hackers take advantage of vulnerabilities in your operating system, web browser, and other software, you should promptly install all recommended patches and updates whenever they become available.
3. Be savvy when using the Internet, especially social networking websites.
Internet security software is a necessity, but there is no substitute for common sense. Understand the risks associated with social media and be smart when browsing the web.
Sharing personal data can make you an easy target for online attacks. An identity thief could use information about your classes, your network of friends and family, or your hobbies and interests to impersonate a trusted friend or convince you that they have the authority to request personal or financial data. They might also be able to guess your passwords or the answers to password security questions. Use privacy settings and common sense to avoid scammers. Most social networking sites allow you to control how much of your profile is revealed to users inside and outside your network. Adjust these settings to meet your individual needs, but in general, you should limit the amount of personal information you post. For example, never publish your full name, Social Security number, birth date, or address. Limit your circle of contacts. Consider restricting access to your page to a select group of people and setting your profile to "private" to prevent uninvited members from viewing your personal information.
Whether you are on a social networking site or any other website, you should always exercise caution when clicking on links or downloading files. Avoid opening links or downloads from strangers. Shortened URLs from shortening services such as TinyURL and Bit.ly can be used to obscure the true link destination and trick you into downloading malicious software. Phishing emails that seem to be from a financial institution or social networking site can send you to a spoofed website designed to capture your username and password. When in doubt, type the website address into your browser, or use a link in your bookmarks menu, rather than clicking on a potentially misleading link in an email. Never enter your password or account number unless you've verified the site's authenticity. Above all, pay attention and follow your instincts. If a website seems suspicious, click away.
Don't use a public computer to shop online or conduct online banking. And when using a public computer for any reason, remember to log out of all websites and the computer itself once you are finished.
4. Don't ignore snail mail.
Postal mail can provide many opportunities for identity thieves. Bank and credit card statements and routine paperwork from your college or university contain all the personal data necessary to open fraudulent accounts. Identity thieves can also use unsolicited, preapproved credit card offers to apply for credit cards in your name through the mail.
You should always shred preapproved credit card offers before discarding them. If you wish, you can prevent financial companies from sending these preapproved offers by filling out a request form at OptOutPrescreen.com. To reduce other types of junk mail, visit the Direct Marketing Association's mail preferences service website and ask that your name be removed from marketing mailing lists.
Consider signing up for online bank and credit card statements and discontinuing paper statements. As with all paperwork that contains sensitive information, store your statements in a safe place or, if you discard them, shred them thoroughly first.
You may want to think about getting a post office box for your personal mail, or maintain your parent's address as your permanent address. The latter will reduce the chance of mail going to an out-of-date address. Otherwise, make sure to fill out a change of address form at the post office when you move, to ensure that your mail gets forwarded to the current address.
5. Take responsibility for your finances.
Whether you have been earning and budgeting your own money for years or you still rely on an allowance from your parents, it's time to take responsibility for your own finances. Review your bank account and credit card statements regularly, and report any unauthorized charges immediately.
You should also begin to give some thought to your credit history. If you have not already done so, you should check your credit report for fraudulent or erroneous information. Since some businesses only report to one credit bureau, it is best to request your credit report from all three (Equifax, Experian, and TransUnion) to ensure that you have not already been victimized without your knowledge. If an identity thief opens a new account in your name, that information should appear on at least one of your three reports. For more information about establishing and protecting your credit, check out Credit 101, another NextAdvisor.com guide specifically created to educate young adults.
Avoid signing up for a credit card with vendors on campus. If you are interested in signing up for a credit card, it is safer to contact the credit card company directly.
6. Consider a proactive identity theft solution.
There are several companies that provide comprehensive protection against identity theft. These services work to prevent, detect, and, if necessary, resolve identity theft on your behalf. Depending on the service, protective measures include fraud alerts to help prevent new lines of credit from being opened in your name, junk mail reduction, public and private database scanning for misuse of your personal information and more. To learn more about identity theft protection and the various companies that offer this service, take a look at our reviews and comparison chart.
7. Take action immediately if you think you have been victimized.
If your credit or debit card is lost or stolen, call the bank or credit card company right away and cancel the card. You should also notify your bank right away if you notice any unfamiliar activity on your bank or credit card statements.
If you suspect that you may have become a victim of identity theft, contact the fraud departments of the three major credit bureaus and request that fraud alerts be placed on your files.
Equifax: 800-525-6285
Experian: 888- 397-3742
TransUnion: 800-680-7289
Review your credit reports for inquiries from companies you haven't contacted, accounts you didn't open, and debts that you can't explain. Check that your personal information is correct. If there is any incorrect information, contact the relevant credit bureau to have it removed. Close any accounts that have been tampered with or opened fraudulently. And file a complaint with the Federal Trade Commission and with your local police.
If you subscribe to an identity theft protection service or a credit monitoring service, your service provider will handle these steps as well as providing additional guidance and assistance.
8. Help curb identity theft by sharing these tips with other students.
College students may find it difficult to muster up much concern about identity theft. You have a sense of invincibility, your campus feels like a safe and friendly environment, and you have more interesting and immediate things to think about. But the risk of identity theft is very real, and unfortunately, it will likely be a growing risk for years to come. Restoring your identity can be an expensive and time consuming process. It is far better to take a few sensible precautions than to suffer the consequences of becoming a fraud victim. In addition to protecting yourself, you can help curb the threat of identity theft by sharing this guide with your friends and classmates.
Can I use an online backup service to move to a new computer?
October 6th, 2009 - Posted by Kent
The following post in our Reader Question series is an actual user submitted question. To maintain the integrity of the original question, we do not edit or change reader questions in any way.
Q: I was considering Carbonite after reading your comparison of backup software and services. I am contemplating getting a new computer to replace my dell dim 5150 and thought Carbonite could be a good way to make the transition. but not having purchased it yet, I do not know the details. I do note it is not marketed that way. Good idea or bad?
A: In a sense, using an online backup service to move to a new computer would be just like restoring your files onto a new machine after a hard drive crash. We applaud your ingenuity. It's not a bad idea, but as with any work-around process, there are some things to keep in mind:
1) You will need to do some manual configuring of the backup process. By default Carbonite does not back up everything. For instance, it does not back up video files or any files over 4GB in size. You'll need to go through the backup preferences to make sure every file type is covered.
2) While you can have Carbonite back up your program files, it's best to install these fresh. Make sure you have access to the original installation discs or that you still have the original install files on your PC (and that you've instructed Carbonite to back them up).
3) It will take a lot longer. A full online system restore can take a day or longer, and that doesn't count the original backup which will take just as long. There are many reasons for this, including the encryption used by your online backup service provider (it has to encrypt the data before leaving one computer and decrypt it for the new computer). Last time I upgraded to a new computer, I used a firewire cable to transfer the data from a Powerbook to an iMac and it took less than two hours. Speeds using other cables will vary, but there's no way online backup can match a direct connection.
So, while it's certainly possible, it's an investment of time and effort. Online backup services are meant to keep all your important data safe, and (in most cases) to give you mobile access to that data. If your hard drive crashes, or is stolen, you probably won't care if it takes a whole day to restore your data. But, if you're anything like me, when you get a new computer even two hours is too long to wait. In which case you might want to try something like LapLink's PCmover (though we have not yet had the opportunity to try it out).
Las Vegas restaurant uses new technology to avoid identity theft
October 5th, 2009 - Posted by Caitlin
Do you become slightly tense when a waiter whisks your credit card off to some unseen corner of a restaurant? Knowing what we do about identity theft, it's hard to feel entirely comfortable letting a credit card out of your sight. With that in mind, a Las Vegas restaurant has introduced hand held devices that allow customers to conduct credit card transactions right there at the table. At Ricardo's, your credit card remains in your possession at all times.
Bob Ansara, president of Ricardo's, says, "Everybody has a fraud or identity theft story to tell. So our guests love this system because it provides a greater comfort level when they can see the whole transaction at their table." The credit card reading device resembles those mounted at supermarket checkout stands, and includes an easy tip authorization button. It works through a wireless Bluetooth communications link between the device and a computer system. The credit card data is encrypted to prevent hackers from intercepting it.
This technology was developed by Toronto-based Ingenico Canada Ltd., the market leader in payment terminal technology. According to vice president of business development Terry McLoughlin, 70% of all instances of credit card skimming occur during restaurant transactions. McLoughlin argued that this system greatly reduces the possibility of skimming.
It is encouraging to see businesses demonstrating this level of concern for the security of customer credit card data. Hopefully, Ingenico's credit card readers are adequately encrypted, and will have the desired effect of reducing instances of skimming. If the system works as advertised, it will likely be adopted by other restaurants. In the meantime, consider an identity theft protection service to ease your mind whenever you entrust a stranger with your credit card.
Categories
Blog Archives
Popular Services Reviewed:
Credit Monitoring Services |
Find Us On:
Copyright© 2006 - 2012 NextAdvisor.com - All rights reserved.
Disclosure: NextAdvisor.com is a consumer information site that offers free, independent reviews and ratings of online services. We receive advertising revenue from most of the services we review. Our editors thoroughly research and whenever possible test each service we review and offer their honest opinions about each one. We are independently owned and operated and all opinions expressed on this site are our own.