Using Facebook to steal company data

• Tweet

April 7th, 2010 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

There is a reason why computer users are called "users." Like crack addicts who are drug users, more is never enough. And when under the influence, people do stupid things. I find myself scanning the Dell catalog like it's the latest (or any) Victoria Secrets catalog. I'm amazed at how many people I know that are online all day long and digitally stoned. The bad guy knows you are obsessed and uses this against you. He sees that you are comfortably numb here. He understands that in the virtual world you're delirious and more apt to respond to his message then log your credentials.

Steve Stasiukonis is vice president and founder of Secure Network Technologies Inc. and publishes to Dark Reading. He tested his client's network using a bogus identity, and joined the company's Facebook site and started mining the names and email addresses of individuals who identified themselves as employees.

As he collected a database full of names for a penetration test in the phish, he secured a domain name similar to that of his client. This domain name took on the appearance of a human resources or benefits portal. When he emailed the employees as "human resources," they were redirected to a Web page, such as https://www.xyzcompany-benefits.com.

He has been able to accumulate significant numbers of emails for phishing targets from Facebook and other social networking sites. When he launched his Facebook spear-phishing attack, he usually got an average response rate of 45 to 50 percent. So nearly half of the employees responded to an email with the logins and passwords they use on their employers' network.

Steve says:

– Officially sponsor the social networking site and assign an administrator who is responsible for permitting employees to join. This will help control somebody infiltrating the site for devious purposes.

– Establish a social networking policy. If your employees are participating in social networking sites (company sponsored or not) make sure company policies dictate what is and is not permissible. For example, divulging your corporate email account on social networking sites should not be permitted.

– Last but not least, if employees feel the need to gather and converse about their day-to-day work, personal lives, and hobbies, consider a corporate intranet. Maybe someday social networking vendors will launch a product that will provide the same features and benefits, but with the security tools needed to keep employees and company secrets safe. But in the meantime, it's up to you.

Sober up and protect your identity.

Protect your identity:

1. If you think you're a victim of identity theft, find out how to get a credit freeze. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
2. Invest in anti-virus and keep it auto-updated.
3. With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.
4. Invest in identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

15% Norton Internet Security discount—no coupon code required

• Tweet

April 6th, 2010 - Posted by Kent

Norton has simplified the discount process for our exclusive deal on Norton Internet Security 2010. The 15% discount on the award-winning Internet security software can be had without a coupon code by simply following any Norton link from NextAdvisor.com. The discount knocks $10 off the cost, bringing it down to $59.99. It's a great deal for a great product.

Can we get separate Vonage accounts with different phone numbers on the same internet connection?

• Tweet

April 6th, 2010 - Posted by Tasha

The following is an actual-user submitted question:

Q:  My mom and I live at the same address and use the same cable connection for broadband internet service.  Can we get separate Vonage accounts with different phone numbers?  Will it be separate phones or will it be like a party line where if she is on her phone and I pick it up to make a call I will hear her conversation and visa versa?

A: Yes, you can have 2 separate Vonage accounts at the same physical address using the same broadband internet service.  If you sign up one account under your name and one under your mother's name they will be billed seperately.  You will also get 2 different phone numbers.

The Vonage phone service supports up to 5 phones on one broadband internet connection.  This is because Vonage only uses a limited amount of bandwidth to function.  You can either have these phones all on the same Vonage account, or you can sign up for different and separate accounts where each account has it's own  phone number.

If the accounts are different, as in the case of you and your mom, you will not be able to hear or intercept each other's phone calls.  It will work just as if you had 2 different land lines.  Your phone won't hear any of her conversations, and she won't hear any of yours.  Because they are are 2 separate phone lines you could actually call her phone from your line and you could talk to each other (this would come in handy if you have a big house!).

There are a myriad of uses for multiple Vonage lines.  It's convenient for large families who want a separate line for their teenagers, or homes with multiple families under one roof.  It also works well for those who would like both a home and business line at their address.

Right now Vonage World is running a special where the first 6 months are only $14.99 a month (and $25.99/mo  thereafter).  With Vonage World you can make unlimited calls within the US and to 60+ countries.  You can sign up online, or if you're more comfortable you can call Vonage direct with questions at 888-692-8076.

Is Hostmonster easy for a beginner to set up a basic site? How many web pages are available for its basic plan?

• Tweet

April 5th, 2010 - Posted by Kent

The following is an actual-user submitted question:

Q: I have never designed a website. Is Host Monster easy for a beginner to set up a basic site? How many web pages are available for its basic plan?

A: Hostmonster is ok for beginners, but there are other options which are easier. We would suggest you take a look at our web hosting report card. In particular, you'll probably want to look at two columns: the user level (look for "beginner"), and the site builder ratings, if you're looking to build your own site online (look for "excellent"). We found Yahoo! to be the best site for beginners. Between its intuitive control panel, great customer service, and easy site builder, it's a great option. 1&1 is also rather good, and it's cheaper too. While we rated GoDaddy rather low for more advanced users, it is good for very basic site construction, and might be worth a look. Hostmonster and Bluehost once included a great site builder called Page Wizard, which was very easy to use, but it's no longer offered by them.

As to your question about available pages, Hostmonster (and most others) offer "unlimited" storage space, so you could theoretically have a million pages. Some site builders do limit you to a certain number of template pages, and we try to point those out in the reviews.

How do I use Vonage to make international calls without being charged?

• Tweet

April 2nd, 2010 - Posted by Tasha

The following is an actual user-submitted question:

Q: How do I use Vonage to make international calls without being charged?

A: Vonage World makes things as easy as possible.  You just dial the number as you normally would, including the international calling code.  If you're calling a number in the US, or in one of the 60+ countries Vonage World includes, it's free.  If the call is not to one of these 60+ countries then Vonage will charge you a reduced fee per minute.

If both you and the person you're calling have Vonage, the call is free.  Yes, Vonage-to-Vonage calls are free (all you have to do is pay for the monthly service).  If you frequently call someone overseas who isn't included in the 60+ countries, this is a great way to save money.  Just purchase Vonage World for yourself and your friend.  The mailing address on both accounts must be within the US, but once you receive the Vonage adapter you can ship it to whoever you intend to call.

I have Mcafee Security, I ran a webroot scan and it indicated I have a virus. Why doesn't McAfee find it?

• Tweet

April 2nd, 2010 - Posted by Kent

The following is an actual user-submitted question:

Q: I have McAfee Security; I ran a Webroot scan and it indicated I have a virus Mal/FakeAV-CO but have to subscribe to clean it out. If I have this why doesn't Mcafee find it?

A: There are a number of reasons why this could be happening. The first thing you'll want to do is make sure that your McAfee virus definitions are up-to-date, and that you have the most current version of McAfee installed on your computer. If the auto-update is somehow disabled or your subscription has run out, it may be missing crucial virus-identification information. Once you're sure your virus definitions are up-to-date, run a full system scan.

Assuming your virus definitions are up-to-date, it might be best to get a third opinion. Try Norton's free virus scanner. It's possible that Webroot may be reporting a false-positive (something that's not a virus, but just looks like one). The other possibility is that Webroot may have found something that McAfee hasn't.