Seven ways to combat scareware

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

You may have seen this before, it goes like this: a pop-up pops and it looks like a window on your PC. Next thing a scan begins. It often grabs a screenshot of your “My Computer” window mimicking your PCs characteristics then tricking you into clicking on links. The scan tells you that a virus has infected your PC. And for $49.95 you can download software that magically appears just in time to save the day.

From that point on if you don’t download and install the software, your computer goes kooky and pop-ups will invade you like bedbugs in New York City.

Web pages may be infected or built to distribute scareware. The goal is to trick you into clicking on links and download their crappy software.

Information Week reports those behind a new fake antivirus software have added a new social engineering element — live support agents who will try to convince potential victims that their PCs are infected and that payment is the cure.

The rogue software comes equipped with a customer support link leading to a live session with the bad guy. Real scammers on the other end of chat have the ability to offer live remote access support instructed by support to click a link initiating remote access to their PC.  Once connected remotely, the scammer can potentially retrieve documents to steal your identity.

Another new twist on the scam involves a popup in the form of a browser with a warning that looks like what your browser may present to you when you visit a page that might have an expired security certificate, malware warning or be a potential phishing site. The page is usually red with a warning: “Visiting This Site May Harm Your Computer” then it provides you with a link, button or pop-up that gives you the option of downloading security software or to update your browsers security.

The software is sometimes known as “AntiVirus2010” “WinFixer,” “WinAntivirus,” “DriveCleaner,” “WinAntispyware,” “AntivirusXP” and “XP Antivirus 2010” or something like “Security Toolkit”. These are actually viruses or spyware that infect your PC, or just junk software that does nothing of value.

What makes the scam so believable is there is actual follow through of the purchasing of software that is supposed to protect you. There is a shopping cart, an order form, credit card processing and a download, just like any online software purchase.

Protect yourself:

1. Use the most updated browser. Whether Internet Explorer 8, Chrome or Firefox, download the latest and greatest. At least download whatever security updates there are for your existing browser.
2. Usually by default, a pop-up blocker is turned on in new browsers. Keep it on. No pop-ups, no scareware.
3. If you are using another browser and a pop-up does pop up, shut down your browser. If the pop-up won’t let you shut it down, do a Ctrl-Alt-Delete and shut down the browser that way.
4. Never click links in pop-ups.  If the pop-ups are out of your control, do a hard shutdown before you start clicking links.
5. Persistence counts. Shutting off this pop-up is often difficult and any buttons you press within this pop-up could mean downloading the exact virus they warned you of.
6. Employ the most recent versions of anti-virus and keep it set to automatically update your virus definitions.
7. Never click on links in the body of a “WARNING” webpage that is suggesting to download updates for your browser or suggesting to download security software . Just hit the little red X in the upper right corner. [Editor's note: Firefox and Adobe Flash Player may both show update notifications in the browser window; if you have any doubts if the notification is genuine, you can always visit the respective update pages for Firefox and Adobe Flash Player]

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with McAfee to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft victims on The Morning Show with Mike & Juliet.(Disclosures)

• Tweet

Identity theft consumer education is paramount

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Credit card companies, banks, financial advisors, retailers, hospitals, insurance companies, and just about every other industry and organization that deals with finances has been affected by identity theft.

All these entities have to deal with fraud at some level. For some it’s an occasional nuisance and for others it’s a part of their daily grind. Most have heavily invested in multiple layers of security, but all remain targets. Each has its own set of issues to overcome and each copes with the same underlying constant: the consumer is often the most vulnerable variable in the equation.

Joe and Sally Main Street generally offer the path of least resistance when a scam is launched. Everything from phishing emails, spoofed websites, un-patched or unprotected PCs, open wireless connections, lack of attention to statements, not shredding data, carrying too much information in a wallet, and overall lack of attention to personal security allows fraud to flourish.

Anne Wallace, president of the Identity Theft Assistance Center, explains that the risks are compounded by the increasing popularity of new technologies like mobile banking and social networking. “The crooks are ever-creative,” she says. “They’re always exploiting new schemes to extract information from consumers.” According to Wallace, ITAC members have an obligation to educate consumers about the security threats posed by emerging technology. “It’s so important to keep talking to people about the old threats, the new threats – on a recurring basis.”

I totally agree. Every institution that deals with identity theft has an obligation to effectively inform and educate their client base about how they can protect themselves from fraud.

Many of these organizations have policies that shift the burden of loss away from the consumers. This is a double-edged sword that does not stop fraud. I’m a big believer in personal responsibility. Whether fraud is the fault of the consumer or a larger entity, a resolution in the best interest of both parties should be sought. It is imperative, however, that the party responsible acknowledges that responsibility. This is how we learn from our mistakes, and how we will eventually overcome fraud. If all parties escape blame, only the scammer wins, and fraud flourishes.

Check out NextAdvisor's reviews of Identity theft protection services to learn how to protect yourself. For additional tips and identity theft education, please visit http://www.counteridentitytheft.com.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with McAfee to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft victims on The Morning Show with Mike & Juliet.(Disclosures)

• Tweet

Log out, log out, I repeat: LOG OUT

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

One of the most common yet underreported causes of data breaches is users’ failure to properly log out of public PCs.

Is your work computer accessible to others, perhaps after business hours? How about your home computer? Does its use extend beyond your immediate family, to your kids’ friends or babysitters, for example? Do you ever log in to a hotel’s business center PC, or take advantage of free Internet at a bank of sponsored PCs at a conference? Or pay per minute at an Internet café? Maybe you’re you a college student; do you use the PCs in the computer lab, or friends’ PCs?

Any shared PC is at an increased risk for spyware, viruses, and other malicious activities of a criminal hacker, the PCs administrator, or just the dude that happened to use the computer before you. But many people increase their vulnerability simply by failing to log out.

A few months ago, my sister-in-law used my family’s PC, logging in to her Facebook account. After she left, I checked Facebook myself, and quickly realized I was still logged in to her account. To teach her a lesson, I changed her profile picture to something she didn’t appreciate. (Being my sister-in-law, she forgave me.)

This past weekend at a conference, a colleague borrowed my laptop to check his email. Four days later, after having turned the laptop on and off a half dozen times, I attempted to check my own email and found myself still logged in to his Gmail account. In this instance, I quickly logged out, since Gmail notifies users when their accounts are open at multiple IP addresses, and I wasn’t about to hack a colleague.

Web-based email services, social networking sites, and other websites that require login credentials generally provide an option to “Remember me,” “Keep me logged in,” or, “Save password,” and will do so indefinitely. This feature often works with cookies, or codes stored in temp files. Some operating systems also include an “auto-complete” feature, which remembers usernames and passwords.

I’m not entirely sure if my colleague left Gmail’s “Stay signed in” box checked, if Gmail left a cookie on my laptop, or if my operating system remembered him. Either way, he was hackable.

Protect yourself.

I may log in to a PC that is not mine once or twice a year. And when I do, I make sure I log out of any program I logged in to. On the rare occasion that I use someone else’s computer to log in to an account containing sensitive data, I make an effort to change the password. Generally, though, I lug around my own laptop wherever I go, and I use an iPhone.

Never check a “Remember me” box, and if it’s selected by default, remember to uncheck it.

If you get an auto-complete pop-up while logging in, read it carefully and be sure to click the “no” option.

Some PC administrators install password managers that prompt the user to save login credentials. If you are on someone else’s PC and get this kind of pop-up, read it carefully before just clicking buttons to dismiss the pop-up.

Most importantly, PLEASE, for heaven’s sake, LOG OUT. Do I need to repeat myself?

>> Check out NextAdvisor's Internet security software reviews.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with McAfee to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

• Tweet

Mortgage fraud and identity theft: like chocolate and peanut butter

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

You don't need to own a house to become a victim of mortgage fraud. Heck, you don't even need to be older than three to be a victim. As long as the thief has a Social Security number, they can apply for loans in your name.

Lexis-Nexis Mortgage Asset Research Institute in Chicago shows that "the incidence of fraud in 2009 increased 7 percentage points over 2008's levels. In 2008, fraud reports rose 26 percentage points from the previous year. The institute collects and provides data – suspicious-activities reports, or SARS – to subscribers, including mortgage lenders. If you want to compare numbers, there were 67,190 such reports collected in 2009, compared with 63,713 in 2008, and 46,717 in 2007. The 2009 increase was small, but officials say they believe a lot of scam artists are going high-tech."

Law enforcement activities surrounding mortgage fraud across the U.S. have resulted in the arrest of thousands, according to reports. The utility of Social Security numbers as a means to obtain credit fuels the pervasiveness of mortgage fraud.

Some of the most devastating instances of mortgage fraud involve identity theft. Consumers not only have to be leery of questionable mortgage lenders, but also of others who might buy a home in their name.

Data from the U.S. Treasury Department’s Financial Crimes Enforcement Network has revealed that instances of suspected mortgage fraud have risen by 1,000 percent over the past six to seven years, reported the article in thisisyourmoney.co.uk, which went on to say the FBI’s financial crimes section has seen an 800 percent increase in its case load since 2003.

The apparent spike in mortgage fraud reveals one more line of attack that thieves exploit to hijack the financial identities of consumers.

The results of a research investigation by the Federal Bureau of Investigation recently revealed an apparent, significant upward trend in the incidence of mortgage fraud. Furthermore, homeowners who have Home Equity Lines of Credit (HELOCs) are prime targets for financial fraud, suggested a related statement from the Identity Theft Assistance Center (ITAC).

The best way to combat the threat is to transform Social Security numbers into something useless to thieves, who use these universal identifiers to obtain financial identities. Social Security numbers’ de facto role as universal identifiers has fueled a massive increase in financial fraud—simply because these numbers allow criminals to assume others’ identities. Given the scope of financial fraud, which costs billions of dollars every year, consumers need a way to deprive thieves of the ability to gain access to someone else’s finances. They must implement measures that render those Social Security numbers useless to thieves.

>> Check out NextAdvisor's Identity Theft Protection reviews and comparisons

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with McAfee to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

• Tweet

Giving your credit card to a hotel? Watch your statements

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Personally, I don’t particularly enjoy staying in hotels. Sure, after a long day of travel, the hotel is a relief, but in most cases, I’d much rather sleep in my own bed. Criminal hackers, on the other hand, love hotels.

According to a recent study, 38% of all credit card breaches occur in hotels. Despite several high profile breaches that recently affected payment processors and banks, the financial services industry only accounts for 19% of breaches. Retailers came in third at 14%, and restaurants fourth at 13%.

Over the past five years or so, I’ve noticed a trend in which criminals go after the most likely targets, and those victims beef up their defenses in response. So the bad guys move on to the next most likely target – one that hasn’t learned from others’ mistakes.

Hotels are easy targets because they are all credit card-based. It is possible to reserve a room without providing a credit card number, but they don’t make it easy. And hotels themselves certainly aren’t fortresses designed to keep bad guys out. They’re designed to be open and inviting, with, at best, a bellman whose focus is assisting guests rather than guarding the front door. Maybe that mentality exists in hotels’ IT security departments, too.

The root of the issue is the hotel industry’s insufficient security measures to prevent data breaches. Many rely on older point of sale terminals and outdated operating systems, which are more vulnerable to hackers. When the recession hit, many hotels cut back and decided to hold off on upgrades. While their defenses were down, hackers slithered into their networks to steal guests’ personal financial data. Once thieves have accessed this data, they can clone cards with the stolen numbers and use them to make unauthorized charges.

As a consumer, your only recourse is to pay close attention to every single penny charged to your credit card, and dispute any fraudulent or incorrect transactions, no matter how small. Check your statements frequently and be sure to dispute all unauthorized charges within two billing cycles, or 60 days.

Canada and Mexico have adopted smart cards, which use “chip and PIN” technology, making the credit card data useless to potential identity thieves. Eventually we may see the adoption of smart cards in the U.S., which would put an end to this madness.

Identity theft protection can help foil identity thieves, when you're at home and on vacation.

Robert Siciliano, personal security adviser to Just Ask Gemalto, discusses hackers hacking hotels on CNBC. (Disclosures)

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with McAfee to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

• Tweet

Credit card data breaches cost big bucks

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Javelin Strategy & Research "estimates that credit and debit card issuers spent $252.7 million in 2009 replacing more than 70 million cards compromised by data breaches."

In 2009, "an estimated 39 million debit cards and 33.3 million credit cards were reissued due to data breaches, for a total of 72.2 million. An estimated 20% of those affected by the breaches had more than one card replaced." I had my MasterCard replaced twice.

Javelin's survey shows that "26%, or one out of four U.S. consumers received a data breach notification last year from a company or agency holding their personal data, including credit and debit card or checking account information."

What is very interesting is "of those notified (which is required by law in most states), 11.5% were victims of identity fraud compared with only 2.4% who weren’t notified."

I’ll say this again and then explain what I think this means. They say "a consumer who has been notified that his credit or debit card number was compromised is five times more likely to become a victim of identity fraud than a person who doesn’t get such a notice."

The report's reasoning behind this is that data breaches lead to fraud. Okay, yes, I’ll agree that data breaches do lead to fraud, and my belief is that the people who were notified simply took a closer look at their statements and recognized unauthorized charges. If they weren’t notified they are no less susceptible to fraud, they are just blissfully unaware they are paying for an identity thief's Las Vegas bender, and the fraud goes undetected.

DigitalTransactions explains, “Data breaches are one obvious pathway to fraud, but a breach alone doesn’t mean an affected consumer will become an identity-fraud victim. Banks often give free credit-report monitoring services to customers whose data may have been compromised.”

The flaw here is that credit monitoring only makes the consumer aware of new account fraud, when a Social Security number is used to open a new account. Credit monitoring has nothing to do with credit card fraud in which an existing account is compromised. Furthermore, in my experience credit monitoring is hardly ever provided when a credit card number has been compromised. Credit monitoring doesn’t help when an existing account is taken over.

“There’s a disconnect,” Javelin tells Digital Transactions News. He tells consumers to “pay attention to your credit reports after you’re notified, because you’re more vulnerable.”

Yes, it's true that if your Social Security number has been compromised, you are more vulnerable to fraud from a new unauthorized credit card taken out in your name. You are not more vulnerable to fraudulent charges on an existing credit card since your credit card number is not your social security number. Banks cancel compromised credit cards, so there shouldn't be any risk of account takeover there. And monitoring a credit report does nothing to prevent credit card takeover fraud.

The only way to combat credit card account takeover fraud is to pay close attention to credit card statements, while credit reports and credit monitoring are essential to prevent or detect new account fraud. Click here to read reviews of credit monitoring services.

I recommend checking your credit card and bank statements every day, or at least once a week, from a secure PC.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with McAfee to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Robert Siciliano, personal security and identity theft expert adviser to Just Ask Gemalto, discusses credit and debit card fraud on MSNBC. (Disclosures)

• Tweet

Replacing stolen passports and credit cards

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Travel season is upon us. Summertime is all about exploring new and exciting places. It’s the season of planes, trains, automobiles and… criminals. When you are out of your element and unsure of your surroundings, you are at a higher degree of risk. Travelers need to be on high alert for property crimes and identity theft.

Years ago, before my wife was my wife, she was traveling in Spain. She got off the plane, headed for the rental car terminal, rented her car, and drove off the lot. At the first stop sign, a man knocked on her passenger window and pointed, saying, “Tire, tire.” She put the car in park and walked over to the passenger side. The tire was fine and the man was gone. So she got back in the car and found that her purse had disappeared from the front seat. Her driver’s license, passport, cash, and credit cards were all gone. What a nightmare! When she went to the police, they asked, “Were you a victim of the flat tire scam?"

You’d think the rental car agency could have warned her. But the lesson here is that you cannot rely on others to protect you. You are ultimately responsible for your personal security.

Fortunately, she is a resourceful person and was able to handle the crisis quickly and efficiently. If your passport is ever lost or stolen in a foreign country, you can apply for an emergency replacement at the nearest embassy. Generally you'll need to show up in person, and it helps to have a traveling companion to vouch for you. The embassy will need to see some type of verification of your identity, and they'll likely request a copy of the police report.

When traveling, consider carrying your essential documents in a money belt or one that hangs from a lanyard around your neck, hidden under your shirt. You should always carry photocopies of your identification, but they won't do you any good if they're stored in the same purse that was just snatched from your rental car. One smart option is to scan all your pertinent documents in full color and upload them to a secure web-based encrypted digital vault. Some of these services are free, while others charge a small fee. In a pinch, you can download the necessary document from any computer with Internet access, and print a new copy.

For more information on coping with a lost or stolen password, see this list of frequently asked questions.

A lost or stolen credit card requires a different course of action, and its effectiveness largely depends on your preparation. Before traveling, call your card issuer and inquire about their policy for replacing a card. Pack a copy of your credit card that includes the front and back impression. If your credit card is lost or stolen, call the issuer and cancel the card as quickly as possible to mitigate any losses. In the best case scenario, the company should issue a replacement card and ship it overnight at no charge. Most card issuers will accommodate you, and if you find out ahead of time they won’t, find another card issuer.

In an emergency, you can always ask a friend or family member to wire you money. When a U.S. citizen encounters an emergency financial situation abroad, the Department of State’s Office of Overseas Citizens Services (OCS) can establish a trust account in the citizen's name to forward funds overseas. Upon receipt of funds, OCS will transfer the money to the appropriate U.S. embassy or consulate for disbursement to the recipient. The State Department's travel website offers more details on emergency money transfers.

And always be sure to carry some spare cash. Tuck it in that money belt so even if your purse or wallet is stolen, you'll be in good shape.

You can protect yourself at home an abroad by investing in identity theft protection. That way, if your documents go missing you can limit the potential damage the criminal can do to your credit and reputation.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with McAfee to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Robert Siciliano, personal security and identity theft expert adviser to Just Ask Gemalto, discusses travel security on Fox News. (Disclosures)

• Tweet

Watching out for criminal hacks

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

We use the web to search out tons of information, to shop online and to connect with friends and family. And in the process criminals are trying to whack us over the head and steal from us. And they’ve become very proficient at their craft while most computer users know enough about protecting themselves today as they did 15 years ago. Which equates to not so much.

Back in the day, a person only had to know not to open a file in an attachment from someone they didn’t know. Maybe even not opening one from someone they did know and making a phone call first. Today there are more ways than ever that your PC can be hijacked.

Today you can simply visit a website thinking you are safe and the bad guy was there before you and injected code on the site and now it infects your out-dated browser. That’s a “drive by” and it’s very common today. Here is a list of likely attacks occurring every day.

Fundamentals:

Update your browser. Internet Explorer and Firefox are the most exploited browsers. Whenever there is an update to these browsers take advantage of it. Keep the default settings and don’t go to the bowels of the web where a virus is most likely to be. Consider the Google Chrome browser as it’s currently less of a target.

Update your operating system. No matter what brand of computer you are on you have to update the critical security patches for your Windows operating system. Microsoft will no longer support Windows XP after 2014, so start thinking about upgrading to Windows 7 (which is pretty sweet). Go to Windows Update. Why anyone would keep XP running unless they have to is a mystery to me. It’s a dog who has been kicked too many times.

Update Adobe Reader and Flash. Adobe PDFs and Flash Player are ubiquitous on almost every PC. Which makes them a prime target for criminals. To update Reader go to "Help" then "Check for Updates." To update Flash go here.

Don’t be suckered into scareware. Here's the typical scenario: a popup launches and it looks like a window on your PC. Next thing a scan begins. The scan tells you that a virus has infected your PC. And for $49.95 you can download software that magically appears just in time to save the day. Don't believe it. Studies show that organized criminals are earning $10,000.00 a day from scareware. That’s approximately 200 people a day getting nabbed. Some “distributors” have been estimated to make as much as $5 million a year. Just shut down your browser and do a scan with your existing anti-virus. Then update your browser because it’s probably outdated, which is why you saw scareware in the first place.

Beware of social media scams. Numerous Twitter (and Facebook) accounts including those of President Obama, Britney Spears, Fox News and others were taken over and used to ridicule, harass, or commit fraud. Often these hacks may occur via phishing emails. Worms infiltrated Twitter, requesting that users click on links that infected their accounts and then multiplied the message from follower to follower.

Invest in social media protection @ Knowem.com. Protect your computer with Internet security software.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

• Tweet

Facebooks New (and only) Security Feature

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

So maybe you used a public PC to log into your Facebook account and you hit a button that saved your login credentials. Or maybe you received an email from what you thought was Facebook and you plugged in your username and password and got phished. Now someone other than you has your account information and they are logging in to torture you or steal information from your friends.

Wouldn’t it be nice to have a degree of control over that?

Facebook just introduced a security setting that sends you an email telling you someone has just logged into your account.

The feature doesn’t protect you from being stupid and giving your credentials away, but it does give you an opportunity to log into your account and change the password and thereby block the bad guy from getting back in. But the bad guy can change your log in information too. All they have to do is change your email address. Once they do they receive an email at the new address and hit a confirm link. At the same time you will also get an email to the original login email gving you the opportunity to dispute the new account number. So if this ever happens, act quickly.

To set up and enable notifications

1. Go to “Account” upper right hand corner

2. In the drop down menu go to “Account Settings”

3. In the main menu go to “Account Security”

4. Click “Yes” next to “Would you like to receive notifications from new devices”

5. The same can be done with text messages if you have your mobile plugged into Facebook. But don’t have your mobile displayed on your page publically.

6. Log out then log back in and it will ask you to identify the computer.

I did this on 2 PCs and a phone. It didn’t ask me to identify the phone, but it did send me an email:

“Your Facebook account was accessed using Facebook (Today at 8:36am).

If this happened without your permission, please change your password immediately.

If this was an authorized login, please ignore this email.

To change your password:

1. Log in to your Facebook account.
2. Click the Account tab at the top of the screen and select "Account Settings" from the drop-down menu.
3. Scroll to the Password section of the Account Settings page.
4. Click the "change" link on the right and follow the instructions.

Thanks,
The Facebook Team”

Hey Facebook, after 400 million users you are just getting around to this? It’s a start.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

• Tweet

Top 10 jobs for criminal hackers

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

So you wanna go to the dark side? You’ve been hearing all about this hacking thing and you’d like to impress your girlfriend and show her how you can hack into corporate databases, eh? Well, chances are better than ever that you’ll get caught. Law enforcement is actually getting pretty good at finding the bad guy. In the meantime, the FBI posted the top jobs in computer crime and the bad guys are hiring.

They need:

1. Programmers: They are the dudes that write the actual viruses that end up on your PC because you were surfing porn or downloading pirated software off of torrents.

2. Carders: The most visible of criminals who distribute and sell stolen data to whoever is willing to take it and burn it onto a white card or make purchases over the internet.

3. IT Dudes: These are like any computer professionals who maintain all the hardware to keep the operation running as it should.

4. Criminal Hackers: These are the tech savvy penetration testers who aren’t legitimate penn testers but black hat hackers. They look for vulnerabilities in networks and plant code to exploit the users.

5. Social Engineers: These are the scammers and liars that think up all the different scams and communicate with people via phishing emails.

6. Hosted Systems Providers: are often unethical businesses that provide servers for the bad guy to do his dirty work.

7. Cashiers: Provide bank accounts where criminals can hide money.

8. Money Mules: These may be unsuspecting Americans who act as shipping managers and do the dirty work for the bad guy and open bank accounts too. Sometimes the mule may be foreign and travel to the US specifically to open bank accounts.

9. Tellers: Help transfer and launder money through digital currency’s such as e-gold.

10. Bosses: These are the Mafia Dons. They run the show, bring together talent, manage, delegate, tell people what to do and maybe cut off a head or two.

If this whole writing, speaking and consulting thing doesn’t pan out I know who is hiring.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

• Tweet