New iPhone Setting Stops Apps & Ads from Stalking You (App Tracking Transparency)

Apple App Tracking Transparency is Finally Here!

With the release of iOS 14.5, Apple has given us the most powerful privacy tool for users in many years – it’s called App Tracking Transparency (ATT). The update also includes a lot of features that have Apple product users very excited, like new Siri voices and being able to open your iPhone with Face ID even when wearing a mask—IF AND ONLY IF you have an Apple watch.

But as a privacy advocate, the element that matters the most to me is the App Tracking Transparency (ATT) feature. This means that apps like Facebook, Instagram and Google will no longer be able to track or gather your surfing habits on other apps or websites without getting your permission. For example, if you worked out on the Peloton app this morning, Facebook can buy that information and advertise exercise clothing to you based on your exercise type, size, weight, etc.

This is a serious blow to Facebook and other “free” services that depend on gathering your intimate personal and behavioral data to sell to their advertising clients. Of course, these services have never actually been free, as we have always been paying by giving them our information.

Specifically, the update changes the Identifier for Advertisers (IDFA), which is a unique random number assigned to each iPhone and allows advertisers and developers to track user behavior on that device. This includes not only app usage but also web browsing behavior that is often used to target advertisements to your psychographic profile. Apple says this change will provide transparency and give users an easier way to choose if their data is tracked.

Needless to say, Facebook, Google, and other big tech firms are not happy with the change. Facebook was so upset they placed a full-page ad in The New York Times in December claiming that the change would negatively affect small businesses who will see a drop of over 60% in sales. Facebook was unable to substantiate that claim, but their claim that it will force developers to enable in-app purchases or force subscriptions to make up for lost revenue is most likely true.

What will this look like for you as a consumer?

Basically, whenever you open any app that wants to access the IDFA, you will see a pop-up notification that asks for permission to track you across apps and websites by other companies and you’ll be able to opt in to allow tracking or not by choosing between “Allow Tracking” or “Ask App Not To Track.” Opting into data collection rather than having to opt out finally catches up with data privacy regulations such as the EU’s GDPR. It will be required by all software makers within a few months of the release.

So it comes down to a question of are you willing to pay for the extras provided by apps in order to have a little bit more privacy?

John Sileo is a privacy keynote speaker, award-winning author and media personality as seen all over TV. He keynotes conferences virtually and in person around the world. John is the CEO of The Sileo Group, a business think tank based in Colorado.

Don’t Get Juice Jacked at the Airport

Do you know those USB phone charging stations at the airport? Did you realize that they can be hijacked by hackers wanting to install malware on your device? Here’s how to stop them.

Want to know more about John’s video series and how you can use them in your client or employee communication? Give us a call at 303-777-3221

Don’t Let Data Thieves Spoil Your Vacation

Nothing… spoils a hard-earned vacation, or a critical business trip faster than fraud. Hotel theft, ATM skimming, pick pockets. Do you want to know how to be the safest, most relaxed traveler on the tour? Here are a handful of tips to protect yourself, and more importantly, to give you the peace of mind you deserve during your time away.

I’m John Sileo, and this is Sileo on Security onsite in Las Vegas, THE FINEST place in America to lose your money. But you should be able to choose how you lose it. Listen, you don’t want to spend your trip worrying about your laptop being stolen out of the hotel room, your debit card being skimmed by a dishonest waiter or by having your bank login intercepted over a free wifi hotspot. When we travel, we pack our wallet and gadgets to the gills, and in turn, our data is at risk. Identity thieves take advantage of how distracted we are getting on and off planes, in and out of cabs, and back and forth to the café for our coffee. So, here are the first few steps you need to take, whether you’re a road warrior or beach bum, to protect your assets.

This is going to sound old school, but pack some cash! Seriously, you have less overall exposure when you pay with cash or travelers checks and leave your credit card for when you run out of money. Hide your debit card in a zippered pocket or bag until you absolutely need it. When you do need it, make sure there isn’t a skimming device attached to the ATM by wiggling anything that sticks out of the machine. Look behind you for shoulder surfers capturing your PIN number on their cell phone camera and always shield your PIN from the telephoto lens on the grassy knoll behind you. And as I learned from my parents, never allow the friendly Frenchman at the ATM to help you with your ATM transaction.  It’s probably fraud.

Next. Cell phones, tablets and laptops can disappear so easily while on a trip, so either keep them with you, or in the safe in your hotel room. Now, someone working in that hotel has the code to that safe, so for additional protection, put the privacy sign on the door, call house keeping and tell them you don’t need service that day and keep all the good bits with you. If you can, leave the laptop at home, travel only with your smartphone and keep it in your front pocket protected by a passcode that’s not your kid’s birthdate!

Finally, I  recommend that you never use the hotel computers, or any public computer for that matter, including checking in for a flight. These computers often have key logging software that captures all of your information and sends it off to criminals, including the password to your mileage account. Whatever you do, don’t type anything sensitive, or log into your bank or your email account on a public computer. Instead, use technology to your advantage – check in on your smartphone with an airline app and get a digital boarding pass. It’s encrypted and way safer. Your smartphone, if well-protected, is your greatest tool on the road. By the way, those free WiFi hotspots are highly attractive places for thieves to eavesdrop and track your online activity. Stay away from them and surf on your smartphone data plan.

Here’s your One Minute Mission.  If you are getting ready to travel, especially if you are going overseas, I want you to call your mobile phone provider, boost your data plan and your international calling access.  This will increase your bill for the time that you are traveling, but it’s a heck of a lot cheaper than the fraud that comes from computing on someone else’s network.  That’s a small price to pay for the peace of mind that comes from staying in touch.

I hope you’ll take these easy tips, enjoy your upcoming trips and join me again for Sileo on Security.

Is Your Free Wi-Fi Hotspot Being Hacked?

Don’t you just love the convenience of free Wi-Fi hotspots? You can access your bank account, send emails, browse in a store and then buy it online for half price. Unfortunately, they’re called Hotspots because they attract hackers who want to BURN you by intercepting everything you send over these totally insecure networks. Free Wi-Fi is like using a bullhorn to have a private conversation. I’m going to show you three ways to Wi-Fi without the worries.

I’m John Sileo, and this is Sileo on Security. Free Wi-Fi is everywhere, and most of us are totally addicted to it because it gives us a faster connection and saves on our data plans. By joining free Wi-Fi hotspots, you enable hackers to “sniff” everything you send between your device and the Internet. We call these man-in-the-middle attacks because they are hijacking your data before it leaves the building.

Here are three simple ways to keep criminals out of your private computing:

First, Learn to Recognize Evil Twins! An Evil Twin is a malicious hotspot masquerading as the real thing. Data thieves name their evil twin something very close to the legitimate hotspot to lure unsuspecting surfers and then they run sniffing software that records everything sent, including usernames, passwords and account numbers. The only way to spot an evil twin is to ask the hotspot provider which network is the real one. Hotspots that require a username and password are even more secure and make it much harder to hack.

Second, Look for HTTPS in the address bar! If you HAVE to use free Wi-Fi and you’re sending something sensitive, check to make sure you’re surfing on an encrypted https:// connection. The “s” stands for Secure and encrypted means no one but you and the legitimate recipient can read it as it travels from point A to point B.

Finally, here’s the most powerful solution – Surf Using Your Smartphone. Cellular data connections are encrypted, making it exceptionally hard for a hacker to get in the middle of your transmission. Most of us pay for data by the gigabyte, which means you have to be wise about how you use your data plan. I wouldn’t recommend streaming Titanic over a cellular connection but I’d definitely use it to bank, buy online and email. If you need to go online from a larger device like a laptop or iPad, call your mobile phone company and ask about tethering. Creating personal Wi-Fi hotspots like this costs about $15 per month + data charges, but it’s a lot cheaper than having a cyber criminal cash out your investments because you surfed using an insecure connection.

Here’s your One Minute Mission: Call your cellular provider and ask them how much of your data package you use every month. If you’re maxing it out, upgrade your data plan, but only if you can afford it. Once you have some excess data, go into your settings, turn off Wi-Fi access and use your data plan whenever possible. If you’re streaming a movie temporarily turn Wi-Fi back on.

The next time you’re tempted to logon to a free Wi-Fi hotspot, ask yourself if what you’re about to send could be said over a bull horn in a public place. If not, take the steps we’ve talked about to keep your information private. Thanks for watching and I hope you’ll join me again for Sileo on Security.

Don’t Get Hooked by Phishing Scams

Have you ever wondered how cyber criminals install malware on your computer?  I’m going to show you and give you three tips to keep it from happening to you.  I’m John Sileo and this is Sileo on Security.

This particular hacking technique is called Phishing, and it’s where Cybercriminals send you fake emails that look like they’re from a legitimate business – your bank, PayPal or even a recently breached company like Anthem or Target.

Phishing has gotten a whole lot better over the years.  You can’t tell it from spelling mistakes, grammar, bad logos.  It’s much more exact; the emails look exactly like the legitimate emails. And phishing has morphed into spearfishing.  This is where criminals know a little something about you, maybe from a previous breach and they can highly target you for these really malicious attacks.

So here are three quick tips to keep phishing from infecting your computer and stealing your data.

  1. First of all, I want you to mistrust every link in an email unless you know who it is coming from and you were expecting that link.  Often times they’re collecting your personal information when you click on that link or downloading malware onto your system.  A lot of times there will be a link in the email that looks almost exactly like the legitimate link. So if the link takes you to a place where it’s asking for your money or for your information, just ignore it.
  2. The next thing you can do if you’re suspicious about a link in an email is type the URL directly into the address bar of your browser to make sure it takes you to the legitimate website.  This will keep you from landing on a phishing website where they’re going to try to siphon off your data or cash.
  3. Finally, I want to show you the hover technique.  This is an incredibly powerful way to see if you’re going to the real site or the site of the cyber criminals.   So in your email I want you to hover over the link and it’s going to pop up a window that shows you exactly where you’re actually going to.  When you look more closely at that link it looks like you’re going to the right place, but if you read from right to left instead of left to right (from the slash backward to the .ru or the .com) and your expectation of where you think you’re going doesn’t match where you’re actually going, that’s the first signal that you’re going to a malicious website.  It’s really important to know that when you hover over that link in that email it’s not going to pop up that window immediately.  You need to be patient and wait for it to bring that up.  Don’t click on the link in the meantime and it will show you if you’re going to the good website or the bad.

Here’s your One Minute Mission.  Head to your spam folder; it is full of phishing emails. I want you to hover over some of those links and I want you to start to detect the difference between the good ones and the bad ones.  By practicing the hover technique now you are getting in the habit of detecting those phishing emails when they don’t get caught by your spam software.

With these three tips, you have some basic knowledge of how hackers use emails to steal your private information.

For Sileo On Security, I’m John Sileo.  We’ll see you next time.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

 

 

Is Your Fitness Tracker Sharing Your Vital Statistics?

 

I’m out here in Vancouver. I just took a run and it reminded me of a question that someone asked me in one of my speeches this morning, which is: Are those fitness tracking devices sacrificing our privacy? I’m going to tell you whether or not they are and how to stop it if you hang on for just a second.

I’m John Sileo and this is Sileo on Security. The great rage right now is fitness or health tracking devices, the Fitbits, the Garmins, even the Apple watches that we wear to track everything that we do.  It could be the mileage we go, the steps we take, the elevation we gain, our pulse, our heartbeat. Are we in good shape or bad shape? It tracks that data and syncs it from the device to an app on our phone or on our computer and then it aggregates that data.

The big question that people have is:   Is this being tracked? Is this incredibly vital health information being sold to other companies? Is it being sold to insurance companies who want to know if I’m healthy or not and may want to raise or lower my rates based on that. Is it being sold to marketers who want to know if I’m overweight or underweight, or if I like fitness of a certain type?  These devices track intensely personal stuff, so you’ve got to know what you’re doing. I want you to look at three different factors.

Number one: the hardware. It’s different if you have a Garmin or a Fitbit or an Apple Watch. They all have different policies on how they share information. You need to know by device.

Next, you need to take a look at the apps that are collecting the data. Are you using the Fitbit app that comes along natively with the Fitbit device?  Because that is different than if you’re using an app all by itself that you got on the App Store. You need to go through and read that privacy and data policy for the specific app to see how they’re sharing your intimate information.

Third, you need to consider not syncing that device to an actual app. Just track it on the device.  Then it never gets back into the cloud and never gets back to those companies at all. It’s certainly not as functional, but it is one option.

Here’s your One Minute Mission. I want you to Google the name of your device (“Fitbit”, for example) and enter the words “privacy policy” or “security” and I want you to research what others are saying about it in any current article. The reason is that these companies change their privacy and security policies all the time. They start with really good privacy policies and then they migrate to something less and less private.

Listen, I love these devices. I love the fact that they keep us fit and healthy. I love that they keep us competing with our friends and family to have a healthy lifestyle, but you can’t operate them without knowing what you’re doing, without knowing what information you’re giving away. Take a few minutes to take these steps and then go out and get healthy and use these devices. For Sileo on Security, I’ll see you on the next episode.

 

Securing the Smartphone Supercomputer in Your Pocket


What do you call this thing? A phone, right? That’s exactly where all the trouble starts.

When we call it a phone, we treat it like a phone. This is a phone. And this. Phone. Phone. Phone. Even this is a phone. But this? This is a teeny tiny super computer that just happens to make phone calls.  

On average, you use your smartphone to make calls only 20% of the time. The rest of the time you’re doing what? You’re Computing! Emailing, working, surfing antique Hummel auctions for your Grandma Thada. That is actually my Grandma Thada.  

Since it’s a computer, treat it with the same love you give your laptop. Here’s how to get started. First, if you don’t already have a passcode turned on, TURN IT ON! You shouldn’t be texting and driving anyway!

Second, instead of using an easily hackable four-digit passcode, make it long and strong. Here’s the best combination: Make it 6 or more characters for security’s sake and then turn on Touch ID to make it super convenient to actually use. Biometrics aren’t 100% secure, but they are way better than a four-digit passcode!

Third, make possession an obsession. Don’t leave your smartphone alone, even while you get a refill. With control of the email account on this little portable ATM, a criminal can do a bank-account-password-reset-savings-account-balance-transfer-to-Eastern-Europe faster than it took me to just say that.

Here’s your One Minute Mission: I want you to call your mobile provider and ask them to put a call-in password on your account. That way, if a hacker gets ahold of your mobile computer and calls your provider to take over the account, their call… doesn’t… connect. But make sure you share the password with your spouse so they don’t feel like the criminal. So you need a device passcode and a call-in passcode: These are two steps that will take you two minutes and make you ten times as safe.  

For Sileo On Security, always remember to treat this like a computer. Grandma Thada would be proud.

Are You a Victim of Credit ID Theft & Don’t Know it?


Here’s something you might not know. Twenty-five percent of you have already been victims of identity theft and you don’t know it. I’m going to show you how you can tell if you have or not. Stick around.

I’m John Sileo and this is Sileo on Security. If you haven’t already checked your credit report, you have to do it. Your credit is a compilation of your loans, credit cards, bank accounts… everything that determines how much buying power you have, how much credit you can borrow. So it’s totally imperative that you keep your credit profile clean because you want to be able to do things like take out a bank loan or take out a home loan and you don’t want identity thieves destroying your credit score.

There’s a super simple way to do this.  It’s called AnnualCreditReport.com.  It shows you your credit profiles from the three credit reporting bureaus: Equifax, Experian and TransUnion. So when you first go to AnnualCreditReport.com, they’re going to take you to a form and ask for all kinds of personal information. I don’t want you to be freaked out. They already have this information on you; they’re just they’re just verifying that it’s actually you filling out the form. People ask me all the time, “Is it safe giving them this information?” If your computer is well-protected and you’re on a safe Internet connection, you’re going to be just fine.

So here’s your One Minute Mission. I want you to go to annualcreditreport.com and I want you to apply for one of the three credit reports. Not all three of them, just the Equifax report. And then in three or four more months I want you to go back and do the same thing on the Experian report.  And three or four months after that I want you to do it with TransUnion. This way you are cycling the reports and you’re looking at your credit every couple of months. That keeps you safe year after year.

You know, monitoring your credit isn’t just about securing it against identity theft. It’s about making sure that your financial buying power is intact. For Sileo on Security, I’m John Sileo. We’ll see you next time.

 

3 Secrets of Hack-Proof Passwords


All right be honest with me. You’re still creating passwords on your online accounts that use your dog’s name or your kids’ birthdates or your high school sweetheart. You know better, but you still do it. Well, there’s an easy way to create simple passwords that are easy to remember and I’m going to show you how.

I’m John Sileo and this is Sileo on Security.  Most bank, investment, email and Facebook accounts get hacked because of weak passwords. These criminals have software that will try a million different combinations a second to guess your password. It’s called a brute force attack and the way to prevent it is to take these three steps to protect and build strong passwords.

First of all, your passwords need to be long. I’d recommend they’re at least 15 characters. Second, they need to be strong. That means that you need to use numbers and letters and characters and even spaces to make them harder to guess. And finally, the most important step of all is it’s got to be memorable. That’s our problem. We have so many passwords across so many sites. We need to make them simple so we can remember them.

So here’s the technique you can use. Associate the name of, for example, a bank with your password. If you bank at Wells Fargo, maybe it’s a line from an Orson Welles movie. Maybe it’s ro5ebud_ThE_sleD. Or maybe it’s something from Fargo, maybe something about a wood chipper. The crazier that it is the easier it will be for you to remember.

So in this episode I want to simplify the One Minute Mission. I want you to simply go change your passwords on all of your financial sites. Not on every website, that will be the next step, but just on your financial websites. I want you to make them long and strong and something that you can remember. If you want to take it even one step further, research password protection software, which we’re going to talk about in a future episode. But for right now I just want you to go and create those long, strong and memorable passwords for your financial websites.  We’ll see you back here next time on Sileo on Security.

 

 

Threat Alert: Ransomware Becoming Rampant

 

One of the very greatest threats you face in terms of cyber crime is something called ransomware. It’s a type of cyber blackmail that is rampant. I’m going to take a few minutes and show you how to keep yourself from becoming a victim.

Hi, I’m John Sileo and this is Sileo on Security. I’m here at a conference in Florida where everybody wanted to know about ransomware. Here’s what it is. It’s a type of malware, it’s a virus that gets on your system, often times because you click on a link you shouldn’t. It infects your system, it freezes it up with encryption, it locks it down so that you can’t get to your photos, your tax files, your documents. You can’t get to any of that until you pay the ransom. Believe it or not, about 90% of people end up paying the ransom in order to unlock those files because they haven’t taken the preventative steps that I’m going to give you right now.

Number one. Never click on a link in an email if you don’t know exactly where it’s coming from, who sent it or where it’s taking you to. That’s how most of this malware, this ransomware malware, gets installed on your computer. You can also hover over the link to see if it’s going where it’s supposed to be going.

Number two. You need to have an offsite backup like in the cloud or elsewhere that is well-protected that happens daily on your data. That way, if ransomware is installed on your system, you have a copy from which to restore your good data. You have the ransomware cleaned off before it enacts and you’re back up and running.

Finally, the option I like the least is paying the ransom. That just encourages this problem to go on and on, but sometimes you have no choice. I see a lot of businesses and a lot of individuals who will pay the $2,000 or $3,000 because they want those photos back, they want those tax records, whatever it is that has been locked up. When you pay it, just know you’re setting yourself up to be a victim again because now they know that you’re going to pay that ransom.

So here’s your One Minute Mission. I want you, if you don’t already have it, to go and set up an offsite backup of your information. You can use sites like SOS Back Up or Carbonite as long as it’s encrypted and protects your data, you’re better to have a copy up in the cloud well-protected, than to have no copy at all to restore from. So I want you to go research it, find a good backup company off-site, and right now, get your system back up.  This protects you not only from ransomware, but if your software ever goes down in another way.

When you have taken this step of backing up all of your systems on an off-site backup, I want you to call the person who subscribed to Sileo on Security for you and I want you to thank them because they are making you safer and your valuable data much more secure.  For Sileo on Security, I’m John Sileo.  We’ll see you next time for another great tip.