New iPhone Setting Stops Apps & Ads from Stalking You (App Tracking Transparency)

Apple App Tracking Transparency is Finally Here!

With the release of iOS 14.5, Apple has given us the most powerful privacy tool for users in many years – it’s called App Tracking Transparency (ATT). The update also includes a lot of features that have Apple product users very excited, like new Siri voices and being able to open your iPhone with Face ID even when wearing a mask—IF AND ONLY IF you have an Apple watch.

But as a privacy advocate, the element that matters the most to me is the App Tracking Transparency (ATT) feature. This means that apps like Facebook, Instagram and Google will no longer be able to track or gather your surfing habits on other apps or websites without getting your permission. For example, if you worked out on the Peloton app this morning, Facebook can buy that information and advertise exercise clothing to you based on your exercise type, size, weight, etc.

This is a serious blow to Facebook and other “free” services that depend on gathering your intimate personal and behavioral data to sell to their advertising clients. Of course, these services have never actually been free, as we have always been paying by giving them our information.

Specifically, the update changes the Identifier for Advertisers (IDFA), which is a unique random number assigned to each iPhone and allows advertisers and developers to track user behavior on that device. This includes not only app usage but also web browsing behavior that is often used to target advertisements to your psychographic profile. Apple says this change will provide transparency and give users an easier way to choose if their data is tracked.

Needless to say, Facebook, Google, and other big tech firms are not happy with the change. Facebook was so upset they placed a full-page ad in The New York Times in December claiming that the change would negatively affect small businesses who will see a drop of over 60% in sales. Facebook was unable to substantiate that claim, but their claim that it will force developers to enable in-app purchases or force subscriptions to make up for lost revenue is most likely true.

What will this look like for you as a consumer?

Basically, whenever you open any app that wants to access the IDFA, you will see a pop-up notification that asks for permission to track you across apps and websites by other companies and you’ll be able to opt in to allow tracking or not by choosing between “Allow Tracking” or “Ask App Not To Track.” Opting into data collection rather than having to opt out finally catches up with data privacy regulations such as the EU’s GDPR. It will be required by all software makers within a few months of the release.

So it comes down to a question of are you willing to pay for the extras provided by apps in order to have a little bit more privacy?

John Sileo is a privacy keynote speaker, award-winning author and media personality as seen all over TV. He keynotes conferences virtually and in person around the world. John is the CEO of The Sileo Group, a business think tank based in Colorado.

Don’t Get Juice Jacked at the Airport

Do you know those USB phone charging stations at the airport? Did you realize that they can be hijacked by hackers wanting to install malware on your device? Here’s how to stop them.

Want to know more about John’s video series and how you can use them in your client or employee communication? Give us a call at 303-777-3221

Don’t Let Data Thieves Spoil Your Vacation

Nothing… spoils a hard-earned vacation, or a critical business trip faster than fraud. Hotel theft, ATM skimming, pick pockets. Do you want to know how to be the safest, most relaxed traveler on the tour? Here are a handful of tips to protect yourself, and more importantly, to give you the peace of mind you deserve during your time away.

I’m John Sileo, and this is Sileo on Security onsite in Las Vegas, THE FINEST place in America to lose your money. But you should be able to choose how you lose it. Listen, you don’t want to spend your trip worrying about your laptop being stolen out of the hotel room, your debit card being skimmed by a dishonest waiter or by having your bank login intercepted over a free wifi hotspot. When we travel, we pack our wallet and gadgets to the gills, and in turn, our data is at risk. Identity thieves take advantage of how distracted we are getting on and off planes, in and out of cabs, and back and forth to the café for our coffee. So, here are the first few steps you need to take, whether you’re a road warrior or beach bum, to protect your assets.

This is going to sound old school, but pack some cash! Seriously, you have less overall exposure when you pay with cash or travelers checks and leave your credit card for when you run out of money. Hide your debit card in a zippered pocket or bag until you absolutely need it. When you do need it, make sure there isn’t a skimming device attached to the ATM by wiggling anything that sticks out of the machine. Look behind you for shoulder surfers capturing your PIN number on their cell phone camera and always shield your PIN from the telephoto lens on the grassy knoll behind you. And as I learned from my parents, never allow the friendly Frenchman at the ATM to help you with your ATM transaction.  It’s probably fraud.

Next. Cell phones, tablets and laptops can disappear so easily while on a trip, so either keep them with you, or in the safe in your hotel room. Now, someone working in that hotel has the code to that safe, so for additional protection, put the privacy sign on the door, call house keeping and tell them you don’t need service that day and keep all the good bits with you. If you can, leave the laptop at home, travel only with your smartphone and keep it in your front pocket protected by a passcode that’s not your kid’s birthdate!

Finally, I  recommend that you never use the hotel computers, or any public computer for that matter, including checking in for a flight. These computers often have key logging software that captures all of your information and sends it off to criminals, including the password to your mileage account. Whatever you do, don’t type anything sensitive, or log into your bank or your email account on a public computer. Instead, use technology to your advantage – check in on your smartphone with an airline app and get a digital boarding pass. It’s encrypted and way safer. Your smartphone, if well-protected, is your greatest tool on the road. By the way, those free WiFi hotspots are highly attractive places for thieves to eavesdrop and track your online activity. Stay away from them and surf on your smartphone data plan.

Here’s your One Minute Mission.  If you are getting ready to travel, especially if you are going overseas, I want you to call your mobile phone provider, boost your data plan and your international calling access.  This will increase your bill for the time that you are traveling, but it’s a heck of a lot cheaper than the fraud that comes from computing on someone else’s network.  That’s a small price to pay for the peace of mind that comes from staying in touch.

I hope you’ll take these easy tips, enjoy your upcoming trips and join me again for Sileo on Security.

Is Your Free Wi-Fi Hotspot Being Hacked?

Don’t you just love the convenience of free Wi-Fi hotspots? You can access your bank account, send emails, browse in a store and then buy it online for half price. Unfortunately, they’re called Hotspots because they attract hackers who want to BURN you by intercepting everything you send over these totally insecure networks. Free Wi-Fi is like using a bullhorn to have a private conversation. I’m going to show you three ways to Wi-Fi without the worries.

I’m John Sileo, and this is Sileo on Security. Free Wi-Fi is everywhere, and most of us are totally addicted to it because it gives us a faster connection and saves on our data plans. By joining free Wi-Fi hotspots, you enable hackers to “sniff” everything you send between your device and the Internet. We call these man-in-the-middle attacks because they are hijacking your data before it leaves the building.

Here are three simple ways to keep criminals out of your private computing:

First, Learn to Recognize Evil Twins! An Evil Twin is a malicious hotspot masquerading as the real thing. Data thieves name their evil twin something very close to the legitimate hotspot to lure unsuspecting surfers and then they run sniffing software that records everything sent, including usernames, passwords and account numbers. The only way to spot an evil twin is to ask the hotspot provider which network is the real one. Hotspots that require a username and password are even more secure and make it much harder to hack.

Second, Look for HTTPS in the address bar! If you HAVE to use free Wi-Fi and you’re sending something sensitive, check to make sure you’re surfing on an encrypted https:// connection. The “s” stands for Secure and encrypted means no one but you and the legitimate recipient can read it as it travels from point A to point B.

Finally, here’s the most powerful solution – Surf Using Your Smartphone. Cellular data connections are encrypted, making it exceptionally hard for a hacker to get in the middle of your transmission. Most of us pay for data by the gigabyte, which means you have to be wise about how you use your data plan. I wouldn’t recommend streaming Titanic over a cellular connection but I’d definitely use it to bank, buy online and email. If you need to go online from a larger device like a laptop or iPad, call your mobile phone company and ask about tethering. Creating personal Wi-Fi hotspots like this costs about $15 per month + data charges, but it’s a lot cheaper than having a cyber criminal cash out your investments because you surfed using an insecure connection.

Here’s your One Minute Mission: Call your cellular provider and ask them how much of your data package you use every month. If you’re maxing it out, upgrade your data plan, but only if you can afford it. Once you have some excess data, go into your settings, turn off Wi-Fi access and use your data plan whenever possible. If you’re streaming a movie temporarily turn Wi-Fi back on.

The next time you’re tempted to logon to a free Wi-Fi hotspot, ask yourself if what you’re about to send could be said over a bull horn in a public place. If not, take the steps we’ve talked about to keep your information private. Thanks for watching and I hope you’ll join me again for Sileo on Security.

Don’t Get Hooked by Phishing Scams

Have you ever wondered how cyber criminals install malware on your computer?  I’m going to show you and give you three tips to keep it from happening to you.  I’m John Sileo and this is Sileo on Security.

This particular hacking technique is called Phishing, and it’s where Cybercriminals send you fake emails that look like they’re from a legitimate business – your bank, PayPal or even a recently breached company like Anthem or Target.

Phishing has gotten a whole lot better over the years.  You can’t tell it from spelling mistakes, grammar, bad logos.  It’s much more exact; the emails look exactly like the legitimate emails. And phishing has morphed into spearfishing.  This is where criminals know a little something about you, maybe from a previous breach and they can highly target you for these really malicious attacks.

So here are three quick tips to keep phishing from infecting your computer and stealing your data.

  1. First of all, I want you to mistrust every link in an email unless you know who it is coming from and you were expecting that link.  Often times they’re collecting your personal information when you click on that link or downloading malware onto your system.  A lot of times there will be a link in the email that looks almost exactly like the legitimate link. So if the link takes you to a place where it’s asking for your money or for your information, just ignore it.
  2. The next thing you can do if you’re suspicious about a link in an email is type the URL directly into the address bar of your browser to make sure it takes you to the legitimate website.  This will keep you from landing on a phishing website where they’re going to try to siphon off your data or cash.
  3. Finally, I want to show you the hover technique.  This is an incredibly powerful way to see if you’re going to the real site or the site of the cyber criminals.   So in your email I want you to hover over the link and it’s going to pop up a window that shows you exactly where you’re actually going to.  When you look more closely at that link it looks like you’re going to the right place, but if you read from right to left instead of left to right (from the slash backward to the .ru or the .com) and your expectation of where you think you’re going doesn’t match where you’re actually going, that’s the first signal that you’re going to a malicious website.  It’s really important to know that when you hover over that link in that email it’s not going to pop up that window immediately.  You need to be patient and wait for it to bring that up.  Don’t click on the link in the meantime and it will show you if you’re going to the good website or the bad.

Here’s your One Minute Mission.  Head to your spam folder; it is full of phishing emails. I want you to hover over some of those links and I want you to start to detect the difference between the good ones and the bad ones.  By practicing the hover technique now you are getting in the habit of detecting those phishing emails when they don’t get caught by your spam software.

With these three tips, you have some basic knowledge of how hackers use emails to steal your private information.

For Sileo On Security, I’m John Sileo.  We’ll see you next time.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.