Tag Archive for: John Sileo

13 Data Security Tips for Meeting Professionals – SGMP

I just finished delivering a keynote speech for the Society of Government Meeting Professionals (SGMP) at their annual convention on identity theft and protecting data in the meetings industry. Data security is a top concern in this industry because it is probably one of the most highly-targeted groups for identity theft, social media fraud, data breach and social engineering. Here’s why:

  1. Meeting professionals collect, store and transmit massive amounts of private data on attendees
  2. Data theft risk skyrockets when travel is involved, which is a frequent occurrence for meeting planners and professionals
  3. Meeting professionals are busy nearly 24 hours a day once they are onsite for the conference or meeting, meaning that they are highly distracted
  4. A single data breach of attendee data can put the organization responsible for the event out of business due to excessive costs and tight compliance regulations
  5. Conferences are generally collections of highly professional, highly valuable attendees who travel with laptops, sensitive intellectual property, smartphones, unsecured WiFi connections, etc.

Meeting professionals have enormous responsibilities throughout every stage of the planning process. Identity thieves target conferences because of the sheer quantity and value of data circulating around these events. Protecting sensitive attendee data before, during and after the event has become not only a nicety, but a necessity. Data stolen during the planning, execution or clean-up phases of your event can hamstring your organization with financial liabilities and a public relations nightmare. Start by taking these steps:

Meeting Security Before the Event

  • Secure Your Online Reservation System. If you are going to use online registration, invest in a system that delivers not only efficiency, but security. It is your legal, financial and ethical responsibility to protect your attendees’ personal information. Don’t try to do it all yourself. Hire a reputable technology provider to ensure that your data is protected behind firewalls, encryption, passwords, updated operating systems, security software and safe wireless.
  • Educate Attendees. Before they ever begin their travels, attendees should read through a quick 2-minute tip sheet on how to protect themselves while going to a conference. Simply making them aware of some of the risks that exist traveling (laptop theft, unprotected WiFi, smartphone hijacking, etc.) will cause them to pay greater attention on-site.
  • Minimize Data Collection. Collect only the data that you absolutely need and destroy it as soon as you are finished. Once you have processed credit cards, purge that information from your system. The quicker that you properly dispose of sensitive data, the lower your risk and liability.
  • Minimize Physical Files. Take as few physical files with you to the event (attendee lists, etc.) as these are easily misplaced when traveling and distracted. The more that you can keep behind a password protected, encrypted computer, the better.

Meeting Security Traveling to the Event

  • Protect Your Laptop. Almost 50% of serious corporate data theft occurs because a laptop computer is stolen. In addition to the standard forms of protection (passwords, encryption, anti-virus, etc.), carry as little data on your laptop as possible. And never leave the laptop unattended unless it is locked in your hotel room safe. Identity thieves target business travelers because they are generally rushed, distracted and carrying valuable data.
  • Think Twice about Free Wi-Fi. It is very convenient (and dangerous) to use a free wireless connection to the Internet provided by an airport, café or hotel. Unfortunately, it is nearly impossible to distinguish if you are on a safe network or one that allows thieves to pirate your information. Unless you are absolutely sure about the security in place, refrain from sending any sensitive material over a wireless connection that your IT department hasn’t configured or approved.

Meeting Security Onsite

  • Educate Attendees. Make frequent announcements at the start of each segment of your programming to remind attendees that they should not leave purses, laptops or files unattended. In addition, warn them to take care of their belongings in pre-conference material and encourage them to leave as much sensitive data at home or in the office as possible.
  • Room Monitors. Have room monitors that check badges as attendees are entering the room and that monitor purses and laptops that are left in the room during breaks (even if you warn people, some will still leave items). Make sure that you announce that room monitors are watching so that you let any would-be opportunists know that someone is watching. Just this one piece of information should discourage theft.
  • Control Digital Access. Make sure that only authorized users can access your onsite registration system. Don’t leave laptops or registration lists unattended, as they are a goldmine of sensitive data. Make sure you are using a VPN and secure wireless connection to connect back to your office or database server. Deactivate your USB drives so that data cannot be easily copied onto a USB thumb drive when you aren’t looking.
  • Provide Secure WiFi for Attendees. Setup secure WiFi (requiring a password) for your staff and attendees so that they are not broadcasting their private information over an unprotected network (which they are doing anytime they use a free hotspot without a password). Make sure that your contact onsite understands your security needs and concerns. That is part of the service they are providing.
  • Control Physical Access. Use a system of photo ID badges and room monitors to make sure that only authorized attendees have access to highly sensitive areas. You don’t want your biggest competitor to gain access to the meeting where you reveal next year’s strategy.
  • Shred Unneeded Documents. If you no longer need registration information on an attendee, shred it immediately. Every hotel or conference center should have shredders onsite that you are able to utilize. If they don’t, you might ask yourself how well they are protecting your data.

Meeting Security After the Event

  • Destroy the Evidence. When the conference or meeting is over, shred any remaining physical documents you no longer need. Purge digital files from your systems, especially those containing credit card or Social Security numbers. The less you keep on hand, the lower your changes of theft.

Above all, don’t forget to educate your staff and attendees on the risks of data theft while attending a conference. Higher levels of awareness drastically reduce the incidents of attendee identity theft and corporate espionage.

John Sileo is the award-winning author of Privacy Means Profit and America’s leading speaker on identity theft prevention, social media exposure, online reputation management and information leadership. Learn more about his keynote speeches on a variety of topics or call directly on 1.800.258.8076.

 

3 Exposure Lessons Learned Via Anthony Weiner

Just for a minute, put yourself in the shoes of Anthony Weiner. You’ve done something exceptionally stupid, whether it’s sending sexually explicit photos of yourself to strangers you don’t even know, or another unrelated mistake. To compound the stupidity, you involve social networking – you Facebook or tweet or YouTube the act – or even simply email details of what you’ve done.

Everyone of us makes impulsively bad decisions (probably not as bad as Weiner, but bad nonetheless). Prior to the internet, you at least had a chance to recover from your past transgressions, as there wasn’t a readily accessible public record of the act unless you happened to be caught on tape (think Nixon, Rodney King, etc.). But now that pretty much every human carries either a camera or video recorder with them at all times (mobile phones), can communicate instantly with a massive audience (Facebook, Twitter, SMS, blogs), and have access to more information than exists in the Library of Congress just by pulling up Google, the equation of how you control sensitive information about yourself has changed radically. Every stranger (and even friend) is like a full service news station with video, distribution and commentary, just waiting to report on your missteps.

Here are three lessons the rest of us can take from the Anthony Weiner affair:

  1. Fame raises the bar. Celebrity, for all of it’s glory, puts a spotlight on your conduct. When you get paid for attracting attention, you are bound to attract unwanted attention. Unless your brand consciously involves a rebel persona (Paris Hilton, Lindsey Lohan, Dennis Rodman – in other words, the more trouble you get in, the more money you make), you will be held to a higher standard than those of us who fly under the radar. Fame has its faults. Remember when Gary Hart challenged the press to prove he wasn’t a standup guy? Now everyone who has even the most basic tech tools is an instant paparazzi.
  2. Mind the 3 Laws of Posting Online. When you post anything online, what you have published is most often immediately public, permanent and exploitable. You may think that you have a claim to privacy online, but you are deluding yourself. What you upload is only as private as the company or individual housing the data. Once you post, there is no “taking it back”. Weiner removed his tweets quickly, but posts, pictures and videos are backed up, re-tweeted, liked, screen captured and otherwise saved long before you can put a stop to it. Finally, as this case reinforces, what you post online can and will be used against you if it falls into the wrong hands. In Weiner’s case, the wrong hands were those of a political enemy, conservative blogger Andrew Breitbart. Because Weiner chose to make the posts public (even accidentally), Breitbart has a free pass to commit perfectly legal extortion. Before it is all over, the Democratic party will lose one of it’s brightest stars. That is probably a just result, but there is still a question about the forceful nature of the means involved.
  3. Admitting fault early and often. If you’ve done something wrong and it is recorded online, “hang a lantern on it” as quickly as possible. This is a phrase that Chris Matthews used in his book on political survival, Hardball. To summarize Matthews position, if you make a mistake and it goes public, admit to it as quickly as possible, take ownership of the wrongdoing and don’t lapse into the web of lies brought on by panic. Hang a lantern on it – expose it to the light, take your lumps and move on. In the end, what will bring Weiner down will likely not be his obscene tweets or explicit photos. Rather, it will be the fact that he blatantly lied about his posts. Had he come clean immediately, he would be judged as a person who made some mistakes just like the rest of us, not as a Congressman who deliberately mislead his constituents.

And there is a larger, more important lesson in all of this. In a world where your every action is subject to capture, publication and mass distribution, it’s far easier to be a moral, upstanding, well-adjusted individual than it is to attempt to hide a dysfunctional dark side. Ultimately, a bit of restraint, discretion and even therapy will be much cheaper than living a double life.

 

John Sileo speaks, writes and consults professionally on information leadership: managing the exposure of personal and corporate information. His clients include the Department of Defense, Pfizer, Homeland Security and Blue Cross. Learn more at www.ThinkLikeASpy.com or contact him directly on 1.800.258.8076. Expose yourself wisely.

Dropbox a Crystal Ball of Cloud Computing Pros & Cons

Dropbox is a brilliant cloud based service (i.e., your data stored on someone else’s server) that automatically backs up your files and simultaneously keep the most current version on all of your computing devices (Mac and Windows, laptops, workstations, servers, tablets and smartphones). It is highly efficient for giving you access to everything from everywhere while maintaining an off-site backup copy of every version of every document.

And like anything with that much power, there are risks. Using this type of syncing and backup service without understanding the risks and rewards is like driving a Ducati motorcycle without peering into the crystal ball of accidents that take the lives of bikers every year. If you are going to ride the machine, know your limits.

This week, Dropbox appears to have altered their user agreement (without any notice to its users), making it a FAR LESS SECURE SERVICE. Initially, their privacy policy stated:

… all files stored on Dropbox servers are encrypted (AES-256) and are inaccessible without your account password. Quote from PCWorld

Currently, the privacy policy says that Dropbox can access and view your encrypted data, and it might do so to share information with law enforcement. Why is that important? Because it means that the encryption keys that keep your files private are actually stored on Dropbox’s server, not on your own computer. This puts the keys to your data (and every other Dropbox user) in the hands not only of Dropbox employees and law enforcement, but vulnerable to hackers. When the encryption key is located on your computer, at least the risk is spread over Dropbox’s user’s network.

But there is an even bigger issue that this exposes about the world of cloud computing in general: anytime your data lives on a device that you don’t own, you lose a certain amount of control over what happens to it. Here is just a sampling of factors that can affect the privacy and confidentiality of your cloud-stored data:

  • The cloud service provider changes their Terms of Service (like Dropbox just did) to cover their legal bases, making your data less secure without your even being alerted. This happens almost every week with Facebook, which changes privacy terms constantly. When you log back into your account, you are automatically agreeing to the new Terms of Service (and probably not reading the tens of pages of legal jargon).
  • The provider is bought out by a new company (possibly one overseas) or has its assets liquidated (the most valuable assets are generally information), that has different standards for data security and sharing. You, by default, are now covered by those standards.
  • The security of your data is weak in the first place. Security costs money, and many smaller cloud providers haven’t invested enough in protecting that data, leaving the door wide open for savvy hackers. SalesForce.com might be well protected, but is the free backup service or contact manager that you use?
  • Your data exists in a more public domain than when it is stored on internal, private servers, meaning that it is subject to subpoena without your being notified! In other words, the government and law enforcement has access to it and you will never know they were snooping around. This isn’t a concern for most small businesses, but it is still a cautionary note.

So does this mean we should all shut down our Dropbox, Carbonite, iBackup accounts? No. Does this mean that corporations should not implement the highly scalable, dramatically efficient solutions provided by the cloud? No. It means that both individuals and businesses must educate themselves on the up and down sides of this shift in computing. They can  begin the process by realizing that:

  1. Not all data is created equal and that some types of sensitive data should never be placed in someone else’s control. This is exactly why there are data classification systems (I subscribe to those used by the military and spy agencies: Public, Internal, Confidential and Top Secret).
  2. Not all cloud providers are created equal and you must understand the privacy policy, terms of service and track record of each one individually (just like you would choose a car with a better crash-test rating for your family).
  3. Anything of immense power comes with costs, and those costs must be calculated into the relative ROI of the equation. In other words, the answer here, like most complex things in life, exists in the gray area, not in a black or white, one-size-fits all generalization.

John Sileo writes and speaks on Information Leadership, including identity theft prevention, data breach, social media risk and online reputation. His clients include the Department of Defense, Homeland Security, the Federal Reserve Bank, FDIC, FTC and hundreds of corporations of all sizes. Learn more about his motivational data security events.

iPhone and Droid Want to Be Your Big Brother

Remember the iconic 1984 Super Bowl ad with Apple shattering Big Brother? How times have changed! Now they are Big Brother.

According to recent Wall Street Journal findings, Apple Inc.’s iPhones and Google Inc.’s Android smartphones regularly transmit your locations back to Apple and Google, respectively. This new information only intensifies the privacy concerns that many people already have regarding smartphones. Essentially, they know where you are anytime your phone is on, and can sell that to advertisers in your area (or will be selling it soon enough).

The actual answer here is for the public to put enough pressure on Apple and Google that they stop the practice of tracking our location-based data and no longer collect, store or transmit it in any way without our consent.

You may ask, “don’t all cell phone carriers know where you are due to cell tower usage?” Yes, but Google and Apple are not cell phone carriers, they are software and hardware designers and should have no real reason (other than information control) to be tracking your every move without your knowledge. Google and Apple are not AT&T or Verizon, therefore they should not be recording, synching and transmitting your location like it appears they are.

Both companies are trying to build huge databases that allow them to pinpoint your exact location. So how are they doing it? By recording the cell phone towers and WiFi hotspots that you pass and that your phone utilizes. This data will ultimately be used to help them market location based services to their audience, which is a market that is expected to rise $6 billion in the next 3 years.

The Wall Street Journal found through research by security analyst Samy Kamkar, the HTC Android phone collected its location every few seconds and transmitted the data to Google at least several times an hour. It transmitted the name, location and signal strength of any nearby WiFi networks, as well as a unique phone identifier. This was not as personal of information like what the Street-View cars collected that Google had to shut down some time ago.

So what do we do now? According to the Wall Street Journal, neither Apple or Google commented when contacted about these findings, so it is hard to know the extent of how they are using the data collected. Right now, there really isn’t much you can do to stop GPS tracing of your location without your consent. Of course you could power down your phone, but we are all way too additcted to these handy little digital Swiss Army Knives to do that. You can turn of GPS services, but again, that makes it impossible to use maps and other location-based apps.

The actual answer here is for the public to put enough pressure on Apple and Google that they stop the practice of tracking our location-based data and no longer collect, store or transmit it in any way without our consent.

While this may be the future of privacy, it is better that we are aware of what may come rather than remain in the dark about the possibilities of technology.

John Sileo is the President of The Sileo Group and the award winning author of four books, including his latest workbook, The Smartphone Survival Guide. He speaks around the world on identity theft, online reputation and influence. His clients include the Department of Defense, Pfizer and Homeland Security. Learn more at www.ThinkLikeASpy.com.

Comprehensive Opt Out List for Marketing Databases

Major data breaches like the recent Epsilon Breach occur frequently, even if you don’t hear about all of them. With all the publicity surrounding this particular breach, people have been asking how to remove themselves from some of those marketing lists that are frequently compromised.

Opting our of marketing databases is one way to lower your risk of becoming a data breach victim.

So, how do I get out of marketing data bases?

Most databases allow you to opt out of having them share and sell your information, you just need to find out how.  Many sites make it tricky to get this done, but most sites that are selling or harvesting your information allow you to do so one way or another.

The Privacy Rights Clearing House lists 135 marketing data brokers who are selling your private information, and tells you whether or not they have opt-out policies. If they do, you have to go to the brokers’ websites and suppress your name yourself. Most of the sites have hard-to-find opt out pages, but you can generally track them down by visiting the Privacy Policy which frequently appears as a link in small print at the bottom of the home page.

Even if you opt out, unfortunately, most of these sites still retain your information in their databases, meaning that you are still at risk of a breach. But until we have stronger consumer rights governing our private and personal information, opting out is the best you can do.

 

Facebook Can Use Your Photos in Their Ads Without Permission

Did you know that Facebook can use photos you post on the site in advertisements targeted on the right (advertising) side of your contact’s profile?

Unless you customize your privacy settings, Facebook can share just about anything you post with just about everyone. Using your intellectual property for their financial gain is not a new Facebook issue, but one that should be revisited due to recent Facebook Privacy changes. Here’s the funny part: you gave Facebook the right to use any of your content in any way they see fit when you signed up for your account and didn’t read the user agreement. If you visit the Facebook Statement of Rights page you will see the following:

You own all of the content and information you post on Facebook, and you can control how it is shared through your privacy and application settings. In addition:

  1. For content that is covered by intellectual property rights, like photos and videos (“IP content”), you specifically give us the following permission, subject to your privacy and application settings: you grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook (“IP License”). This IP License ends when you delete your IP content or your account unless your content has been shared with others, and they have not deleted it.
  2. When you delete IP content, it is deleted in a manner similar to emptying the recycle bin on a computer. However, you understand that removed content may persist in backup copies for a reasonable period of time (but will not be available to others).
  3. When you use an application, your content and information is shared with the application.  We require applications to respect your privacy, and your agreement with that application will control how the application can use, store, and transfer that content and information.  (To learn more about Platform, read our Privacy Policy and Platform Page.)
  4. When you publish content or information using the “everyone” setting, it means that you are allowing everyone, including people off of Facebook, to access and use that information, and to associate it with you (i.e., your name and profile picture).
  5. We always appreciate your feedback or other suggestions about Facebook, but you understand that we may use them without any obligation to compensate you for them (just as you have no obligation to offer them).

Make sure you customize your privacy settings so that you are sharing your data at a level comfortable to you. One place you may not realize you need to check is Facebook Ads. When you visit your Account Settings page the last tab on the right is Facebook Ads. By clicking on it you can adjust your settings  — after you read their pop up on not selling your information. Where is says “Allow ads on platform pages to show my information to” and “Show my social actions in Facebook Ads to” Check No One. This gives you just a bit more control over what Facebook can share about you and your profile.

As it states above,  information you delete from your Facebook may not be permanently deleted. Just know that once something hits the internet it is there for good. Posts, pictures, videos and comments on social networking site are public, permanent and exploitable.

Reputation Gets You What You Want

For six years I have done almost nothing professionally but study and speak on phenomenons that drive companies out of business or otherwise destroy their reputation. In the process, I have discovered what I consider to be an under-recognized and highly powerful maxim that remains relatively untapped both by people (especially leaders), and by businesses. We talk about it, but we rarely take an active role in improving it.

Reputation gets you what you want.

I know this because I have seen countless people’s reputation destroyed by identity theft (including mine when I was thought to be a criminal) and hundreds of businesses’ reputations wrecked because of data breach, social networking over-exposure or reputation hijacking. I know this because I’ve worked as a reputation management partner to companies that aggressively manage what the world thinks of them from an offensive perspective – they cultivate it long in advance of any attack.

Think of Apple – they have had a reputation of producing simple, functional, beautiful gadgets that WOW us. Now, even when they release the most modest of upgrades, we all jump to buy them because of Apple’s reputation. Apple works day and night to protect and project this reputation, but because of the nature of reputation (you can’t blow your own horn too loudly), it is a silent and subtle campaign that accumulates over time.

Reputation is everything. A strong reputation gives you job security even in a shaky economy. It can be your sales team’s best closing tool or worst enemy (imagine BP trying to close its next off-shore drilling deal). It’s a long term asset that is subject to short term manipulation. And in the age of social media and constant access to data, your reputation can be damaged in a minute.

Reputation has traditionally been a defensive art – we don’t think about it or act to improve it until we are attacked. We are reactive and take for granted something that not only defines who we are, but makes us our money. But acting after the attack is far more costly than building a solid reputation foundation that can withstand the occasional threat. Take Reputation Hijacking for example.

Reputation Hijacking

Steve Fezzik is widely recognized as one of the top sports gamblers in the business. He consistently beats the odds in Vegas, and has developed a highly profitable career based on his sterling reputation of winning when others can’t. And Steve Fezzik’s reputation is exactly why someone else purchased the URL of his name (www.SteveFezzik.com), put his picture and bio on the site, and proceeded to sell betting cards (odds on gambling opportunities) using his name and an anonymous PayPal account. Someone else is still cashing in on his reputation and trashing it as they go because they don’t have his skill set for picking winners. His story is sad and all too common. And he is essentially helpless to change the plot, as he would have had to play a bit of reputation offense to protect himself. In his case, the steps would have been rather straightforward:

  1. Trademark his name in relation to the gaming business so that he has a leg to stand on when someone else misuses his identity for financial gain.
  2. Purchase the most common URLs associated with his name and expertise early in the game, before others find a way to use them.
  3. Hire a pit bull of an intellectual property lawyer (in advance of needing them) to immediately and very publicly put a stop to reputation squatting using simple tools like Cease and Desist. I realize that most people don’t have to worry about this level of protection, but if your name is your business, or your brand is your reputation, your way of thinking in the Internet age will need to change.
  4. Offensively develop an online reputation stronghold that serves as a clearinghouse for your voice and reputation. We can learn a great deal from celebrities who develop a significant presence on Twitter, a Facebook Fan Page, a blog, a YouTube channel or another vehicle of digital reputation management to fill in the space where tabloids and Perez Hilton type chatter can easily fill in the void. Most celebrity press releases, for example, are now launched from Twitter, making any other source of breaking news a bit suspect.

In other words, in your absence, someone else will leverage your reputation, especially online, where it is an easy target. Your refusal to manage it in advance already makes your reputation worth less. Would Lady Gaga fail to insure her voice, own her URL namesake or trademark her marketing brilliance? But she’s a star, you say. In the world of social media, instant communication and lack of privacy, so are you. Just make sure you avoid the black hole of reputation inertia.

John Sileo’s keynote speeches train organizations to play aggressive information offense before the attack, including reputation hijacking, identity theft, data breach, cyber crime, social networking exposure and human fraud. Learn more about having a Reputation Management Partner at ThinkLikeASpy.com or call him directly on 800.258.8076.

How to Opt Out of Data Miners and Online Directories

Whether you like it or not, your information is available publicly to everyone through online directories. Businesses and advertisers have the ability to easily find this information and then market their products to you. This means that you have never actually “opted-in” to receive these ads. Fortunately, there are ways for you to “opt-out” of widespread information sharing (see the list of more than 120 ways below).

The Top 4 Opt-Out Opportunities:

  1. www.OptOutPreScreen.com. Remove yourself from the marketing lists sold by the three major credit reporting bureaus, Equifax, Experian and TransUnion. There is not cost for this list.
  2. www.DMAchoice.org. This puts you on a Do Not Mail list for the Direct Marketing Association. The cost is $1, but it is well worth the instant trip down in your mail.
  3. White Pages. That’s right, your old-fashioned printed phone directory is the source for most of the online contact info databases. Remove your directory listing (you will likely have to the phone company every month to have your info NOT shared – I know, it’s asinine) or otherwise opt out.
  4. www.Spokeo.com. To opt out, read this blog post about [intlink id=”1752″ type=”post”]removing your info from Spokeo[/intlink]. This is one of the more utilized sites by identity thieves, stalkers and scammers.

There is a slower and more tedious process of opting out of online directories (i.e., you have to visit every one. Some (Spokeo.com)  are more important than others (Whitepages.com) because of the information that they collect. Sites such as Spokeo.com can have as much information as your physical address and pictures of your home, while others may just house your phone number. These sites spend hours upon hours scouring public records such as marriage licenses, birth certificates, and real estate purchases for this type of information.

Since most online directories typically offer a way to opt out of their listings you would think they would make it easy. Not so. They tend to hide this option deep within the site, as they don’t actually want you to leave. Luckily, The Privacy Rights Clearing House has done most of the legwork in their Comprehensive Opt Out List. I suggest starting with a few main sites, 123people.com, spokeo.com, etc. and continuously adding to it over time. Opt out of one a week if you like, and eventually your data will be less exposed. Protecting your privacy and identity is a layering process. It is easy for people to get overwhelmed, especially when it comes to online directories.

John Sileo speaks on information control, identity theft prevention and data breach avoidance. His clients include the Department of Defense, Pfizer and the FDIC. To learn more, contact him directly on 800.258.8076.

Tired of Being Tracked by Websites? Do Not Track is Here.

In response to the growing demands for more privacy on the internet, Mozilla implements a Do Not Track option in Firefox 4.

The most recent version of Mozilla Firefox, which was rolled out this February, offers users the option to opt-out of website tracking. Once enabled, the user’s preference to not be tracked is automatically sent to the website. That doesn’t mean that the website has to do anything about it, but there will probably be a bit of a stink about those sites that don’t respect user’s privacy preferences (it would be the equivalent of someone making a sales call to you after you join the Do Not Call list). Unfortunately, most users will never know which websites are participating in the opt-out Do Not Track function.

Learn more about Firefox’s Do Not Track Technology and about the Big Brother issues posed by companies tracking your every move on the internet.

In my opinion, beginning to solve the surfer privacy issues at the browser level is the right direction to take. It is the most universal gate through which all surfers pass – no one visits a website without touching a browser. If consumers get behind the technology now and let the companies they do business with know that they expect them to honor Firefox’s Do Not Track technology, there will be no option but to acquiesce.

Mozilla Firefox version 4.0 is still in beta while they make sure they get any glitches fixed. So don’t install it unless you are comfortable with using beta (often glitchy) software. It has been out for many weeks now, and most of the glitches are probably resolved at this point.

To add the Do Not Track functionality, download and install the latest version of Firefox 4, and then go to Firefox -> Options  -> Advanced. Check the “Do Not Track” box and save your settings.

When this option is selected, a header will be sent signaling to websites that you wish to opt-out of online behavioral tracking.  You will not notice any difference in your browsing experience until sites and advertisers start responding to the header. I recommend that users go in and try this out. This is the best way to give them feedback so they can make our browsing experience as safe as possible.

John Sileo’s motivational keynote speeches train organizations to play aggressive information offense before the attack, whether that is identity theft, data breach, cyber crime, social networking exposure or human fraud. Learn more at www.ThinkLikeASpy.com or call him directly on 800.258.8076.

Don’t Have a Fraudulent Valentine’s Day

Romance is in the air, but so is fraud.

I hate it when scammers take advantage of you on holidays. In fact, I don’t much like being the person responsible for telling you that fraud goes way up during holidays like Christmas and Valentine’s Day. But it’s my job, and it’s important to me, and you have nothing to worry about if you are using common sense. In case your common sense is lacking due to all of the chocolate, here are some thoughts on Valentines Scams.

In happy and/or busy moments, people tend to let their guard down. Consumers are happier, more trusting, generous and hopeful around Valentine’s Day. This is a good thing. We want people to be happy, in love and celebrating each other.

I just don’t want you to be so distracted that it gives an identity thief an opening to take advantage of you. Around this time there is a rise of online scams, especially where thieves send out malicious links that direct you to a site where you are tricked into giving personal information.

The problem with malicious links is that they appear to be sent by someone you trust, especially when they come from a friend on Facebook or another social netowork. Most people click on them because they look like they are from a friend, legitimate company, bank, or other business that you have dealt with in the past. Also, around Valentines day, the message might appear to be from a  flower, candy or gift company that is giving you some amazing offer, and all you have to do is click!

While these malicious links can be sent by email most people don’t realize you can get them via Facebook, Twitter, IM, or even text message. Scammers have gotten more sneaky and creative with their methods of attack. With Valentines Day right around the corner they will be disguised as friends or businesses tapping into your romantic, loving, and trusting side.

Watch out for companies offering you 50% off on 1-800-flowers if you purchase them from their (phony) site. Maybe it’s a free offer from Match.com or link a “friend” has sent to check out the best Valentine’s Day gifts this year. In other words, just be extra careful about anything you click on that has to do with the holiday. You are better off typing the URL of where you want to go (flower store, chocolates, etc.) in the address bar.

Here are a few ways that criminals hid Malicious links so that you have a harder time spotting them:

  • A slight misspelled version of a trusted URL
  • Using a URL shortener (Tiny, bit.ly) to hide the actual URL
  • Use simple HTML formatting to hide the real URL. This is very common and hard to spot because while you are clicking on www.firstbank.com it is actually a dangerous link in disguise that takes you to a malicious site.

Here are a few ways that you can protect yourself for being duped this Valentine’s Day.,

  1. Always type the website you wish to visit directly into the browser. Do not click on a link and just assume that it is safe.
  2. Don’t click on anything that has been sent from someone you don’t know or from someone you do know but seems out of character.
  3. Don’t click on anything that said it was sent by your bank or any other bank. Call the bank up directly to verify the email and type their web address into your browser.
  4. Don’t click on a link that says it is an urgent situation. Many times, scammers will try to scare you into thinking you have to click now or something bad will happen. That is never the case. Call the company directly on their known phone number to handle the situation.
  5. And most importantly, unlike true love, if something seems too good to be true, it probably is. Research it further.

On this Valentines Day, make sure that you don’t get swept up in the moment and taken advantage of by a scammer. No matter what the holiday is, always make sure that you are thinking with your head and not just with your heart when protecting your most important asset… your identity.

John Sileo loves Valentine’s Day because he gets to celebrate with his wife, whom he has had a crush on since he was 8. He is the author of Privacy Means Profit and earns his keep delivering highly motivational identity theft speeches.