Posts

Online identity nightmare: will Twitter meet the challenge? Will we?

The jaw-dropping attack on the Associated Press last week may finally cause Twitter to start safeguarding our online identity – and it may even jolt us out of our apathy.

We’ve seen serious Twitter breaches for months. Hackers have damaged the digital reputations of major corporations and cultural groups. But Tuesday, the whole world was jolted when hackers falsely sent an AP tweet reporting that there had been two explosions at the White House. Within seconds, investors unloaded $139 billion worth of stocks, as reported by AP. Not all those investors were human; many were computers on autopilot doing high-speed trading. But the consequences are just as real and far reaching.

The ease with which organizations like the Syrian Electronic Army or LulzSec can infiltrate a powerhouse like Associated Press alerts us as to how vulnerable our digital footprint is. The universality of this threat is very real. Don’t be lulled into complacency because you think you’re not as attractive a target as AP. Hackers will continue to test the limits of our online identity security, especially on a platform like Twitter where messages can easily be deceptive or misinterpreted. Anyone with an internet connection has something to lose.

Shortly after the AP breach, better user-authentication was demanded by users and Twitter finally took notice, declaring it would make passwords stronger. Twitter announced it will soon implement the two-step process of authentication similar to that used by Google and Facebook. I doubt anyone today is skeptical about how much damage can be caused by a mere 140 characters.

Another security measure is available to ensure that a user is the only one logging into their account. If an unregistered device (e.g., not your home computer) attempts to gain access, a verification code can be sent to a registered device like a smartphone, reducing the risk of an unauthorized user.

Twitter is not alone in protecting our online identity

Effective security checks don’t let us humans off the hook. All the security checks can swoosh down the drain with one click on a bad link. Though we’ve been hearing it since the days of AOL and dial-up, if you don’t recognize the sender or you feel even a slight suspicion of the link, don’t click on it.

Your online identity, or digital footprint, is a composite of everything you watch, post and link to. When it’s compromised, how you are seen by others can be forever changed. Twitter’s response to the breach acknowledges that national security is at stake and signals a desire to encourage security for its users. It’s your responsibility to stay alert and take every possible precaution to protect your digital footprint.

John Sileo is an online identity expert and keynote speaker on digital security, reputation protection and social media privacy. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

eBay online fraud leaves you saddled with debt, junk you didn’t order

Sending unwanted orders to the innocent is an old, online fraud scam that most of us are aware of. But there’s a difference between an unwanted $13 pizza and an unwanted $13,000 purchase.

Online fraud can hit you in some truly surprising ways. Take the alarming case of Ars Technica writer Ken Fisher, who does not live in the UK or own an eBay account, yet received a notice from eBay UK out of the blue, congratulating him for successfully bidding $13,000 for 500 LED lights. In an article describing his experience, Fisher expresses his concern that this could happen, and his further frustration that his attempts to get in touch with tech support proved fruitless. Fisher was unsure of the origin of the message and whether or not it meant he was having online privacy issues. In the end, he just ignored eBay.

Take it from an online identity expert: it’s all fun and games until you wind up with 80 pounds of electronics.

John Sileo is an online fraud expert and keynote speaker on privacy, identity and reputation protection. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business. 

CEOs taking notice of online privacy threats?

Threats to online security have been coming thick and fast. But a new study shows that CEO's may finally be taking notice. Is that enough?

If there's an upside to the recent rash of hacks and digital subterfuge, it may be that businesses are beginning to see the ugly reality of online privacy exposure. According to the Wall Street Journal, a study by analysts at AIG recently showed that more executives are concerned about breaches than harm to their property. Eighty-five percent of executives polled placed more emphasis on their information and digital reputation than their physical holdings. 

Awareness is one thing, but are these executives putting their money where their mouth is?

It appears so. Studies show that there has been a corresponding increase in the amount of money recently spent by retail companies on cyber security measures and experienced anti-fraud experts. It's remarkable what a little bad press (hacking of the New York Times, Wall Street Journal, Twitter, Evernote) will do to motivate previously complacent companies.

As precious as your material property may be, it's not being targeted at all times like your data, which is under automated 24/7 attacks by hackers in their pajamas. Breaking into a house carries a great deal of risk, but hacking your email or bank account can be done from anywhere, anonymously, and with little chance of being caught. Unlike burglars, the cyber thieves that steal your personal information aren't very likely to leave behind a trail.

While it's good that executives appear to be getting the message, there's no substitute for proper cyber security training. Behind all of the technology and at the source of every data breach is a human being (generally, a poorly trained human being). Security isn't a department, it's a system of beliefs that must be instilled in your people. And when those people take protecting your data as seriously as they do their homes, then you've made progress.

John Sileo is a cyber security expert and keynote speaker on privacy, identity and reputation protection. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.