Posts

Don't Get Cyber-Scrooged on Cyber Monday!

Why fight parking-lot-road-rage, UFC-sanctioned-psycho-shoppers and 12 a.m.-midnight-start-times on Black Friday when you can shop from the comfort of your laptop or iPad while sipping eggnog on the couch (or more likely, from your office desk)? I’m talking about Cyber Monday, of course – the day that online merchants heavily discount their products and generally give free shipping as well. By shopping online, you get most of the same deals and discounts (some of them better) without the breakneck competition common in stores the day after Thanksgiving.

Online shopping during the holidays is a convenient, green, inexpensive way to celebrate the season with less stress. In fact, it’s such an efficient way to buy gifts that cyber shoppers will spend close to $2 Billion this coming Monday. If you are one of them, take a few steps to add peace-of-mind to your peaceful holidays.

How to Protect Your Private Data Online on Cyber Monday

  • Never Shop on a Public Wi-Fi Connection – Although you may trust the baristas at your local coffee shop, you can’t always trust the person sitting next to you. Hackers can easily tap into Wi-Fi connections at public hot spots to steal your identity information. This can be especially dangerous when you are making purchases with your credit card on unsecured connections. Options: surf at home or set up Internet Tethering between your smartphone and laptop or tablet so that you are always surfing on an encrypted connection. Unlike most hot-spot transmissions, your mobile phone communications are encrypted and will give you Internet access from anywhere you can make a call.
  • Never use a debit card online – If your card information is compromised, funds can be withdrawn from your bank account without your knowledge. Federal law states that your bank can take up to 2 weeks to investigate fraudulent activity before returning the funds to your account, which means you have nothing to spend in the meantime.  In fact, if you don’t report the missing funds quickly, you could potentially lose all the money on deposit with your bank.
  • Monitor Your Accounts – While you are doing a lot of shopping – online and in the store – it is good to keep an eye on your bank and credit card accounts. Match your receipts up to your statement to make sure that they are correct and there are no fraudulent charges. Keep an eye out for small charges, sometimes that is how crooks test to make sure they have a good card. For convenience, set up credit card account alerts that automatically email or text you every time you make a purchase. It makes detecting fraud a snap.
  • Consider using a virtual or single-use credit card – Some card issuers offer virtual credit cards or single-use card numbers that can be used online. Virtual credit cards use a randomly generated substitute account number in place of your actual credit card number.
  • Never “recycle” a password – Most online shopping sites encourage you to establish a user name and password. Password-protected sites are becoming more vulnerable because people regularly use the same user names and passwords on multiple websites. But do you really want an online retailer to know the password to your online bank account?  If you are using the same password across many sites and your password for one site is breached, everything else is at risk. If you do decide to create a user name and password, make sure it is adequately strong. To assist the creation and safe storage of different passwords, use a password protection software like 1Password.
  • Protect your passwords and personal data – Do not share your passwords with anyone and never provide your social security number, birth date or mother’s maiden name in an email.
  • Only Shop on Trusted Websites – Don’t just let the search engine pick the site for you, make sure you are using a trusted and well-known website. Type in the direct web address for the stores you are familiar with, and don’t shop on price alone.
  • Look for Signs They are Protecting Your Data – On the Web page where you enter your credit card or other personal information, look for an “s” after http in the Web address of that page and a secured padlock (as shown below). Encryption is a security measure that scrambles data as it travels through the Internet. 
  • Make sure all of your security software is up-to-date before you shop online – That includes anti-virus software, anti-spyware and firewalls.

Take a break on Black Friday. Who knows, maybe you’ll start to think of it as White Friday.

Comprehensive Opt Out List for Marketing Databases

Major data breaches like the recent Epsilon Breach occur frequently, even if you don’t hear about all of them. With all the publicity surrounding this particular breach, people have been asking how to remove themselves from some of those marketing lists that are frequently compromised.

Opting our of marketing databases is one way to lower your risk of becoming a data breach victim.

So, how do I get out of marketing data bases?

Most databases allow you to opt out of having them share and sell your information, you just need to find out how.  Many sites make it tricky to get this done, but most sites that are selling or harvesting your information allow you to do so one way or another.

The Privacy Rights Clearing House lists 135 marketing data brokers who are selling your private information, and tells you whether or not they have opt-out policies. If they do, you have to go to the brokers’ websites and suppress your name yourself. Most of the sites have hard-to-find opt out pages, but you can generally track them down by visiting the Privacy Policy which frequently appears as a link in small print at the bottom of the home page.

Even if you opt out, unfortunately, most of these sites still retain your information in their databases, meaning that you are still at risk of a breach. But until we have stronger consumer rights governing our private and personal information, opting out is the best you can do.

 

Tired of Being Tracked by Websites? Do Not Track is Here.

In response to the growing demands for more privacy on the internet, Mozilla implements a Do Not Track option in Firefox 4.

The most recent version of Mozilla Firefox, which was rolled out this February, offers users the option to opt-out of website tracking. Once enabled, the user’s preference to not be tracked is automatically sent to the website. That doesn’t mean that the website has to do anything about it, but there will probably be a bit of a stink about those sites that don’t respect user’s privacy preferences (it would be the equivalent of someone making a sales call to you after you join the Do Not Call list). Unfortunately, most users will never know which websites are participating in the opt-out Do Not Track function.

Learn more about Firefox’s Do Not Track Technology and about the Big Brother issues posed by companies tracking your every move on the internet.

In my opinion, beginning to solve the surfer privacy issues at the browser level is the right direction to take. It is the most universal gate through which all surfers pass – no one visits a website without touching a browser. If consumers get behind the technology now and let the companies they do business with know that they expect them to honor Firefox’s Do Not Track technology, there will be no option but to acquiesce.

Mozilla Firefox version 4.0 is still in beta while they make sure they get any glitches fixed. So don’t install it unless you are comfortable with using beta (often glitchy) software. It has been out for many weeks now, and most of the glitches are probably resolved at this point.

To add the Do Not Track functionality, download and install the latest version of Firefox 4, and then go to Firefox -> Options  -> Advanced. Check the “Do Not Track” box and save your settings.

When this option is selected, a header will be sent signaling to websites that you wish to opt-out of online behavioral tracking.  You will not notice any difference in your browsing experience until sites and advertisers start responding to the header. I recommend that users go in and try this out. This is the best way to give them feedback so they can make our browsing experience as safe as possible.

John Sileo’s motivational keynote speeches train organizations to play aggressive information offense before the attack, whether that is identity theft, data breach, cyber crime, social networking exposure or human fraud. Learn more at www.ThinkLikeASpy.com or call him directly on 800.258.8076.

Spokeo Shows Your Home with Only a Name?

,

True. Unless you have chosen to Opt Out (see below), a picture of your home is only one search away on Spokeo.com, even if I don’t have your address.

Check it out for yourself at www.spokeo.com. On most profiles, if Spokeo has your current address, they also have a picture of your home. It is the same as Google Street View, almost. The difference is that on Google Street View or Google Maps, you can’t easily look up someone’s address based on their name and find the corresponding picture of their home.

In other words, Spokeo aggregates your personal data in a more sophisticated way, ultimately giving users the ability to search on your name and peel back layers of your personal information. This has caused a recent web buzz on the subject and is pushing people to go on their site to remove information you don’t want to share with the world. A few months ago I posted a video about removing your information from Spokeo. Here are the steps.

  1. Visit www.Spokeo.com.
  2. Type in your name and click on the record that belongs to you (if it exists).
  3. Copy the URL in your web browser that points specifically to your record (you should see your name in the URL, something like this: http://www.spokeo.com/search?q=Smith%20Sample#Sample:1219812367)
  4. Go to the bottom right corner of Spokeo’s page and click on the link called Privacy (it’s in small, faded text). Alternatively, visit www.Spokeo.com/privacy.
  5. On this page, paste in the link you copied from your personal page and enter your email address (for verification purposes, supposedly) and the security code listed. This is a case where I would use a second email account (your designated junk-email account), not your main email to avoid the build up of possible spam emails that follow. It will then send you an email confirmation where you must click the URL to confirm removal.
  6. Voila! You’re information will, for the time being, no longer be included in their look up services.

Of course, this does not get rid of the original sources of data (they buy the information from your local White Pages, Government listings, probably from Google Street View), but it does make it considerably harder to aggregate all of this data in one place. Just as a word of caution – I opted out of their data base about 3 months ago when we posted the above video and now I’m back in the database. So, I am opting out again and monitoring very closely if they add me back in, at which point I will take the story to a major news organization and we will hold them accountable.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him regarding speaking opportunities directly on 800.258.8076.

WSJ Article Quotes Identity Theft Expert, John Sileo

,

How To Beat The Online Scammers

(A Wall Street Journal Excerpt by Jennifer Waters)

Your pet’s name is a fraudster’s best friend.

You may think you’re giving up precious little when you tell your Facebook friends that you’re dressing your pooch, Puddles, in your favorite color, red, for brunch at Grandma’s on Sunday. But you’ve actually just opened a Pandora’s box of risks.

The information consumers willingly, and oftentimes unwittingly, unleash on social-media websites sets off a feeding frenzy among fraudsters looking to steal everything from your flat-screen TV to your identity…

Too much information can hurt you in other ways. John Sileo, a Denver-based identify-theft expert, says your online chatter could equip an ex-spouse with ammunition for a court challenge. Future or current employers could have a problem with information about your personal life that they deem inappropriate for a member of their staff, he says. You also could be furnishing a would-be stalker with information about your whereabouts. Click Here to Continue Reading….

Facebook Reveals the End of Your Privacy | Sileo

, ,

The many changes that Facebook has been making recently have users nervous. Nervous because they are lacking the control that they once had over their privacy on the social networking site. While Facebook has never been the mecca of privacy, the recent and swift changes they are making has created more of an issue for users. One by one they are voicing their concerns with the new features and why they feel Facebook is slowly revealing the end of your privacy.

Facebook and privacy issues go hand in hand.

Here are a few of the new features; although they are snazzy, they have many users concerned.

User IDs 

With only your email address on hand, data miners can easily match it with the new user ID that has been issued to you. Basically, the ID provides your name and profile picture no matter how your privacy settings are set. This can also include your hometown, photos, friends, and more depending on how strict your settings are. This gives companies the ability to advertise to you. If you are a young female living in Austin, Texas, there are literally thousands of products that can be marketed to you just using that information alone.

Face Match or Tag Suggestions

When you are uploading photos to Facebook (as shown above), they will make “tag suggestions” of who should be tagged in your photo album. In other words, Facebook has the ability to know what you look like. This feature will be gradually rolled out over the next few weeks. In order to disable your “tagability”, you need to adjust your privacy settings. Just click ‘Customize Settings’ and de-select ‘Suggest photos of me to friends.’ Your name will no longer be suggested in photo tags, though friends can still tag you manually.

Switch Account

In a recent and unintentional Facebook leak, many users reported seeing a switch account tab. This feature gives you the ability to go back and forth between different accounts without having to log in and out. While this is easy for people who are administrators for certain pages, it is a privacy issue for users who want to have many pages in order to play out a scam.

Facebook Privacy Concerns

Facebook was built on the idea that users connect and share personal information with each other. It is up to the users to decide how much and to whom. The more you share, the stronger Facebook becomes and the easier it is to share that information with friends, strangers and advertisers.

While Facebook is consistently rolling out more features, users are having to update their privacy settings.  With so much personal information sharing, the real cost to our privacy is still unknown.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

[youtube http://www.youtube.com/watch?v=VgwQPhpRPd0&rel=0]

Online Privacy Needs A Federal Office

, ,

According to a recent New York Times article, the government may be creating a department solely dedicated to strenghthening privacy policies within the United States and other countries. A recent report details why such a force is necessary. Although this new office would lack enforcement authority, they would work directly with the administration and necessary agencies to attack and solve privacy issues.

“America needs a robust privacy framework that preserves consumer trust in the evolving Internet economy while ensuring the Web remains a platform for innovation, jobs and economic growth,” the Secretary of the Commerce, Gary F. Locke, said in a statement. “Self-regulation without stronger enforcement is not enough. Consumers must trust the Internet in order for businesses to succeed online.”

The policy task force already suggested we make visible exactly what information is collected online through a “Privacy Bill of Rights.” Companies that collect this information will then have increased accountability and limits on what they can do with information collected.

The FTC would remain in charge of consumer privacy issues, but privacy concerns extend beyond borders and need to be handled with other countries.  Information gathered from a 2009 study by the Interactive Advertising Bureau found that Internet advertising is responsible for approximately $300 billion of economic activity a year.

In the past, the FTC has called for improvements to online privacy policies by corporations. They have lobbied to give consumers the option of a “Do Not Track” button so third-party companies don’t have access to their information.

The more that internet users realize how much of their personal information is readily available to companies and advertisers, the more they want to put a stop to third-party tracking. Hopefully, such a task force can protect our privacy, while still giving us the ability to freely search the web.

John Sileo is the award-winning author of two identity theft prevention books, Stolen Lives and Privacy Means Profit (Wiley, August 2010) and America’s top Identity Theft Speaker. His clients include the Department of Defense, FTC, FDIC and Pfizer; his recent media appearances include 60 Minutes. Contact him on 800.258.8076.

Cyber-Bullying and Social Networking Identity Theft

, ,

With the meteoric rise in cyber-bullying, parents are desperate to find a way to shield their children. Unfortunately, most parents are far behind their child’s proficiency with technology. Many don’t text, aren’t on Facebook, and are oblivious to the many ways in which kids can taunt each other with technological ease. Although children may be quick and nimble with technology, they lack the maturity to understand its consequences.

A recent article in the New York Times on Digital Bullying (read the MSN version here) addressed these very issues and gave true and heart-wrenching accounts of how parents were left helpless at the hands of their children’s online bullies. “I’m not seeing signs that parents are getting more savvy with technology,” said Russell A. Sabella, former president of the American School Counselor Association. “They’re not taking the time and effort to educate themselves, and as a result, they’ve made it another responsibility for schools.”

Kids have a great deal of anonymity on the internet if they want it, and can easily impersonate another child or steal their identity. This modified form of identity theft (character theft, I tend to call it), allows the bully to hide behind his or her computer with no real consequences for what they are saying. A scathing remark made in passing by one child can haunt another child for the rest of their lives.

In a recent case, a young boy was taunted at school by classmates that claimed he was in turn bullying them on Facebook. He quickly became socially withdrawn until his mother looked on Facebook to see that someone with his name and picture was in fact taunting other students online. Except, of course, that it wasn’t him. Some fellow classmates had stolen his Social Networking Identity and set up a false Facebook account as if they were him. The bullies then berated other kids, attracting negative attention to the victim. The victim’s mother found out that it’s not so easy to stop this cycle.

For one thing, Facebook doesn’t make it easy to reclaim one’s identity. In the previous case, the mother had to contact police, who went through a process to subpoena both Facebook and the internet service provide to uncover the bullies’ identities. Only then were they able to shut down the account, but the damage to the victims reputation had already been done.

Some parents prefer to resolve the issue privately, by contacting the bully’s family. Although psychologists do not recommend that approach with schoolyard bullying, with cyber-bullying, a parent’s proof of cruel online exchanges can change that difficult conversation. So what do you say?

Approaching another parent can be awkward. Most parents see their children’s actions as a direct reflection of their ability to raise their child. This means they can easily become defensive and almost submissive of the actions. As quoted in the Times article, experts recommend you follow a script like:

“I need to show you what your son typed to my daughter online. He may have meant it as a joke. But my daughter was really devastated. A lot of kids type things online that they would never dream of saying in person. And it can all be easily misinterpreted.”

In most situations, the reporting parents should be willing to acknowledge that their child may have played a role in the dispute. To ease tension, suggests Dr. Englander, an expert on aggression reduction, offer the cyber-bully’s parent a face-saving explanation (like that it was probably meant as a joke). If they are willing to accept what happened, they are more likely to take action.

Parents need to be mindful that their children might be victims of cyber-bullying, and they need to be just as aware that their kids might be the cyber-bullies. Here are some steps to get you started down the right track with your kids:

  • Have short, frequent coversations over dinner about what it means to be cyber bullied
  • Establish a no-tolerance stance on your child bullying anyone, in person or on line
  • Friend your child and if possible, your child’s friends to keep tabs on the dialogue taking place. Let them know that you are interested and observant by communicating with them using social networking. If you are more fond of the stick approach, post a sticky note on your monitor (like another parent in the article did) that says “Don’t Forget That Mom Sees Everything You Do Online.”
  • Be open and honest with your child. Communicate the real issues of cyber-bullying and how in some cases this leads to very negative consequences, like suicide
  • Encourage your children to talk with you if they have any concerns about their online life
  • For more answers and background on keeping yourself and your kids safe, take a look at the Facebook Safety Survival Guide below.

Facebook Safety Survival Guide
Includes the Parents’ Guide to Online Safety

This Survival Guide is an evolving document that I started writing for my young daughters and my employees, and is an attempt to give you a snapshot of some of the safety and privacy issues as they exist right now.

Social networking, texting, instant messaging, video messaging, blogging – these are all amazing tools that our kids and employees use natively, as part of their everyday lives. In fact, they probably understand social networking better than most adults and executives. But they don’t necessarily have the life experiences to recognize the risks.

I’d like to make their online vigilance and discretion just as native, so that they learn to protect the personal information they put on the web before it becomes a problem. Social networking is immensely powerful and is here for the long run, but we must learn to harness and control it.