Posts

Don't Get Cyber-Scrooged on Cyber Monday!

Why fight parking-lot-road-rage, UFC-sanctioned-psycho-shoppers and 12 a.m.-midnight-start-times on Black Friday when you can shop from the comfort of your laptop or iPad while sipping eggnog on the couch (or more likely, from your office desk)? I’m talking about Cyber Monday, of course – the day that online merchants heavily discount their products and generally give free shipping as well. By shopping online, you get most of the same deals and discounts (some of them better) without the breakneck competition common in stores the day after Thanksgiving.

Online shopping during the holidays is a convenient, green, inexpensive way to celebrate the season with less stress. In fact, it’s such an efficient way to buy gifts that cyber shoppers will spend close to $2 Billion this coming Monday. If you are one of them, take a few steps to add peace-of-mind to your peaceful holidays.

How to Protect Your Private Data Online on Cyber Monday

  • Never Shop on a Public Wi-Fi Connection – Although you may trust the baristas at your local coffee shop, you can’t always trust the person sitting next to you. Hackers can easily tap into Wi-Fi connections at public hot spots to steal your identity information. This can be especially dangerous when you are making purchases with your credit card on unsecured connections. Options: surf at home or set up Internet Tethering between your smartphone and laptop or tablet so that you are always surfing on an encrypted connection. Unlike most hot-spot transmissions, your mobile phone communications are encrypted and will give you Internet access from anywhere you can make a call.
  • Never use a debit card online – If your card information is compromised, funds can be withdrawn from your bank account without your knowledge. Federal law states that your bank can take up to 2 weeks to investigate fraudulent activity before returning the funds to your account, which means you have nothing to spend in the meantime.  In fact, if you don’t report the missing funds quickly, you could potentially lose all the money on deposit with your bank.
  • Monitor Your Accounts – While you are doing a lot of shopping – online and in the store – it is good to keep an eye on your bank and credit card accounts. Match your receipts up to your statement to make sure that they are correct and there are no fraudulent charges. Keep an eye out for small charges, sometimes that is how crooks test to make sure they have a good card. For convenience, set up credit card account alerts that automatically email or text you every time you make a purchase. It makes detecting fraud a snap.
  • Consider using a virtual or single-use credit card – Some card issuers offer virtual credit cards or single-use card numbers that can be used online. Virtual credit cards use a randomly generated substitute account number in place of your actual credit card number.
  • Never “recycle” a password – Most online shopping sites encourage you to establish a user name and password. Password-protected sites are becoming more vulnerable because people regularly use the same user names and passwords on multiple websites. But do you really want an online retailer to know the password to your online bank account?  If you are using the same password across many sites and your password for one site is breached, everything else is at risk. If you do decide to create a user name and password, make sure it is adequately strong. To assist the creation and safe storage of different passwords, use a password protection software like 1Password.
  • Protect your passwords and personal data – Do not share your passwords with anyone and never provide your social security number, birth date or mother’s maiden name in an email.
  • Only Shop on Trusted Websites – Don’t just let the search engine pick the site for you, make sure you are using a trusted and well-known website. Type in the direct web address for the stores you are familiar with, and don’t shop on price alone.
  • Look for Signs They are Protecting Your Data – On the Web page where you enter your credit card or other personal information, look for an “s” after http in the Web address of that page and a secured padlock (as shown below). Encryption is a security measure that scrambles data as it travels through the Internet. 
  • Make sure all of your security software is up-to-date before you shop online – That includes anti-virus software, anti-spyware and firewalls.

Take a break on Black Friday. Who knows, maybe you’ll start to think of it as White Friday.

Comprehensive Opt Out List for Marketing Databases

Major data breaches like the recent Epsilon Breach occur frequently, even if you don’t hear about all of them. With all the publicity surrounding this particular breach, people have been asking how to remove themselves from some of those marketing lists that are frequently compromised.

Opting our of marketing databases is one way to lower your risk of becoming a data breach victim.

So, how do I get out of marketing data bases?

Most databases allow you to opt out of having them share and sell your information, you just need to find out how.  Many sites make it tricky to get this done, but most sites that are selling or harvesting your information allow you to do so one way or another.

The Privacy Rights Clearing House lists 135 marketing data brokers who are selling your private information, and tells you whether or not they have opt-out policies. If they do, you have to go to the brokers’ websites and suppress your name yourself. Most of the sites have hard-to-find opt out pages, but you can generally track them down by visiting the Privacy Policy which frequently appears as a link in small print at the bottom of the home page.

Even if you opt out, unfortunately, most of these sites still retain your information in their databases, meaning that you are still at risk of a breach. But until we have stronger consumer rights governing our private and personal information, opting out is the best you can do.

 

Tired of Being Tracked by Websites? Do Not Track is Here.

In response to the growing demands for more privacy on the internet, Mozilla implements a Do Not Track option in Firefox 4.

The most recent version of Mozilla Firefox, which was rolled out this February, offers users the option to opt-out of website tracking. Once enabled, the user’s preference to not be tracked is automatically sent to the website. That doesn’t mean that the website has to do anything about it, but there will probably be a bit of a stink about those sites that don’t respect user’s privacy preferences (it would be the equivalent of someone making a sales call to you after you join the Do Not Call list). Unfortunately, most users will never know which websites are participating in the opt-out Do Not Track function.

Learn more about Firefox’s Do Not Track Technology and about the Big Brother issues posed by companies tracking your every move on the internet.

In my opinion, beginning to solve the surfer privacy issues at the browser level is the right direction to take. It is the most universal gate through which all surfers pass – no one visits a website without touching a browser. If consumers get behind the technology now and let the companies they do business with know that they expect them to honor Firefox’s Do Not Track technology, there will be no option but to acquiesce.

Mozilla Firefox version 4.0 is still in beta while they make sure they get any glitches fixed. So don’t install it unless you are comfortable with using beta (often glitchy) software. It has been out for many weeks now, and most of the glitches are probably resolved at this point.

To add the Do Not Track functionality, download and install the latest version of Firefox 4, and then go to Firefox -> Options  -> Advanced. Check the “Do Not Track” box and save your settings.

When this option is selected, a header will be sent signaling to websites that you wish to opt-out of online behavioral tracking.  You will not notice any difference in your browsing experience until sites and advertisers start responding to the header. I recommend that users go in and try this out. This is the best way to give them feedback so they can make our browsing experience as safe as possible.

John Sileo’s motivational keynote speeches train organizations to play aggressive information offense before the attack, whether that is identity theft, data breach, cyber crime, social networking exposure or human fraud. Learn more at www.ThinkLikeASpy.com or call him directly on 800.258.8076.

Spokeo Shows Your Home with Only a Name?

True. Unless you have chosen to Opt Out (see below), a picture of your home is only one search away on Spokeo.com, even if I don’t have your address.

Check it out for yourself at www.spokeo.com. On most profiles, if Spokeo has your current address, they also have a picture of your home. It is the same as Google Street View, almost. The difference is that on Google Street View or Google Maps, you can’t easily look up someone’s address based on their name and find the corresponding picture of their home.

In other words, Spokeo aggregates your personal data in a more sophisticated way, ultimately giving users the ability to search on your name and peel back layers of your personal information. This has caused a recent web buzz on the subject and is pushing people to go on their site to remove information you don’t want to share with the world. A few months ago I posted a video about removing your information from Spokeo. Here are the steps.

  1. Visit www.Spokeo.com.
  2. Type in your name and click on the record that belongs to you (if it exists).
  3. Copy the URL in your web browser that points specifically to your record (you should see your name in the URL, something like this: http://www.spokeo.com/search?q=Smith%20Sample#Sample:1219812367)
  4. Go to the bottom right corner of Spokeo’s page and click on the link called Privacy (it’s in small, faded text). Alternatively, visit www.Spokeo.com/privacy.
  5. On this page, paste in the link you copied from your personal page and enter your email address (for verification purposes, supposedly) and the security code listed. This is a case where I would use a second email account (your designated junk-email account), not your main email to avoid the build up of possible spam emails that follow. It will then send you an email confirmation where you must click the URL to confirm removal.
  6. Voila! You’re information will, for the time being, no longer be included in their look up services.

Of course, this does not get rid of the original sources of data (they buy the information from your local White Pages, Government listings, probably from Google Street View), but it does make it considerably harder to aggregate all of this data in one place. Just as a word of caution – I opted out of their data base about 3 months ago when we posted the above video and now I’m back in the database. So, I am opting out again and monitoring very closely if they add me back in, at which point I will take the story to a major news organization and we will hold them accountable.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him regarding speaking opportunities directly on 800.258.8076.