Category Archives: Security

How to Check Your Child’s Credit Report

Originally published on CreditCards.com

Written by Dinah Wisenberg Brin

Parents place the utmost attention on their children’s safety, education, health and happiness, but even the most conscientious parent may overlook another matter that can affect their child’s future: the child’s credit report.

With some exceptions, most children under age 18 should not have a credit report at all. Minors, however, are not immune to identity theft and credit fraud. So you need to see if your youngster has a credit report – and you need to know what is on it.

“Ideally, and in the vast majority of instances, your child would not have a credit report,” says Rod Griffin, director of public education for credit reporting agency Experian. “It’s a good idea for a parent to check.”

Checking is especially important if you suspect your young child is the victim of identity theft. Teens also should check for credit reports in their names if they suspect someone may be using their identity and Social Security number to open fraudulent accounts.

Unless identity theft and credit fraud are caught and corrected, they can hinder a child’s ability to get loans, jobs or housing once they reach adulthood.

Protect your child’s financial future

In some cases, a child might legitimately have a credit report. For example, a teen might have one if a parent authorized him as a user on a credit card.

In most other cases, however, the existence of a credit report tied to a child is a sign of nefarious activity. Identity thieves can use a child’s Social Security number to open credit card accounts, apply for loans or government benefits or rent an apartment, the Federal Trade Commission notes.

“It’s a good idea to check whether your child has a credit report close to the child’s 16th birthday. If there is one – and it has errors due to fraud or misuse – you will have time to correct it before the child applies for a job, a loan for tuition or a car, or needs to rent an apartment,” the FTC says on its website.

Talk to your children about keeping their information safe: The Identity Theft Resource Center says you should tell your children they should try to avoid using their Social Security number, especially on the internet or when applying for financial aid or summer jobs. Parents and college-age kids should keep all sensitive information locked in a secure place, use a locked mailbox to send and receive mail, and take precautions when filling our forms for school and sports activities.

Do not delay if you see signs that credit thieves already have established a report in your child’s name.

The Identity Theft Resource Center cites several warning flags, including:

  • Calls from collection agencies, bills or credit cards sent to your home in your child’s name.
  • A child receiving preapproved credit card applications, or government notices related to taxes, benefits or even traffic violations.
  • A child having a bank account application denied because of poor credit history.
  • The mere existence of a credit report in the child’s name.

How to find a child’s credit status.

The three national credit-reporting companies – TransUnion, Equifax and Experian – do not knowingly keep data on children younger than 13, according to AnnualCreditReport.com.

That website – which is the official website where you can get free access to your credit reports – outlines steps to take if you suspect fraud involving your child’s identity. Such steps include alerting all three credit reporting agencies, filing a police report and filing a complaint with the Consumer Financial Protection Bureau. You also can file a complaint with the FTC. You can also call the Identity Theft Resource Center at 800-400-5530.

IDEALLY, AND IN THE VAST MAJORITY OF INSTANCES, YOUR CHILD WOULD NOT HAVE A CREDIT REPORT. HOWEVER, IF YOU SUSPECT FRAUD, YOU NEED TO TAKE SOME SPECIFIC STEPS.

For example, each of the bureaus provides specific directions for requesting a minor child’s credit report. Making a request is the first step in clearing the record if an inaccurate or fraudulent file exists.

For more information, review our step-by-step instructions for requesting a child’s credit report from each bureau. Otherwise, below is a summary of the rules for the three credit bureau:

TransUnion offers an online form to help determine whether your child may be an identity theft victim. If the company finds a credit file on your child, it will seek more information from you.

Equifax instructs parents to contact its Minor Child Department in writing, and to provide copies of the child’s birth certificate and Social Security card, proof that you are the child’s parent or legal guardian, and a copy of your driver’s license or other government identification. Equifax says it will notify you and remove the child’s file if it exists.
Experian requires parents to mail in or digitally submit documentation if they want to know whether the company has a credit file on their child age 13 or younger. Experian provides a form for doing so. If a child does have a credit history, Griffin says, Experian will add a security alert to the file, include a note to say the child is a potential fraud victim, and freeze the file at no cost. When the child is older, he or she can lift the freeze and have access to his or her report, Griffin says. Check the credit freeze laws in your state by clicking here.

Family members and credit fraud

In some cases, family members themselves are the ones obtaining credit fraudulently in a child’s name. Foster children are particularly vulnerable to identity theft. “They’re a target, unfortunately, in many cases,” Griffin says.

Griffin has worked with teachers who try to help students to address fraud issues. In such cases, the minors may need to file police reports and affidavits against family members. “It’s a really heart-wrenching, difficult circumstance,” he says.

Federal law requires child welfare agencies to obtain annual credit reports for foster care youths ages 16 and older, and to help them clear up their records in cases of identity theft, according to the FTC.

Data breaches at health insurers and other companies also may expose children to identity theft. Do not ignore any notices you receive indicating that you or your family may have had personal information exposed in a data breach. Instead, respond appropriately, Griffin says. “You need to be actively engaged in protecting your information and your children’s,” he says.

ALERT! – Specter and Meltdown Security Flaw – ALERT!

Regardless of what computer you own, Apple or Windows, Spectre and Meltdown security flaws affect you. Security researchers recently revealed the details of these two microprocessor security flaws. Chips made by Intel, Advanced Micro Devices (AMD) and others are in billions of devices making them sitting ducks for hackers.

Devices with these chips include phones, tablets, PCs, and computer servers. Exploiting the vulnerability opens the door for hackers to steal personal data, passwords, cryptographic keys, and other supposedly inaccessible information from device owners. While the average consumer should exercise caution the impact on business could be devastating. 

The Meltdown flaw only runs on Intel chips while the Spectre flaw can affect devices with virtually any modern processor.

Computer microprocessors handle data like a passwords or encryption keys. Normally these are kept from other apps. But both Intel and AMD pride themselves on the speed of their chips. To do this the chips use whats known as “speculative execution” to try to guess answers that may be needed if a chain of calculations came out a certain way. Since the delay in calculations can be predictable researchers found that a rogue app could guess where confidential data was located in a chip’s memory and steal it.

Regardless of your web browser, Google Chrome, Apple Safari, or any version of the Windows family, they all use Javascript code.  Hackers could introduce a data stealing Javascript program and post it on any chosen web site. Your browser app would automatically run the rogue code like it was an ordinary part of the site’s features resulting in your data becoming vulnerable or stolen. As you can see this is an extremely grave threat to business computing.

Although this vulnerability is now known there is no evidence anyone has used it…yet. And that is where the danger lies. The danger of these flaws is so great that tech companies  swung into action quickly to fix the problem. Perhaps too quickly.

According to various news sources the Microsoft patch to fix the flaw has been damaging some devices.  In some instances the computers are suffering performance problems while others have been bricked. A bricked computer is frozen and unusable. The problem has become so bad that Microsoft has halted issuing the patch for both Spectre and Meltdown for AMD equipped computers and devices.

Intel’s CEO Brian Krzanich addressed the Meltdown and Spectre issue as the keynote speaker at the Consumer Electronics Show in Las Vegas. “I want to thank the industry for coming together to address the recent security research findings reported as Meltdown and Spectre,”  said Krzanich. He called the response to the issues a “collaboration among so many companies.” Krzanich promised that “for our processors and products introduced in the past five years, Intel expects to issue updates for more than 90 percent within a week, and the remaining by the end of January.”

Browser makers have swung into action to combat the flaw. Users of Google Chrome should turn on a feature calledsite isolation.”  The feature prevents malicious Javascript from accessing sensitive data. Google will soon release an update to Chrome’s Javascript feature that will improve protection against Spectre attacks, however, browser performance may suffer.

Microsoft has already issued a Windows security update for its Internet Explorer and Edge browser apps labeled “KB4056890” to protect against Spectre. According to Microsoft the update will change the browser’s features to protect confidential information in a device’s CPU. But make sure you check if your device has an AMD chip before using this patch.

Firefox maker Mozilla said its newest apps changed several features to make Spectre attacks more difficult. Released on January 4th, Firefox version 57.0.4 includes the new protections. Mozilla said in a blog post that it is studying additional ways to strengthen security against the attacks. “In the longer term, we have started experimenting with techniques to remove the information leak closer to the source, instead of just hiding the leak by disabling timers. This project requires time to understand, implement and test.”

Apple is planning to release an update to Safari in “coming days” to protect against Spectre. Early tests of the Apple updates showed a minimal impact on browser performance. For additional information on Apple products click here.

 

 

 

 

 

 

 

World Password Day and Your Cyber Security

password dayWorld Password Day was yesterday. Ok, so we are a little late. But lets understand that a simple password that is easy to remember is also easy to break. Black people continue to be the least educated in the area of cyber security and the AACR is working to change that.

You will eventually have to kiss your money and/or identity goodbye if you are using an easy to guess passwords. Now, for the record, let me show you how easy it is to guess your password. If you use your middle name, your dog, cat or pet’s name, the model or make of your pimped out ride, your mother or father’s name, your child’s name, your husband’s name, one of their birthday’s, your address, zip code or phone number your password is probably ripe for hacking. Why? Because a good hacker can get all that information from your Facebook page, your LinkedIn account, your Instagram account and your Twitter account. Its all there! Bottom line is if your password is stupid eventually it will cost you.

Here are few tip for securing your password.

  • Complicate your passwordsLike I said; don’t use words like your pet’s name or anything that can be found on your Facebook page or Twitter account. Create random pass phrases. A pass phrase may start out like this “jimmyloveschocolateicecream”. But using numbers and special characters, you know like, $ @#%^&, etc., and it ends up looking like this “j1mmYloV3schocol@TeIcecre@m.”
  • Use a password manager We all have the aggravating problem of trying to remember multiple passwords. So to solve that problem use a password manager like LastPass and 1Password. You can find free password managers here. But to be honest password managers are not always totally secure. LastPass was acquired by LogMeIn. Unfortunately hackers stole the hints to users’ main passwords and the scrambled versions of those passwords. But a password manager is still safer than trying to  remember your passwords on your own.
  • Different accounts means different passwords Hackers love lazy people. They know that if they can steal one of your passwords its probably the same for all your accounts. So don’t get robbed because your bank account password is the same as your Twitter account. Use a password manager and mix it up.
  • Change your passwords every 90 days– Ok, maybe twice a year if you are lazy but change them. If you have had the same password for more than a year you are vulnerable.
  • Make use of two factor authentication – Two factor log in systems allows you to make double sure your password is safe. Two factor log in means that you use one password for the site and then another password is generated and sent to you usually via a text message. Consider it a double lock for your accounts.

Now lets talk about a little cyber spring cleaning.  Try to remember to treat you computer and Internet connection like you treat your home (1,2,3). Keep it clean, keep it safe and keep it secure. What does that mean?

Keep your computer clean by making sure you delete old software you no longer use, that includes games. Old software is a security vulnerability and hackers can use it against you. Make sure the software you are using is regularly updated. Most software can do their own automatic updates or remind you when they need updates.

Like the doors and windows of your home keep your computer and online accounts secure. Use secure pass phrases, change those pass phrases often and lock out strangers from your social media accounts. Remember don’t friend the friend of a friend. Hackers use that technique to get access to your Facebook page and personal information.  If you don’t know them then don’t let them into your cyber world.

Keep your system safe by using a good anti-virus program. Make sure you don’t click on links or attachments that you are uncertain of. Make sure your home network and router is secure. Have you changed the password on your router? The default password that comes with the device can be found online and hackers know this and now so do you.

 

Protecting Your New Smartphone and Yourself

canstockphoto20668245Christmas is over and you got a new smartphone from Santa. This little device can become a vital part of your life. Today’s smartphones can hold vast amounts of data including credit card data and personal information. Protecting your phone means protecting yourself.

As you get to know your new gadget you need to learn when it is misbehaving. There are definitely signs when something is wrong and you need to spot them early. For example any app you download could be a hiding place for malware. Opening an attachment or visiting the wrong website could result in downloading an app that attacks your smartphone and even take control of it.

You should be especially cautious if you have a Android device. According to Forbes.com 97 percent of mobile malware is on Android. Much of the malware comes from unregulated apps. So stick to the Google PlayStore if you are smart. 

But if you have an Apple iPhone or other smartphone better be alert because they are not immune by any means.

According to Alcatel-Lucent’s Motive Security Labs more than 16 million mobile devices were hit by malware last yearZDNet  also reported an increase of 25 percent over 2013 infection. 

So how can you tell if you new smartphone is compromised or infected with malware? Here are the clues.

  1. Strange behavior – One of the first clues that something is wrong is that the phone or apps begin to act strangely.  You phone or the apps may cease working or the phone may crash.  This could indicate that some malicious code on your device is interfering with its normal operation. Sometimes an app may appear suddenly and without you doing anything. This could come from a suspect website. Make sure you know what apps are installed on your phone so you can quickly identify the intruder. Whenever you install an app make sure you carefully examine what permissions the app wants. An app that asks for administrators privileges can be difficult or impossible to uninstall. Use caution and delete any app you do not use. Deny any app that asks you to install it if you don’t know what it is or where it came from.
  2. Mysterious  calls or messages – Get in the habit of checking your call and message history regularly. Malware infections will try to make calls or send messages to expensive international numbers. If this happens you will get the bill and its hard to argue your way out of paying.
  3. Data hogging – Malicious apps will use up your allotted data to communicate with computers operated by cyber criminals. These cyber criminals are sending orders and updates to the malware. And the malware is sending stolen information back to the cybercriminals. Make sure you watch your data usage. If something is eating your data you need to act.
  4. Strange messages – Many cyber criminals use text messages to control malware. These messages can be interpreted by the malware to carry out tasks on your device. Sometimes the malware  is programmed to manipulate message logs to delete the message before you get suspicious. But some crooks don’t bother to program in this function resulting in strange messages appearing in your history. If your friend’s phone is infected you may see a strange message from them and vice versa. Be alert to strange text messages that don’t make sense or are completely unintelligible. Be alert if you get a strange message from a contact. This could mean they have become infected and it could spread to your phone. Be a friend and let them know.
  5. Watch your billExcessive text messages or data usage could cost you money. Examine your bill closely to detect suspicious charges quickly.

Be aware that a lot of malware can get into official app stores.  This malware can, and does, steal credit card data.  African-Americans do a lot banking and other financially related activities through our phones. If you regularly make payments or shop using your smartphone you should monitor your credit card bill and bank accounts for suspicious charges.

Prevention is key.

To enjoy and make the best and safest use of your new smartphone act to prevent an infection rather than trying to recover from a malware infection.

  • Keep your device’s operating system and apps updated.
  • Back up all important data on the device.
  • Use an anti malware and keep it up to date.
  • Buy or download your apps only from official stores. The possibility of downloading malware is lower but not impossible.
  • Use a screen lock. Make sure your code is at least six numbers. A pattern may be easy to guess and less secure than a PIN, and that a password is your best option.
  • Encrypt the content on your device.
  • Avoid rooting or jail breaking your smartphone.

How Safe is that ATM?

Remember the good ol’ days when ATM security meant making sure you didn’t get mugged. Well those days aren’t exactly gone. You still have to be careful. But the crooks are now using card skimmers, fake keypads and other devices to rob you. So how safe is that ATM?

Card skimmer courtesy of BBB.org

Card skimmer courtesy of BBB.org

ATM security nowadays means understanding how criminals are using technology to rob you. Its time to learn their methods and technology.

 

 

 

 

Remember that ATM machines do not have to belong to a bank or any financial institution. The can be privately owned by a person or business. There is even an organization of private ATM owners known as the National ATM Council. And you can find websites that show you how to set up your own network. Would you like to buy your own ATM? It’s that simple.

viral4real.com

Fake ATM key pad Courtesy viral4real.com


So how do you spot a fake or suspicious ATM?

  • Avoid standalone ATMs in suspicious locations. Be alert to brand names you are not familiar with.
  • A legitimate ATM machine is very secure. Since they contain cash they will be bolted and secured to a wall or floor. Free standing ATM machines that can be easily moved are to be avoided.
  • Clever criminals will sometimes place their crooked ATM next to a legitimate ATM then place an out of order sign on the legitimate one. That could indicate that the one with the sign may actually be the working ATM.  The out-of-order sign could trick you into using the criminal’s machine. Be aware!
  • Check the card slot and key pad. Is either loose or out of place?  That ATM may have been tampered with.  Check the card reader slot and key pad by trying to remove it. Yank or pull on it. It may come off in your hand. If so you have found a skimmer.  Legitimate ATM machines don’t have loose or removable parts.
  • Look for a micro camera or any other out of place device used to record your PIN.
  • Look for ATM machines with open or loose side panels or broken locks especially at drive through ATMs. Don’t use it and report a suspicious ATM to the bank immediately.
  • Check your balances daily and make sure there are no suspicious charges related to ATM use. Report any strange activity immediately.
  • Report suspicious activity around an ATM machine to the police.

Now you know

See and Block Who’s Tracking You Online

canstockphoto19683471Privacy on the Internet is a rare commodity. Currently 85 percent or more of black people are online. Most black people own a smartphone or other mobile device. And most black people have no idea how easy it is to track exactly who you are, where you are, who you call, text or email and pretty much everything else you do online. You are being watched like a prisoner.

Trying to stop this constant tracking is a tough task and the law is no help. Congress and industry have little or no incentive to stop this incessant invasion of privacy. Part of the problem is that consumers have yet to get really angry about this activity.

There are people fighting for your privacy online but its an uphill battle to say the least. The Electronic Frontier Foundation (EFF) and Disconnect, Internet privacy right groups and a group of web companies have lauched a new “Do Not Track” (DNT) standard meant to encourage website owners and advertisers to respect your online privacy. Unfortunately this is a voluntary standard and companies are free to agree, or not to agree, to adhere to the new standard.

Big players like Yahoo! and Microsoft have not come out in favor of the new standard. Microsoft announced in April that it was no longer enabling ‘Do Not Track’ as the default state in Windows Express settings.

A year ago Yahoo! said that ‘Do Not Track’ settings would no longer be enabled on its site saying; “we have yet to see a single standard emerge that is effective, easy to use and has been adopted by the broader tech industry.” But Yahoo! has agreed to honor the ‘Do Not Track’ setting on the Firefox browser as part of a search deal. So both companies are openly admitting they are tracking you.

Companies that have agreed to honor the new ‘DNT’ standard include publishing site Medium, analytics service Mixpanel, ad and tracker-blocking extension AdBlock, and privacy search engine DuckDuckGo.

Millions of black people are using social media. And the God of social media is Facebook. But did you know that Facebook is probably the biggest data collector in the history of civilization? Because people are giving it to them.

But who is using Facebook to track your Internet activity? How do you block them?

First of all keep in mind that advertisers may not not know your name and other personal information about you. But that is just a maybe. We don’t know what they know and they ain’t telling. Legally, they don’t have to.

But here are the steps to see and block advertisers that are tracking your Facebook profile from Businessinsider.com.

First go to the settings button on your Facebook page.

Facebook settingsFacebook

Scroll down and click “Settings.”

Facebook settingsFacebook

Inside the settings menu, click on Apps.

Facebook settingsFacebook

This looks like a list of apps that are signed into your account. But pay close attention to the “show all” option at the bottom of the list …

Facebook settingsFacebook

Voila! The list of apps tracking me is so long I have to make this super zoomed-out view to see them all:

Facebook settings

Facebook

On each app, there is an Edit function and a delete “x” mark. Let’s look at what QuizUp, the hot new trivia mobile game app, knows about me.

Facebook settingsSettings

QuizUp knows my email, birthday, and current location. Because it’s a mobile app on my phone, it also knows my phone number. But that’s not all …

Facebook settingsFacebook

Click this little “?” symbol on “basic info” and it turns out that QuizUp is getting a bunch more info about me, too, including a list of all my friends and my profile picture!

Facebook settings

(Source: Businessinsider.com)

You can control this information by clicking on the “x” symbol to delete the app’s access to your Facebook account. That might mean the app won’t work, however.

Review each app to either edit its permissions or delete its access to you on Facebook entirely. It’s a bit time-consuming — but otherwise you’re just giving these people free data.

Another thing black people need to be aware of is that companies are using your email to spy on you. Much of the email you recieve from an advertiser or even a company you do business with is loaded with spying technology.

To see who is tracking your email, or in this case Gmail, you can use a browser extension tool named UglyEmail to see what companies are tracking your Gmail email.

UglyEmail shows you if your email is being tracked. And email being tracked in Gmail will have a tiny eye attached to it. Your inbox will look something like this.

UglyEmail

One of the ways that your email is tracked is a technology known as pixel tracking. Pixel tracking is when a tiny image, about 1 pixel in size, is inserted in an email. The image is invisible to the email recipient but it has a code that tells the server to call the sender when the email is opened.

To block that you can use a browser extension known as PixelBlock. PixelBlock will block that pixel code from transmitting back to the sender. Email with a pixel tracking code have a red eye on them. PixelBlock will also tell you who sent the pixel and how many times they have attempted to track you.

We did mention that Facebook is the greatest collector of data in history didn’t we? Well did you know that Facebook follows you around the Internet even when you are not on the website? How do they do this?

Facebook employs over 200 different trackers that follow your online activity. These trackers come in the shape of cookies, Javascript, 1-pixel beacons, and Iframes. Tracking technologies are used to see what websites you visit, how often you visit them and other interactions with websites.

Not all cookies are used for tracking.  Many Facebook ‘Like’ buttons are used to collect and store information to be used later. Your browser communicates with a server to construct the website you wish to view. This called a request.

But keep in mind that the website you are viewing isn’t the only server your browser is talking to. Trackers from other data collectors, Facebook included, are on the site as well. You have no idea they are tracking you without privacy software. You don’t know they are there and you probably don’t wish to share your personal information with them.

To protect yorself and your information you need to use the do not track function on your browser. It may help but probably won’t competely stop the tracking. You can find a list of the five most secure browsers here.

Choose your privacy setting in the following browsers

Google Chrome

Microsoft Internet Explorer

Apple Safari

We used Facebook as an example of companies that track you online because they are the biggest offender. But undertand this, almost every website has some method of monitoring who visits it. The sometimes sell the information or just hold onto it to better serve you. Just remember AACR Internet rule #8 “There is no privacy on the Internet.”

Now you know.

 

 

 

 

Simda Botnet Taken Down

canstockphoto23093500You may think you are in control of your computer but are you? Have you ever heard the termin the background?” That is computer terminology meaning your computer is performing a task while you the operator are doing something else.

Most programs that run in the background are harmless and helpful. But your computer may be part of a botnet. A computer that is part of a botnet is known as a zombie.  Now the question for black people remains; what is your computer doing behind your back?

On April 9th, 2015 a joint effort of international law enforcement bodies and private security and technology companies came together to shut down one the largest botnets in history. The Simda botnet is believed to have infected more than 770,000 computers in more than 190 countries around the world including the US, Canada, Russia and United Kingdom.

Last week’s botnet takedown is just the latest international operation to shut down a botnet. Another separate takedown targeted Beebone, an extremely elusive botnet that provided a captive audience of PCs  that were infected with a backdoor. A backdoor is a method that a hacker uses to gain remote unauthorized access to a computer often remaining undetected. This backdoor provides access to criminals who were looking for an easy way to quickly install malware on large numbers of computers and impact huge numbers of people around the world.

The AACR keeps things simple. A botnet is a network of computers that are communicating with one another or a master computer and working together to perform a task. These computers are usually working together to launch denial of service attacks against a target computer or network.  This means that hundreds or thousands of computers that have become enslaved in a botnet are instructed to contact a particular website repeatedly causing the website, computer or network to become overwhelmed and stop working. It happens almost everyday and your computer could be part of the attack and you would never know.

Botnets are also designed to steal personal information including passwords, social security numbers, credit card details, email contacts, addresses and telephone numbers. This data may be used in crimes including identity theft, fraud, spamming, and malware distribution. Now suddenly the question becomes relevant to any black person who owns a computer; What is your computer doing behind your back?

The Simda botnet was known for distributing banking malware, installing backdoors on hundreds of thousands of machines across the world. One of them may have been yours.

To determine if your computer was part of the Simda botnet visit the Kaspersky Labs Simda Botnet Free Scanner.

Breaking It Down

The number of computers affected was put at over 770,000 machines. That number will surely get bigger as law enforcement continues their investigation. By some estimates the number could be as high as 2 million computers. And that is just this botnet. There could be thousands or hundreds of thousands of botnets big and small all over the Internet. You have to know if you are in control of your machine. Practice computer safety and security and use the tools like the Kaspersky scanner to make sure your machine is yours alone. 

Don’t play around with this. Your computer could literally be committing crimes whenever you turn it on. Hackers are clever and have done really sinister things like using other people’s computers to store information in hidden files. And the owner of the computer has no idea. It is very possible that you could be a victim of a hacker and not know it. Be suspicious and ask yourself; what is my computer doing behind my back?

 

 

 

 

How Not to Get Hacked in Six Easy Steps

canstockphoto22219067Getting hacked is so easy that it is almost comical. Black people need to be aware that most hackers take advantage of human kindness, weakness, curiosity and even stupidity to get inside computer networks. Hacking is simple when the victim is willing to give the hacker a helping hand. Understand how easy it is not to get hacked and you’ll feel a lot better and safer online.

Step 1) Don’t take the bait! Phishing is the first simple step to getting hacked. A Verizon Data Breach Investigation Report revealed 23 percent of phishing recipients open malicious messages and 11 percent open attachments. The report showed that it only takes 82 seconds from when a phishing campaign is launched to when people start biting on the phony lures.  One of the the cardinal rules of email security is to not click on any link or download attachment that you are not absolutely certain of what it is and where it came from. If you receive an unexpected email with a link or attachment then call the person who sent it to you if you know who it is. Ask them what they sent you. Avoid any cute pictures, prayers, or jokes. That is how malware gets in your computer along with getting your email on spam lists. If you don’t know who sent it then delete instantly.

Step 2) Don’t fall for the phoney phone call! Much the same as phishing, the simplest way for attackers to gain access to users machines is to just ask for it. The age-old method of social engineering is still reliable.  This is when a hacker talks their victims out of information sometimes without the person even knowing it. On the phone they pretend to be an executive or someone in authority. Sometimes they smooth talk their victim into giving up information using compliments and encouragement. Or they may bully their victim and frighten them into doing or saying something they shouldn’t.

One of the most popular and effective scams is the IT support scam. A caller contacts the victim posing as IT help and asks for the user’s login and password. Sometime they will tell you things like your computer has a virus and it is spreading to your friends and family. Sometimes they may pretend to be a fellow employee or business partner and ask the employee to open a specific document that is actually something like a remote access Trojan or other malware.

Something to think about is that anti-virus software makers do not make outgoing calls to alert an individual that their computer is spreading viruses. Never, ever, share your user name and password with someone on the phone you do not know. Finally, if they claim to be working in the same company with you make damn sure they are who they say they are. Do not open any attachment or click on any link unless you know for sure that it is your company’s IT department you are dealing with. Most companies suffer hacking attacks as a result of employee actions. And most companies will not hesitate to fire you if you violate computer security rules.

Step 3) Stay up to date! Users are often hacked because their systems are not up-to-date and patched for common attacks. Hackers know what software is vulnerable. They look for computers that are using old outdated software to attack. The simplest way to protect yourself is to make sure your software is up to date. Learn to set your computer to perform automatic updates of all software. And stay up to date on the latest scams. According to Verizon hackers are still finding vulnerabilities in computers that are as much as eight years old.

Step 4) Get a strong a password!  Is your password just stupid? An easy to guess user name and password is simply begging to be hacked. Your user name and password is the key to your computer and all the information contained therein. In addition easy to guess user names and passwords also allow access to your bank and other sensitive online activity.  A good strong password is vital. You may even want to switch to two factor authentication if you conduct sensitive business online.

Step 5) Use caution on free WiFi! Researchers with Cylance recently provided solid evidence why you should consider taking an extra security step when utilizing public WiFi connections.The company strongly suggests using VPN on public WiFi networks.  Cylance discovered 277 hotels, convention centers and data centers in 29 countries used routers  with known vulnerabilities to offer WiFi to guests. Public and free hotspots are wide open for starting man-in-the-middle attacks and other means of establishing footholds in unsuspecting users’ machines. Hackers love to hang out in Starbucks, Panera Bread, public libraries and other places that offers free Internet access. They are waiting and watching you log into your bank account.

Step 6) Don’t put your business in the street!  You talk to much! Social media such as Facebook is another favorite hacker hunting ground.  Hackers do their homework.  The information you share on social media sites is exactly what makes a hacker’s jobs easy.   Sharing the name of your pet, your birthday, place of work and special relationship makes it easier for an attacker to guess passwords or the answer to password reset challenge questions.  For example the question “What city were you born in?” is an easy one to answer just by looking at your Facebook page.

This information can be used against you in order to create an extremely effective spear phishing message. Learn to stop sharing so much information on social media. The more you give away the more that can be taken away.

Now you know

 

Home Internet Security; Have You Been Hacked?

ID-100310547Far too many African-Americans ignore their Internet security. When we do this we are gambling with our lives. Our financial life, our professional life, our identity, our children’s identity or the identity of our husbands or wives, are all endangered if we ignore basic cyber security.  Let’s look at it this way; do you drive without a seat belt? Then why would you use the Internet without being safety and security conscious?

One of the first things you should be aware of when using the Internet is if you are browsing safely and if your browser is secure. Regardless of the browser you use, be it Internet Explorer, Google Chrome, FireFox or Opera, you have to ask, is it secure.

The reality is that it’s hard to know which browser is the safest or most secure. Why? Because there is no set standard for browser security. That makes you responsible for setting up your browser and home network to be as secure as possible. But there is a little good news. Experts at Skybox Security have looked at all the browsers mentioned above and evaluated them based on exposed vulnerabilities, most published and patched vulnerabilities, and the shortest time between security patches.

Surprise! The winner is the browser you are probably not using; Opera.  Opera is pretty much an unknown browser.  It’s market share is around one percent so there’s probably not a lot of interest in finding Opera’s vulnerabilities.  Keep in mind hackers are looking for the greatest numbers to have the greatest impact when they attack. But Opera did have the least number of vulnerabilities.

Even if Opera has the fewest vulnerabilities we have to look at how often the other browsers find and fix their own vulnerabilities. In this category Chrome wins. Chrome finds flaws and issues updates every fifteen days compared to Opera’s every 48 days. Internet Explorer and Firefox update about once a month. But again there more to it than that. Keep in mind that all these browsers are vulnerable to what is known as Zero Day Exploits. That is a flaw that the hackers finds and attack with no warning to the browser makers. It happens all the time. As for Firefox; just last year Extremetech.com named it the least secure browser.

So finally let me answer your question. Which is the safest and most secure browser? My answer would have to be Chrome. AACR does not make product endorsement. But, when looking at the overall measures we have decided that having defenses that update regularly and frequently is the best way to go. We hope that answers your question. Read more about the Best Browsers of 2015 here.

Lets take the next step in your home Internet security. Is your home router secure? Or has it been hijacked? My guess is you really don’t know. I have always said, make damn sure you have solid password protections on all your devices including your home router. Ask yourself  “Is my password stupid?” If your home router is compromised then your life is compromised. Every Internet device in your house uses the router. Think about this, your cellphones connect to your router, all your computers, laptops, tablets, game consoles, television, telephone, printers, home security system, your thermostat and any other smart appliances you have in your home all go through your router. Think long and hard about that.

So how do you now if your router is hijacked? A company named F-Secure just launched their Router Checker tool. It’s a quick, simple and free way to determine whether or not your DNS is working the way it should. OK; so you’re asking what the heck is DNS. DNS stands for Domain Name Servers. This is the the Internet address book.  If your DNS is corrupted or poisoned then you could end up on some pretty dangerous websites and not even know it.

The best thing about the Router Checker Tool is that there’s no app to download and install. It’s a website that you visit with any modern, standards-compliant browser. Any of the browsers we have talked about, Internet Explorer, Firefox, Chrome, Safari, and Opera, will work. I would suggest you check your browser immediately and then bookmark the site and do the test regularly. You can also use the tool when you’re connecting to less trustworthy access points like the airport, a coffee shop, library, or anyplace offering free WiFi. Before you do anything in these places you should fire up F-Secure’s tool and find out what it thinks about your connection.

Now let me ask you another question. Have you been pwned? First a quick definition of the word is clearly needed. Pwned comes from video-game culture. It refers to someone who’s been beaten. Pwned accounts are email addresses and user accounts that have been compromised. A hacker may have illegally obtained the data from a vulnerable system. Perhaps a breached home router? Pay attention people!

Now if your pwned account is made public it becomes a pasted account. That means it has been pasted to public sites that share information while remaining anonymous. Such a site is Pastebin.com

Now there is a site you can use to discover if you have pwned or pasted. Have I Been Pwned?  is a website built by Troy Hunt author of web security courses for PluralsightIt’s simple and free to use. You just enter your email address or account name in a text search box and the site lets you know if it’s been pwned or pasted. Do it!

Paying attention to your digital life is as important as paying attention when you drive. The slightest lapse in focus could get you killed. You know that. It’s the very same with using the Internet. I suggest to black people that you pay attention to what can happen if you lose focus. The Internet may not kill you but if something goes wrong online you may want to kill yourself.

 

 

 

 

Improve Your iPhone Security

Stolen cell phones are a big problem. Every year millions of cell and smartphones are stolen and most are never recovered. According to Business Insider 44% of smartphones were stolen simply because owners forgot them in public places like Starbucks. Fourteen percent were stolen from a car or house that was burglarized. Only 11% of victims had a smartphone stolen off their person. And the most common place a smartphone is stolen?  Restaurants 16% and nightclubs 11%. Only 5% are stolen as a result of street crime such as having it snatched from your hand while using public transportation.

Public theft of smartphones, especially iPhones has become a huge problem in places Like New York where 18% of all grand larcenies last year involved Apple products. As a result Democratic Rep. José E. Serrano has introduced a bill that would require all phones sold in the United States to feature a “kill switch” technology.  That technology allows consumers to wipe their data and shut down a phone completely when it’s reported stolen making it useless and of no re-sale value.

The state of Minnesota and California have already passed a law requiring all smart phones be equipped with a kill switch in case of theft. The law applies to smartphones made on or after July 1, 2015 and sold in California after that date.

According to Consumer Reports, more than 3 million smartphones were stolen in 2013 and the biggest cities had the most thefts.  Theft of smartphones rose by 26% in Los Angeles since 2011. Smartphone theft was up by 23% in San Francisco in 2013.

iPhones are extremely popular and the new iPhone 6 and 6 Plus are in heavy demand. If you own any iPhone you need to make sure its secure against theft. Even if you lose it you need to know the data is safe until you can locate it using an app such as Find My iPhone. So lets look at ways to secure your iPhone in case, just in case, something happens.

1) Get a real pass code. First things first; change that four digit access code on your phone to something more secure like a pass phrase. And not one anyone can guess. Mix those numbers, letters and characters up. Now another super security option that’s available to you is the “erase data” feature. This option will wipe everything from the iPhone’s memory after 10 failed pass code attempts. But remember this is permanent. Once the data is gone its gone…forever!  So if you forget your password often you might not want to use this option.

Here’s how you do it. Go to “Settings” –> “Passcode” (or “Touch ID and passcode”) –> “Require passcode: immediately”; “Simple passcode: off”.

Settings1

2) Don’t let your lock screen dime you out. It really doesn’t matter if you have a powerful pass code if someone looking over your shoulder can see it.  Yeah, its nice and quick to glance at your screen to see what text messages, emails and other information that hits your phone. But these messages can also contain sensitive data like confirmation codes, private appointments, financial data or some other intimate communication. So keep that lock screen from broadcasting your business.

How? Go to “Settings” –> “Passcode” (or “Touch ID and passcode”) –> “Allow access when locked” section.

3) Use two step verification for iPhone and iCloud. Quick question; do you have pictures that you only want that special someone to see? Well as you know some celebrities have had those images compromised. Don’t let that happen to you. I strongly recommend you add this layer of security for your Apple ID and iCloud. You can set up two-step verification on one or more of your devices. Two step verification means you will receive a 4-digit verification code using either SMS or the Find My iPhone service. Using the second verification means any time you sign in to manage your Apple ID, iCloud, iTunes, iBooks, or App Store purchase from any device you’ll need to verify your identity by entering both your password and a 4-digit verification code.

How? Go to https://appleid.apple.com –> “Manage your Apple ID” –> “Password and Security” –> “Two-Step Verification”.

4) Siri talks too much. Even if your phone is locked she can talk and who knows what she might say and to whom.  You don’t have to shut her up completely. But securing your phone means preventing Siri from speaking from behind a locked screen. Siri will talk with anybody so you have to teach her not to talk to strangers.

How? Go to “Settings” –> “Passcode” (or “Touch ID and passcode”) –> “Allow access when locked” section –> “Siri: off” and “Settings” –> “General” –> “Siri” –> “Allow “Hey Siri”: off”.

5) Don’t automatically sync to the iCloud.  Keep in mind that Internet rule # 6 says nothing is ever deleted. And as some celebrities discovered this is very true. Those nude images, though deleted from their phone were floating blissfully in the cloud waiting to be stolen. Not just the pictures but all the data on your phone, contacts, messages, notes, documents, pretty much anything stored on your phone. Automatic back up to the cloud is set on default in iPhones and happens the minute you plug in the charger. So the smart thing to do is to not automatically sync if you have one or more Apple devices and don’t really need to sync them daily.

How? Go to “Settings” –> “iCloud”.

Settings2

You can turn off auto sync to the iCloud.

6) Stop automatically connecting to known WiFi networks. iPhones are set to connect automatically to known WiFi hotspots without your permission. While this may seem like a really cool feature because you don’t have to do anything to switch from mobile Internet to local WiFi. But wait! Cyber criminals set up their own fake wireless hotspots in coffee shops, restaurants and hotels all the time.  You might not even know your iPhone is connected to the malicious WiFi network. The cyber criminal can steal all of your data while you sip coffee and read the paper. So you need to be aware of this or turn off this option.

How? Go to “Settings” –> “Wi-Fi” –> “Ask to join networks: on”.

7) Start using VPN.  Virtual Private Networks is almost a requirement if you want extra security on your iPhone in different wireless networks, including unknown ones. Some VPN services are free but not all. But the few extra dollars spent here is fairly cheap for keeping your data protected.

How? Go to “Settings” –> “General” –> “VPN” –> “Add VPN Configuration…”. All the information you need from here will be provided by your VPN provider.

8) No more cookies. Cookies are small files that are deposited on your phone or device by all websites. These treats may record information about you, your computer,  your smartphone, and your preferences. They allow websites to keep you logged in or display targeted ads. Unfortunately they may be very helpful to cyber criminals since they can hold credentials and other sensitive data. Cookies can be very helpful  but turning off cookies might become a bother. But think of how much more secure your data will be. 

How?  For Safari: Go to “Settings” –> “Safari” –> “Privacy & Security” section –> “Do Not Track: on”, “Block Cookies: Always Block”; For third party browsers: see similar browser settings.

Settings3

9) AutoFill, another snitch.  If somebody steals your iPhone they may be able to log in as you on a number of sites. How? Because the AutoFill option will fill in the missing user name and password. Told you AutoFill was another snitch.  Switch it off! Yeah; its inconvenient but well worth the hassle.

How?  For Safari: Go to “Settings” –> “Safari” –> “General” section –> “Passwords & AutoFill”; For third party browsers: see similar browser settings.

10)  Apps; yet another snitch. If you really want ot be shocked take a minute to read the permissions on some of the apps you download.  These apps are collecting a mountain of data. Some game apps collect information such as your location, your contacts, your pictures, your phone service provider, etc? Why? What does this app need with all your data? Remember this is a game app?   You probably have Facebook or a Google app as well. These are some of the biggest information collectors. I am convinced that a lot of apps are designed to keep you busy while they spy on you. This tip may be extreme, but if you have followed all the other recommendations offered why not go ahead with this last one. Apple’s iOS 8 offers a significant number of features and data types that just about any app can access. You need to block this. Stop these app providers from knowing everything you do and everywhere you go.

How? Go to “Settings” –> “Privacy”. Turn off all location services. Keep them off until you want ot use an app that needs the service. Go through Privacy settings one by one and turn off everything you don’t need or apps that are using this feature that you want to stop. It takes some time but it will keep some of your data secure.

This article is more about protecting you and your personal information than what you paid for that smartphone. Any device can be replaced. Try to replace your credit or money in your bank account. Or try to explain to your credit card company why you should not have to pay for those charges on your credit card. Or worse try to convince your bank you are really you after your identity is stolen. You have enough information on your iPhone that, if lost, any of these things can happen to you. Don’t let it.

Now you know