LinkedIn is a free service that allows professional people to network with each other. Often, a LinkedIn member will receive an e-mail from another LinkedIn member “inviting” them to join their network. Sometimes, the inviter is someone the recipient doesn’t know, but the recipient will link up anyways. And that’s the problem.

A report at www.secureworks.com says that Dell SecureWorks Counter Threat Unit™ (CTU) researchers discovered 25 phony LinkedIn profiles.

With this particular phony network (called TG-2889), most of the intended victims live in the Middle East. The profiles are convincing, including some having over 500 connections.

Signs of Fraudulence

• Profile photos appear on other, unrelated sites.
• Duplicate summary profiles, some duplicated from other sites.
• “Supporter persona” profiles use same basic template and have other similarities.

Using phony profiles, the scammers aim to lure legitimate LinkedIn users into giving up personal information that the “threat actors” can then use either against them (like getting into their bank account) or scamming their associated company out of money.

Or, as evidenced by that one-fourth of the targets work in telecommunications, the scammers may be planning on stealing data from telecommunications companies.

TG-2889 is doing a pretty good job of maintaining the fake profiles, as they regularly make revisions, continues the secureworks.com report. This suggests that a new campaign is planned, perhaps one targeting the aerospace industry, since at least one fake profile mentions Northrup Grumman.

It’s also likely that some TG-2889 profiles have not been identified, and let’s also assume that LinkedIn is tainted with even more bogus profiles from other threat actors.

For Legitimate LinkedIn Users

• If you suspect a profile is fake, cyber-run for the hills.
• Link up with profiles of only people you know.
• Be leery of interacting with members you don’t know even if they appear to be part of the network of someone you do know.
• If you get a job offer through LinkedIn, don’t respond via that conduit. Instead contact directly the employer for verification.
• For employers: Have you instructed your employees in proper use of the LinkedIn system? Are you sure they are not abusing it (either intentionally or non-intentionally), which could put your company at risk?

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Okay, so you’re 18 or 19 and in college, and are stressed because you have to be 21 in order to gain entry to a night club or bar where you’d like to drink up a storm and mingle with a “more mature” crowd. Or really, you just want to meet someone.

Life sure is tough, isn’t it? You have to wait till you’re 21, but by then…you may be graduated from college (and a lot more mature, and thus, getting plastered would no longer have appeal). What a bummer, dude! The time to have fun is when you’re young and irresponsible!

Many U.S. college kids circumvent this age restriction with the fake ID. And over the years, it’s gotten easier to get the fake ID, thanks to the Internet. In fact, the Internet is replete with sellers of fake IDs to anonymous customers.

An article at businessinsider.com describes how the “subreddit” vendor site even provides threads where visitors could get information on how to use this site, which is encrypted (not surprising).

Nevertheless, college kids can still get fake IDs the old-fashioned way: by asking around. It won’t be long before they have contact information and simple instructions regarding payment and sending the supplier a photo.

Beware of the Consequences of Getting Caught with a Fake ID

• Come on, is it really worth it? Do you know any grad students who go through their days haunted with agony because they never had a fake ID as undergrads?
• Depending on what state you’re residing in if you get busted, you can get put in jail.
• Some states yield only the misdemeanor charge, while other states will get you a felony charge.
• Using an older person’s ID (e.g., Big Sis who looks like you) will not only mean trouble for you, but for Big Sis, too.
• Don’t think for a second that getting caught means a little time facing a crabby judge and then going home like nothing ever happened.
• Sending all your data to a criminal who makes fake IDs can facilitate your own identity stolen. There is no honor among thieves.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

There are numerous subspecialties within the booming cybersecurity field^[i]. Here are some of the most in-demand professions:

Cybersecurity Engineer: This is the all-around, jack-of-all-trades, go-to guy or gal of cybersecurity. For all intents and purposes, a cybersecurity engineer is a hacker – but a good one. Using their advanced knowledge of malware, viruses, theft, DDoS attacks and other digital threats, cybersecurity engineers defend organizations against crime online. Personality traits required for this role include being flexible, nimble and a do-it-yourselfer. Candidates also must have:

• A good background in penetration testing.
• Experience with additional online security measures.
• On-the-job experience, which is an absolute must for this position.

Malware Analyst: If you choose to specialize, working as a malware analyst is like being an oncologist fighting cancer. There’s research, removal or treatment, and it’s up to you to decide how to apply your training.

With millions of types of malware on PCs, Macs and even mobile devices there’s a significant shortage of experts in this highly in-demand field. Responsibilities include:

• Identifying and fighting viruses, worms and Trojan attacks.
• Educating companies about malicious software.
• Analyzing malware inside and out.
• Developing tactics to help prevent future attacks.

Application Security Administrator: Back in the days of desktop computing, the only means of compromising data were to insert a contaminated floppy disk into a PC or open an infected email attachment. We’ll call this the “anti-virus era.”

Next came the “network security era.” The need for cybersecurity evolved with the Internet as more companies developed internal and external networks.

Information security has evolved yet again. Today, we live in the “application security era.” The demand for application security administrators is nearly limitless. The job includes:

• Performing application security reviews, looking for potential weaknesses.
• Writing testing code for applications.
• Ensuring a company’s applications comply with the minimum standards for security.
• Ensuring that any applications that the company uses conform to the minimum standards for privacy.

Chief Information Security Officer (CISO): CISO is the top position managers in the field of cybersecurity work toward achieving. Prospective candidates should take a multifaceted approach to cyber education with courses in business fundamentals. Responsibilities might include:

• Monitoring the efficacy of security operations.
• Preparing a company to fight cyber attacks.
• Designing strategies to oppose imminent threats as well as threats in their early stages.
• Looking for cyber intrusions.
• Analyzing the company for possible holes in its network.
• Managing other security personnel.

Security Consultant: It’s tough to land a 9-5 job as a security consultant, but this is one of the most gratifying positions one can pursue when engaged in the diverse and rapidly changing world of cybersecurity.

Consultants come in two flavors: they have a knack for solving problems in a particular niche, or they have accumulated knowledge of multiple systems over the course of their career. Security consultants are expected to:

• Work with companies to come up with security tactics that align with the company’s particular needs.
• Possess knowledge about security standards, systems, etc.
• Have superb communication and management skills, as the security consultant will need to interface with management and know the company’s corporate policies.
• Test security measures that they’ve recommended.

When choosing a specialty keep a few things in mind. Try to choose one that can compliment another in the event you decide to make a change. Research how much training and education in time and money might be needed. Are there certifications that need to be re-qualified for and how often? Consider the dynamics of the specialty such as will you be working with individuals, teams, or by yourself. Will there be travel involved? Does it require overtime or is it a straight 40 hour a week job?

No matter what you choose, follow your heart.

I’m compensated by University of Phoenix for this blog. As always, all thoughts and opinions are my own.

^[i]  http://www.bls.gov/opub/btn/volume-2/careers-in-growing-field-of-information-technology-services.htm

It can be tough being a responsible adult sometimes, and managing these responsibilities isn’t always a chore that I want to deal with. Can you relate? Managing life takes focus and effort, and managing your online life is no different. Most of us are lazy with our online accounts, especially when it comes to our passwords. It is easy to use the same password for every account, but this also makes it very easy for hackers to access your passwords.

You Need a Password Manager

Most of us have several online accounts that require different passwords. However, trying to remember all of these passwords is difficult, so it is no wonder that people choose to only use one password for every account. How can you avoid this? You should use a password manager.

• Password managers will help a person not only create a password that is safe and secure, but all of the passwords you choose can be stored and managed by using a master password.
• A master password allows you to get access to all of your accounts by using only one password.
• When you have a password manager, you will no longer have to reset passwords, and your online accounts will be more secure than ever before.

Making Passwords Strong and Secure

There are a number of ways to make your passwords secure and strong. But don’t just take my word for it, according to Bill Carey, VP Marketing for the RoboForm Password Manager “The number one thing a user can do to protect themselves online is use a strong unique password for every website”

• Passwords should be a minimum of eight characters long.
• All passwords should also have letters, numbers and characters that do not spell another word.
• Make sure to use different passwords for different accounts. This is especially the case for banking and other websites that contain sensitive information.
• Passwords should be changed frequently to ensure safety and security.

Those who have weak passwords are more susceptible to hacks and scams. Make sure to take these tips to heart and protect your sensitive online information.

Robert Siciliano is a personal privacy, security and identity theft expert to RoboForm discussing identity theft prevention. 

Companies that cut corners by giving cybersecurity training only to their technical staff and the “big wigs” are throwing out the welcome mat to hackers. Cyber criminals know that the ripe fruit to pick is a company’s sales staff. Often, the sales personnel are clueless about the No. 1 way that hackers “get in”: the phishing e-mail. Salespeople are also vulnerable to falling for other lures generated by master hackers.

In a recent study, Intel Security urges businesses to train non-technical (including sales) employees. Sales personnel are at highest risk of making that wrong click because they have such frequent contact in cyberspace with non-employees of their company.

Next in line for the riskiest positions are call center and customer service personnel. People tend to think that the company’s executives are at greatest risk, but look no further than sales, call center and customer service departments as the employees who are most prone to social engineering.

It’s not unheard of for businesses to overlook the training of sales employees and other non-technical staff in cybersecurity. Saving costs explains this in some cases, but so does the myth that non-technical employees don’t need much cybersecurity training.

Intel Security’s report says that the most common methods of hackers is the browser attack, stealth attack, SSL attack, network abuse and evasive technologies.

In particular, the stealth attack is a beast. Intel Security has uncovered 387 new such threats per minute. IT teams have their work cut out for them, struggling to keep pace with these minute-by-minute evolving threats. This doesn’t make it any easier to train non-technical staff in cybersecurity, but it makes it all the more crucial.

Training non-technical staff, particularly those who have frequent online correspondence and have the gift of cyber gab, is the meat and potatoes of company security.

If I wanted to crack one of your passwords, I could probably make a series of educated guesses and get pretty close. Why? Because people tend to stick with simple, easy to remember passwords, but these are the passwords that are easy to hack. According to Bill Carey, VP Marketing for the RoboForm Password Manager “Users need to take personal responsibility for their passwords and not assume that companies will keep them safe.”

Hackers Have Many Ways to Get Into Your Accounts

There are many ways that a hacker can get into an online account.

• A brute force attack is one of the simplest ways to gain access to information, and is generally done when a hacker writes a special code to log into a site using specific usernames and passwords.
• A hacker usually focuses on websites that are not known for security, such as forums…and if you are like most people, the same password and username you use on your favorite gardening site is the same you use at your bank…or at least a version of it.
• The hacker instructs the code to try thousands of different username and password combinations on the target site, such as your bank.
• What makes this easier? Your computer stores cookies, which have information on your login credentials, in a neat, orderly unencrypted folder on the cache of your web browser. As soon as this is accessed, it can be used to get into online accounts.

How to Improve Your Passwords

There are a number of expert tips that will help to improve your passwords:

• Substitute numbers for letters that look similar, such as @ for O, i.e. M@delTFord.
• Throw in a random capital letter where it usually shouldn’t be, i.e. PaviLlion723.
• Have a different username and password combination for every account.
• Consider using a password manager to keep track of all of your account credentials. This way, you won’t have to worry about remembering all of the symbols and letters. These password managers also automatically fill passwords in on web pages or on devices.
• Test your password strength with an online tester, but make sure it is from a reputable source, such as Microsoft or even beter use the experts over at password manager RoboForm – http://www.roboform.com/how-secure-is-my-password.

Don’t learn a hard lesson when it comes to your passwords. Take the steps today to update your log in credentials, and have a safer tomorrow.

There are many reasons someone might right-click on your image and “Save image as…”

Porn, Sex and Dating Sites

• A woman might steal your blog headshot and use it for her dating site profile.
• A perv might take the picture of your child off your Facebook page and put it on a porn site.
• A person who runs a racy dating site might take your image and use it to advertise his service.

Scams

• Someone might use, without your knowledge, a photo of your house for a rental scam.
• Your motorcycle, jet ski, boat, puppy…you name it…could be used for scam for-classified sale ads.
• Your avatar may be used for a phony Facebook account to then be posted in the comments section of news articles pitching some get-rich-quick scheme.

Fantasy Lives

• Your image could be used by a lonely person to create a fictitious Facebook account.
• A person with a real Facebook account may be so desperate for friends that they use your photo to create a fake account to then add as a friend.
• Someone you know may steal your photo (such as an ex-lover) and create a social media account in your name, then post things on it that make you look really bad.

How can you protect your digital life?

• For your social media accounts, make sure your privacy settings are on their highest so that the whole world can’t see your life.
• Watermark your images so that they have less appeal to image thieves, but keep in mind that they’ll have less appeal to you too.
• It’s one thing when an image of your house was stolen for a rental scam, but it’s a whole new animal if an image of your naked body or you engaged in a sex act was stolen. So don’t put racy images online. Never.
• Explain to your kids about the risks of stolen images.
• Make sure their social media privacy settings are high.
• It’s possible your smartphone automatically stores pictures you take online. Turn off this feature.