You need not be a celebrity or some big wig to suffer the devastating fallout of your online images (and videos) being stolen or used without your permission.

So how does someone steal your image or use it without your permission?

Hacking

• Hacking is one way, especially if passwords are weak and the answers to security questions can easily be figured out (e.g., “Name of your first pet,” and on your Facebook page there’s a picture of you: “My very first dog, Snickers”).
• Malware can be installed on your device if the operating system, browser or security software is out of date.
• But hackers may also get into a cloud service depending on their and your level of security.

Cloud Services

• In 2014, the images of celebrities and others were stolen from their iCloud accounts. At the time, two factor authentication was not available to consumers.
• Apple did not take responsibility, claiming that the hackers guessed the passwords of the victims. This is entirely possible as many use the same passwords for multiple accounts. It is reported that Jennifer Lawrence’s and Kate Upton’s passwords really were 123qwe and Password1, respectively.

Social Media

• Got a pretty avatar for your Facebook page? Do you realize how easy it is for someone to “Save image as…”?
• Yup, someone could right-click on your provocative image, save it and use it for some sex site.
• And it’s not just images of adults being stolen. Images of children have been stolen and posted on porn sites.
• Stolen photos are not always racy. A stolen image could be of an innocent child smiling with her hands on her cheeks.
• The thief doesn’t necessarily post his loot on porn or sex sites. It could be for any service or product. But the point is: Your image is being used without your authorization.

Sexting

• Kids and teens and of course adults are sending sexually explicit images of each other via smartphone. These photos can end up anywhere.
• Applications exist that destroy the image moments after it appears to the sender.

• These applications can be circumvented! Thus, the rule should be never, ever, ever send photos via smartphone that you would not want your fragile great-grandmother or your employer to view.

How can you protect your digital life?

• Long, strong passwords—unique for every single account
• Change your passwords regularly.
• Firewall and up-to-date antivirus software
• Make sure the answers to your security questions can’t be found online.
• If any of your accounts have an option for two-factor authentication, then use it.
• Never open attachments unless you’re expecting them.
• Never click links inside e-mails unless you’re expecting them.

Stay tuned to Part 2 of How to prevent your Pics from being lifted to learn more.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

You’ve heard the term “consumer report.” Many times, I’m sure. But do you really know what one is? If you’re nodding your head, would you be able to explain it to a Martian? If not, then you probably do not have a solid understanding of what one is.

But lenders, landlords, creditors, employers and insurers certainly know what a consumer report is, because every time they’re about to deal with a new client, they put themselves at risk.

• Is he in good health?
• Will she stop paying her mortgage?
• Will he total his car?
• Will she be productive on the job?
• And more questions abound.

An article on privacyrights.org explains that all sorts of businesses need to assess the risk of every new client. However, it would be quite unwieldy for businesses to sit every potential client down and run through a list of 100 questions, then wonder if the applicant is being truthful.

Enter the consumer report.

• Credit report: Lenders can see the applicant’s financial status and bill payment habits.
• Fair Credit Reporting Act: Encompasses entire financial status.
• Miscellaneous companies are targeting consumer reports specifically for landlords, insurers and employers.

The article explains that the businesses that put together these targeted reports are called consumer reporting agencies. Consumer reports don’t just deal with finances and credit. Other types of reports come from nationwide specialty consumer reporting agencies. These other kinds of reports may detail one’s medical history, employment history, history of insurance claims and check writing history.

You are entitled to a free report every 12 months from a nationwide specialty consumer reporting agency.

• Make your request to each specialty reporting agency; they act independently of each other.
• Every agency has a toll-free number.
• Some agencies allow faxed, mail-in or online requests. For online requests, the agency’s site must provide a FAQ or help page.
• You are entitled to an update on your request’s status.
• There is no deadline for the agency to honor your request.
• The agencies gather information on people from a number of sources such as bankruptcy filings, driving records, credit history, public records of court cases and insurance companies.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention

Have a small business? Great. Have two-factor authentication for your accounts? If you’re not sure of the answer to that question, you could be in trouble. October is National Cyber Security Awareness Month, the perfect time to learn more about cyber security. As a small business owner, you certainly have thought about data breaches. They don’t just happen to giants like Target and Sony. The common thread in many data breaches is that the hackers got the password.

Once a hacker has a password, they often can get into the account, even if a username or other information is required. But suppose the hacker, mouth drooling as he’s about to break into your business accounts with your password and username, types in this login information and then sees he’s blocked unless he enters a one-time passcode? That’s a form of two-factor authentication. Game over for Joe Hacker.

Two-factor authentication may mean a different login, every time you login, even on the same day, and only YOU have it. It’s sent to your e-mail or phone. Setting up two-factor authentication differs from one platform to the next. See the following:

PayPal

• Click “Security and Protection” in the upper right.
• At bottom of next page, click “PayPal Security Key.”
• Next page, click “Go to register your mobile phone” at the bottom. Your phone should have unlimited texting.
• Enter your phone number; the code will be texted.

Google

• At google.com/2step click the blue button “Get Started.” Take it from there. You can choose phone call or text.

Microsoft

• Go to login.live.com. Click “Security Info.”
• Click “Set Up Two-Step Verification” and then “Next.” Take it from there.

LinkedIn

• At LinkedIn.com, trigger the drop-down menu by hovering over your picture.
• Click “Privacy and Settings.”
• Click “Account” and then “Security Settings.”
• Click “Turn On” at “Two-Step Verification for Sign-In.”
• To get the passcode enter your phone number.

Facebook

• In the blue menu bar click the down-arrow.
• Click “Settings.”
• Click the gold badge “Security.”
• Look for “Login Approvals” and check “Require a security code.”

Apple

• Go to appleid.apple.com and click “Manage Your Apple ID.”
• Log in and click “Passwords and Security.”
• Answer the security questions to get to “Manage Your Security Settings.”
• Click “Get Started.” Then enter phone number to get the texted code.

Yahoo

• Hover over your photo for the drop-down menu.
• Click “Account Settings.”
• Click “Account Info.”
• Go to “Sign-In and Security” and hit “Set up your second sign-in verification.”

Type in your phone number to get the texted code. If you have no phone you can get receive security questions via e-mail.

The prevention tactics above apply to businesses and really, everyone. Employees should be rigorously trained on proactive security and tricks that cyber thieves use.

Being cyber aware also includes backing up your data to a secure offsite location. Back it up with Carbonite, and receive 2 free bonus months with purchase of any subscription through the end of October by entering code “CYBERAWARE” at checkout.

Is it easier for crooks to prey on senior citizens, or is it that most targets are the seniors?

Well, one thing’s for sure: A disproportionate percentage of identity theft complaints come from people 50-plus (though I’m sure some readers would hardly consider 50-somethings to be seniors—but you get the point).

Some scammers go after seniors because they know that many older people have a lot of money saved up. And it’s also no secret that many seniors aren’t as sharp as they used to be, and also are not caught up on technology.

Some common scams that target the elderly:

• A caller pretending to be “your favorite grandson.” This lures the victim into announcing the name of that grandson, and then the crook identifies himself by that name. If the victim has hearing loss, he can’t tell that the caller’s voice doesn’t sound like his grandson.
• The caller then gives a sob story and asks Gramps to wire him some money.
• Retirement home employees access resident records for their Social Security numbers and other data, then sell these to crooks.
• An e-mail supposedly from the victim’s bank (or IRS or FBI) warns them that something is wrong and that they must act immediately to resolve the issue—and the action involves typing in their Social Security number, bank login information, etc.
• Scam mortgage companies. These fraudsters will get ahold of applicants’ Social Security numbers, other data and even their deeds to commit identity theft.

How to Help Prevent Identity Theft

• Some seniors are active on social media. Be very careful what you post on Facebook, Instagram, etc. Don’t post anything that could reveal your location or when you’re away from home.
• If you’re looking for employment, refuse to take any job in which the “employer” wants you to cash checks through your account or get involved with wire transfers.
• Don’t keep sensitive information in your wallet/purse.
• Don’t leave your cell phone, wallet, etc., out in public where some punk could skate by and snatch it.
• Use a shredder for all personal and financial documents.
• Automatically delete, without ever opening, e-mails that seem to have come from your bank, the IRS or FBI. Same for e-mails announcing you won a prize or say something very suspicious in the subject line such as “Dear Blessed One” or, “I Need Your Help.”
• Never conduct financial transactions on a site that has only an “http” in the URL, but instead, an “https” and a yellow lock icon before it.
• Use Hotspot Shield VPN when on Free WiFi. Free WiFi is often unencrypted and vulnerable to hackers.
• Make copies of your credit cards and other crucial documents and keep them in an easy-to-remember place in case any of these cards, etc., get stolen or lost, so you can quickly cancel the cards, etc.
• If you want to mail a letter that contains sensitive data, deposit it at a post office collection box.
• Believe it or not, crooks will get information out of obituaries to commit identity theft. Leave out details like date of birth, birth town, name of schools, etc., and just note age of passing and give details that an ID thief can’t use, such as, “She loved doing volunteer work with children.”
• Check your bank and credit card statements every month for suspicious charges.

Retirees don’t have to be victims of fraud as long as they are paying attention to various scams and recognize their responsibilities regarding preventing identity theft. By putting systems in place fraud doesn’t need to happen.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Most experts in cybersecurity suggest that computer users utilize a password manager, and I think they have a great point. These managers ensure that you can use a unique, strong password for all online account. On the flip side, there are naysayers that state a password manager isn’t as safe as you might think, as if the master password is discovered, it could give someone access to all of your information. So, who is right?

According to a recently concluded survey conducted by uSamp and sponsored by Siber Systems, creators of the RoboForm Password Manager, only 37% of survey participants use passwords that contain both letters and numbers. And only 8% report using a password management system, which can automatically create strong passwords for every site and change them frequently.

Here are some things to keep in mind:

Singing Praises for Password Managers

Why do some experts sing the praises for password managers?

• Password managers allow you to use the most secure passwords, and allow you to use a different password for every account.
• Since most websites have their own requirements for a password, you won’t become frustrated every time you log in, and you won’t have to remember if the ampersand is before or after the capital “S.” Besides, no one can remember every single password and username combination.
• These password managers can work across all devices and on all browsers.

The Possible Downside of Password Managers?

Though there are certainly benefits of using a password managers, some people share their concerns with this software and state some of the following reasons:

• There is a chance of a hack, albeit a small one, and if someone discovers a master password, they have access to everything including banking and personal information.
• You also don’t know how secure these password managers really are, especially if it is an online password manager, such as one associated with a web browser, as the data may not be encrypted properly.

Looking At Both Sides of the Fence

When looking at expert opinion, you will typically find that most of them fall somewhere in the middle when it comes to using a password manager. These people see password managers as useful, but people should use them with caution.

• Only use applications that have good reputations and those that do not rely on third parties
• Use password managers that alert you immediately of a breach
• Remember, a password manager is only as strong as the master password. This password should be strong, unique and changed often.

Good or bad, it’s probably better to be safe, rather than sorry. As with anything, be smart with your password manager, and you should have no issue with its effectiveness.

Robert Siciliano is a personal privacy, security and identity theft expert to RoboForm discussing identity theft prevention. Disclosures.

You may have been scammed after you responded to an e-mail that appears it came from Apple. When hackers send e-mails that appear to come from a legitimate company like Apple (or Google, Microsoft, PayPal, etc.), with the objective of tricking the recipient into typing in passwords, usernames, credit card information and other sensitive data, this is called phishing.

Many phishing scams are in circulation, including the Apple one. Hackers know that tons of people have Apple accounts. So if they robotically send 10,000 phishing e-mails to random e-mail addresses, they know that they’ll reach a lot of Apple account holders. And in any given group of people, there will always be those who fall for the scam. Not me, though. Recently I received the following scam e-mail:

Your Apple ID was used to buy a iOS App “TomTom Canada” from the App Store on a computer or device that had not previously been associated with your Apple ID.

Order total: $ CAD 44.99

If you initiated this download, you can disregard this email. It was only sent to alert you in case you did not initiate the download yourself.

 If you have not authorize this charge, Click here to login as soon as possible to cancel the payment!

When the payment will be canceled you will get a full refund.

Sincerely,
Apple Support
apple.com/support

A tip-off that this is fraudulent is the typos: “used to buy a iOS App…” (Hopefully you can spot the typo right away.) Another typo: “If you have not authorize this charge…”

A legitimate e-mail from a reputable company will not have typos or mistakes in English usage. And it’s unlikely it will have exclamation points, especially after words like “payment.” This e-mail really reeks of rotten phish.

Another red flag is that when you hover over the link, you get an unintelligible URL, or one that’s simple not Apple.com

Forward Apple phishing links including their headers to This email address is being protected from spambots. You need JavaScript enabled to view it..

Unfortunately, many people are ruled by shot-gun emotional reactions and promptly click links inside e-mails. Once they’re taken to a phony website, most are already sucked in too deep to recognize they’re about to be scammed.

Additional Information for Apple Account Holders

• Go to Apple ID: Security and your Apple ID to learn about Apple’s best practices.

You can quickly change your password at Apple ID.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Many people, including myself, make mistakes with their passwords and use them on site after site. To remain safe, it’s important to use a unique, strong password on every site you visit. How do you do this the easy way? Use a password manager.

According to a recently concluded survey conducted by uSamp and sponsored by Siber Systems, creators of the RoboForm Password Manager, the results indicate that people have some idea of the scale of the password challenge: More than half said they felt stressed out by the number of things they have to remember on a daily basis at work, and 63% reported that they’d either forgotten a password or had a password compromised at some point during their professional career

A password manager can solve this issue. A password manager is a type of software that stores login information for all the sites you commonly use, and the program helps you to log in automatically each time you browse to a particular website.  This information is stored in a database, controlled with a master password, and is available for use at any time.

Word of Warning: Don’t Reuse Your Passwords!

What is the big deal about reusing your passwords? It could be really damaging:

• If your password is leaked, scammers will have access to information such as your name, email address and a password that they can try on other websites.
• A leaked password could give scammers access to online banks or PayPal accounts.

What is It Like Using a Password Manager?

The first thing you will notice when using a password manager is that it will take a lot of weight off of your shoulders. There are other things you will notice, too:

• You first visit the website as you normally would, but instead of putting your password in, you will open the password manager and enter the master password.
• The password manager will automatically fill in the log in information on the website, allowing you to log in.

Think About it Before You Use a Web-Based Password Manager

Yes, there are web-based password managers out there, but there are problems associated with them:

• All major browsers have password managers, but these cannot compete with a full password manager. For instance, they store the information on your computer, and this is not encrypted information meaning scammers can still easily access it.
• These managers cannot generate passwords randomly, and they don’t allow for syncing from platform to platform.

Get Started With a Password Manager

If you are ready to get started with a password manager, the first thing to do is choose your master password:

• The master password must be very strong, as it controls access to everything else
• You should also change your passwords on every other site to a stronger password
• Make sure your passwords have capital letters, symbols and numbers for the strongest password combination