User Blogs

The biggest sporting event of the year just kicked off. If you’re not a football fan (that’s soccer for us Yanks), this is the ultimate goal and it’s just getting started. Many fans will head to Brazil to watch these games and their favorite players, but many more fans will flock online to find out information about the players and teams.

Cybercriminals once again are taking advantage of these large numbers and have pounced on the eagerness of fans of the world’s most popular sport. Portugal’s Cristiano Ronaldo dos Santos Aveiro just barely edges other football stars as the world’s riskiest football player to search for online and tops the McAfee “Red Card Club.”

The McAfee “Red Card Club” is a list of eleven Brazil bound players whose web pages are considered to be risky for fans to search for online. Following Ronaldo are Argentina’s Lionel Messi, Spain’s Iker Cassillas, Brazil’s Neymar and Algeria’s Karim Ziani.

The sites most likely to be risky are those offering videos showing the athlete’s skills, and screensaver downloads. These rigged sites are just waiting to trick you into giving up personal information so that the thieves can steal your identity or get ahold of credit card information and max out your cards.

The study uses McAfee® SiteAdvisor® site ratings, which indicate which sites are risky when attached to football players’ names on the Web and calculates an overall risk percentage.

So what’s an excited football fan to do? While it’s probably not feasible for us to stop searching for information about these stars, we can make sure we are safe while doing so. Here are some tips for you to stay safe online:

Be suspicious — If a search turns up a link to free content or too-good-to-be-true offers, it usually is.
Be extra cautious when searching on hot topics—Cybercriminals set up fake and malicious sites that dominate these time-sensitive search results.
Use web protection— Make sure to use a safe search tool that will notify you of risky sites or links before you visit them. McAfee SiteAdvisor software can be downloaded for free here.
Check the Web address—Look for misspellings or other clues that the link might be directed to a phony website.
Protect yourself—Use comprehensive security on all your PCs, Macs, smartphone and tablets, like McAfee Live Safe™ service, that comes with McAfee SiteAdvisor, a complimentary tool that protects your from going to risky websites and prevents malicious downloads.

Stay safe online!

Zero. The number of people who have ever read word for word—and understood—a website’s privacy policy.

Well, maybe not zero, but the actual number is pretty close to it. And this excludes the lawyers who compose these thick walls of tiny text that are filled with legalese.

How many people even open the link to the privacy policy? After all, it’s almost always at the bottom of the site page, called “Privacy Policy,” in a font that doesn’t even stand out.

It’s time that the privacy policy (aka transparency statement) be short, sweet and simple, with an attractive graphic to catch the visitor’s attention. The purpose of a privacy policy seems to be to inform the website visitor/user just how that person’s data will be used by the business or enterprise that the site is for.

But more accurately, the purpose is for the statement to protect the business in the event of a dispute.

Why don’t businesses introduce a short, in-plain-English statement with the sole purpose of explaining privacy and data protocols; right to the point, no legalese filler fluff? And easy to access while they’re at it. The larger, complicated privacy policy could back up the short, simple transparency statement. Over time, the way the big, and the little, statements work in tandem could be refined.

With this upgrade in the “privacy policy,” visitors to sites will be able to make better choices and have a firmer grip on how the site manages their data.

Just think how much smoother things would be if every website had a link titled “Transparency Statement” that took you to a one-page document with a friendly font size and no legalese. Better yet, why not call the “transparency statement” something like, “How we handle your private information.”

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video.

Last year there were hundreds of cyber fraud incidents that struck banks and put consumers’ personal data at risk, even though the one involving Target stole the scenes. These crimes included payment card skimming, denial-of-service and web app tampering.

As we’ve discussed, security is a top concern for banks at the board level. It’s not that the criminals are particularly bright and that’s why they’re causing so many problems, but rather, security for banks just cannot keep up with the volume and type of attacks. Security can also be under-resourced and/or putting too much of its attention in the wrong places.

A web app attack is the interference of web applications, (such as sending a phishing e-mail ) that tricks the recipient into revealing their banking information. Another example is cracking passwords.

Web attacks are ubiquitous and can be conducted by mediocre-skilled crooks, hunting for the user names and passwords of online banking customers. Banks are responding by beefing up verification processes for their customers rather than relying on just the one-step authentication.

The denial-of-service attack is the second big threat upon banks, when malicious traffic is heaped upon the institution’s web server to disrupt site operation. A malfunctioning site turns off customers—including potential customers. But a DDoS attack can also be launched to divert attention away from another planned attack that actually steals data.

Payment card skimming hits banks hard. The crook puts a phony card reader over the card-swiping device to collect the card’s data off its magnetic strip. The thief will then create phony ATM cards.

The skimming tool can be made at home with a 3D printer—and the cost of the printer can very quickly be recovered with fraudulent use of the phony cards. Skimmers are not traceable, putting a lot of load on bankers’ backs. The fact that some ATMs are remotely located doesn’t help.

There’s still room for the criminals to become savvier, joining forces and sharing ideas, getting organized etc. However, many still remain solitary, which enhances their ability to go undetected.

As renowned security expert Bruce Schneier recently said “Security is now about resilience – it’s not about defense. Banks must up their security awareness, and have a plan in place to respond quickly and thoroughly should there be a breach.

PIN may sometimes stand for pilfered identification number if a hacker gets yours. And it’s easier than ever for thieves to get your PIN from an ATM, coming up with clever ways to beat security technology.

The “primitive” way to get your card number is to manually place a phony card reader over an ATM card reader and then come back to retrieve it. Now it’s being done wirelessly via Bluetooth and SMS tech built into the skimmer. Coupled with wireless cameras and keypad overlays, getting your PIN is easier than ever.

They’re also brazen enough to land jobs that will grant them ATM access; they then install malware that can transmit your PIN to their personal device. PIN hacking’s memory chips and transmitters are thinner and lighter these days, making them go undetected.

The crime of ATM skimming racks up $350,000 a day.

Wedge skimming. An employee runs a card through a card reader tool that transfers data from the card’s stripe. The crook downloads this to his device, then burns the data onto a phony card or uses the data to place online or phone orders.
Fake ATMs. The crook installs the phony machine in a place that will attract users like a saucer of honey will attract bees. The machine will read and copy tons of data.
ATM skimming. The thief fits a card reader onto an ATM or gas pump card reader. The very inconspicuous reader may have wireless technology. This crime often comes with installation of secret pinhole cameras nearby to capture the consumer’s PIN.
Data intercepting. A thief poses as a gas pump serviceman and unlocks it with special keys, then plants a device inside that reads all the customer cards’ unencrypted information.
Point of sale swapping. The skimming device is placed at the terminal where you make a purchase. Even busy places like McDonald’s have been targeted.

These smart criminals can copy skimmed credit card data on gift cards, blank cards, hotel cardkeys or white cards, the latter being quite useful at self-checkouts. Protection comes in the form of:

Anti-Skim Security built into the ATM from the factory or as an add-on solution, which is installed inside the machine
Checking your statements every day via a smartphone app or every week online or monthly via your paper statement for suspicious transactions
Challenging questionable transactions right away
When entering your PIN, conceal the keypad with your other hand
After handing an employee your card, keeping a close eye on it. Don’t let the employee leave your site with your card.

A crook (often a store employee in this case) can also nab your data with a handheld skimming device like the “wedge” listed above.

The Many Faces of Skimming

Remember, the phony skimming device that’s attached to the card reader goes undetected by the consumer, unless the consumer is well-versed in this kind of crime and knows what to look for.
The crooked employee gets your information, then sells it.
Thieves can now get the data via wireless technology like Bluetooth, eliminating the risk of getting caught at the machine.
Pinhole cameras can be placed anywhere close by, such as in a brochure holder.
A crook may place a data capturing device over the keyboard to get PINs.

Get familiar with the ATM you use—because you should be using the same one so that it will be easier to spot something different about it.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America.

Never mind the government nosing in on your business; there’s a much bigger snooper out there that’s mining to your personal data: thousands of companies whose names you may not even know.

These “data brokers” aren’t “bad”, although a few are irresponsible. They collect and analyze your very personal information, then package it up and sell it for profit to advertisers and the government. Though this rather benign consumer marketing is nothing new, the volume and type of data has changed, thanks to the Internet, making data broking a multibillion dollar venture.

Today’s technology allows data brokers to snatch and sell information about your closest friends, medical conditions, unsavory habits, even your literal footsteps—online and offline.

Data brokers today will classify people into groups such as those with genetic diseases or poverty. These are called vulnerable consumers, with classification names such as Ethnic Second-City Strugglers.

As for medical conditions, there are classifications for particular diseases, such as multiple sclerosis and cancer. There is no legislation that regulates any of this mining into our most private information.

Surprisingly, some of these companies are also in the business of offering identity protection services to consumers.
It’s not known just where the bigger data brokers even harvest their information or to whom they are selling it.

Maybe this is because they consider their client list to be proprietary. One broker even stated that it purchases lists of financially vulnerable people from government agencies so that ultimately, those who are eligible for assistance can be identified. These government clients are public record, said the broker.

The FTC consumer protection head believes that data brokers should be required to allow consumers access to the data that’s been scooped up about them. Meanwhile, data brokers records have become attractive to criminals. Ever since the ChoicePoint breach there have been multiple info/data brokers compromised.

When considering who you choose to do business with, relationships with data brokers, especially any who are also involved with protecting your customers’ identities, should be reassessed.

This writer has said numerous times that privacy is waning and dying. Partly because we have allowed it with our bazillion posts to social and partly because of the shift from print advertising to digital. During that shift, lots of creative types figured out how to figure you out and get inside your digital head. But all at a cost of your privacy.

Arwa Mahdawi in the Gurdian brilliantly posed “Privacy isn’t dead, but it’s getting very expensive.” So true.

Ask yourself: as a decision maker for your business or employer, when it comes to protecting your organization’s customers’ or clients’ personal data, how proactive are you? And even if you’re proactive, are you aware of just what is involved on the part of the customer/client to ensure that their personal information doesn’t get into the wrong hands?

Or perhaps you’re not very active in this realm at all, figuring that it’s “up to the customer” to figure out how to secure their data, or that it’s the responsibility of the banks and credit card companies.

I contend that businesses who collect valuable data from customers and profit from it – from email addresses, to credit cards to SSNs – have the responsibility to protect the data collected. Otherwise customers inclined to do so must pay a fee to have their personal information protected. That business is booming.

It’s fair to speculate that if businesses, such as retailers and healthcare organizations, had an excellent history of keeping customers’ data airtight, the protection of privacy wouldn’t have become something that people must pay for.

Of course, there are ways that consumers can protect their privacy without paying for it, such as giving up the use of credit and debit cards, always remembering to disconnect their mobile device in public when they don’t need to be online, never seeing doctors, disabling their cookies, etc.

But let’s face it, these free approaches are impractical or even impossible. How many Internet users even know how to disable their cookies, or even what a cyber cookie is? How many know what a VPN is?

Consumers should not have to be tech savvy or have a lot of money or make impractical lifestyle changes in order for their private information to be leak-proof.

Recently a settlement was obtained between 2 companies with the FTC. The charge was that these organizations failed to secure their mobile apps, which put consumer’s private data at risk.

The FTC says that these companies disabled the SSL certificate validation. This default process confirms that an application’s communications are secure.

Because the SSL was disabled, the apps were made prone to cyber attacks, in which crooks could steal data like SSNs, home addresses and credit card information.

These attacks are the man-in-the-middle type and are a particular threat to unprotected public Wi-Fi (hotels, coffee houses, etc.).

If you use your mobile on an unguarded network, a crook can get in between you and the site you want to visit, and pose as you and communicate with the intended site. Posing as you, he can then manipulate your data. The scoundrel can also make your mobile visit a fraudulent site that you think is legitimate and lure you into entering personal information.

A website is secure if the site address begins with “https.” However, the smartphone’s small browser discourages users from checking this. And crooks know this.

Of particular interest to criminals is texting between banks and companies that utilize a one-time password. The crook can intercept this transaction and gain access to sensitive data. He can actually redirect an intended wire transfer to his account.

All of this can be avoided by avoiding online financial transactions with a mobile device on public Wi-Fi. Don’t even visit your bank’s site. Also don’t send personal information via e-mail on public Wi-Fi. If you must conduct mobile transactions in public, buy a Wi-Fi device, get a VPN like Hotspot Shield or use your carrier’s 3G or 4G network.

Finally, install anti-malware programs on your mobile, especially if it’s an Android. Don’t just sit back and assume that the app makers, app sellers and other businesses are going to take care of all of this for you.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

I’m sure most of us have used a USB drive (or thumb drive) at one point or another. They are super convenient to transfer files, especially when they are too large for email or you don’t have access to an Internet connection.

But it’s this same convenience of being portable, readily available, and inexpensive that make them a prime target for cybercriminals. There’s a number of ways that these devices can fall victim to the underworld.

Because USB drives are primarily used to share and transfer files, it’s an easy target for hackers who are looking to distribute malware. And because most USB drives are set to auto-run (meaning that when you plug it into your computer, it will automatically open up the drive), the malicious software could be automatically transferred to your computer as soon as you plug this in. So once they get you to copy an infected file to the USB drive, it’s easily spread to other computers every time the USB drive is plugged in.

While their small size and portability make them easy to carry in your pocket or pretty much anywhere, it also makes them susceptible to loss or theft. Depending on what type of information is stored on here, losing this device could expose your personal information. A USB drive could easily be misplaced, dropped or taken from a table so it’s important to be careful when using these devices.

Another thing to keep in mind is that files aren’t really deleted, even if you hit the “delete” button to take something off your USB drive. In this case “delete” really means “hide” so unless you run a “wipe” program to really get rid of the files, someone could still retrieve your data, so you still need to make sure you are careful with these devices.

So here’s some tips how can you ensure that you stay safe and protect your information when using USB drives:

Watch your USB drive – don’t set it down and make sure you keep track of it so it’s not lost or stolen.
Disable auto-run – Turn off auto-run on your computer so that if a USB drive has malware, then it won’t automatically be transferred to your machine.
Be careful who you share your USB drives with – Be careful what computers you place your USB drive in and who you let borrow your USB drive.
Use comprehensive security software – make sure your security software not only scans your computer for threats, but also any drives that are attached.

Remember just as with being online, we need to make sure our conveniences don’t expose us to risk.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!