Personal Security and Identity Theft Expert Speaker

No more jimmying doors with a Slim Jim, bricks through windows, extracting lock cylinders with a dent puller, or hot-wiring ignitions. Automobiles today are being built to include wireless capabilities that allow for remote unlock, remote start, and of course, there’s global positioning systems (GPS) and services like OnStar and ATX, which offer “telematics,” or information and communications technology. While these services appear relatively secure, researchers in controlled environments are searching for vulnerabilities.

OnStar offers “RemoteLink,” an application for the iPhone or Android, which allows Cadillac, Chevrolet, Buick, or GMC owners to view real-time data including fuel range, gallons of gas remaining, lifetime miles per gallon (MPG), lifetime mileage, remaining oil life, tire pressure, and account information. Chevrolet Volt owners can view their car’s electric range, electric miles, MPG, and the battery’s state of charge. Users can also use the application to remotely perform certain commands, such as unlocking doors.

While all this new technology provides us with convenience and useful information, it may also leave use open to risk. Researchers in San Francisco have been able to access a car’s central computer processor through an Internet-connected car alarm, and in Seattle, researchers “blacked out the make and model of a car that offered multiple pathways for hackers a thousand miles away to send out GPS coordinates, open the doors, and have a colleague drive away without a key in the ignition.” And a New Jersey man has developed an iPhone app that lets him unlock cars and start engines by voice.

As with most technological advances, functionality and form come well before security. But now that researchers have demonstrated the frightening vulnerabilities inherent in cars’ computers, automobile manufacturers are working with companies like McAfee to develop firewalls that will protect the latest high-tech vehicles from hackers and thieves.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

On Christmas Day, 2011, Apple product users were targeted by a major phishing attack. The Mac Security Blog reported, “A vast phishing attack has broken out, beginning on or around Christmas day, with emails being sent with the subject ‘Apple update your Billing Information.’ These well-crafted emails could fool many new Apple users, especially those who may have found an iPhone, iPod or iMac under their Christmas tree, and set up accounts with the iTunes Store or the Mac App Store for the first time. The messages claim to come from appleidATidDOTappleDOTcom.”

As in most phishing emails, the template and body of the message mimicked Apple’s logo, design, colors, and font. When users clicked links within the email, they were directed to a spoofed website that also had the same Apple feel. Once users entered their personal information, they might be thanked for “updating” their account, or simply wind up in the Internet abyss.

One way to determine whether an email is legitimate is to hover your curser over any links and look at the text displayed. If a link isn’t something like http://store.apple.com or https://appleid.apple.com, it’s a fake. To learn more about how to recognize a phishing attempt, watch this video from McAfee.

While I’m on the subject, however, I may as well mention that I don’t recommend clicking any links within emails, regardless of what the domain says. The safest way to determine whether your account needs updating is to log into your Apple account directly, at https://appleid.apple.com. If there is a problem, you will be notified via internal messages within your account. If not, assume the email is a phish and delete!

And remember, just because you are using a Mac, it does not mean that you are safe from web threats, so make sure you stay educated on the latest threats, use comprehensive security software and be wary of things that sound too good to be true.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

McAfee recently distributed a press release and the line that caught my eye was, “Now is the time for parents to model good behavior and etiquette.” it This wasn’t something you’d normally expect to see from a major security company, so intrigued, I read on.

Instruction in etiquette and good behavior is something we could all probably use a little more of. And when I read McAfee’s “5 New Year’s Resolutions,” I realized that even though I have young children, I ought to brush up on some digital etiquette myself. It’s not too late to do your resolutions or start news ones or just brush up on your online safety.

McAfee suggests that parents begin the New Year with resolutions that address their own behavior, so they can model best practices for kids and teens:

When I’m with my children, I pledge not to spend more than 10% of the time on my phone or computer.
Adults spend about 3.5 hours day perusing the Internet or staring at their cell phone each day, according to estimates from eMarketer. This year, make a promise to give your full attention to your children, and develop a plan to limit your use of electronic devices.

I will not communicate with my children via text when they are in the house.
One downside of technology is that fewer people actually speak to one another. A Kaiser study found that children in grades 7-12 spend an average of 1.5 hours a day sending or receiving texts.

I will not give my child access to an Internet browser on a smartphone or tablet that is not safe for them to use.
It’s important for parents to shield children from cyber-danger by filtering explicit content on smartphones and tablets via applications such as McAfee Family Protection or McAfee Safe Eyessoftware. This software can prevent children from establishing or accessing social networking accounts, limit Internet use, and block inappropriate websites or messenger chats.

I will be prepared to have a “texting intervention” if my teen’s thumbs begin to look like tiny body-builders.
Texting may be a quick and easy way to interact with others, but the impersonal nature of the communication and frequency of use can cause problems.

I will have “the talk” with my kids, to discuss what they are doing and with whom they are connecting online.
Children often lack an understanding of online dangers, or they may lack the maturity to make appropriate decisions.

By modeling good behavior and ensuring that children’s experiences on Internet-connected devices is a safe and healthy one, parents can ensure a 2012 that is free of digital drama.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

A new year is always a welcome opportunity to start fresh, clean up, clean out, update, and upgrade. I’ve always believed that if you aren’t moving forward, you’re moving backward. Staying still in one spot really means that the people and the world around you are passing you by.

This philosophy also relates to the management of your digital life. Old technology isn’t necessarily outdated, but it may need updating, while obsolete technology certainly needs upgrading.

Old PCs: Thanks to “the cloud,” even an old Windows XP machine can have a new lease on life. Reinstalling the operating system and using it for cloud-based applications like mail and Google docs can allow a relic to function better than its old self ever did.

New PCs: I have a Windows 7 desktop that drags a bit, does weird things, and makes the occasional funny noise. It’s about two years old and still in relatively good shape, despite the random glitches. It’s just a matter of time, however, until it degrades to a point where it either stops working or becomes too frustrating for me to deal with. So, while that one is still functioning, I bought another desktop for about $500 that’s better, faster, and has more of everything I want in a work machine. I’ll load the new computer up with all my software and when it’s 100% ready, I’ll make the switch. Meanwhile, the old computer will still work well as a media center.

Old mobiles: If you are still using a feature phone, that’s fine. For many people, all a phone needs to do is be a phone. But make sure to at least consult the manufacturer’s website, because their may be upgrades to your phone’s operating system that can improve its functionality or security.

New mobiles: The technology in smartphones today is just astounding. Whether you use an iPhone, Android, or even a BlackBerry, having the world at your fingertips makes getting things done far more efficient. Besides the obvious benefits of communications, multimedia, and online shopping, a smartphone is a great way to save money. Just the other day, I went to a store to make a purchase and was floored by the cost of an item that I usually buy every two or three years. I immediately went online via my smartphone and found what I was looking for, for 90% less than what I had almost paid. Frankly, I don’t know how brick-and-mortars survive when consumers have this kind of access to price comparisons.

Modem: Your ISP-issued modem starts dying right out of the box. It’s just a matter of time until it starts acting up. If you’ve had it for over a year, take it to your local service center and get a new one.

Router: If you are on a wireless G and all your devices can talk to N, upgrade to N. This process is not for the faint of heart. Depending on the sophistication of your network, this could be a bear. However, by taking screenshots of all your settings and starting fresh, you will have a better Internet experience. If you are happy with the current brand you have, simply upgrade to the newest model for a smoother transition.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

You may have a laptop, desktop, netbook, notebook, Ultrabook, tablet, Mac, or mobile phone. You might be single, married, or have ten kids. Either way, you probably have at least one, if not six or more, devices requiring comprehensive security. My family of four has 12 devices, all of which I do my best to lock down like the digital equivalent of Fort Knox.

In order to manage multiple devices “cross-platform,” wherein one device may run Mac OS X while another runs Windows, while your phone is completely different, you need a security solution that is comprehensive, affordable, and straightforward.

PC Magazine selected McAfee All Access for its Editors’ Choice Award, scoring the product with 4.5 stars out of 5 and praising the thoroughness of the protection offered, for any and all devices an individual or a household might own.

McAfee All Access Wins Editors’ Choice Award

In contrast to traditional consumer security products that only offer per-device subscriptions, McAfee All Access is the first solution that uniquely protects all of the PCs, Macs, smartphones, and tablets owned by an individual or household. By providing consumers with a simple, cost-effective means to holistically safeguard all of their devices, McAfee All Access also represents a fundamental shift in the way consumers think about security.

McAfee All Access users can download, activate and manage essential protections from a central console, enabling them to safeguard personal data, defend against malware, and protect kids as they browse online by allowing parents to filter inappropriate content, including YouTube videos and explicit music lyrics, and monitor the use of social media.

Learn more about McAfee All Access.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

Public–private partnership (PPP) describes a government service or private business venture which is funded and operated through a partnership of government and one or more private sector companies.

Here’s an example of “public-private partnerships”: Six Estonian nationals have been arrested and charged with running a sophisticated Internet fraud ring that infected millions of computers worldwide with a virus and enabled the thieves to manipulate the multi-billion-dollar Internet advertising industry. Users of infected machines were unaware that their computers had been compromised—or that the malicious software rendered their machines vulnerable to a host of other computer viruses.

Beginning in 2007, the cyber fraud ring used a class of malware called DNSChanger to infect approximately 4 million computers in more than 100 countries. There were about 500,000 infections in the U.S., including computers belonging to individuals, businesses, and government agencies such as NASA.

The FBI further states “A complex international investigation such as Operation Ghost Click could only have been successful through the strong working relationships between law enforcement, private industry, and our international partners.”

The private partnerships refer to corporations just like yours who may have been affected by a virus or play a role in information security that help track down the bad guys. “PPP involves a contract between a public sector authority and a private party, in which the private party provides a public service or project and assumes substantial financial, technical and operational risk in the project.”

As President John F Kennedy once said “Ask not what your country can do for you – ask what you can do for your country”. Today that may mean taking down international cyber criminals.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

Mobile banking has experienced rapid growth over the last three years, in the U.S., more than doubling from 5% of online adults in 2007 to 12% by June 2010. Furthermore, Forrester predicts that one in five–or 50 million–U.S. adults will be using mobile banking by 2015.

However, identity theft is a major concern and studies show that many Americans are still uncomfortable with mobile banking, citing security as a top concern. In fact, 35% of US online adults said that they do not use their device to do banking for this reason.

Responding to these concerns, banks have been working to improve mobile security by offering a consistent sign-on experience for both their online and mobile channels, including multi-factor authentication programs for mobile.

While banks are trying to do their part, users have to take additional steps to make sure that their mobile data is protected. Consumer Reports estimates that almost 30% of Americans that use their phones for banking, accessing medical records, and storing other sensitive data, do not take precautions to secure their phones.

So, here are some tips for mobile bankers of all ages to keep you safe while banking on the go:

Connect to your bank’s mobile site or app securely by making sure that your wireless network is secure. Never send sensitive information over an unsecured wireless network, such as in a hotel or café.

Download your bank’s mobile application, so you can be sure you are visiting the real bank every time, not a copycat site.

Configure your device to auto-lock after a period of time.

Don’t store data you can’t afford to lose on an insecure device.

Use mobile security protection like McAfee Mobile Security™ that offers layers of protection including: antitheft, antivirus, antispyware, antiphishing and app protection.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discuss mobile phone spyware on Good Morning America. (Disclosures)

There are changes coming in the world of security technology. Never before have so many criminals been so organized across borders as they are today. The Internet has spawned international crime syndicates of the best of the best criminal minds, who seek to take from you, your government, and all the merchants we rely on to provide products and services.

Security companies have been preparing for this eventuality, and many are rolling out new and improved versions of their technologies to fight the good fight.

Antivirus: Today’s antivirus protection is not the same as yesterday’s. Over the years, antivirus companies have had to upgrade their detection methods and change the way they recognize malware. And it’s no longer effective to have a free, basic antivirus program installed. Criminals are coming from all angles: attacking your PC’s operating system, various browsers, Macs, mobiles, and any website you visit. In response, antivirus companies now offer “total protection” or “all access” suites of software, to protect all your devices across various operating systems for one low price.

Credit cards: The shift from “magnetic stripe” credit cards to “EMV,” which stands for Euro MC/Visa, or “chip and PIN” is underway in North America. Both Canada and Mexico are going full on EMV and several major banks in the United States are beginning to test and even roll out EMV. EMV cards are far more secure than traditional credit cards, and consumers should embrace these new, more secure cards.

Mobile security: The BlackBerry has always been relatively secure, and hasn’t been prone to viruses that impact PCs. The iPhone has been virtually virus-free, but is not 100% immune. Android is quickly becoming a serious contender for the iPhone’s more than 50% market share, and bad guys are paying attention. There has been a significant increase in Android-related hacking, and Android users must, therefore, download and install all the latest updates and invest in a mobile security product.

Keeping your head up and knowing what to watch out for is job one. By staying security savvy, you can effectively deter the bad guys.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Let’s get one thing straight: it’s no longer possible to deny that your personal life in the physical world and your digital life are one and the same. Meaning, while you are present here on the ground, you continue existing online, whether you know it or like it or not.

Coming to terms with this reality will help you make better decisions in many aspects of your life.

1. Get device savvy: Whether you’re using a laptop, desktop, Mac, tablet, mobile, wired Internet, wireless, or software, learn it. No excuses. No more, “My kids know more than I do,” or, “All I know how to do is push that button-thingy.” Take the time to learn enough about your devices to wear them out or outgrow them.

2. Get social: One of the best ways to get savvy is to get social. By using your devices to communicate with the people in your life, you inevitably learn the hardware and software. Keep in mind that “getting social” doesn’t entail exposing all your deepest, darkest secrets, or even telling the world you just ate a tuna sandwich. Proceed with caution here.

3. Manage your online reputation: Whether you are socially active or not, whether you have a website or not, there are plenty of websites that know who you are, that are either discussing you or listing your information in some fashion. Google yourself and see what’s being said. Developing your online persona through social media and blogging will help you establish and maintain a strong online presence.

4. Get secure: There are more ways to scam people online than ever before. Your security intelligence is constantly being challenged, and your hardware and software are constant targets. Invest in antivirus, anti-spyware, anti-phishing, and firewalls. Getting security-savvy is a great way to start a new year.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Recently UCLA announced 16,000 patients were potential victims of identity theft because a doctor’s home office was broken into and burglarized. This is an unfortunate example of an employee taking home a laptop or storage device from the office resulting in a serious data breach. The thief may have no idea what he has in his hands, but the damage is done, the data is breached.

UCLA had to send letters to all 16,000 plus affected warning that there is a possibility their identities could be stolen. On top of that they had to hire an identity theft protection firm to cover each breached record in the hopes the service will mitigate the loss. Data loss like this may cost UCLA hundreds of thousands of dollars by the time the dust settles.

The documents stolen were birth certificates, home addresses, medical documents and numerical medical identifiers. The information breached did not include Social Security numbers or financial information. Meanwhile reports state the data was encrypted, but the password to access the encrypted data was on a piece of paper near the laptop, which hasn’t been located either.

Based on the reports, an identity thief would have a hard time actually using the data stolen to commit new account fraud or account takeover. Nonetheless UCLA’s response has been comprehensive and designed to reduce risk in any capacity.

Data breaches cost big bucks. Smart data security practices if done right are inexpensive and cost effective. Encryption in this scenario failed due to a password on a sticky note near the laptop. The lack of a home security system in the doctor’s home office contributed to the data loss. Putting layers of protection in both a business and home setting is an absolute must.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures