We are joined once again today by Steve Schwartz, Intersections’ EVP, Consumer Services. In today’s video presentation, Steve shares some very important safety tips to help keep your kids safe online when using social media. We all want to have fun on sites such as Facebook and Twitter. By following a few simple rules, you can make help make the experience both fun and safe for your kids.

Learn more about the growing problem of child identity theft and what you can do about it.

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser Neal O’Farrell shares some security insights into the popular Internet phone service,Skype. Let the caller beware!

If, like me, you’re one of the millions of people who use Skype to make phone and video calls, you might want to be aware of some serious security issues that are emerging.

Researchers at universities in New York, France, and Germany plan to publish a paper called “I Know Where You Are and What You Are Sharing,” at a major internet conference in Berlin next month. The paper promises to outline what many experts believe are major flaws in Skype that could be downright creepy.

The authors claim that the privacy weaknesses they are found are so easy to exploit, a sophisticated high school-age hacker would likely be capable of executing similar attacks.

Here’s just an example of some of those risks:

• When person A calls person B using VoIP, person A is able to determine person B’s IP address, and perhaps even their location and the name of their ISP.

• Attackers can get this information by calling a person and hanging up quickly so the recipient of the call will never even know – there’s no ringing or pop-up window.

• An attacker can make some of these attacks even when they’re not on the other user’s contact list and even when they’ve been blocked from that user’s list.

• By repeating some of the attacks on an hourly basis, the attacker can track the locations and movements of any Skype user over weeks or even months, without the user having any idea that he or she is being tracked.

• Marketers can easily link to information such as name, age, address, profession and employer from social media sites such as Facebook and LinkedIn in order to inexpensively build profiles on a single tracked target or a database of hundreds of thousands.

In one demonstration, the researchers tracked the Skype accounts of about 20 volunteers as well as 10,000 random users over a two-week period and were able to construct a detailed account of a user’s daily activities even if the user had not turned on Skype for 72 hours.

According to their press release “In one example, they accurately tracked one volunteer researcher from his visit at a New York university to a vacation in Chicago, a return to a New York university, lodging in Brooklyn, then to his home in France. ‘If we had followed the mobility of the Facebook friends of this user as well, we likely would have determined who he was visiting and when.’”

The researchers also calculated that it would cost a marketing company just $500 per week to create a database capable of tracking 10,000 Skype users.

Why target Skype? The very same reason hackers have relentlessly targeted Facebook and other social networking sites – because it’s where the crowds are. Skype has more than 500 million registered users and around 170 million active monthly users who use it to make phone and video calls, send text messages, and even use it for corporate video conferencing.

And apparently it’s not just Skype that’s vulnerable but many other VOIP services. The authors of the report claim that “These findings have real security implications for the hundreds of millions of people around the world who use VoIP or P2P file-sharing services. A hacker anywhere in the world could easily track the whereabouts and file-sharing habits of a Skype user – from private citizens to celebrities and politicians – and use the information for purposes of stalking, blackmail or fraud.”

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

In today’s post, Neal O’Farrell talks about the importance of keeping on top of your own personal security. And there is no better time to do that than in October, which is National Cyber Security Awareness Month.

It’s October again and you know what that means. No, not just Halloween, although some of the stuff out there is beginning to get scary. It’s also National Cyber Security Awareness Month and a great time for you to review your security, take a close look at your personal habits, and make some of those changes you might have been putting off.

October should be “take another look” month because it’s a great reminder for you to take another look at some of the stuff you might be taking for granted.

Take another look at Facebook

• Have you changed your password recently? If not, do it now.

• Have you removed any personal information that might help a thief learn more about your background, like where you grew up, went to school, date of birth etc.?

• Have you hidden your mobile phone number on your Facebook page? Your bank may use that number to send you alerts and you don’t want thieves intercepting those alerts.

• Have you revisited your privacy settings lately? Because Facebook changes so much, you should check your settings regularly to make sure they’re still doing what you expect them to. Network World has a great slideshow entitled “Facebook Privacy: 11 settings to revisit now.”

Take another look at your computer and device security

• When was the last time you updated your anti-virus software, and is it set to automatically update?

• Have you checked that your anti-virus program is actually in place and turned on? Make sure that it wasn’t disabled accidently by another user or family member, or even by malware.

• Are you protecting valuable information on your computer or laptop with encryption? It’s a great defense against theft and hackers.

• Have you removed any apps from your phone and tablet that you don’t really need?

• Have you installed security software in your smartphone or tablet? Don’t forget that these devices can be just as vulnerable as your computers.

Take another look at your credit reports

• When was the last time you checked your credit reports? If it’s been more than three months, it might be time to check them again. Check your reports free at www.annualcreditreport.com.

• Are you using IDENTITY GUARD®? IDENTITY GUARD® provides one of the most comprehensive collections of security tools to protect your identity from all kinds of attacks and it works best if you take advantage of all its great features.

Take another look at your browser

• Have you updated it lately or set it to automatically update?

• Have you looked at the security of add-ons and extensions to your browser, and uninstalled extensions you don’t need?

• Have you thought about switching or upgrading to Internet Explorer 9 or IE 9? It has a host of new security features that can provide almost as much protection as desktop security software.

Take another look at your kids

• Are they on Facebook? If they are, have you talked to them about dangers and precautions?

• Have you created your own Facebook page so you can friend your kids and keep an eye on them?

• Have you set rules for what they can’t say and send on their phones and computers?

• Have you moved family computers to a family area – meaning no computers where you can’t see them?

Take another look at your passwords

• Have you changed the most important ones lately, like bank accounts, email, and Facebook?

• Have you moved from passwords to passphrases, to make it easier to create and remember complex passwords?

• Have you started using a password manager to keep all those passwords in a safe place?

• Have you talked to your kids or employees about changing and protecting their passwords?

Take another look at your bank accounts:

• Do you have a password management system, like ID Vault® or an anti-keylogger such as PRIVACYPROTECT®, on your computer to protect your bank logins and passwords from thieves?

• Have you opted for e-statements instead of paper statements, to protect your statements from being intercepted in the mail?

• Have you set up account alerts so that your bank or credit union can immediately notify you of any payments, transfers, or withdrawals?

• Have you changed your bank account password recently?

• Have you checked your statements for any unusual transactions?

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser, Neal O’Farrell shares some very valuable social networking safety tips today. He comments on a recently published Facebook security guide.

There is a growing collection of guides, web sites, and even Facebook pages devoted to the evolving topics of Facebook security, safety and privacy. And for good reason. In spite of all Facebook’s efforts to keep their users safe, Facebook is still a haven for all kinds of scammers and scams just waiting for careless or busy users to slip up.

The latest arrival is a concise 14-page guide from Facebook and authored by a team of writers with a mixed background of internet safety, online security, and teaching. It’s called “Own Your Space: A Guide to Facebook Security 13 Top Tips for Staying Secure on Facebook” and you can download the complete guide from the link below. If you’re not familiar with the basics of Facebook security, I strongly recommend that you download and use a copy. And especially if you have kids who are already on Facebook or plan to be soon.

Here’s what the authors of the guide offer as their top tips for staying safe – print them out, keep them close, and consult them often:

• Only “Friend” people you know.

• Create a good password and use it only for Facebook.

• Don’t share your password.

• Change your password on a regular basis.

• Share your personal information only with people and companies that need it.

• Log into Facebook only ONCE each session. If it looks like Facebook is asking you to log in a second time, skip the links and directly type www.facebook.com into your browser address bar.

• Use a one-time password when using someone else’s computer.

• Log out of Facebook after using someone else’s computer.

• Use secure browsing whenever possible.

• Only download Apps from sites you trust.

• Keep your anti-virus software updated.

• Keep your browser and other applications up to date.

• Don’t paste script (code) in your browser address bar.

• Use browser add-ons like Web of Trust and Firefox’s NoScript to keep your account from being hijacked.

• Beware of “goofy” posts from anyone—even Friends. If it looks like something your Friend wouldn’t post, don’t click on it.

• Scammers might hack your Friends’ accounts and send links from their accounts. Beware of enticing links coming from your Friends.

And remember, Facebook has its own team and page dedicated to all things security.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser, Neal O’Farrell joins us again today with his take on the recent mid-year cybercrime report by the security firm Sophos. Enjoy, but be careful out there!

Hard to believe the year is already half over. Seems like only yesterday we were talking about a spike in identity theft over the Christmas holidays, and warning consumers to be extra vigilant as tax time approaches.

But it’s been such a busy year for scammers and hackers, it almost becomes a blur. To sort through the fog, security firm Sophos recently published their half year summary of threats and trends, and it should stand as a stark warning of the need to be constantly vigilant.

For example, Sophos claims that since the start of 2011 they have recorded an average of 150,000 new malware samples every single day. That’s works out to one piece of malicious software being discovered every single second, and a 60% increase over 2010.

Sophos has also identified an average of 19,000 new malicious URLs each single day in the first half of this year. That’s a stunning 4.5 new web threats detected every second. And, according to Sophos, 80% of those URLs are legitimate websites that were hacked or compromised by crooks.

The two top exploits favored by these crooks were fake anti-virus software and SEO poisoning – manipulating search engine results to drive users to malicious or infected web sites – and it might surprise you that the majority of these malware sites are hosted in the United States. The U.S. accounts for a whopping 37% of malware hosting web sites, while the next nearest culprit is Russia at just 13 percent.

There has also been a big change in the way people communicate, a change that now works even more in the favor of hackers. Sophos recorded a 59% decline in the use of email among 12-17 year olds, and a 34% decline in email use amongst 24-34 year olds. This is mainly due to a switch to texting and social networks as a way to communicate. And hackers love social networks because they make it much easier that email to launch more targeted and effective attacks. Hardly surprising that 81% of computer users surveyed by Sophos believe that Facebook presents the greatest security risk.

On the subject of social networking risks, Sophos also conducted a poll of nearly 2,000 people on their social media habits and worries. 71% reported that they, or one of their colleagues, had been spammed on a social networking site, 46% had been phished and 45% were sent malware.

“Social networking privacy issues have dominated the headlines in the first half of 2011. With most social networks, the default settings share everything and users have to reset their options to make their accounts more private. This opens up a host of security issues because so many people—both friends and not—have access to your information,” according to Sophos.

The report also highlighted a study by the FBI about how one cyber gang was able to dupe 1 million users into buying fake software, and could have made as much as $72 million from the scam. This is a problem for a lot of reasons. It means that not only were 1 million people duped into paying for something fake, they may also believe they have real virus protection on their computers when in reality they have no protection at all.

And that $72 million will be recycled by these gangs into even more sophisticated scams that will entrap even more victims and continue the cycle. Some of this money may even end up in the hands of terrorists who have the skills and resource to launch their own fake virus scams, or partner with organizations that can manage them on their behalf.

Links to videos that hide malware are also on the increase, especially on Facebook and Twitter. According to Sophos, nearly 69 million people have viewed the now-infamous YouTube music video Chocolate Rain, a clear sign that curiosity still trumps caution for most users.

The Mac is no longer a safe haven, and scammers are now firmly focusing on all things Apple to take advantage of the surge in use and adoption of Apple products, driven by the huge popularity of the iPhone and iPad. Apple’s success with these products obviously has a very dark side to it, and yet another reminder that wherever the crowds go, so will follow the crooks. You only have to look over your shoulder to spot one. But if you never bother looking, then don’t be surprised if you don’t spot the scam until it’s too late.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser, Neal O’Farrell continues his security update series. Today,he writes about a recent string of Twitter attacks. The moral of the story? Beef up your Twitter and Facebook passwords!

Seems like hackers and scammers are not forgetting about Twitter when it comes to spreading malware, junk and scams. For a while there it seemed like Facebook had become the favorite child but a recent uptick in Twitter scams proves that as long as it’s a popular way to share and communicate, Twitter will always be a target.

In the most recent scam, Twitter scammers are circulating spam offering free iTunes gift cards. And they appear to have even gone to the trouble of actually creating accounts for non-existent users so they can make the scam look as real and convincing as possible. Clicking on the link in the message doesn’t get you to your free gift card, but instead of a variety of web sites, some of them dating sites, that request your personal financial information.

That scam came on the heels of another attack where the scammers used compromised Twitter accounts to spam thousands of users with messages about a get rich quick scam. Clicking on the link in that message took users to web sites designed to look like local newspaper, where fake participants gave glowing testimonials about how much money could be made from these work-at-home schemes.

And only a week ago, thousands of Twitter users received tweets from friends promoting the miracle “beach body diet.” Turns out it was just another Acai berry promo but again it appeared as though many Twitter users had their account passwords compromised.

As usual, these attacks have common threads, and one of the most common in a compromised password. These scams work best when the messages appear to come from friends. And that’s usually achieved by hacking the “friend’s” Twitter account by taking advantage of a weak password.

Lessons learned?

• If you haven’t already done so, beef up your Twitter and Facebook passwords. Ideally they should be 8-12 characters, and a random mix of letters, numbers and even symbols.

• Protect your password at all times and don’t share it with others, even for fun.

• Don’t use the same password for multiple web sites. That’s a common practice and makes it much too easy to exploit mistakes.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Advisor joins us today with a simple procedure to make sure that you’re not unwittingly sharing photos on Facebook.

Facebook is once again on the hot seat over privacy, and this time it’s all over something called facial recognition that the company announced last year but just very quietly introduced in the past few days. In fact, if you’re a regular Facebook user you probably won’t see anything about the new change on your Facebook page, any mention that it even exists, and worst of all, no mention that you’re now opted in to this troubling new feature without your permission.

Here’s how it works. As your friends add more photos to their albums, Facebook’s new technology will try to determine if any of the faces in the photos look anything like you. If they do, Facebook will urge your friends to tag the photo with your name. It’s not your decision, but the decision of the person uploading the photo.

You don’t get to approve any of the tags before they happen, but instead have to go to the trouble of un-tagging any photos you don’t want tagged. This is something that is not explained at all by Facebook.

Facebook probably thought that if they introduced this very controversial feature very quietly, they would avoid any serious media scrutiny and consumer complaints. But as Facebook should have learned by now, nothing goes unnoticed any more.

And now security experts and legislators around the world are once again criticizing Facebook’s sneaky insult to user privacy. According to Graham Cluley of security firm Sophos “Yet again, it feels like Facebook is eroding the online privacy of its users by stealth.”

PC World was even stronger in its criticism “Facebook is officially getting super-creepy,” adding that “the new facial recognition technology, which was announced in December but only introduced to a small test group, is basically Facebook’s way of creating a huge, photo-searchable database of its users. And yes, it’s terrifying.”

And according to PC World, Facebook’s members upload over 200 million photos every single day, adding to the estimated 90 billion photos that already reside on Facebook. Many of the privacy concerns revolve around how easy it could be for inappropriate photos of you to end up being viewed and judged by complete strangers around the world, without your knowledge or permission – photos that may not actually be of you.

“At the end of the day, Facebook’s facial recognition technology is downright creepy,” said Sarah Jacobsson Purewal of PCWorld. But what’s even creepier is how hard Facebook makes it for the average user to disable facial recognition. It even took me quite a while to figure it out, and it’s very obvious that Facebook is doing everything possible to make sure as many users as possible find it hard to opt out and just give up.

Here’s how to opt out of facial recognition – bear in mind, you’re wasting your time looking for any link or reference to facial recognition on Facebook because they absolutely refuse to even use the term.

• Click on the Account link at the top right of your Facebook page and go to Privacy Settings (I really hope this is a place you’re very familiar with!)

• Towards the bottom of the page you’ll see a lonely little link “Customize Settings.” Click on that link and scroll down to “Suggest photos of me to friends.”

• Next to “Suggest photos of me to friends,” click on “Edit Settings>”

• You’ll probably see that this feature has been “Enabled” by default, meaning that if you do nothing, facial recognition will always be turned on.

• Change Enabled to Disabled, and you’re done. At least until the next time Facebook tries another sneaky privacy end-run.

Editors Note: Since writing this article, the Electronic Privacy Information Center (EPIC) has filed a complaint with the Federal Trade Commission, asking the FTC to bar Facebook from using the facial recognition technology.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

In a letter to congress released yesterday, Facebook announced its intention of moving forward with plans to release personal information (phone numbers, email addresses, physical addresses) to 3rd parties. Facebook had actually made this announcement several months earlier, but then backed off implementing the policy amidst public outcry.

The letter from Facebook, written to Reps. Edward Markey (D-Mass.) and Joe Barton (R-Tex.) states, “We have not yet decided when or in what manner we will redeploy the permission for mobile numbers and addresses,” the letter states. “We are evaluating whether and how we can increase the visibility of applications’ request for permission to access user contact information. We are also considering whether additional user education would be helpful.”

The Daily Shield does not want to wait for Facebook to provide that “additional user education.” It’s easy to limit 3rd-party access to your information. Here are our recommendations:

1. In the upper right hand corner of your Facebook profile, click on “Account” and then click on “Privacy Settings”
2. You are now on a page titled “Choose Your Privacy Settings”
3. Under the heading “Sharing on Facebook,” select “Custom.” This allows you to select what information you will share and with whom.
4. Select “Customize Settings”
5. This page allows you to decide who can see and comment on things you share, things on your Wall and things you’re tagged in. At this point, what you share is matter of your own personal choice, but we suggest at a minimum that you select “Only Friends,” for information such as Wall Posts, Relationships, Bio, etc.
6. Scroll down to the bottom of the page and under the Contact Information settings, change the settings for “Mobile Phone,” “Other Phone,” “Address”, “IM Screen Name”, and your email address to “Only Me.”

We at the Daily Shield question the need for even listing information such as your phone number and address on social networks like Facebook. Your real friends already have your contact information, and there is no reason to share that information with the rest of the world. The best defense is not posting your personal information to Facebook at all. The only way to completely eliminate the possibility of 3rd-party applications from accessing your personal information is by not posting personal information to Facebook.

Facebook is a remarkable tool that lets you share information with friends and family. But, it is not a phone book or online directory. Ultimately it all becomes a personal decision. You, and you alone can decide what information you wish to share.

Let’s be perfectly clear. We love Facebook and the power of social networking technology. We at Identity Guard have our own Facebook page, and we use it to pass along information that we consider to be vital for protecting the one thing that makes you uniquely you – your identity. But at the end of the day, each of us has to take responsibility for protecting ourselves. And that protection starts with being constantly vigilant and being careful about the type and amount of information you put out there on the Internet for all to see. Here are some additional tips for staying safe online.

Facebook VP Ellliot Schrage said it best when he commented on a similar privacy uproar last year. He said, “If you don’t want Facebook to share your personal information, don’t share your personal information with Facebook.”

Well said Elliot. We agree. We couldn’t have said it better ourselves.

Want to learn more about identity theft and fraud protection?

Take the first step. Learn more about the flexible and innovative solutions from IDENTITY GUARD®.

The Daily Shield is once again pleased to publish this article by Intersections’ Consumer Security Advisor, Neal O’Farrell.

If you’re still not convinced that it really is a bad idea to post any  suggestive images or videos of yourself on Facebook or any other  online site, or even just email them to friends, maybe this tangled tale  will help change your mind.

A hacker was recently arrested in California after the FBI, California  Highway Patrol and many other agencies concluded their  investigation into a very strange case that included hacking,  impersonation, extortion, and even child pornography.

The accused hacker started his attack by simply trawling Facebook pages looking for women he could target. Once he had identified his targets, and engaged them in online conversation, he approached their email service providers, pretending to be his victims, and guessing the answers to the security questions was able to access their email accounts, change their passwords and lock out the victims from their own accounts.

Now he had complete access to all their email messages and everything the victims had ever sent or received. And apparently in many cases that included nude or semi nude photographs and videos the victims had previously exchanged with friends.

Armed with this treasure trove of potentially embarrassing information, the hacker began the process of threatening and humiliating his victims in complying with his sordid demands. Because he had access to their email accounts, the hacker sent the images to everyone in the victim’s email address book and threatened to post the images more widely – unless the victims agreed to send him even more explicit images of themselves.

A number of victims are believed to have complied with his demands, and in some cases the hacker even posted the stolen images on public web sites, including Facebook. When he was arrested, investigators found more than 3,000 email profiles on his computer, suggesting that the hacker was planning a very large and long campaign of extortion. By the time of his arrest he had already targeted an estimated 170 victims. Investigators also discovered more than 1,000 images and 50 child pornography videos on his computer.

This case is by no means unique and should be a clear reminder that if you ever take very personal photographs or videos of yourself, don’t assume that it’s ever safe to post them on Facebook (or anywhere else online) or send them by email.

It’s also a reminder of just how easy it can be for a complete stranger to guess the answer to your secret questions, take over your email account, and wreak havoc on your life.

Keep informed about the latest threats to your safety. Join our Facebook group.

Take the first step. Learn more about the flexible and innovative solutions from IDENTITY GUARD®.

To learn more about how phishing scams work, and to learn how to spot common phishing schemes, check out this About.com article: How Phishing Scams Work.

If you receive a suspicious email, report it. You can send it to the US Federal Trade Commission at spam@uce.gov.

Here’s our recap of recent phishing attacks and online scams and other items of interest.

We start off our report this week with a report by Symantec. According to their State of Spam and Phishing report for October, phishing attacks increased by 52% during the month of September. Read the Symantec report here.

Criminals seem to be targeting the natural desire of law-abiding taxpayers to not run afoul with the IRS. These two scams illustrate this point:

Avalanche, the largest and one of the most sophisticated criminal gangs on the Web is apparently behind this IRS-related phishing scam. They are sending out emails with headings such as “LAST NOTICE: We decline your Federal tax payment.” The emails claim that the recipient has made an error paying their tax. However, the danger with this particular scam is that these criminals are attempting to download the infamous Zeus Trojan onto your computer. Zeus is a banking Trojan that attempts to steal your online bank login and other personal information. Beware of this scam!

Criminals are also targeting residents of California with another tax-related phishing scam. People in the Pasadena, CC area have reported receiving an e-mail message that claims electronic tax payments were never received by the government.

Meanwhile, in Ohio, the Attorney General there and the Washington County Sheriff’s Office have received complaints of a call being made to area residents where a taped recording says their debit card number has been compromised. Callers are asked to enter in their 16-digit bank card number and PIN. We remind our readers to NEVER, and we mean NEVER give out personal information over the phone. A legitimate bank or financial institution will never ask for such information over the phone. Unfortunately though, this type of scam continues to pop up. Why? Because it works.

We’ve reported this type of scam before, but just today an “employment-related” scam was spotted on Craigslist. This type of phishing scam targets people looking for employment. These criminals are just looking for your personal information in order to commit identity fraud.

And finally, in a survey sponsored by TRUSTe and conducted by Lightspeed Research, we find that many teenagers are still engaging in risky behavior on social networking sites such as Facebook. What kind of behavior? Well, among other things, 68 percent of teens surveyed have at some time accepted friend invites from people they don’t know, with 8 percent accepting all, 34 percent accepting some, and 26 percent accepting rarely. A friend is a friend. Don’t accept friend requests from people you do not know.

If you are a parent, you can download this paper with tips on how to protect your teens on social networks.

And if you are a teen, here are some tips for how to protect yourself online.

Keep informed about the latest threats to your safety. Join our Facebook group.

Take the first step. Learn more about the flexible and innovative solutions from IDENTITY GUARD®.