Intersections’ Consumer Security Adviser Neal O’Farrell writes today about current efforts by the FCC to improve Internet security. But, is it going too far? Read on!

In an effort to protect the broader internet from the carelessness of a few, the Federal Communications Commission (FCC), among others, is proposing a much broader adoption of something I’ve been encouraging for years – encouraging ISPs to take a greater role in protecting the Internet from the mistakes or carelessness of their own customers.

The idea is that ISPs would use a variety of tools to detect PCs that are infected with dangerous malware like bots, warn the owners of those computers about the infection, and help them clear it up. If the owner fails to clear up the infection, or becomes a repeat offender, the ultimate sanction could deny them access to the internet until they clear up their act.

It sounds draconian, and the FCC is not yet going that far. But it’s already beginning to happen and may even be a good idea. As one commentator put it, when bad guys manage to infected thousands of personal computers and get them to work together, they have in effect a highly dangerous cyber weapon capable of causing significant damage to other computers and networks.

If you’re not protecting your computer, it can easily be infected by all kinds of malware – malware that’s becoming increasingly sophisticated. When criminals are able to infect enough computers to create a botnet, or network of bot-infected computers, they can then use that network to attack web sites, hide porn, and share stolen identities. Essentially use your personal computer to run their criminal enterprise.

Which is why the Federal Communications Commission is working even harder to encourage more IPSs to get tough on careless users. And some are paying attention. A couple of years ago Comcast announced the launch of Constant Guard, a free protection service for its customers that now includes bot detection – although so far it doesn’t go as far as blocking Internet access for infected users.

But now the FCC wants all IPS to take part in this fight. In a recent speech, FCC Chairman Julius Genachowski commented that “ISPs can play a significant role in the battle against botnets. They can increase customer awareness so that users can look for signs that their computers are being used as bots, detect infections in customers’ computers, notifying customers when their computers have become infected, and offer remediation support.”

He added that ISPs can and must do this in a way that does not compromise consumers’ privacy and that if other ISPs employed similar best practices, it could significantly reduce the botnet threat.

And while he didn’t go as far as suggesting more draconian measures if consumer education doesn’t work, many security experts, including myself, believe sanctions against the worst and deliberate offenders are only a matter of time.

The best way we can all avoid moving in such an extreme direction is to take greater responsibility for protecting our own little corner of cyberspace. Guard your computers well – it’s actually quite easy and you have no excuse not to.

The easiest options are to use multiple layers of malware-protecting software and most of this is now free. Keep your computer constantly patched and updated – this is also free and automated so you have to do little. And make sure you update your browser. The latest browsers have lots of great security tools built in that can offer solid defense against most of the threats that want to take over your computer.

I’ve had the honor of being a member of the FCC’s Cyber Security Working Group and I know how dedicated the FCC is to making the Internet safer for everyone. But they can’t do it alone, and they shouldn’t have to. Don’t force your ISP to get tough with you. Protect your own corner of cyberspace and we all win.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

In today’s post, Intersections’ Consumer Security Adviser Neal O’Farrell shares the results of a recent study on social network safety and security. Bottom line? People are becoming less “social” on social networks. Read on!

We’ve been monitoring and writing about the issues surrounding social networking safety and security for many years. During that time, we’ve been very concerned that no-one was really getting the Facebook safety and security message. We’re glad we were wrong, because according to a recent survey by the Pew Research Center’s Internet Project & American Life, users of social networking sites (or SNS) are becoming more careful and acting more cautiously.

According to Pew “Social network users are becoming more active in pruning and managing their accounts. Women and younger users tend to unfriend more than others.” About two-thirds of internet users now use some kind of social networking site, Facebook and Twitter being the most popular.

Of these users:

• 63% of them have deleted people from their “friends” lists, up from 56% in 2009.

• 44% have deleted comments made by others on their profile.

• 37% have removed their names from photos that were tagged to identify them.

• 67% of women who maintain a profile say they have deleted people from their network, compared with 58% of men. Likewise, young adults are more active “unfrienders” when compared with older users.

• A majority of social network site users – 58% – restrict access to their profiles and women are significantly more likely to choose private settings.

• More than half of social networking site users (58%) say their main profile is set to private so that only friends can see it.

• 19% set their profile to partially private so that friends of friends can view it.

Unfortunately, some people just don’t get the security message. At least one in every five social networking user says their main profile is set to be completely public. Women who use SNS are more likely than men to set the highest restrictions (67% vs. 48%).

The personal security situation could be even better, and safer, if users didn’t have so many problems figuring out how to master their privacy settings. Half of SNS users say they have some difficulty in managing privacy controls. Those with the most education report the most trouble. In all, 48% of social media users report some level of difficulty in managing the privacy controls on their profile, while 49% say that it is “not difficult at all.”

Regrets? Seems like some social networking users have had a few. According to the study:

• About one in every ten social networking users have posted content they regret.

• Male profile owners are almost twice as likely as female profile owners to profess regret for posting content (15% vs. 8%).

• Young adults are also more prone to say they regret some of their social media postings; 15% of profile owners ages 18-29 say they have posted content they later regret, compared with just 5% of profile owners ages 50 and older.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

Although it’s barely a month into 2012, there is a lot going on with security and privacy on the world’s most popular social networking site – Facebook. Intersections’ Consumer Security Adviser, Neal O’Farrell is here today to give us an update on several new Facebook security issues.

2012 has already been an interesting year for Facebook security, with the emergence of some dangerous new scams and the unmasking of one of Facebook’s most notorious cyber gangs.

In case you never heard of Koobface, it’s a piece of malware that first emerged in 2008 and quickly infected millions of users. Users were tricked into downloading the malware by clicking on infected links on Facebook pages with messages like “Lol, is this you in this video?” These users were then enlisted into a giant international bot network of hijacked computers, at one point numbering close to one million computers, which in turn were used to engage in a variety of criminal activities that including pedaling fake anti-virus software.

The Koobface gang, as they became known, were able to generate millions of dollars in criminal gains, and all the while working out in the open, in plain sight, in the Russian city of St Petersburg. Until January 16th, when the New York Times and other outlets identified the five members of the gang and posted their photos across the world.

Apparently that did the trick, because Facebook just reported that they had finally wiped all traces of Koobface from Facebook, and that the command and control servers used to manage this massive criminal network appear to have gone silent.

But if everyone knows who these criminal are, and have known for some time, why were they not arrested? In a statement from Russian authorities, the answer is simple – no-one ever bothered to ask them to investigate or arrest them. While that’s probably not the case, and Russian authorities have probably known about and tolerated the gang for years, it reminds us once again why so many of the world’s most notorious hacking gangs work unimpeded from behind the Russian border.

But that might have been the only good news on the security front for Facebook. Just last week we talked about a dangerous new worm called Ramnit, which had apparently been merged with the highly dangerous Zeus banking Trojan and stealing Facebook passwords in the expectation (probably correct) that many Facebook users use the same password on other sites. Like their online banking.

And that was followed by a Facebook ransomware attack, where Facebook users received messages claiming that as a result of some unusual activity their Faceook account had been suspended and they would have to pay a fee of around $30 in order to unlock it.

There are some important lessons to be learned here:

• Probably the only way to defeat all these Facebook threats that keep emerging is for everyone to stop using Facebook. Criminals are only targeting Facebook because it’s easy to pick the pockets of such large crowds.

• It’s like playing whack-a-mole with criminals. As soon as one gang or piece of malware has been neutralized, another takes its place. And often the replacement has learned from its predecessors, adapted itself, and become even more potent.

• It’s still down to users. Facebook is doing all it can (I assume) to counter all these threats. But if you really do love Facebook, you can help – by being more cautious, vigilant, and cynical when it comes to any unusual messages you receive. And of course, a strong and well-protected password would be greatly appreciated too.

You can read details of the compelling Koobface expose here.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser Neal O’Farrell provides his comments and analysis of the recent privacy settlement between Facebook and the Federal Trade Commission (FTC). A must read!

As a result of numerous complaints from a number of privacy advocates and organizations, the FTC finally launched its own investigation into Facebook’s privacy claims and failings. According to the FTC’s own statement, which announced the settlement on November 29th 2011, Facebook allegedly made many promises that it did not keep:

• In December 2009, Facebook changed its website so certain information that users may have designated as private – such as their Friends List – was made public. They didn’t warn users that this change was coming, or get their approval in advance.

• Facebook represented that third-party apps that users’ installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users’ personal data – data the apps didn’t need.

• Facebook told users they could restrict sharing of data to limited audiences – for example with “Friends Only.” In fact, selecting “Friends Only” did not prevent their information from being shared with third-party applications their friends used.

• Facebook had a “Verified Apps” program & claimed it certified the security of participating apps. It didn’t.

• Facebook promised users that it would not share their personal information with advertisers. It did.

• Facebook claimed that when users deactivated or deleted their accounts, their photos and videos would be inaccessible. But Facebook allowed access to the content, even after users had deactivated or deleted their accounts.

• Facebook claimed that it complied with the U.S.- EU Safe Harbor Framework that governs data transfer between the U.S. and the European Union. It didn’t.

Speaking about the issue on his Facebook page the very same day, Facebook founder Mark Zuckerberg insisted that “Overall, I think we have a good history of providing transparency and control over who can see your information. That said, I’m the first to admit that we’ve made a bunch of mistakes.”

At the same time he announced the appointment of two privacy officers – reminds me of Sony’s announcement that after more than half a century in business it finally decided it would be a good idea to hire a head of security, only after hackers stole nearly 100 million user accounts. Better late than never, I suppose.

The settlement requires that Facebook can no longer conduct business as usual when it comes to privacy, cannot make any further deceptive privacy claims, and must get users’ approval before it changes the way it shares their data.

Specifically, under the proposed settlement, Facebook is:

• barred from making misrepresentations about the privacy or security of consumers’ personal information;

• required to obtain consumers’ affirmative express consent before enacting changes that override their privacy preferences;

• required to prevent anyone from accessing a user’s material more than 30 days after the user has deleted his or her account;

• required to establish and maintain a comprehensive privacy program designed to address privacy risks associated with the development and management of new and existing products and services, and to protect the privacy and confidentiality of consumers’ information; and

• required, within 180 days, and every two years after that for the next 20 years, to obtain independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order, and to ensure that the privacy of consumers’ information is protected.

It doesn’t look like Facebook has to pay any fines or suffered any other punishments. It’s simply on privacy probation for at least the next 20 years.

Read the full statement from the FTC.

To keep up to date on Facebook privacy issues, Facebook has its own team and page dedicated to all things security.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

In today’s article, Intersections’ Consumer Security Adviser Neal O’Farrell asks the question “is the economy helping cybercriminals?” Read on to find the answer!

A recent report from security firm Panda Labs found that in the last three months alone it has detected more than five million new types of malware. That works out to an average of one new type of Trojan, virus, and other malicious program discovered every 1.5 seconds.

Because of the way most anti-virus programs work, once a virus is discovered the anti-virus companies have to rush to write a piece of code or signature that must then be downloaded as quickly as possible by billions of users around the world in order to keep that particular piece of malware out.

That means that many of these viruses can easily make their way on to unprotected computers before the programmers have time to push out the updates. And with many anti-virus companies struggling to grow their profits, it could mean that as malware grows in volume and sophistication, anti-virus companies may have to spend less on updating their software.

And if you don’t believe in such perfect storms, take a close look at the identity theft wars. As identity theft continues to grow, and become more sophisticated, cash strapped police departments no longer have the resources to investigate these crimes. Which only encourages and emboldens more thieves.

The Panda Labs report seems to support this notion. The most powerful and dangerous type of malware, and the type most favored by organized crime for its ability to steal passwords and break into bank accounts, is the Trojan. And according to Panda three out of every 4 new types of malware discovered in the last three months was a Trojan.

Which probably explains why Trojans were responsible for the majority (63%) of infections in the last three months. Trojans are very efficient bank robbers, and the payoff can be enormous. Two cybercrooks from the Ukraine were just sent to prison in the United Kingdom after they were convicted of using exactly this type of malware to steal more than $4 million from bank accounts in just six months.

On a related note, the Panda Labs report also found that the countries with the worst infection rates were China, Taiwan, and Russia. In China, for example, it’s believed that more than half of all PCs are infected by malware.

And traditional attacks like phishing are not going away. Within days of a warning by the American Bankers Association of an unexplained spike in phishing attacks, security researchers had identified a new type of phishing attack that looks like it comes from a well-known bank and offering recipients $35 to complete an online survey.

According to security firm Sophos, the email asked for so much highly confidential information it should be a warning sign. According to Sophos, the email questionnaire asked for:

• Social Security Number
• Card number
• Card expiration
• CVV
• ATM PIN
• First, Middle and Last name
• Email (ironically they mailed you the form)
• Address
• Mother’s maiden name
• Place of birth
• Birthday

And an increasingly common way to spread phishing emails and infect users with this kind of malware is trusty old spam. The irony is that much of the spam in circulation today comes from the computers of innocent users. Spammers use botnets to infect unprotected computers and use them to relay spam to other users. And unfortunately, it appears that the United States still holds the top spot when it comes to relaying spam.

The bottom line? The easiest way to lose a battle is to just walk off the battlefield. As many companies and industries struggle just to survive, they’re cutting back on security. According to this year’s annual Global Information Security Survey, conducted by PricewaterhouseCoopers, nearly 10,000 executives around the world were asked about their plans to make security a priority. Sadly just 11% said that they planned to make data protection a top priority.

Cyber-crooks are taking full advantage. Not only are they developing even more sophisticated malware, they’re deliberately overloading businesses and consumers with so many attacks, something has to give.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

We are joined once again today by Steve Schwartz, Intersections’ EVP, Consumer Services. In today’s video presentation, Steve shares some very important safety tips to help keep your kids safe online when using social media. We all want to have fun on sites such as Facebook and Twitter. By following a few simple rules, you can make help make the experience both fun and safe for your kids.

Learn more about the growing problem of child identity theft and what you can do about it.

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser Neal O’Farrell shares some security insights into the popular Internet phone service,Skype. Let the caller beware!

If, like me, you’re one of the millions of people who use Skype to make phone and video calls, you might want to be aware of some serious security issues that are emerging.

Researchers at universities in New York, France, and Germany plan to publish a paper called “I Know Where You Are and What You Are Sharing,” at a major internet conference in Berlin next month. The paper promises to outline what many experts believe are major flaws in Skype that could be downright creepy.

The authors claim that the privacy weaknesses they are found are so easy to exploit, a sophisticated high school-age hacker would likely be capable of executing similar attacks.

Here’s just an example of some of those risks:

• When person A calls person B using VoIP, person A is able to determine person B’s IP address, and perhaps even their location and the name of their ISP.

• Attackers can get this information by calling a person and hanging up quickly so the recipient of the call will never even know – there’s no ringing or pop-up window.

• An attacker can make some of these attacks even when they’re not on the other user’s contact list and even when they’ve been blocked from that user’s list.

• By repeating some of the attacks on an hourly basis, the attacker can track the locations and movements of any Skype user over weeks or even months, without the user having any idea that he or she is being tracked.

• Marketers can easily link to information such as name, age, address, profession and employer from social media sites such as Facebook and LinkedIn in order to inexpensively build profiles on a single tracked target or a database of hundreds of thousands.

In one demonstration, the researchers tracked the Skype accounts of about 20 volunteers as well as 10,000 random users over a two-week period and were able to construct a detailed account of a user’s daily activities even if the user had not turned on Skype for 72 hours.

According to their press release “In one example, they accurately tracked one volunteer researcher from his visit at a New York university to a vacation in Chicago, a return to a New York university, lodging in Brooklyn, then to his home in France. ‘If we had followed the mobility of the Facebook friends of this user as well, we likely would have determined who he was visiting and when.’”

The researchers also calculated that it would cost a marketing company just $500 per week to create a database capable of tracking 10,000 Skype users.

Why target Skype? The very same reason hackers have relentlessly targeted Facebook and other social networking sites – because it’s where the crowds are. Skype has more than 500 million registered users and around 170 million active monthly users who use it to make phone and video calls, send text messages, and even use it for corporate video conferencing.

And apparently it’s not just Skype that’s vulnerable but many other VOIP services. The authors of the report claim that “These findings have real security implications for the hundreds of millions of people around the world who use VoIP or P2P file-sharing services. A hacker anywhere in the world could easily track the whereabouts and file-sharing habits of a Skype user – from private citizens to celebrities and politicians – and use the information for purposes of stalking, blackmail or fraud.”

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser Neal O’Farrell uncovers the secret contained in the recent 2011 Microsoft Intelligence Report. What’s the secret? It’s the user’s fault!

There are two schools of thought on the topic of consumer security awareness. One school suggests that all the malware and scams in circulation are far too advanced for consumers to understand and therefore prevent, and consumers should instead entirely trust technology to protect them. The most vocal proponents of that side of the argument are, not surprisingly, the companies that sell security technologies.

The other side of the house believes that consumer education, awareness, and vigilance are key to preventing or avoiding many, if not most, attacks. That’s the side of the argument I sit on, and so should you. Your vigilance, and your acceptance that you have significant responsibility for your own protection, are key to avoiding some of the most common attacks.

Think about it for a moment. Would phishing emails – the ones that pretend to be from your bank to try and trick you out of your password – even work if people just ignored them? Would infected email attachments work if users never just opened them? And would passwords still be a weak link if people made them stronger.

There are so many examples of just how important user awareness, vigilance, and participation really are. And one of the key words is vigilance. Awareness is no longer enough, because I think it’s safe to assume that most consumers are aware that there are risks and that there are something they should and shouldn’t do.

But vigilance is about being aware at exactly the moment that counts – thinking security before you create or use a password, before you respond to an email, before you open an attachment, or before you visit a web site.

And there’s plenty of evidence out there to how a lack of awareness and vigilance are being exploited. A recent study by Microsoft found that nearly half of all malware Microsoft detected when it scanned more than 600 million computers used tricks on the user in order to succeed. With security firm Trend Micro reporting one new type of malware every half second, that’s a lot of focus on user exploitation.

The study also found that that around 90% of all exploits targeted vulnerabilities that were known about and patched for more than a year. Which probably means that most users are just forgetting to update their software – one of the easiest way to protect yourself. In fact, although users are warned repeatedly about the need to update their browsers, Microsoft reports that nearly half of Internet Explorer users still use vulnerable out-of-date browsers.

And if the security experts recognize this weakness, so do the bad guys. Cybercrooks across the world are experts at social engineering – creating tricks that consumers are likely to fall for. These crooks expect you to make the wrong choice, whether it’s to forget about updating your browser or security software, falling for phony emails or Facebook requests, or letting your caution overcome your curiosity.

They won’t waste a moment taking advantage of a mistake you can make in a split second. So they’re worst fear is that you take a moment – to stop and think before you make a decision and use that pause to make the right decision instead of the wrong one. If you pause, think, and chose the other, safer path, you win and they’ve just wasted all that time and money.

Network World said what many others might want to. In a recent article on Microsoft’s report, they simply concluded “wise up stupid users!”

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

There are news reports almost daily about how hackers are able to gain access to the bank accounts of innocent victims and rip off thousands and thousands of dollars. In today’s article, Intersections’ Consumer Security Adviser Neal O’Farrell explains what you need to do to keep your hard-earned money out of the hands of hackers and criminals. A must read!.

The title of this article could just as easily have been “How to make half a million bucks a month from the comfort of your computer.” I was reading recently about how a twenty-something hacker from Russia managed to steal more than $3.2 million in just six months simply by pushing out malware designed to sneak on to unprotected computers, steal banking passwords, and empty bank accounts. His efforts paid off to the tune of around $17,000 a day, give or take.

The hacker goes by the nickname Soldier, and according to research by security firm Trend Micro, he managed to infect more than 25,000 computers in the three months leading up to June of this year using a malware toolkit that is freely available on the internet.

His success, at infecting so many computers and making so much money in such a short timeframe, should be a warning to every consumer to be ever vigilant when it comes to online banking. Soldier is one only of probably thousands of hackers using the same or similar crime kits to plunder online bank accounts.

So if you want to avoid being Soldier’s next victim, here are some simple tips to beef up your defenses.

1. Lock down your computer. Every computer should be protected by multiple layers of security, including anti-virus and other malware protection, encryption to protect your data, browser security to steer you away from malicious web sites etc.

2. Beef up your passwords. Weak passwords are your worst enemy – make them strong, random, and original. No sense in creating one strong password and then using it for every web site you know.

3. Sign up for alerts. Most financial institutions provide email or text alerts when certain things happen with your account – a transfer is attempted, an ATM withdrawal is made, or a check more than a certain amount is presented. Sign up for these alerts because they can be your earliest warning that something’s not right.

4. Be very careful with the apps you use. Apps are great, especially if they’re free. But apps are the wild west of security, with little control over who makes and sells them, and how securely the code is written. So use as few apps as you need and only from trusted sources.

5. Think twice about mobile banking. While banking from your smart phone sounds like a great idea, it’s still in its infancy and new security holes are being discovered daily. If you’re not completely confident about the security of your smartphone, stick to doing your online banking from a computer you do trust. Or at least trust a little more.

6. Don’t access your bank account over a public Wi-Fi network. It’s very easy to snoop on any computers using Wi-Fi networks in places like coffee shops and hotels. So much better to wait until you get home before checking your balances or paying bills.

7. Limit access to your computer. The fewer people who have access to your computer, the less risk you have of compromise. So it might be smart to ban family members from using the computer you use to bank online. That way, you won’t be at risk from their mistakes or bad habits.

8. Consider using a separate computer just for online banking. That’s the advice of the security expert who discovered the first banking Trojan a couple of years ago. If you use a separate computer just for online banking, you reduce the risk of malware sneaking on to your computer through drive-by downloads, infected attachments etc.

9. Use a keylogger prevention system, like PRIVACYPROTECT® which comes free with your IDENTITY GUARD® TOTAL PROTECTION(SM) membership, to protect your passwords from being snooped upon. Keyloggers are able to sniff and steal logins and passwords by monitoring what you type on your keyboard, but products like ID Vault allow you to bypass the keyboard and enter your login credentials using a virtual keyboard instead.

10. Take Facebook security very seriously. It’s not only an easy way for thieves to deliver the kind of malware that can steal your bank account login and password, it’s also a great way for thieves to find the answers to the most common “secret” questions – like the city you were born, your first pet, favorite teacher, and mother’s maiden name.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser, Neal O’Farrell shares some very valuable social networking safety tips today. He comments on a recently published Facebook security guide.

There is a growing collection of guides, web sites, and even Facebook pages devoted to the evolving topics of Facebook security, safety and privacy. And for good reason. In spite of all Facebook’s efforts to keep their users safe, Facebook is still a haven for all kinds of scammers and scams just waiting for careless or busy users to slip up.

The latest arrival is a concise 14-page guide from Facebook and authored by a team of writers with a mixed background of internet safety, online security, and teaching. It’s called “Own Your Space: A Guide to Facebook Security 13 Top Tips for Staying Secure on Facebook” and you can download the complete guide from the link below. If you’re not familiar with the basics of Facebook security, I strongly recommend that you download and use a copy. And especially if you have kids who are already on Facebook or plan to be soon.

Here’s what the authors of the guide offer as their top tips for staying safe – print them out, keep them close, and consult them often:

• Only “Friend” people you know.

• Create a good password and use it only for Facebook.

• Don’t share your password.

• Change your password on a regular basis.

• Share your personal information only with people and companies that need it.

• Log into Facebook only ONCE each session. If it looks like Facebook is asking you to log in a second time, skip the links and directly type www.facebook.com into your browser address bar.

• Use a one-time password when using someone else’s computer.

• Log out of Facebook after using someone else’s computer.

• Use secure browsing whenever possible.

• Only download Apps from sites you trust.

• Keep your anti-virus software updated.

• Keep your browser and other applications up to date.

• Don’t paste script (code) in your browser address bar.

• Use browser add-ons like Web of Trust and Firefox’s NoScript to keep your account from being hijacked.

• Beware of “goofy” posts from anyone—even Friends. If it looks like something your Friend wouldn’t post, don’t click on it.

• Scammers might hack your Friends’ accounts and send links from their accounts. Beware of enticing links coming from your Friends.

And remember, Facebook has its own team and page dedicated to all things security.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.