We are joined once again today by Steve Schwartz, Intersections’ EVP, Consumer Services. In today’s video presentation, Steve shares some very important safety tips to help keep your kids safe online when using social media. We all want to have fun on sites such as Facebook and Twitter. By following a few simple rules, you can make help make the experience both fun and safe for your kids.

Learn more about the growing problem of child identity theft and what you can do about it.

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser Neal O’Farrell shares some security insights into the popular Internet phone service,Skype. Let the caller beware!

If, like me, you’re one of the millions of people who use Skype to make phone and video calls, you might want to be aware of some serious security issues that are emerging.

Researchers at universities in New York, France, and Germany plan to publish a paper called “I Know Where You Are and What You Are Sharing,” at a major internet conference in Berlin next month. The paper promises to outline what many experts believe are major flaws in Skype that could be downright creepy.

The authors claim that the privacy weaknesses they are found are so easy to exploit, a sophisticated high school-age hacker would likely be capable of executing similar attacks.

Here’s just an example of some of those risks:

• When person A calls person B using VoIP, person A is able to determine person B’s IP address, and perhaps even their location and the name of their ISP.

• Attackers can get this information by calling a person and hanging up quickly so the recipient of the call will never even know – there’s no ringing or pop-up window.

• An attacker can make some of these attacks even when they’re not on the other user’s contact list and even when they’ve been blocked from that user’s list.

• By repeating some of the attacks on an hourly basis, the attacker can track the locations and movements of any Skype user over weeks or even months, without the user having any idea that he or she is being tracked.

• Marketers can easily link to information such as name, age, address, profession and employer from social media sites such as Facebook and LinkedIn in order to inexpensively build profiles on a single tracked target or a database of hundreds of thousands.

In one demonstration, the researchers tracked the Skype accounts of about 20 volunteers as well as 10,000 random users over a two-week period and were able to construct a detailed account of a user’s daily activities even if the user had not turned on Skype for 72 hours.

According to their press release “In one example, they accurately tracked one volunteer researcher from his visit at a New York university to a vacation in Chicago, a return to a New York university, lodging in Brooklyn, then to his home in France. ‘If we had followed the mobility of the Facebook friends of this user as well, we likely would have determined who he was visiting and when.’”

The researchers also calculated that it would cost a marketing company just $500 per week to create a database capable of tracking 10,000 Skype users.

Why target Skype? The very same reason hackers have relentlessly targeted Facebook and other social networking sites – because it’s where the crowds are. Skype has more than 500 million registered users and around 170 million active monthly users who use it to make phone and video calls, send text messages, and even use it for corporate video conferencing.

And apparently it’s not just Skype that’s vulnerable but many other VOIP services. The authors of the report claim that “These findings have real security implications for the hundreds of millions of people around the world who use VoIP or P2P file-sharing services. A hacker anywhere in the world could easily track the whereabouts and file-sharing habits of a Skype user – from private citizens to celebrities and politicians – and use the information for purposes of stalking, blackmail or fraud.”

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser Neal O’Farrell shares some important tips to protect your laptop, smart phone and tablet.

One thing we know about hackers and identity thieves is that they always follow the crowds and the data, and as more people use laptops and tablets to run the personal and professional lives these devices are a major target.

And with so many Android tablets now on the market, Android-powered tablets could be exposed to the very same risks as Android-powered smart phones. A recent report by McAfee found a huge spike in Android malware, and Android devices were the top mobile target for scammers.

Laptop theft and loss are far more common than you might think. Research firm IDC reports that around 90% of U.S. firms have reported losing laptops. And the makers of the LoJack laptop recovery service claim that a laptop goes missing about every 50 seconds.

And the loss of a laptop or tablet can be devastating for your employer and your workplace. According to Data Loss DB, a research project aimed at documenting known and reported data loss incidents and data breaches world-wide, more than 30% of data breaches were the result of a lost or stolen laptop, mobile phone, or other portable media device.

So here are some simple reminders of the steps you can take to protect your device from theft and its consequences.

1. Encrypt it! This should be the fundamental rule for every laptop, and many experts argue that all laptops should be encrypted by default. Encryption locks either the entire hard drive or specific folders with an unbreakable code. So if the laptop is lost, the data is safe.

2. Use strong passwords. The next best layer of security after encryption is the password, and while a determined thief might be able to get past your password, it’s still a powerful defense. So make sure that your laptop is set to request a password every time you want start or use it, and make sure it’s a very strong password.

3. Don’t use a laptop case – it’s a bright red flag to thieves that you’re carrying a laptop. Most laptops and tablets are small enough to carry in a briefcase or backpack.

4. Be careful using Wi-Fi – because they’re supposed to be accessible to the public, Wi-Fi networks are also easily accessible to hackers and eavesdroppers. So if you have to use a Wi-Fi network in a public place like a coffee shop or hotel, don’t use it to access anything sensitive like your bank account.

5. Don’t use your laptop to store or move sensitive information. If you lose it, you only have to worry about the value of the device itself and not the harm the thief can do with it.

6. Treat it like a desktop computer. Make sure you always have layers of up-to-date security, including firewall, virus protection, browser security, keylogger protection, and all the other security software that you would expect on a desktop.

7. Don’t forget tablet security. I’m amazed to see how many people are not aware that there are anti-virus programs available for Android tablets. They’re still pretty rudimentary, in part because tablets don’t have the processing power for conventional anti-virus software. But there are a growing number of tablet security solutions available.

8. Use a tracking and recovery service – services like YouGetItBack.com and Computrace will help you track and recover your laptop, tablet, or smartphone, and often for just a couple of bucks a month.

9. Spare the apps – don’t download endless apps just because they’re cool or free. Only download apps you really need and make sure they’re from trusted sources.

10. Most important of all, be careful where you leave them. Laptops and tablets have become such a familiar accessory, often times they get left behind – at hotels and bars, in taxis, at airports. According to an article in PC World, LaGuardia Airport in New York reports that more than 70,000 laptops and PDAs have been left behind by passengers. Just because they’re portable doesn’t mean they’re forgettable.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser, Neal O’Farrell shares some very valuable social networking safety tips today. He comments on a recently published Facebook security guide.

There is a growing collection of guides, web sites, and even Facebook pages devoted to the evolving topics of Facebook security, safety and privacy. And for good reason. In spite of all Facebook’s efforts to keep their users safe, Facebook is still a haven for all kinds of scammers and scams just waiting for careless or busy users to slip up.

The latest arrival is a concise 14-page guide from Facebook and authored by a team of writers with a mixed background of internet safety, online security, and teaching. It’s called “Own Your Space: A Guide to Facebook Security 13 Top Tips for Staying Secure on Facebook” and you can download the complete guide from the link below. If you’re not familiar with the basics of Facebook security, I strongly recommend that you download and use a copy. And especially if you have kids who are already on Facebook or plan to be soon.

Here’s what the authors of the guide offer as their top tips for staying safe – print them out, keep them close, and consult them often:

• Only “Friend” people you know.

• Create a good password and use it only for Facebook.

• Don’t share your password.

• Change your password on a regular basis.

• Share your personal information only with people and companies that need it.

• Log into Facebook only ONCE each session. If it looks like Facebook is asking you to log in a second time, skip the links and directly type www.facebook.com into your browser address bar.

• Use a one-time password when using someone else’s computer.

• Log out of Facebook after using someone else’s computer.

• Use secure browsing whenever possible.

• Only download Apps from sites you trust.

• Keep your anti-virus software updated.

• Keep your browser and other applications up to date.

• Don’t paste script (code) in your browser address bar.

• Use browser add-ons like Web of Trust and Firefox’s NoScript to keep your account from being hijacked.

• Beware of “goofy” posts from anyone—even Friends. If it looks like something your Friend wouldn’t post, don’t click on it.

• Scammers might hack your Friends’ accounts and send links from their accounts. Beware of enticing links coming from your Friends.

And remember, Facebook has its own team and page dedicated to all things security.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser, Neal O’Farrell joins us again today with his take on the recent mid-year cybercrime report by the security firm Sophos. Enjoy, but be careful out there!

Hard to believe the year is already half over. Seems like only yesterday we were talking about a spike in identity theft over the Christmas holidays, and warning consumers to be extra vigilant as tax time approaches.

But it’s been such a busy year for scammers and hackers, it almost becomes a blur. To sort through the fog, security firm Sophos recently published their half year summary of threats and trends, and it should stand as a stark warning of the need to be constantly vigilant.

For example, Sophos claims that since the start of 2011 they have recorded an average of 150,000 new malware samples every single day. That’s works out to one piece of malicious software being discovered every single second, and a 60% increase over 2010.

Sophos has also identified an average of 19,000 new malicious URLs each single day in the first half of this year. That’s a stunning 4.5 new web threats detected every second. And, according to Sophos, 80% of those URLs are legitimate websites that were hacked or compromised by crooks.

The two top exploits favored by these crooks were fake anti-virus software and SEO poisoning – manipulating search engine results to drive users to malicious or infected web sites – and it might surprise you that the majority of these malware sites are hosted in the United States. The U.S. accounts for a whopping 37% of malware hosting web sites, while the next nearest culprit is Russia at just 13 percent.

There has also been a big change in the way people communicate, a change that now works even more in the favor of hackers. Sophos recorded a 59% decline in the use of email among 12-17 year olds, and a 34% decline in email use amongst 24-34 year olds. This is mainly due to a switch to texting and social networks as a way to communicate. And hackers love social networks because they make it much easier that email to launch more targeted and effective attacks. Hardly surprising that 81% of computer users surveyed by Sophos believe that Facebook presents the greatest security risk.

On the subject of social networking risks, Sophos also conducted a poll of nearly 2,000 people on their social media habits and worries. 71% reported that they, or one of their colleagues, had been spammed on a social networking site, 46% had been phished and 45% were sent malware.

“Social networking privacy issues have dominated the headlines in the first half of 2011. With most social networks, the default settings share everything and users have to reset their options to make their accounts more private. This opens up a host of security issues because so many people—both friends and not—have access to your information,” according to Sophos.

The report also highlighted a study by the FBI about how one cyber gang was able to dupe 1 million users into buying fake software, and could have made as much as $72 million from the scam. This is a problem for a lot of reasons. It means that not only were 1 million people duped into paying for something fake, they may also believe they have real virus protection on their computers when in reality they have no protection at all.

And that $72 million will be recycled by these gangs into even more sophisticated scams that will entrap even more victims and continue the cycle. Some of this money may even end up in the hands of terrorists who have the skills and resource to launch their own fake virus scams, or partner with organizations that can manage them on their behalf.

Links to videos that hide malware are also on the increase, especially on Facebook and Twitter. According to Sophos, nearly 69 million people have viewed the now-infamous YouTube music video Chocolate Rain, a clear sign that curiosity still trumps caution for most users.

The Mac is no longer a safe haven, and scammers are now firmly focusing on all things Apple to take advantage of the surge in use and adoption of Apple products, driven by the huge popularity of the iPhone and iPad. Apple’s success with these products obviously has a very dark side to it, and yet another reminder that wherever the crowds go, so will follow the crooks. You only have to look over your shoulder to spot one. But if you never bother looking, then don’t be surprised if you don’t spot the scam until it’s too late.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser, Neal O’Farrell continues his security update series. Today,he writes about a recent string of Twitter attacks. The moral of the story? Beef up your Twitter and Facebook passwords!

Seems like hackers and scammers are not forgetting about Twitter when it comes to spreading malware, junk and scams. For a while there it seemed like Facebook had become the favorite child but a recent uptick in Twitter scams proves that as long as it’s a popular way to share and communicate, Twitter will always be a target.

In the most recent scam, Twitter scammers are circulating spam offering free iTunes gift cards. And they appear to have even gone to the trouble of actually creating accounts for non-existent users so they can make the scam look as real and convincing as possible. Clicking on the link in the message doesn’t get you to your free gift card, but instead of a variety of web sites, some of them dating sites, that request your personal financial information.

That scam came on the heels of another attack where the scammers used compromised Twitter accounts to spam thousands of users with messages about a get rich quick scam. Clicking on the link in that message took users to web sites designed to look like local newspaper, where fake participants gave glowing testimonials about how much money could be made from these work-at-home schemes.

And only a week ago, thousands of Twitter users received tweets from friends promoting the miracle “beach body diet.” Turns out it was just another Acai berry promo but again it appeared as though many Twitter users had their account passwords compromised.

As usual, these attacks have common threads, and one of the most common in a compromised password. These scams work best when the messages appear to come from friends. And that’s usually achieved by hacking the “friend’s” Twitter account by taking advantage of a weak password.

Lessons learned?

• If you haven’t already done so, beef up your Twitter and Facebook passwords. Ideally they should be 8-12 characters, and a random mix of letters, numbers and even symbols.

• Protect your password at all times and don’t share it with others, even for fun.

• Don’t use the same password for multiple web sites. That’s a common practice and makes it much too easy to exploit mistakes.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

The Daily Shield welcomes Steve Schwartz, Intersections’ Executive Vice President, Consumer Services. In today’s podcast, Steve shares his thoughts on location-based services such as Foursquare. These services all do something called “geo-tagging” which can be great fun for you and your friends on social networks. But there is a “dark side” to these services – they also let the “bad guys” know where you are. And that is an unintended consequence that you may not want.

We hope you have enjoyed today’s podcast presentation. Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Standard Podcast Play Now | Play in Popup | Download

In today’s edition of the Daily Shield, Intersections’ Consumer Security Advisor Neal O’Farrell talks about the dangers of social media.

One tweet, one word, one mistake. That’s all it took to not only cost a media executive his job, but also placed the jobs of twenty of his colleagues in jeopardy.

That’s according to a recent story on AP. The first victim to be “twipped up” by the tweeting was the media executive working under contract to Chrysler in Detroit. While stuck and frustrated in traffic clogging the motorway, he used a common expletive in a pretty tame 140 character observation about how bad Michigan drivers really were.

But instead of posting it on his personal twitter feed, it inadvertently made it to Chrysler’s corporate Twitter feed. And the motor city giant was not pleased.

In what some might see as a typical overreaction by an overly sensitive corporate giant, Chrysler went into damage control mode and not only fired the tweeter, but took the entire account away from the media company that employed him.

Which meant twenty of his colleagues also lost their jobs. A very high price to pay for a simple error of judgment. Maybe too high. Certainly this executive’s future in the media business is probably in great doubt, and who knows what damage will be done to the small business that lost such a big account.

But maybe it will backfire on Chrysler too, who may be seen as too sensitive to the small flub and way too insensitive to hardworking locals who may now be joining Michigan’s very, very long unemployment line.

And exactly what was the offending tweet? “I find it ironic that Detroit is known as the #motorcity and yet no one here knows how to (expletive) drive.”

But it does serve as a warning. Nothing you post on social networking is safe or private. Employers are increasingly showing zero tolerance for anything done or said on social networks that might negatively impact their business or reputation.

In September 2010, email security firm Proof Point releases a study that found 20% of companies polled had disciplined employees for social networking mistakes or policy breaches, and 7% had actually fired employees. And in the recent 2011 Javelin Strategy & Research Identity Fraud Survey Report, users of social networks are twice as likely to suffer identity fraud compared to those who do not.

Which may be why more than half the companies polled actually ban the use of Facebook in the workplace, and nearly a third ban LinkedIn.

Want to learn more about identity theft and fraud protection?

Take the first step. Learn more about the flexible and innovative solutions from IDENTITY GUARD®.

The Daily Shield is very pleased to republish the following article from ID Guardian. ID Guardian is the trusted source of information concerning identity exposure, identity fraud, and online security.

If you are like us here at ID Guardian, you may be working on building yourself a social media presence. It could be for community outreach, a ways and means of increasing your business, or simply for fun. With any new technology, though, comes understanding; and sadly Social Media is becoming the proverbial “blinking 12:00 a.m.” of the Internet. People are jumping into networks blindly without a thought (or a care) as to exactly what they are doing. It is as if the buzz words “total transparency” have somehow completely robbed users of common sense, sending unhindered community participants headlong into what they believe is a Utopia of goodwill.

That was before a website shined a halogen lamp on things in an attempt to make people stop and think.

If you have noticed messages appearing on Twitter that read “I’m at Gary’s Burger Bar in Fairfax, VA…” or or “I just became the mayor of Mini-Market…”, you are connected with someone playing foursquare, a third-party site that serves as a Swiss Army Knife of sharing. Similar to BrightKite, foursquare shares on Twitter your current GPS coordinates when you “check in” and then recommends places to go and things to do in your immediate area. As the rest of your network also checks in, your account loads up with easy-to-find meet up places and new things to do wherever you may happen to be. Sounds like fun, doesn’t it?

Did I mention that foursquare is a game, too? With each place you check in from and the more you share, you unlock badges that get you anything from “tweet cred” to free merchandise from participating foursquare vendors. So now, in the spirit of healthy competition, Twitter users are in competition for what badges they can unlock and where they can rule as Mayor. All it costs users is your exact whereabouts.

While tweeting your location may seem utterly harmless (as it happens all the time on the network), there is a hazard involved, particularly as foursquare takes this concept to a new high by providing GPS-coordinates to where you are not at that moment: home.

This revelation attracted the attention of FortheHack, a collection of security professionals who, in turn, developed Please Rob Me, a website that lists players from foursquare’s feed as they check in. From their website, FortheHack developers warn that:

“The danger (in services like foursquare) is publicly telling people where you are. It gets even worse if you have ‘friends’ who want to colonize your house. “Colonizing” means they have to enter your address, to tell everyone where they are. Your address on the internet. The goal of Please Rob Me is to raise awareness on this issue and have people think about how they use services like Foursquare, Brightkite, Google Buzz etc.”

Since the site’s launch on Feb 17, 2010, there has been a heated debate over the ethics of FortheHack. Identity Theft expert Robert Siciliano appeared just last week on CBS calling out the flaws in Social Media and in PleaseRobMe.com. The website Mashable applauded FortheHack’s efforts stating “These guys have a legitimate point. Stories about status updates leading to burglaries are becoming commonplace…” while The Daily Telegraph reports “Privacy campaigners have expressed outrage at the website, which publishes a regular updated stream of ‘opportunities’ by detailing the names of Twitter users, when they left home and where they were currently located. Simon Davies, director of the Privacy International campaign group, said the website’s creators had ‘failed in their duty of care’.”

It is clear that Please Rob Me succeeds in one respect: scaring the pants off Twitter users. Instead of foursquare’s inviting “Check In! Find Your Friends! Unlock Your City!” you are greeted with “Listing All Those Empty Homes Out There! 12 New Opportunities!” Perhaps the only thing more mind-boggling than the website itself is the one pervading fact that Privacy advocates are glossing over: Please Rob Me is not combing Twitter for this data, but simply syndicating (via foursquare) tweets that are being volunteered by its players. This data is not being stolen, but freely given and made public.

That is truly scary.

So before you attempt to unlock that way-cool “Burrito Bandito” badge on a return trip to Chipotle, IDGuardian offers you (without even asking for your whereabouts) a few Twitter tips:

1. For your Twitter profile, avoid using GPS coordinates. When Twitter asks for your location, the closest city or major metro area (e.g., Washington, D.C., Chicago, IL) should work just fine.

2. Disable GPS options in third-party Twitter applications. These are the usual culprits responsible for going into your profile and giving your exact location, be it from your home or wherever you happen to be tweeting. Check the Preferences and Settings tabs of your Twitter applications, both online and on your smartphones.

3. Ask yourself why you want to give away your exact location on an open stream. This works both ways. While we have been talking about foursquare letting people know where you are not, keep in mind that foursquare (and other services like it) is also letting your network know where you are. A real boon for stalkers. Anybody can get on Twitter, and anybody can find you if you are willingly sharing such data on open networks.

4. Don’t be afraid to let people know where you are or what you are doing. Just be smart about it. You can still TwitPic your whereabouts and share with your network; but how much do you really want or need to share? It goes back to the analogy “If you don’t feel comfortable saying something in a crowded room of strangers, it is best not to tweet it.” The same can be applied to your location. Only tweet what you are comfortable with.

It’s okay to share on Twitter. Just don’t check your brains at the door and take a few simple steps to avoid being a target. A few precautions can be a good thing further down the road.

Mashable, The Washington Post, CNN and other Twitter users have all reported this morning that Twitter has asked them to reset their passwords. According to reports, security administrators at Twitter noticed “something fishy” and sent out emails to users whose accounts may have been compromised. Twitter administrators reportedly also changed the passwords on the affected accounts.

The email certainly looks like it came from Twitter.

Twitter Password Reset Email

Something is indeed “phishy” in all of this, since although it has been widely reported, Twitter itself has been unusually silent about this attack. In the past, Twitter is usually out in front whenever they’ve been hit with legitimate denial-of-service attacks or other threats.

However, CNN also reported today that Biz Stone, Twitter co-founder wrote in a January blog that certain sites may be trying to masquerade as Twitter. And he cautioned users to be very careful about clicking on links in emails. He also said that Twitter would proactively reset passwords, and that appears to be what they have done today.

So, what should you do if you receive a suspicious communication from Twitter? Here are a few tips.

1. Check the official Twitter blog.  Twitter is usually very quick to post information here.
2. Check the Twitter status board. Again, Twitter is usually really good about posting information about service outages and problems. This is where you can keep track of this type of information
3. Check which applications you have given permission to access your account. http://twitter.com/account/connections. If there are applications you do not recognize, revoke their access.
4. If you are still having trouble accessing your account, contact @Twitter directly or contact their help desk. They are generally pretty responsive.

Above all . . . you have to be careful. If it looks like a phish, and smells like a phish . . . chances are it is!

We’ll update this blog post when we receive any additional information.