DARK WEB MONITORING

Dark Web Monitoring – Is It Worth The Cost?

Consumers are coughing up anywhere from $10 to $30 per month for identity theft protection. Credit monitoring companies usually include dark web monitoring to their list of services. But is dark web monitoring really worth its salt? Consumers are under the false assumption that they can rely on these credit monitoring companies to keep them protected. THEY CAN’T!

Results of a recent survey by Consumer Federation of America (CFA)

~ 36% of those who’d seen ads for dark web monitoring incorrectly believed identity theft services can remove their personal info from the dark web.

~ 37% mistakenly believe dark web monitoring services will prevent stolen information, sold on the dark web, from being used.

Dark Web Monitoring

What is the Dark Web?

It is the go-to place on the internet where criminals buy and sell stolen personal information. Well known, commonly used internet browsers such as Google Chrome, Firefox or Mozilla won’t get you there. You need a special browser such as Tor. Most of this stolen information is gleaned from criminals that hack into compromised businesses and personal computers. Here’s what these nefarious actors are after: social security numbers, credit card info, usernames & passwords, bank account info, medical info, birth dates, email addresses, names, addresses, phone numbers, etc., etc.

REALITY CHECK!

No one can erase any of the stolen data that ends up on the dark web. No one can prevent your stolen data from being sold or used. Therefore, credit monitoring companies are only able to ‘alert’ you (after the fact) once they discover that your personal info is up for sale on the dark web.

If you’re wondering whether or not your personal info is on the dark web, the answer is YES, of course it is. You don’t need to pay a credit monitoring service to learn that! Hackers stole nearly a half a billion records in 2018 alone!

The Equifax data breach exposed the social security numbers, birth dates and other personal info of 148 million Americans. About 6.4 million records are reported stolen every day. If you’re still not convinced, and want to see the raw data, go here for real time data breach statistics.

Odds are very high that your info has already been bought and sold to numerous criminals on the dark web. You can’t change your social security number or date of birth. With so much of everyone’s info already compromised, individuals must do everything they can to make it more difficult for criminals to use that stolen data.

Does Dark Web Monitoring Have Any Value?

Security experts say dark web monitoring is just a scare tactic used by credit monitoring companies. Fear of the unknown motivates people. Neal O’Farrell, executive director of the Identity Theft Council  says it’s all really “just a smoke and mirrors deal” created by credit monitoring services to justify the monthly fee. O’Farrell states “They keep adding on these extra services that are truly valueless and don’t go to the cause of the problem”.

6 Important Things To Protect Yourself

1.) Check your credit report regularly with all 3 credit bureaus. By law you are entitled to a free annual report from Equifax, Trans Union and Experian. All three companies must provide a free credit report to you, upon request. So, NO EXCUSES – It’s FREE!  Stagger your requests throughout the year by requesting one credit report from one company, three different months during the year.

2.) Place a “Freeze” on your credit file with all three credit bureaus. There is no cost to freeze your credit. So, again, no excuses! Placing a credit freeze prevents a fraudster from obtaining credit in your name. A credit freeze is much more secure than the credit monitoring packages being sold by the credit bureaus and other credit monitoring companies such as LifeLock. Also, don’t let the credit bureaus try to talk you into placing a “Credit Lock” instead of a Credit Freeze”. Credit Locks do not have the same consumer protections that a Credit Freeze provides.

3.) Use two-factor authentication as a secondary firewall to prevent criminals from impersonating you. Also referred to as “2FA” – Two-Factor Authentication is an extra layer of security that requires not only a username and password, but also something that the user has on them like an email address or a cellphone that a code can be sent to. This proves that you are who you claim to be before you can obtain full access to your account.

4.) Use stealth and long passwords (at least 12 or more characters) that are hard to crack. The best passwords are phrases mixed in with symbols, numbers and upper & lower case letters. Don’t use obvious things like, mother’s maiden name, birth dates, addresses, phone numbers or any info that can be gleaned from your social media account. NEVER use the same password for other log-ins. Why? If your password is compromised, a criminal will try using that password to log-in to other websites, like banks, PayPal, Amazon and other commonly frequented websites. Also, be sure to change passwords every so often, especially if you learn of a data breach that affects a website or an account you have with a company.

5.) Monitor your accounts whenever your bank and credit card statements arrive. Be sure to also check your Explanation of Benefits for medical services. Correct any errors you find and report any discrepancies.

6.) Keep your software updated and back up your data. Whenever there is an update available for your software programs, be sure to follow through and perform a timely update. Better yet, set your programs to update automatically. Make a habit of backing up your important files on a regular basis. Back up all files that you wouldn’t want to lose if your computer ever crashed.

There’s no 100% guarantee that following these steps will fully protect you from becoming a victim of identity theft, but it will certainly lower your chances.  Awareness and constant vigilance is paramount in this game of cat and mouse.

You can read a prior article I wrote about Credit Freezes here

INTERNET OF THINGS TICKING TIME BOMB

THE INTERNET OF THINGS – Could Be A Ticking Time Bomb

The “Internet of Things” is a term that describes any gadget, gizmo or tech equipment that is connected wirelessly and controlled over the internet. Some examples of the connected devices that make up the internet of things are webcams, refrigerators, smart TVs, thermostats, copiers, medical devices, automobiles, alarm systems, baby monitors, fitness bands, computers, modems, routers, digital recorders, etc.  For purposes of this article, I will refer to them as “IOT” devices.

Presently, the estimated number of IOT devices is approaching around 5 billion devices. That number is expected to rise to 25 billion by 2020. A study by HP Security Research concluded that 70% of the most commonly used IOT devices had serious security flaws. 90% of these IOT devices were using unencrypted network service and 70% were vulnerable through weak passwords.

Internet of Things
Change the username & passwords on these gadgets

THIS POSES A VERY BIG PROBLEM!

The security flaws common in so many of these contraptions allow any skilled hacker to easily take control of one or more of these devices. Therefore, hackers are constantly searching the web trying to break into one of these IOT devices. Once a hacker gains control of one of these devices, the hacker can then gain access to the other connected devices – that are also connected to your Wi-Fi network.

Many of these devices are really only unsecure because the user doesn’t bother to change the assigned factory settings. They forget or neglect to change the username and password when they connect the device to their home Wi-Fi network. Hackers know the factory default passwords assigned to these devices.

So, if the user doesn’t change the default settings to something long and complex, then that device will be an open invitation to any hacker. Consumers are usually unaware of this and may not know how to even begin to secure these poorly-secured IOT devices. Furthermore, it is often up to the consumer to check to see if the manufacturer has a firmware update available for them to download.

Worse yet, there is no current security standard required of the manufacturers of these devices. Additionally, a lot of these devices are designed and manufactured in foreign countries that really don’t care about security vulnerabilities.

The FTC is starting to take this problem seriously and urging businesses to build better security into their IOT devices. They are also preparing to regulate IOT devices in an effort to protect consumer’s privacy and security.  They specifically want to start by regulating automobiles and mobile-payment methods such as Apple Pay.

TIPS TO HELP PROTECT YOURSELF

  • Don’t store personal information on any device – including your real name.
  • Change the default username and passwords on all of your home network devices.
  • Periodically check the manufacturer’s website to see if a firmware update is available.
  • Use a different complex password for each one of your devices, so that if one device gets hacked, your other devices will not be jeopardized.
  • Use anti-virus and anti-malware software on your home computer network and set them to automatically download any new updates.
  • Keep your smartphone protected – it is the gateway to your car’s connectivity and many other IOT devices. Be sure your smartphone is password protected and has anti-virus and anti-malware installed on it.

For more in depth information about the internet of things, Brian Krebs of Krebs on Security, has an excellent article about this topic. Here’s the link to it:  https://krebsonsecurity.com/2018/01/some-basic-rules-for-securing-your-iot-stuff/

ALSO, be sure to read a previous article I wrote about Router Security

CYBERSECURITY RESOLUTIONS

As 2018 comes to an end, I am putting together my recommended list of Cybersecurity Resolutions for 2019. Although the number of data breaches went down in 2018, the actual number of individuals affected by those breaches dramatically increased.  So, you must continue to remain ever vigilant if you want to protect yourself.

Cybersecurity Resolutions to head off Cyber disasters
Head Off Pending Disasters

Here are some important Cybersecurity Resolutions you should adhere to.

  1. I WILL USE STRONG, LONG, STEALTH PASSWORDS that are unique for each different website. A good password is one that uses a combination of upper and lower case letters, numbers and special characters. Don’t use the same password for different websites. Be creative and don’t use obvious things like your Mother’s Maiden name, your date of birth, street address, your pet’s names, etc. Your social media page will give any scammer clues of what you might use to create a password. So, don’t make it so easy for them to crack it.
  2. I WILL KEEP MY SOFTWARE UPDATED as soon as I am notified that an update is available. If you do so, in a timely manner, then you won’t have to worry about your devices getting compromised. Set your programs to perform updates automatically.
  3. I WILL BACK UP MY FILES REGULARLY. Backing up your files has become an essential security continuity practice. If you are a victim of Ransomware, a Malware infection or even Mother Nature, you’ll be glad you backed up your data to a separate hard drive or thumb drive. Always remove the backup device from your computer after doing the routine backup.
  4. I WILL USE 2 FACTOR AUTHENTICATION WHENEVER POSSIBLE. Also known as 2FAs, it adds a second layer of security onto your account access, by confirming that you are who you claim you are. It also protects you from those who unlawfully attempt to access your account. Not all businesses and online accounts offer this extra security, but take advantage of the companies that do.
  5. I WILL ONLY VISIT SITES THAT BEGIN WITH HTTPS. Not every website, even some popular ones, begin their web address with the more secure HTTPS. It is not safe to enter any of your personal information on a website that begins with HTTP instead of HTTPS. The “S” stands for secure. Security must go hand-in-hand with privacy. There are extensions that you can install to your browser that will only connect automatically to HTTPS versions of websites. For example, try installing “HTTPS Everywhere” on your google browser. It’s what I use.
  6. I WILL HANDLE MY EMAILS CAREFULLY. Repeat after me: I will never click on links or open up attachments in any email unless I am 150% sure that the email is legitimate. Emails are the easiest way a criminal can gain access to your system. Ask yourself, does the email seem fishy? Is the grammar and spelling correct? Does it sound too good to be true? OR does the email contain an urgent message that you must click on in order to solve a problem? These are all telltale signs of a phishing email. If you click on that link, or open that attachment, you will surely infect your computer. Hover your mouse over the sender’s email address and see if it appears legitimate. My advice is to go onto the business’ website by typing in the URL yourself rather than the provided link in the email. Don’t hesitate to call the business to verify that the email is legit. Most companies will never ask you for your personal information.  You’ve been warned!!!
  7. I WILL BE CAREFUL AND THINK BEFORE I POST. Privacy is dead. Whatever you post is open season for anyone who wants to exploit that information. Sharing details of a personal nature can be dangerous. Criminals can and will use your information against you. The information you so freely give away online, can be used to access your accounts or steal your identity. Tone down the stuff you post about yourself or people close to you.
  8. I WILL KEEP ABREAST OF THE LATEST CYBERSECURITY THREATS AND SCAMS. Knowledge is power! The more you know the more you’ll be able to protect yourself and your loved ones.
Cybersecurity Resolutions to help lprotect your data
Everyone is after your data! You must protect it.

So, there you have it.  If you follow these Cybersecurity Resolutions, you’ll be a whole lot safer from scammers, crooks and fraudsters in 2019.  Stay safe out there and Happy New Year to all.

KEEP ONLINE DATA SAFE

It’s important to take several steps to help keep your online data safe. During the holiday shopping season, shoppers are looking for the perfect gifts. At the same time, criminals are looking for sensitive data. This data includes passwords, credit or debit card numbers, financial accounts and especially Social Security numbers.

Online Data on Santa's List

Anyone with an online presence should do these few simple things to protect their identity and keep online data safe from predators and fraudsters.

  • Shop at familiar online retailers. Generally, sites with an “s” in “https” at the start of the URL, are secure. Users can also look for the “lock” icon in your browser’s URL bar. That said, some criminals may get a security certificate, so the “s” may not always mean a site is legitimate.
  • Avoid unprotected Wi-Fi. Users should never do online financial transactions when using unprotected public Wi-Fi. Wi-Fi is never private. Unprotected public Wi-Fi hotspots may allow thieves to view your transactions. Use a virtual private network to keep your data private.
  • Recognize and avoid phishing emails that pose as a trusted source. These emails can come from a source that looks like a legitimate bank or even the IRS. These emails almost always include a link that is tainted or takes the user to a fake website. From there, the thieves can steal usernames and passwords.
  • Keep a clean machine. This includes computers, phones and tablets. Users should install security software to protect against malware that may steal data or install Ransomware. This software also protects against viruses that may damage files. Be sure to always keep your software updated and set them to update automatically.
  • Use passwords that are strong, long and unique. Experts suggest a minimum of 10 characters. Use a combination of upper-case and lower-case letters plus some numbers and symbols mixed in. Use phrases or a sentence. It is most important that you ALWAYS use a different password for each of your important online accounts.
  • Use multi-factor authentication when available. Some financial institutions, email providers and social media sites allow users to set their accounts for multi-factor authentication. This means users may need a security code, usually sent as a text to their mobile phone, in addition to a username and password.
  • Sign up for account alerts. Some financial institutions will send email or text alerts to an account holder when there is a withdrawal or change to their accounts. Generally, people can check their account profile to see what added protections may be available.
  • Encrypt sensitive date and protect it with a password. People who keep financial records, tax returns or any personal information on their computer should protect this data. Users should also back up important data to an external source. When disposing of a computer, mobile phone or tablet, it is extremely important that people make sure they wipe the hard drive of all information, including their printer, before disposing or trashing.

For additional tips, read my previous article about how to Shop Safely on Cyber Monday

SHOP SAFELY ON CYBER-MONDAY

If you intend to do any gift shopping online, here’s some suggestions to help you shop safely on Cyber Monday.

Cyber Monday is a marketing term for the Monday after Thanksgiving. Wikipedia defines the term Cyber Monday as a day created by marketing companies to persuade consumers to stay home and shop online instead of having to brave the large crowds on Black Friday.

Cyber Monday shopping online

Cyber Monday is quickly becoming one of the most lucrative shopping days of the year for retailers. They will be promoting great deals through their websites and social media channels. But, consumers need to know how to shop safely on Cyber Monday and beyond…

First, you must make sure you are on a trusted legitimate website from a well-known retailer. Be careful not to misspell the website name. Imposters intentionally create fake websites using a misspelled name of a legitimate merchant or a name that is very similar to a legitimate retailer.

Next, you should be sure that the website address begins with HTTPS. The ‘S’ in HTTPS means that the website is using encryption to safeguard the personal information you enter when making your purchase. You can also use a browser plug-in called “HTTPS Everywhere”, for a more secure internet experience.

Once you decide to make a purchase, the merchant will ask you to begin by setting up an account. People mistakenly believe that if they use the “check out as a guest” feature, it means the merchant won’t store their information or add them to their email marketing list. Yes – they will!

There are 3 steps required in the process of shopping online and tips on how to safely navigate them:
  • You need to provide an email address. The retailer needs an email address so they can contact you if there’s a problem with your order. Instead of providing your usual regular email address, create a throwaway email address. You should just use this throwaway email address whenever you’re shopping online.
  • You need to create a Password. This is the single biggest security step consumers need to take to protect themselves online. It’s extremely important to create a stealth password. Preferably one that a cybercriminal can’t crack! A good password can mean the difference between keeping your personal info secure or handing it over to a hacker. Always use a unique separate password for each of your online accounts. Make your password long and nonsensical. Make up a sentence or silly phrase using upper and lower case letters and mix in numbers and symbols.
  • You need to pay for your purchase. There are various methods you can use to pay, such as a credit or debit card, gift card or mobile payment. But the safest recommended way to pay is by using a low-limit prepaid card for all of your online purchases. When you use a low-limit card, crooks won’t be able to make additional charges on it. This is especially important for any purchase that involves free trial offers or recurring charges. Never use your debit card online because it is tied to the money in your checking account. You will have very little recourse if your debit card gets compromised. Keep these tips in mind, so you can shop safely on Cyber-Monday! I hope you find some really good holiday bargains!