Spring is here and for many that means gearing up for a bit of rest and relaxation with a spring break vacation or, at the very least, planning a fun-filled trip in the summer months to come.  However, the planning shouldn’t stop at selecting your dream destination and accommodations.  Unfortunately, identity thieves are everywhere, and are especially known to target unsuspecting tourists who are loose with their personal information.

Taking the time to protect your identity is a ‘must do’ to ensure your dream get-away doesn’t turn into a nightmare. Here are some tips that can help:

1. Think ahead about the money you’ll need for the trip and carry cash and/or travelers’ checks.  This will prevent you from having to access unfamiliar ATM machines.  If you must use the ATM, use one at a real bank and cover the keypad when inputting your pass code.  Make sure no one is nearby with a cell phone camera and check that the ATM doesn’t have any strange attachments above or below the card slot.
2. Lighten your load and carry only what you really need.  That means only carrying the credit cards, cash and travelers’ checks you will need for the day.  Also think twice about carrying around your passport.  Anything that isn't necessary for the day can be left in the hotel safe.
3. Protect your mobile devices.  With banking online increasingly becoming the norm for many, it’s important to password protect this and other personal information we carry in our smartphones, tablets and laptops, in the event they are stolen or lost.

Fun and adventure should be the focus during your special time away from home, but a bit of forethought implementing these steps can help you steer clear of a world of problems, not only during your vacation, but well beyond it.

Many websites force you to add these numbers and special characters as a tactic to keep your account from being hacked. This is a great tactic because passwords that are common words like “orange” can be hacked within minutes while passwords that contain characters such as “J4s>rd” are virtually unhackable.

However, the problem with these ultra secure mix of characters and letters is they are hard to remember. This causes many people to keep a list of passwords handy, thus undoing the security gained by having unhackable passwords.

So how do you create a password that is both secure and memorable? Well, you may be surprised to find out that three words or a phrase is more secure than a random string of numbers and characters. For example, as a password the phrase “this is fun” is 10 times more secure than “J4fS<2.” In fact, using nonsensical jibberish is even more secure. “Du-bi-bu-bi-di” is virtually unhackable, yet could be easily remembered.

So consider updating all of your passwords to memorable phrases that consist of three words or more. This will help keep your accounts from being compromised in the future.

If the website you’re using doesn’t allow for spaces in passwords, consider using dashes: “sharing-is-caring.”

In addition to updating your passwords, there are a host of steps you can take to keep your privacy and identity safe. Check out our other myID blog posts and resources to stay up-to-date on news and tips to manage your privacy, identity and reputation online.

Resource:

http://www.baekdal.com/tips/password-security-usability

The FBI won a major victory against cyber crime recently when a U.S. judge issued a warrant allowing them to seize a number of computers inside the U.S. that served as control centers for an international botnet ring dubbed Coreflood which had been previously used to commit millions of dollars worth of fraudulent bank wires.

Coreflood is a botnet, which describes a network of computers owned by innocent, unwitting Americans that has been infected with the botnet's virus. Using control centers like the ones seized by the FBI, foreign criminals can use the infected computers to capture banking information, send mass e-mails, deliver viruses to other computers, or engage in cyberwarfare like a "distributed denial of service" attack.

In this case, authorities believe they have seized enough of the control computers to severely limit the botnet's spread, which had already reached an estimated two million computers located in the United States. However, there are a number of known botnets that continue to operate. Readers should take immediate precautions to prevent infection in order to protect their banking information.

First, readers are encouraged to ensure their virus scanner is up to date and active. Many computers come with a virus scanner trial, but yours may have expired. There are a number of extremely good, free antivirus solutions available, including Panda Antivirus and AVG. These come highly recommended by security professionals, and, since they are free, no user should be without one.

Second, readers are encouraged to install a malware scanner to ensure that their computers have not been compromised by worms, adware, or other malware. Most security professionals recommend AdAware, which is free.

Third, Microsoft Windows users must take steps to update their operating system regularly, as Microsoft often releases patches for botnets that are effective at stopping botnet proliferation. To update your system, click Start, select Find, and type in Windows Update.

Botnets are one of the most dangerous tools in a cyber criminal's arsenal. Criminals routinely upgrade, change, and modify their botnets from their control center PCs in order to ensure that the botnets evade detection. This makes catching the criminals involved difficult, and completely eradicating the botnet nearly impossible. The FBI's seizure of the control center computers is likely to have a major impact on the Coreflood botnet, but whether or not it will reemerge as a new, undetected botnet is anyone's guess.

1. Being asked to wire money out of the country, which is commonly disguised as a request from a family member or friend.
2. Unexpected correspondence from a financial institution or firm that you do business with. Most banks do not communicate via e-mail. If there is actually a problem with your account, they will call instead. You should always respond to these e-mails with a call or by e-mailing the listed support e-mail from the company’s Web site, not by clicking a link to “fix” the problem.
3. When your browser tells you that you might be visiting an insecure site. Modern browsers do a pretty good job of detecting scam Web sites. If it says the Web site might be insecure, double-check everything, including the URL, the link you clicked to get there, and the site you clicked over from.
4. Bots often send automated instant messages or shoot e-mail correspondence back and forth with you. If you don’t recognize someone, and they seem to be ignoring your questions, a quick question like “What’s 2+4?” will at least tell you whether there is a real person on the other end of the line.
5. Be wary any time the URL of an offer does not match the business that the offer seems to have originated from. Entering your Visa number on visacreditcheck.com, rather than simply visa.com, is a common mistake. Also be wary of URLs that look like http://www.visa.com.128444.ru. This is not the official Visa Web site.
6. Never fall victim to scare tactics, pressure, or threats from a phisher. Protect your privacy and don’t be afraid to say no.
7. Secure websites feature the SSL icon, which looks like a padlock, near the URL. These sites have been authenticated by a trusted third party.
8. Always remember that there are two properties to a hyperlink – the text of the link and the URL of the link. A link with a text like “http://visa.com” that points to “128444.ru” may appear to be an authentic link. In most cases, hovering your mouse over the link will show its URL – right-clicking and selecting Copy Link also works.
9. On social networking sites, even if it looks like your friend sending you a message, remember that their account might be compromised. Always call to confirm before sending money to a friend who asks for it on a social networking site or via e-mail.
10. If it sounds too good to be true, it probably is. This goes for items priced far below their suggested retail price, offers to buy items for more than you’ve listed them, the promise of a windfall, etc.

Identity Theft Protection with MyID
MyID protects against identity theft with instant identity theft notifications. MyID’s “Is This You?” feature alerts you if your information is used to open a new account. MyID also creates a summary report with flags for risky identity activity and provides you a myID Risk Score – letting you know how at-risk you are for identity theft.

A change in the way Facebook handles personal information privacy may have already placed your child’s personal information at risk. How did something like this happen? Facebook's new policy creates egregious privacy concerns. Facebook, who, ironically, does not verify or maintain detailed identification information for Application Developers, now allows any Developer to get mailing addresses, names, and phone numbers from users’ Facebook profiles. Facebook does require users to grant permission to these apps, but many of these apps require this permission to be granted in order to function at all or offer bonuses to users who share their information. Further, some apps are disguised as interesting links and are instantly installed on one’s facebook profile – where they access personal information – when that person clicks the link to read the article.

As such, developers have full access to minors’ profiles as if they were adults. Because Children's Online Privacy Protection Act (COPPA) only protects users under 13, users over the age of 13 could be victimized by any predator capable of creating an app targeted at children that can scrape names, cell phone numbers, and addresses.

According to experts, “Anyone with ten minutes, $25, and a Facebook user's phone number and address and no other information can obtain a breathtaking amount of information about that Facebook user – and that Facebook user's family, friends, neighbors, and landlord. Combined with a targeted Google search, these two pieces of information can allow someone to obtain almost all of the information necessary to complete a loan or credit card application. It is hard to contemplate all of the different ways in which this information could be abused.”

Privacy specialists like myID are not convinced that Facebook offers adequate protection against identity theft. First, experience tells us that many twelve-year-olds claim to be old enough to use Facebook, often to access content blocked to underage users. Second, the 13-to-17 age bracket has little or no protection except that which is provided by external services like myID. The myID identity theft monitoring system scans Facebook for personally identifying information and alerts you when your information is leaked. Security experts urge you to consider the safety of your entire family by realizing that the only secure alternative to an identity theft monitoring service is preventing your family from using Facebook altogether.

Facebook boasts more than 500 million users, a staggering statistic considering that the social networking giant has come under serious scrutiny in recent years over privacy concerns. This scrutiny has resulted in Facebook undergoing several changes, including the establishment of a new Help Center to advise users on the best ways to stay safe and protect their privacy online. Still, one wonders if after all that, we’re still at risk. Below is a list of several hidden risks to using Facebook.

1. You are what you post. If you write about a night full of drinking, your online reputation could be tarnished. You could be labeled as a party animal, and employers are watching. According to a 2009 survey conducted by Microsoft, 79% of hiring managers and job recruiters in the United States review online information about perspective employees, and 70% of those surveyed said they’ve actually rejected applicants based on their findings. Similarly, negative posts about your current job, employer or coworkers could lead to you being fired.
2. You are what your friends post. If a friend talks about drinking and drugging 24/7 or posts inappropriate remarks on your wall, consider removing them from your friend list in order to avoid looking guilty by association.
3. Third parties may view your profile. Always keep personal information like your birthdate, social security number, address, phone number, marital status, etc. off your profile for this reason.
4. Facebook apps can put your privacy at risk. Be cautious when using Facebook applications because many insist that you give them access to your entire profile and wall postings. They could share your information with other third parties and put your privacy (and your friends’ privacy) at further risk.
5. Facebook ads could contain malware. Clicking on an advertisement may lead to a virus. Facebook does its best to screen all their advertisements, but dangerous ads sometimes get through, putting you at risk.
6. Your profile is viewed by many people. Unless you’ve changed your privacy settings, a lot of people can view your profile.  Check your settings on a monthly basis to ensure that your privacy is protected at all times.
7. Your photos identify you. Scammers can easily identify you from your photograph. Think twice when posting personal photos unless your privacy settings are secure and frequently managed.
8. Your username may put you at risk. Using your real name as your username can help scammers identify you or locate you offline.
9. Revealing your location may put you at risk. Divulging your whereabouts, even just within your status, could make you vulnerable for an in-person confrontation, a home robbery, or put you at risk for cyberstalking.

We want to know what you think! Were you aware of these potential dangers of using Facebook?  Do you have any to add to our list? Start the conversation by posting a comment below.

There have been several highly publicized cases of Craigslist crime in the news recently, including theft, rape, sex trafficking, and even murder. We all heard about the 2009 “Craigslist Killer,” Philip Markoff, the Boston University medical student who pled not guilty to fatally shooting Julissa Brisman and the armed robbery of another woman, both at Boston hotels. More recently, Brandon Kent allegedly killed a 26-year-old man after visiting his home to see a motorcycle posted for sale on Craigslist. There’s no question that the dangers of Craigslist are real, but its seemingly casual atmosphere can mislead people into thinking they are safe.

Here are some tips to help you and your loved ones stay safe using Craigslist:

1. Beware of scammers. If you find a normally expensive item on sale for very little, you may be reading the work of a scam artist. Keep an eye out for ads by scammers who disguise themselves as legitimate job recruiters. Steer clear of emails that ask for personal information or have attachments and links for you to click on, as these may be phishing scams. When in doubt, don’t respond to any suspicious emails.
2. Protect your privacy. Avoid giving out any personal information such as your full name, social security number, address, employer name, birthday, etc. Divulging this type of data could put you at risk for burglary, identity theft, and cyberstalking.
3. Create an email address specifically for Craigslist. If you post a “For Sale” advertisement, use the anonymous email address that Craigslist offers rather than posting your own email address.
4. Never give out your telephone number. Use your cell phone number or consider investing in a pre-paid cell phone, so your address can never be traced.
5. Trust your gut. If a job posting or focus group gig seems too good to be true, then it probably is. Stay away from dealing with out of state or international buyers. If you are using Craigslist to find love, check out our online dating safety tips. Learn to listen to your instincts because your internal alarm clock could truly save you.
6. Meet in a public place. If you are meeting somebody to sell or buy goods, always agree to meet in a safe public environment during daytime hours.
7. Bring a friend. When meeting a Craigslist poster in person, always bring a buddy or at the very least, tell somebody where you are going and who you are meeting.
8. Never let anybody into your home. If you must give out your address (which is not recommended) because you are selling a large item like furniture, make sure people meet you outside of the home. Bring the pieces into a garage, driveway, porch or anywhere else out in the open to avoid strangers coming directly into your house or apartment.
9. Report threats. If you come across a posting that is misleading, fake or inappropriate, Craigslist encourages its users to “flag” it. Similarly, if you receive a harassing email, or your personal information is published online without your consent, report the issue directly to Craigslist via their Help Section. If you are a victim of cyberstalking, consider reporting the harassing communication to the police.

Craigslist’s communal nature and “free” postings certainly make it a convenient marketplace to barter goods and find jobs, within limits.  If something doesn’t feel right, back out of it. Your personal safety is never worth the risk.