Whether you realize it or not, you expose a lot of your personal information online and even through the technologies you use. From information posted to social networking sites to data sent over unsecured wireless networks, you reveal bits of information that hackers can piece together to either scam or impersonate you.

This information is currency to hackers because it allows them to get what they want—your money. Or worse, a criminal can take your information and make you look really bad and completely tarnish your good name.

With your Social security number they can open various lines of credit under your name and never pay the bills, thus damaging your credit rating and creating a lot of work to for you to clear your name.

If they hack in to your devices and get your usernames and passwords then they can wreak some serious havoc. Banks accounts can be emptied, social media and email accounts can be used to scam your friends or disparage you or your loved ones, and if they access your medical accounts or history, you could be denied services when you need them most.

What all this means is you have to protect your devices and protect your personal information to avoid this from happening. To help protect yourself you should:

• Use a firewall – Firewalls filter information from the Internet to your network or computer, providing an important first line of defense. If you have a home wireless network, make sure that the firewall on your router is enabled, and use a software firewall to protect your computer.
• Use comprehensive computer security – Because there are a variety of ways in which hackers can access your information, you need to make sure that you employ a comprehensive security solution like McAfee^® All Access to safeguard all of your devices.
• Educate yourself – Keep up to date about the latest scams and tricks cybercriminals use to grab your information so you can avoid potential attacks.
• Use common sense – Follow the old caveats about not clicking on links in emails and instant messages from people you don’t know, and always exercise caution when it comes to sharing any sensitive information.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

Shortly thereafter, he received a $2,400 check from a major chemical company and was confused about why the check was so much more than the amount he listed and why it was coming from a chemical company.

If you ever run into this, rip up the check. This is advanced fee fraud, or a shipping scam. I explained to him that he would undoubtedly be receiving an email requesting that the difference be paid to shipper via a wire transfer.

But why send a check for $2,400, and why from a chemical company? It was probably the only seemingly legitimate check the scammer on hand from a “business.” If you fall for this scam, you end up sending $2,250 back to the scammer and you never get paid on the $2,400 check.

The day after we spoke, he received this email:

“Hello XXXX,

The check has been delivered, thanks for your honesty towards this transaction so far. Well, the overpayment is meant to cover the cost of shipment for the item alongside my other properties including tax and insurance plus the movers and agents fees.

Please deposit the cheque today so that it clears tomorrow after the check has cleared, All you have to do is go the bank and have the rest of the money withdrawn in cash and have it sent to the movers via wire transfer.

Do let me know your schedule for the week regarding pickup as i have some other properties to be moved alongside the item. Please do act accordingly as agreed after deducting your money for the item, make the rest fund available to the movers via money gram Money Transfer at any of their outlet around you or check on moneygram.com and check for their outlets around and get back to me with the transfer details below (as it appears on the receipt) so i can contact the movers for the pick-up at your location ….Deduct the money gram money transfer charges from my fund also $50 for yourself (meant for any hassle or run around).

1) Sender’s name and address

2) Reference number {which is the 8 digits number on the Money Gram receipt}

3) Actual amount sent after the fee had been deducted

Hope i can trust you with the overpayments? Your Honesty and transparency will be appreciated”

The vast differences in the sale amount of the item versus the amount of the check are a huge red flag. Another thing to pay attention to is the email itself. It’s full of bad grammar and has some inconsistencies in wording that should be a warning sign to you.

This scam works on a small percentage of people who are naïve and by their nature are overly trusting of others. Help put a stop to this kind of fraud by learning about these scams and making an effort to educate others on the risks and pitfalls of phone, email, snail mail and web based scams.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. Disclosures.

Although it may be easy to jump to (wrong) conclusions, especially regarding attribution of these attacks, a number of disturbing facts remain:

• Many actors have an interest in knowing what stories will be published in advance, ranging from stock brokers to nation states
• Revealing reporters’ sources by way of hacking into their accounts may have dire consequences for the sources, including torture and death. Most countries have laws protecting them for this very reason, but hacking circumvents all protection.
• News outlets are rather small companies with limited budgets and limited resources for protecting their networks against determined attackers
• News organizations are extremely vulnerable to attacks in which malicious code is supplied to employees by way of email attachments or links in email. Reporters use email and online sources all the time. It’s part of their daily business.

What can news and other organizations do to protect themselves?

By now it should be clear that relying only on endpoint security in a standard configuration is not enough to stop determined attackers with enough resources and skills. We need additional controls and monitoring to defend against them. Remember, they can try a thousand times and need to be successful only once. In defense we need to be successful every time. Watching who accesses data and from where, monitoring network traffic, and being suspicious about unusual activities (who exactly in your network is supposed to upload gigabytes of data to somewhere on the Internet?) are key to detecting and blocking such attacks. A security information and event management (SIEM) solution can be helpful there, especially if your human resources for monitoring are limited.

How many publications outside the United States have been victims of similar attacks? It’s very likely publications around the globe are being attacked or “pwned” as I’m writing this. You may want to check for anything unusual and protect against attacks that could hit you as well.

I think people are starting to pay more attention because the media is paying more attention – and focusing on the subject a bit differently than it had in the past.  Today, it seems that instead of focusing on the dramatic after-effects of poor Internet security, the media seems to be staying on top of the trends and reporting the news in a way that educates and prepares the public.  I’m especially pleased because providing proactive education is really the lifeblood of McAfee. 

Then, I got the call to share some of McAfee’s predictions with ABC 7 News, KGO-TV, San Francisco.  It was great.  The reporter, Dave Louie, did a very good job extracting the key points from the Threat Predictions Report, asking very relevant questions, and developing the story around some predicted mobile threats.  You see, according to our researchers, some of the most destructive threats to consumers will hit them where they practically live and breathe:  on mobile phones and tablets. 

The story included excellent background on the rise of Internet threats and then focused on the latest mobile malware and how some very common user behavior can result in the propagation of big problems.  The new target is the mobile device with near-field communication (NFC) that can now be used as a payment device with a simple swipe.  Mobile malware enables the bad guys to then tap into the bank account being accessed by the device – making it easy to steal money and information via tap-and-pay NFC.

And, this same type of malicious code will soon be used to spread the infection whenever it reaches proximity to another mobile device – being called “bump and infect.” The infection just moves from mobile device to mobile device – especially easy to accomplish in very populated places like malls and concerts.  It’s a vicious and malicious cycle.

The ABC 7 news report focused mainly on mobile worms and tap-and-pay, but touched on the McAfee Labs’ prediction around mobile phone ransomware “kits” that allow criminals without programming skills to extort payments from unprotected users. 

Short interviews and news stories like this one provide very easy-to-digest bits of information to help raise awareness about what users can do to stay protected.  To get more details about mobile threats and what else is on the horizon – like large scale network attacks and hacking as a service – take a look at the 2013 Threat Predictions Report.

Cyber criminals are no dummies.  If it is easier to attack from the inside, why not innocuously get inside first, then launch your attack.  Intrusion prevention systems (IPS) are tuned to look for outright attacks in the network flows coming into the infrastructure.  They do not usually look for attacks originating from the inside.  Delivering a malware file, especially to an IPS that is looking for attacks and not file delivering, is not typically seen as malicious.

Delivering an unknown payload into an infrastructure is actually easier than delivering a known payload.  Why?  Most security products focus on finding things they know to be bad – looking for known patterns of malware is exactly what pattern matching is all about.  Recompiling a malicious payload after some minor adjustments often obscures the pattern, meaning the payload is unknown and passes through the defenses.

It pays to be patient.  Security products typically do not have a long attention span.  Though stateful, firewalls hardly spend more than a second making a determination about a flow before moving on to the next flow.  IPS solutions, traditionally, may spend a little more time on flows they examine, but we are still talking about seconds.  So malware that installs, but patiently waits for minutes, hours or even days will typically evade any stateful behavior monitoring by network security.

Taking these things into consideration, not only are targeted attacks becoming the choice for cyber criminals, but delivering a malicious file that can launch its nefarious activities from the inside the defenses is on the rise.  Malware fits this trend, and in fact, the overall threat trends (see the 2013 Threat Predictions, by McAfee Labs) show that malware is on the rise.  Fortunately, paying attention to the trends, McAfee Network Security Platform is poised to defend against malware in ways no other IPS can.  Stay tuned to find out more.

Hackers tend to spend less time on platforms that have a smaller user base, so they can blanket a larger set of users with their attacks. For years, mobile was a minority platform. In 2012 however, this changed forever. India, in May, became the first country where mobile internet traffic surpassed desktop traffic for the entire country[2]. All signs point to the rest of the world following right behind. The U.S. for example, experienced 50% YoY growth in smartphone users, reaching 172 million. China also experienced 50% growth, but trumped U.S. subscribers at a total base of 270 million. Total world smartphone subscribers: 1.14 billion[3].

Mobile officially stepped out of the minority in 2012. It’s not just Apple behind this growth either- Google’s Android platform has grown at nearly 6x that of the iPhone over the 16 quarters since its launch[4]. Normally, I wouldn’t make a distinction between mobile software platforms – they all help connect the world no matter the OS. Unfortunately, the majority of mobile malware is currently found on the Android platform. With explosive growth, the world needs to prepare for this new platform as a point of entry for attackers seeking valuable information.

Smartphones and tablet computers are going to reshape the way we interact with the internet and our information – it’s easy to see how they have already. Stepping into 2013, it’s time to reimagine not just how we work and consume media, but how we view these devices. Gone are the days when a mobile device was only a phone. Now, to our benefit, we have pervasive connectivity not only to people, but to information as well. It’s important that we realize the impact of this change, and take action to protect our information wherever it resides.

In a business environment, the mobile device can create significant vulnerability. Whether a smartphone, tablet, or off-network laptop – likely these devices were not kept in mind when designing the corporate network. Data can be lost. Devices can get infected. Security policies set in place are often bypassed entirely, opening up new holes to network infrastructure. This does not have to be the reality.

Just as advances in mobile technology have connected the world, security technology continues to evolve to bring these devices into the organization securely. With advanced Web Security, devices can be protected on and off network, access to the cloud can be controlled, data loss to cloud applications averted – all encompassing an evolved set of policies that protect businesses in the new reality of computing. Stay safe in 2013. Learn more about our any-device approach to Web Security here.

So, as parents of teenagers (who can freely join Facebook from the age of 13) it is not really a question of ‘Should They Be Online?’ but rather ‘How To Keep Them Safe Online’. Protecting your privacy and managing your reputation should always be the highest priority when you are online. But, when you are 15 and completely consumed with friends, parties and new shoes; privacy and reputation are not really on your radar!

Here are a few of my favourite tips for helping my boys stay safe on Facebook.

1. Only befriend people you really know – Cybercriminals can pretend to be teens with the aim of stealing your personal information. Block anyone who threatens or harasses you.
2. Passwords – Create a strong password (use numbers, symbols and spaces) and change it regularly. Never share it!
3. Set the security settings on your profile to ‘Only My Friends’ to help give you control over who has access to your info and pictures.
4. Monitor pictures you have been tagged in. Under your profile picture, you can click on ‘photos of you’ to view. Ensure any inappropriate pictures are removed and untag yourself from pictures that you aren’t comfortable with. You might also be interested in checking out McAfee Social Protection – an app for Facebook that protects users’ photos from being shared without their permission.
5. Never share personal information (such as your date of birth) on your Facebook page. This could help a cybercriminal create a false identity or provide clues to your passwords.
6. Never ‘Check In’ or post information about an upcoming holiday. Why give people information about when your home will be empty!
7. Think before you post! Your online life forms your digital reputation and could affect school leadership positions and job prospects down the track.
8. Treat others the way you would like to be treated online. No exceptions!

If you are feeling a little unsure as to whether you should ‘stick your nose’ into your teen’s business, let me assure you that their online life is absolutely your business. As parents, we are responsible for our kids both offline and online.

So, strap them in the car (so they can’t escape) or buy them hot chips – whatever you need to do so you can talk with them about Facebook safety.

And remember, you are not being nosey – you are doing this because you love them!

One Key to Unlock Them All

To understand how these locks work (and how they can be hacked), you can think of your hotel lock as a doorman. For the doorman to let you in, you need a password – the password stored in the keycard given to you by the hotel front desk. When you swipe your keycard, the doorman verifies that your password is correct, and the door opens.

Hackers take advantage of this system by creating a gadget that can essentially read the doorman’s mind. For about $50, hackers build a device that plugs into the power port under your hotel lock (if you run your fingers under your lock, you’ll be able to feel the port if it’s there). Once plugged in, the gadget retrieves the correct password, and the hotel door opens.

What is particularly unsettling about these hacks is that they’re cheap, easy, fast, and effective. The gadget is small, it can be disguised as a harmless object like a marker, and it can unlock a door in the blink of an eye. With attractive payoffs like laptops and other expensive devices left in hotel rooms, it’s not hard to see how this vulnerability could pose a serious threat to travelers.

Staying Secure While Away: How to Prevent Device Loss and Theft

In a recent Intel survey, 77% of respondents ranked losing their laptop while traveling as more stressful than losing their wedding ring, and 62% were actively worried about losing a laptop or having it stolen. There’s no question that our devices have become an integral part of our lives, and there are a couple basic, easy steps that can protect your information from device loss and theft while traveling.

1. Keep valuables out of plain sight.

Even if a thief does break into your hotel room, their skills can only go so far. During your hotel stay, store devices in a safe if the hotel provides you one. This adds a second layer of protection that thieves (and even skilled hackers) are unlikely to crack. This best practice will also protect you from crimes of opportunity; leaving an expensive laptop in plain sight while hotel room staff comes in and out is always a recipe for trouble.

2. Back up your data.

Before you hit the road, back up your data in the cloud or on a device that stays at home. This includes anything you would be sad to lose in the event of device loss or theft – family photos, business information, a copy of your senior thesis, etc. Many solutions out there can schedule these data backups for you.

3. Add contact information to your lock screens.

While thieves are certainly out there, there are many good people who find lost phones and do want to return them to their owners. This can be extremely difficult if you’ve followed security best practices and enabled a screen lock. To help out, list a phone number or an email account on your lock screen where a Good Samaritan can contact you if they find your device.

4. If your device goes missing, track it down with geo-tracking software.

One particularly useful feature of many new devices is internal GPS. By enabling tracking solutions, you can locate your lost device on a map. This can help determine whether your device was stolen or simply misplaced.

5. If the device is gone for good, wipe it for good.

If you’re 100% certain that you device was stolen or lost forever, pull a James Bond move and tell it to self-destruct before anyone can steal your information. Software like McAfee Mobile Security can accomplish this task by sending a “kill pill” message to remotely delete all data on your device’s memory.

Solutions like McAfee Mobile Security that offer functionality like automatic data backup, remote data wipes, and geo-tracking are certainly an important way to protect mobile devices while on the go. These capabilities are also available with McAfee All Access, which protects your PCs, Macs, smartphones, and tablets. Still, the best step you can take is to stay aware of your surroundings. Whether you’re at the airport or the hotel, if something looks suspicious, report it. Keep valuables locked up and out of sight, and stay up-to-date on the latest threats and preventative measures.

For more on this topic, I hope you’ll check out the Intel infographic below, and be sure to follow us on Twitter @McAfeeConsumer.

Safe travels!

Alas. No rethink required. Rebecca had not developed a new hobby but had instead become a victim. Her email had been hacked.

Poor Rebecca was devastated. She just couldn’t work out how this had happened to her. She had Internet security software that she thought was safe as it had only recently lapsed, she had never shared her passwords with anyone and she didn’t think she had ever visited any strange websites.

So what went wrong? Well, unfortunately, hackers are a particularly clever species who have an array of ways of gleaning personal information from law abiding citizens such as Rebecca. Here are just a few of the ways you can prevent your email from being hacked:

1. Don’t fall victim to a phishing scam. Never respond to an unexpected email or website that asks you for personal information or your login details no matter how professional it looks.
2. Make sure you have comprehensive internet security software (that includes anti-spyware), and please keep it updated! Spyware hides itself on your computer, collects personal information about you and passes on your personal details without you knowing.
3. Avoid logging into your email from public places. Not only is there a greater chance of spyware on untrusted computers but some of them sport key logging programs which monitor and record the keys you strike on the keyboard – a great way of finding out your password!
4. Create strong passwords that include a variety of characters including numbers and symbols. Check out McAfee’s Security Advice Centre for some tips on how to create a strong password.
5. Never share your passwords and change your passwords regularly – at least every 6 months.

If your friends develop a sudden fascination with nether regions and enhancements, and are bombarding you with emails, please give them the benefit of the doubt and assume their email has been hacked. If not, it may be time to rethink your opinion of them!

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

*My dear friend’s name was changed to protect her privacy.

Our team at McAfee Labs pays close attention to these reports, because zero-day exploits are, by nature and by name, brand new – never before seen in the wild. This means that the attack occurs on day zero of awareness of the threat, and that developers have had zero days to address and patch the vulnerability. This leaves systems at risk until a security update can be released to users.

The Bigger Picture: A Web of Illegal Online Commerce

While a few recent exploits have certainly thrown the cyber black market into the spotlight, the concept is not new to those of us in the security industry. It’s no exaggeration to say that we’re looking at the next frontier of organized crime, quickly creeping up on the illicit drug trade as one of the most lucrative criminal enterprises in the world. In 2011 alone, the trade of personally identifiable information like credit card numbers, email addresses, and phone numbers, earned hackers a cool $388 billion.

Particularly in Russia, hackers can now make a substantial living by building and selling malicious software known as malware. Just how easy is it for bad guys to get their hands on dangerous material? You might be surprised. A basic Distributed Denial-of-Service (DDoS) attack, which can completely paralyze critical websites and computers, may cost just $10 per hour – about the same as a light lunch.

ZeuS, a notorious financial services Trojan, is also sold on the black market. It allows hackers to siphon off passwords or steal confidential documents for the low, low price of $300. Even inexperienced hackers can buy their way into the game by purchasing sophisticated tools from seasoned professionals. For just $200, Average Joe down the street could launch a large-scale email phishing scam to install malware on all his neighbors’ PCs.

And for those hackers on a budget, there are plenty of free tools available online for creating malware along with “How To” videos on YouTube.

The Good News: All is not lost!

Users at home can take a bite out of cyber crime.  There are a few simple steps that can help keep your computer and personal information safe.

1. Use Security Software. The most important thing you can do to keep your computer safe is to install and keep up to date security software, which will help protect your computer from viruses, spyware, Trojans and other malware. Programs like McAfee All Access can both scan and remove viruses on computer and mobile devices as well as monitor for suspicious activity.
2. Update Often. Equally important is making sure ALL software on your computers and mobile devices are up-to-date. While it may be tempting to put off a download for another day, many hardware and software updates contain critical security patches.
3. Use Safe Search. There are lots of products available to notify you that you are going to a website that likely has malicious software that can be downloaded to your computer.  SiteAdvisor is a free tool from McAfee that color codes your search results and social media links to protect you from going to bad websites.
4. Know what to do if your information is stolen. If you suspect that any of your confidential information is at risk, acting quickly is the best way to limit the damage. From monitoring your accounts for unusual activity to creating an Identity Theft Report in the case of a serious breach, the FTC has put together detailed guidelines to help users take a stand against cyber crime.

For more information on this topic and other cyber security trends, be sure to follow our team on Twitter with @McAfeeConsumer.