Talk of the Town Podcast: Staying Safe Online #5

Welcome to HakProof.com. This site is my attempt to reach out beyond the physical classroom to the community at large to help each of you increase your personal SQ or Security Quotient.  Today was my fifth visit to WHTC 1450 AM radio station in Holland Michigan to be a guest on the daily show, Talk of the Town.

Click on Link to access the Podcast, of my time on today’s show:

http://whtc.com/podcasts/talk-of-the-town-today/99/cyber-security-expert-james-allen-oct-12/

I promised the listeners to provide an outline of what we talked about today. Hopefully, you will also find the information beneficial.

  • Check if you have an account that has been compromised in a data breach:
    • https://haveibeenpwned.com/
      (Does not cover all data breaches.)
  • For Yahoo email users wanting to move their email to a new, more secure, service:
    • Good services to move to:
      • https://Gmail.com (Google)
      • https://Outlook.com (Microsoft)
      • Make sure you use a different password when setting up your new account.
    • Since Yahoo has decided to block email forwarding, you are left with fewer option to let people know your email address has changed.
      • One way is to email everyone in your address book letting them know of the change.
      • Another is to set Yahoo’s automatic out-of-Office/Vacation reply notifying anyone who emails you that your email address has changed.
        • http://email.about.com/od/yahoomailtip1/qt/How_to_Set_Up_a_Vacation_Auto_Reply_in_Yahoo_Mail.htm
        • The problem with the last method is that services that you have signed up for will not be able to respond to your reply notice. You will need to go to each site and change the email address used to access the site or newsletter.

Until next month… (November 30, 9:30am)

Talk of the Town Podcast: Staying Safe Online #4

Welcome to HakProof.com. This site is my attempt to reach out beyond the physical classroom to the community at large to help each of you increase your personal SQ or Security Quotient.  Today was my fourth visit to WHTC 1450 AM radio station in Holland Michigan to be a guest on the daily show, Talk of the Town.

Click on Link to access the Podcast, of my time on today’s show:  http://whtc.com/podcasts/talk-of-the-town-today/99/great-timing-cyber-security-expert-james-allen-sept-14/

Today’s subject matters:

  • Fake tech support phone calls:
    • No matter how persistent they are about wanting to help you, do not allow them to access your computer.
  • 70 credit card skimmers found at Michigan gas stations:
    • Pay cash when possible. Pay inside with your card if you are concerned about the pump you are using.
    • Verify that the pump has an unbroken security seal. If it is broken or does not have one, then don’t insert your card into that pump.
    • Use center pumps, since they are less likely to be tampered with, but still not guaranteed.
  • Your smartphone is tracking you:
    • Both Android and iPhone, monitor and archive your movement using GPS and WiFi.
    • This feature goes beyond location services, which are used to help you find a nearby restaurant or other such niceties.
    • To view your iPhone’s tracking go to:
      • Settings -> Privacy -> Location Services -> System Services -> Frequent Locations.
    • To view your Android’s tracking go to:
      • https://www.google.com/maps/timeline
      • iPhone’s with Google apps installed will also be tracked by Google using the same site.
    • To find more detailed instructions with pictures, please click on this section’s title link.
    • Concerns:
      • Unless you are concerned about being tracked, the benefits of location services are significant.
      • My primary concern it Google storing the data on their servers, unlike Apple who leaves the information on your phone.
      • If your Gmail account has been compromised, the intruder will have access to your home and work addresses along with places you frequently visit.
  • National Do Not Call Registry:
    • https://www.donotcall.gov
    • 1-888-382-1222 (Call from the phone you want to register)
    • Other than personal calls the only calls allowed by this registry are the following:
      • Political calls and related polls.
      • Charitable organizations who are looking for donations.
      • Companies that you have done business with in the last 18 months.
      • Report any other type of call after you have been on the list for a full month.

The next show will be on October 12th at 9:30 am EST. Until next month, please stay safe and vigilant.

Talk of the Town Podcast: Staying Safe Online #3

Welcome to HakProof.com. This site is my attempt to reach out beyond the physical classroom to the community at large to help each of you increase your personal SQ or Security Quotient.  Today was my third visit to WHTC 1450 AM radio station in Holland Michigan to be a guest on the daily show, Talk of the Town.

Click on Link to access the Podcast, of my time on today’s show:
http://whtc.com/podcasts/talk-of-the-town-today/99/staying-safe-in-cyber-space-james-allen-aug-10/

I promised the listeners to provide an outline of what we talked about today. Hopefully, you will also find the information beneficial.

Keeping Your Privacy Intact While in a Crowd
When going to a special event where there will be a lot of people and/or vendors it is important to take some basic precautions to keep your identity and personal information safe.

  1. Take a minimum amount of Personal stuff with you. The less you bring the less that can be stolen or compromised.
  2. Use cash whenever possible. Using credit cards at these events is risky business and an easy way for your credit card’s information to be swiped, pun intended.
  3. Credit cards with the RFID, Radio Frequency ID, chip are still at risk even though they are much safer than cards that only contain a magnetic strip. This is especially true for the current version of the American credit cards. Most of them still contain a magnetic strip along with the chip as a backup, when the chip cannot be used to make a purchase.
  4. It is a good idea to shield any card you carry that uses a RFID chip. Remote card readers are cheap and can be carried in a backpack collecting information from unsuspecting bystanders. Large gatherings are prime targets. Be aware that not all commercial shields are of the same quality. Search for reviews to see which brands will be the most effective in blocking the unintentional transmission of your credit card’s data.
  5. If you are the D-I-Y type then you can create your own shielded card holder using aluminum foil and Duct Tape that is as effective as the best shields that you can buy.
  6. Some of the other age-old advice to minimize the chance of being pickpocketed includes:
    1. Keep your wallet in either your front pocket or in a pocket that has a zipper. Zipped up of course.
    2. When bringing a purse keep it small if possible and sling it over your head and shoulder, with the purse in front of you.
  7. It is also important to take precautions with your phone or tablet while in a crowd.
    1. At the very least require a passcode to access your device to prevent unauthorized access if it is lost or stolen.
    2. Future topics will cover phone security in greater detail.

Social Engineering Overview

According to a recent study publish by Proofpoint.com approximately 99% of all malware requires some level of human intervention to complete it’s intended task. Unfortunately, that means hackers/thieves spend a lot of their time figuring out ways to convince you to do what they want. This process is called social engineering and if done right is highly effect.

  1. Here are some types of Social Engineering with links to provide more information about them. (This is not a comprehensive list):
    1. Phishing Attack:  Usually done through email
    2. Spear Phishing Attack:  Targeted towards a specific group.
    3. Watering Hole Attack:  Indirect attack. Hacker infects website commonly used by targeted organization.
    4. Pretexting: Attacker creates a fake scenario and then interacts with the victim in such a way as to increase the likelihood that the victim will provide the information or complete the task requested by the attacker.
    5. Baiting: An example would be finding an infected USB stick in the parking lot of work that was left there by the attacker. The average person would plug it into a computer to find out what is on it and who it might belong to.
    6. Quid Pro Quo: something for something.
    7. Tailgating: Gaining unauthorized access to a building with the unintentional help of authorized individuals.

Recommendations to help minimize the threat of Social Engineering:

  1. Do not open any emails from an untrusted source.
    1. Verify emails from people you know if the message does not look right.
  2. Do not give offers from strangers the benefit of the doubt.
    1. If it is too good to be true it probably isn’t.
  3. Lock your device when stepping away from it to prevent attackers who have gained access to your devices from accessing critical data or installing unwanted software.
  4. Use reputable antivirus software.
    1. This will not find all problems but still helps.
  5. Find out the proper procedure for work or other limited access organizations to prevent an attacker from using you to help them tailgate.

Until next month… (September 14th, 9:30am)