Phishing attack, spoofing attempt, ransomware, botnets… the lingo surrounding technology can be pretty strange, but it can all lead back to a very real threat to your data if you’re not on top of it. Even worse, new technology and new methods of attack appear practically every day, making it hard for even the most highly-skilled IT professionals to stay ahead of the game.

Here’s a list of some of the typical cybersecurity terms that all tech users should know. It’s by no means comprehensive but instead, is culled from some of the most commonly used terms as they apply to consumer-level cybersecurity.

  • AV Software – AV, or antivirus software, is a catch-all name that applies to any software that protects your computer from viruses, spyware, and other malicious software. Depending on the type you purchase, it might run scans from time to time to see if there are any infections on your computer, or it might actually block threats in real-time, preventing harmful software from downloading and installing. It’s absolutely critical that you have AV software installed, and that you update it routinely.
  • DDoS attack – These letters stand for distributed denial-of-service attack, and they happen when someone manages to tie up an entire network and make it useless. It’s actually crossed over into ransomware (see below), meaning hackers have launched DDoS attacks that cripple entire websites, online banking systems, and more, and only agree to stop the attack once the victims pay up.
  • ISP – ISPs made headlines this month when Congress overturned key Obama-era privacy regulations. ISPs, or internet service providers, are the companies that provide your internet access. Under the new regulations, ISPs can collect important information about you and your internet behavior, and even sell that information to advertisers and other interested parties.
  • Password – Why is password even on this list? Shouldn’t you know what a password is by now? Of course you should, but too many people still rely on weak passwords, as well as on passwords that they reuse on multiple websites and accounts. Both of those bad habits can lead directly to a data breach, identity theft, account takeover, or other similar crime. A strong password contains at least 8 characters, and those characters are a mix of uppercase letters, lowercase letters, numbers, and symbols. A unique password is only used on one account.
  • Phishing – Just like it’s pronounced, phishing occurs when someone casts out some cyber “bait” and tries to lure you in. This is commonly done through emails but can be done through phone calls, texts, or social media messages. When someone is “phishing,” they’re trying to get you to either turn over information about yourself or others OR to click a link or open an attachment. Doing either of those things could likely install a virus on your computer.
  • Phlashing – Phlashing refers to the practice of launching a “permanent” denial-of-service attack (PDos). If someone successfully pulls off a phlashing attack against you, your computer or device will be permanently disabled and nothing can be done to correct it.
  • Ransomware – As the name implies, ransomware basically kidnaps your computer or device and holds it hostage until the ransom is paid. Hospitals, medical centers, and schools have become highly sought after targets in recent months due to the fact that they tend to pay up rather than face the hefty fines for breach of confidentiality and loss of service.
  • Spoofing – There’s an all-too-common practice when it comes to cybercrime, and that’s “spoofing” someone’s account and pretending to be someone else. A large number of data breaches have occurred as a result of spoofing a boss’ email account, then messaging someone else in the company to request information on customers, employees, or both. Spoofing isn’t always easily identified, but if you know what to look for, you might be able to tell a real account from a fake.
  • Two-factor authentication – You’re probably used to logging into at least one internet account by now, but there’s another way to login that adds a layer of security to the process. Two-factor authentication means you have to provide two pieces of information in order to access the account. It might just be a security question that you must answer, as well as provide the password. An even safer method requires you to receive a text message to a previously stored phone number, then enter the code contained in the text along with your password
  • VPN – A virtual private network is also making headlines, largely as a result of the ISP news. VPNs serve as a private “tunnel” onto the internet that keeps prying eyes out of your activity. They also help you “pretend” to be somewhere else; that isn’t always a criminal thing, even if it sounds like it. A US consumer traveling to Europe, for example, can’t access his own paid Netflix account due to international copyright licensing. A VPN allows him to pretend to be back home in the US and enjoy his favorite show.

It’s hard to stay on top of the latest cyber security findings, but by keeping an eye out for trends and headlines, you can do a lot to protect yourself. Signing up for scam alerts and following sites like the Identity Theft Resource Center can help you stay informed when new terms—and new forms of attack—arise.

If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App.

One of the earliest large-scale social media sites, MySpace, suffered a data breach that may have occurred as early as 2013 but was only discovered in 2016. The stolen information was found for sale on a black market data website and contained usernames, email addresses, and passwords to an estimated 360 million user accounts. When the announcement of the breach was made, a lot of people shared the same initial thought: “Do I still have a MySpace account?”

As funny as that may sound, it’s actually no laughing matter. The information contained in the breach could easily have compromised individuals’ current internet accounts due to the all too common practice of reusing passwords.

A lot of people actually have old accounts lying around they never use, never visit, and probably never think about, but those accounts can come back to haunt you in a data breach. This is especially true for email accounts that you may have opened some time ago and then abandoned, as those email addresses are actually still viable.

Here’s a hypothetical scenario: the MySpace information that was sold contained email addresses. If you haven’t used MySpace in years, the email address you provided when you opened that account might not be your primary email address anymore, but it’s still in working order. A hacker uses your MySpace email address, hacks into it, and then starts locating other old accounts on the web that use that same email address as the login. They change your password on those other sites by clicking “forgot my password” and following the link that is emailed to your old address, and then they control those accounts.

It’s also possible that there’s enough user information in your old email account or MySpace account to “mask” your identity and use it elsewhere. The hacker can use your entire pieced-together identity to establish new accounts online and assume your internet identity.

Finally, if your old email address that you never check is your “backup” or recovery email for accounts you do still use, like your current email address, they can click “forgot my password” and have the reset link sent to your “recovery” email address, which they’ve already gained access to. After that link shows up in your long-forgotten email inbox, they now control your current email account, and therefore all of the current internet accounts that rely on that user address, like Facebook, Amazon, PayPal, and more.

If you have outdated accounts lying around, now is the time to clean house. Log into each account and go into the settings, then delete or deactivate the account. This same advice is true for apps you no longer use, as they too contain personal details that could be stolen in a data breach or hacking event. By clearing out the virtual cobwebs, you’ll leave less of a trace for hackers and shut down some of the avenues to your current data.

If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App.

When it comes to protecting our privacy and staying safe online, new data from the Pew Research Center shows that too many of us aren’t as savvy as we think. The need for strong passwords, the dangers of connecting to public wifi, even the ability to spot common scams are topics that many people aren’t familiar with.

Pew conducted a survey of multiple choice questions designed to test American’s knowledge of things like phishing attacks, ransomware attacks, strong password construction, secure forms of login, and more. The results of the survey showed that the majority of respondents could only answer less than half the questions with any degree of accuracy.

“This survey consisted of 13 questions designed to test Americans’ knowledge of a number of cybersecurity issues and terms… the typical (median) respondent answered only five of these 13 knowledge questions correctly (with a mean of 5.5 correct answers). One-in-five (20%) answered more than eight questions accurately, and just 1% received a ‘perfect score’ by correctly answering all 13 questions.”

There is some good news in the results, though. More than seventy percent of the respondents correctly answered that public Wi-Fi connections are not secure enough for transactions like online banking, even if they’re password protected. And speaking of passwords, 75% were able to correctly identify a “strong” password from a list of options.

Unfortunately, only around half of the users knew what a phishing attack was, nearly the same percentage of respondents who knew that turning off your GPS function on your smartphone does not mean your location can no longer be tracked with it. Only 48% knew what ransomware is, and less than 40% knew that “private browsing” online doesn’t mean your internet service provider can’t see what websites you visit, or store your internet history.

So how do you know if you’re a cybersecurity star student? First, you can find out what you know and don’t know by taking the quiz and learning your results. After that, sign up for the Identity Theft Resource Center’s TMI Weekly, an emailed newsletter that contains information on the latest scams, fraud attempts, and identity theft threats.

If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App.

You can take lots of steps to avoid malware and cyberattacks on the devices you own. But how can you protect your online safety when you use public computers at your local library, school, cyber café, or hotel lobby?

How Safe Are Public Computers?

Public computers are not as safe as personal devices because you don’t know if the latest security protocols, like antivirus protections, have been installed. You also don’t know who has used the computer before you and if any users have compromised the device security.

For instance, a hacker could install a keylogger application or use keylogger hardware to capture every password typed into the computer. When you enter your email, social media, online shopping, or other passwords, that information could go directly to a thief.

Remember that public computers are connected to networks that may also be vulnerable to attack or already compromised. Ideally, those networks should use the latest security measures, including encryption, but you’ll have no way of knowing whether they do.

Err on the Side of Caution

Given the dangers, you should avoid conducting any private transactions on a public computer. Don’t use your password to log into any sites, and certainly don’t enter your credit card information, Social Security number, or other highly sensitive information.

Of course, it’s not always possible to avoid these actions if you don’t have your own device, or you have one that breaks, is stolen, or simply isn’t available when you need it.

Take Security into Your Own Hands

If you have no choice but to enter sensitive information into a public computer, you can take some added precautions to make your web activity as safe as possible.

One step is to shift the computer’s web browser into a more private and secure mode. To do so, run a quick online search with the name of the browser you’re using, followed by “private browsing”—as in, “Internet Explorer private browsing.” The search results will tell you which keyboard shortcuts will turn on private browsing.

The benefit of private browsing is that the pages you visit won’t be recorded in the browser’s history, cookie store, or search history. But don’t forget: You will still need to remember to log out of your session (if the login was required) and shut down the browser when you are done—otherwise, the next user could simply use the back button to see your activity.

As an added precaution, you can also erase your web activity before you log out. With Chrome, Firefox, and Internet Explorer, simply press Ctrl+Shift+Del to delete your browsing history. If you’ve used private browsing, there won’t be any history to delete—but still, it’s better to be safe than sorry. And if you forgot to turn on private browsing at the start of your session, this step could save you.

Remember, the best way to maintain online safety when using public computers is … not to use them. Or at least not to use them to enter passwords and other private information. If you have no choice, at least take the measures noted above to make your web browsing sessions more private—while also recognizing that any information you enter could still be compromised.

This article was provided by MyIDCare, a proud financial sponsor of the ITRC. For more information on MyIDCare or to read more of their content visit their website.

As the weather turns warmer, many people start looking around at their home improvement projects and “spruce-ups” that they’ve put off through the winter.

While no one adores the chores associated with cleaning out the gutters or washing all the windows, there is a real sense of accomplishment when it’s over. When we’re through, it might even feel like we’re getting the same fresh start that Mother Nature is bringing to our surroundings.

There is one vitally important spring cleaning chore that often gets overlooked, but it’s one that doesn’t have to be painful. Even better, there are no ladders or garden hoses required! Cleaning out your mobile device can be simple and quick, and even better, there’s no heavy lifting involved.

1. Old Apps and Permissions

The first step to a thorough device cleaning is to look at the apps you’ve downloaded. How many of them do you really use? More importantly, what permissions does each app have? If these apps can access your contacts list, your microphone, your photographs, and videos, or your location, think twice about whether or not they’re really that useful. If they are important, you can still change the settings to revoke these permissions.

2. Stored Photos and Videos

If you own a mobile device, you carry a camera around with you at all times. The convenience and the cost-effectiveness mean we can afford to snap a picture of anything that suits our fancy. The flip side, though, is that not only can our phones’ storage be clogged with pictures we may not really need, but any app that is permitted to access your stored photos can also “see” them. Set up a free account with a cloud-based service to transfer all those files to an outside server, then get them out of your pocket!

3. Check your Updates

Just like the software that powers your laptop or desktop computer, your phone or tablet has software running the show. If you’re not updating your software when the developer releases new versions, not only is your phone not fully protected, you might actually be missing out on some great features. Check your phone’s settings for any software updates, then go to your stored apps and see if those have new versions as well.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

If you’ve spent even a few minutes of your life near a computer, you’ve probably already been schooled on the need for strong, unique passwords.

Strong passwords are typically between eight and twelve characters’ long, and they contain a seemingly random combination of uppercase letters, lowercase letters, numbers, and symbols. Unique passwords, as the name suggests, are only used on one account in order to avoid turning over access to your entire digital life to a hacker who gets a hold of one password.

But as statistics show, far too many people use weak passwords and reuse their passwords on multiple accounts. How do you avoid falling into that trap? By creating a strong enough password that’s easily remembered, and then creating a new one for every single login account.

Some tech users with a high volume of sensitive accounts choose to use a password manager. These apps not only let you log in once with an ultra-strength password, they also generate lengthy, unguessable, and random strings of characters for all of your other accounts. This is a good option for people whose accounts may be on the more sensitive end, such as those who have work-related or proprietary information being shared online.

For a typical tech user, though, it’s possible to come up with your own passwords and build them in such a way that you can keep up with them. One fun way to build your memorable-yet-safe password is to generate a “system” in which you take a piece of information, such as your favorite song, and embed other pieces of information in it.

Here’s an example:

These Boots Are Made For Walking + your aunt’s phone number + name of the website

You take one letter from the song, one digit from the phone number, and one letter from the website, then keep repeating that pattern. With this system, your password might look like this:


That’s the first letters of each word in the song, then the digits of the phone number, then the name of the website, in this case, Amazon, all stacked in repeating order one at a time. The end result is a strong password that will only be used on that site. To use that same song and phone number on another site, such as PayPal, the letters that spell out Amazon would come out and the letters that spell PayPal would go in. It’s easy to remember, yet still lengthy and seemingly random.

Now, it is possible that someone who discovers your Amazon password could test out this method on another site, but they would have no reason to know why you chose those letters. They might count the digits and realize it could be a phone number, but again, by using someone distantly connected to you, it’s less likely that someone in your vicinity would connect those dots.

The important thing to understand about hacked passwords is that cybercriminals don’t sit at a keyboard and poke the buttons, hoping to guess the right combination. They have software that can make billions of guesses per second, and they start with things like names or words, sequential numbers or letters, and commonly used passwords. The longer and more seemingly random your password is, the safer your accounts will be.

How much information are you putting out there? It’s probably too much. We are here to help you stop sharing Too Much Information. Sign up for the TMI Weekly.

The internet of things has produced some really cool innovations. From lamps that come on when you drive up to your house to countertop crock pots that you can turn on and off from your desk at work, our connected lives are easier than ever.

But the power of the internet isn’t just for convenience. The information contained in medical implants can be viewed by the patient’s doctor while he’s away on vacation. Farmers can monitor their crops from anywhere, and business executives can print out critical reports from home, knowing they’ll be waiting on their desks come Monday morning.

What’s the downside to all this great innovation? Privacy and security. Data breaches and cybercrime. As we’ve already had to learn the hard way, our IoT devices may have come pre-installed with wide open doors for hackers to walk through.

The latest cyberattack to come through this kind of connectivity relied on perhaps the strangest form of entry, one that no one would ever have suspected: light bulbs and vending machines. A university recently suffered a DDoS attack when hackers gained access to the vending machines and smartbulbs that had been configured to connect to the network. Once they accessed these unsecured machines, they launched an effective attack that slowed down the entire university network. Five thousand IoT-connected devices were reconfigured to begin searching the internet…for seafood.

With all of the minicomputers inside the devices running DNS web searches for seafood on a constant loop, the network got so bogged down that no one could use it. While it might sound amusing on the surface, it’s the same mechanism that was put into place last October to shut down about a dozen major websites, including the New York Times, Twitter, and Spotify. In theory, your bank’s light bulbs could turn against the network in the same way, meaning you no longer have access to money until it’s resolved. Your local hospital’s vending machines could launch an attack the would literally stop all medical procedures in their tracks, which is bad news for a patient on an operating table.

Security experts and lawmakers are currently working together on legislation that’s meant to secure IoT devices, but it’s important for all stakeholders to understand the risks. The race to create innovative new devices doesn’t always mean privacy and security are as strong as they should be, so it’s up to everyone involved to monitor their tech and be ready for the next cyberattack.

How much information are you putting out there? It’s probably too much. We are here to help you stop sharing Too Much Information. Sign up for the TMI Weekly.

Internet access at home has become a must for most people: adults need it for work, bills, and shopping; kids need it for homework; everyone uses it to download entertainment and keep in touch with friends.

Many of us get web access with a home Wi-Fi network, but most of us don’t know how to keep our private Wi-Fi networks truly private. An unsecured home Wi-Fi network leaves you open to anything from freeloading neighbors using up your bandwidth to criminals stealing your financial information or worse.

There are several things to think about to protect your network, and we’ll talk about them over several blogs. But one of the best ways to keep your network private is to keep outsiders from discovering it in the first place. To make your Wi-Fi less visible:

  • Put your router near the center of your house so that the Wi-Fi signal doesn’t reach beyond your walls any farther than necessary. (Typical 2.4 Ghz home Wi-Fi routers reach about 150 feet indoors or 300 feet outdoors.) Alternatively, depending on the shape of your property, the nearness of neighbors, or street parking, you might want to place the router at the back or on one side of your house.
  • Change the default name of the network. Routers come with a default network name, called the SSID, that includes the device manufacturer. (For example, devices made by Linksys use the default SSID “linksys”.) When would-be hackers see a default SSID on a network, they tend to assume that other default security settings haven’t been changed, so it makes that network a more promising target for them.
  • Don’t put your family name in the SSID. If a hacker is sitting in your neighborhood, they already have your address. If they then tap into your network named “TheSmithsWifi”, they can spy on your online activities, add that to the name and address that they now know, and get a jumpstart on identity theft.
  • Don’t broadcast your SSID at all. By default, the router broadcasts the SSID regularly so that it’s discoverable by devices within its range. But you and your family and guests know your network is there, and you don’t want other people knowing, so you can turn that feature off. You just have to manually enter the SSID on your own devices so that they know to look for your network. This is a one-time thing, and it just takes a moment. (You can see detailed instructions for shutting down SSID broadcast here.)

These steps will make your Wi-Fi network harder to discover, and enemies can’t attack what they don’t see. (There’s a reason Harry Potter and all those Star Trek villains wanted cloaking devices!) And stay tuned for other blogs where we’ll talk about more ways to defend your home network.

This article was originally posted by MyIDCare, a proud financial sponsor of the ITRC. For more information on MyIDCare or to read more of their content visit their website.

Are you a social media addict, or do you shun the whole Facebook and Twitter thing? No matter how connected you are or aren’t, a new report from Javelin Strategy & Research shows there may be pros and cons to both.

First, the general findings of their study: there were 15.4 million US victims of identity theft or fraud in 2016, which marks a 16% increase from the year before. Even more upsetting, despite better public awareness of the crime and law enforcement action, this is the highest number of victims since Javelin first began following this trend thirteen years ago. A spokesman for the company even reported that every type of fraud they track showed an increase and that some types, like card-not-present fraud, went up by as much as 40% over the prior year.

In the face of such daunting numbers, how does your social media presence play a part?

According to Kelli Grant from CNBC, “More than three-quarters of victims who make frequent online purchases detected fraud within a week of it beginning, the report found. (The catch: Consumers with a heavy social media or online presence were also more likely to be fraud targets.) In comparison, ‘offline consumers’ who don’t do much shopping or banking online took more than 40 days to spot fraud, incurring more losses as a result.”

Here’s the breakdown: if you’re highly engaged online, you’re more likely to be a victim of fraud but you’re also more likely to spot it quickly and take action. If you’re not all that active on social media or through retail shopping websites, you may be less likely to become a victim but you’re also less likely to notice suspicious activity and take immediate action.

So there’s the catch-22. If you’re constantly checking Facebook or shopping on Amazon, you may increase your chances of being targeted by a thief, but you’re also more aware of your online accounts. But staying off the internet isn’t necessarily the answer since you’re in greater danger of not knowing someone has stolen your information.

How are you supposed to fight back when it looks like neither option is the best choice? By becoming digitally aware while still staying within your comfort zone.

If you’re constantly online, your best bet is to guard your accounts with strong, unique passwords. You don’t have to avoid social media or limit your shopping to brick-and-mortar retail stores, but if you’re going to engage with a global audience filled with potential identity thieves, you’ve got to make it as hard as possible to take over your accounts and commit fraud. In addition, take steps to protect your online shopping accounts with two-factor authentication when possible.

If you’re not ready to throw yourself out there on social media and would rather see your purchases with your own eyes before spending, that’s fine. You can still protect yourself while keeping the internet at arm’s length. Set up alerts with your financial institution so that the moment a suspicious charge is made, you’ll be notified. Even better, many banks and credit card companies offer text messages that will alert you anytime a card-not-present transaction takes place. You read the text, you see where the charge was made, and you decide if it was genuine or fraudulent.

Of course, developing the good habit of scanning your online accounts periodically can’t hurt. Log in, look over your recent charges, and take immediate action if anything out of the ordinary appears. It’s a great way to not only be on the lookout for fraud but also to keep a close eye on your own spending habits.

How much information are you putting out there? It’s probably too much. To help you stop sharing Too Much Information, sign up for the TMI Weekly.

Many internet users have accounts spread far and wide across the web. Online accounts for your social media apps, email provider, and bank accounts are practically a given these days, but what about all those other accounts?

The account you had to setup to buy a promotional t-shirt, the account you created on that cooking website to store your favorite recipes, the account you made as part of a loyalty perks program from your favorite coffee shop…the list goes on.

First, why is it that you had to create an account with a username and password on these “lesser important” accounts? Because every piece of data—even if it’s information that you think isn’t all that useful, like your first name and email address—is typically stored by the entity for subsequent log-ins. That’s a lesson that one corporation has learned the hard way. According to a report by a security firm, the password encryption used on a McDonald’s website serving one of the company’s European markets was not setup correctly. The encryption they put in place can allow the passwords to fall into the wrong hands.

But once again, who cares if your fast food loyalty card is hacked? You should. This is an era when information is a hot commodity, and people literally buy and sell stolen consumer data throughout the dark web. Knowing even the most seemingly harmless information, like how often you grab lunch at a fast food place, can be valuable to advertisers, spammers, scammers, and more. All of your information contributes to your overall identity puzzle, so securing even the most innocuous accounts with a strong, unique password is important.

Too often, when a website doesn’t deal in financial transactions or store your financial information, it can be seen as harmless by the IT people, too. That’s why it’s absolutely critical to never reuse passwords from one website to the next, regardless of the type of industry or the sensitivity of the account.

Remember, a strong password is one that contains a combination of uppercase and lowercase letters, as well as some numbers and symbols. NEVER use a word like “password” or any part of your name as your password. Once you have a strong password, it’s vital that it remains unique, meaning you do not reuse it on other websites.

Finally, it’s a good idea to change your passwords on a regular basis especially on sensitive accounts like your email or social media accounts. One good way to remember to change up passwords on your lesser important accounts is to click “forgot my password” when you go to log into accounts that you don’t use very often. Clicking the link will send you an email, which then requires you to update your password.

How much information are you putting out there? It’s probably too much. We are here to help you stop sharing Too Much Information. Sign up for the TMI Weekly.