"This site uses cookies from Google to deliver its services and analyze traffic. Your IP address and user-agent are shared with Google along with performance and security metrics to ensure quality of service, generate usage statistics, and to detect and address abuse."
Security & Privacy Blog
This blog represents my thoughts & experiences. The information provided is intended to inform, amuse and/or insight thought.
Thursday, October 8, 2020
Wednesday, October 9, 2019
Skimmed at the Gas Station
During my drive to Chicago I stopped to get gas at a station right off the Interstate. Unbeknownst to me, the pump had a credit card skimmer that caught not only the credit card number but also the zip code attached to the account. The skimmer quickly took advantage of the information charging over $100 in fuel.
While the credit card company stopped the charges, we all (consumers) still pay for the fraud in the long run. I learned a valuable lesson, that is to pay inside the station versus paying at the pump. There are number of skimmers used and many are difficult to distinguish since the fraudsters are more sophisticated about making them blend in. Also, the stations right off the interstate are an easy target for people on the road who aren't familiar with the landscape and may have other things on their mind.
Saturday, September 16, 2017
Equifax Breach
In case you haven't heard, Equifax failed us all by initially failing to properly protect the data they collect from each of us then once they were aware of the issue they failed to react for two months. It's likely that your information has been exposed including your name, social security number, birth date, address(es), credit card numbers. Your driver's license number may also have been exposed. I'll share a few ideas of things you should consider doing to protect yourself:
Add credit card alerts (if possible) with your credit card company. This wouldn't stop anyone from using your card, it allows you the opportunity to know that your card has been used so you can take quick action to prevent more fraud.
Monitor your existing credit card accounts regularly. If you depend on a paper statement you're at a disadvantage because you won't have real-time access to charges. Sign up for online access to your accounts (read information below about verifying your PC and home network are secure) then review your accounts at least weekly.
Add a FRAUD ALERT with the credit bureaus. A fraud alert tells any lender that they must contact you to verify your identity before issuing credit in your name. You need only set an alert with one bureau, they automatically notify the other two. The known short fall is that the alert is only good for 90 days, but it can be renewed. I suggest that you contact TransUnion or Experian to set up the alerts.
Consider adding a credit freeze to all three credit bureaus (Equifax, TransUnion and Experian). The initial cost to add the freeze has been lifted, but there are other very important disadvantages, namely the hassle to use your credit in the future.
Monitor the information the credit bureaus are collecting about you once every 4 months. Set a reminder to request your free credit card report once a year from each of the credit bureaus. It's important to schedule them individually and at different times of the year. I suggest that you schedule a request to one of the bureaus every 4 months.
Monitor your credit score. Many credit companies and banks offer a free service that allows you to review your credit score. Watch for changes then take action to find out what's going on.
The breach exposed all of us to more than the risk of someone ruining our credit. We're now exposed to things like medical identity theft and criminal identity theft. Review my post related to protecting your medical information.
Be sure that you're not unwittingly exposing yourself to local hackers who may be able to steal information from your home computing equipment or smart phones/tablets:
Other ways to thwart hackers:
Ensure your equipment is well protected. Be sure that you're running on an up-to-date operating system (Windows 10, Mac OSX, etc.); run current virus/malware protection; set a strong password on your home computer
Secure your home network. Configure a secured wired/wireless router including use of encryption (WPA2), set a unique SSID (or the name of your wireless) and password, and consider the use of VLANs to separate wireless traffic into separate segments; set a strong admin account password on your home router and
Set strong usernames and passwords for all Online Accounts. Set strong & unique passwords for all online accounts and credit card accounts. Use an electronic password safe to store usernames and passwords.
Ensure Smart devices (phones, tablets, etc) is running the latest operating system. Be sure your operating system is up-to-date.
WiFi use: Stop automatically connecting to any open WiFi network. Lifewire has a nice article that provides the details you'll need here: https://www.lifewire.com/avoid-automatic-connection-to-wifi-networks-818312
It's likely your information is available to hackers. The Experian breach isn't the first, and likely won't be the last. If you don't take care of yourself, who will?
Add credit card alerts (if possible) with your credit card company. This wouldn't stop anyone from using your card, it allows you the opportunity to know that your card has been used so you can take quick action to prevent more fraud.
Monitor your existing credit card accounts regularly. If you depend on a paper statement you're at a disadvantage because you won't have real-time access to charges. Sign up for online access to your accounts (read information below about verifying your PC and home network are secure) then review your accounts at least weekly.
Add a FRAUD ALERT with the credit bureaus. A fraud alert tells any lender that they must contact you to verify your identity before issuing credit in your name. You need only set an alert with one bureau, they automatically notify the other two. The known short fall is that the alert is only good for 90 days, but it can be renewed. I suggest that you contact TransUnion or Experian to set up the alerts.
Consider adding a credit freeze to all three credit bureaus (Equifax, TransUnion and Experian). The initial cost to add the freeze has been lifted, but there are other very important disadvantages, namely the hassle to use your credit in the future.
Monitor the information the credit bureaus are collecting about you once every 4 months. Set a reminder to request your free credit card report once a year from each of the credit bureaus. It's important to schedule them individually and at different times of the year. I suggest that you schedule a request to one of the bureaus every 4 months.
Monitor your credit score. Many credit companies and banks offer a free service that allows you to review your credit score. Watch for changes then take action to find out what's going on.
The breach exposed all of us to more than the risk of someone ruining our credit. We're now exposed to things like medical identity theft and criminal identity theft. Review my post related to protecting your medical information.
Be sure that you're not unwittingly exposing yourself to local hackers who may be able to steal information from your home computing equipment or smart phones/tablets:
Other ways to thwart hackers:
Ensure your equipment is well protected. Be sure that you're running on an up-to-date operating system (Windows 10, Mac OSX, etc.); run current virus/malware protection; set a strong password on your home computer
Secure your home network. Configure a secured wired/wireless router including use of encryption (WPA2), set a unique SSID (or the name of your wireless) and password, and consider the use of VLANs to separate wireless traffic into separate segments; set a strong admin account password on your home router and
Set strong usernames and passwords for all Online Accounts. Set strong & unique passwords for all online accounts and credit card accounts. Use an electronic password safe to store usernames and passwords.
Ensure Smart devices (phones, tablets, etc) is running the latest operating system. Be sure your operating system is up-to-date.
WiFi use: Stop automatically connecting to any open WiFi network. Lifewire has a nice article that provides the details you'll need here: https://www.lifewire.com/avoid-automatic-connection-to-wifi-networks-818312
It's likely your information is available to hackers. The Experian breach isn't the first, and likely won't be the last. If you don't take care of yourself, who will?
Saturday, August 5, 2017
Add an Alert on your Credit Cards
While most credit card companies and merchants are using the chip (versus the magnetic swipe) most of our credit cards still have the mag stripe. The mag stripe is still vulnerable to anyone you allow to handle your card who can capture the mag strip information, duplicate your card and then make charges against your account. You can't prevent someone from duplicating the information but you can be alert to new charges on your card.
Credit card companies offer a feature that provides you notification when a charge transaction is processed. Once you set up this notification system you will receive notification via text message or email once a transaction meeting your criteria occurs. If an unauthorized transaction occurs you have the ability to contact the credit card company to alert them and prevent additional charges.
Credit card companies may differ in how to set it up but generally you will need to log into your credit card account online then set up the "Account Alert" or "Manage Alerts" option. I found the option under Settings and Preferences. You may want to use your favorite search engine to search for instructions, for example "Set up an account alert for Discover card". Call the phone number listed on the back of your credit card to ask if you can't find any information.
Some credit card companies may require that a specific amount is charged before notification occurs, for example the company will notify you via text or email only when a transaction exceeds a specific amount such as $5.00 while some allow you to set your threshold as low as .01. Your credit card company may also provide you the ability to request notification prior to your bill date to help ensure your payment is on time.
The credit card alerts are a great way to catch fraud.
Credit card companies offer a feature that provides you notification when a charge transaction is processed. Once you set up this notification system you will receive notification via text message or email once a transaction meeting your criteria occurs. If an unauthorized transaction occurs you have the ability to contact the credit card company to alert them and prevent additional charges.
Credit card companies may differ in how to set it up but generally you will need to log into your credit card account online then set up the "Account Alert" or "Manage Alerts" option. I found the option under Settings and Preferences. You may want to use your favorite search engine to search for instructions, for example "Set up an account alert for Discover card". Call the phone number listed on the back of your credit card to ask if you can't find any information.
Some credit card companies may require that a specific amount is charged before notification occurs, for example the company will notify you via text or email only when a transaction exceeds a specific amount such as $5.00 while some allow you to set your threshold as low as .01. Your credit card company may also provide you the ability to request notification prior to your bill date to help ensure your payment is on time.
The credit card alerts are a great way to catch fraud.
Sunday, July 30, 2017
Enhance your Facebook settings
Facebook users: There are settings you should enable or modify to protect your security. The steps below were developed on a Windows 10 computer, they may not work as shown from a cell phone, Mac computer or other device.
1. Adjust the Facebook privacy setting so you know who can see what you post:
a. Open Facebook.
b. Click "Settings". Click the down arrow then select "Settings" as shown below:
c. Click "Privacy" from the menu on the left hand side of the page.
d. Select the "Who can see my stuff?" section.
e. Adjust settings. Evaluate each question then use the settings that you are comfortable with . My recommendations follow:
2. Adjust your Facebook security settings in the Security Settings section. Open Facebook and click Settings (see steps 1&2 above). Click "Security" from the left hand column. There are four settings to review and potentially modify.
a. Automatically notify you when your account is logged into. This is as good as it gets! You will be alerted when your Facebook account is accessed from a *new* device or web browser.
1. Click "Login Alerts". Click Get Notifications and set email alerts to go to your email address(es). Be sure the email address(es) are correct before clicking Save.
3. Click close.
c. Allow a friend to help you get back into Facebook. Consider adding friends in the Your Trusted Contacts who can help you get back into Facebook if you're ever locked out. Click the link and add appropriate email addresses. Click Save.
1. Adjust the Facebook privacy setting so you know who can see what you post:
a. Open Facebook.
b. Click "Settings". Click the down arrow then select "Settings" as shown below:
c. Click "Privacy" from the menu on the left hand side of the page.
d. Select the "Who can see my stuff?" section.
e. Adjust settings. Evaluate each question then use the settings that you are comfortable with . My recommendations follow:
2. Adjust your Facebook security settings in the Security Settings section. Open Facebook and click Settings (see steps 1&2 above). Click "Security" from the left hand column. There are four settings to review and potentially modify.
a. Automatically notify you when your account is logged into. This is as good as it gets! You will be alerted when your Facebook account is accessed from a *new* device or web browser.
1. Click "Login Alerts". Click Get Notifications and set email alerts to go to your email address(es). Be sure the email address(es) are correct before clicking Save.
b. Review the devices that are currently logged into your Facebook account to delete any unrecognized Facebook sessions:
1. From the Security Settings page click Where You're logged In.
2. Click "End Activity" from any connection you're not familiar with. This option shows city and state where the session was last used to assist you in finding an unauthorized log-in. 3. Click close.
c. Allow a friend to help you get back into Facebook. Consider adding friends in the Your Trusted Contacts who can help you get back into Facebook if you're ever locked out. Click the link and add appropriate email addresses. Click Save.
d. Set Facebook to require two-factor authentication. What is two-factor authentication? This is one time process that involves proving that you are who you say you are before you can access your account. This is done the first time that you log into your account on each device or browser. It's only "hard" one time and is another way to prevent others from accessing your Facebook account.
1.. Click "Edit" in the Two-Factor Authentication option.
2. Turn on Two Factor Authentication. 3. Enter the telephone number for your cell phone. Facebook will send a code to your cell phone any time you need to log into Facebook from a new device or browser.
These few changes will take a little time but will likely save you from having your problems with your Facebook account. You're welcome.
Sunday, July 9, 2017
Cloning
Dolly the cloned sheep circa 1996 |
You can prevent your account from being cloned. The steps below provide you the information you need to protect your account. Note: the instructions below were created in 2017 on a Windows 10 PC. Using these instructions from a cell phone, Mac or other device likely won't work as shown; use your favorite search engine (google, bing, etc.) to search for steps on your specific device.
1. Make your facebook account profile picture private. Anyone can download your profile picture unless you protect it. Evil doers use your unprotected profile picture to create a new account with your likeness. Here's how to protect your profile picture:
a. Open Facebook.
b. Click on your Profile Picture to open your profile.
d. Change from Public to "Only Me" or "Friends". Selecting Only Me is the ultimate in protection, others will not be able to comment on your profile picture or download it. Selecting Friends will allow anyone on your Facebook friend list to comment and/or download your profile picture. (Verify the check is in front of Only Me or Friends as consistent with your level of comfort)
e. Repeat the process for all your profile pictures by scrolling through every one of them and changing the privacy setting for each picture.
2. Protect the privacy of your Facebook friend list.
a. Open Facebook.
b. Open your profile (Click on your name as shown below).
c. When your profile opens click "Friends" near the top of the page:
d. Click the pencil icon as shown below then click "Edit Privacy":
e. Modify the privacy of your Friends list. "Only Me" prevents anyone from seeing your list of Friends. Selecting "Friends" allows anyone who is your Facebook friend to see your list. Select the option that you're comfortable with:
That was easy!
Friday, November 4, 2016
UGH! Junk mail
I love getting mail, but I don't like the junk mail. There is a way to reduce if not eliminate the amount of unwanted paper coming into your mailbox, it's called opting out.
There are several websites you should visit to help you "opt out" of receiving generic junk mail. Here are a few sites to get you started:
www.optoutprescreen.com This site stops pre-approved financial offers. You can opt out for five years or permanently. Each adult living at your address must enter an individual request.
dmachoice.thedma.org This site prevents unsolicited commercial mail from many national brands for a five year period.
www.valpak.com/coupons/show/mailinglistsuppression and www.redplum.com To stop receiving bulk coupon mailers from smaller brokers not registered with the DMA.
www.yellowpagesoptout.com To opt out of telephone directories in your area.
Until your requests are activated shred your address from any incoming junk mail.
There are several websites you should visit to help you "opt out" of receiving generic junk mail. Here are a few sites to get you started:
www.optoutprescreen.com This site stops pre-approved financial offers. You can opt out for five years or permanently. Each adult living at your address must enter an individual request.
dmachoice.thedma.org This site prevents unsolicited commercial mail from many national brands for a five year period.
www.valpak.com/coupons/show/mailinglistsuppression and www.redplum.com To stop receiving bulk coupon mailers from smaller brokers not registered with the DMA.
www.yellowpagesoptout.com To opt out of telephone directories in your area.
Until your requests are activated shred your address from any incoming junk mail.
Subscribe to:
Posts (Atom)