2011’s ‘most dangerous’ holiday gifts

From security firm F-Secure:

F-Secure is announcing today its Cyber Monday Cyber-Watch List, its annual compilation of the most ‘dangerous’ holiday gifts to be encountered while shopping online this year based on the prevalence of ‘poisoned’ search results on the web.

Cyber Monday, the unofficial beginning of the holiday shopping season online, will occur this November 28, 2011, bringing with it throngs of Internet shoppers on the hunt for the best deals and hottest products. Unfortunately, the period also brings with it a similarly motivated group of cybercriminals targeting unassuming shoppers as they use search engines to find gifts for their loved ones.

Google search results for products often include links to ‘poisoned’ sites, or malicious websites that can infect an unsecured computer with viruses, worms and other malware, putting one’s personal and financial information at risk.

The more popular an item is, the more likely it will attract a dangerous search result, which could lead to malware or an unreliable merchant. Here are the products we anticipate will be targeted by cybercriminals this holiday season:

1. Apple iPhone 4S
2. Harry Potter and the Deathly Hallows, Part 2 DVD
3. Angry Birds: Knock on Wood Game
4. Steve Jobs biography
5. Fijit Friends Willa Interactive Toy
6. Michael Buble ‘Christmas’ album
7. Apple iPad 2
8. Kindle Fire tablet
9. Silver ‘Heart’ pendants
10. Call of Duty: Modern Warfare 3

Here are three tips from F-Secure to ensure you stay safe while shopping online this Cyber Monday, and throughout the 2011 holiday season:

Visit retailers’ websites directly if possible (e.g., www.amazon.com vs searching ‘Amazon’ on Google)
Use Internet security software that features browsing protection (or check links with F-Secure’s free Browsing Protection)
Always check a site’s URL before making any purchase (look to make sure you’re at the correct online store and that the page URL begins with https://, which means it’s secure)

November 25, 2011 0

5 holiday cyber scams to avoid

As you and your family kick off the holiday shopping season, it’s a good time to review the common scams that circulate this time of year.

Unless you live in a cave, you probably know today is Black Friday, the day when stores try and lure in early shoppers with great sales on many popular items. It is followed by Cyber Monday, the first Monday after the Thanksgiving break when many workers return to their office computers and, presumably, start their holiday shopping online.

But each year, cyber criminals find new ways to try and ensnare consumers with a number of sneaky tricks. Here are some common ones to keep your eye out for, and to warn your older, tech-savvy kids about, as they are also likely to come across them in the coming weeks, as well.

Holiday ‘giveaways’

No, you are not going to get a free iPad or iPhone. Nor is Southwest Airlines going to give you free round-trip airfare. These are the kinds of scams we see on Facebook year round, but they are often repackaged with holiday wrapping and a pretty bow this time of year to seem like holiday-related give-aways. They are no different, or less malicious, than any other Facebook scam making the rounds all year.

What to do? Avoid them. If you see something on Facebook that claims you will get something amazing simply by clicking “like” or by sharing it with other friends? Don’t. Just don’t. Remember my mantra: If it sounds too good to be true, it is. Instead of a free iPad, if you click on a link, there is a good chance you have just downloaded some kind of malware onto your computer that can be used to steal data from you.

Fake sales

Hot items, like Apple devices or popular video games and consoles, provide holiday opportunities for crooks to fools consumers. This time of year, ads claiming to have a popular item at a deeply discounted rate can be found. Just because you found it with a Google search doesn’t mean it’s legit. Criminals have been poisoning search results for years now with the hope of getting their fake ads to show up when someone searches for a popular term.

Your best bet? Go directly to reputable web sites, such as Amazon.com or Best Buy or Target. DO NOT purchase an item from a web site you are not familiar with, or even follow a link to a sale that claims to take you to a reputable dealer. Instead of the item, you can end up paying for something you never receive. And since you have likely passed on your credit card information, it sets you up for further fraud down the road.

Bad QR codes

A QR code, or Quick-response code, are those nifty barcodes that are popping up everywhere, attempting to get you to scan them and then find out more about a product or service.

But, of course, now that they are popular, malicious web sites containing QR codes for mobile apps starting cropping up earlier this year, too. The bad codes are being used to lure people into downloading malicious apps. So far, it has been seen primarily on the Android platform.

What can you do? Think twice about QR codes. If you really want to use them, be savvy. There is a free app called Red Laser that you can download and use to check out the web site that the QR code takes you to. If it is a web site with an .exe in the address, do NOT go there.

Bank/credit account alerts

“Your Bank of America account has been compromised! Your Paypal account has been suspended!” the alerts will scream. But have they? Doubtful. It’s just another ruse to get you to “click” on a bad link that will take you to a phishing site. Here they will ask you to enter your account number, password and everything else they need to get the keys to your financial kingdom. Don’t do it. If you think your account has been compromised, look up the bank’s number yourself (do NOT use the phone number the email has provided) and speak to customer service. Don’t click on any links contained in emails warning you your account has been compromised.

Shipping notifications

“Fed Ex deliver failed.” I get these in my spam folder all the time. Do you? It’s another common ruse – but it upticks this time of year, when folks are expecting shipments. Continue to ignore. Please. Don’t worry. If Fed Ex (or UPS, or DHL, etc.)was unable to ship something to you, they will try again.

November 25, 2011 0

Is your password secure enough?

One of the most important things you and your family can do is use strong passwords to access your computers and web sites. According to data from a firm called Splashdata, which is being widely publicized today, the top-ten worst passwords are:

1. password
2. 123456
3. 12345678
4. qwerty
5. abc123
6. monkey
7. 1234567
8. letmein
8. trustno1
10. dragon

Once a cybercriminal has guessed your password and accessed your machine, or a website, such as your Facebook profile or your email account, you’re owned. Once access to one site is obtained, they can then parlay that access into breaking into other sites. They can also spam out malicious emails to your contacts or pillage your messages for personal information that can later be used against you, or to steal your identity.

Here are some tips for creating strong password, courtesy of the security team at Microsoft. According to them, a strong password:

Is at least eight characters long.
Does not contain your user name, real name, or company name.
Does not contain a complete word.
Is significantly different from previous passwords.
Contains characters from each of the following four categories: Uppercase letters, lowercase letters, numbers and symbols.

Are you following these rules? If you are not, it’s time for you, and your family, to get serious about using secure passwords.

November 22, 2011 0

Cyberbullies move to text messages

A new study in the latest print edition of the Journal of Pediatrics finds text messaging has become an increasing venue for cyber bullying.

The study, which included 1,588 young people aged 10 to 15 who answered questions online in 2006, 2007, and 2008 as part of the Growing Up with Media survey, found that while rates of violent exposures and experiences online have leveled off, more kids are being harassed or bullied via text message.

According to the study, rates of text messaging among adolescents increased from 59% in 2008 to 72% in 2009, while rates of Internet use remained stable at 93% from 2006 to 2008.

“It may be because aggressive behavior is shifting from online to text messaging or it may be because text messaging is relatively new and we’re all figuring out how to communicate well using it; in this case, rates should stabilize as we become more familiar with it,” says study researcher Michele Ybarra MPH, PhD, of Internet Solutions for Kids, Inc. in San Clemente, Calif.

Parents can also use filtering software to prevent children from accessing inappropriate web sites, but no such technology is available for cell phone texting yet, she said.

November 21, 2011 0

4 tips to help your kid stay stafe on Facebook

Too young for Facebook? — How young is too young for Facebook? The rules say no one under 13, but many parents seem to disagree

Facebook says you need to be 13 to have an account, but – rules be damned!! Many 11 and 12 year-olds are already using the social network, and, here’s a surprising little tidbit: Their parents are helping them create the account!

This is according to research out this month from the Internet journal First Monday. Researchers polled 1,007 parents of children between the ages of 10 and 14 about how they feel with regard to Internet-age restrictions.

Among their findings:

– Parents of 13- and 14-year-olds said, on average, their child joined Facebook at age 12.
– More than half of the parents of 12-year-olds said their child had a Facebook account; 82 percent of those parents knew when their child signed up; 76 percent assisted their 12-year-old in creating the account.
– More than three-quarters of parents said it was acceptable for their child to violate minimum-age restrictions on online services.

This goes against rules created by the Children’s Online Privacy Protection Act (COPPA), legislation passed several years ago which seeks to empower parents by requiring commercial Web site operators to obtain parental consent before collecting data from children under 13. But apparently, many parents with kids under 13 think their children can handle themselves on Facebook and are actually letting them fudge their birthdate in order to create a profile.

The authors of this study point out that many parents know, and are even enabling, their kids to get on Facebook prior to the age of 13. They say things like “all of my daughter’s friends are already on Facebook.”

I’ll let you read the study yourself to draw your own conclusions about whether or not you think kids under 13 should be on Facebook. But let me weigh in with my opinion, as your friendly Cyber Savvy Mom.

If you think your child is ready to use Facebook at an age that is younger than 13, that is your opinion, and I don’t think it is right or wrong. You know what your child is capable of and should act accordingly.

But, keep in mind the risks that exist once your child is on Facebook; where they will share information about themselves with other “friends” in their network. They will share photos, videos, thoughts, at times even their location. And there are no guarantees each “friend” will be who they say they are. Fake profiles are created all the time on Facebook. There are also scams all over the network that can trap unsuspecting members. Children would be very vulnerable to falling into some of these traps. Check out my list of scams to recognize the common traps.

That said, there are several steps I think parents need to take before allowing their kid, regardless of age, to create a profile on any site. Here are my basic recommended steps to encourage secure behavior on Facebook.

1.) Use the network yourself: If you are familiar with the inner workings of Facebook and Twitter, you are more able to know what can go on, what mistakes can be made, what information kind of can be shared, and give advice based on first-hand knowledge. You run less of a risk of seemingly like the “lame parent” who “just doesn’t get it” if you are using the networks yourself.

2.) Insist they give you their password, check it regularly: It is one thing to tell them you need to have their password. That’s a great first step. But then you need to do regularly, random check ins with to ensure that the one they gave you is still the actual password. If they have changed it without consulting you, that is grounds for losing computer privileges.

3.) Keep computer use to common areas of the home: Children are more likely to engage in unsafe and questionable behaviors and conversations online when they are along. Computer use, particularly online activity, needs to take place in an area where the entire family is typically located.

4.) Have regular conversations: Talk with your child openly and regularly about issues such as cyber bullying, safe and responsible computer use and don’t be afraid to speak frankly about the type of people that can lurk on social networks, interactive games and chat boards looking for kids to target. Knowledge is power. You’re not trying to scare them, but they also need to be prepared for how to react if they are manipulated online by someone, or bullied by another peer.

November 14, 2011 5

How secure are you online?

Interesting research out from Microsoft today finds computer users in the United States tend to be more security and privacy centric that many other countries, but we still have a long way to go before we can considered ourselves highly-secure online.

The research is sponsored by Microsoft’s Trustworthy Computing Group. The study, conducted in five countries, seeks to understand consumer adoption of online tools and behaviors, said Microsoft.

An executive summary, which you can find here, sums up the research (click on U.S. Executive Summary for U.S. results). Responses were ranked in Microsoft’s Computing Safety Index, which gives a weighted score of three tiers of activity, each consisting of different steps consumers can take to help protect themselves and their families when they go online. The more steps taken, the higher the score; 100 is the highest rating possible.

In the summary you can read about how several countries ranked with regard to taking steps such as using strong passwords, keeping privacy settings on high when using social networks and running up-to-date anti-virus software. Take a look and see what you and your family are doing when online and what you might consider doing in the future to up your security rating.

The average score across the five countries was 34, which is considered on the lower end of “adequate” by Microsoft’s standards (they don’t call it that, but their terminology “take it up a notch” is basically saying “you’re doing some things, but you need to do more.”).

Always keep in mind that when research comes from a vendor, which is what Microsoft is, there is, of course, going to also be a motive to get you to buy products. CyberSavvyMom will always point this out to you when writing about vendor-sponsored research. Still, if the results were not noteworthy, I would not take the time to write about them.

An interesting thing to note is that the United States has the second highest MSCI score behind Brazil. Attitudes and experiences in the United States are more similar to Brazil than the European countries, said Microsoft officials. Both the United States and Brazil have above average security and privacy concerns and some consumers limit their online activities because of these concerns, said Microsoft in a summary of the findings.

The majority of Americans polled said they believe that they are primarily responsible for protecting their own security and privacy compared to the government or companies that conduct business online. This is good, in my opinion, because only we can truly look out for ourselves online, where we come across nasty viruses, malware, scams and other threats each day.

Among some of the findings:

– Sixty-four percent received an email from unknown senders asking for personal information in the last twelve months

– Fifty-nine percent reported having adware or spyware on their PC in the last twelve months

– Twenty-two percent worry about their online reputation

– Fifty-five percent said it is easy for companies to aggregate information about them

– Fifty-one percent noted being concerned about their activities being tracked

– Forty-eight percent reported they worry about the amount of information is online about them

– Approximately one-third limit what they do online due to concerns about security (33%) and privacy (32%)

– A majority believe they are primarily responsible for protecting their own online security (51%) and privacy (59%)

Again, check out the report and see what you think? Are you a secure online user? Or could you stand to take more steps to ensure your privacy and safety? Leave a comment with your thoughts.

November 7, 2011 1

The Bullying Academy

Do you have a bullying awareness program in your local schools? More communities are creating educational programs around bullying, and cyberbullying, in response to the alarmingly high-rate of incidents that are being reported around the country.

If you don’t have a local program, there are now many online resources to check out for information. In fact, a New York University law school student and an openly gay man has launched an online program called The Bullying Academy that addresses the issues around bullying and looks into ways kids, parents and educators can stop and prevent it. The Bullying Academy was created by Walser as a free online resource designed to help parents, students and teachers deal with the dangers associated with bullying and cyber-bullying.

According to a release from the folks behind the program, the person who launched the program, Tommy Walser, has watched in shock and anger as it seems like every week a new suicide is being committed due to bullying and cyber-bullying.

“Cyber-cruelty is rapidly increasing in volume and complexity because adolescents and teens are never taught how to act responsibly and appropriately while communicating online or via other electronic devices,” said Walser.

Tommy, now 23, is proud of his sexuality, but growing up it was a different story. He admits that as an adolescent and teen, he was picked on by others for being “different.” He decided to channel his experience into something positive by creating a program to educate kids before bullying reaches a critical point.

The Bullying Academy does not require any additional software or extensive training. Schools register with the organization’s website and students immediately have access to the program. The Bullying Academy provides a professionally developed curriculum and grade appropriate content to engage students through a scavenger hunt composed of lessons and learning links, as well as utilizing quizzes which function as assessments. The program has been designed with a pre- and post-quiz so that participants can measure what was learned about bullying and its ramifications.

There are also contests for schools that participate, whereby the winning school gets a trophy, pizza party and certificate for the teacher. Any students who complete the program will also receive a diploma that ranges from gold to bronze depending on score. Students learn:

Characteristics and risk factors common to bullies
What bullies look for in victims
How to recognize the short- and long-term effects of bullying on victims and bullies
How to properly respond and report bullying
How to avoid violence while standing up for each other

Check out The Bullying Academy and see if there is some good information on there you can share with your kids, community or local educators.

November 4, 2011 3

Facebook, Twitter posts can come back to haunt you

OK, I admit I’m a day late in posting something about Halloween, but it’s an important message: What you say and do on social networks can come back to haunt you. And getting you to think before you post, act, respond and click online is what CyberSavvyMom is all about.

Let’s start today with takethislollipop.com. The site offers you a chance to link with your Facebook account and then watch as the application plays out a scene, using your Facebook photos and other information, of a dirty-fingernailed creep checking you out. It ends with him getting information on where you live and then driving in a car somewhere, presumably to find you and do unspeakable things. It’s full-on freaky.

People use Facebook and Twitter with varying levels of involvement. I myself am on Facebook several times a day and I regularly post photos and status updates about my life and my family. But of the several hundred friends I have on there, I observe use that starts at frequent and regular, like my own, to barely-ever-log-on types who maintain an account but almost never go on and never post a thing.

Which ever way you are going to engage on Facebook, the most important thing to keep in mind is to make sure what you are putting out there are photos, statements, links, that you would be comfortable with everyone seeing, whether they are friends, co-workers, family members – and even strangers. Because even if you intend for what you post to be seen by people in your network only, or even just by certain people within your network, there is a saying that your security is only as good as your friend’s security. Meaning, of course, if your friend’s profile is open to compromise, so is yours. And that means what you considered to be private, well, no longer is.

Facebook profiles get hacked all the time. Friends share things you have posted without your consent. You can’t ever assume what you are posting won’t be seen by eyes you never intended to see your posts, because privacy is virtually non-existent if you are using Facebook or Twitter. This message is particularly important for teens and twenty-somethings who are still new to social networks and may post things that could later serve as a source of embarrassment or, even a reason for a potential employer to choose not to hire them. These things can and do happen.

Back to takethislollipop. Again, the message is clear: If you put something out on a social network, you should expect it will be seen by people you may not have intended it for. Frankly, I tend to be less concerned about my profile being used by some crazy person to stalk or hurt me and my family. I believe if that danger exists, it is not my pictures on Facebook that is going to be the reason someone wants to hurt me. Some may argue that putting it out there opens the door to more crazy lunatics being able to gawk at our stuff. Maybe. But I know the value and fun I get from communicating with others on social networks is, for me, something I am not going to give up for a scenario that is simply a “what if.”

What I do know is that I am never going to post anything on my social networks that I wouldn’t be comfortable with the entire world seeing. I won’t make disparaging remarks about someone I know personally who may have irked me that day. I won’t post, won’t allow others to post, pictures of me now, or in my younger days, doing things that look like its in bad taste (IE: taking an alcohol shot, dancing on a table). Not that I really live the kind of lifestyle that lends itself to risque behavior, but if I did, you can be sure I wouldn’t be posting snapshots of it – and I would insist people in my network not post pics of me I didn’t approve of either. You should do the same.

Again, these are lessons younger internet users often have to learn the hard way. As parents, it’s our job to help them see the way. Show them takethislollipop.com (I’d recommend to kids age 13 and over. It is not a site for younger children as it could scare them). It could serve as a great jumping off point to get the discussion going about what we post online, and to think before we click.

November 2, 2011 1