By Gary Kaye  (Courtesy of In the Boombox)

We spoke with both Google and Norton about some of the worst threats in cyberspace and some of the tools you can use to combat them.  I came away feeling that the guys in the black hats are always two steps ahead of the guys in the white hats. Biometrics and two step confirmation may eventually help, but even they can probably be hacked.

Number One on My Hit Parade – Identity Theft

As far as I’m concerned, the biggest threat on the Internet is identity theft.  That could mean anything from stealing a credit card number and password to making fraudulent purchases, all the way to theft of your social security number to take out loans in your name, or file fraudulent federal tax returns.  And once it happens, proving to the authorities that you are you and that whoever said they were you was not is a huge piece of work.  Google offered us some thoughts on how to prevent identity theft that you’ll find here

Norton says if you think your identify has been stolen, take action immediately by shutting down any affected accounts. Check your credit card history for any suspicious purchases and notify your provider if you believe someone has stolen your account information. Set up a fraud alert with one of the three national consumer reporting agencies (Equifax, Experian, and Trans Union.) This alert will tell creditors to contact you directly before making any changes to existing accounts or allowing someone to open up any new ones.

Norton sent us notes on some other Internet threats and how to protect yourself.  These tips come from Marian Merrit, an advisor to Symantec, maker of the Norton brand of computer security products.  In a bit we’ll talk more about other methods to combat threats, including some that are practical, and others that are just painful.

Don’t Get Caught in a Phishing Expedition

Ever receive an email or text from someone you don’t know? Phishing messages may look very much like authentic messages from banks or social networks – complete with the company’s logos and name in the Web address. But beware! Clicking a link in one of these phishing messages may trick you into visiting a fake website where private information like your user name and login, bank account details, credit card numbers or even social security numbers will be stolen. It’s even possible for malicious software or malware to be installed on your computer, even if all you do is click the emailed link.  There are several steps to take to avoid being “phished”

First of all, know that your financial institution will never ask for your account number or other sensitive information via email or text message. These days, it’s difficult to tell if an email or website is legitimate based on looks alone, so if you’re unsure, type the company Web address into the address bar yourself, or call the company directly using their published customer service line (not a phone number in the dodgy email message) to confirm before providing any sensitive, private information.

Malware, Viruses, and Other Bad Stuff. 

Malware – or malicious software – refers to viruses, worms, Trojans and other programs that are often harmful to your devices and your personal information. Malware can have a number of functions, like recording your keystrokes, or turning on your web camera without your permission. It used to be very obvious when a computer was infected with malware; it would often run very slowly, or programs wouldn’t function normally. However, a key component of today’s malware is that it can operate silently without you ever knowing it’s there. This way, cybercriminals can continue to steal valuable information or data from you over a longer period of time.

Most malware is installed on a computer through malicious attachments or infected links. Because of this, it’s important to only open email, IM, or social media attachments that come from trusted sources and delete all unwanted or suspicious messages without opening or responding to them (responding just lets the cyber criminals know they’ve reached a live account). It’s also important to install a comprehensive Internet security suite as your first defense against online threats.

If you think you might have malware on your devices, you can find removal tools online for malware that’s particularly hard to remove. Visit the Norton.com website to find many of these free removal tools. If you prefer, engage the services of a tech expert to help with malware removal; consider contacting the agents at NortonLive who offer one-time virus and spyware removal packages.

Are Your Friends Who They Say They Are? –  Social Networking Threats

As more of us join social networks, we should be aware that a number of threats or scams can be found on popular social networking sites. These scams operate on the assumption that people are more likely to let their guard down when they believe the information is being sent to or shared with them by someone they’re friends with.

One such example, known as “likejacking,” tricks the user into clicking on links that appear to do one action – such as liking a Facebook page – but conceal another action – such as giving a scammer access to your profile. Once the victim clicks the button, it can give the hacker the ability to post updates from the victim’s newsfeed, which can then potentially cause others in your social network to be “tricked” and infected as well. According to the Symantec Internet Security Threat Report, released in April 2013, “likejacking” was one of the top three social media scams of 2012.

To avoid social networking threats be careful what you click. If a post looks suspicious or uncharacteristic of a friend, it’s better to stay safe than satisfy your curiosity. Navigate directly to official company Facebook pages or websites to enter contests, and if an offer looks too good to be true, it likely is.

If you’ve fallen for one of these scams and now your account is posting the same strange ad or link in your status, make sure you delete the post. Just click on your name to get to your own page and find the post. Then put your mouse over the right side until an “x” appears and click that.  Make your new status a warning to your friends not to fall for it. Check your apps and app requests on the left side of your profile page. Remove any you don’t recognize or use regularly.  Finally, download a security application that will automatically scan your social networking feed for malicious links, before you click on them.

Other Threats 

Cell phones have become an integral part of our daily lives, holding all sorts of personal and potentially valuable information and unsurprisingly they have become a hot target for cybercriminals. Just like laptops and computers, tablets and smartphones can be infected with viruses and malware too. And while malware on mobile phones is a growing threat, the most common issue facing consumers is the theft or loss of these devices. Password protecting your device is an easy way to add a layer of protection. While this won’t stop your phone from being lost or stolen, it makes it much more difficult for someone to access your personal information. Then tape your contact details to the back of the device, so if lost, someone can attempt to return it to you.

Consider installing mobile security software which provides multiple layers of protection. You can remotely locate and lock a lost or stolen phone. Using the device’s built-in camera, you can take a snapshot of whomever or whatever is in front of the phone or tablet. You can even remotely wipe your data clean if you can’t recover the device. It also protects you from installing malware designed for mobile devices.

Other Steps to Protect Yourself

There’s a good chance that you use the same username and password combination for many, if not all of the sites you regularly use, including everything from shopping sites to your brokerage account.  That means that if the bad guys hack into just one of your accounts, or steal that information from the vendor or credit card company, they’ve effectively got the keys to the kingdom.  They can start trolling the Internet using sophisticated  computer servers until they grab multiple accounts and steal you blind.  Google suggests that one way to avoid this is to create different user names or at least different passwords for every service you use.  Nice idea, but most folks I know have enough trouble remembering a couple of account passwords.  Other places, especially corporate websites, will demand that you change your password periodically, generally 30, 60, or 90 days.  Again, nice idea but tough to remember, especially for those of us with short term memory problems, who can’t even remember why we walked into the kitchen.

Tougher Passwords

Of course there are still people who are creating passwords that are so simple that even a two- year old could hack them.  Things like 1-2-3-4-5-, or QWERTY.  Or Pasword9.  Both Norton and Google suggest turning phrases into passwords by substituting symbols in place of letters.  So, for example take the phrase

I had a great time when I went to Tucson and stopped at the Desert Museum

So, we substitute as follows

I had a gr8 time when I went 2 2cson & $topped @ the Desert Museum

That compresses to

Ihagr8twIw22&$@tDM

Google has a video that does a better job of explaining it.

The bottom line here is that there are plenty of steps you can take to protect yourself on line. But the tougher the steps, the more work they will be for you and the harder for you to remember.  And even then, none of them is foolproof. Perhaps a combination of biometrics, confirming phone calls to your cell phones, and other steps will eventually simplify the burden.  But for now, remember, it’s still a jungle out there.

– See more at:

http://intheboombox.tv/lions-tigers-bears-oh-my-combatting-internet-threats/2/#sthash.zwkoTeZS.dpuf