10 Twitter Safety Tips.

10 Twitter Safety Tips.

If you’re looking for a site that really puts the “social” in social media then look no further than Twitter. In our experience the majority of people on Twitter are super friendly, but every now and again you’ll run into a creep who feels it’s his or her mission in life to make you miserable, whether it’s harassing your or sending you spam. It’s usually enough to block unwanted Twitter followers, but some people step over a line and you might need to do more than just block them from your account.

We’ve come up with a list of 10 Twitter safety tips to help you avoid the less-than-scrupulous people and navigate around some of the other hassles that come with social media.

  • Keep personal info personal.

    Don’t share any personal information like telephone, email address, the location of your home, etc. The more you give out, the more likely you’ll find yourself with a cyberstalker, and we feel that this is an especially important Twitter safety tip. Also, be careful with any geolocation service you use (even Twitter’s own), and never tweet your location from home!

  • Careful who you follow.

    It’s not necessary to follow everyone who follows you. First off it’ll start to clog up your Twitter feed when you have hundreds or thousands of followers, but secondly you’ll open the door to people who are looking for an easy mark instead of a new friend. Follow, and be followed, with caution.

  • Beware of phishing.

    Phishing attacks make their rounds through DMs (or “Direct Messages”) all the time. Before you respond to a DM, make sure it’s legit.

  • Only use trusted Twitter apps.

    Limit which Twitter applications you use, and try to only use those which use the OAuth method of connecting to Twitter. And before you give a Twitter application a thumbs up to connect to your account, do some quick research and make sure that any app you use is reputable.

  • Strong password, secure account.

    Change your password regularly and use a strong password. This is probably the easiest, as well as one of the most effective, Twitter safety tips we can give.

  • What did you click on?

    Shortened URLs are great for keeping in the 140 characters, but that makes it harder to tell where the link takes you. Some Twitter clients, like TweetDeck, allow you to preview the destination URL before you click through. There are also several Firefox addons that will reveal the final destination of a shortened URL. And if worse comes to worse, you can always add a “+” to the end of any bit.ly URL to see its information page.

  • Don’t believe everything you read.

    Mama always said there’s no such thing as a free lunch, and it goes doubly so on Twitter and other social media sites. Scammers and spammers abound, and they’d love to get their hooks on you, so be wary of any offers, contests, or messages that promise the world.

  • Parental guidance suggested.

    Parents need to educate themselves about Twitter and pass that knowledge to their children. We recommend that parents set limits on when their children can use Twitter, as well as appropriate ages to use social media without parental supervision.

  • Report threats and cyberbullying.

    If you receive a threatening message on Twitter, contact your local law enforcement agencies as well as Twitter support. Cyberbullying and harassment is a growing problem online, and there’s no good reason to stand for it.

  • Don’t go it alone.

    A tweetup is a great way to meet local tweeps, but do it smart. Never arrange to meet someone alone in real life through Twitter. Always go with a friend, and in a public place.

Using these Twitter safety tips should help keep you less likely to be bothered with the down side of social media and enjoy the great things that Twitter has to offer.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

Making Facebook Safer for You and Yours.

Making Facebook Safer for You and Yours.

With over 400 million active members at the time of this post’s release, half of which log in at least once per day, Facebook is at the top of the web site food chain. With numbers like that, chances are that if you’re reading this post you’re also a Facebook member, and if you are, there have been a lot of changes in the last few months with regard to Facebook account settings that you may not have updated recently.

You may have updated a few settings when you first set up your Facebook account, but it’s a good time to review what your current settings are and make any changes necessary. We’d like to show you 3 things you can change, update, or do to make your Facebook profile safer and help ensure that only the information you want people to see can be seen.

  1. Account Settings:

    It all starts with a good password. Since Facebook allows you to store a lot of personally-identifiable information, it’s even more important to ensure that the password you use to access Facebook is strong, unique, and known only by you. If you’re not sure how to create a strong password, check out our blog articles “12 Tips for Making a Good Password” and “Bionic Passwords: Better, Stronger, and Faster“.

    To change your Facebook password, click on Account > Account Settings > Password. You should then be prompted to type in your old password (as a safety precaution) and your new password.

  2. Privacy Settings:

    The Facebook privacy settings page has 5 different sections that you can modify, each of which we’ll discuss separately below. For specific details on each section see the actual page itself.

    • Profile Information:

      This section allows you to determine who can see information like your birthday, photos, posts, comments, and information of that nature.

    • Contact Information:

      This section allows you to determine who can see information like your cell phone, home address, website URL, and IM screen names.

    • Applications and Websites:

      If you allow Facebook applications to access your account (including games such as Mafia Wars and 3rd party tools like Twitter), this section allows you to determine what, if any, information those applications can access. You can also select what information your friends can share about you, too.

    • Search:

      This section has 2 very important settings: who can see your search results, and whether or not your Facebook page can be accessed by search engines.

    • Block List:

      Have a virtual stalker on Facebook, or just really tired of someone? You can add them to your Block List and not have to deal with them any more (for the most part).

  3. Watch what information you publish:

    Think twice before publishing anything that is personally identifiable to Facebook or any other web site. Phone numbers, addresses, work locations, and schools you or family members are attending are all examples of things that you might want to keep under wraps. And if you do publish them to your Facebook friends, be sure to double-check all of your Facebook settings (noted above) to make sure that only the people you want seeing them can have access to them.

    Please be especially careful with releasing any information regarding your home address online. Making your home address public isn’t something a lot of people do, but new tools, games, and features on many new phones, web services, etc. allow you to post geolocation data like GPS coordinates, and those can be just as dangerous to make public as your address. Read our blog post “Stranger Danger: Geolocation Features and Internet Safety” for more information.

For more information, check out the official Facebook safety page at http://www.facebook.com/safety/.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

Twitter-forced password changes; possible phishing attacks.

Twitter-forced password changes; possible phishing attacks.

There are reports coming in regarding Twitter forcing people to update their passwords. The reason: real or potential Twitter phishing attacks. Many people are talking about seeing an email from Twitter that reads:

Due to concern that your account may have been compromised in a phishing attack that took place off-Twitter, your password was reset.

At this time there is no confirmed threat, but it appears that if nothing else, Twitter is taking a proactive role in helping to reduce and/or pre-emptively kill any phishing attempt that may be occuring. Even if Twitter hasn’t changed your password and/or you’re not affected by this possible phishing attack, we recommend the following course of action for increased security:

  1. Change your password. Make sure to use a good mix of letter and numbers.

  2. Review and rethink any third-party services you’ve allowed in your Twitter Connections setting.

  3. It’s also a good time to go through your followers (and those you’re following) and check for spammy and/or suspect accounts. Things to look for in these types of accounts include, but aren’t limited to:

    • Very few, if any, tweets. Ever.
    • No tweets in the last
    • Following thousands but followed by few.
    • The same kinds of tweets sent out over and over and over.

We will report on this issue again as we find out more details. For more tips on staying secure on Twitter, check out our blog post “Six Secrets of a Safe Twitter Account.“.

UPDATE: Twitter addresses the password resets with their status update entitled Reason #4132 for Changing Your Password.

Twitter-forced password changes; possible phishing attacks.

Image courtesy of Twitter

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

Online Crooks Spread Holiday Scams, Not Cheer.

Online Crooks Spread Holiday Scams, Not Cheer.

If it’s the end of the year then that means it’s time for Christmas, Hanukkah, Kwanzaa, and the annual ramp up of holiday-related scams, phishing, and other related online naughtiness. If only Santa had enough room on his Naughty List for all of the digital scammers!

It seems like every year the “bad kids” of the online world all seem to come together to get some year-end maliciousness out of their system. Increases in email spam, fake friend requests on social networking sites, and identity theft are part and parcel for the holiday season and this year is no different. If anything the current economic problems in America and the rest of the world make us all more likely to be a victim of holiday scams since we’re all on the hunt for great deals and looking for a way to stretch our holiday budgets.

Here’s a breakdown of some of the more common scams, schemes, and potential problems that you’ll find this year:

  • Fake gift cards

    A perennial favorite, fake gift cards are often touted as being sold for cheaper than their original price (e.g. a $25.00 gift card being sold for $10.00), but many times are either completely fake, stolen and worth no money, or have had most if not all of their value used already. We suggest that you avoid these at all cost unless you get them from the store they are actually from (like Amazon.com gift cards) or another reputable vendor.

  • Fake charities

    Organizations like the United Way, Red Cross, and Toys for Tots do wonders for people across the country, but be careful when making a donation. Be sure that the representative you’re talking to is actually working for a charitable organization and not his or her own pocketbook.

  • Holiday e-cards

    Even though the real ones can be fun, e-cards in general have been known to mask trojans and spyware that are installed on your PC without your knowledge. Be especially careful when you receive an e-card in your inbox during the holidays.

  • Lyric websites

    When looking for Christmas carols you might end up finding malware. Many lyric sites are chock-full of advertising, popups, and it’s easy to accidentally click “OK” on a software install button. Be very careful when getting your play list ready for your carolers.

  • Fake websites

    These tend to come out of the woodwork and often look very convincing. Identity theft and stolen credit card numbers are the usual gifts that are given to holiday scam artists when they set up a fake website that copies an online store or charitable website. Check out our post on “How to Spot a Fake Website” for additional details on how to know which are fake and which are real.

  • Online fraud

    eBay, CraigsList, and other online auction and shopping sites have great deals and a lot of hard-to-find gifts. They also have a lot of fraud associated with them since anyone with an email address can set up an account. Make sure to look for user ratings if possible (eBay in particular has a pretty darn good rating system for buyers and sellers) to see what a seller’s track record is like before you click on the buy button.

We hope that you find these tips useful this holiday season, and we wish you and yours the very happiest of holidays! And if you’ve got kids and they’re still young enough to believe in Santa Claus, check out this Naughty or Nice form that asks a few questions and lets them know what list they are on.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

Social Engineering: A Digital Con Game.

Social networks such as Facebook, Twitter, and MySpace are wonderful ways to connect with friends and family. Unfortunately they also provide excellent resources for online crooks to gain sensitive information via social engineering, a term synonymous with con games in the world of computer security. By learning what social networking is, you can protect yourself from would-be (virtual) attackers and keep your data safe.

What is “social engineering”?

Social engineering is a non-technical intrusion using human interaction (thus, the “social” in “social engineering”) to gain information which directly, or indirectly, leads to a scam of some kind. The information compromised can be of any variety: passwords, access to computers and/or networks, account information, or anything else that can lead to additional data, money, identity theft, hacked accounts, or other problems for the victims. It’s considered a safer and easier way to run a con since the scammer rarely has to be physically present in front of the victim, so the Internet provides an excellent medium for these kinds of scams.

How does social engineering affect my social networking accounts?

Attempts to phish for information are notorious online, and you should learn how to protect yourself from phishers. Instant and direct messages, emails, chat… all forms of online communication have the potential to be tapped, spoofed, or intercepted. Whether it’s email, a social networking site, or something else, all it takes is one unsecure account and a bit of luck in order to gain access from hundreds, if not thousands, of other users. With access to one unsecured account, the scammer now has the trust of all of their friends and followers of the real account owner. The flood gates are now open for additional phishing attempts, data loss, and other forms of digital mischief.

Social engineering is very simple and very effective. The weakest link in any computer security scenario will always be a human, and social networks are chock full of them. With enough patience it’s only a matter of time before a scammer finds a victim.

How can I protect myself from being a victim?

The easiest way to guard against social engineering is to be skeptical of offers presented in emails, online, and over the phone. Social engineering attempts prey on every aspect of human behavior (greed, compassion, fear, love, etc.) and can even exploit outside events such as natural disasters and current news topics in order to extract information from the victim. Here are a few specific things you can do:

  • Ensure the legitimacy of anyone claiming to be a representative of a company, government office, or organization.
  • Never reveal personal information unless you are certain of their need for the information and that the information will be held in the strictest confidence.
  • Keep your passwords and other account access data secure. No company or it’s representatives should ever ask for your password, no matter how convincing the story they give you.
  • When entering sensitive information online, make sure you’re really on the web site you think you are on. Read our “How to Spot a Fake Website” post to learn more.
  • Never send sensitive and/or personal information via email or instant message to anyone, even friends and relatives. Spoofing emails and IM information is too easy.

If you come across a social engineering attempt, make sure to contact the service you used when the attempt occurred. Most social networking sites, companies, and organizations have a computer security team that handles these issues and you can help stop the spread of these attacks. Listed below are some resources for a few online services regarding safety, abuse, reporting, and/or support. To find out how to report on other sites, check their Help or Support links.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

The 411 On How to Prevent Phishing.

Online fraud can come come in a variety of ways; forged emails from financial institutions, fake websites that look like a legitimate brand’s domain, and even in the form of instant messages. When a crook uses a computer to try to get you to reveal sensitive information to them it’s called “phishing”, and the really good phishers make it very difficult to tell the difference between them and the real thing.

Phishing is an example of social engineering, which is any social or interpersonal communication used for fraud of some kind. A phisher works by passing himself off as a legitimate source, often by mimicking a well-known source (a company, a friend, etc.). Under the pretense of being a trustworthy representative, the phisher crafts a message to potential victims that seems authoritative. And while most people won’t click through on these messages, a very small percentage of people is all that is necessary for the phisher to make money and/or wreak havoc.

It’s not just credit cards, bank accounts, and Social Security numbers that they’re seeking. They’ll take usernames, passwords, email addresses, URL history, cookie data… anything and everything that they can get their hands on that might get them closer to parting you and your money. We’re going to show you how to detect the 3 most common online frauds: email, fake websites, and instant messages.

Emails

Email is probably the most common method of phishing attempts. The price is right for spamming (basically free), and distribution of an email can go world-wide in a matter of minutes. A common tactic used by phishers to spread their “bait” is to write an email and use forged email addresses of major banks to inform you that there is a problem with your account. Another trick they employ is to tell you that you’ve won a prize. The safest thing is to not click on any link from an email that you aren’t 100% sure is from a real person or company. Also remember that no company should ever ask for the password to your account in an email! That’s a sure sign of a scam.

Fake websites

If the spam emails don’t ask you to reply back with your account data to “verify” you, they will usually have a link in the email that takes you to a website where you will be prompted enter this information. These phishing websites can look very convincing, too, especially since it’s quite easy to clone another website. Many major ecommerce websites such as PayPal, eBay, and Chase.com have been cloned into a fake website used for phishing purposes.

Fake websites come in a variety of forms, but they all usually have tell-tale signs of being a scam: using an IP address (http://127.0.0.1) vs. a regular domain name (http://example.com/), having a URL that isn’t on the actual domain (for example, http://blog.stopsign.example.com would not be our blog; but at first glance it looks like it), etc. For more information about fake websites, read our blog post on how to detect fake websites.

Instant messages

The scam methods used in IM’s are similar to those from emails. But instead of trying to get you to directly enter information, they usually just provide a link to a website that does all the dirty work for them. It’s best to ignore and/or block unknown users whenever they try to get to you.

Bonus tip: Alternate ways phishers try to catch you

As with most fraud schemes, phishing is a growing resource for crooks and it’s always changing. One alternate method phishers use to scam you is to use a real website to phish. In fact right around the time this post was being written, a Twitter phishing scam made it’s way around the Twitter using their Direct Message (DM) system and tweets, causing a lot of buzz about phishing on the immensely popular service (we even have a StopSign Blog Twitter account). You’ve got to be on your toes all the time to keep yourself safe, but with the tips we’ve written about, you should be able to recognize some of the more common scam methods.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.