Happy holidays. It is a wonderful time of year for giving, receiving gifts, festive dinners with friends and family, and that long awaited trip to exotic places. We wait all year for the holiday season. We are not the only ones who wait.. Financial fraud, identity theft, malware, phishing and malicious hoaxes all ramp up for that time when we are most at ease and vulnerable. The best gift you can give to yourself --- be aware.
What does it take? After a delicious dinner and great wine, feeling mellow and content, you hand your credit card to the waiter. It takes only a smart phone with a camera ... and your name, credit card number, expiration date and verification code are now someone else's dessert!
For most, if abnormalities in buying behavior are not detected by the credit card provider, the realization of the theft of financial identity is only with the arrival of the next months billing statement. For some it may be months before the theft is realized.
Do you remember the Christmas virus? It seems there is a special fondness for the release of malware, hoax viruses and phishing schemes with the holiday season. It makes sense. When are you more likely to click on the link to see the dancing Santa, receive greetings from old friends (and all those other old friends that you never met) or share outrageous animated cards with everyone that you know, spreading the joy of the season, and potentially devastating embedded malware?
When are you likely to be more vulnerable to phishing schemes than at a time when you are doing most of your online purchases and have become desensitized to providing credit information online? How many of us make our end of year charitable donations online before the tax year ends? When, other than the holidays, is the activity in your checking account, and your dependence on the ever fluctuating balance so great, that you might actually click the link provided in the 'email from the bank' asking you to correct a discrepancy in your account? Don't get caught with that one. Reputable banks would never ask you to provide information in that way!
The holidays are a great time for travel. There are Wi-Fi hotspots, cyber pubs and cyber cafes everywhere. And who could imagine that it's not just high priced coffee and doughnuts, but everything you send unencrypted that is on the menu to the guy seated three tables away running a Wi-Fi scanner on his laptop?
And then the ever effective - *Virus Detected - Click Here To Remove*. Nobody would fall for that, right?
Smartphones and tablets have extended digital capability and digital exposure to a community that is infatuated and often unprepared. We are all enamored by the capabilities, reach and instant participation of digital mobility, yet many of us are unaware of the risks. How many of our parents and grandparents were innocent bystanders of the computer age, but are now fully engaged online consumers? Shopping, download-able apps, instantly appearing holiday pictures, online video chats and messaging - it is a wonderful new world for many - and the bad guys know it.
But prudence provides a gift for the holidays that will go a long way towards making this a joyous and safe season and it is a gift of sensible practices and technical steps that you can share freely.
- Banks and credit card providers all provide some level of activity alerts as a convenience and to protect against financial fraud. By default for most these are turned off and many people are unaware of the service or that they need to turn them on. Most are free and can be activated online or by phone. They are called fraud alerts or transaction alerts. They should advise you by text or email whenever a charge is placed on your card by phone or online. They should alert you when a withdrawal, payment or wire transfer is made from your account above an amount that you set. You would be surprised as to how many very financially savvy people I have spoken with who are unaware that these services are available.
- Monitor your credit score and in specific credit inquiries using any one of the numerous credit monitoring and alerting services. Credit inquiries may just be prospecting or equally may be fraudulent attempts to open lines of credit.
- How many of us rarely change our passwords? We know from real life that if you lock the door unwanted guests and relatives that never want to leave can't easily get in. It is a good practice to update your passwords effectively changing the locks especially on systems used for banking, purchasing or other online transactions before the start of the transaction heavy holiday season.
- Smartphones and tablets are often set for convenience and performance, not security by default. An encrypted device with an effective password is the best defense you have when the phone carrying the sum of your life and everything most near and dear is lost. It is also your best defense when the guy three tables over has a sniffer and mischief on his mind. You have your name, photos, geolocation tags for your photos, the home location set on your GPS feature, and likely other personalizing information on your device. Do you think that a lost smartphone only exposes your phone?
- Encryption is the best defense we have against prying eyes when our data is in transit. If you use an email provider confirm that your messages are encrypted and transmitted securely. If you use a smartphone, again, change the settings to assure it is encrypting the data it transmits.
- Consider the information that you share. You would never consider performing a financial transaction without using a secured browser session. Where possible use the same guideline whenever exposing information that you consider private. It's remarkable the information that is shared on unsecured sites and in chat rooms. It's a big Internet. It is amazing how difficult it is to stay anonymous and to keep your most important information private.
- Backups are important and most of us don't perform them regularly. A completely dark monitor is fine when your PC is powered off. It is the worst ever feeling when it is still dark after being powered on. Particularly in this holiday season when viruses are rampant, malware writers are feeling creative and script kiddies are home from school, you need to be backed up. At a minimum a flash drive with your most critical files and settings will make life restorable, but a full backup, and better still a remote copy is a thing of beauty.
- Antivirus systems are perhaps our best defense and the most widely used technical defense for home computers. They are a selfless, caring and social defense, perfectly in tune with the season of sharing. In this case most will appreciate your not sharing ... and that a virus that can't get past the defenses you have in place cannot be spread to everyone you know. Be merry. Keep anti-virus systems current.
- We get tons of email. It's the holidays. Most are welcomed and expected, from colleagues, friends and family. Sometimes they carry attachments. Use your judgment. Even a trusted source should only be trusted as far as you can trust their awareness.
- And what of all those other messages? As a rule, if you don't know who it is from, if it has no subject to tell you what it is about, if it is asking you to click on a link to make something happen or to take you elsewhere or if it is carrying an attachment it wants you to see, in my opinion, delete it. What if you really did inherit a million dollars from some prince in a developing nation? Don't worry about it, you didn't.
- Technical options are available to us that will make us safer still. Consider whether you need the Auto-Run features active on your PC. It saves you a click, but is an avenue of attack. Consider the Always-On features on your smart phone? If you are not acting as a hot spot or using Blue Tooth or countless other Always On features, turn them off. Do you need to have location awareness active to tag your photos? It is in some instances a doorway in ... and more to my concern as a former forensic investigator, I now have your picture ... and I know where you are.
Be safe out there. Tis the season.