Tag Archives: security

Warning: Internet Explorer 8 users

keyboardIf you use Internet Explorer 8, you need to be on the lookout for a security issue that could make your computer and personal information vulnerable. There is a security issue with the browser that could allow scammers to take over your computer.

This is a good reminder to keep your system updated with the latest security software to help spot vulnerabilities like this. You can download a fix for this issue via Microsoft. At this time, the risk is not for users with earlier Internet Explorer browsers.

Microsoft is working on a patch and hopes to release it soon.

Publicizing your purchase to save money

Retailers are looking for new and creative ways to advertise as mass media shifts from television and print to online. Social media plays a huge role in making nothing — something. Tweets, re-tweets, and shares on Facebook are great ways to expose a new product or service to potentially new customers.  Special promotions are often offered to followers or those who like a page. Now, companies are finding ways for you to make money by sharing their product on social media sites.

When you buy a product online, you’re asked if you want to let others know about it. You can share it on Facebook, Pinterest, Twitter , and other sites. Soon, your news feed will be filled with more than just the news story your friend read, game they played, or the music they listened to. I think it’s a matter of time before our feeds are filled with items people bought at stores as more and more people share their purchases. Their may be good reason to share that purchase — it may earn you cash!

American Express is offering a program it calls “Tweet your way to savings.” However, this takes the marketing to a whole new level because you have to sync your eligible American Express card with Twitter, and tweet special offer #hashtags to get exclusive savings on your card. The savings are great, but is it really such a good idea to link your Twitter account with your credit card information?

To answer that question, it depends how much you value a deal.  American Express says it doesn’t share your card information with Twitter. Instead, the company said a unique identifier is used to link the accounts. That’s one thing to consider.

Also, consider the work you need to do to cash in on the savings. Is it worth it, and are you buying something to simply save money? Only certain companies participate in the promotion. To find the offers, you have to go to American Express’s Twitter page and read the Tweets under the Favorites section.

Here’s a look at some of the current offers: Zappos is offering $10 back on your next purchase, H&M is offering $10 on a $50 purchase, Gulf Oil is offering $5 back on $25 purchase, Whole Foods is offering $20 back on a $75 purchase, and Virgin America is offering 10% off a main cabin ticket. For example, for Zappos you tweet #AmexZappos and you get your statement credit within a few days as long as you meet the minimum purchase requirement.

This is not the first coupon venture for American Express if you link your card to a social media site. In July 2011, I wrote about their “Link, Like, Love” Facebook promotion. It works in a similar fashion in that you link your American Express card to your Facebook page, and based on your interests and your friends interests you’ll get special offers and deals. You can also browse the promotions.

I think this is the wave of the future. It’s the latest way for companies to get their product in front of a broader audience. All, for free.

Other ways to make money online without publicizing your purchase
The linking of my credit card to a social media site, even though they say it’s not shared, makes me a little uneasy. I think I’ll stick with other ways to make money. When I shop online, I look to Ebates or my credit card company to see if they have a special promotion with the company I’m shopping. I seek out the savings when I’m ready to buy rather than buying just because I see a good deal.

On Ebates, I earn cash back if I link to a retailer through the Ebates site.  They don’t credit my credit card because they don’t have that sensitive information. The money comes in the form of a check each quarter. Of course, someone is making money because they’re tracking my purchases. So, that’s not exactly the most private service but it’s nice to get that check in the mail every quarter.

With my credit card company, they already have my personal information and if I link through them to a retailer I earn more points than I normally receive. Sometimes, the offers are 3 and 4x more points than I normally earn.

Both of these money saving and earning options are potentially not as valuable as the $10 offer from American Express’s social media savings programs, but there are no strings attached. Plus, I don’t overbuy because I don’t have to make a minimum purchase. Finally, there are far more retailers participating in these other offers. That may change as the marketing changes as I think American Express is on to a new trend.

For now, I’ll spare my social media connections tweets and Facebook posts about my purchases. Will you? Click comment below and share your thoughts on this new type of marketing.

Google wants your phone number — why?

Google recently changed its privacy policy combing more than sixty policies into one. The updated policy also allows Google to more directly target ads to your specifications. The change only impacts users who log into one of the Google services, but it still sparked criticism. So, imagine the surprise of some users when Google began asking for phone numbers. Several companies ask for your mobile phone number for security purposes, but it’s the timing that may have some users thinking twice and asking what’s next?

Google tells users that a mobile phone number is one of the easiest and most reliable ways to make sure your account is safe. It also allows you access to your account if you forget your password or someone gets unauthorized action.

Google says it will send you a verification code so you can get in your account if you can’t get into the services. You’ll also be notified via text when your password is changed.

Last May, I wrote about Facebook’s request for your phone number.   Their “Login Approvals” process had the same intent of increasing security, but it worked a bit differently. With the Facebook system, if you opt in you get a code sent to your cell phone when you log in from an unregistered computer.

Several years ago, banks added security questions, pictures, and PINS. Which raises the question — why your cell phone. If a question or picture is enough for a bank, why isn’t enough for Google, Facebook, or other companies that request your cell phone?

Companies who request your phone number say that’s more secure than your email or a security question because  you physically carry your phone. Email accounts are constantly being hacked, and remember most banks already have your phone number. It’s usually required when you open an account. If your credit card shows unauthorized activity you’ll get a phone call not an email alerting you.

It seems we continually give up more personal information. Perhaps it’s just another sign of the times. Hackers keep finding ways around security and as a result we have to give up more information to try to protect our personal identities. We can only hope they hold our information in as secure a place as possible as security breaches are common.

Ultimately, it’s your decision if you give a company your cell phone. It’s not required with Google or Facebook. It all depends on how much personal information you want to give up and whether you feel that’s less important than the so-called added security.

TSA program allows you to skip security

Tired of long security lines and the hassle of taking off your shoes, belt, and jacket? If you’re a frequent flier you may be able to avoid the lines and hassle at some airports.

Airlines participating in TSA Pre-Check are sending emails to frequent fliers asking them to opt in to a volunteer pre-screen program that allows you to skip the long security lines.

You can participate if you are flying Delta out of Atlanta, Detroit, Las Vegas, or Minneapolis or on American Airlines out of Dallas, Las Vegas, Miami, LA, or Minneapolis airports.

The program will be added for Delta passengers flying out of Salt Lake City on February 14th and American at JFK on February 28th.

In March, the program expands even more this time to Ronald Reagan Airport if you are flying on Delta and American Airlines in Chicago.

In 2012, participating airlines at the following airports will join the program:  Baltimore / Washington International, Boston, Charlotte, Cincinnati, Denver, Fort Lauderdale, George Bush, Honolulu, Indianapolis, JFK, LaGuardia, St. Louis Lambert, New Orleans, Luis Munoz Marin International, Newark, Chicago O’Hare, Orlando, Philadelphia, Phoenix, Pittsburgh, Portland, Ronald Reagan Washington, Salt Lake City, San Francisco, Seattle, Tampa, Anchorage, and Washington Dulles.

While this program aims to expedite security, TSA says it’s not a guarantee. To prevent terrorist acts, there needs to be a certain amount of randomness and unpredictability. A barcode will be embedded on your boarding pass if you are eligible for expedited security and volunteered previously.

Facebook Timeline privacy

Privacy, privacy, privacy. Do we have any with all these social media changes? It’s hard to keep your information personal without doing a lot of work. I think it’s worth the time if you are somewhat interested in privacy and truly only want to share information with your true friends.

Facebook Timeline is being rolled out during the next several weeks to all users. Instead of waiting for Facebook to decide your timeline, act today. You’ll have seven days to work on your Timeline and get it ready to be viewed by the public. While a lot of people are grumbling about this mandatory change, it is an easier way to look back at your old posts and see what was on your mind or what you did several years ago. You can find it with a click of the mouse. However, Timeline will take some adjusting. Click here to read about Facebook Timeline 101 and the key things you need to adjust.

Your activity log is a key area you’ll want to explore. It’s an easy way to hide things that you don’t want on your Timeline. Read more about your activity log here.

Once you get your timeline configured, make sure you check your privacy settings. Instead of going through each and every privacy tidbit, I am recommending you watch this extremely information tutorial from CNET. It’s worth the 3 minutes and you’ll learn a lot.

Ever wonder what your profile looks like to someone who is not a friend? In other words, ever wonder what information is public and what’s private? There’s a button next to your activity log that with a drop down box that says “View as.” Click that and you’ll be able to view your profile as the public sees it. This will really help you decide if your privacy settings are what you want them to be.

Want to make sure your phone number, which you need to provide to post photos from your phone, is not public? Watch the video.

There are dozens of great tidbits like that in this video courtesy of CNET. Invest 3 minutes. It’s worth your time if you care about privacy.

Related links you may like:
Facebook Timeline 101 

Zappos customers on alert after cyber attack – the lesson for all of us

Cyberfraud is always rampant, but what’s next this week? Online shoe retailer, Zappos, is warning customers that their personal data may have been accessed including your email address, name, billing and shipping address, phone number, and the last four digits of your credit card number, and maybe even a scrambled version of your password. Yikes!

The email sent to customers tells you to change your password. The company discontinued the passwords that were stolen in their scrambled form so accounts can no longer be accessed without a new password.

To reset your password on Zappos, you simply submit your email address and they send you a new password. Be warned – the new password doesn’t arrive in your email right away. Zappos says it’s had a large number of requests, obviously, and it may take up to 30 minutes.

Password management
Here’s the problem – if you use your Zappos password on other websites you may be vulnerable on other sites. The thieves dig for more information when they get a few pieces. Sometimes those pieces are enough to steal your identity or at least commit more fraud.

That’s why you are always told not to use the same password on multiple sites, but just like you I am guilty of that. It’s hard to create a different password for every site and remember it. That’s why some security consultants recommend a password management program like KeePass. It’s free software that manages all your passwords so you can use different ones on different sites, and it recommends more complicated passwords so your accounts are more difficult to hack.

Finally, don’t use public computers. There may be software installed on it that can steal your keystrokes. Think it can’t happen to you, think again. Click here to see that story. It will make you resist the urge the next time you are on vacation.

Damage control
At this point, the damage is done. The thieves hopefully won’t be able to unscramble the passwords they got, but who knows.  These attacks are very sophisticated and their capabilities seem limitless sometimes. With the last four digits of your credit card and address it may make it easier for thieves to hack into your another accounts.

Change the passwords on other accounts especially your bank and popular ones like Facebook and Twitter if you think they are similar to your Zappos account.

Also, be on alert and don’t fall for spam or phone calls that ask you to verify personal information.

Related links you may like:
Facebook and Twitter security
Erasing your digital footprint
Online hacking schemes – email and Facebook accounts exposed

Say goodbye to long security lines?

If you have a vacation planned in the next few months, your airport security experience may change.  The Transportation Security Administration (TSA) is launching a pilot program to speed up the screening process for low-risk and known passengers.

Starting this fall, a pre-flight, identity-based screening pilot will start. Certain frequent fliers and members of Customs and Border Protection Trusted Traveler programs will be eligible to participate.  You’ll opt into the service through your frequent flier program, because you’ll need to enter a traveller number when you book your ticket. Then, you’ll find out if you were selected for pres-screening when you arrive at the airport.  Your boarding pass will be scanned, and that will tell you if you are on your way to general security or the shorter pre-screen line.

In Atlanta and Detroit, frequent fliers from Delta will be targeted.  In Miami and Dallas Forth Worth, American Airlines frequent fliers will be able to participate. There are plans to expand the pilot to other airports and airlines including United Airlines, Southwest, JetBlue, US Airways, Alaska Airlines, and Hawaiian Airlines.

TSA points out over and over that at no point is this program an entitlement club. Passengers are always subject to random, unpredictable screening measures.

While this program may not be coming to an airport near you, it may rollout nationwide if successful. The TSA wants to know if passengers are willing to provide additional information upfront to avoid long security lines. TSA says this could signficantly change the travelling experience.

Citigroup says security breach impacts 360,000+ customers

Citigroup Centre, Sydney

Image via Wikipedia

Citigroup says 360,083 U.S. Citi-branded credit cards were compromised in the recent security breach. The breach happened May 10th and impacted about 1% of North American cardholders. In Ohio, 5,547 customers were impacted.

The company posted an open letter to its customers on its website. It reads as follows:

“To Our Customers: You may have recently read in the media about a compromise to Citi Account Online impacting credit card accounts in North America. We wanted to share more specifics with you regarding the event. First, we want to confirm three things: 1. From the moment Citi discovered the breach we took immediate action to rectify the situation and protect any customers potentially at risk. 2. Customers are not liable for any fraud on the account and are 100% protected. 3. Every decision made throughout this process was in the best interest of our customers.”

Citi says its Citi Cards’ Account Online system was effected, but the main card processing system was not. Citi says it knew within seven days the majority of accounts that were impacted.

Citi says account names, numbers, contact information, and email addresses were viewed. The credit card company says social security numbers were not accessed which is a key factor in stealing someone’s identity. Citi says the card’s expiration date, customer’s birth date, and card security code (CVV) were also not compromised.

Related links you may like:
Checking your credit report
10 consumer reports you should check
What to do if you’re an identity theft victim

Phishing attack hits Gmail – how to keep your information safe

If you use Gmail, you’ll want to be on high alert as Google says a phishing attack from China is targeting Gmail accounts. Google even says accounts of U.S. government officials were targeted.

Google says the phishing attack’s goal was to monitor emails and change forwarding settings. The company says the account hijackings were not the result of a problem with Gmail.

Phishing attacks can be executed with malware or when a user simply responds to a fraudulent email and unknowingly gives away sensitive information. Banks and email providers will never send you an email asking you to verify your credentials. If you hover over these fake hyperlinks you’ll often see that the link that appears to be http://www.jennstrathman.com is really http://www.phishing.com and so on.

Google reminded consumers to improve security of their accounts. This is good advice for everyone who uses email.  They suggest a 2-step verification process where a code is sent to your phone or other device. You need to enter your password and that code before you sign in.  Google will remember that code for that computer for up to 30 days which makes it a little less of a pain to use 2-step verification.

If you’re interested, watch this video on how you do it. It’s pretty good.

Some verification processes can be annoying. I recently tried Facebook’s, and found it to be a huge hassle. I say this, and I’m a big advocate of privacy and doing what you can to reduce your digital footprint. If you use the same computer all the time, it may not be a big deal. At least try it and see if it works for you as all the verification processes vary slightly.

Whether it’s email or your bank account, always use a strong password. Characters, Capital Letters, and numbers are important to making it more difficult to figure out a password.

Remember all these passwords is difficult as every company has different requirements. Instead of remembering them all, you may want to try a password management program. Just choose carefully as you are giving your iinformatio to a third party application. Security consultants I’ve talked with like KeePass.

Avoid using a public computer. You don’t know if there’s malware loaded onto the computer to steal your keystrokes. Think it can’t happen to you. Think again. This woman accessed hers on a cruise ship, and suddenly someone hijacked her email account.

Related links you may like:
Google yourself to find private information that’s publicly posted
New ways to erase your digital footprint