Steven Kotler of Fox News reports on “vacation hacking”, the newest trend in internet fraud.

Cybercriminals are targeting travelers by creating phony Wi-Fi hot spots in airports, in hotels, and even aboard airliners.

Vacationers on their way to fun in the sun, or already there, think they’re using designated Wi-Fi access points. But instead, they’re signing on to fraudulent networks and hand-delivering everything on their laptops to the crooks.

“More and more people are traveling with Wi-Fi devices like smartphones and laptops,” says Marian Merritt, Internet safety advocate at the computer-security giant Symantec. “Airports and airlines and hotels are responding. They’re setting up free Wi-Fi networks to lure in customers. Now they’re luring in hackers as well.”

Symantec lists five things that you can do to protect yourself:

• Pay attention to your surroundings. Just because you’re on vacation doesn’t mean you’re not in public. Don’t look at important documents when sitting in a waiting area for a plane or a train — wait until you’re alone and in private for that.
• Beware of “Evil Twins.” Some Wi-Fi networks look legitimate but are actually dummy networks created by criminals. Even if they contain the name of your airport, airline or hotel, they will directly link your computer to the hacker’s. If you always use the official access keys provided by the establishment, then you should be safe.
• Always assume Wi-Fi connections are being eavesdropped on. Never enter sensitive data — Social Security numbers, bank account information, etc. — when browsing the Web via a Wi-Fi network.
• Set all Bluetooth devices to “hidden,” not to “discoverable.” Better yet, if you don’t use Bluetooth, just shut off the function altogether.
• Keep your security software current and active. Mobile PCs are just as vulnerable to viruses, worms and Trojan horses as are desktops, so make sure you have the latest protection installed.

You can read the full article here:
Wireless Cybercriminals Target Clueless Vacationers

You use the internet for many activities such as banking, shopping, and communicating through email, instant messaging and social networking. How can you ensure that your personal information, identity, passwords, banking and credit card numbers are protected from hackers and other malicious users?

Your password is the key that opens the door to online banking, shopping and communication. You should create passwords that are difficult to guess or crack. Hackers make use of both technical and non-technical methods to obtain your passwords. They often will use social engineering techniques to obtain information directly from users. They also use computer programs (which are easily available) to “hack” or “crack” your passwords using both brute force and dictionary attacks.

Here are a few tips:

1. Don’t use the same password for all of your accounts. If you are using a single password for all of your accounts and a hacker gains access to this password, then he gains access to ALL of your accounts.

2. Create passwords that are easy to remember but difficult to guess.

• Do use long passwords. The longer your passwords the more difficult they are to guess.
• Do use a mix of letters, upper- and lower-case; numbers, and special characters (.,*&^%$#!). The website will specify which characters are valid for use in your passwords
• Don’t use names of spouses, children, friends, or pets.
• Don’t use phone numbers, Social Security numbers or birthdates.
• Don’t use the same word as your log-in, or any variation including substitutions
• Don’t use any word that can be found in the dictionary — even foreign words.
• Don’t repeat any characters.
• Don’t use a blank password.

Microsoft provides a Password Checker to check the strength of your password.

For those who are interested, PC Tools has a site that will assist you in creating a completely random password:

http://www.pctools.com/guides/password

3. Don’t share your password with anyone. You alone are responsible for any activity done in your account.

4. Don’t write down your password.

5. Do change your password often.

6. Never store your password in your web browser.

Many sites request that you submit an answer to a number of secret questions in the event that you forget your password. The most common questions are:

1. Mother’s maiden name
2. Favorite color
3. Make or model of first car
4. Name of best friend
5. Name of school

The answers to these questions can be easily guessed or hacked. Often hackers will use information that you supply on social networking sites like Facebook, Myspace, Orkut, etc. to supply the answers to these questions.

If your website or service allows you to create your own secret question, do it. If not, create a substitution method that works for you. For example, if you choose mother’s maiden name as your secret question, use a number. If you choose your favorite color as your secret question, choose your home state as the answer.

You can find more information about passwords GeodSoft’s How To site.

Taking these simple steps will keep your personal information from malicious users and protect you and your family from the pains that accompany identity theft.

Practice Safe Computing!

Education

Phishing (pronounced “fishing”) is a computing scam wherein a criminal attempts to steal victims’ sensitive personal information such as social security and credit card numbers, user IDs and passwords.

The process most often starts with an official-looking e-mail from a bank, financial or retail establishment that contains a link which directs potential victims to fake, but legitimate looking websites asking them to re-enter their username and password, social security, credit card or bank account numbers, address and phone number, or other information.

Prevention

Phishing is one of the toughest internet threats to prevent because it’s very difficult for the average person to distinguish a fake e-mail from a genuine one.

No matter how official a message appears, NEVER click on links in an unsolicited e-mail to access a bank, financial, retail, or other accounts. ALWAYS access an online account only by using it’s official URL (web address).

Your bank, financial or retail establishments will almost never ask for this information through email. If you do think the email is legitimate, call the phone number (NOT the one listed in the email) to check.

Forward messages you suspect to be a phishing attempt to reportphishing@antiphishing.org.

Monitoring

When you need to enter sensitive information at a website, verify the web address to ensure you are actually using the legitimate web address. If you are unsure about the web address contact the website owner.

Every month, you should review your banking, credit card, and other statements monthly for suspicious activity.

Practice Safe Computing!