News Recap: Facebook

By | October 25th, 2013|Uncategorized|

Facebook Blog PicFacebook recently changed its privacy policy for teenagers ages 13 to 17 to give them the option of sharing their posts with the general public. Before this change, teens were only able to broadcast their status updates to friends and “friends of friends.” While Facebook claims this will give young influencers a platform to voice their opinion to the world, others are concerned about cyber bullying, privacy and online security.

Jeffrey Chester, executive director of the Center for Digital Democracy, shared with the Washington Post that federal regulators should intervene to protect teen privacy.

“To parents and teens, Facebook is claiming they are giving them more options to protect their privacy. But in reality, they are making a teen’s information more accessible, now that they have the option to post publicly,” Chester said in the Washington Post. “Today’s announcement actually removes a safeguard that teens currently have.”

Los Angeles Times reporter Jessica Guynn shared that parents are also alarmed by the changes. Pew Research published a report that found “59% of parents of teens who use social networking sites have talked to their kids because they were concerned about something posted on their profile or account.”

Despite push back about privacy, Facebook maintains that they take privacy seriously, Sharon Gaudin from ComputerWorld reports. According to a blog post from Facebook, “when teens choose ‘Public’ in the audience selector, they’ll see a reminder that the post can be seen by anyone, not just people they know, with an option to change the post’s privacy. And if they choose to continue posting publicly, they will get an additional reminder.”

Do you think teens should have the option to post publicly? How can teens stay safe when posting publicly on Facebook? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

August Recap: Full Steam Ahead

By | September 4th, 2013|Uncategorized|

It’s easy to lose steam in August – but here at CSID, we were full steam ahead. We announced the date and panelist lineup for our upcoming webinar, participated in the SXSW 2014 Panel Picker and even had time to squeeze in a fun Frat Games Day for our Austin office. Take a look at what we’ve been up to this past month. 

Reputation Management Webinar Announced

In September, we will be holding a cyberSAFE webinar on “Managing Online Reputation.” This August, we announced our brilliant panelists, including reputation expert Parry Aftab, Executive Director of Wired Safety; HR Consultant and Writer at Blogging4Jobs, Jessica Miller-Merrell; Professor of Law at Washington University St. Louis, Neil Richards; and CSID’s own Bryan Hjelm, VP of Product and Marketing. The free webinar will be held on September 24 at 12 PM CST. Reserve your spot now! 

Vote for CSID to Speak at SXSW 2014

The SXSW 2014 Panel Picker opened mid-August, allowing the public to vote for their favorite panel submissions on a variety of topics. We submitted three topics for consideration and were thrilled to see them appear on the SXSW 2014 Panel Picker. Take a look at our topics and vote by Friday, September 6th:

  1. When Good Technology Goes Bad: Mobile Technology – see CSID’s CIO Adam Tyler hack a $20 router into a mobile attack platform while discussing emergent threats in mobile technology. Vote here
  2. Growing Up Unprotected: Child ID Theft – CSID’s Bryan Hjelm and LookOut Social’s Clay Nichols will explore why child identity theft is on the rise, how crime affects children and families and ways to mitigate the risks of child identity theft. Vote here
  3. That Was The Old Me: Managing Online Reputation – find out the best reputation management techniques for employees and businesses to keep your personal, professional and business reputation in tact, and secure. Vote here

More from Joe Ross on Huffington Post

CSID President Joe Ross contributed a couple more pieces to the Huffington Post, including “Three Tips for Security Your Business’s Passwords” and “How to Prevent Child Identity Theft Part One: How Parents Can Help.” Take a look and let us know if you have additional tips to share or questions for Joe.

ProfilesinPowerLuncheonCFO Amanda Nevins nominated for Austin Business Journal’s Profiles in Power

Our Chief Financial Officer, Amanda Nevins, was recognized in the Austin Business Journal as a nominee for Profiles in Power. The Austin Business Journal recognizes women of distinction in top management positions for a Profile in Power award. CSID attended the Profiles in Power luncheon to show support for Amanda’s outstanding recognition.

Frat Games Day

In true CSID fashion, our Austin office spent an afternoon dressed in polos and bright neon shirts for our Frat Games Day. For a little bit of team bonding, we played fraternity team games, like foosball and beer pong. You can take a look at our Frat Games Day photo album on Facebook

What We’re Looking Forward to in September – Reputation Management Webinar

We’re hosting a free webinar in September that hones in on reputation management. We would love for you to join us on September 24 at 12 PM CST to discuss the challenges that businesses face today when it comes to managing their employee and business reputations and security. You can find more information about the webinar here, or let us know if you have any questions or comments on Facebook, Twitter or LinkedInReserve your spot now! 

#Youridentity and Social Networks

By | May 2nd, 2013|Uncategorized|

identity_socialThis blog post comes from Adam Kennedy, Product Analyst at CSID.

With the rise in social networks and the increasing desire to share personal data in public forums, it’s no surprise identity thieves are targeting Facebook, LinkedIn, and Twitter to steal your identity.

What are they after?
Your Facebook page and Twitter profile page will show your name, email address, your current employer and friends. Most don’t use the proper privacy settings and provide access to date of birth, phone number, and current address. Those in the professional world have a LinkedIn profile with your primary college, where your first job was, and your colleagues. Soon the identity thief can piece together your personal life; your childhood nickname, your favorite childhood friend, where you were born, the make and model of your first car.

What can they do with your identity?
Identity thieves that successfully gather enough information about you can gain access to your bank accounts, email accounts, and even open new accounts since your bank, credit card company, and your email accounts all have security questions designed on your personal life (your childhood nickname, your mother’s maiden name, etc.). In addition, an identity thief can call your bank acting as you and have the password reset over the phone, free to gather any information needed to drain your accounts.

An individual’s email inbox contains a treasure trove of information such as old passwords for bank accounts and e-commerce accounts like Amazon or eBay, bank and credit card account numbers, and even tax return information including, your SSN. So, you can imagine an identity thief’s desire to get into your email inbox.

What are safe social network practices?

  1. Maintain you Privacy settings: There are privacy and security settings on social networks which help keep your information private and out of public view. Each social network website has a section outlining the necessary steps to utilize these settings.
  2. Limit personal information: It is important to be careful how much personal information you share on social networking sites. The more information you post, the easier it is for a hacker to access your data and piece together your identity for malicious use. Avoid listing the following information publicly: date of birth, hometown, address, education, and primary email address. Also avoid information that could be used as a security question: your mother’s maiden name, the make and model of your first car, etc.
  3. Stay away from surveys: Survey scams are typically found on social networking sites like Facebook. They come in the form of wall posts with a link. They use clever social engineering techniques like mentioning popular news items about celebrities, or political issues. Another popular hook is mentioning a contest or prize giveaway. By hooking survey scams with effective social engineering lures, users are likely to click the links or follow the instructions included in the posts. Once the link is followed, malware can be attached to the computer where your personal information can easily be collected.
  4. Be aware of whom you friend: The easiest way for identity thieves to get into your personal life is by friending you. This gives the identity thief access to any public or private information you or a friend posts about you. Only invite people to your network that you know or have met, as opposed to friends of friends and strangers.

Have additional tips for safe social network practices? Share your thoughts with us on Facebook and Twitter.

Facebook Takes on Security with Universal Authentication

By | July 25th, 2012|Uncategorized|

You’ve surely come across it—the “connect using Facebook” option on a variety of websites these days—but is it safe?

Nearly half a million of Formspring’s hashed passwords were compromised this month. As The Verge’s Ellis Hamburger observed, Formspring CEO Alde Olonoh recommended that users login through Facebook Connect for a secure connection.

According to Hamburger, “Implementing Facebook Connect (also known as Facebook Login) is kind of like hiring a security detail for each of your users, and getting this service for free.” Facebook has been recognized for its security features, from proactively monitoring user credentials for compromise to partnering with anti-virus companies. In fact, Facebook has an entire team dedicated to developing and implementing the site’s security features. Through these security systems, partnerships and the site’s reputation, Facebook has fostered one of the most popular universal authentication systems available.

Facebook Connect allows websites and online businesses to provide users with a more secure login option than may otherwise be possible. For consumers, the feature allows users to eliminate the number of passwords they have to remember and more easily change their credentials in the instance of a breach.

On the other hand, there are concerns surrounding Facebook’s universal presence and new technologies. For instance, if a consumer logs into a site using Facebook connect, and that site is breached, what does this mean for their Facebook account? Furthermore, consumers are wary of their privacy rights—Facebook is able to collect an astounding amount if personal information about each user, including facial recognition, which has drawn criticism from the U.S. Senate.

What do you think about Facebook Connect as a universal authentication system? Do you trust it and find it valuable, or are you wary and have concerns? As always, let us know via comments, Twitter or Facebook.  

Avoiding Social Spam on Facebook and Twitter

By | January 30th, 2012|Uncategorized|

By John Sileo, CSID consumer security expert

The post appears like it’s coming from a known friend. It’s enticing (“check out what our old high school friend does for a living now!”), feeds on your curiosity and good nature, begs you to click. A quick peek at the video, a chance to win a FREE iPad or to download a coupon, and presto, you’ve just infected your computer with malware (all the bad stuff that sends your private information to criminals and marketers). Sound like the spam email of days gone by? You’re right – spam has officially moved into the world of social media, and it’s like winning the lottery for cyber thugs.

What is Social Spam? Nothing more than junk posts on your social media sites luring you to click on links that download malicious software onto your computer or mobile device.

Social media (especially Facebook and Twitter) are under assault by social spam. Even Facebook cautions that the social spam volume is growing more rapidly than their user base. The spam-fighting teams at both Facebook and Twitter are growing rapidly. The previous handful of special engineers has seen the inclusion of lawyers, user-operations managers, risk analysts, spam-science programmers and account-abuse specialists. Spammers are following the growing market share, exploiting our web of social relationships. Most of us are ill-prepared to defend against such spam attacks. Here’s how social spam tends to work:

1. Malware infects your friend’s computer, smartphone or tablet, allowing the spammer to access their Facebook or Twitter account exactly as if the spammer were your friend.

2. The spammer posts a message on your friend’s Facebook or Twitter page offering a free iPad, amazing coupons or a video you can’t ignore.

3. You click on the link, photo, Like button (see Like-jacking below) or video and are taken to a website that requires you to click a second time to receive the coupon, video, etc. It’s this second click that kills you, as this is when you authorize the rogue site to download malware onto your computer (not a coupon or video).

4. The malware infects your computer just like it has your friend’s and starts the process all over again using your contacts, your wall and your profile to continue the fraud.

5. Eventually, the spammer has collected a massive database of information including email addresses, login information and valuable social relationship data that they can exploit in many ways. In the process, the malware may have given them access to other data on your computer like bank logins, personal information or sensitive files. In a highly disturbing growth of criminal activity, social malware can actually impersonate users, initiating one-on-one Facebook chat sessions without your consent.

“Like-jacking” involves convincing Facebook users to click on an image or a link that looks as if a friend has clicked the “Like” button, thereby recommending that you follow suit. If our friends Like it, why shouldn’t we. So we click and download in an almost automated response. The key is to interrupt this automatic reflex before we get stung.

Fighting social spam requires immense investments of time, which can mean lost productivity (and money). Gratefully, various company site-integrity teams watch trends in user activity to spot spam. Every day, Facebook says it blocks 200 million malicious actions, such as messages linking to malware. The company can’t prevent spam, but it’s diligently working to make it harder to create and use fake profiles.

But never count on someone else to protect what is yours. You must own up to your responsibility. Follow these 6 Steps to Minimize the Risks of Social Spam:

1. If the offer in the post is too enticing, too good to be true or too bad to be real, don’t click.

2. If you do click and aren’t taken directly to what you expected, make sure you don’t click a second time. This gives the spammer the ability to download malware to your system.

3. Don’t let hackers gain access to your account in the first place – use strong alpha-numberic-upper-lower case passwords that are different for every site and that you change frequently.

4. Remember, in a world where your friend’s accounts are pretty easily taken over, not all friends are who they say they are. Be judicious. If something they post is out of character, it might not be them writing the post. Call them and verify.

5. Don’t befriend strangers. Your ego wins, but you loose.

6. Make sure you have updated computer security: operating system patches, robust passwords, file encryption, security software, firewall and protected Wi-Fi connection.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and it’s polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach), or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

Load More Posts