Don’t assume you’ll never be targeted by phone scammers just because you don’t have a cell phone; they continue to feast on landline users, especially those over 50.

“This is the IRS…”

• Drill this into your head: The IRS never calls to collect back taxes. NEVER.
• A common ploy is to threaten that the listener will go to prison if they don’t pay up immediately.
• If you really do owe taxes, the IRS will contact you alright—but via snail mail, not a phone call, text or e-mail.
• Scam calls may also sound professional with no threats, and may be a pre-recorded woman’s voice.
• Scammers can make the caller ID show “IRS.”

Charities and Fundraisers

• A call comes from the fraudster, claiming he represents a charity and wants your donation. The con artist may even say he’s with the local police department.
• Want to help mankind? Hang up on the caller and give to a reputable foundation or give out homemade sack lunches to the homeless.
• Go online and search the organization in question to verify they’re legit.
• If the call has an automated message, hang up immediately.
• A legitimate organization will not request your Social Security number or personal financial information.

“You’ve won a prize!”

• No, you haven’t. These are scams; hang up.

Tech support never calls you…

• You must call them first. So if you get a call from “tech support” asking for personal information, it’s a scam. Geek squads don’t just up and call people.
• A call about installing an update is a scam.
• Scammers can make the caller ID show “Microsoft.”

“Hi Grandma, it’s your favorite grandson!”

• If relatives call asking for money, hang up and call them to verify that said caller is really your relative.

Avoiding Scam Calls

• Must you answer the phone every time it rings? It’s perfectly legal to ignore a ringing phone.
• If your phone has caller block, input numbers from suspected scammers. Next time they call, there’ll be barely one ring, then the caller will be blocked.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

So just how are hackers able to penetrate all these huge businesses? Look no further than employee behavior—not an inside job, but innocent employees being tricked by the hacker.

A recent survey commissioned by Intel Security reveals that five of the top seven reasons that a company gets hacked are due to employee actions.

One of the things that make it easy to trick employees into giving up critical information is the information employees share on social media about their company.

People just freely post things and tweet all day long about company matters or other details that can be used by a hacker to compromise the company. What seems like innocuous information, such as referring to a company big wig by their nickname, could lead to social engineering (tricking users into believing the request is legitimate so the user gives up sensitive information).

Between social media and the golden nuggets of information on Facebook, Twitter, LinkedIn and other platforms, hackers have a goldmine right under their nose—and they know it.

3 Key Pathways to Getting Hacked

1. Ignorance. This word has negative connotations, but the truth is, most employees are just plain ignorant of cybersecurity 101. The survey mentioned above revealed that 38% of IT professionals name this as a big problem.
   1. Do not click on links inside emails, regardless of the sender.
   2. Never open an attachment or download files from senders you don’t know or only know a little.
   3. Never visit a website on the job that you’d never visit in public. These sites are often riddled with malware.
2. Gullibility. This is an extension of the first pathway. The more gullible, naive person is more apt to click on a link inside an email or do other risky tings that compromise their company’s security.
   1. It’s called phishing(sending a trick email, designed to lure the unsuspecting recipient into visiting a malicious website or opening a malicious attachment. Even executives in high places could be fooled as phishing masters are truly masters at their craft.
   2. Phishing is one of the hacker’s preferred tools, since the trick is directed towards humans, not computers.
   3. To  check if a link is going to a phishing site, hover your cursor over the link to see its actual destination. Keep in mind that hackers can still make a link look like a legitimate destination, so watch our for misspellings and bad grammar.
3. Oversharing. Malicious links are like pollen—they get transported all over the place by the winds of social media. Not only can a malicious link be shared without the sharer knowing it’s a bad seed, but hackers themselves have a blast spreading their nasty goods—and one way of doing this is to pose as someone else.
   1. Be leery of social media posts from your “friends” that don’t seem like things they would normally post about. It could be a hacker who is using your friend’s profile to spread malware. Really think…is it like your prude sister-in-law to send you a link to the latest gossip on a sex scandal?
   2. Don’t friend people online that you don’t know in real life. Hackers often create fake profiles to friend you and then use their network of “friends” to spread their dirty wares.
   3. Take care about what you post online. Even if your privacy settings are set to high, you should think that when you post on the Internet, it’s like writing in permanent ink—it’s forever. Because did we all really need to know that time you saw Kanye from afar?

All of us must be coached and trained to keep ourselves and our workplaces safe, and that starts with practicing good cyber hygiene both at home and at work.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! 

Yes, it’s possible: preventing fraudsters from getting you via online trickery and other stealthy actions. Yes, it’s possible to be thinking one step ahead of cyber criminals. Let’s begin with e-mails—the conduit through which so many cyber crimes like ID theft occur.

• Imagine snail-mailing vital information like your SSN, bank account number, a duplicate of your driver’s license and your credit card number. At some point in the delivery process, someone opens the letter and see the contents. Electronic messages are not entirely private. Recognize this risk before sending knowing that in transmission there is a chance your information can be seen. Sometimes the telephone is a better option.
• Ignore sensationalistic offers in your in-box like some ridiculously low price on the same kind of prescription drug you pay out of pocket for; it’s likely a scam.
• Ever get an e-mail from a familiar sender, and all that’s in it is a link? Don’t click on it; it may trigger a viral attack. As for the sender, it’s a crook compromised your friends email and who figured out a way to make it look like the e-mail is from someone you know.
• In line with the above, never open an attachment from an unfamiliar sender; otherwise you may let in a virus.
• If someone you know sends you an unexpected attachment, e-mail or call that person for verification before opening it.
• Enable your e-mail’s filtering software to help weed out malicious e-mails.
• Ignore e-mails asking for “verification” of account information. Duh.

Passwords

• Don’t put your passwords on stickies and then tape them to your computer.
• Do a password inventory and make sure all of them contain a mix of letters, numbers and characters, even if this means you must replace all of them. They also should not include actual words or names. Bad password: 789Jeff; good password: 0$8huQP#. Resist the temptation to use a pet’s name or hobby in your password.
• Every one of your accounts gets a different password and change them often.

General

• Make sure your computer and smartphone are protected with antivirus/anti-malware and a firewall. And keep these updated!
• Your Wi-Fi router has a default password; change it because cyber thieves know what they are.
• When purchasing online, patronize only well-established merchants.
• Try to limit online transactions to only sites that have an “https” rather than “http.” A secure site also has a padlock icon before the https.
• Make sure you never make a typo when typing into the URL; some con artists have created phony sites that reflect typos, and once you’re on and begin entering your account information, a crook will have it in his hands.
• Access your financial or medical accounts only on your computer, never a public one.
• Ignore e-mails or pop-ups that ask for account or personal information.
• When you’re done using a financial site, log out.

Well, you know that old saying: The viciousness of an online bully’s attack is inversely proportional to the size of his (you fill in the blank), I was thinking ego.

Many online bullies are female, but in the case of former Red Sox pitcher Curt Schilling’s daughter, the trolls are collectively male.

Recently Schilling tweeted how proud he was that his daughter, Gabby, will be playing softball as a pitcher for Salve Regina University. Schilling got a lot of responses. And some were disgusting, including one that mentioned assault (yeah, I’d like to see the dude who posted that try to mess with a collegiate pitcher—these young women aren’t to be messed with).

Other repulsive acts and terminology came up in the comments. Sometimes, as Schilling set out to prove, it’s not best to just ignore the bullies, thinking they’ll go away.

In the case with 17-year-old Gabby, the “bullies” are more like pond scum idiots who, in real life, would probably scurry like a mouse if a woman got in their face.

Schilling quickly tracked down the names and schools, plus some other details, of the bullys. As a result, says the athlete, nine of these maggots have been either fired from their jobs or kicked off their sports teams. The Twitter accounts of two of the trolls have been deactivated.

Schilling received apologies from them, but only after the fact. Too late. And why did these young men make the posts in the first place? They don’t even know Gabby. Do they have a teen or young adult sister? How would they feel if their teen sister were the subject of such vile posts? Some of the trolls told Schilling to chill. Would they themselves chill if their sister, girlfriend or mother were the object of vulgar comments?

Hopefully, Gabby is internally stable enough not to take extreme measures as a result of the online bullying, like the many kids who have taken their own lives. But still…internal stability or not…nobody, especially a proud dad, should have to receive vulgar posts about themselves when they’ve done nothing wrong.

If you still think this is no big deal, remember: Once you post something, it’ll probably be out there for all time—waiting to smear your reputation, or hurt someone, real real bad.

It’s up to the potential victim—the user—YOU—to make your computer or smartphone very difficult for Joe Hackster to infiltrate.

Passwords

• Being that cyber crime has been a fixture of modern living for over a decade, you’d think that everyone and his brother would know to use strong, long passwords, and a different password for each account. But people—including those who’ve been around for a long time—continue using the same password and ridiculously weak passwords, like password1 and princess.
• A very strong password will go a long way in preventing hacking incidents. It should be at least 12 characters and a mixed salad at that: different cases, numbers and symbols, and no words.
• Every single account should have a different password.
• Learn which accounts offer two-factor authentication, then activate it. This way, if someone gets your password they still can’t get into your account unless they have your smartphone.

The cloud is cool but not 100 percent secure

• Sounds funky: “cloud storage.” But the vulnerabilities aren’t necessarily in the cloud service, but in your device security. If your device is vulnerable, if you don’t have security software or update your operating system, you become the criminals path to the cloud service.
• Because the cloud is such a huge vault for holding all kinds of data, more things just simply can go wrong. The user must decide who’s better at protecting his data: a system with more resources (the cloud), or the user himself?

New doesn’t mean safe.

• A brand-new computer or mobile device may come with preinstalled “back doors” for hackers. This is legal so that law enforcement can more easily track the bad guys in life. These back doors are vulnerabilities that can let in hackers. Do your research when making an investment in technology and install antivirus immediately.

No software is perfect.

• Think of antivirus and antimalware as the “exterminator” who comes to your house to get rid of bugs. There’s a reason that pest control companies no longer refer to themselves as exterminators. This term implies they can kill every last bug and its eggs. They can’t. There will always be a bug somewhere, but the pest control technician can at least prevent infestations and swarms. Likewise, protective software is not 100 percent infallible, but it goes a long way in preventing computer infections.
• So even though it’s not perfect, you absolutely must use protective software.

Mind the software update messages.

• Don’t get annoyed by these; allow them to take place. Don’t hit “remind me later,” because chances are this will become a habit. You don’t want to delay the updates. They mean a security hole was detected, and now it can be patched. Don’t wait till later! Better yet, set all security software to automatically update.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. 

You have a master password, from your password manager, for 28 accounts. Life has been so easy since!

But then you lose this master password. First off, you can’t fix this like you would if you forgot your password for PayPal or your credit card’s site. Plus, each password manager service has a different solution.

Yet how do you lose a master password in the first place? If it’s impossible to remember,then it may not be a good master password, regardless it should be written down somewhere in a secret location.

Lifehacker.com explains the requirements for various password manager services if you actually lose your master password.

Dashlane

• A lost master password with Dashlane is like, well…imagine your backpack falling into a dark crevasse—gone forever—even if you have applications for your smartphone for Dashlane.
• You’ll need to create a new account or reset the existing account, but either way, you must start from scratch.

1Password

• You’re out of luck if you lose your master password—gone with the wind; you must begin all over again, just like with Dashlane.

LastPass

• Offers a one-time password, after which you must reset your password
• Requires the computer you’ve already been using LastPass for
• You’ll need the associated e-mail account. Otherwise, you must begin everything from ground zero.

KeePass

• Lose your master password with this and you’re done. You must start from scratch.
• Don’t even bother trying to crack it because KeePass does have built-in protection.

Roboform

• It’s too bad here, too. Resetting your password means losing all of your data.

Of course, you don’t ever have to be in this hairy situation in the first place.

• Write down your master password and store it in a secret location; do this several times, even, and make sure the locations are ones you won’t forget.
• Write down the one-time password or backup code for your service (if it has these features). Write it down in more than one location, e.g., tape a stickie with it on the underside of your desk may not be the most secure, but an option.
• See if the service allows you to export your password, then do so. Then save it on your computer and also print it out for a hardcopy duplicate. For better security don’t store it in your computer but instead in a USB drive (in addition to hardcopy).
• See if the service provides a feature for emergency contacts, then set this feature up.
• Back up all of your data as a general rule.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. 

Have you ever had the chicken pox? This common childhood illness has another name—the varicella zoster virus. Like all viruses, varicella replicates itself, spreading though the body, and eventually appearing as itchy red blisters all over the body. But the virus doesn’t stop there; it can spread to other people through physical contact and through the air when an infected person coughs or sneezes. It’s not a very fun illness to have.

Viruses don’t just affect humans; there are viruses that can affect your tech devices. A tech virus is a malicious program file that can also replicate itself and infect other devices through techniques like malicious links and sketchy downloads. But unlike the chicken pox where the virus eventually appears on your skin, a virus could be wreaking havoc on your device and you might not even know it!

Computer and mobile viruses can take many different form factors, but all are usually intended to do harm to your device, steal your personal info or money or both. Some examples of viruses include a Trojan Horse, which masquerades as something neutral or benevolent, but is programmed to infect the hard drive or even crash it. Spyware is a virus that observes your activities like logging into your bank account, collects this data (e.g., password, answer to secret question, username) and sends it to the hacker. And a worm, like other viruses, can corrupt files, steal sensitive information, or modify system settings to make your machine more vulnerable, but it’s different in that it can replicate and send copies of itself to other computers in a network without any human interaction.

There are several clues that could mean that your device has a virus. For example, if you notice your device is suddenly running at a snail’s pace. Another example is programs or apps opening and closing on their own. Or a major sign would be if you receive an email from a friend responding to a mass email you supposedly sent promoting some great deal on a pharmaceutical (that you never actually sent).

Just like there are things you can do to prevent the chicken pox, like wash your hands and stay away from infected people, there are ways to prevent a virus from getting on your device.

• Be wary. Don’t open attachments from people you don’t know.
• Think before you click. Don’t click blindly. Check the link URL to make sure you are being directed to a legitimate site.
• Keep your OS and browser updated. Make sure that you install the latest updates for your operating system and browser as well as any hardware updates that are available for your device as these often close up security holes.
• Install security software. Use comprehensive security software that protects all your devices, like McAfee LiveSafe™.

Here’s to keeping all your devices nice and healthy!

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!