What is catphishing? It certainly isn’t Garfield lazily sitting in a canoe holding a fishing rod. Catphishing is when a fraudster fabricates an identity and tricks someone via cyber communication into a phony emotional or romantic relationship—usually for financial gain to the scammer—because eventually he’ll hit the victim up for money.

But another reason for catphishing is to lure someone into having a “relationship” with the scammer—to either ultimately publically humiliate them with this information if they’re well-known, or, to prove to a significant other that they’re capable of cheating. Not all catphishers are fraudulent. Sometimes, a person will catphish to catch a criminal.

One doesn’t get reeled in overnight, but the warning signs of the early stages of catphishing are clear: A too good to be true situation. The other party is very attractive (don’t bet for a second it’s really their photo). Another tell-tale sign that should make the alarm bells go off: This person comes out of thin air.

He…or she…will be reluctant to use the phone. Skype is out of the question: “I can’t figure out how to use it,” or, “It’s not compatible with my browser.” To maintain an air of legitimacy, the scammer will finally agree to meet you in person, making the plans sound like they’re running smoothly, but then at the last minute, must cancel the plans due to some crisis.

Some examples of real-life catphishing:

• The DEA created the identity of a woman arrested on drug charges to nab drug dealers on Facebook.
• Someone used the identity of a woman they personally knew, Ellie Flynn, to create phony accounts on Facebook, Twitter and Instagram. This fleabag even used “Ellie Flynn” and her photo on dating sites.

So the issue isn’t just the idea of you being tricked into a relationship by the catphisher, but the possibility that YOUR photo, name and other data can be used by the catphisher to commit this crime against someone else or to use it for dating sites. Are you pretty good-looking? Makes you wonder about the possibilities…catphishers DO peruse Facebook for those who are physically blessed.

It’s really difficult to discover that your image/name is being used by a catphisher. For example, suppose your name is Ashlee Patrick and you’re gorgeous. And someone named Ann Casey has decided to use your Facebook profile photo for a dating site she wants to register with, or maybe she wants to create a Facebook account.

How will you ever learn of this…unless, by freako chance, someone who knows you just happens to be on Ann Casey’s (if that’s even her real name) Facebook page or is communicating to her via the dating site?

At any rate, if you’re lucky enough to discover someone has stolen your picture for fraudulent purposes, you can report their phony account.

Best ways to protect yourself?

1. Stop uploading pictures of yourself is one option. This way you have more control of what’s out there.
2. Use Google Reverse Image Search. https://www.google.com/imghp?gws_rd=ssl simply upload a photo and Google will seek it out.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

It’s been said that there are over a million different apps for the smartphone. Well, however many may exist, know that not all of them are passing security tests with flying colors.

You may already be a user of at least several of the 25 most downloaded apps And what’s so special about the top 25? 18 of them flunked a security test that was given by McAfee Labs™ this past January. And they flunked the test four months after their developers had been notified of these vulnerabilities.

App creators’ first priority is to produce the next winning app before their competitors do. Hence, how secure it is doesn’t top the priority list, and that’s why there’s such a pervasive problem with security in the mobile app world.

Because these apps failed to set up secure connections, this opens the door for cybercriminals to snatch your personal information such as credit card numbers and passwords. And this is growing because this weakness in apps is so well known and it’s pretty easy for cybercriminals to purchase toolkits that help them infect smartphones via these vulnerable apps.

The technique is called a “man in the middle” attack. The “man” stands between you and the hacker, seizing your personal information. The “man” may capture your usernames and passwords for social media accounts and so much more—enough to open up a credit card account in your name and then max it out (guess who will get the bills); and enough to commit a lot of damage by manipulating your Facebook account.

So What Can You Do?

Here’s some tips to help you protect yourself from these unsecure apps:

• Before purchasing an app, get familiar with its security features—read reviews and check what permissions the app is asking access to. You don’t want to end up with an app that accesses way more information about you than necessary for what you want the app for in the first place.
• Download only from reputable app stores, not third-party vendors. This will reduce your chance of downloading a malicious app.
• Don’t have your apps set to auto login. Even though it may be a pain when you want to access Facebook, it’s better to be safe than sorry.
• Make sure you use different passwords for each of your apps. Sorry, I know that’s a hassle, but that’s what you must do. And make sure your password is long and strong.

Here’s to staying safe on our mobile devices.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Who’d ever think that 50 years ago, your money was safer in your bank account than it is today in this “modern” age: remote theft. If you bank with a large or small bank, your account may be at risk by hacking rings.

However, most of the time, but not always, if your account is drained by a cyber thief, the bank will cover it for you.

The latest information is that a big attack is planned in the spring, but it’s the “It’s easier to get one dollar from a million people than it is to get a million bucks from one person” type of attack plan. The apparent hacking plan involves stinging mass numbers of banking customers via the customers’ computers.

Because banks are a favorite target for cyber thieves, financial institutions are always improving their cyber security. However, criminals get into bank accounts by suckering customers into revealing personal information; we’re talking thieves who don’t directly hack the bank, but hack YOU.

• Never click links inside e-mails—including those that SEEM to be coming from PayPal, Chase or whatever institution you use.
• Typically, these scam messages are constructed by thieves posing as your bank. They tell you your account is about to be compromised, or there are suspicious withdrawals or something else to grab your attention, and that to correct the problem, you must visit their site and enter some information. This is a scam to get your login information! The phony site that the link goes to is constructed to look exactly like the authentic bank sites.
• If you’re not convinced these scammy e-mails you got have gone to a million other people, then phone your bank and inquire about the message.
• Never use the “remember your computer” option that banks offer. Forget the convenience; just deal with the login hassle every time for better security.
• Don’t hide your savings in your house because you figure they’re safer there. If you follow the aforementioned rules, your money will be far safer in your bank than hidden inside your toddler’s teddy bear.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Data Privacy Day was Wednesday, January 28, and these days the concept of “privacy” can be ambiguous, generic or confusing. What you might think of as private actually isn’t. The definition of personal identifying information, by the U.S. privacy law and information security, is that of data that can be used to contact, identify or locate an individual, or identify him in context.

This means that your name and address aren’t private, which is why they can be found on the Internet (though a small fee may be required for the address, but not always). Even your phone and e-mail aren’t private. What you post on Facebook isn’t private, either.

So what’s private, then? An argument with your best friend. A bad joke that you texted. Your personal journal. These kinds of things are not meant for public use. What about vacation photos that you stored in a cloud service? Well…they’re supposed to be private, but really, they’re at significant risk and shouldn’t be considered totally private.

And it’s not just people on an individual scale that should worry about privacy. It’s businesses also. Companies are always worrying about privacy, which includes how to protect customers’ sensitive information and company trade secrets.

But even if the company’s IT team came up with the most foolproof security in the world against hacking…it still wouldn’t protect 100 percent. Somewhere, somehow, there will be a leak—some careless employee, for instance, who gets lured by a phishing e-mail on their mobile phone…clicks the link, gives out sensitive company information and just like that a hacker has found his way in.

Even when employees are trained in security awareness, this kind of risk will always exist. An insider could be the bad guy who visually hacks sensitive data on the computer screen of an employee who was called away for a brief moment by another employee.

Tips for Training Employees on Security Savvy

• Make it fun. Give giant chocolate bars, gifts and prizes out to employees for good security behaviors.
• Post fun photos with funny captions on signage touting content from the company’s security policy document. It’s more likely to be read in this context than simply handed to them straight.
• Show management is invested. Behavior changes start from the top down,
• Get other departments involved. Even if they’re small, such as HR, legal and marketing, they will benefit from security training.
• Stop visual hackers. Equip employees with a 3M Privacy Filter and an ePrivacy Filter which helps bar snooping eyes from being able to see what’s on the user’s screen from virtually every angle.
• Don’t forbid everything that’s potential trouble. Rather than say, “Don’t go on social media,” say, “Here’s what not do to when you’re on social media.”
• Make it personal. Inform workers how data breaches could damage them, not just the company. A little shock to their system will motivate them to be more careful.

Ever felt like your computer was possessed? Or that you aren’t the only one using your tablet? I think I smell a rat. Literally, a RAT.

A RAT or remote administration tool, is software that gives a person full control a tech device, remotely. The RAT gives the user access to your system, just as if they had physical access to your device. With this access, the person can access your files, use your camera, and even turn on/off your device.

RATs can be used legitimately. For example, when you have a technical problem on your work computer, sometimes your corporate IT guys will use a RAT to access your computer and fix the issue.

Unfortunately, usually the people who use RATs  are hackers (or rats) trying to do harm to your device or gain access to your information for malicious purposes. These type of RATs are also called remote access   as they are often downloaded invisibly without your knowledge, with a legitimate  program you requested—such as a game.

Once the RAT is installed on your device, the hacker  can wreak havoc. They could steal your sensitive information, block your keyboard so you can’t type, install other malware, and even render your devices useless. They  could also

A well-designed RAT will allow the hacker the ability to do anything that they could do with physical access to the device. So remember, just like you don’t want your home infested by rats, you also don’t want a RAT on your device. Here are some tips on how you can avoid  a RAT.

• Be careful what links you click and what you download. Often times RATs are installed unknowingly by you after you’ve opened an email attachment or visited an software in the background.
• Beware of P2P file-sharing. Not only is a lot the content in these files pirated, criminals love to sneak in a few malware surprises in there too.
• Use comprehensive security software on all your devices. Make sure you install a security suite like McAfee LiveSafe™ service, which protects your data and identity on all your PCs, Macs, tablets and smartphones.

Keep your devices RAT free!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

You may think you’re not dumb enough to fall for scams, but consider that someone you care deeply about is naïve enough to be conned. Besides, some scams are so clever that even those who think they’re scam-proof have actually been taken for a ride.

Sometimes fraudsters pose as an authority figure. Some claim you won a prize, while others claim you’re in trouble. Some even claim they’re a family member (needing money) and have figured out a way to convince you of this.

Some scams are done via e-mail, while others involve a phone call or snail mail. One common ploy is for the crook to pose as a rep from the electric company and threaten to shut off your electricity unless you pay a delinquent bill. Of course, the payment must be in the form of a reloadable debit card. People will actually give these cards to the “rep,” without calling the company to confirm the situation.

A big tip-off to a scam is that you’re told you won a prize or have been hired for employment—but must send money to get the prize or be trained for the employment.

Some scams are so very obvious, but still, people get taken, like those ridiculous e-mails claiming you inherited a windfall from some deceased prince named Gharbakhaji Naoombuule. But people actually fall for these, not considering that this same e-mail was sent to 10,000 others.

Top 10 Scams of 2014

• Caller ID spoofing. Has your phone ever rung and you saw your phone number and name in the caller ID screen? How can your own phone be calling you? It’s a scam. Ignore it. If you pick up you’ll hear an offer for lower credit card rates. You’ll be told to press 1 to opt out—but you should not even be on that long to hear this option; you should have hung up the second you heard the credit card offer. Anyways, pressing 1 indicates your number is legitimate; it’s then sold to scammers. Caller ID spoofing is also perfect for scammers posing as the police, government agency, corporations etc all with the intention to get you to part with your money.
• Mystery shopping. Though mystery shopping is a legitimate enterprise, scammers take advantage of this and mail out checks (phony) before the “shopping” is done. A legitimate company will never do this. They also get victims to give up credit card data to pay for getting a job!
• Calls about unpaid taxes. Always hang up, regardless of threatening nature to pay up or else. The IRS always uses snail mail to notify people of unpaid taxes.
• Puppy scam. You find a website offering purebred puppies at very low prices or even for free, but you’re told you must pay for shipping or transfer fees (wire transfer) to get your puppy. The money is gone and you never get your puppy.
• Timeshare. You get a call from someone claiming to have found buyers for your timeshare. You receive a contract, but are told you must pay funds to cover some fees. The contract is phony.
• Tech support. Someone calls you claiming your computer needs servicing. They’ll fix it after you give them your credit card information. Legitimate geeks don’t call people; you must call them.
• Postcard survey. Out of the blue you’re told you’ve won a gift card, or, just take a brief survey to get one. Go along with this and soon you’ll be asked to provide your credit card number. Don’t bother. You’ll get no gift card while the crook gets your credit card information.
• Sweepstakes. A notice says you’ve won a big fat prize. To claim it, just pay some fees. Yeah, right. Never pay fees to collect a prize!
• Grants. You’re told you’re eligible for a grant or have been awarded one, but must first pay processing fees. Federal grants don’t require fees.
• Subscription renewal notice. The notice says you can renew for a lower rate. Check to see if the notice was sent by the publication itself or some third party (the crook).

A recent study says that people are more mindful of online safety issues than what experts had previously believed. An article on phys.org says that Nitesh Saxena, PhD, wanted to know what goes on in users’ brains when they come upon malicious websites or malware warnings.

Saxena points out that past studies indicated that users’ minds are pretty much blank when it comes to malware signs. Saxena and colleagues used brain imaging (functional MRI) for their study.

Study subjects were asked to tell the authentic login pages of popular websites from phony replications. A second task for them was to differentiate between harmless pop-ups while they read some news articles and pop-ups with malware warnings.

The fMRI showed brain activity as it corresponded to the users’ online activity: attention, making decisions, solving problems. The images lit up for both tasks, but of course, fMRI can’t tell if the user is making the right decision.

That aside, the results were that the users were accurate 89 percent of the time with the malware warning task. When users were met with malware warnings, the language comprehension area of the brain lit up. Saxena states in the phys.org article, “Warnings trigger some sort of thought process in people's brains that there is something unusual going on."

The accuracy rate of telling an authentic website from a phony one was just 60 percent. Saxena believes this might be because users don’t know what to look for. For instance, they don’t know to look at the URL, which can give away the phoniness.

This study also had the participants complete a personality evaluation to measure impulsiveness. The fMRI images revealed differences based on impulsivity. Saxena says there was a “negative correlation” between brain activity and impulsive behavior. The impulsive user is prone to hastily clicking “yes” to proceed, when a malware warning pops up.

There was less brain activity in the key cerebral areas of decision-making in the users who had greater degrees of impulsivity.

This study has potential applications for the improved design of malware warning systems. These results can also assist company managers by identifying impulsive workers who need stronger online security training.