This question revolves around whether or not you want or need to head out into the wild, wild web wilderness exposed. By “exposed” I mean letting anyone within 300-500 feet of your device peek at the wireless data packets floating through the airand seeing all your raw data, or revealing who and where you are, what you like and don’t like, or revealing your IP address if you decide to comment on a blog or news article.

Most people feel they have nothing to hide or don’t think anyone’s really paying attention. But, in fact, we are all being stalked to a certain degree. Advertisers are watching so they can send you targeted ads; governments are watching to see if you are plotting to take them down or conducting illegal activities; your internet service provider is definitely monitoring your usage and wondering if you are downloading pirated movies, music and software; your employer may be similarly vigilant and criminals are trying to steal your identity or the identities of all your clients.

So, to VPN or not to VPN? I VPN specifically when I’m on my portable wireless devices. If I’m on my PC laptop, iPhone or iPad and I’m traveling on business, I know I’m going to be connecting to various free public WiFi clients at the airport and in my hotel. Before I connect to any WiFi, I launch Hotspot Shield VPN. It’s a free VPN, but I prefer the paid version; the expanded paid option is a little quicker and offers a cleaner interface. Either way, it’s agreat option that will protect your entire web surfing session, securing your connections on all your devices.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was StolenSee him discussing internet and wireless security on Good Morning America.

The Internet has dissolved the geographical boundaries and technological limitations that have constrained organized cybercrime in the past. We now live with cybercrime syndicates based in the US, Russia, Asia and all over the globe. When hackers in the US are sleeping, the ones in China are flexing their fingers on their keyboards, and the ones in Eastern Europe are waking up. Cybercrime never stops.

The brave—and ballooning—new world of smartphones and tablets offers tremendous scope and volume for these organizations. Mobile devices run on different operating systems and use different apps from PCs and Macs, which presents opportunities to create new device-specific attacks.

Even more interesting, mobile devices require an entire ecosystem of businesses to make them work. Data you transmit or receive has to make it through a conga line of companies that can include your device manufacturer, wireless carrier, app developer, app store, website host and email provider. Motivated by money and information, criminals exploit flaws in the underlying software and information handoffs of each of these players.

Here are two examples of how malicious software (malware)—downloaded through a fake app, a phishing or text message, or from a website—can net the criminals your information.

Text messaging fraud – Cybercriminals have figured out how to incorporate text messaging (SMS) into banking frauds. When you log on to perform a transaction (like checking your balance), banks often send a validation code to your mobile device via SMS. Banks figure if you are logging onto their website through your mobile device, a separate authentication through text messaging will help ensure that it’s really you logging in and provide an extra layer of security. However, mobile malware can collect that validation code and send it, along with your account number, password and “secret” security question to a cybercriminal. The perpetrators repeat this process reliably, victim after victim, bank after bank.

Premium SMS scams. Other malware can run so-called “premium SMS” scams, where you get billed for sending text messages you didn’t consciously send, or receiving messages you didn’t ask for. The malware on your device is doing the communicating—and conceals any confirmation message so you won’t notice until your bill comes. Organized crime networks have the sophistication and relationships to put together these sorts of multifaceted moneymaking schemes.

These guys are good at their jobs—they are truly organized and professional. Everything they do is about monetizing your information—your personal life. That’s why it’s critical for you to educate yourself on why you need mobile security and what scams are out there.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  

If it’s portable, it is subject to being lost or stolen—and the data contained can be accessed or the applications running may have access to additional information, resulting in your data being compromised. The good news is, you don’t need to be an IT professional to put systems in place, download security programs or create certain habits to protect your device and, inturn, protect your information.

#1 Encryption. Encryption is the process of encoding messages or information in such a way that eavesdroppers or hackers cannot read it, but that authorized parties can. Installing encryption can be as easy as downloading an app or requiring your employer’s IT department to install an enterprise-grade program for its fleet of devices.

#2 Lock it down. If your device is lost or stolen and it doesn’t have a password on it, then all your data and apps are accessible. Most people lock their car doors after they park and secure their front and back doors when they leave the house,but relatively few protect their devices with a password or store sensitive data in a secure locker app like Keeper. This is not complicated.

#3 Install lost/locate/wipe software. Some devices come equipped with this feature; others require a download. Activate this software so the location of the device is turned on and you can find it—and if you can’t, you can lock it and also wipe all the data from it.

#4 Destroy it. This might be a little after the fact, but if you upgrade to a newer device and are left with the old one, you could donate it, give it away or sell it…but I recommend destroying it. I mean, get a hammer and kill it to death. Murder it, because on some devices, even if you wipe them (I’m talking specifically to you, Android), much of the data is left behind.

#5 Use a VPN. Use a secure virtual private network (VPN) such as the free Hotspot Shield VPN proxy that protects your identity by ensuring that all web transactions (shopping, filling out forms, downloads, etc.) are secured through HTTPS.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America.

To understand how protected you are, you need to understand how unprotected free public wireless is. This has nothing to do with how secure Apple devices are compared to Android.  By default, free public wireless is open and unencrypted, and the data that travels over it from each device to the router is naked for all the world to see. This is true regardless of what anti-virus (AV) software you do or don’t have on your tablet.

Sometimes, when you log onto free public WiFi, whether at a hotel, airport or coffee shop, you may first have to read a Terms and Conditions (TC) statement and click “I Agree” before you logon and connect. If you actually read the TC, you’d realize the organization providing you the free wireless is telling you point blank that its wireless is unsecure, your data is visible to the world and it is not responsible for your data being stolen.

On the other hand, if you are connecting to WiFi that employs WPA or WPA2 encryption, then your data is pretty tight…but it’s never 100 percent secure. For added security on WPA, add a private network (VPN) such as Hotspot Shield VPN. Nobody, including your mother, can hack your wireless on a VPN.

So check out Hotspot Shield VPN, a wireless VPN that has been downloaded more than 120 million times on tablets, PCs, Macs, iOS and Android platforms. The new version of the popular application includes:

• Privacy protection for anonymous web communication, browsing and sharing online at dorms, cafes and offices.
• Twenty percent greater mobile data savings capabilities, saving users up to $30 per month in mobile data fees.
• The ability to access US and UK TV shows and other services online by switching IP addresses—a must-have when traveling abroad.
• A new user interface that makes it easier than ever to view bandwidth savings and manage features.

Are you a student? Learn about the Hotspot Shield College Privacy Challenge and get their premium product for free at http://college.hotspotshield.com.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America.

You’ve probably never even thought that “browsing the web privately” was something that you needed to take extra steps to do. Most people think all web surfing is relatively private and nobody is really paying any attention. Unfortunately, there are many people, particularly in the form of marketers and advertisers, who watch almost every website you visit and record almost every click. Then there is your government. It may or may not be happening in your country, but many oppressive governments watch every move their citizens make.

But browsing privately may mean a few different things. Are cookies being installed on the device? Is the user’s IP address visible? Can someone see the data you are transmitting? Fortunately, there are a bunch of things you can do to reduce the potential for Big Brother surveillance to happen on your PC.

#1 Use your browser’s “anonymous” or “incognito” tab. Chrome definitely offers a private browsing option that leaves no cookies or cache behind. This is generally used when a PC is shared amongst many people and a user doesn’t want others peeking at his or her history.

#2 Remove cookies. Each browser has its own setting for removing cookies. For example, in Internet Explorer, hit Ctrl-Shift-Delete and a dialog box will pop up that will allow you to delete whatever you want in your history. More browsers are listed here.

#3 Install a free tool called CCleaner. CCleaner cleans your Windows PC of all the stuff that you don’t want on there. Added bonus: It makes your computer faster, too.

#4 Checkout PrivacyChoice, which is also free. PrivacyChoice is a browser extension that instantly checks your privacy settings across websites and companies collecting your data.

#5 Use free Hotspot Shield VPN. Out of all the above options, Hotspot Shield VPN provides the most privacy by proactively protecting your IP address by assigning an IP address of its own. Used in combination with an incognito or anonymous browser, Hotspot Shield VPN will make you pretty close to invisible on the internet.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America.

Training for a marathon is a taxing, physical, emotional and expensive process. For me personally, that means five cortisone shots, almost a hundred physical therapy appointments and a few arguments with my wife. Why do it? Why climb a mountain? Why be a police officer? Why be an emergency room nurse? Why detonate a bomb in a crowd of innocent people? Not sure. We all make choices others wouldn’t and we justify our decisions based on our interests, options and perspective.

For me, I just wanted to lose weight, get fit and finally give back to a charity, killing two birds with one stone, so to speak. When you’re 44 with a young family and your health and marriage are good, bills are paid and life is settled, words like “health,” “gratitude” and “grace” begin to have more meaning. And when you become a runner, you join a special club of conscious people who understand our time is limited.

So I’ve spent the past two years raising money for Boston Children’s Hospital and disciplining myself to eat better and get in the best shape I can so I can be of value to my family in 20 years. (Plus, “abs” has been on my bucket list.) And after last year’s 86-degree heat and my awful 5:32 time, I was on my way to run about a 4:10 (BEST) this year but was stopped at mile 26 due to some idiot’s agenda (WORST).

My improved time put me on Boylston Street shortly after the blasts. There were two loud bangs, and as I rounded the corner I saw the finish line through dissipating smoke. Boston police immediately corralled runners from going any farther down Boylston because it was now a volatile area and potential crime scene. At 2:52 PM I called my wife, who was at the finish line, and got no answer. A minute later, I got my dad on the phone; he was with my wife and the kids and he confirmed they were OK. I instructed him to leave ASAP, as another bomb could go off any moment. I told him to walk down the center of the street and avoid any cars.

But nothing was going to keep me away from them; I couldn’t just sit there and wait. In my mind, there were bombs going off between my family and me. As a father, son and husband, the instinctual need to get your family to safety overpowers every sense of reason. I dodged a couple of police officers and ran down Boylston, the only runner on the field, putting myself in jeopardy and now also in the line of law enforcement chasing after me. At the 26-mile mark, I saw people on the ground, bloody and getting medical attention from the few paramedics that were on hand to take care of runners expected to be injured in more predictable, less violent ways. It felt like a 3D movie where the scene was pushing me back in my chair, but the sound was off. I know the scene was loud with sirens and screams, but I heard nothing.

Then I heard an angry cop (rightly so) blasting his voice in my ear before he wrestled me off the course. Eluding further apprehension, I hopped a fence and ran down a back alley behind the restaurants, bars and shops that were evacuating people through their back doors. What I saw was people—many victims who must had made their way on their own or with the assistance of others—screaming, crying and making frantic phone calls…and blood. And they lost anywhere from pints to gallons; I don’t know. I just remember not wanting to run in it.

I ended up behind the finish line and found a way to cross Boylston. I made my way to the Weston Hotel, where I found my family, scooped up my four-year-old and hiked another half mile to my vehicle. Leaving behind two vehicles, we piled nine adults and children into my Yukon and evacuated.

Out of relative danger, our attention now turned to our two children and damage control. To gauge my seven-year-old’s feelings, I calmly asked her, “Did you have fun today?” She said, “Yes, today was awesome! Until the bombs went off!” Knowing she was shaken, the radio stayed off and adults did what they could to speak in code. Note to adults who may try this: It doesn’t fool a seven-year-old.

By this time my phone was going nuts, Facebook and Twitter were buzzing and my mother, who couldn’t get in touch with us, was in complete meltdown.

Once I got home and got the kids situated, we ordered a bunch of pizza because that’s what you do when a bomb goes off. People need to feel normal.

My mom showed up at our home shortly after we got there. She a total mess and the kids now understood the gravity of the situation. Today, they are showing a tremendous amount of affection and gratitude, which seems to be a side effect of their trauma.

I posted a brief note on Facebook: “Im OK, I was on Boylston St when it happened. I saw smoke, I saw blood and people on the ground. My family was 300 yards away, waiting for me and I got to them and evacuated from the city. More later.” And the comments and likes poured in.

Shortly after, I provided an update: “I was right there, bomb went off. Boston police removed everyone, I kept running toward the bombs because my family was at the finish line. Police got me off the road, I resisted then another cop almost tackled me (rightly so). I ran in the back alleys, people spilling into the alleys from the explosion, screaming, crying, blood, got my dad to get my wife and kids out of there concerned for another explosion. I’m telling it to DR Drew on CNN between 9:15ish and 9:30ish tonight.”

Again, comments and likes on my page like never before. People offering an outpouring of help and support. I never knew I had that many real friends.

I feel I have to explain the part about Dr. Drew and CNN. It may seem opportunistic, but frankly, for me, it’s therapy. I do lots of media as the expert. My network is “the media.” So when I send a blast email to raise money for charity, my network knows I’m running the Boston Marathon. When I logged into Facebook and email, the requests came in from CNN, Extra and Canadian TV, along with a few radio shows too. So I spent the evening after the run as an eyewitness. And, because it’s who I am, I gave security tips too.

My cousin, who is an Iraq and Afghanistan soldier with all kinds of rank and medals, reached out to me via Facebook and said, “I think your situation was much worse than any Middle East situation.” Which I thought odd because he’s had his best buddy blown up right next to him. Then he said, “When I deploy I’m armed, geared up and expecting to fight. You were at a peaceful gathering around families and innocent civilians, not expecting bombs. That makes it much worse.

“We accept the possibility of death and destruction when we sign our contracts. I’m sure no one who signed up for the marathon expected this.”

This completely messed me up, putting into perspective just how awful this situation is.

I only slept three hours that night, on edge, emotional and fragile. The next day, I headed to the media compound near Boylston to meet with Maria Menounos from Extra, who is a Boston girl. I connected with Maria, and within two minutes we were both crying. She started talking about how she loves Boston so much, then I started crying, then she started crying…which completely messed me up. I tell you this because she told me people should know this is real and they can’t forget. She was professional, but she was real. She put me at ease and we got through the interview.

At this point, my family and I are safe, like most of America. But we are raw. All of us. Emotions are high. We are sad and angry. Our hearts are heavy, knowing lives were lost, and that so many will never be the same. We are not at ease, and we all want answers. We wonder, sadly, whether this celebratory event will forever be marked by the visual of a plume of smoke that symbolized the evil intent of misguided people that do not value human life and have no regard for our freedoms.

While there are no answers yet, we must keep in mind the immediate needs of the victims and their families. On behalf of my Boston, we also must declare that we are proud of our city, its first responders and its people, who showed the true measure of the human spirit through powerful acts of kindness and displays of citizen courage. We are strong as a city, undivided as a country and unbowed by this attack. No terrorist will be allowed to alter our nation’s course.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him in this identity theft prevention video. 

Micro charges are charges ranging from 20 cents to $10 and either are fraudulent, legitimate or fall into the category of “grey charges,” which describe sneaky recurring or unwanted charges.

These charges often go undetected because they are so small. Nine out of 10 credit card holders don’t scrutinize their statements carefully, allowing these scammers to get away with it.  In 2010, the Federal Trade Commission filed a lawsuit describing a criminal enterprise responsible for millions of dollars of micro charges.

In micro charges operations, scammers set up websites with toll-free numbers, which creates a “legitimate” web presence. With this facade, the websites are often granted merchant status, allowing them to process credit card orders.

The victims of this scam see the fictional merchant’s name and toll-free number on their credit card statements. If they attempt to dispute a charge, the toll-free numbers go to voicemail or get disconnected. Most frustrated consumers may not bother to take the additional step of disputing a 20-cent charge with the credit card company.

While 20 cents may not seem worth the bother, these seemingly minor charges only enrich the scammers. If you fail to recognize and dispute unauthorized transactions on your credit card statements, you take responsibility for the scammy charges.

Taking a moment to scrutinize your charges can save you money and headaches.

• Pay attention to your statements. Micro charges are a red flag.
• Monitor your purchases. Know what you’re getting into.
• Check statements weekly or biweekly. Look for grey charges.

Sign up for BillGuard to watch your statements. It’s free, easy and effective. Robert Siciliano is a personal security expert & advisor to BillGuard and is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.