Curl up in a chair at your favorite coffee house, the aroma of premium coffee filling the air, take a few sips of your 700 calorie latte, and then enter cyberspace. Little do you know that you could have a stalker. Or two. Or 3,000. Because public Wi-Fi is there for the picking for hackers. Online transmissions can be intercepted. The credit card number that you enter onto that retailer’s site can be “seen.”

Don’t Do These at a Public Wi-Fi Site

• Never leave your spot without your device on you—not even for a moment. You may come back and still see your computer where you left it…but a thief may have installed a keylogger into it to capture your keystrokes.
• Do not e-mail messages of a sensitive or serious nature.
• When your computer begins seeking out a network to connect to…do not let it just drift to the first one it wants; see if you can choose one.
• Don’t leave on your file sharing.
• If you’re not using your wireless card, then do not leave it on.
• Don’t do banking or any other sensitive activities.
• Don’t position your device so that someone nearby can see the screen.

Yes, Do These when at a Public Wi-Fi Spot

• Look around before you settle into a nice spot.
• Sit somewhere so that your back is facing a wall.
• Assume all Wi-Fi links are suspicious—kind of like assuming all drivers are drunk whenever you go out driving. A wireless link may have been set up by a hacker.
• See if you can confirm that a given Wi-Fi link is legitimate.
• Assume that if the connection name is similar to the Wi-Fi spot, that this could mean that the hacker was clever. Inquire of the manager of the coffee shop, hotel, etc., for information about their Wi-Fi access point.
• You should consider using your cell phone for sensitive activities such as online shopping.
• But cell phone or not, see if you could avoid visiting sites that can make it easier for hackers to nab your data—sites such as banking, social media and any site where your credit card information is stored.

Use a VPN. This stands for virtual private network. What a VPN does is create an impervious tunnel through which your data travels. Hackers cannot penetrate this tunnel, nor can they “see” through it. Your data is safe. The tunnel encrypts all of your banking and other sensitive transactions, as well as sensitive e-mail communications, plus downloads, you name it. With a virtual private network, you will not have to worry about a thief or snoop intercepting your transmissions.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Want to earn up to $4.2 million? Then find the hackers on the FBI’s most wanted list. Or at least give the FBI information leading to their arrest and/or conviction. These snakes have stolen hundreds of millions of dollars. Here is the list from the hackernews.com:

Evgeniy Mikhailovich Bogachev (reward: $3 million)

• Ironically, one of his aliases is one of the most common (and thus easily cracked) passwords: lucky12345.
• He’s the brains behind the GameOver Zeus botnet and CryptoLocker Ransomware.
• Over a million computers were infected with this malware, causing nearly $100 million in losses.

Nicolae Popescu (reward: $1 million)

• From Romania, Popescu tricked Americans with fraudulent auction posts on various websites.
• AutoTrader.com, Cars.com and eBay were some of these sites.
• He was selling cars that didn’t exist. (Please, people, never, ever send money for something as grand as a car unless you have proof it exists—which includes actually test driving it!)
• Hundreds of people sent money without ever seeing more than an ad for the cars. If you think that’s bad, it gets worse: Some of the victims handed over their money for private planes and yachts! Nearly 800 people didn’t have on their thinking caps, but this doesn’t make Popescu’s deed any less obscene.

Alexsey Belan (reward: $100,000)

• Belan breached the cybersecurity systems of three big U.S. based e-commerce sites.
• He then tried to sell all of these stolen databases, which included passwords.

Peteris Sahurovs (reward: $50,000)

• His crime involved creating and selling malware by putting ads up on various websites.
• These advertisements forced users to buy the phony antivirus software that the ads pitched.
• If the user declined the purchase, their desktop would be bombarded with phony security alerts and pop-ups.
• This crook from Latvia collected over $2 million with the scheme.

Shailesh Kumar Jain (reward: $50,000)

• Despite the name, Jain is a U.S. citizen.
• He scored $100 million in less than two years.
• He should have quit while he was ahead (maybe after the first $10 mil?), but he just couldn’t earn enough, so he kept hacking away at unsuspecting Internet users.

With fraudulent e-mails and pop-up ads, he tricked users into thinking their computers were infected with malware, and then sold them his fake antivirus software packages for $30 to $70. Do the math: Can you imagine how many people got rooked?

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

If you don’t want your smartphone to know more about you than you do, here are top choices, as detailed on gizmodo.com:

BlackPhone 2

• The Blackphone 2 will black out the federal government from spying on you.
• Has a five inch handset with full HD screen (with Gorilla Glass 3 that prevents shoulder surfing).
• 3 GB or RAM
• Its Silent Circle’s PrivateOS 1.1 provides a “Spaces” UI: Data will be encrypted and compartmentalized.
• The “Spaces” allow you to set up distinct spaces for different types of data, including a Silent Space that’s akin to Chrome’s incognito mode.
• The Silent Suite allows you to keep various kinds of communications encrypted.
• Also provides a Silent Store for apps.

Nokia 3310

• This outdated “dumb phone” might still be available out there, somewhere.
• The dumb phone is not capable of transmitting data through cyberspace. Thus, you don’t ever have to worry about being “followed,” “tracked” or hacked into.
• If you’re comfortable not being connected to the Internet of Things, this phone is for you—if you can find one.

Payphones

• If you want to pretty much guarantee that you’ll be untraceable, then use payphones.
• Locate the payphones in your town and anywhere you normally travel, so that when it’s time to make a call, you won’t be spending time hunting for the phone.
• Always have change on you, too.
• To be even more non-traceable, always have in your car a thin pair of gloves to prevent your fingerprints from being on the phone.

Honorable Mention: Apple iPhone/Microsoft Lumia 930/Google Nexus 5

• Apple, Microsoft and Google are no more crazier about government surveillance programs than you are.
• Nevertheless, their phones gather data—but at least it goes to the maker of these devices rather than to the government.
• The manufacturers analyze the data in the name of giving the user a better experience with the product.

Let’s also throw in the landline. Your calls can be traced, but at least data about you like your shopping preferences, health, income, marital status, etc., won’t go leaking out anywhere.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention

If you are overseas somewhere and want to access your Facebook page…don’t be surprised if you can’t do this. In fact, you won’t even be able to get onto the Facebook site (or YouTube, for that matter), depending on what country that you are visiting. This is because some countries limit website access for their citizens.

You can get around this with a VPN (virtual private network) or proxy server. However, they are not one and the same. Let’s look at the features of each.

VPN

• A VPN does the so-called scrambling or encryption of data so that hackers can’t tell what you are doing. To put this another way, a VPN provides a “tunnel” through which your data goes. This tunnel cannot be penetrated. Your transmissions are hidden, unable to be viewed.
• This protected data includes e-mail communications, login information, instant messages, which sites you visit, downloads and more.
• A VPN is private communication over a public network and can be used on all types of devices.
• A VPN will alter your IP address, making it seem that you are using your computer somewhere other than the country that prohibits access to Facebook. You can navigate Facebook with ease while visiting that country.

Proxy Server

• This makes the user anonymous. The proxy server does the job of anonymizing. The server of the site you want to visit receives requests from this anonymous server. As a result, even if you are in that country that bans Facebook access, it will have no idea where you are located. Hence, you can get on Facebook.
• Your data, transmissions, etc., however, are not hidden by any tunnel or scrambled (encrypted).
• Therefore, with the proxy server, even though you can spend hours on Facebook or YouTube in that foreign country…any transmissions or activities you conduct can be intercepted by a hacker if you are using public Wi-Fi.

Now if you have a VPN with the proxy server, this solves that problem. Nobody will be able to snoop or steal data like your credit card information when you shop online.

However, there is no point in having both, when one can do the entire job: the virtual private network. Think of a VPN as having a built-in proxy server.

Hotspot Shield is a VPN that encrypts all of your online activities in that non-penetrable tunnel, while at the same time making it impossible for your location to be identified. You are essentially anonymous. Hotspot Shield works for both wireless and wired connections.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Zeus is no longer a god of malware; he’s been taken down by law enforcement agencies spanning six European nations. Five people were recently arrested—believed to have infected tens of thousands of computers across the globe. There have been 60 total arrests pertaining to this cybergang.

They also used malware called SpyEye, and that, along with Zeus, stole money from major banks. This was a clever operation that included ever-changing Trojans, and mule networks.

Another malware that was asphyxiated was the BeeBone botnet, which had taken over 12,000 computers across the world.

We can thank the Joint Investigation Team for these successes. And they don’t stop there. The JIT put a stop to the Ramnit botnet, responsible for infecting 3.2 million computers globally.

The JIT is comprised of judicial authorities and investigators from six European nations. The cybergang is believed to have its origins in Ukraine. This crime ring was sophisticated, repeatedly outsmarting banks’ revisions of their security measures. Each crook in this ring had specially assigned duties and caused total mayhem to their victims. They even sold their hacking expertise and recruited more thieves. This was one hefty cybergang.

The six nations that are members of JIT are the UK, Norway, Netherlands, Belgium, Finland and Austria. The investigation began in 2013 and had a most thrilling ending. And it wasn’t easy. Here’s some of what was involved in this investigation:

• Analysis of terabytes of data (one terabyte = one million million bytes)
• Forensic analysis of devices
• Analysis of the thousands of files in the Europol Malware Analysis System
• Operational meetings and international conference calls

But the game isn’t over; there are still more cybergang members out there, and JIT will surely hunt them down by analyzing the mountainous load of data that was collected from this investigation. The funding comes from Europol and Eurojust. In fact, Eurojust has provided legal advice and was part of the composition of the JIT Agreement.

Other countries were instrumental in achieving this capture: Latvia, Estonia, Moldova, Poland, Germany, Ukraine and the U.S.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

UL in this case stands for Underwriters Laboratories. An article on darkreading.com notes that a UL official, Maarten Bron, says that they are taking part in the U.S. government’s plan to promote security certification standards.

The U.S. government is interested in developing a UL-type program directed at computers and smartphones. This initiative will encourage the private sector and the government to create the standards.

So that’s what we have thus far; this initiative is in its early childhood stage, so there isn’t much more information about it that’s available to the media. UL is looking forward to sharing involvement with the White House’s initiative to unite the private and public sectors to combat cybercrime.

In the meantime, UL is fine-tuning its own test and certification program for Internet of Things products.

The darkreading.com article quotes Bron as follows: “We are prepared to release a test and certification program for this,” that will be fueled by users’ concerns and needs.

Historically, UL has been involved with the testing and certifying of appliances for their electrical safety. About four years ago, UL developed a cybersecurity division. In the darkreading.com article, Bron points out that the security of electronic payments is of particular concern, “namely certification of chip and PIN technologies.”

The transition from magnetic stripe credit cards (which are so easy to fraudulently use) to chip and PIN technology for the cards is underway.

UL has come up with some testing tools that cross-validate the settings from bank card chips against Visa best practices, says Bron. But that’s all just one slice of the cybersecurity pie.

Another big slice is health, and yet another big chunk relates to industrial control systems. UL wants to be on top of holes or vulnerabilities.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention

Cybersecurity professionals are always in demand^[i]. Threats to intellectual property and sensitive data constantly evolve with technology, which means a security professional’s job is never done. There’s always another security problem to solve.

Consider the recent proliferation of cyber attacks: it’s become easier and easier for a small group of people to compromise vast networks of corporate and government information. Worse still, cyber criminals are getting better at covering their tracks.

Experts believe the global shortage of top-flight cybersecurity professionals exceeds one million–our federal government is currently seeking more than 10,000 candidates. The trend will continue in the near future as more and more features of day-to-day living are converted to digital.

As the private sector feels the crush of data breaches, the increasing sophistication of attacks fuels demand to counter or prevent them. Unfortunately, cybersecurity is rarely considered a “glamor job.” Ask a hundred eight-year-olds what they want to be when they grow up and few (if any) will answer “cybersecurity specialist.”

But that’s all the more reason to consider a career in this booming field! Governments and private organizations of all kinds are desperately seeking skilled candidates to protect their data and critical infrastructures from cyber criminals. The shortage of cybersecurity talent is not simply a lucrative opportunity for IT experts–it’s a matter of national security in defense of privacy, property and fair commerce.

Simply stated: there have never been better opportunities for advancement in the cybersecurity profession.

I’m compensated by University of Phoenix for this blog. As always, all thoughts and opinions are my own.

^[i]  http://www.bls.gov/opub/btn/volume-2/careers-in-growing-field-of-information-technology-services.htm