Social media is a conduit for thieves to get personal data (they can use it, for instance, to open up a credit line in the victim’s name). Though many people are concerned their personal information will get in the wrong hands, the funny thing is that they continue posting personal information—way too personal.

The FBI’s Internet Crime Complaint Center says that social media is a fertile area for criminals to scam people.

Phishing

You are lured to a phony website that masquerades as your bank or some other important account. The lure might be a warning that you’ll lose your account unless you click the link to reactivate it. Once on the site, you’re then lured into typing in your login information—that the scammer will then use to gain access to your account.

• Never click these links!
• Use antivirus/malware protection!

Clickjacking

You’re lured into clicking on a link. Once you do this, trouble begins, either with a download of malware or you being suckered into revealing account information—to the thief on the other end.

Recently I was perusing the FB page of a person I knew from school, and a recent post was what appeared to be a video in still format, ready to be clicked for viewing.

And what was the lure? A man’s head and torso on a road, his severed legs nearby, with the caption saying that this motorcyclist’s cam had recorded his fatal accident. This was surely a scam because the photo has been around for quite some time with only scant information. Now suddenly there’s a video of the accident? Yeah, right.

• Don’t click on any videos purporting to show something like “Footage Shows Shark Biting Man in Half” or “Top 20 Blondes of All Time—Naked!”
• Even the “Share” and “Like” buttons could be malicious. Skip these. These days you can’t be too careful, what with all the foaming cyber criminals out there.

Doxing

Doxing is that of leaking someone’s personal identifying data into cyberspace without their permission, potentially leading to ID theft, among other problems.

• Think twice before you post personal details on social media. Enough seemingly trivial details could add up to something significant to a savvy fraudster.

Make sure your privacy settings are at their highest, but this is only an adjunct to being very judicious about what you post.

So someone comes up to you in a restaurant—a complete stranger—and asks to look at your driver’s license. What do you do? Show it to that person? You’d have to be one loony tune to do that.

However, this same blindness to security occurs all the time when a person is tricked by a “phishing” e-mail into typing in the password and username for their bank, or it may be the login credentials for their PayPal account or health plan carrier.

Phishing e-mails are a favorite scam of cyber criminals. THEY WORK.

When a cyber thief goes phishing, he uses a variety of bait to snag his prey. Classic examples are subject lines that are designed to get the recipient to immediately open the message and quickly react to it, such as an announcement you owe money, have won a prize or that your medical coverage has been cancelled.

And to resolve these problems, you’re asked to log into your account. This is where you place your account credentials into the palm of the thief on the other end of these e-mails.

• Phishing e-mails may address you by name (the hacker already knows about you), but usually, your name is nowhere mentioned.
• The e-mails usually contain at least one link they want you to click. Hover your mouse to see what the URL is. It may appear legit, but note the “http” part. Reputable sites for giant businesses, such as Microsoft and PayPal, will have an “https” in their URL. The phishing link’s URL will usually not have the “s.”
• A big red flag is if there are typos or poorly constructed sentences, but a phishing e-mail may also have flawless text.
• Don’t be fooled by company logos, stock imagery, privacy policies, phone numbers and other formalities in the message field. It’s so easy for a hacker to put these elements in there.
• Be leery of warnings or alerts that don’t sound right. Gee, why would your account be “in danger of being suspended”?

The links will take you to a phony site that looks like the real thing and ask you for your login credentials, credit card information, etc. Another way this scam works is by downloading a virus to your computer after you click on the link. Sometimes there’s an attachment that you’re urged to open. The lure might be that it’s a survey from your bank or a report to review from your employer.

A phishing e-mail may still look like the real deal. So how do you protect yourself? Never click on links inside e-mails. Don’t open attachments unless they’ve been sent from someone you personally know. If you think it’s from your company, healthcare plan or bank, then whip out your phone and call the company to see if they sent you the e-mail.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America.

Recently I got a puppy for my child. We decided to name the puppy 4wgu23x5#9. My wife,8yysH3m, thought we should name the dog 0x2%#b5. But I’m sure she’ll get over it. Meanwhile, I’m helping my older child with setting up a few social media accounts, and I suggested the two passwords: Rover and Spot.

Is there something wrong with this picture?

Of course! But this picture replays itself millions of times over all the time, as people name their passwords after their pets, family members or favorite sports teams. Don’t do online what you wouldn’t do in real life.

When creating passwords remember that you should avoid using things that are personal to you and that could be easy for a hacker to find out about you. Things like your pet’s name, maiden name, birthday, name of your high school and child’s name can be easily found on social networks, making it even easier for hackers to crack your passwords.

Here are some other great tips to make sure that your passwords are strong and protected:

• Make sure your passwords are at least eight characters long and include numbers, letters and characters that don’t spell anything.
• Use different passwords for separate accounts, especially for banking and other high-value websites.
• Change your passwords frequently.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!

According to a recent report from Pew Research, many Americans take privacy seriously—as in the cyber kind, but also offline.

• 9% of survey respondents thought they had strong control over how much of their personal information was collected and shared.
• 38% thought they had moderate control; 37% believed they had little control; 13% said they had zero control.
• 25% used temporary e-mail addresses or usernames for some online activities.
• 24% gave non-truthful information about themselves (e.g., when registering on a site to post comments, a single woman might indicate that she’s a married man; or a childless person might indicate that he has kids).
• 59% cleared their browser and cookies.
• 47% avoided giving out non-relevant information for online transactions.
• 55% remained anonymous for some online activities.
• 74% believe the government should have better limits to collecting people’s data.

Why don’t more people do things in the name of privacy like adjust the settings of their accounts or smartphone? For starters, some don’t want to hassle with “techy” things, while others don’t think it’ll make any difference. Some just aren’t worried all that much and have nothing to hide. Others don’t want to pay more money for more security. And some are clueless over how much of their data gets shared, such as those who blindly allow mobile apps “permissions.”

Some users also know that higher privacy, in general, comes with slower loading times and other inconveniences. People want efficient usability. Nevertheless, people are getting cranky.

For example, the U.S. Drug Enforcement Administration was surveilling Americans’ phone calls overseas. They’ve now been sued. Secondly, the Stop Online Piracy Act was on the brink of being shelved, but lawmakers put a stop to these plans.

The National Security Agency’s metadata program with bulk phone calls was recently deemed illegal after the American Civil Liberties Union brought a lawsuit to the U.S. federal appeals court.

And that’s just a sample. There are more lawsuits in the works in the name of Americans’ privacy rights.

Do you know what ATM stands for? For crooks, it stands for A Thief’s Moneymaker.

A new report from FICO says that “skimming” crimes have made their biggest spike in the past 20 years. This includes ATMs on bank premises, but of course, public ATM kiosks have seen the biggest spike.

The thief tampers with the ATM’s card receiver; the installed gadget collects card data which the thief retrieves later. “Skimming,” as this is called, also refers to capturing the PIN via a hidden camera.

With the stolen data, thieves craft phony debit cards, which they then use at ATMs or for purchases. In seconds, your bank account could be sucked dry—poof!

ATM users normally do not know that a skimming device is in place; they just swipe their card. The thief will come back to collect the skimmed data (likely in the middle of the night).

• He downloads your data.
• He burns it to a blank ATM card.
• He drains your bank account first chance he gets or goes on a wild shopping spree.
• All of this can happen within minutes to hours.
• The hidden camera may be concealed by a brochure slot near the machine—placed there by the crook himself—with bank brochures he got from inside the bank.
• The camera may be hidden in a nearby lighting fixture or even attached somewhere on the ATM.

Prevent Getting Skimmed

• Use only ATMs inside banks if possible. The riskiest locations are restaurants, bars, nightclubs and public kiosks.
• Regardless of ATM location, inspect the machine. A red flag is if the scanner’s colors don’t jibe with the rest of the machine.
• Jiggle the card slot to see if it feels like something’s attached to it.
• Inspect card slots at gas stations and other non-ATM devices that scan your debit card.
• Look around for areas a camera might be hidden. Even if all seems clear, cover your hand when you enter the PIN.
• Try to get away from using a debit card at all. At least with a credit card, you can dispute fraudulent charges before you lose any money (up to 60 days), but with a credit card, you have only a few days to do this.
• Frequently check your bank and credit card statements.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Cyber crooks have phony websites that masquerade as the legitimate site you want to log onto. They’ve spun their web and are just waiting for you to fly into it. Google now has Password Alert, which will tell you if you’ve landed into such a non-Google web.

For the Chrome browser, this extension will prompt the user to change their password.

When you change a password (regardless of reason) or sign up for a new account and it’s time to come up with a password…don’t just make up an easy word to remember or type.

• No part of the password should contain actual words or proper names.
• Each account, no matter how many, should have a different password.
• If allowed, use a mix of characters, not just numbers and letters.
• Use a password manager to eliminate the excuse of “I can’t remember a zillion passwords so that’s why I use the same one for multiple accounts.”

Even a strong password, when used for multiple accounts, can present a problem, because if that password gets in the hands of a cyber thief, he’ll then be able to access not just one—but all of your accounts with that password.

A different password for every account at least means that if any password gets into the bad guy’s hands, he’ll only be able to hack into one account per password.

And how might he get the password if it’s long, strong and full of different characters in the first place? By the user being tricked into giving it to him.

This is most often accomplished with a phishing attack: an e-mail that fools the user into thinking it’s from an account they have, such as PayPal, Microsoft or Wells Fargo. The message states there’s a problem with their account and they need to log in to get it fixed. The truth is, when you log in, you’re giving out your crucial login information to the villain.

However, Password Alert will intercept this process. And immediately, so that you can then quickly change the password and protect your account before the thief has a chance to barge into it.

Other Features of Password Alert

• Many sites are phony, appearing to be legitimate Google sites. Password Alert will spot these sites by inspecting their codes when you visit them. You’ll then get an alert so you can get out of there fast.
• Password Alert has a database that stores your passwords in a very secure way called a “hash.” This is the reference point that Password Alert uses every time you enter your password into the login field, to make sure you’re not entering it on a malicious site.

“Wes” is a professional man who, if you saw walking on the street, you‘d easily imagine being jumped by a few teen punks and getting beaten up for his wallet. Wes is nearing retirement age, has a potbelly, doesn‘t work out, has grey hair—hardly an imposing figure.

But look out when he gets behind the wheel of his car. Cut him off and he‘ll give you the finger and holler out obscenities.

“Dan” has two cars: an old beater and a corvette. He‘s mellow in the beater, but something comes over him in the corvette.

Experiments show that the anonymity of being enclosed by two tons of steel, and the group participation aspect of driving (others are also on the road), cultivate a new level of anger and fury in drivers who are otherwise rather complacent people.

An article on wired.com mentions an experiment by Ed Diener in which kids were given an opportunity to steal candy on Halloween under various controlled circumstances. The kids stole more when the givers didn‘t require their identification, and when the kids were part of large groups, vs. when they were alone and not revealing their names.

This is a no-brainer, but this principle applies to the driver. This is de-individualization: anonymity and group activity. Add to that some sensory overload and emotional arousal, and you have the recipe for road rage.

An added element to the driver is that he can‘t intelligently communicate to the other motorist who cut him off or otherwise p‘d him off. So drivers resort to rudimentary communication: the finger, a fist, holding down the horn, flashing the brights.

How often shall we give a rude or “stupid” driver the benefit of the doubt? Maybe the driver tail-gaiting you at 80 mph has a passenger who‘s in labor. But come on, there are so many irresponsible drivers, you know as well as I that very few have a legitimate excuse for doing something dumb.

Like all those people who drive at night without their headlights on.

And if you‘ve ever been pissed off that someone took the parking space you were waiting for, ask yourself if you had your blinker on to let that person know you were there first and waiting. If you were just sitting there without a blinker on for that parking space, maybe the other “jerk” thought you were waiting to drive straight through the lot. But you went ahead and keyed their car anyways.

The wired.com article points out that angry drivers operate on emotion, not logic.

Solutions

• The article suggests to add a passenger. Sounds great—if you can find someone who‘s willing to be your passenger every time you drive.
• View images of gruesome car accident aftermaths. This might shake you up into being more patient, and thus, safer, on the road.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston.