Billions and billions—it’s only a matter of time before this becomes the number of hacking incidents in a single year, because just in 2014, over one billion records were hacked out of 1,500 different hacking incidents, says a recent report.

Some other findings from the report:

• A little over half the breaches involved credit card numbers, Social Security numbers and other personal information.
• Most hacking incidents occurred in the U.S.
• 55 percent of the incidents involved retailers, primarily affecting point of sale systems that lack encryption technology.
• The private sector, combined with the government, took up 17 percent of the hits.

The government has had it; the White House plans on devoting an office entirely to figuring out how to stay ahead of cyber crime. Let’s hope that the White House really dissects cyber attack technology.

What can consumers, the private sector, retailers, banks and the governments do to make it difficult for hackers to cause mayhem?

• Go through all of their passwords and replace the weak ones with strong ones. A weak password is less than eight characters (some experts advise that it be at least 12), contains actual words or names, contains keyboard sequences and has limited character variety.

  Keep in mind that an eight-character password such as $39#ikPw is strong and superior to the 12-character 123qwertyTom. But maximize the strength by making the password at least 12 characters and a jumble of character gibberish. A password manager can do this all for you.

• Install antivirus software. This means antivirus, anti-spyware, anti-phishing and a firewall. Then make sure they are always updated. This software should also be installed on your smartphone and tablet.
• If you’re still using windows XP because you don’t want to part from your comfort zone, get out of it immediately, because it won’t be so comfy when your system gets dismantled by a hacker. Windows XP is no longer subject to security patches and updates by Microsoft. You need a version, such as MS Win 7, that receives regular updates.
• Your router has a password that’s been set by the manufacturer. Hackers know these passwords. Therefore, you should change it. Next, turn your WPA or WPA2 encryption on. If you don’t know how to do these things, contact the router’s manufacturer or google it. And unless you have encryption while using public Wi-Fi, consider yourself a lone zebra wandering around in the African savanna where prides of hungry lions are watching you. Get a VPN. Google it.

Spring is here (at least in some parts of the world in the northern hemisphere)! The bees are buzzing, the flowers are blooming, and the accountants are working late because for those in the U.S., it’s tax season! Scammers love tax season—there is a lot of money moving around as people pay taxes and receive tax refunds. And they have developed many ways to take advantage of that and steal your hard-earned money.

The Internal Revenue Service (IRS) maintains a list of the scams that they call the Dirty Dozen and have published this again for 2015. It’s a good idea for all of us to familiarize ourselves with these. Here’s the top three.

• Phone scams. Your phone rings—it’s the IRS stating that you owe money and you must pay it NOW! It can be disconcerting but, never fear, this is a scam. Keep in mind that if you do owe the IRS, they will first contact with you via snail mail before calling. This is the number one scam that criminals are using during tax season so don’t answer your phone (just kidding…just be aware of this).
• Phishing Hackers imitate the IRS and send an email that asks you to update your e-file immediately. The link then directs you to a bogus website. If you enter your information, the hacker collects any information you enter on the site. Remember, the IRS generally does not send emails, text messages or social media posts to request personal or financial information. If you receive any unsolicited communication that appears to be from the IRS, report it to This email address is being protected from spambots. You need JavaScript enabled to view it..
• Identity Theft. If a cybercriminal gets access to your Social Security number (SSN), they can pose as you and file a tax return under your name, but have the refund sent to them. When you file your tax return, you’ll get a notice from the IRS stating that more than one tax return was filed for you. If you think you are a victim of identity theft or have been in the past, make sure to contact the IRS as they can issue you an identity theft PIN that will be used in addition to your SSN.  Make sure to protect your SSN and do not share it unless absolutely necessary.

Stolen tax returns and tax scams have been growing consistently, leaving many identity theft victims struggling to recoup their lost refunds and identities. To help you, here are some tips to protect yourself this tax season.

• Protect your data.Store sensitive documents in a fire-proof safe. If you plan to receive documents with sensitive information like your financial information in the mail, make sure you have a mail box with a lock.
• Shred non-essential paperwork.Check with your accountant to determine what you need and what you don’t. Use a cross-cut shredder to destroy unneeded documents.
• File early.The earlier you file, the more quickly you thwart any criminal’s attempt to file on your behalf and collect your refund.
• Be cautious when clicking. Don’t click on any links or email attachments from emails that appear to be from the IRS. Be suspicious of strange emails and websites instead of clicking on links navigate to IRS.gov on your browser directly
• Protect your devices. Install comprehensive software like McAfee LiveSafe™ service that protects all your PCs, Macs, smartphones and tablets and make sure to keep it updated.

Here’s a great video from the IRS about tax scams and additional information on how to report IRS phishing scams.

Hope you have a safe tax season!

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! 

Whether you’re an animal person or not, you have to admit that puppies are pretty darn cute. So cute that there are YouTube Channels, Facebook accounts, and Buzzfeed newsletters devoted to the subject. Unfortunately, there’s a not so cute PUP out in the world, and it wants access to your device. What I’m talking about is a potentially unwanted program (PUP). What is an unwanted program? It’s software or an app that you don’t explicitly want on your device. PUPs usually are bundled with freeware and often installs without your permission.

Note: PUPs are not malware. The main difference is that you give consent to download the PUP, even though you might not know about it if you don’t read the agreements or installation process thoroughly.

So if PUPs aren’t malware, why are they bad? Some PUPs contain spyware including keyloggers, dialers, and other software to gather your information which could lead to identity theft. Others may display annoying advertisements on your device. Even if the PUP doesn’t have any malicious content, too many PUPs can slow down your device by taking up space on your device and it can weaker your device’s security, making you vulnerable to malware.

Companies or hackers use several techniques to get you to download PUPs. One technique is offering multiple installation options. Although the standard or default options may be highly recommended by the company or hacker, it is usually the custom or advanced option that is PUP-free. Another trick is automatically including PUPs in the installation. You have to uncheck the boxes to opt-out of the PUP. Sometimes they will gray the opt-out option so it looks like you can’t get out of downloading a PUP. Other companies will sneak clauses about PUPs into the end user license agreement. This means when you click to agree with their user terms, you also agree to download PUPs.

Here’s some tips on how to make sure you don’t get a PUP.

• Be picky. Hesitate before downloading any freeware. Do you really need that Guardian of the Galaxy wallpaper for your laptop? Be vigilant and only download from trusted sites.
• Customize. When downloading a program, it may be tempting to use the standard or default installation, but this version usually includes downloading programs you don’t need. Choose the custom installation.
• Opt out. Instead of asking you to opt in to PUPs, companies will automatically include the PUPs in the installation; it’s up to you to say no. For example, a freeware program might recommend that you install a free browser add-on andbelow this statement will be a box that is checked that indicates you want to install the add-on. If you don’t uncheck the box, you can potentially download a PUP you may know very little about.
• Read the fine print. Read the End User License Agreement before you accept it. There may be a clause about PUPs.
• Have comprehensive security software. Install security software that works for all of your devices, like McAfee LiveSafe™ service. McAfee LiveSafe can detect PUPs and remove them from your device.

Remember it’s much more fun to snuggle with furry pups rather than the computer code kind.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! 

I remember my teachers always telling me there are no stupid questions. When it comes to identity theft, this is especially true. The more you know about identity theft, the better prepared you will be to prevent it from happening to you. Here are some commonly asked questions about identity theft.

What is identity theft?

Identity theft is when a person pretends to be you to access money, credit, medical care, and other benefits. They acquire your identity by stealing and using your personal information like government ID number or bank account number. Once they have this information, identity thieves can really wreak havoc on your life; for example, they can clear out your bank account. They can also impersonate you in order to get a job or commit a crime. It can take a long time to clean up the mess.

Does identity theft only have to do with stealing money or credit?

No, financial identity theft, using your personal information to access your money or credit, is not the only type of identity theft, although it is the most common. There are other kinds of identity theft identity theft. Medical identity theft is when someone uses your information to receive medical care. Criminal identity theft is when someone takes over your identity and assumes it as his or her own. They can then give your name to law enforcement officers and voilà—you have a criminal record.

What are some things I can do to protect my identity online?

• Be choosy. Be careful when sharing personal information online. Just because a website is asking for your information doesn’t mean it’s necessary to provide it to them. Ask who wants the information and why. Also, limit the amount of information you share on social media. Does everyone need to know the year you were born?
• Think twice. Use caution when clicking on links and opening email attachments. If the link or attachment is from someone you don’t know, don’t open it.
• Use secure Wi-Fi. When shopping or banking online, make sure you are using a secure wireless connection.
• Permanently delete files from your PC. Putting your files in the recycle bin isn’t enough. Your device will still have the files and therefore, are accessible to identity thieves. Use security software, like McAfee LiveSafe™ service, that includes a digital shredder to make sure those files are truly wiped from your PC.
• Install security software. Make sure all your devices have comprehensive security software like McAfee LiveSafe that protects all your PCs, Macs, tablets and smartphones.

What are things I can do to protect my identity offline?

• Shred. Use a cross-cut shredding machine, or scissors to shred old credit card statements, offers, receipts, etc., to prevent dumpster divers from obtaining your information and creating accounts in your name.
• Have a locked mailbox. This will keep thieves from stealing your mail, especially bank statements and credit card offers.
• Secure your files. Get a fire-proof safe to store sensitive documents including credit cards you hardly use.
• Keep an eye on your bank and credit card statements. Look for questionable activity.
• Be careful when using ATMs. When you insert your ATM card into a compromised machine or run your credit card through a phony card reader, you could become a victim of skimming. Skimming is where a hacker illegally obtains information from the magnetic strip on the back of your credit or ATM card. This information can then be used to access your accounts or produce a fake credit card with your name and details on it.

How do I know if my identity has been stolen?

This list is not comprehensive but gives you a good idea on what to look out for.

• You receive a bill for a credit card account that, though in your name, is not yours. This probably means a thief opened the account in your name.
• You’re no longer receiving your usual snail mail or email statements. Contact the issuer to find out why.
• Unfamiliar purchases on your credit card, even tiny ones (crooks often start out with small purchases, and then escalate). Challenge even a $4 purchase.
• You receive a credit card or store card without having applied for one. If this happens, immediately contact the company.
• Your credit report has suspicious information, like inquiries for credit that you didn’t make.
• Collectors are calling you to collect payments you owe, but you owe nothing.
• Your credit score is high (last time you checked), but you were denied credit for a loan or new credit card. A thief can easily ruin a credit rating.

If my identity is stolen, what should I do?

Finding out that your identity has been stolen can be stressful. First, take a deep breath then follow these initial steps.

• Contact your local or national law enforcement agency. File a report that your identity has been stolen.
• Call your bank and credit card companies. Notify them of fraudulent activity. They may be able to reimburse you for any money lost or close any unauthorized accounts.
• Check with credit reference agencies. Ask them to set up a fraud alert. Also, check to see if anyone has tried to get credit using your name.
• Keep records. Keep track of all conversations and paperwork, the more detailed the better. Organize your data into one centralized place. This can be used as evidence for your case and can help you resolve the mess that identity theft can create.

To learn more about how you can protect yourself from identity theft, check out the Intel Security Facebook page or follow @IntelSec_Home on Twitter.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! 

Ever see those public bulletin boards with all the business cards on them? Don’t be surprised if you spot one that says “Hacker•for•Hire.” These are hackers who will, for a nice juicy fee, hack into your wife’s Facebook account to see if she’s cheating on you.

However, there’s at least one hackmaking site that matches hackers to clients who want to infiltrate a network for personal gain or even revenge. The site, Hacker’s List, is a good idea, certainly not the first of its kind; the site’s founders (who wish to remain anonymous) get a piece of the pie for each completed job. Kind of sounds like one of those freelance job sites where someone bids on a posted job. The client must put the payment in escrow prior to the job being carried out. This pretty much guarantees payment to the hacker.

The site began operation in November. Imagine the possibilities, like business people getting a complete list of their competitors’ clients, customers, prices and trade secrets. And yes, a college student could hire a hacker for changing a grade. Makes you kind of wish you were skilled at hacking; what a freaking easy way to make a lot of money.

Is a site like this legal? After all, cracking into someone’s personal or business account is illegal. The site has a lengthy terms of service that requires agreement from users, including agreeing not to use the service for illegal activity. The verdict isn’t out if Hacker’s List is an illegal enterprise, and further complicating this is that many of the job posters are probably outside the U.S.

Hacker’s List was carefully developed, and that includes the founders having sought legal counsel to make sure they don’t get in trouble.

Hiring hackers can easily occur beyond an organized website where jobs are posted and bid on. And there’s no sign of this industry slowing down. The line of demarcation between good hackers and bad is broad and blurry, beginning with legitimate businesses hiring hackers to analyze the companies’ networks for any vulnerabilities.

There’s the war on drugs, the war on terrorism, the war on cancer and the war on cyber threats. In fact, more people are vulnerable to cyber attacks than they are to the first three threats combined.

So pervasive is this threat that President Obama fully recognizes that everyone is at risk. He even signed an executive order recently in the hopes of promoting the sharing of more cybersecurity related data between the government and the private sector.

Recently President Obama presented a speech at Stanford University; the attendees included government officials and leaders in the tech world. He admitted that the government is a bit befuddled over how to provide the private sector with protection from cyber threats. And don’t forget that many hackers operate overseas, making them tougher to track down.

Obama’s message is that it’s difficult for the government to simultaneously protect the public and not be intrusive into peoples’ privacy.

He referred to the cyber world as the “Wild Wild West,” but it sounds more like the Wild Wicked Web. But he likens it to the Old West because people want the government to play the role of sheriff.

With practically the entire world online (even people living in huts along rivers have computers), everyone’s a potential victim.

Obama has really been putting his foot down hard about this, having begun in 2013, when the so-called cybersecurity framework was formulated—a scheme that’s designed to enhance cyber security, and this protocol has been put in place by some major corporations.

But Obama hasn’t stopped there. In January he announced plans for additional protection for the private sector.

Nevertheless, many people, including business decision makers, believe that the Obama Administration isn’t moving fast enough. They want to see these plans in writing, but these executive orders have not been made obtainable, perhaps making some tech leaders feel that Obama isn’t taking things quite as seriously as he says he wants to.

Regardless, the onus of responsibility is on you good reader. Nobody is going to protect your device or data better than you. Keep reading, keep your devices updated and maintain your awareness of various scams because criminals are getting better and better every day.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. 

There’s only one entrance to the house: a steel door two feet thick. If someone from the outside touched the door—even with a battering ram—they’ll get an electric shock. No bad guys could get through, right?

Well, suppose the bad guy tricks the homeowner into opening the door…and once open, the bad guy strangles the homeowner. Do you see what happened? All that security is worthless if the homeowner can be tricked. And the same goes for passwords. You can have the longest, strongest, most gibberish password around…but if you allow yourself to be skunked by a hacker…it’s over.

Think you can’t get skunked? A hacker could post a link to a “video” claiming it’s Taylor Swift with a 50 pound weight gain—anything to get you to click—and you end up downloading a virus to your computer.

Or maybe you get suckered into giving your credit card number and the three-digit code on its back to some site to “re-verify your credentials” because your account has been “compromised” – says an e-mail supposedly from the company you have the account with. Instead it’s a phony e-mail sent by a hacker.

Security begins by not falling for these ruses but also by not having crummy passwords.

First ask yourself if it’s super easy to remember any of your passwords. If it is, chances are, they contain actual names of people…or pets…in your life. If you have your pet and its name plastered all over your Facebook page, for instance…a hacker will figure that your password contains the name.

Another way to easily remember—and type—passwords is to use keyboard sequences. Maybe you use the same password for 14 accounts: 123kupkake. Is this easy for a hacker to crack? Depending on the level of sophistication of the hacker and the tools he possess, maybe. Imagine a hacker cracking this with his software. He’ll get into all your accounts if you have the same password.

There are many password manager services out there to help you create a strong, long password, though randomly hitting keys on your keyboard will produce the same result. But the password manager will grant you a single password to get into all your accounts, sparing you the drudgery of having to remember 14 long passwords of jumbled characters.

Another layer of security is to try to only register with online accounts that have two-factor authentication. For instance, see if your bank offers this (many actually don’t). Two-factor makes it next to impossible for someone to hack into your account.

Strong and long passwords—all different for all of your accounts; a password manager; two-factor authentication; and what else? Don’t be suckered into giving up your private information!