You’ve seen barcodes all your life. So you know what they look like: rectangles “boxes” comprised of a series of vertical lines. When a cashier scans a barcode, you hear a familiar beep and you are charged for that item.

A QR code looks different and offers more functionality. QR stands for “quick response.” Smartphones can download QR readers that use the phone’s built-in camera to read these codes. When the QR code reader application is open and the camera detects a QR code, the application beeps and asks you what you want to do next.

Today we see QR codes appearing in magazine advertisements and articles, on signs and billboards; anywhere a mobile marketer wants to allow information to be captured, whether in print or in public spaces, and facilitate digital interaction. Pretty much anyone can create a QR codes.

Unfortunately, that’s where the cybercriminals come in. While QR codes make it easy to connect with legitimate online properties, they also make it easy for hackers to distribute malware.

QR code infections are relatively new. A QR scam works because, as with a shortened URL, the link destination is obscured by the link itself. Once scanned, a QR code may link to an malicious website or download an unwanted application or mobile virus.

Here’s some ways to protect yourself from falling victim to malicious QR codes:

Be suspicious of QR codes that offer no context explaining them. Malicious codes often appear with little or no text.

If you arrive on a website via a QR code, never provide your personal or log in information since it could be a phishing attempt.

Use a QR reader that offers you a preview of the URL that you have scanned so that you can see if it looks suspicious before you go there.

Use complete mobile device security software, like McAfee^® Mobile Security, which includes anti-virus, anti-theft and web and app protection and can warn you of dangerous websites embedded in QR codes.

Robert Siciliano is an Online Security Evangelist to McAfee. 

USB flash drives are handy little devices that can cause big security headaches. Even with robust datasecurity policies USBdrives often fall thru the cracks (and out of pockets). These flash drives are often used by employees for both personal and business use which could potentially spread a virus from a home PC to the corporate network.

Additionally, lost USB drives among other devices with storage can cause even bigger headaches resulting in data breaches. A survey by a U.K.-based company found that last year, 4,500 USB flash drives were forgotten in the pockets of clothes left at the dry cleaners and thousands more handheld devices were left in the back seats of taxis.

Computerworld reports a 2007 survey by Ponemon of 893 individuals who work in corporate IT showed that:USB memory sticks are often used to copy confidential or sensitive business information and transfer the data to another computer that is not part of the company’s network or enterprise system. The survey showed 51% of respondents said they use USB sticks to store sensitive data, 57% believe others within their organization routinely do it and 87% said their company has policies against it.

Flash drives can be a security mess. Organizations need to have business security policies in place requiring secure flash drives and never plugging a found stray catinto the network either.

Ensure all data stored on a secure flash drive is encrypted. TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data is automatically encrypted right before it is saved and decrypted right after it is loaded, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys.

Robert Siciliano personal and small business security specialist to ADT Small Business Security

Location-based services utilize geo-location information to publish your whereabouts. In some cases, these services can also provide discounts or freebies as a reward for “checking in” at participating businesses and gathering “points.” These services can also be used to share photos and other media in real-time with your friends and followers.

Geo-location or geo-tagging can be used on PCs, but is primarily applicable to mobile phones. The geo-location software usually obtains its data from your device’s Internet protocol (IP) address or your global positioning System (GPS) longitude and latitude. Many of today’s social networking sites are now incorporating location-based services that allow users to broadcast their locations via smartphone.

Carnegie Mellon University has identified more than 80 location-sharing services that either lack privacy policies or collect and save user data for an indefinite period of time.

Some companies have even adopted the technology, which they’ve dubbed “GPS dating,” to connect singles with other local singles anywhere, any time. These dating services make it easy to find other users by providing photos and personal descriptions.

This technology is immensely useful to predators, thieves, and other criminals, since it makes it so simple to determine where you are, and where you are not. They can access a full profile of your itinerary, all day, every day. Someone who is paying unwanted attention to you can see your exact address each time you “check in.”

One of the most extreme examples of the dangers posed by GPS-locators is the issue of domestic abuse victims who seek safety at a shelter; volunteers have adopted a policy of removing batteries from women’s phones as soon as they arrive, so that abusers cannot track their victims to the shelter.

Thieves use geo-location to determine whether you are home or not, and then use that data to plan a burglary.

Stalkers who use the phone’s GPS are usually close to the victim—a family member or ex-boyfriend or girlfriend, for example—and use their personal access to manually turn on GPS tracking.

To protect yourself from broadcasting your location, you should:

Turn off your location services on your mobile phone or only leave it enabled for applications like maps. Most geo-location services are turned on by default.

Be careful on what images and information you are sharing on social networks and when. For example, it’s best to wait until you are home to upload those vacation photos.

Make sure you check your privacy settings on your social networking sites that you’re sharing information on to make sure you are only sharing information with your friends and not everyone.

Robert Siciliano is an Online Security Evangelist to McAfee. 

In Barcelona, Spain on Feb. 27, 2012 McAfee unveils its series of technology advancements that deliver upon its vision of providing comprehensive mobile security and privacy protection for devices, data and apps. McAfee® Enterprise Mobility Management (EMM™) 10.0, available now, includes significant security updates for enterprise customers to enable 'bring your own device' practices in the enterprise.

With EMM 10.0, IT professionals will have improved control to identify, secure, and assign policies to both employee- and business-owned smartphones and tablets.The concern for IT professionals is "BYOD" (Bring Your Own Device) which has become widely adopted to refer to mobile workers bringing their own mobile devices, such as smartphones, tablets and PDAs, into the workplace for use and connectivity.

Today, many consumers expect to be able to use personal smartphones and mobile devices at work, which is an IT concern. Many corporations that allow employees to use their own mobile devices at work implement a "BYOD policy" to help I better manage these devices and ensure network security."Expanded Data Security, Application Security and Ease of Administration McAfee EMM software gives enterprises the ability to offer their employees mobile device choice, while delivering secure and easy access to mobile corporate applications.

New features and functionality include: Expanded Data Security: Email "Sandboxing" for iOS and an integrated Secure Container for Android, available by Q2 Enhanced Application Security: Application Blacklisting for Android and iOS allows the administrator to define a set of applications and block access.Ease of Administration: Bulk provisioning for Android and iOS Enhanced Protection for Consumers McAfee® Mobile Security 2.0 for consumers, which offers an all-encompassing approach to mobile security and protects a user's privacy when using smartphones and Android tablets.

McAfee Mobile Security combines powerful anti-theft, antivirus, call and SMS filtering, web and app protection. It was also recently awarded with the LAPTOP Magazine Editors' Choice award for best mobile security app.McAfee can also be seen the week of Feb. 27 at Mobile World Congress in Barcelona, Spain at the Intel stand in Hall 8 B197 and at the RSA Conference in San Francisco, CA at McAfee booth #1117 or Intel booth #1324. Be sure if you are attending Mobile World Congress to stop by for a chance to win a Samsung Galaxy Tab!

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube

Criminal hackers hack for fun, fame, revenge, trade secrets, or terror, but mostly they hack for financial gain. According to a data breach study, based on 75 incidents in the second half of 2010, 13% of web hacking cases involved leaked client data leading to financial fraud. (The top two reasons hackers attacked websites were site defacement at 15% and site downtime at 33%.)

Once customer information is hacked, it can be used to open new accounts or to take over existing accounts. It often takes only a few hackers to crack a system containing millions of customerrecords. These thieves will then broker and sell the information to other hackers.

The victims find and repair the vulnerabilities in their systems, but the damage has already been done. The individuals whose data has been compromised face an uphill, ongoing battle to protect themselves from financial fraud.

Protecting small business customer data starts with network securitybasics including: Software: Antivirus, antiphishing, antispyware. Total protection “all access” suites of protection and full disk encryption Hardware: Routers, firewall security appliances Physical security: Commercial grade solid core doors, security alarm systems, security cameras.

There is an entire underground black-market out there hacking, buying and selling your information to steal your identity. The most sought after data is your credit card numbers.

“Carders” are the criminals who buy and sell “dumps,” which are large quantities of credit card and bank account details. Carders and other criminal hackers are also interested in so-called “fullz,” which include first and last names, email addresses and passwords, billing addresses, phone numbers, dates of birth, Social Security numbers, driver’s license numbers, bank account numbers and routing numbers, and even information like the names of victims’ employers and the number of years victims have been at their current jobs. These details help criminals commit new account fraud or account takeover fraud.

Krebs on Security recently reported on Superget.info, a public-facing website that openly sells this data to registered members. The website proclaims, “Our Databases are updated EVERY DAY. About 99% nearly 100% US people could be found, more than any sites on the internet now.”

Prices for bits and pieces of your identity go for as little as 9 cents, and it looks as though Social Security numbers are available for as low as $3 each.

Most of this stolen data results in new account fraud. Fraudulent credit card applications are the most lucrative form of new account fraud. Identity thieves love credit cards because they are the easiest accounts to open, and they allow thieves to quickly turn data into cash. Meanwhile, consumers don’t find out that credit cards have been opened in their names until they are denied credit or bill collectors start calling.

Robert Siciliano personal and home security specialist to Home Security Source.

South by Southwest Interactive (SXSWi), March 9-13, 2012 in Austin, Texas is an incubator of cutting-edge technologies. The event features five days of compelling presentations from the brightest minds in emerging technology, scores of exciting networking events hosted by industry leaders, and an unbeatable line up of special programs showcasing the best new websites, video games, and startup ideas the community has to offer. From hands-on training to big-picture analysis of the future, SXSW Interactive has become the place to experience a preview of what is unfolding in the world of technology.

Gemalto, a digital security leader, will be hosting the Mobile IDEA/NEXT Lounge on the 6th floor of the Hilton throughout SXSW Interactive. The lounge will serve as a hub for those attendees interested in learning, engaging, and sharing in discussions around all aspects of mobility—from the mobile phone to the cloud—and the digital security solutions they necessitate.

There will be a ton of talks and events happening each day in the IDEA/NEXT Lounge. From daily talks and influencer podcasts to daily happy hour panel discussions, the Lounge will be a hub of activity. Even with all that planned, Gemalto wants to hear from SXSW Interactive attendees. Feedback can be sent via Twitter to @JustAskGemalto or @Gemalto_NA.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto.