Border crossing mobile social media life-saving security tips

No notes for slide

Malware is a broad term used to describe software that can damage or enter a computer without the person’s consent or knowledge. Examples are viruses, trojan horses, spyware, and keystroke loggers. Usually Malware presents itself in an e-mail from an unknown sender with a link or an attachment, that once opened can infect your client’s computer by installing a program. This program allows an unauthorized individual to gain access to your client’s computer, email, personal files, etc. By design, malware is difficult to detect. It typically runs in the background unnoticed. Here are a couple of easy ways to reduce the risk of downloading malware: (1) Keep your anti-virus & online security software updated, (2) don’t click any links or open email attachments unless you know who sent it and what it is, and (3) use a pop-up blocker.

Phishing – is the illegal attempt to mislead clients into providing personal or financial information, including account numbers, passwords, and SSNs, usually via email, telephone or fake websites. The most common example occurs through email, disguised as one sent from a legitimate financial institution or company such as Schwab or a bank. The email may ask the client to verify recent account activity by clicking the link provided in the e-mail and prompt the client enter his/her login, essentially hijacking the client’s formerly secure username and password. Other subject titles have been “Irregular Activity on Your Schwab Account!” or “Urgent: Account Restricted – Action Required”. These emails highlight some sort of urgency to entice individuals to read them and act immediately. Usually these e-mails are easy to identify upon closer inspection – spelling or grammatical errors, the e-mail address is incorrect (schwab.com.org), or the link is not the official website of the institution. If you or your client receive a phishing attempt, contact your Regional Service Team immediately.

Social Engineering – Is another broad term describing an act of psychological manipulation, using human interaction or social skills to obtain or compromise information from an individual or an organization. It applies to many areas but in the one specific to this topic, it is the act of obtaining otherwise secure information by tricking an individual into revealing it. Both phishing and malware rely on social engineering to an extent to be successful. An example is an e-mail from a seemingly sounding legitimate charity or organization asking for a donation – for starving children, the homeless, some social cause to appeal to your humanity.
Another example of social engineering is when you receive an e-mail or Facebook message from your college buddy with a subject line of “Long time no see!” with a link or e-mail attachment. Because the email is from someone you know, you may open either one, unknowingly providing access to your computer to the fraudster. Be cautious before you do so; this person may have been hacked as well and unaware the e-mail has been sent on their behalf. If it seems out of the ordinary or uncharacteristic of this person, do not reveal any personal or financial information in the email. This includes following links sent in email.

Identity Theft – When we speak of identity theft, we usually think of stolen SSN’s. Here the term is much broader than that The client’s identity is essentially being stolen, when the fraudster hacks into the client’s e-mail and takes on the client’s identity, posing as your client, whether to you, us, or the custodian, with the ultimate goal of perpetuating wire fraud. Do not give sensitive information, such as full account balances, account numbers, etc. to anyone unless you are sure they are indeed who they claim to be and that they should have access to the information. This is not intended to be a scare tactic, rather an emphasis on the overall theme of prevention. You know your clients and their behaviors best. We’re merely stressing the importance of being vigilant with protecting your client’s personal information from these various schemes to prevent e-mail hacking and wire fraud.

IOS
From iOS 7 on a new control panel that can quickly turn Bluetooth On or Off. Simply slide your finger up from the bottom edge of the screen to reveal the new control panel. Tap the Bluetooth symbol to turn it off or back on again. However, you cannot

Or

Open the iPad's settings by touching the icon shaped like gears in motion.
The Bluetooth settings are at the top of the left-side menu, just under Wi-Fi.
Once you've tapped the Bluetooth settings, you can slide the switch at the top of the screen to turn the service on or off.
Once Bluetooth is turned on, all nearby devices that are discoverable will be shown in the list. You can pair a device by tapping it in the list and pushing the discover button on your device. Consult the device's manual on how to put it in discoverable mode.

Android http://www.howtogeek.com/211186/how-to-disable-google-location-wi-fi-scanning-on-android/

https://www.revealnews.org/article/chicago-and-los-angeles-have-used-dirt-box-surveillance-for-a-decade/

Can be triangulated even if the location services are off

http://www.welivesecurity.com/2015/12/16/know-smartphone-compromised/

We must beware of the toxic psychological impact of media and technology on children, adolescents and young adults, particularly as it regards turning them into faux celebrities—the equivalent of lead actors in their own fictionalized life stories.Read more: On Facebook, young people can fool themselves into thinking they have hundreds or thousands of “friends.” They can delete unflattering comments. They can block anyone who disagrees with them or pokes holes in their inflated self-esteem. They can choose to show the world only flattering, sexy or funny photographs of themselves and publicly connect to movie stars and professional athletes and musicians they “like.”Read more:

Using Twitter, young people can pretend they are worth “following,” as though they have real-life fans, when all that is really happening is the mutual fanning of false love and false fame.
Using computer games, our sons and daughters can pretend they are Olympians, Formula 1 drivers, rock stars or sharpshooters. And while they can turn off their Wii and Xbox machines and remember they are really in dens and playrooms on side streets and in triple deckers around America, that is after their hearts have raced and heads have swelled with false pride for “being” something they are not.
Read more: http://www.foxnews.com/opinion/2013/01/08/are-raising-generation-deluded-narcissists/#ixzz2KB227p5o
Cooperative Institutional Research Program CIRP from http://www.heri.ucla.edu/cirpoverview.php

http://regex.info/exif.cgi

Go to
Jeffrey's Exif Viewer http://regex.info/exif.cgi
Photo 1http://es-es.org/resources/cm2011/photo.JPG
Where was the photo what kind of device was used to take the photo
Second photo
http://es-es.org/resources/cm2011/cropped.jpg
Who is in the photo besides the kids?
What device was used to take the photo

Adam Savage, of “MythBusters,” took a photo of his vehicle using his smartphone. He then posted the photo to his Twitter account including the phrase “off to work.”

The image contained metadata reveling the exact geographical location the photo.

Savage revealed the exact location of his home, the vehicle he drives and the time he leaves for work.

Steps to take before/after traveling in hostile regions
 Backup
 Establish a VPN account i.e. https://www.privateinternetaccess.com/
 Setup a temporary email account forward normal accounts (Only if needed)
 Encrypt
 Factor reset
 Encrypt
 Use a Secure a phone - Silent Circle Phone “Blackphone” https://goo.gl/WnXfOa
 Strong passcode six digit at least (No Fingerprint)
 Lock on sleep
 Set phone to always use VPN
 Disable Location tracking and history
 Disable WiFi and Bluetooth
 Forget / Remove all Wireless and Bluetooth networks
 Change passwords for any site accessed out of the country i.e. www.lastpass.com
 DO NOT POST about trip until after return
 Re-image, Delete, or Destroy any Hard Drive taken out of the country
 Check email and credit https://haveibeenpwned.com/ https://www.annualcreditreport.com/index.action
GPS Tra

Can be triangulated even if the location services are off

http://www.welivesecurity.com/2015/12/16/know-smartphone-compromised/

We must beware of the toxic psychological impact of media and technology on children, adolescents and young adults, particularly as it regards turning them into faux celebrities—the equivalent of lead actors in their own fictionalized life stories.Read more: On Facebook, young people can fool themselves into thinking they have hundreds or thousands of “friends.” They can delete unflattering comments. They can block anyone who disagrees with them or pokes holes in their inflated self-esteem. They can choose to show the world only flattering, sexy or funny photographs of themselves and publicly connect to movie stars and professional athletes and musicians they “like.”Read more:

Using Twitter, young people can pretend they are worth “following,” as though they have real-life fans, when all that is really happening is the mutual fanning of false love and false fame.
Using computer games, our sons and daughters can pretend they are Olympians, Formula 1 drivers, rock stars or sharpshooters. And while they can turn off their Wii and Xbox machines and remember they are really in dens and playrooms on side streets and in triple deckers around America, that is after their hearts have raced and heads have swelled with false pride for “being” something they are not.
Read more: http://www.foxnews.com/opinion/2013/01/08/are-raising-generation-deluded-narcissists/#ixzz2KB227p5o
Cooperative Institutional Research Program CIRP from http://www.heri.ucla.edu/cirpoverview.php

Signaling System 7 (SS7)

Strong passcode
Lock on sleep
Encrypt
“Find my phone”
Allow “Verify Apps”
Review app permissions
Review in-app privacy settings
Cloud backup settings

http://www.zdnet.com/android-antivirus-comparison-review-malware-symantec-mcafee-kaspersky-sophos-norton-7000019189/
http://www.av-test.org/en/tests/mobile-devices/android/nov-2013/

http://krebsonsecurity.com/2015/12/when-undercover-credit-card-buys-go-bad/

http://www.practicalecommerce.com/articles/91200-23-Tools-for-Social-Media-Monitoring

Recommended Addons for Firefox

HTTPS Everywhere
HTTPS Everywhere is the king of all privacy addons. It’s developed as a collaboration between the Tor privacy project and the Electronic Frontier Foundation, which is an organization that fights for rights in a digital world.

But what is HTTPS? In short, it’s a more secure web-browsing protocol that encrypts all of the web data that’s transmitted between the server and your browser using SSL/TLS. So, even if someone intercepts your connection, they won’t be able to read the data.
HTTPS Everywhere forces HTTPS all the time. Even if a particular web page doesn’t support encryption, the addon can get around it by rewriting the requests behind the scenes. It’s a must-have Firefox security addon. Don’t skip it.

Disconnect
Like Ghostery, Disconnect is an addon that blocks web trackers from gathering your personal information. It’s so good that Popular Science even named it as one of the top 100 innovations in 2013. If that doesn’t earn it a good dose of credibility, I don’t know what will.
Because it blocks tracking elements from over 2,000 sources, Disconnect claims to speed up page loading by upwards of 27%. That’s a pretty significant gain, especially because it’s on top of the security and privacy it already offers in the first place. Definitely a keeper.

NoScript
NoScript is a Firefox security addon that we’ve been recommending since 2008. As the name implies, this addon prevents active scripts from running on websites unless you grant permission to them. Marginally inconvenient, yes, but massively more secure in the long run.
Permission is granted by adding trusted domains to your whitelist. Any domains that aren’t on your whitelist will be prevented from running JavaScript or Java, which will help protect you against cross-site scripting attacks, clickjacking attempts, and more.

Blur
Formerly known as DoNotTrackMe, Blur is one of the best addons for protecting your data. Not only does it block companies from collecting information about you, it also manages and protects your sensitive details like password credentials and payment information.
Regarding passwords, Blur will one-click generate touch-to-crack combinations and will immediately encrypt and store them safely for later.
Regarding payments, Blur lets you purchase online without ever giving away your credit card information by providing disposable masking credit cards through Abine, Inc. This feature is only available for premium users, which can be purchased for $5 per month.
KeeFox
Most modern browsers have built-in password management, but they’re rarely as good as dedicated solutions. Take KeeFox for instance, which is the browser variant of the renowned password manager, KeePass. Start using it if you aren’t already.
In essence, KeeFox is a full-blown replacement for the built-in Firefox password manager. Just be aware that KeeFox will not work correctly if you have Firefox set to clear passwords every time it closes.
LastPass for Firefox is a well-known alternative to KeeFox and it works great as well. However, KeeFox is open source and completely free, so it’s the one I prefer. Feel free to use whichever one you think suits you best.
BetterPrivacy
When you visit the addon page for BetterPrivacy, you might notice that it hasn’t been updated since early 2012. Don’t let that turn you away. Despite being three years in limbo, this addon still works just as it’s supposed to.
What does it do? It combats the long-term super-cookies, also known as Flash cookies, that companies use for perpetual tracking of your web activity. BetterPrivacy lets you view and destroy these super-cookies, which is something most browsers won’t do on their own.

Self-Destructing Cookies
As far as regular cookies are concerned, most browsers offer a primitive “clear all cookies” function that can be done manually or whenever the browser closes. What if you want a bit more flexibility? Then you should install Self-Destructing Cookies.
This addon allows cookies to persist until you close the tab. When a tab is closed, all relevant cookies are destroyed right on the spot. This method of dealing with cookies is especially effective against Zombie-cookies and Evercookies. If there are any cookies you want to keep, you can whitelist them.
Bloody Vikings!
Are you tired of email spam? Starting today, you can kiss email spam goodbye thanks to the advent of the Bloody Viking! addon. Look past the strange name and you’ll see a wonderful tool: one that makes it easy for you to use temporary email addresses when signing up for websites.
Using services like 10MinuteMail and AnonBox, this addon provides you with a limited-time inbox where you can accept confirmation emails without risking the sanctity of your actual inbox. After a given period of time, the provided inbox implodes and disappears.
Clean Links
Lastly we have Clean Links, a humble little addon that’s been in development since 2011. Its premise is simple: whenever it detects an obfuscated or nested link — such as you might find with shady redirection or affiliate products — it replaces it with the clean, straight version.
Not much else to say about this one except that you can now rest easy when clicking on links, knowing that you’ll be able to catch dodgy links before you actually click on them.

Monitor your credit report for any suspicious activity by ordering free credit reports at Annualcreditreport.com, You're entitled to a free report from Equifax, Experian and TransUnion every 12 months.

Consider a permanent security freeze
A permanent security freeze puts your credit report under your control: No one can access it to open up new credit accounts in your name without your permission. Businesses cannot access your credit report unless you unlock it, and identity thieves can't set up new credit accounts in your name unless they can present the credentials required to unlock it. Equifax, Experian and TransUnion

1. Go tohttps://www.google.com/alerts#
2. "Set up search alerts for your data".
3. Click the check boxes for either "Your name", "Your email", or enter a custom search alert for your phone number, address, or any other personal data you want alerts on.
4. Choose how often you want to receive personal data alerts by clicking on the drop down box next to the words "How Often".
5. Click the "Save" button

Tor Browsers
Android https://play.google.com/store/apps/details?id=org.torproject.android&hl=en
iOS https://itunes.apple.com/us/app/red-onion-tor-powered-web/id829739720?mt=8
VPN https://www.privateinternetaccess.com/
Telegram or BBM (SS7 Issues)
Cell Phone Booster Detector

Blur
Device Sync
Automatically sync passwords, logins, and masked info across all of your devices, giving you instant access to every account, everywhere.

Secure Backup
Get maximum security and avoid the risk of storing your Blur data only on your computer - backup your accounts and passwords on remote servers.

Masked Cards
Protect yourself from hackers and hidden charges by creating unlimited anonymous, disposable credit card numbers for your online purchases.

Masked Phone
Masked Email
Block Hidden trackers

Recommended Addons for Firefox

HTTPS Everywhere
HTTPS Everywhere is the king of all privacy addons. It’s developed as a collaboration between the Tor privacy project and the Electronic Frontier Foundation, which is an organization that fights for rights in a digital world.

But what is HTTPS? In short, it’s a more secure web-browsing protocol that encrypts all of the web data that’s transmitted between the server and your browser using SSL/TLS. So, even if someone intercepts your connection, they won’t be able to read the data.
HTTPS Everywhere forces HTTPS all the time. Even if a particular web page doesn’t support encryption, the addon can get around it by rewriting the requests behind the scenes. It’s a must-have Firefox security addon. Don’t skip it.

Disconnect
Like Ghostery, Disconnect is an addon that blocks web trackers from gathering your personal information. It’s so good that Popular Science even named it as one of the top 100 innovations in 2013. If that doesn’t earn it a good dose of credibility, I don’t know what will.
Because it blocks tracking elements from over 2,000 sources, Disconnect claims to speed up page loading by upwards of 27%. That’s a pretty significant gain, especially because it’s on top of the security and privacy it already offers in the first place. Definitely a keeper.

NoScript
NoScript is a Firefox security addon that we’ve been recommending since 2008. As the name implies, this addon prevents active scripts from running on websites unless you grant permission to them. Marginally inconvenient, yes, but massively more secure in the long run.
Permission is granted by adding trusted domains to your whitelist. Any domains that aren’t on your whitelist will be prevented from running JavaScript or Java, which will help protect you against cross-site scripting attacks, clickjacking attempts, and more.

Blur
Formerly known as DoNotTrackMe, Blur is one of the best addons for protecting your data. Not only does it block companies from collecting information about you, it also manages and protects your sensitive details like password credentials and payment information.
Regarding passwords, Blur will one-click generate touch-to-crack combinations and will immediately encrypt and store them safely for later.
Regarding payments, Blur lets you purchase online without ever giving away your credit card information by providing disposable masking credit cards through Abine, Inc. This feature is only available for premium users, which can be purchased for $5 per month.
KeeFox
Most modern browsers have built-in password management, but they’re rarely as good as dedicated solutions. Take KeeFox for instance, which is the browser variant of the renowned password manager, KeePass. Start using it if you aren’t already.
In essence, KeeFox is a full-blown replacement for the built-in Firefox password manager. Just be aware that KeeFox will not work correctly if you have Firefox set to clear passwords every time it closes.
LastPass for Firefox is a well-known alternative to KeeFox and it works great as well. However, KeeFox is open source and completely free, so it’s the one I prefer. Feel free to use whichever one you think suits you best.
BetterPrivacy
When you visit the addon page for BetterPrivacy, you might notice that it hasn’t been updated since early 2012. Don’t let that turn you away. Despite being three years in limbo, this addon still works just as it’s supposed to.
What does it do? It combats the long-term super-cookies, also known as Flash cookies, that companies use for perpetual tracking of your web activity. BetterPrivacy lets you view and destroy these super-cookies, which is something most browsers won’t do on their own.

Self-Destructing Cookies
As far as regular cookies are concerned, most browsers offer a primitive “clear all cookies” function that can be done manually or whenever the browser closes. What if you want a bit more flexibility? Then you should install Self-Destructing Cookies.
This addon allows cookies to persist until you close the tab. When a tab is closed, all relevant cookies are destroyed right on the spot. This method of dealing with cookies is especially effective against Zombie-cookies and Evercookies. If there are any cookies you want to keep, you can whitelist them.
Bloody Vikings!
Are you tired of email spam? Starting today, you can kiss email spam goodbye thanks to the advent of the Bloody Viking! addon. Look past the strange name and you’ll see a wonderful tool: one that makes it easy for you to use temporary email addresses when signing up for websites.
Using services like 10MinuteMail and AnonBox, this addon provides you with a limited-time inbox where you can accept confirmation emails without risking the sanctity of your actual inbox. After a given period of time, the provided inbox implodes and disappears.
Clean Links
Lastly we have Clean Links, a humble little addon that’s been in development since 2011. Its premise is simple: whenever it detects an obfuscated or nested link — such as you might find with shady redirection or affiliate products — it replaces it with the clean, straight version.
Not much else to say about this one except that you can now rest easy when clicking on links, knowing that you’ll be able to catch dodgy links before you actually click on them.

http://netsecurity.about.com/od/advancedsecurity/a/Protecting-Your-Online-Reputation.htm

I would advise against searching for your social security number because if your Google account is hacked and the hackers look at your alerts then they would see your social security number if you had an alert set for it.

Can be triangulated even if the location services are off

http://www.welivesecurity.com/2015/12/16/know-smartphone-compromised/

We must beware of the toxic psychological impact of media and technology on children, adolescents and young adults, particularly as it regards turning them into faux celebrities—the equivalent of lead actors in their own fictionalized life stories.Read more: On Facebook, young people can fool themselves into thinking they have hundreds or thousands of “friends.” They can delete unflattering comments. They can block anyone who disagrees with them or pokes holes in their inflated self-esteem. They can choose to show the world only flattering, sexy or funny photographs of themselves and publicly connect to movie stars and professional athletes and musicians they “like.”Read more:

Using Twitter, young people can pretend they are worth “following,” as though they have real-life fans, when all that is really happening is the mutual fanning of false love and false fame.
Using computer games, our sons and daughters can pretend they are Olympians, Formula 1 drivers, rock stars or sharpshooters. And while they can turn off their Wii and Xbox machines and remember they are really in dens and playrooms on side streets and in triple deckers around America, that is after their hearts have raced and heads have swelled with false pride for “being” something they are not.
Read more: http://www.foxnews.com/opinion/2013/01/08/are-raising-generation-deluded-narcissists/#ixzz2KB227p5o
Cooperative Institutional Research Program CIRP from http://www.heri.ucla.edu/cirpoverview.php

Border crossing mobile social media life-saving security tips

Ernest Staats

Border crossing mobile social media life-saving security tips