Keeping your wallet safe from the security-ridden online jungle

With all the financial site security breaches today, one would think the safest place to keep your money is under your mattress.

Not really… it wouldn’t grow, and if you ever had an old fashioned home break-in, your personal stash would be gone forever.

Besides, today’s banks do a pretty good job of stopping suspected credit card fraud and cover you for losses as has been my case with Visa, twice in the past year.

How concerned should you be when you hear about major big security breaches like last week’s news of a regulatory filing by JP Morgan Chase revealing that contact information for 76 million households and 7 million small businesses was compromised in an online data breach initially reported in August?

Although this involved names, addresses, phone numbers and email addresses, it appears more critical account numbers, passwords, birthdates, user IDs, and Social Security information was not accessed.

Still one can’t stop thinking about the “all things Internet” dark side where nothing seems as safe as we thought or led to believe.

Four out of 10 folks worldwide are online, so it’s important not to take Internet safety for granted. For a live count, click here.  

Still, after more than a decade of targeted education, advertising, press and easily found safety tips, today’s users live in the dangerous side of Internet practices.

View image in full screen

CANADIAN’S BAD INTERNET HABITS

The recent 2014 Canadian Norton Cyber Survey polling 1,000 Canadians over 18 years has surprising results.

• 30 per cent of Canadians surveyed don’t have security software on their devices.
• 14 per cent of Canadians (approximately three million people, when applied to the Canadian population) have lost an hour of their time dealing with a computer virus in the last year.
• 22 per cent of Canadians admitted that they have fallen victim to online threats on their personal devices in the last 12 months.
• Twice as many people report having a virus on their home computer/personal mobile device than their work computer/mobile device.
• Almost 30 per cent of respondents said they take their work home, and use their own computers to do it. Given that more than a third of Canadians don’t have any security software on their PC, and have proven to not follow best practices – this could mean corporate information is at risk.
• Despite understanding the risks of connecting to public unsecured Wi-Fi, including the possibilities of being hacked or having personal information breached, more than half of Canadians have connected to public Wi-Fi in the last 30 days using both personal (58.5%) and work (57%) devices, and 21 per cent haven’t password-protected their home Wi-Fi connection.
• About 20 per cent of Canadians are engaging in risky behaviour with their passwords.
• One in five Canadians have shared their work and banking passwords.
• One in four Canadians have shared the password to their personal email – which is often referred to as the key to an individual’s digital kingdom. As Individuals often receive an email to their personal account when resetting passwords, it means that any of those accounts could potentially be compromised if their personal email is accessed

HOW BAD IS IT?

Kaspersky Labs recent second quarter reporting the company’s ongoing battle to stave off the bad online folks are revealing:

• Kaspersky Lab products detected and neutralized a total of 995,534,410 threats in the second quarter of 2014.
• 354,453,992 attacks launched from online resources located all over the world were repelled.
• 57,133,492 unique malicious objects: scripts, web pages, exploits, executable files, etc.were detected in the last quarter.
• 145,386,473 unique URLs were recognized as malicious
• 39% of neutralized web attacks were carried out using malicious web resources located in the US and Germany.
• There were 528,799,591 virus attacks on users’ computers. A total of 114,984,065 unique malicious and potentially unwanted objects were identified in these incidents.
• In Q2 2014, 927,568 computers running Kaspersky Lab products were attacked by banking malware.
• A total of 3,455,530 notifications about attempts to infect those computers with financial malware were received.

The goings on of big banking security breaches sound more like a Hollywood heist movie. This summer, Kasperksy Labs uncovered a professional online heist worth more than half a million Euros dubbed “The Italian and Turkish Job.” It affected about 190 victims mostly located in Italy and Turkey. Check part of Kaspersky’s take:

”The fraudulent campaign targeted users of a single bank…we believe criminals used a banking Trojan performing Man-in-the-Browser operations getting credentials of their victims through a malicious web injection… the malware stole usernames, passwords and OTP codes in real time…performing automatic transactions to pre-set money mule accounts.”

What? You would think us consumers don’t stand a chance.

Well. We actually do, by adopting better computer/mobile/online practises.

Even big companies with a good security track record can take missteps on new assumingly safe online features. Like Apple’s iCloud loophole that allowed access to personal stored  photos of famous entertainers.

Even the new iPhone 6 is getting its share of security bashing. According to a recent CNET Seth Rosenblatt’s story the iPhone 6 fingerprint marginally tightened reader security on the Touch ID fingerprint reader is not enough, according to Marc Rogers, chief security researcher at Lookout Mobile Security. He recommends in addition to Touch ID, Apple should employ a second authentication factor — such as a PIN, password, or pattern for its upcoming Apple Pay.

You don’t have much control if your financial institution or store chain is hacked for your personal information. But it’s annoying when you have to change, user names, passwords and credit cards. The following tips, easily found on popular security software websites, are useful when you are online.

View image in full screen

MONEY WISE TIPS FROM THE PROS

-Don’t assume links are genuine. When you need to visit an online bank, a retailer, or a payment website, you should manually type in the URL – instead of clicking on a link. Or download the banking mobile application and icon to click on. Clicking to the bank’s mobile site is safer than going through the full page site for desktops.

-Do not visit websites by clicking on: Links in emails, messages on social network sites or chat rooms, banner ads on suspicious websites or links sent to you by people you do not know

-Never respond to an email from a banking institution asking you to go to a link. This includes a very common email from what looks like the Canada Revenue Agency…not!

-Never send personal data in an email.

-Check suspicious characters on a site’s URL

-When inputting confidential data check for an encrypted connection shown by a locked icon in the browsers address bar or status bar. A secure connection will start with the letters ‘https”.

-Never use a public computer at airports or cafes for money transactions and never use public WiFi on your computer. If you have to, change your password as soon as you can afterword.

-Get a second credit card with a lower limit for your online transactions.

-Read customers feedback on new online merchant sites.

-If you lose your mobile phone used in financial transactions, call your bank.

-Find out the real goods about a retailers website by using whois.net/ It has all the web site’s information, history and ownership. Practice on a known site to become familiar.

-Update your version of software regularly on all your devices. This includes the operating system and the application updates, which thankfully, as a default are automatic.

-Security experts its safer to use your mobile phone in data mode instead of WiFi, which you should have turned off.

-Kaspersky warns Windows XP users (18 per cent of infections are on Windows XP) that the now unsupported OS (by Microsoft) although marginally protected by third party software, is easy pickings for hackers and is bound to get worse. Windows XP is still used by large organizations including Canadian airport check-in counters. But is safe in its own network, but not public ones.

-Apple iOS phones are safest, unless they are jail broken and Android phones have a user switchable setting that allow users to venture outside the protected Android Play store environment to other interesting but often questionable downloads. Kaspersky reports that although Russia takes first place on recorded malicious attacks on Android phones, Vietnam leads with 2.31 per cent of downloaded apps that users attempted to load as being malicious. Watch your kids!

Malerware traps often show up when searching for popular names. Jimmy Kimmel, comedian and late night host of Jimmy Kimmel Live, replaces Lily Collins (Mirror, Mirror) as McAfee’s most dangerous celebrity to search online. DJ Armin van Buuren takes the number two spot and Ciara, the third. For the eighth year in a row, McAfee researched popular culture’s most famous to reveal the riskiest personalities on the web. The McAfee Most Dangerous Celebrities^TM study revealed that an eclectic mix of comedians and musicians are among the most dangerous. Check out Intel owned McAfee Canada’s recent findings from Safeguarding the Future of Digital Canada in 2025 study on public predictions of life in 2025: http://mcaf.ee/59x1o

HOW TO BUY SECURITY SOFTWARE

View image in full screen

If you are a careful online user (see tips below) your last line of defense is installed and updated security software on all your devices There is no overall winning silver bullet title and their rated reviewer performance, including www.consumerreports.org are close to each other. Suffice to say, if you are on a budget, Avast! gets top points for free software but cannot match the big name makers like paid-for software from Kaspersky (green box) Norton Security (yellow box) and McAfee (red box). They excel in “zero-day” vulnerabilities, the ones that no one has known about before. Using artificial intelligence they can pro-actively help you the moment you wonder to potentially harmful online site after clicking the wrong item on a familiar page.

View image in full screen

They also are better at helping you start a crippled infected computer. But all can be annoying with pop-ups if you are a frequent user. Each, offering free trials, has minor advantages over each other but you can compare their offerings online:

http://www.kaspersky.com/multi-device-security#Feature1

http://ca.norton.com/norton-security-antivirus

http://home.mcafee.com/store/mcafee-livesafe and http://home.mcafee.com/store/total-protection

Hint: It’s often cheaper to start or upgrade with a store bought box on sale instead of online.