Don’t Leave Your Boarding Pass Behind

Airline Ticket_Boarding Pass

Holiday travel is upon us. Make sure you are protecting yourself in one simple way. Don’t leave your boarding pass behind. Don’t think people can retrieve information from it? Guess again. You boarding pass contains the following:

  1. Your Name
  2. Frequent Flyer Number and/or Rewards Number
  3. Member Status
  4. Additional Personal Information
  5. Sensitive Barcodes

Criminals who come across boarding passes can try and retrieve your reward points, which are just as valuable as money. Thieves can try and access your online profile with the information on your pass, and fill in any missing profile information by looking at social media profiles (birthdate, address, email address, etc.). When a thief obtains a victim’s reward login information they can personally use the points or sell the information on the Dark Internet.

In addition, there are sites today that criminals, and yourself, can decode data within barcodes. Airline barcodes contain additional personal information and record locators/record keys. This can give criminals access to your current travel itinerary and any future flights that are booked under your flyer number.

To prevent a thief from stealing your hard earned points and personal information follow these tips:

  1. Never leave your boarding pass behind and properly discard it after your flight
  2. Monitor your rewards account just like a bank account
  3. Use unique and strong passwords for all of your accounts
  4. Report suspicious activity or usage that you see on your rewards account

For additional information give us a call at 800-789-2720 or read Krebs on Security’s article.

Beware of Third Party Tablets

Tablet Amazon is making the news this month for selling tablets from third party budget manufactures in China. Why you may ask? These $40 tablets were pre-loaded with malware. The discovered Trojan horse, Cloudsota, allows hackers to remotely take control of the tablet, disable anti-virus applications, and engage in malicious activities without the owner’s permission. Researcher Cheetah Mobile believes that the hackers are in China and, as of now, there is no knowledge on how the malware was installed.

Thousands of people have purchased these infected products in 153 countries, with the United States, Mexico and Turkey being the most impacted.

If you have purchased an infected tablet, Cheetah Mobile has provided instructions on how to remove the malware from your tablet here.

Source: International Business Times

Surprise: You Have Fake “Friends”


By Paul Rockwell, Head of Trust & Safety at LinkedIn.

I’m regularly asked why a professional social network like LinkedIn needs a Trust & Safety team.  Like other user generated content platforms, we have a steady stream of actors that dampen the normal member experience.  One way that manifests itself is through members accepting connection requests from those they don’t know.

A recent study conducted by InfoArmor indicates that this isn’t unique to LinkedIn.  The study revealed that 10 percent of all social media users will friend someone they don’t know and their circle of friends don’t know.

For those under 30, the research uncovered another startling find: 53 percent will friend someone that they don’t know, but who has a connection with one of their existing friends.  The thinking is that because their friend has added the person, that friend must have exercised some level of due diligence in vetting them.

Unfortunately, that isn’t happening, and the act of friending someone you don’t know puts you and your other friends at risk.

“Why?” you ask?  Let’s start with privacy settings: 40 percent of those surveyed said they rarely or never check their privacy / sharing settings, even though they claim to have a high degree of familiarity with them.  That’s surprising, given how confusing the settings can be – especially on social networks, where some have overhauled the settings to make them more intuitive and easy to understand.

Having loose settings means you could be sharing your contact information (e.g. phone number, DOB, email address, employer, name/link to your significant other, etc.), places you frequent (via check-ins), photos of yourself/family/friends/home, where, when and with whom you vacation, and the list goes on – all with people you don’t know.

In order to steal an identity, blackmail, rob/assault/harass, and commit a host of other real-world crimes, all someone needs is to do is find a person with weak social media privacy settings!

This flow of data also exposes your real friends and family, since they’re trusting that you’ve vetted your connections, and as a result, a sizeable portion of your friends and family will accept an invitation from one of your new, fake friends.

Here are a few tips to help keep yourself protected:

Social Media Technology

  1. Revisit your privacy/sharing settings just to make sure you’re not sharing more than you want to with a broader audience.
  2.  If someone you don’t know wants to connect with you on a social network, don’t share personal details of your life with them!
  3.  If you’re an employer, take proactive measures to educate employees (start with on-boarding) about your company’s policies, then have open, honest and constructive conversations with those that deviate.


Remember that employers have some exposure related to the social media activities of their employees, too.  While roughly half of HR professionals surveyed in the InfoArmor study use social media to check the background of candidates, they don’t place a high level of importance on the activity, and implement almost no controls to regulate social media of the candidates once they’re hired.  Given 40% of the surveyed HR  professionals believe reckless social media activity by employees can cause significant damage their employer’s public image, one would expect more controls to be in place.

At the end of the day, I’m not advocating that you decline all friend/connection requests or that employers become big brother (although some regulated industries require this).  But given how widespread ID theft is today, the trend of accepting invites from someone you don’t know could open a Pandora’s box.  Educating yourself and only connecting with those you really know are the first steps in ensuring a greater sense of security for you and your network.

Paul Rockwell is head of Trust & Safety at LinkedIn.


Cyber Monday and Holiday Shopping Reminders

The ever so famous Black Friday, Cyber Monday, and additional online shopping for the holidays will soon be here. Having the convenience and ease of getting all your needs online can cause you to carelessly forget to protect yourself. Simple mistakes could alter the way your holidays fall out if you become a victim of identity or credit fraud.Cyber Monday

When online shopping this holiday season:

  • Check the credibility of the site you want to purchase from, read reviews, check their locations and review their contact information
  • Look for secure connections (https)
  • Do not use unsecure wireless networks to make online purchases
  • Use a credit cards verses a debit card and never send in cash or use money-wiring services for online purchases
  • Keep a copy of your receipts and compare them to your credit card statement
  • Watch out for phishing scams

The Dangers of Social Engineering

Social Engineering

Although fraudsters and scam artists have been around long before social media, they’re reinventing ways to procure information from innocent people. From trickery to misrepresentation, it’s easy to fall prey to these online swindlers, who collect information about you to “socially and personally” target you.

Get smart on the top six social engineering cons:

  1. The misplaced flash drive. Wow! You’ve just come across a flash drive that’s been dropped in your office parking lot. Think twice about plugging it into the company computer. It could be harboring malware that could infiltrate your company’s digital infrastructure.
  1. Most times phishing scams are easily identified given scammers’ sloppy grammar or vocabulary. But phishing is becoming much more sophisticated as emails are built to persuade you to click on a link or submit personal information. Beware of emails soliciting personal information!
  1. It’s from a friend. Social media platforms have made it easier than ever for scammers to access your information and use it to compromise your friends. Beware of suspicious emails containing attachments that your friends wouldn’t normally send.Phishing
  1. Ring-a-ling. While scams may originate on social media, hackers have used old-school methods to procure additional information. After finding your phone number, they’ll get to know you just enough from your social media profile and then call you up to see how much more you will reveal – passwords, credit card information, additional personal details. The sky’s the limit. If a caller starts asking for personal information, do not share personal information, but rather ask for their phone number and offer to call them back. Then research their claims and their number.
  1. Guard your email account. Think about what you store on email – it’s no doubt a treasure trove of information. From financial information to credit card numbers, email accounts are pay dirt for hackers. Set strong passwords, don’t use public Wi-Fi and monitor for any suspicious activity.
  1. Tech support calling. If you receive any unsolicited calls indicating you need technical support, be wary! Scammers call their victims pretending to be from a reputable company, investigating a malware attack. They try to persuade users to grant them remote desktop access. Once in, the sky’s the limit!

Source: http://www.cio/com/article/2884639/security0/7-social-engineering-scams-and-how-to-avoid-them.html

Risky Business—Who’s in Your Social Network?

In addition to being a place you can catch up with friends and share updates with your family, social media can also be a very scary place. As social media evolves, the effects of sharing information (especially too much information) in social channels still remain to be seen. A recent survey by InfoArmor revealed that although social media users cite crime and loss of privacy as their most feared outcomes of oversharing, they do little to protect themselves online.

Are you a statistic of sloppy social media use?

80% Acknowledge half or fewer or their connections are not true friends.

40% Rarely or never check their privacy settings.

41% “Friend” a user they don’t know based on a mutual connection.

2X More likely to have your social ID stolen if you’re a Millennial.Social Media Masks

Check out the full survey for more startling statistics on Americans social media use.

What can you do to protect yourself online?

An ounce of prevention is worth a pound of cure, especially when protecting your social footprint. Although we live in a time when identity fraud occurrence isn’t an if, but a when, you do have the power to reduce your risk of compromise:

  1. Be vigilant in checking your privacy settings on your social channels;
  1. Be cognizant of the consequences of posting highly personal or too much information, since information shared online can never truly be erased;
  1. Censor yourself. Only post information that would not be damaging to you in in the future; and
  1. Lead by example and teach children and teens not to overshare, and take ownership of your personal information online.

How savvy are employers when it comes to social media?

The answer is a surprising – not very! A recent survey among the HR community revealed that although HR and hiring managers acknowledge the dangers employees’ social media activities pose, firms are not adapting to address these impending threats. Consider that:

40% Cite damage to their companies as their greatest fear of employee social media use.

56%  Have a social media policy in place, but…

70% Don’t actively monitor their social media policy.

Young Group Social Media

When it comes to social media use, companies are trusting that their employees will not compromise themselves or their employers. In a world where the volume of information shared on social is

staggering, the potentially devastating effects of this laissez-faire approach should be keeping executive management up at night.

While educating employees about appropriate social media use is beneficial, employers should not only adopt strong social media policies, but also implement procedures to actively enforce the policies with clearly indicated consequences for inappropriate use.

Visit InfoArmor’s full survey for more information about social media trends in HR.

How Is Your Information Exposed on Social Media?

Social networking sites allow people to share personal information about their daily lives through posts, pictures, and now geo-locations. Every post or tweet you create is added to your digital blueprint, creating a summary of your online self. In addition, if your privacy settings are not up to date, nonexistent, or are loose, strangers or scammers can access your information. Once they have access, they can use it to create phishing scams targeted towards you through social engineering or guess typical security answers for your password/online accounts.

Take a minute to ask yourself a very important question: Do you expose too much information on social media? Let’s take a look at a few social engineering scam scenarios and measures you can take to protect your social profiles.

1. Jane is in line at her favorite retail store, XYZ Company. A stranger approaches her and says, “It’s Jane right? I know your brother Joe Smith! We all went to 123 High School together. It’s been forever, but last time I talked to him he mentioned you had a baby, congrats! Could you give me his email and phone number so I can get back in touch with him?” Jane happily agrees. Reality—the stranger is harvesting information on both Jane and her brother Joe to steal more personal information. The stranger was able to see Jane’s relationship to Joe, her recent photo upload of her baby, and the high school she attended, to create a broad but personal story. The stranger also knew Jane shopped at this store based on a recent post and what she looks like, so they could plan a “run in” with her.

ScreenHunter_299 Oct. 26 09.27

ScreenHunter_301 Oct. 26 09.27

ScreenHunter_297 Oct. 26 09.24

ScreenHunter_306 Oct. 26 09.28

ScreenHunter_307 Oct. 26 10.48

2. Jane receives an email from an unrecognized email address about her political candidate, Craig Sample, but it looks legitimate. They want support for his campaign and request a small donation of $5 to increase awareness on the candidate. Jane clicks on the link and inputs her credit card information. Reality—a scammer has made a phishing email based on Jane’s political preference post on her Facebook profile. Once she hits submit the scammer know has her credit card information and could also be downloading malware to her computer.ScreenHunter_302 Oct. 26 09.27

3. Jane creates a new passwords for her utilities account. She decides to make it easy to remember and simple, so creates it based on her anniversary date. For additional security, she creates security questions. She picks, “what is your pet’s name” and “what is your mother’s maiden name”. Reality—a fake connection on Jane’s friends has been collecting information on Jane, and knows that her mother’s maiden name is “Johnson” and her dogs name is “Fluffy”. The hacker can attempt to access her account.

ScreenHunter_298 Oct. 26 09.26

ScreenHunter_300 Oct. 26 09.27

ScreenHunter_307 Oct. 26 10.48





4. Jane gets a call from her previous employer Company ABC. The lady on the phone says, “Hi Jane, my name is Jeanette, I am calling on behalf Mr. Thomas, the Human Resources Manager. He wishes he could talk with you, but is busy with open enrollment. He asked me to ask how your husband John is doing. We are completing a company audit, and need to confirm some of your previous invoices. Before we begin can you confirm you social security number for me, so I know I’m speaking with Jane Doe”. Reality—the scammer has collected information through Jane’s social media profile (previous employer, phone number, husband, etc.) and a google search of the company to reveal past co-workers to obtain Jane’s social security number.

ScreenHunter_296 Oct. 26 09.24

These are only four scenarios that could happen based on Jane’s public information, but the possibilities go on. Make sure you are doing what it takes to help protect your social profiles by:

  1. Living online like a biography, not a diary
  2. Limiting the amount of personal information you share
  3. Cleaning out your social networks – only allow true friends to see your information
  4. Frequently updating your privacy settings
  5. Connecting with people you truly know- not just based on a mutual connection

CyberSmarts Webinar

Protecting you from one of the greatest threats of our time:


We are under attack. Billions of records are being breached. Anonymity doesn’t exist. Tax fraud is on the rise. Medical histories are public record.

Cyber enemies are armed with an arsenal of destructive weapons, pressing forward and gaining ground each day. So far this year, more than 500 large-scale breaches have occurred, compromising nearly 140 million records. These vicious assaults are claiming new victims at a rate of every two seconds in the United States.

It’s time to get CyberSmart.

Find out how to arm yourself with tools and knowledge to safeguard yourself, your family and your company from identity, password and social media compromises.

Introducing PasswordArmor

ArmorThe latest line of defense against identity thieves from privacy protection company InfoArmor.

LPv=6kuM<NWQ_1: The best passwords look like this, but who can remember them? It’s no wonder why most of us opt for “password,” our pet’s name or another common word. While these passwords may be easy to remember, they can open up our personal information to hackers.

Some other common mistakes: using the same password across many different websites, rarely or never changing passwords, and writing down passwords and letting our browsers save them.

Beginning 2016, InfoArmor will debut a new service to ensure that passwords are encrypted, safe and secure.

PasswordArmor will create strong, unique and secure passwords via an automatic password generator. Automatic passwords are like a block wall. Identity thieves who no longer will be able to access your personal information simply by guessing your password.

PasswordArmor employs the same encryption methods used by governments, the military and intelligence agencies to protect information classified as “top secret.” Specifically, PasswordArmor protects subscriber data with AES-256 encryption, hashing algorithms and hundreds of thousands of rounds of PBKSF2-SHA256 encryption. Data is encrypted on your own device and the encryption key never leaves it, making it hard for anyone to decrypt your data with your master password.

Learn all you can about protecting your identity during Cybersecurity Awareness Month, Oct. 1-31, and be sure to attend CyberSmarts, InfoArmor’s free webinar that shines a light on emerging fraud issues. If you are an individual, please attend our CyberSmarts webinar for consumers at 8 a.m. PST. If you are an employer, please attend our CyberSmarts webinar for employers at 11 a.m. PST.