Security Alert: Wi-Fi Connections at Risk

As your Internet Service provider, EarthLink is committed to keeping you informed of important cyber security events being observed globally. Below our partner Symantec shares information regarding a recent vulnerability that impacts Wi-Fi networks and how you can protect yourself.

Security researchers1 have discovered a major vulnerability in Wi-Fi Protected Access 2 (WPA2). WPA2 is a type of encryption used to secure the vast majority of Wi-Fi networks. A WPA2 network provides unique encryption keys for each wireless client that connects to it.

The vulnerability, dubbed “KRACKs” (Key Reinstallation AttaCKs), is actually a group of multiple vulnerabilities that when successfully exploited, could allow attackers to intercept and steal data transmitted across a Wi-Fi network. Digital personal information that is transmitted over the Internet or stored on connected devices — such as driver’s license number, Social Security number, credit card numbers, and more — could be vulnerable. All of this personal information can be used toward committing identity theft, such as accessing bank or investment accounts without the users knowledge.

In some instances, attackers could also have the ability to manipulate web pages, turning them into fake websites to collect information or to install malware on user’s devices.

 What should you do?

Wi-Fi users should immediately update Wi-Fi-enabled devices as soon as a software update is made available. Wi-Fi enabled devices include anything that connects to the Internet — from laptops, tablets, and smartphones to other smart devices such as wearables and home appliances.

 Should you change your Wi-Fi password?

No. This vulnerability does not affect the password to your router’s Wi-Fi network. Regardless of if your Wi-Fi network is password protected, this new vulnerability still puts your data at risk because it affects the devices and the Wi-Fi itself, not your home router, which is what the password protects.

Are hackers already exploiting this vulnerability?

Not yet. But as with many newly discovered vulnerabilities, it is only a matter of time before hackers find ways to exploit this weakness to their advantage.

 What else can you do to help protect you connected devices while waiting for a software update?

Keep in mind that it may take some time for the manufacturer of your devices to come up with a security patch. In the meantime, there are extra steps you can take to help secure your devices.

We strongly recommend that you install and use a reputable VPN such as Norton WiFi Privacy on all your mobile devices and computers before connecting to any Wi-Fi network. By using a secure virtual private network (VPN) on your smartphones and computers, your web traffic will be encrypted and your data will be safe from interception by a hacker.  A VPN creates a “secure tunnel” where information sent over a Wi-Fi connection is encrypted, making data sent to and from your device more secure.

Norton WiFi Privacy uses the same encryption technologies that leading banks deploy, so you can rest assured that your information stays secure and private. You can also browse anonymously and protect your privacy with Norton WiFi Privacy. You can mask your online activities and location with this no-log VPN that encrypts your personal information but never stores your online activity or location.

Additionally, only using HTTPS-enabled websites means your web traffic will also be encrypted by SSL and may be safer from this vulnerability. HTTPS browsing adds an extra layer of security by using encryption via the website you are visiting.

To Learn More go to: http://www.earthlink.net/software/staysafe.html?tab=wifiprivacy or call 1.866.610.0862

_______________________________________________________________

Symantec is an EarthLink partner. @2017 Symantec Corporation. All rights reserved.

 

1 https://www.krackattacks.com

Identity Theft Prevention & Identity Theft Response

By Ben Halpert, Founder Savvy Cyber Kids, an EarthLink partner

savvylogo

Technology and convenience go hand-in-hand, right? It’s true. We can now conduct our personal and professional business activities online in ways that hardly could have been imagined even just a few years ago. But, like with everything else, there is a price to pay for added convenience. And in this case, there are very real threats to security when putting your private information online…a necessary step to accessing technology conveniences.

Unfortunately, identity theft — where personal information such as your full name or social security number is stolen to commit fraud — is more common than we like to admit. Your identity allows a criminal to fraudulently apply for credit, file taxes, get your tax refund or get medical services, resulting in your credit status being negatively affected. You will spend both a painfully significant amount of time and money trying to restore your good name, with your ability to manage your finances severely hampered in the meantime.

When you imagine these crimes committed against you or your loved one, you realize the seriousness, beyond inconvenience and closer to life-changing consequences, of identity theft. If you – and who could blame you – have adopted technology conveniences, it’s time to also pay attention to what you should be doing to prevent identity theft.

  • Order your credit report once a year and review to be certain that it doesn’t include accounts that you have not opened. Check it more frequently if you suspect someone has gained access to your account information.
  • Keep your social security number (SSN) secure. Don’t carry your social security card in your wallet or write your number on your checks. Only give out your SSN when necessary. In reality, there are few situations when you must share this information. Just because you are being asked to provide your social security number does not mean that you NEED to provide it!
  • Don’t respond to unsolicited requests for personal information (your name, birthdate, social security number, or bank account number) by phone, mail, or online. Again, just because someone is asking does not mean you need to answer. In fact, if someone is asking for these kinds of personal information, that is a red flag. Use a critical eye and stop to ask yourself what is really going on.
  • Keep your private information just that, PRIVATE! Shred receipts, credit offers, account statements, and expired cards. Store personal information in a safe place at home and at work. Make sure others cannot see you typing your passwords on computers and at ATMs.
  • Keep your personal mail safe. Collect mail promptly. Ask the post office to put your mail on hold when you are away from home for several days. Consider getting a locking mailbox.
  • Take the time to pay attention to financial transaction details. Be aware of your billing cycles. If bills or financial statements are late, contact the sender. Review your receipts and compare receipts with account statements, looking out for unauthorized transactions. You can also consider switching to electronic statements.
  • Get tech savvy by installing security protection software on your home computer.
  • Create complex passwords that identity thieves cannot guess easily. Enable 2-factor verification on your password-protected online accounts. Change your passwords with regularity, and when a company that you do business with has a breach of its databases
  • Prevent medical identity theft by guarding your social security, Medicare, and health insurance identification numbers. Only give your number to your physician or other approved health care providers – and only when they absolutely require it! Review your explanation of benefits to make sure that the claims match the services you received. Request and carefully review a copy of your medical records for inaccuracies and conditions that you don’t have.

The worst part is that you may not know that you are the victim of ID theft until you experience a catastrophic financial consequence, like unexplained significant bills, aggressive collections or denied loans when you are depending on additional credit. Suddenly, technology will be not so convenient anymore! Identity theft is a faceless crime. You will have no idea who is doing this to you and they will, no doubt, give you little thought as they rampage your life. Yet the consequences of this crime are scars that will mark its victim for years to come.

This is no more true than in the case of Child Identity Theft, where a child’s identity is stolen and might go undetected for many years, resulting in incredible damage by adulthood. This is why I recommend setting security freezes for the entire family. The reality is that credit monitoring services are not enough. Someone can still open an account in your name and ruin your credit history. Encourage all of your family members to contact each of the three credit reporting agency’s (TransUnion, Equifax and Experian) and place a security freeze on your credit files. With the security freeze on your credit file, no one can open a new account (take out a mortgage, a car loan or other financial commitment on your behalf) unless they have your secret pin.

If you are a victim of identity (ID) theft, report it immediately to the FTC, online or by phone at 1-877-438-4338. Visit https://www.identitytheft.gov/Steps to report it and get a personalized recovery plan. This is a terrific user-friendly site that will walk you through the steps of recovering your identity. Once you file the ID theft with the FTC, you will have an ID theft affidavit. Print and take the ID theft affidavit with you to file the crime with the local police. The ID affidavit and your police report are your identity theft report. Your identity theft report will be very important as you resolve the problem with creditors, banks, and any other companies where fraudulent accounts were set up in your name.

You may also report specific types of identity theft to other agencies:

  • Tax Identity Theft – Your social security number is used to falsely file tax return, typically to get a tax refund or a job. Be aware, the IRS DOES NOT initiate contact with a taxpayer by sending an email, text, or social message requesting personal or financial information. Should you get an email that claims to be from the IRS, do not reply or click on any links. Your fear of this crime can be used against you via email scams that falsely alert you to a crime and seek your personal information that will later be used to steal from you. Instead, you should report it to the IRS and your state’s Department of Taxation or Revenue. File a report with the Federal Trade Commission (FTC). You can also call the FTC Identity Theft Hotline at 1-877-438-4338 or TTY 1-866-653-4261. Respond immediately to any IRS notice; call the number provided. If instructed, go to the Identity Verification Service. Complete IRS Form 14039, Identity Theft Affidavit; print, then mail or fax according to instructions. Continue to pay your taxes and file your tax return, even if you must do so by paper.
  • Medical Identity Theft – Your Medicare ID or health insurance member number is used to get medical services, or to issue fraudulent billing to your health insurance provider. If you believe you have been a victim of medical identity theft, call the Federal Trade Commission at 1-877-438-4338 (TTY: 1-866-653-4261) and your health insurance company’s fraud department. You can create a complaint form with the details of your experience at IdentityTheft.gov to share with them and with law enforcement. If you suspect that you have been the victim of Medicare fraud, contact the U.S. Department of Health and Human Services’ Inspector General at 1-800-447-8477.

In addition to federal government agencies, you should also report the theft to other organizations, such as:

  • Credit Reporting Agencies – Contact the three major credit reporting agencies to place fraud alerts (or freezes on your accounts if you have not done this important preventative step so that no one can apply for credit with your name or social security number). Get copies of your credit reports, to be sure that no one has already tried to get unauthorized credit accounts with your personal information.
  • Financial Institutions – Contact the fraud department at your bank, credit card issuers and any other places where you have accounts. You may need your ID theft reports from the police and Federal Trade Commission in order to report the fraud.
  • Retailers and Other Companies – You will also need to report the fraud to companies where the identity thief created accounts, opened credit accounts, or even applied for jobs in order to clear your name.
  • State Consumer Protection Offices or Attorney General – Your state may offer resources to help you contact creditors, dispute errors and other helpful resources.

If you need more help — and I hope you take the steps to ensure this never happens to you — the Federal Trade Commission offers a publication, Taking Charge – What to do if Your Identity is Stolen that shares detailed tips, checklists, along with sample letters.

___________________________________________________________________

Savvy Cyber Kids educates and empowers digital citizens, from parents and grandparents, to teachers and students. Sign up for their free resources to help you navigate today’s digital world with cyber ethics.

So you want to meet up with someone you met online… Taking the Stranger Danger discussion to the next level

By Ben Halpert, Founder Savvy Cyber Kids, an EarthLink partner

savvylogo

Today’s children are considered ‘Digital Natives’ because they were literally born into a world defined by technology, but are actually “Digital Naives.” Without intervention, children completely lack an understanding of the implications of their digital actions.

We tell kids that they should NEVER meet-up with a person they met online and that someone you don’t know in real life is ALWAYS a stranger (because you can’t confirm who they really are). But, let’s face it, the internet is about making connections.

From dating sites to Craigslist and special interest chat groups, adults regularly make online connections that turn into physical world connections. At some point, children will have legitimate reasons to make these connections too. Even if that some point is when they go off to college, the adults in children’s lives need to model behavior that ensures safety in the digital world. Here are tips for staying safe when meeting and talking to unknown people online.

While you can never guarantee anything you do will keep you 100 percent safe, there are certain precautions you should consider if you really want to meet up with someone you met via tech.

  • Ask them to Facetime, use Google Hangouts, or another social media app with live chat. If they refuse or can’t for some reason, ask them to send you a selfie with something that shows the day’s date and time. If they also refuse to do this or can’t send a selfie, do not meet up with them! Ask yourself, why would they be refusing to prove who they really are?

But is this enough to keep you safe? Unfortunately not.

Woman charged in DeKalb dating app murder to face judge

The details of this story are disheartening. After they met online, they spoke on the phone and they live streamed. He verified it was really her before agreeing to meet-up in real life. And he brought someone with him for extra safety. And despite these precautions, he is now dead because he met up with a stranger he met online.

So let’s add the most important safety tip….

  • When you arrange to meet-up NEVER go alone and be sure to meet-up in a PUBLIC PLACE.
  • Tell the person that “I’m bringing along my friend (or insert name of trusted adult) too. Just giving you a heads-up! If you are as paranoid as me and you have someone coming too, they could sit together!”

If you are under the age of 18, these are not merely suggestions. You MUST bring a trusted adult with you IF this trusted adult APPROVES of the meet-up.

If any of your plans are not accepted by your “new online friend”, STOP COMMUNICATING. Time to go into BLOCK mode on your accounts for this “person.”

There is one TRUTH you need to remember. Parents, teach your children this! When meeting and talking to unknown people online, your safety and comfort should be important to them. It will be important to any good person you meet online who wants to meet up IRL.

The reality is that it’s a dangerous world out there. Even following these tips cannot guarantee your safety.

Don’t be the next headline. Talk to the trusted adults in your life, use good judgement and stay safe out there.

___________________________________________________________________

Savvy Cyber Kids educates and empowers digital citizens, from parents and grandparents, to teachers and students. Sign up for their free resources to help you navigate today’s digital world with cyber ethics.

Protecting yourself from spammers

By James Burns, Product Manager

Spam continues to be one of the great banes of the internet age.  Billions of dollars are spent every year to fight spam.  Despite that great expenditure, there are many things you can do to help fight spam.  Having a strong password will prevent spammers from gaining access to your account and using it to message others.  Not responding to spam will prevent spammers from confirming your address is a legitimate email that can be spammed later.  You can also take advantage of the tools EarthLink offers you to combat spam.

Utilize EarthLink’s spamBlocker to identify and block spam before it gets in your Inbox.  EarthLink spamBlocker provides two different levels of spam prevention.  Known spam blocking uses various methods to identify and block common types of spam.  Messages flagged as spam are moved to a self-cleaning Known Spam folder in WebMail.  By default, Known Spam is deleted immediately, but you can change the settings if you would like the opportunity to review these messages before they are deleted.

EarthLink’s spamBlocker also offers a Suspect Email option that offers a much stronger way to manage spam.  The Suspect Email option compares all inbound mail to the addresses in your WebMail Address Book.  If the sender is not in your Address Book, the message will be moved to the Suspect Email folder in WebMail.  While a very strong option, Suspect Email requires you to closely monitor and review email in the Suspect Email folder.  When a new message comes in from someone you want to be able to email you in the future, you will need to add that sender to your Address Book.  Suspect Email makes it easy to move an email to your inbox and add the sender to your Address Book.

A third unique option offered by EarthLink is our Anonymous Email product.  Anonymous Email gives you up to 10 temporary use email addresses that you can use to sign up for websites where you are concerned you may get spammed later.  These addresses are listed in WebMail as individual inboxes and can be deleted and replaced if they start getting spammed.  You can add Anonymous Email addresses in your WebMail Preferences section.