fbpx

LastPass' new Security Dashboard gives users a complete picture of their online security

Knowing if your passwords have been leaked online is an important step to protecting your online accounts which is why LastPass has unveiled a new Security Dashboard which provides end users with a complete overview of the security of their online accounts.

The company's new Security Dashboard builds on last year's LastPass Security Challenge, which analyzed users' stored passwords and provided a score based on how secure they were, by adding dark web monitoring. The new feature is available to LastPass Premium, Families and Business customers and it proactively watches for breach activity and alerts users when they need to take action.

In addition to showing users their weak and reused passwords, the new Security Dashboard now gives all LastPass users a complete picture of their online security to help them regain control over their digital life and know that their accounts are protected.

Dark web monitoring

According to a recent survey of more than 3,000 global consumers conducted by LastPass, 40 percent of users don't know what the dark web is. The majority (86%) of those surveyed claimed they have no way of even knowing if their information is on the dark web.

LastPass' new dark web monitoring feature proactively checks email addresses and usernames against Enzoic’s database of breached credentials. If an email address is found in this 3rd party database, users will be notified immediately via email and by a message in their LastPass Security Dashboard. Users will then be prompted to update the password for that compromised account.

Vice president of product management, IAM at LogMeIn, Dan DeMichele explained why LastPass decided to add dark web monitoring to its password manager in a press release, saying:

“It’s extremely important to be informed of ways to protect your identity if your login, financial or personal information is compromised. Adding dark web monitoring and alerting into our Security Dashboard was a no brainer for us. LastPass already takes care of your passwords, and now you can extend that protection to more parts of your digital life. LastPass is now equipped to truly be your home for managing your online security – making it simple to take action and stay safe in an increasingly digital world. With LastPass all your critical information is safe so you can access it whenever and wherever you need to.”

[Source: This article was published in techradar.com By Anthony Spadafora - Uploaded by the Association Member: Anna K. Sasaki]

Categorized in Internet Privacy

A new study has shown that although they may protect your personal data, independent search engines display a lot more misinformation related to vaccines than internet giants, such as Google.

In 2019, the World Health Organization (Geneva, Switzerland) listed vaccine hesitancy as one of the top 10 threats to global health. The internet plays a huge role in this rise in negative attitudes towards vaccinations as misinformation continues to be published and widely spread, with many taking what they read online as fact.

Determined to fully evaluate the role of search engines in spreading this misinformation, an international research group conducted a study to monitor the amount of anti-vaccination resources returned in searches in different search engines.

Internet companies tracking and storing user’s personal data and monitoring their online behavior has left many internet users wary of internet giants and turning, instead, to independent search engines. The study, published in Frontiers in Medicine, focused on how the search engines’ approach to data privacy may impact the quality of scientific results.

“A recent report showed that (50%) of people in the UK would not take a Coronavirus vaccine if it was available. This is frightening – and this study perhaps gives some indication as to why this is happening,” remarked lead author Pietro Ghezzi (Brighton & Sussex Medical School, UK).

The researchers searched for the term “vaccines autism” in a variety of different search engines in English, Spanish, Italian and French. For each search the Chrome browser was cleared of cookies and previous search history. They then analyzed the first 30 results from all searches.

Vaccines being linked to autism is a concept inherited from a now discredited study published in 1998, linking the MMR vaccine to the development of autism. Despite the fact that countless studies have since been published since disproving the theory, the flawed findings are still shared as if fact by many.

The researchers discovered that alternative, independent search engines (Duckduckgo, Ecosia, Qwant, Swisscows, and Mojeek) and other commercial engines (Bing and Yahoo) display more anti-vaccination websites (10-53%) in the first 30 results than Google (0%).

Furthermore, some localized versions of Google (English-UK, Italian and Spanish) also returned up to 10% more anti-vaccination resources than the google.com (English-US).

“There are two main messages here,” Ghezzi summarized. “One is to the Internet giants, who are becoming more responsible in terms of avoiding misinformation, but need to build trust with users regarding privacy because of their use of personal data; and the other is to the alternative search engines, who could be responsible for spreading misinformation on vaccines, unless they become better in their role as information gatekeepers. This suggests that quality of the information provided, not just privacy, should be regulated.”

The researchers concluded that search engines should be developing tools to test search engines from the perspective of information quality, particularly with health-related webpages, before they can be deemed trustworthy providers of public health information.

[Source: This article was published in biotechniques.com - Uploaded by the Association Member: Eric Beaudoin]

Categorized in Internet Search

At the beginning of August 2019, a young white man entered a Walmart in El Paso, Texas, and opened fire with an AK-47-style rifle ordered online, killing 22 people and injuring 25 more. Less than an hour after the shooting was reported, internet researchers found an anti-immigrant essay uploaded to the anonymous online message board 8chan. Law enforcement officials later said that before the shooter opened fire, they were investigating the document, which was posted minutes before the first calls to 911. The essay posted on 8chan included a request: “Do your part and spread this brothers!”

That was the third time in 2019 that a gunman posted a document on 8chan about his intent to commit a mass shooting. All three of the pieces of writing from shooters posted online that year were loaded with white supremacist beliefs and instructions to share their message or any video of the shooting far and wide. The year prior, a man who entered into a synagogue outside of Pittsburgh and opened fire was an active member of online forums popular amongst communities of hate, where he, too, signaled his intent to commit violence before he killed. In 2017, the deadly Unite the Right rally in Charlottesville, Virginia, was largely organized in online forums, too. And so it makes sense that in recent years newsrooms are dedicating more reporters to covering how hate spreads over the internet.

Online hate is not an easy beat.  First off, there’s the psychological toll of spending hours in chat rooms and message boards where members talk admiringly about the desire to harm and even kill others based on their race, religion, gender and sexual orientation. Monitoring these spaces can leave a reporter feeling ill, alienated and fearful of becoming desensitized. Secondly, some who congregate in online communities of hate are experts at coordinating attacks and promoting violence against those who they disagree with, including activists and journalists who write about them. Such harassment occurs both online and offline and can happen long after a report is published.

Consider a case from my own experience, where my reporting triggered a harassment campaign. In February 2019, I published an investigation of an e-commerce operation that Gavin McInnes, founder of the far-right men’s group the Proud Boys, whose members have been charged with multiple counts of violence, described as the group’s legal defense fund. During the course of my reporting, multiple payment processors used by the e-commerce site pulled their services. In the days after the article published, I received some harassment on Twitter, but it quickly petered out. That changed in June, after the host of a popular channel on YouTube and far-right-adjacent blogger Tim Pool made a 25-minute video about my story, accusing me of being a “left-wing media activist.” The video has since been viewed hundreds of thousands of times.

Within minutes of Pool’s video going live, the harassment began again. A dozen tweets and emails per-minute lit up my phone — some included physical threats and anti-Semitic attacks directed at my family and myself. A slew of fringe-right websites, including Infowars, created segments and blog posts about Pool’s video. I received requests to reset my passwords, likely from trolls attempting to hack into my accounts. Users of the anonymous message board 4chan and anonymous Twitter accounts began posting information directing people to find where I live.

What follows is general safety advice for newsrooms and journalists who report on hate groups and the platforms where they congregate online.

Securing yourself before and during reporting

Maintain a strong security posture in the course of your research and reporting in order to prevent potential harassers from finding your personal details. Much of the advice here on how to do that is drawn from security trainers at Equality Labs and Tall Poppy, two organizations that specialize in security in the face of online harassment and threats, as well as my own experience on the beat. It also includes resources that can help newsrooms support and protect reporters who are covering the online hate beat.

1.  Download and begin using a secure password manager. A password manager is an app that stores all your passwords, which helps with keeping and creating complex and distinct passwords for each account. With your password manager change or reset all your passwords to ensure you’re not using the same password across sites and that each password is tough to crack. You probably have more online accounts than you realize, so it might help to make a list. When updating passwords, opt for a two-factor authentication method when available. Use a two-factor authentication app, like Google Authenticator or Duo, rather than text messages, since unencrypted text messages can easily be compromised. 1Password is the password manager of choice for the experts both at Tall Poppy and Equality Labs.

2.  Search for your name on online directory and data broker sites like White Pages and Spokeo, which collect addresses and contact information that can be sold to online marketers, and request your entries be removed. Online harassment campaigns often start with a search of these sites to find their target’s home address, phone number and email. Many data broker sites make partial entries visible, so it’s possible to see if your information is listed. If it is, find the site’s instructions for requesting removal of your entry and follow the directions. Do the same for people who you live with, especially if they share your last name. There are also services that can thoroughly scrub your identifying information from dozens of online directories across the web for you, like Privacy Duck, Deleteme and OneRep.

3. Make aliases. If you have to create an account to use a social media site you’re researching, consider using an alternate email address that you delete or stop using after the course of reporting. Newsroom practices vary, so if your username must reveal who you are per your employer’s policy, check with your editor about using your initials or not spelling out your publication in your username. It’s easy to make a free email address using Gmail or Hotmail. ProtonMail also offers free end-to-end encrypted email addresses.

4. Record your interactions with sources, as they may be recording their interactions with you. Assume every interaction you have is not only being recorded but might also be edited in an attempt to harass you or undercut your work. During one story I worked on about a hate-friendly social network, an employee of the website I interviewed recorded the interview, too. The founder of the site wasn’t happy with my report and proceeded to make a Periscope video of him attempting to discredit the story by replaying my interview, courting thousands of views. If you’re at a rally, bring spare batteries and ensure you have enough space on your phone to record your interactions or have a colleague with you so you can record each other’s interactions, which help if you need evidence to discredit attempts to discredit you. Importantly, before you record any interview, check if the state you’re reporting from has a two-party consent law, which requires that both parties on the call consent to being recorded and may require you to alert your interviewee that you’re recording the call.

5. Use a Virtual Private Network (VPN) to visit the sites you’re investigating. VPNs hide where web traffic comes from. If you’re researching a website and visiting it frequently, your IP address, location or other identifying information could tip off the site’s owners that you’re poking around. Do your research, as some VPN services are more trustworthy than others. Equality Labs recommends using Private Internet Access. Wirecutter also has a good selection of recommended VPNs.

6. Tighten your social media privacy. Make sure all your social media accounts are secured with as little identifying information public as possible. Do a scan of who is following you on your personal accounts and ensure that there isn’t identifying information about where you live posted in any public place or shared with people who may compromise your safety. Consider unfriending your family members on social media accounts and explain to them why they cannot indicate their relationship to you publicly online. Likewise, be aware of any public mailing lists you may subscribe to where you may have shared your phone number or address in an email and ask the administrator of the email list to remove those emails from the public archive.

7. Ask your newsroom or editor for support. “Newsrooms have a duty of care to their staff to provide the tools that they need to stay safe,” says Leigh Honeywell, the CEO of Tall Poppy. Those tools may include paying for services that remove your information from data broker sites and a high-quality password manager. If your personal information does begin to circulate online, your newsroom should be prepared to contact social media platforms to report abuse and request the information be taken down. Newsroom leadership could also consider implementing internal policies around how to have their reporters’ backs in situations of online harassment, which could mean, for example, sifting through threats sent on Twitter and having a front desk procedure that warns anyone who answers the phone not to reveal facts such as whether certain reporters work at the office.

After publishing

If you do face harassment and threats online after your report is published, you may want to enlist the help of an organization that specializes in online harassment security. Troll storms usually run about one week, and the deluge on Twitter and over email usually lasts no more than a few days. Take space from the internet during this time and be sure your editors are prepared to help monitor your accounts should you become a target of harassment.  

1. Ask someone to monitor your social media for you. Depending on the severity and cadence of the harassment that follows publication, you may wish to assign a trusted partner, an editor or a friend, to monitor your social media for you. Often the harassment is targeted at journalists via social media accounts. It can be an extremely alienating experience, especially if consumed through a smartphone, because no one fully sees what’s happening except the person targeted. During these moments, it’s best to step away from social media and not watch it unfold. This is often hard to do, because it’s also important to stay aware of incoming threats or attempts to find your home and family. Whoever is monitoring your social media should report accounts that send harassment, threats, obscenities and bigotry.

2. Don’t click on links from unknown senders. If you receive a text message from an unknown number or an email to reset a password, do not click on any links or open any attachments. Likewise, consider only opening emails in plain-text mode to ensure photos and malicious files do not download automatically. Be extra careful about links in text messages, as it’s rare for a password reset to come through a text message and it could be an attempt to verify your phone number by a harasser or to install malware on your phone. If you get suspicious texts or emails, contact whoever you consult for security.

3. Google yourself (or ask someone you trust to Google your name for you). When the harassment begins, someone should be checking social media and anonymous websites, like 4chan, Gab.ai and 8kun, which is how 8chan rebranded in 2019, for mentions of your name, address, phone number and portions of your address. 4chan and Gab.ai have policies against posting personal information, like emails, physical addresses, phone numbers or bank account information — a practice called doxing — and should remove identifying content when requested. Twitter, Facebook, LinkedIn and more popular social networks do, too. Also, set a Google alert for your name to see if you’re being blogged about. If you or your newsroom can afford it, consider working with a security expert who knows how to monitor private Discord chat groups, private Facebook groups, 8kun, Telegram and other corners of the internet where harassment campaigns are hatched.

4. Know when to get law enforcement involved. If a current or former address of yours begins to emerge online or if you’re receiving threats of violence, call your local police non-emergency line and let them know that an online troll may misreport an incident in the hopes of sending a team of armed police to your home — a practice known as swatting. Local police might not be accustomed to dealing with online threats or have a swatting protocol, but it’s worth making a call and explaining the situation to ensure that unnecessary force is not deployed if a fraudulent report is made.

5. Save your receipts. Check your email, check your bank account, and don’t delete evidence of harassment. If you receive emails that your passwords for online accounts are being reset, do not click on or download anything. Save all emails related to the harassment, too, as you may wish to refer to them later to see if a pattern emerges. The evidence might also be important if you need to prove to a business or law enforcement that you were the subject of a targeted campaign. Continue to monitor your bank account to ensure that fraudulent charges aren’t made and that your financial information is secure. Unfortunately, hacked credit cards and passwords abound online. You may decide to call your bank after being harassed and ask for a new debit card to be issued.

6. Let other journalists know what you’re going through. Remember, while it’s important to stay physically safe, the emotional toll is real, too. There’s no reason to go through online harassment alone. Don’t hesitate to reach out to other journalists on your beat at different publications to let them know your situation. Stronger communities make for safer reporting.

Read More...

[Source: This article was published in journalistsresource.org By April Glaser - Uploaded by the Association Member: Deborah Tannen] 

Categorized in Investigative Research

 Threat intelligence firm KELA shared a list of more than 900 Pulse Secure VPN enterprise server usernames and passwords with ZDNet, which a hacker had posted on the dark web in plain text.

The usernames and passwords, as well as IP addresses, from more than 900 Pulse Secure Virtual Private Network enterprise servers were posted in plain text on the dark web by a Russian-speaking hacker, first reported by ZDNet.com, which obtained the list with help from threat intelligence firm KELA. 

The list contained Pulse Secure VPN server firmware version, SSH server keys, all local users and password hashes, administrator account details, previous VPN logins with cleartext credentials, and session cookies.  

The authenticity of the list was verified by multiple cybersecurity sources. Further, the list was published on a forum frequented by popular ransomware threat actors, such as REvil and NetWalker. 

The leak was first discovered by researchers from Bank Security, which observed that the VPN servers listed by the hacker were operating with the firmware version that contained the CVE-2019-11510 vulnerability patched by Pulse Secure in early 2019. 

The Department of Homeland Security and other security researchers have repeatedly urged organizations to patch this critical vulnerability, as hackers continued to target the flawThose targeted attacks continued through January 2020. 

And in April, DHS warned that hackers were using stolen credentials to crack into enterprise networks through the Pulse Secure VPN, even if the vulnerability was patched. 

To find vulnerable VPNs, it appears that the hacker who compiled the list scanned the internet IPv4 address between June 24 and July 8, 2020 and leveraged the known vulnerability to access servers. Then, the threat actor gathered the server details and credentials, collecting the data into a central repository. 

Reviewing the list, it appears that 677 companies failed to patch the Pulse Secure VPN vulnerability. 

VPNs are one of the most common, secure methods used to remotely connect to the network. But as remote connections and telehealth use expanded amid the COVID-19 pandemic, the threat landscape has become much more complex. 

Pulse Secure CMO Scott Gordon told HealthITSecurity.com in March, that in healthcare, providers need to be employing endpoint protection and modern VPN solutions “where you’re encrypting communication session between the device and the data between the practitioner’s devices and application.” 

Since you are now expanding VPN use to more sets of employees contracts and affiliates you should for sure that the VPN software is up to date and current to eliminate the potential VPN vulnerabilities,” Gordon said, at the time. “They’ve essentially broadened the attack surface. Every end user accessing information and resources are now part of their attack surface, and they want to do everything they can now that they've added greater accessibility.” 

To Laurence Pitt, Global Security Strategy Director, Juniper Networks, its unacceptable that organizations failed to patch the vulnerability more than a year after a fix was provided, which allowed for cleartext data dump to occur. 

Further, security researchers have repeatedly provided proof-of-concept data that showed just what could occur if the enterprise left the vulnerability exposed.   

“The lesson learned here? Patch, patch, patch,” Pitt said in an emailed statement. “The data published lists only 900 servers. What we do not know is how many more have not been released – or, which of these could be sensitive servers that are now being poked and prodded in planning for a bigger attack.  

If you are running an older version of code on a service as critical as the VPN is today, then find the latest version and get that upgrade planned, he added.

Healthcare organizations should review insights recently provided by the National Security Agency to better understand the risk and best practice methods to secure VPNs, telework, and other remote sites.

[Source: This article was published in healthitsecurity.com By Jessica Davis - Uploaded by the Association Member: Jeremy Frink]

Categorized in Deep Web

Privacy on the internet is very important for many users, to achieve this they resort to TOR or a VPN. ButWhich is better? What are the advantages of using one or the other? In today’s article we are going to see in detail all the advantages and disadvantages that both have.

If we talk about internet privacy, generally the common people do not pay much attention to it. They have all their data in their Google accounts, they log in anywhere, their social networks are not configured to protect their privacy.

We could be giving examples all day. But what can happen if I expose my data in this way? The simple answer? Anything.

From attacks by cybercriminals, to the surveillance of different government agencies, limitation of access to websites, etc. Anything can happen, since information is one of the most powerful tools you can give to a company or individual.

When we surf the internet in a normal way, so to speak, we are never doing it anonymously. Even the incognito mode of the most popular browsers is not an effective method to achieve this.

It is precisely by this method that many users decide use a VPN or browse through Tor. The two systems are very good for browsing the internet anonymously, although their differences are notorious and we will mention them below.

Main advantages of using a VPN network

Explaining the operation of a VPN network is quite simple: it adds a private network to our connection. In short, the VPN network takes our connection, takes care encrypt it and then send it to the destination server.

The way it works is too simple, at least in a basic way. Instead of directly entering a website, we first go through an intermediate server and then enter the destination site through this intermediate server.

Using a VPN network is highly recommended for those who connect to the internet from public WiFi networks. Also, one of the great advantages it has is that you can camouflage your real location.

Let’s pretend you are in Argentina, but the VPN server works in the United States. All the websites you access will believe that you are precisely in the United States. Which comes in handy to bypass any kind of content blocking on the internet.

Main advantages of using Tor

The idea of ​​Tor is to keep the user anonymous at all times when browsing the internet. To get it, our information passes between a large number of nodes before we can see the website. In this way, it is not possible to determine our location and our connection information such as IP.

Although, it is a reliable system that improves our privacy on the internet. In reality, browsing completely anonymously is not possible and neither is it in Tor. Since, in the final node the data is decrypted to be able to access the site in question. Yes we are exposed although it is much more complicated for them to find out something about us. Tor takes care of that.

When we use Tor, we are much more secure than when using any common browser. But you must bear in mind that it is not an infallible system. Although we will be much safer when visiting websites with secure connections (HTTPS) than in sites that do not have encryption activated.

A very important extra that you should always keep in mind is that: if the website is not secure, that is, it is not encrypted (HTTPS), do not enter any kind of information to it. By this we mean login information, email, bank accounts, credit cards, etc.

Tor vs VPN Which one should you use?

The first thing you should know is that most quality VPNs are paid. In the case of Tor, this is totally free and we will not have to pay absolutely anything at any time.

Another thing to keep in mind is that VPN services do store user data for obvious reasons. Anonymity is lost this way, especially if they had to face the law.

In the case of Tor this does not happen, the only problem with the latter is that the browsing speed is not exactly the bestregardless of the speed of your connection.

The bottom line is pretty simple: If you are an average user who is concerned about how companies use your private data, then it is best to use a VPN network. This will be faster than Tor which will allow us to consume multimedia content without any kind of problem.

In the case of Tor, it is used for those people who need a lot of anonymity on the internet. It is something quite common that we see in people who have to face governments. Like the case of different journalists in Venezuela, to give an example.

The differences between Tor and a VPN network are quite clear. Each one is used for something slightly different, the two promise anonymity. But you must bear in mind that long-term and total anonymity on the internet does not exist.

[Source: This article was published in explica.co - Uploaded by the Association Member: Anthony Frank] 

Categorized in Internet Privacy

For many folks, Google is the front page of the internet. You don’t type Facebook.com into your browser. You just type “Facebook,” and then click the first Google result. Or you do a basic search by tapping in what you’re looking for.

But Google is way more powerful than that. You just have to learn a few of its secret code words, and then you can slice and dice your searches like a pro. No more wading through pages of results to find what you want. Use these tricks, and you’ll almost always get what you want on the first page. You can even ask Google to show you the weather.

Google search operators

These tips use Google’s search operators. These are commands that you add to your search terms in order to narrow the scope of the search. To use one, you just type your search as usual, then type the operator afterwards.

For instance, this is how you tell Google to limit your search to one particular website

Apple site:cultofmac.com

Type that into Google (or alternatives like DuckDuckGo), and it will search Cult of Mac for the term “Apple.”

For a complete list of Google’s search operators, check out Joshua Hardwicks’s comprehensive post on the subject at the Hrefs blog. For a sampling of the most useful operators, keep reading!

cache:

This one is great. If you click in the URL bar, and add cache: to the beginning of the URL and hit return, then Google will show you the most recent cached version of a site. This is super handy if a page is down due to excess traffic, or censorship, for example.

intitle:

Add intitle: to your search, and Google will search only the titles of web pages. Great to narrow down searches where you remember a few words from a title.

“search term in quotes”

This is a different kind of operator. If you put a word or words in quote, then Google will search for that exact phrase or word. This also works with ambiguous words, where Google might be confused what you actually mean. It’s also a good way to search for known misspellings.

OR

Type OR or | between terms, and Google will search for either of those terms. This is a rear way to combine search results from two parallel searches. For instance, dock iPhone OR iPad will return a search of both iPad docks and iPhone docks.

related:

This is an odd but very handy operator. You use it without an actual search term. So, if you type related:cultofmac.com, then Google will show you a list of sites which are related to this one. I like this when researching a subject I don’t know much about. If you find one good source, you can quickly discover more.

Quick hits

And finally, a few quick tricks. Try any of the following to get info about a specific thing:

movie:

map:

stocks:

weather:

 [Source: This article was published in cultofmac.com By CHARLIE SORREL - Uploaded by the Association Member: Clara Johnson]

Categorized in Internet Search

To attract the right visitors to your Web site, you need to use keyword phrases instead of just single keywords. This helps search engines match users to results that are more relevant to them. Just like a keyword is a single word used as a search query, a keyword phrase is two or more words typed as a search query. For example, Poughkeepsie classic car customization is a good example of a keyword phrase.

Search engine users find what they are looking for by searching for specific keywords or keyword phrases and choosing the most relevant result. You want your site to have as many opportunities to be included in those search results as possible. In other words, you should try to use every keyword phrase that you think someone might search for in order to find your site.

Usually when people do a search, they type in a keyword phrase instead of just a single keyword. Fifty-eight percent of search queries are three words or longer. So having keyword phrases on your site increases your chance of appearing higher on the page rank (because more keywords match the search query). The click-through rate (how many people click your listing to go to your site) also increases, due to more words matching the search query. Your conversion rate (how many visitors actually purchase something, sign up, or take whatever action is appropriate on your site) also increases because you’re more likely to have what the user is looking for.

Search engine users are becoming more savvy as time goes on, and they have learned that a single keyword is probably going to be too broad of a search to return the results they’re looking for. A good example is what happens when you do a search for security. You might be in need of a security guard service, but doing a quick search on Google with the keyword security gives you results as varied as the Wikipedia article on security, the Department of Homeland Security, the Social Security Administration, and many listings for computer security software. Using the keyword phrase security guard service Poughkeepsie, on the other hand, turns up map results listing local businesses, two local business sites for hiring security guards, and a couple of news articles about security services in Poughkeepsie.

It is best to use simple, everyday language that searchers are likely to type in. As a general rule, you should include multiple uses of each keyword phrase, enough to be prominent on the page without forcing your keywords into your content. You want it to mention each keyword a couple of times while making sure that it still sounds natural. Additionally, you should avoid using only general phrases; be sure to include detailed descriptive words as well. If your keywords are too general, they are likely to be up against too much competition from others targeting the same keywords. However, if your keywords are too specific, fewer people search for those terms, resulting in fewer potential visitors. It’s a balancing act, and the rules aren’t hard and fast. You need to find the right mix for your site by finding the keywords that bring traffic that actually converts — in other words, you want to put out the bait that brings in the right catch.

When putting keywords in the content of your site, make sure the words surrounding them are also good, searchable keywords. For example, if your business dealt with customizing older cars, you might use keyword phrases like this:

  • Classic car customization in Poughkeepsie 
  • Reupholstery for classic Mustangs
  • Chrome, wheels, and paint for classic automobiles
  • New York State classic cars

These can all be used as headings for paragraphs or as links to their own pages. Remember, search engines also look for keywords in hypertext links (where clicking a word or phrase takes you to another page within the Web site) within the page, and using a search phrase within the hyperlink leads to a higher search rank for that phrase.

You should also still include stop words (very common words such as the, a, to, if, who, and so forth, which serve to connect ideas but don’t add much in the way of meaning to your content) in your search phrases. Google had removed stop words from its indexes for several years, but they now use them to perform much more precise searches. Plus, you don’t want your Web site text to sound like machine language — “Come shop Classic Cars customization all your needs Poughkeepsie.” Instead, you want your Web site to sound like English; your true readers are real people, after all. You also don’t want to give the search engines the impression that you’re keyword stuffing; they’re expecting natural-sounding text, which means full sentences.

[Source: This article was published in dummies.com  - Uploaded by the Association Member: Dana W. Jimenez]

Categorized in Internet Search

Identity fraud is now more threatening than ever

Technology is changing the way people do business but, in doing so, it increases the risks around security. Identity fraud is especially on the rise. In fact, it’s estimated this type of fraud has doubled in just the last year. And, while the banking sector may be the juiciest target for attempted identity fraud, security is not purely a banking concern.

In 2015, damage caused by internet fraud amounted to $3 trillion worldwide. Latest predictions say it will be $6 trillion in 2021. This makes cyber fraud one of the biggest threats in our economy and the fastest growing crime. It is becoming far more profitable than the global trade of illegal drugs.

Enterprises all over the world need to focus on this cost-intensive problem. With over 1.9 billion websites and counting, there is a huge possibility for fraud to be committed – a serious problem that must be slowed down.

Most common identity fraud methods

Of all fraud methods, social engineering is the biggest issue for companies. It became the most common fraud method in 2019, accounting for 73% of all attempted attacks, according to our own research. It lures unsuspecting users into providing or using their confidential data and is increasingly popular with fraudsters, being efficient and difficult to recognise.

Fraudsters trick innocent people into registering for a service using their own valid ID. The account they open is then overtaken by the fraudster and used to generate value by withdrawing money or making online transfers.

They mainly look for their victims on online portals where people search for jobs, buying – and selling things, or connecting with other people. In most of the cases, the fraudsters use fake job ads, app testing offers, cheap loan offers, or fake IT support to lure their victims. People are contacted on channels like eBay Classifieds, job search engines and Facebook.

Fraudsters are also creating sophisticated architecture to boost the credibility of these cover stories which includes fake corporate email addresses, fake ads, and fake websites.

In addition, we are seeing more applicants being coached, either by messenger or video call, on what to say during the identity process. Specifically, they are instructed to say that they were not prompted to open the account by a third party but are doing so by choice.

How to fight social engineering

If organisations are to consistently stay ahead of the latest fraud methods and protect their customers, they need to have the right technology in place to be able to track fraudulent activity, react quickly and be flexible in reengineering the security system.

Crucially, it requires a mix of technical and ‘personal’ mechanisms. Some methods include:

Device binding – to make sure that only the person who can use an app – and the account behind it – is the person who is entitled to do so, the device binding feature is highly effective. From the moment a customer signs up for a service, the specific app binds with their used device (a mobile phone for example) and, as soon as another device is used, the customer needs to verify themselves again.

Psychological questions – to detect social engineering, even if it is well disguised, trained staff are an additional safety net that should be applied – and in addition to the standard checks at the start of the verification process. They ask a customer an advanced set of questions once an elevated risk of a social engineering attack is detected. These questions are constantly updated as new attack patterns emerge.

Takedown service – with every attack, organisations can learn. This means constantly checking new methods and tricks to identify websites which fraudsters are using to lure in innocent people. And, by working with an identity verification provider that has good connections to the most used web hosts and a very engaged research team, they are able to take hundreds of these websites offline.

Fake ID fraud

However, social engineering isn’t the only common type of identity fraud. Organisations should be aware of fake ID fraud. Our research indicates fake IDs are available on the dark web for as little as €50 and some of them are so realistic they can often fool human passport agents. The most commonly faked documents are national ID cards, followed by passports in second place. Other documents include residence permits and driving licenses.

The quality of these fake IDs is increasing too. Where in the past fraudsters used simple colour copies of ID cards, now they are switching to more advanced, and more costly falsifications that even include holographs.

Biometric security is extremely effective at fighting this kind of fraud. It can check and detect holograms and other features like optical variable inks just by moving the ID in front of the camera. Machine learning algorithms can also be used for dynamic visual detection.

Similarity fraud is another method used by fraudsters, although it’s not as common thanks to the development of easier and more efficient ways (like social engineering). This method sees a fraudster use a genuine, stolen, government-issued ID that belongs to a person with similar facial features.

To fight similarity fraud, biometric checks and liveness checks used together are very effective – and they are much more precise and accurate than a human could ever be without the help of state-of-the-art security technology.

The biometric checks scan all the characteristics in the customer’s face and compares it to the picture on their ID card or passport. If the technology confirms all of the important features in both pictures, it hands over to the liveness check. This is a liveness detection program to verify the customer’s presence. It builds a 3D model of their face by taking different angled photos while the customer moves according to instructions.

The biometric check itself could be tricked with a photo but, in combination with the liveness check, it proves there is a real person in front of the camera.

Fighting back

The threat of identity fraud is not going away and, as fraudsters become more and more sophisticated, so too must technology. With the right investment in advanced technology measures, organisations will be in a much stronger position to stop fraudsters in their tracks and protect their customers from the risk of identity fraud.

 [Source: This article was published in techradar.com By Charlie Roberts - Uploaded by the Association Member: Alex Gray]

Categorized in Investigative Research

WhatsApp recently added a 'Search the Web' feature that can be used to check the veracity of information shared via the instant messaging platform.

users can now search the veracity of forwarded messages using a new 'Search the web' feature. When users receive a message they can forward it to up to five chats at a time. When a message has been forwarded more than five times from its original sender, or through a chain of over five chats, then WhatsApp will label it with a double arrow icon. WhatsApp messages labeled with double arrows can only be forwarded to one person at a time. The double arrow label lets you know the message did not come from a close contact. These restrictions on forwarded messages or forward limits are an effort to preserve WhatsApp’s intent to keep conversation intimate and private, as well as to drastically reduce the rate at which fake news spreads.

Everyone has received a forwarded message that makes outlandish claims. Those messages are received a lot more now because of the global health crisis, and at at time when the world is heavily relying on instant messaging apps to keep in touch with loved ones, as well as their doctors, teachers, employers, and so on. Useful information can be forwarded via WhatsApp, but so can a lot of misinformation as well.

WhatsApp recently debuted a simple method to check the veracity of messages labeled with double arrows. The feature is called 'Search the Web' and results in messages appearing with a magnifying glass icon next to them. When recipients of the message tap on the magnifying glass, they are able to send the message to their web browser and search for related news sources and information. The messages uploaded to the browser through this feature will never be seen by WhatsApp as all messages in the app are end-to-end encrypted. Users will then be able to debunk myths and fake news on their own by reading related information online.

How To Use WhatsApp’s ‘Search The Web’ Feature

'Search the web’ is only available in the following territories: Brazil, Italy, Ireland, Mexico, Spain, the UK, and the US. Once a user has made sure that the feature is available where they are, they need to make sure they have the latest version of WhatsApp for iOS or Android. The feature can only be tested if a WhatsApp user receives a message labeled with a double arrow icon. A search on their browser will be initiated when they tap on the magnifying glass that is displayed next to the message. In April, WhatsApp's efforts to limit the spread of misinformation had seen a 25 percent drop in forwarded messages globally, which is a clear sign that the steps it has taken thus far are working successfully to curb the spread of fake news.

In response to the COVID-19 pandemic, earlier this year, WhatsApp introduced a new WhatsApp hub which encouraged its users to trust only reputable sources, like the World Health Organization or the health ministry in a user's locality; and, to stop the spread of rumors by fact-checking information before forwarding a link/message. At the time, the concern was that WhatsApp was not doing enough to combat the spread of misinformation on its instant messaging platform. Now, finally, myths, misinformation, and fake news can be busted at the tap of a button. Most people don't want to be the source of fake news and in some countries, it is a punishable offense. By using 'Search the web' users can be more prudent about the messages they share with their contacts thus preserving WhatsApp's desire to stop the viral spread of misinformation.

[Source: This article was published in screenrant.com By BASEGO SEGAETSHO - Uploaded by the Association Member: Alex Gray]

Categorized in Internet Search

The internet is a vast system of an interconnected network that provides information and communication anytime, anywhere. This 19th-century invention took the world by storm. However, it is still surprising to date how much information can get accessed on the internet without any hassle. With the ease of access, privacy is also a valuable commodity that gets easily accessible on the internet. It is the privacy that sets humans apart from animals. Meanwhile, this privacy is nowhere safe on the internet. Your personal information like emails, income, business details, and the location are all exposed on the internet.
One of the main reasons for that is your information is worth much money for different businesses. They can use your information for marketing campaigns and attract customers towards their products.

However, this information is valid for usage to some extent. But if this information gets revealed to others, it can lead to severe problems. By information leakage, most of the ransomware attacks and malicious phishing scams. It is causing great harm to users on the internet. In this case, the protection of online privacy is extremely crucial to keep a safe side from these attacks. With that said, let’s discuss six steps that you should take to protect your online privacy.

LIMIT PERSONAL INFORMATION ON SOCIAL MEDIA

Almost everyone uses social media services like Facebook, Twitter, and Instagram. Social media allows you to share pictures, videos, and other kinds of information to help your friends find you. Now, this information gets exposed to your friends, but dangerous hackers can also use it against you. Cybercriminals use this information for identity theft and phishing, which can lead to severe problems.

Different universities like the University of Nevada Reno, produce professionals in cybersecurity. According to these cybersecurity professionals, one way to avoid this situation is by avoiding oversharing the information. Always avoid sharing your actual location on social media and limit its usage. For instance, if you share pictures of your pet, then never share its name on the internet. The cybercriminals can dig through your social media to find essential information like pet names. Some financial services ask security questions like maiden names or pet names while changing passwords. In this case, it is always advisable never to share personal information briefly.

KEEP EMAILS AND PHONE NUMBERS PRIVATE

 Sharing your emails and phone numbers everywhere on the internet is not a good idea. It is because emails and phone numbers can get used against you for phishing and ransomware attacks. Moreover, your inbox and mails will be overwhelmed with tons of spam emails and robotic calls for winning the lottery. Indeed, you can not just avoid sharing the emails on the internet. But it is advised never to give this information randomly. You can create a separate email account and SIM registration for shopping and business to secure your emails. This way, you can keep your emails separated from the random emails and phone calls from strangers and block them whenever you want.

 TURN ON PRIVATE BROWSING

No matter how vigilant you are on the internet, you will always leave a trail back to your activity. The internet continually tracks your movements and offers content based on this activity. If you are also concerned about this system behavior, then you can opt for private browsing. Private browsing is one of the safest ways to use the internet without recording your activity online. Most of the websites use cookies and software to identify the interests and search data. However, private browsing deletes any installed cookies and internet cache as soon as you log out of the internet.

USE A VPN

Apart from private browsing, a VPN or Virtual Proxy Network can also protect your online privacy. This network software works by creating a private network with the public internet. This private network creates a secure tunnel to mask your IP, thus hiding your online activities. Primarily VPNs must always be used while using public wifi. The wifi services in the library, restaurants, and train stations are unmasked to the hackers and cybercriminals. In this case, the VPN software can ensure security for incoming and outgoing traffic. Thus, all of your information stays private.

USING TWO-FACTOR AUTHENTICATION

 Two-factor authentication is another buzzword in the technological world. But it is immensely useful to secure your privacy. Since you protect all of your accounts with a most strong password, it is not always enough for their security. Hackers and cybercriminals always seek new approaches to find your password and disclose your confidential information. You can still secure your accounts by adding a two-factor authentication on all of your accounts. With this two-factor authentication, you will receive a secret code on your phone. This secret code is valid for 60 seconds only, giving a shorter frame to the hacker to decrypt your password.

UPDATE APPS & SOFTWARE

 Avoiding apps and software updates is never a good idea. The developers of these apps are continually improving and strengthening security to protect user privacy on the internet. On the other side, hackers always look for anomalies and leaks in the most used apps to get hands-on personal information. All you need to do is enable automatic updates for apps, and the computer and system will do the job itself. FINAL WORDS No matter how heedful you are, hackers will always find new ways to attack. However, incorporating these steps into daily life can significantly improve privacy protection and save the day. Still watch out for wrong links and websites and install an antivirus to keep a safe side from the potential threats.

[Source: This article was published in latesthackingnews.com By LHN Server - Uploaded by the Association Member: Deborah Tannen]

Categorized in Internet Privacy

AOFIRS

World's leading professional association of Internet Research Specialists - We deliver Knowledge, Education, Training, and Certification in the field of Professional Online Research. The AOFIRS is considered a major contributor in improving Web Search Skills and recognizes Online Research work as a full-time occupation for those that use the Internet as their primary source of information.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.