Please stop tweeting pictures of your credit card

I know what you’re probably thinking… “who would possibly broadcast their debit or credit card number to the entire online world potentially giving giving anyone easy access to all of their money and banking information”?

Unfortunately the answer is lots of people.

Don’t believe me? Check out this Twitter feed: @NeedADebitCard which is dedicated to retweeting people who tweet out photos of their unobscured debit cards. Whoever is behind the twitter account isn’t trying to get people to actually steal debit card information though. In fact it’s really more of a public service they are providing as indicated by their Twitter bio “Please quit posting pictures of your debit cards, people”.

So what? You need the PIN number in order to actually use the debit card information right? So how can wily hackers and clever cyber criminals figure out how to get it? Well… for starters, they could just @ reply and ask!

 

Bae

 

So how are the banks responding? I think for the most part they are doing their best to ask people to knock it off and use examples like this as “teachable moments”.

Chase

How not to get hacked…

A fool and his money are soon parted and Twitter can really help stream line the process.

 

How to practice safe Apps

Apps are awesome. I don’t need to tell you that. Just look at your phone or tablet or both. They probably have a boatload of Apps on them already.

I bet you have already installed many of the usual suspects such as Angry Birds, Instagram, Facebook, some sort of Twitter client, WhatsApp and maybe even a few work related ones like Evernote and DropBox. And of course if you’re good Canadian, you’re likely to have The Weather Network App installed! We take our weather seriously up here.

All of these Apps are pretty well known and mainstream, but what about that flappy-penguin game from China that looked cool or that fitness app that will get you doing 42,000 push-ups a day in only a week? They seem legit right?

Apps are in fact awesome but they can also carry a lot of risk that we don’t even consider when we download them. Here’s why…

Your phone knows everything about you. EVERYTHING.

Think about it. I know that sounds ridiculous but let’s drill down into that statement and see if I’m right: It knows where you are via GPS triangulation. It knows where you’ve been because it has access to your calendar. More importantly it even knows where you will be in the future. It knows who all your friends are because it has access to your contacts. It knows who you call and how often. Same with texts. It knows your home address. It knows where you work. It knows how to connect to your bank account. It sends and receives all of your personal and business email. It may even have private personal information such as credit card numbers, health details and possibly even inappropriate selfies on it.

Your phone knows more about you than your Mom, your significant other, your BFF and your lawyer put together. Do you really want this information out there and accessible because you downloaded an App with some malware attached?

Probably not.

So is it really just safe to download any old App?

Not really.

I know… I know… but you want… no NEED Apps. I get it. If you’re going to download them anyway, then here are a couple quick steps to help you practice safe Apps:

#1 Do an App reference check

Before you download that App, find out what other people are saying about it. If it’s not a mainstream App like say… Hootsuite or Pocket look for reviews in the App store. Are they good? Are they bad? Worst of all are there none? Badly reviewed Apps or new Apps with no reviews should be cause for pause before downloading.

Next simply Google the name of the App and see what comes up. While you’re at it, add the words “scam” or “malware to the search and see if you get any hits. Or try a search on Twitter and see what people are saying.

Regardless of where you look, make sure you do a little reference checking before you let that App onto your phone.

#2 Don’t make it easy to install unwanted Apps

Setup a strong password and biometric protection for your purchases from the App store. This works well for two reasons. Frist, if you’re too many drinks into the evening a strong password provides a built in sobriety test. Ok, I made that one up but it’s highly possibly to accidently download Apps you don’t want or make in-App purchases that can add up to real money fast. A week password or enabling in-App purchases can also allow kids to rack up huge charges and expose your device to tons of different variations of malware as well.

#3 Ask your self “do I really need more stuff”?

George Carlin would say “no”. With every new App you add to your phone you are not only hogging up valuable storage space and slowing down performance but also exponentially increasing the risk of mobile virus infections or malware sneaking onto your device.

#4 Review permissions

It can be eye opening to checkout the default permissions that Apps have to access information on your phone. Why does a traffic App need access to your entire contact database and the ability to post to Twitter and Facebook? It doesn’t!

Make sure that after you have downloaded any App you confirm what it is allowed to do on your device and disable anything that you don’t feel comfortable with. If it’s asking for WAY to many permissions it may be a red flag that this App isn’t something you want on your phone!

How not to get hacked…

Apps are awesome but regardless of platform (yes there is malware and viruses for iPhone’s too) you need to practice safe Apps to protect yourself and your privacy. Especially if you have jailbroken your phone!

Are you sharing your privacy away?

Think about the kind of things you share on Facebook. Most things people post are not necessarily super private moments, but what seems like no big deal information at the time could really be opening you up to substantial risk online.

Here’s a few examples.

#1 Pictures and personal details of your children

We tell our kids never talk to strangers. But what happens when a stranger approaches them who knows their name, what school they go to and can reference details from a recent event like a birthday party or trip to the zoo. Odds are they will be able to influence a child armed with this much personal information.

What you should do about it?

Facebook is a great way to share family photos and special moments with friends and extended family. Especially when they live far away and can’t be in regular contact. So if you are going to share pictures of your kids on Facebook, really think about the details you are including and then make sure you have applied the appropriate security and privacy settings so that only those people you want to see the post, do.

#2 Personal identifiable information: Don’t post a picture of your credit card online

This should be a no-brainer. But it isn’t. It’s amazing how the people actually do this to show off their brand-new credit card perhaps with a special team logo on it or something. This goes for any other piece of personal identifiable information and not just cards in your wallet. It could include the license plate number of your car or your home address.

A lot of people use fitness apps that show the route of their daily jog or bike ride that clearly show the location of their home and the path they regularly take including times that they may be alone in secluded areas. Sometimes these apps post a Facebook automatically and include way too much detail by default.

What you can do about it?

It’s fun to share exciting moments with your Facebook friends like getting a brand-new car, just make sure that picture you share is taken from an angle where the license plate is not visible. A good rule of thumb is to really look closely at anything you about to share that includes numbers of any kind and then think to yourself, “what could someone find out about me if I give them this information?” It’s also very important to keep track about what your apps are automatically sharing and lock down anything that may be exposing you to financial or personal risk.

#3 The “please rob me” Facebook status

Everyone loves to share pictures of their stuff. Most news feeds are full of pictures of new cars, trucks, TVs, jewellery and other expensive personal belongings. But they don’t just show up when we’re showing off. Often our stuff shows up in the backgrounds of pictures. For instance taking a picture in your kitchen of Grandma’s birthday party or in your family room from last weekend’s house party can actually reveal a lot of details about your home and your stuff. A picture like this can identify what valuables are in the house, where they are and how easily accessible they may be from windows and doors.

Why does this matter? Because the next post after the one of you’re new 3,462 inch TV in your feed just might be how excited you are to be at the airport headed to the beaches of Acapulco for two weeks leaving your brand new TV home all alone. Combining the information from the two posts, you’ve told the world where all your good stuff is, how to get at it and that you’re not at home so “come help yourself”.

What you can do about it?

Again be very careful about what you include in pictures and status updates unintentionally. Take enough pictures inside your house and you may inadvertently be pointing out which rooms have motion sensors for your alarm and which ones don’t. A trained criminal eye can pick up on these details very quickly. You also need to think about what can be determined about you, your family and your home from the combination of pictures and status updates you post to Facebook.

How not to get hacked…

We shouldn’t be afraid to share things on Facebook. It’s just important to do so with a little caution. Making sure your privacy and security settings reflect your true wishes are an important first step. But realize that these settings should not be counted on to fully protect you. You need to take personal ownership for your own privacy and security by thinking about what not only each individual pictures and status update are really sharing but also what story the posts taken together unintentionally reveal.

Must read Canadian Startup blogs

This week at the Laurier LaunchPad we got to talking about how to keep up with the latest and greatest happenings in the Canadian Startup ecosystem and I was quite surprised to find out that most of the students didn’t know where to go online to get plugged in.

Off the top of my head, here are the blogs I read regularly and recommended:

Laurier LaunchPad Blog – Obviously… ;-)

Tech Vibes – The go-to gold standard starting place for Canadian tech startup news

Betakit – Canadian startup online magazine with great in-depth commentary.

Startup North – Covering the Canadian Startup scene written by entrepreneurs for entrepreneurs.

David Crow – That guy who did all the Demo Camps and somehow knows everyone in the Canadian Startup scene.

Mark Evans Blog – Former tech journalist / founder / MESH conference organizer turned startup marketing consultant.

View from the Loo – The Communitech Blog.

MaRS Blog – The Hub for Toronto Startups.

Untether TV – Canadian mobile startup scene weekly video podcast by Rob Woodbridge

Maple Butter – Fun startup advice written by founders for founders.

Instigator Blog – Ben has founded and successfully exited several startups and provides great practical advice for entrepreneurs.

Startup Canada Blog – National organization promoting entrepreneurship communities.

Am I missing any? If so, leave me the details in the comments below and I will add them to the list!

How to not get your Twitter Hacked

I’ve seen a ton of strange DM messages on Twitter lately from friends who have either been hacked or have started selling Viagra as a side gig. As a public service, here’s how I play it safe on Twitter and do my best to keep those nasty folks out of my account.

#1 Use a strong password

I don’t mean your dog’s name with the first letter capitalized and 123 at the end, I mean a really strong password. I use 1Password to manage my bazillions of logon and password combinations. It will not only generate huge 101 random character passwords for you but it will also log you into your accounts and websites super fast with auto fill. The best part… you won’t even know what your password is or need to remember it, you just need to remember one master password for everything! Check 1Password out or one of their competitors and see if one of these systems will work for you. Either that or Google “strong password generator” and use one of the free online sites or just try to come up with something that a computer can’t guess.

Example…

Poochy123 = please hack me!

71)T71SJ2861{A3B-2)j>”#’D>]38J==x25n7N5%f]lc8,n;y{&06-5Cf8[+@;T{,]Q~[r2l03T{1S6v6{‘6@’Z1UM3UL67]0xrB = strong password

So here’s how to change your password… Start by going to settings:

Twitter 1

 

Click on Password… Then update your password here…

Twitter 4

#2 Don’t use the same password on every site

Why? Because if you get hacked on Twitter and you use the same password for your bank account, LinkedIn, Dropbox, Evernote, Facebook etc. you’re going to get royally Pwned.

#3 Clean up your apps

Next to crappy weak pwnable passwords, the next biggest gaping hole in your Twitter account for hackers to exploit is your huge list of apps. Seriously, check out how many apps you have allowed to access your Twitter account over the years. It will blow your mind! If a hacker compromises an app, he can do whatever you have allowed that app to do with your account. Check out some of the permissions you have given your various apps and you’ll understand why this is a problem.

Here’s how to clean up your apps… Start by going to settings:

Twitter 1

 

Then click on Apps…  and then Revoke Access to anything you don’t need. Medium? Tweetbot? Clearly I need to do some house cleaning while I’m at it too.

Twitter 2

 

#4 Update your Security and Privacy settings

Click on Security and Privacy…. and then add your cell phone number to your account. This will make Twitter verify login attempts and notify you if you try to login to your Twitter account from Buenos Aires when you’re actually in say… Brantford.

Twitter 3

 

Next… don’t make it easy for someone else to reset your password. Click on the checkbox to Require personal information to reset my password. It’s probably not all that hard for a determined hacker to figure out your cell phone number or your email address but this one little checkbox will keep out most everyone else.

Twitter 5

 

Now scroll down to the Privacy section… and get as paranoid as you want. I won’t judge. My preferences include NOT providing a Tweet location so I have this box unchecked. I’m also not keen on having people find me on Twitter by my email address as it can also be used as a second factor for identification to reset my password.  Choose the settings that make you feel the most comfortable and then don’t forget to hit SAVE. The SAVE button will save all of the changes you made to both Security and Privacy.

Twitter 6

 Conclusion…

While there is absolutely no guarantee that your Twitter account will not get hacked after taking these steps, you will certainly decrease the likelihood of it happening by… a lot.