Avoid holiday phishing attacks by taking these 3 precautions

3 ways to avoid phishingThe season for giving is also the season for taking. Lurking among the people exchanging gifts and glad tidings are shady characters whose only goal is to pluck opportunity from the well of goodwill filled each year during the holidays. For them, a Merry Christmas involves sending malicious messages via email.

Security researchers say these kinds of messages, while not unusual, flourish around Christmastime as family, friends, and workplace colleagues exchange kind thoughts in the spirit of the season. The main vehicle conveying most of these thoughts has been the e-card, which grows in popularity as we widen our circles of digital friends.

Cyber criminals relish this growth because it improves the likelihood they will reel in a sucker when they go “phishing” in this stream of e-correspondence. Recent reports on data breaches say an estimated one in 10 email users wind up getting hooked by a phishing lure.

“It’s easy for busy, distracted consumers to become victims of these schemes,” said Craig Young, a researcher at Portland, Ore.-based Tripwire, a cyber security provider. “But armed with a few basic security practices, they can drastically reduce their chances of being victimized.”

Among the practices that Young and others advocate:

  • Avoiding email from unknown addresses, or email with undisclosed recipients, and not opening the attachments in these emails. That includes e-greeting cards. If possible, confirm who sent the greeting before opening it.
  • Watching for bad spelling and poor grammar in email subject lines. Cyber criminals focus on results, not quality, because they send thousands of messages at once hoping for just a few responses. A subject line containing errors is strong proof that opening the email would be an even bigger mistake.
  • Running anti-virus software and keeping it up to date. The protections within these programs may be enough to ward off threats in emails that are opened by accident.

Businesses are particularly vulnerable due to multiple users in corporate accounts – and multiple approaches to answering email among those users. That is why employees must be made part of the solution, instead of being left to become part of the problem.

“Enterprises … need to place more reliance on employees to help them defend their organizations,” said Rohyt Belani, CEO and co-founder of PhishMe, a threat management company based in Leesburg, Va. “Consistent training turns employees into informants that can spot attacks before they turn into catastrophes.”

Colin Powell: Digital transformation success requires leadership

2008 photo of Colin Powell

Colin Powell in 2008. (Photo by Rob Reed / Creative Commons)

Digital transformations rely on much more than technology and investment to succeed; they require buy-in from everyone involved, from the board room on down. Ensuring that buy-in requires strong leadership.

No less an authority on leadership than Colin Powell insists as much. The former U.S. Secretary of State and chairman of the Joint Chiefs is on the record as a firm believer in digital transformation.

In today’s digital society, “if you do not get at the front of change, change will override you,” he said recently. “(The world) has gone from analog to digital, and we are in up to our ears.”

Powell’s acknowledges his motives in this regard are more personal now; he says he stays abreast of the latest tech to keep up with his grandchildren. For a large portion of his career, however, Powell lived at the nexus of both war and peace, first as an Army four-star general, then as the nation’s top diplomat.

In both roles, he led large numbers of people through times of significant transition. The Cold War ended on his watch, supplanted by a globalized economy driven by economics and the information revolution. Two monolithic institutions, the U.S military and the State Department, suddenly needed to change course, and Powell was in the driver’s seat.

He admits being intimidated at first by the size and scope of the disruption. Yet Powell believes that his years of Army training prepared him for the challenge of quelling it.

“When I became … a general, and I was running wars and large military operations, I was surrounded by hundreds of people who were experts in their fields: communicators, artillery men, you name it, and I drew on their expertise,” Powell said in 2009. “It was important to know what they think.

“After listening to all the experts, I was supposed to use that expertise to inform my instinct. … It is an educated, informed instinct that is daily shaped by my experts, but at the same time you’ve got to apply judgement to it. That’s where the human dimension comes in.”

The same strategy applies to digital transformation in the business world. Transformations are large engagements requiring risk and resources. A well-informed CEO will understand how to balance the two.

“You’ve got to have CEOs who not only apply their experience but are willing to take the risks that your data people and subordinates aren’t willing to take, because that’s not their job,” Powell said.

Good CEOs also train their staffs properly, recognize good performance, correct poor performance, allow staff autonomy, and remembers to treat everyone with respect and compassion, Powell says. Each of these elements factors into effective digital transformations along with the technology. Remaining mindful of all of them allows business leaders to stay ahead of the digital curve.

“You can’t just match change,” Powell said. “(Competitors) will be somewhere else by the time you match them, and you will still get left behind.”

In social media, patience is spelled with five W’s

The Five W'sIn a perfect world, our words shine like jewels the first time we write or say them.

The reality is, our words demand special consideration before displaying them in public.

For one thing, so many terms in English have multiple meanings; for another, so many readers own distinct perspectives and biases. Ask 10 people to read the same sentence, and they’re likely to offer 10 slightly different interpretations.

That’s why, in our electron-fast, social media age, extra seconds spent pondering our pedantry before tapping the Send button can prevent embarrassment and preserve credibility.

So, consider putting patience high on your list of obligations each time you write online. Armed with it, writers and editors are more likely to catch spelling errors, check or recheck facts, change tone, even adjust attitudes — particularly their own.

The trick, of course, is finding that patience. Hours spent banging out social media posts as fast as they come to mind can cultivate writing that’s reflexive, not reflective.

It may help to install social media speed bumps — a set of objectives that forces introspection. If you’re not sure where to start with that, employ journalism’s famous five W’s:

Who — Think first, “Who am I trying to reach?” Although social media networks permit users to put followers into groups, most users don’t do that. The result: their networks are a mishmash of friends, colleagues and acquaintances where one post intended for a particular group of followers insults or offends all the others. Craft posts with the broadest possible appeal, frame edgier posts with self-effacing humor or courtesy, and restrict the hardest commentary to direct messages.

What — Make sure the point of a post is clear and consistent with the facts. Go back through other people’s posts, check associated Web links and references to see whether those people are interpreting the information correctly. Make certain whether you’re eschewing or embracing conjecture. Only then can you safely answer the question, “What am I trying to say?”

When — Speed is a drug in social media; we assume that the faster we post, the more likely other people will think we’re reporting “news.” Blame this behavior in part on traditional media, which instilled the belief that “scoops” or “beats” were just as important as the information itself. In reality, no newspaper stopped printing and no TV station went dark from not having enough scoops. Today, the Web is rife with humor and shame over errors by news organizations that moved too fast to gather facts. Thus, the answer to “When should I post?” ought to be, “After I have all the facts.”

Where — The term “social media” is as broad as the horizon. It encompasses numerous networks, each having its own best practices and tolerances. Still, we believe Facebook, LinkedIn, Twitter and others have the same audiences, the same reach. But there’s a saying: Facebook is for people you already know, Twitter is for people you want to know, and LinkedIn is for people you need to know. Learn the point and purpose of each social network, then you’ll be able to answer “Where should I post?”

Why — I’d like to think everything I say via social media is important. We all do. Nevertheless, each of us encounters users who think otherwise. That constituency dwindles with solid answers to “Why should I post?” Whereas flippant or rhetorical commentary only attracts more of the same, social engagement founded on research and reportage is shared and re-shared more widely.

(A version of this blog post originally appeared in The Freelance Journalist, a blog managed by the Society of Professional Journalists.)

John Oliver: Journalist of the year

John Oliver (Photo courtesy HBO)

John Oliver (Photo courtesy HBO)

The best journalist in America in 2014 isn’t American and isn’t a journalist.

He intends to change only one of those things.

“I would like to get into a situation where I’m not suffering taxation without representation, which I’m suffering right now,” British comedian John Oliver told ABC’s “This Week.”

As for the journalist part, Oliver insisted on PBS’s “News Hour” that the title is misapplied.

“I have no moral authority. I’m a comedian.”

Given his latest performances on television though, one is left to wonder otherwise.

The British expatriate and Cambridge University graduate settled in this country upon joining the staff of Comedy Central’s popular “The Daily Show with Jon Stewart” in 2006. Between assignments, Oliver continued to do stand-up routines and podcasts on both sides of the Atlantic, each refining a style of wit reminiscent of Monty Python. He obtained a Green Card in 2009 and considers himself a permanent U.S. resident.

Then in the summer of 2013, Oliver sat in the “Daily Show” host’s chair for eight weeks while Stewart was off directing the movie “Rosewater” and in that time Oliver displayed a formidable enough stage command to establish himself as Stewart’s likely successor. But before the notion could percolate longer, HBO plucked him out of Stewart’s stable to host the premium channel’s brand new Daily Show-esque enterprise.

What followed was a masterful mix of humor and social commentary that major news media should watch carefully — and learn from.

“Last Week Tonight with John Oliver” does indeed borrow from the “Daily Show” style of squeezing satire out of social and political events and blowing them up to absurd, sometimes mocku-mental proportions. But where the 30-minute “Last Week Tonight” truly distinguishes itself is in the show’s feature pieces, which can last half the program. Among the notable long-form bits in the show’s first 25-episode season were an analysis of Miss America scholarship claims, a look at chronic corruption by World Cup organizer FIFA, and a breakdown of the hypocrisy endemic in the American lottery system.

Oliver does not just parse words. His staff includes former magazine researchers as well as comedy writers who sift for truth as much for laughs. Oliver and his crew understand that a little bit of bizarre behavior floats on the surface of authority and that by shining a light on it we can peer down into, and be less intimidated by, the darkness beneath.

“Last Week Tonight” even displays key information over Oliver’s right shoulder on the screen, noting also the source and publication date. Not even network newscasts do that.

“It is reporting in no sense. But there is a lot of research,” Oliver says. “If a joke is built on sand, it just doesn’t work. … It’s very, very important to us that we are solid.”

This commitment has enabled Oliver to navigate stridently dense, solemn topics such as America’s wealth gap, civil forfeiture, and student debt — topics journalists have reported on many times but with a predilection for the somber seriousness of suffering by which most events are judged newsworthy.

“There is something about playing with toys that are that difficult which become more satisfying to break by the end of our week’s process,” Oliver says.

Not just break — shatter, really. “Last Week Tonight” garnered 1.1 million viewers on Sunday nights. Across all platforms including DVR and on-demand showings, overall weekly viewership topped 4 million. But on YouTube, where “Last Week Tonight” continues to show its vigor months after signing off until February, a feature broadcast in July on the wealth gap has been viewed since then nearly 6 million times. The piece on civil forfeiture has more than 4 million views. The piece on student debt has 3.6 million.

A feature on the typically arcane subject of national elections in India has garnered 2.5 million YouTube views. (HBO releases each segment separately onto YouTube after their initial broadcast).

“It didn’t make any sense to me that the largest exercise in democracy in the history of humanity was not interesting enough for (the major news media) to cover,” Oliver says of the India feature. India has 1.2 billion people; the United States, 320 million.

Even Oliver’s exposition on events in Ferguson, Mo., in a piece mixed with equal parts humor and outrage just one week after Michael Brown’s shooting now has more than 5.5 million views. That number has grown by about 10,000 weekly. Meanwhile, Oliver’s most talked-about feature, the one about net neutrality that was blamed for crashing the Federal Communications Commission’s website, is cruising toward 9 million viewers.

All these numbers constitute a larger audience share per feature than the major news networks can muster per night.

What Oliver and “Last Week Tonight” have managed to do is find a way to engage viewers and keep them engaged on complex, contemporary issues long after the initial broadcast while managing to be informative, a puzzle that network news and newspapers still struggle to accomplish two decades into the digital era.

Journalism in its most basic form is the gathering, processing, and dissemination of information related to a particular audience. By that simplistic definition, Oliver qualifies as a journalist.

“I think that becomes more of a sad commentary on news than it does on us” as comedians, Oliver says. “The only responsibility as a comedian is that I have to make people laugh. If I don’t do that — and I am sure that I often don’t — I have failed.”

But in making people laugh, Oliver goes to journalistically admirable lengths to do it. In the feature on Miss America scholarship funding, which the nonprofit Miss America Foundation claimed was $45 million annually, the “Last Week Tonight” staff spent days sifting through 990 tax forms on nonprofit spending from 33 states right up until broadcast to try verifying that number. The amount turned out to be unjustifiable, but “Last Week Tonight” nevertheless discovered that the Miss America Foundation is indeed the largest provider of scholarships that are just for women — which news media then reported.

“I just want it to be funny,” Oliver says, describing the course he and “Last Week Tonight” have charted. “That is the key responsibility that you have to hold yourself to as a comedian. If you’re not making people laugh, what exactly are you doing?”

This is not to say America’s daily news needs a thick layer of humor to help it glide along, or that professional journalists are less capable of engaging audiences than Oliver & Co. But if an expat Brit can reach more people on tough topics than the major news media and incorporate impressive feats of news gathering and accountability while doing it, then the “journalist” label will stick to Oliver no matter how hard he tries to shake it off, and major news media will be compelled to watch him try.

So, Oliver’s success and that of “Last Week Tonight” raises the question: If the major news media have a responsibility of informing and enlightening the public and still struggle at it, what exactly are they doing?

Ted Cruz is wrong about Net neutrality

Net neutrality logoThe last thing any of us need is someone in a position of influence explaining Net neutrality but who doesn’t understand or doesn’t care to understand Net neutrality.

Yet, Ted Cruz has decided to do it anyway.

The junior Republican senator from Texas trumpeted his mischaracterization of the issue last week in the Washington Post opinion piece, “Regulating the Internet threatens entrepreneurial freedom,” in which he champions the idea that online innovation suffers unless the Internet is devoid of federal oversight.

The term “devoid” is not overstatement. Cruz prefers that Washington leave the Internet entirely in the hands of the legislative process, where service providers, market forces and special interests hold sway. To this end, he urges nullification of all Internet regulation, now framed within Section 706 of the Telecommunications Act.

In Cruz’s mind, Net neutrality “would put the government in charge of Internet pricing, terms of service and what types of products and services can be delivered, leading to fewer choices, fewer opportunities and higher prices.”

In fact, Net neutrality refers to the Internet as it is now: a place where service providers and government agencies treat all online data equally and access is unlimited; a place where the powerless have as much influence as the powerful; a place where startup businesses can grow into corporations without monopolistic interference.

The issue became a big deal in April when the Federal Communications Commission agreed to consider a two-tiered system where Internet providers can set arbitrary rules on access. Then in May, the FCC also agreed to consider reclassifying broadband as a telecommunications service, which would prevent providers from threatening to reduce access in exchange for fees.

U.S. Sen. Ted Cruz, R-Texas (Photo by Getty Images)

U.S. Sen. Ted Cruz, R-Texas (Photo by Getty Images)

President Obama supports reclassification. Cruz however believes the providers should be in control because reclassification is just a nice way of saying the government will levy an Internet use tax. He has even gone as far as calling Net neutrality “Obamacare for the Internet,” a catchy little phrase that possesses a certain rubbery, pejorative quality certain to help it bounce around the Web for a while.

Never mind that it misrepresents both Net neutrality and Obamacare; Cruz is a Princeton and Harvard grad, a champion debater and a loyal partisan toady. Conservative straw polls rank him high among likely GOP presidential nominees in 2016.

It would tarnish Cruz’s carefully honed image for him to appear on the same side of an issue as the president. So, it makes more sense for him to mangle Net neutrality’s definition than risk political capital.

To be fair, the term “Net neutrality” is sufficiently vague enough that anyone with a flair for drama and self-promotion can abuse it with ease. One could easily argue that the term also means you’re indifferent about what happens to Internet.

If only it had a better name. Comedian John Oliver suggests that maybe Net neutrality’s working title should be more honest: “Preventing Cable Company F**kery.”

But that might be too honest for Ted Cruz.

7 essential security tips for using free Wi-Fi networks

Image courtesy of iStockphoto

Fear is an excellent deterrent. It saps our confidence, curtails our energy and tempers our judgment. It forces us to change our direction and our thinking.

Rarely though do we let it change our behavior. The consequences of fear must be palpable, looming, for that to happen.

A recent article by Maurtis Martijn for the Dutch crowdfunded site De Correspondent reminds us however that even when a threat is real, our response to it can be irrational.

Martijn wrote at length this month about the danger we face when joining unsecured public wi-fi networks — those that do not require a password to join. To demonstrate that danger, he strolled through central Amsterdam with self-described “ethical hacker” Wouter Slotboom — not the snooper’s real name — looking for cafés that provide free wi-fi.

At each location, Martijn and Slotboom sat at any table. Then Slotboom pulled from his backpack a small black device that he placed on the table and obscured with a menu. He then linked to the device with his laptop and in moments discovered the identities of every other laptop, smartphone and tablet used by every customer in the café.

Moments later, Slotboom obtained the network identity of those customers and with that was able to discover personal information about each.

“All you need is 70 euros (for the device), an average IQ, and a little patience,” Slotboom told Martijn.

The marketplace affords Slotboom and shady sorts of his ilk plenty of potential. More than half the U.S. population of 316 million owns a smartphone or laptop, and the number of tablet owners is catching up to both. All of those devices have connected to an open wi-fi network at least once, often without a device owner’s knowledge (the default on mobile devices is set to discover available networks).

And as the mobile market grows, more doors open for hackers. The threat intelligence firm Risk Based Security, Inc. estimates nearly 1 billion records — credit card information, medical records, passwords, social security numbers, etc. — were breached in 2013, with 65 percent of the activity occurring in the United States.

Risk Based Security says we’re on a pace to suffer well over 1 billion breaches this year.

The numbers are new but the rationale for them is not; stories about wi-fi security predate the advent of public hotspots. Yet many of us disregard the threat or expect strangers to respect our personal security. We choose convenience over caution. We invest trust where none was earned.

Such behavior today borders on irresponsible; lax personal security compromises the security of others if their information is on our devices. And the threat is not looming or imminent — it’s here, happening now, via unsecured wi-fi networks across the country.

It may even be happening to you now while you sip your latte.

So, curtail the risk and subdue your paranoia by taking these small, simple steps:

Choose the correct network — During Slotboom’s staged “man-in-the-middle” attacks, he created fictitious wi-fi networks on his computer for café customers to join, and dozens did. This simplified the task of discovering passwords and account numbers; people typed them directly into his network thinking it was legitimate. Slotboom often named the networks after real businesses to make them appear authentic. He urges users of free wi-fi to verify the network, either by asking the proprietor or checking the address on signs that promote the service, to avoid joining rogue networks by mistake.

If the option exists to pay for access to a secure network, take it. A little fee trumps a big headache.

Choose ‘htpps’ — That “s” extension after the “http” at the beginning of a Web address indicates the connection is secure and the connection to the Web server is authentic. Not all websites have this; still others provide both. Even so, only certain amounts of traffic are encrypted, not all of it. Regular users of unsecured networks help themselves by doing homework on whether the sites they visit have this layer of security before surfing in public, and they should never, ever, shop or do anything online involving a credit card while using unsecured wi-fi.

On some sites, you can add the “s” yourself. The Electronic Frontier Foundation distributes a browser extension called HTTPS Everywhere that encrypts communications between major websites and is available for Windows, Mac and Linux.

Use ‘two-step’ authentication — Many email providers and commercial websites have the option of a second login, where users receive a texted code they must type after their initial login to gain access. Two-step or two-factor authentication reduces the chance a hacker can gain access to an account with just the password.

Use a password manager — Sometimes we feel as though there is only enough RAM in our heads to get us through the day. This leads us to concoct simple or repeated passwords for the many websites we use that require a login. A password manager program generates unique and complex passwords for each site and keeps them locked up with one master password. Password managers also guard against keylogging — the surreptitious recording of keystrokes by hackers — by automatically filling in a site’s password field.

Turn off sharing; turn on firewalls — The sharing feature allows mobile devices to connect with other devices and networks. Free wi-fi users should disable this feature when not in need of sharing. (The instructions are different for Windows and Mac.) At the same time, make sure the device’s firewall (Windows/Mac) is active and working.

Invest in a VPN — A virtual private network, or VPN, encrypts traffic between devices and designated VPN servers, thus creating a private network across a public network. VPNs run shared data through a point-to-point connection that shields the data from unwanted interference much like an umbrella shields you from the rain. Many businesses employ VPNs to let employees access company networks remotely.

The best VPNs cost a small fee for full protection. VPNs also slow down page-load speeds somewhat. Still, they add an element of confidence in an uncertain environment.

Update all software — Finally, make sure your antivirus and anti-malware programs are up to date, and install all the latest operating system upgrades. These upgrades not only enhance overall performance, they also contain patches and fixes that help hold back the most recent security threats lurking across the Web — or across the room.

(Editor’s note: This post first appeared on Net Worked, the technology blog for the Society of Professional Journalists.)