Holiday Shopping and Security
– Hello (hackable) Barbie
Toys that talk back are some of the hottest holidays gifts this
year. And they may soon be hot items for hackers.
Cybersecurity researchers uncovered a number of major security
flaws in systems behind Hello Barbie, an Internet-connected doll
that listens to children and uses artificial intelligence to
respond. Vulnerabilities in the mobile app and cloud storage used
by the doll could have allowed hackers to eavesdrop on even the
most intimate of those play sessions, according to a report
released Friday by Bluebox Security and independent security
researcher Andrew Hay.
But the news comes on the heels of a major breach at VTech, a Hong
Kong-based seller of toys for toddlers and young children, which
exposed profiles on more than 6 million children around the
world. And Hello Barbie’s security issues are yet another sign that
Internet-connected devices are making their way into children’s
hands with problems that leave privacy at risk.
– Is Lifelock Worth It?
Some people feel safer with it, but Consumer Reports warns that it
may just not be worth the money.
After watching the ad you might conclude that LifeLock somehow
intervenes to shut down sites that sell identities. In fact, when
LifeLock discovers its members’ data for sale, the only thing it
says it will do is “notify you,” according to the 5,808 words in
its terms and conditions of service, a legal document that
supersedes any advertising claims.
For its services LifeLock charges $110 to $275 a year.
Protect yourself for less. Monitor your financial statements and
credit reports for suspicious activity that can lead to identity
theft. If your credit cards are lost or stolen, you don’t need
LifeLock to notify your financial institutions to cancel and
replace them. If your Social Security number is out there, we
suggest that you put a security freeze on your credit reports at
the big three credit bureaus–Equifax, Experian, and
TransUnion. That will prevent creditors from accessing your file if
a crook tries to open a new account in your name. Without access,
creditors are likely to deny a credit application.
– Shopping online? Tips for online privacy:
– Skip attachments and hyperlinks. Even attachments from people you
know can be nefarious, since those acquaintances could be infected
with a computer virus. If the email contains unusual or scant
wording, don’t open the attachment. The same logic applies to
hyperlinks in emails (or requests for information received over
text message); Hover over the link to make sure it’s going to
direct you to a valid address.
– Don’t make purchases over coffee shop lattes. Any public Wi-Fi
connection, such as those offered at coffee shops or libraries,
carry extra risks, since they aren’t private. Don’t shop online or
engage in any financial transactions, like logging into your bank
account, from public Wi-Fi.
– Don’t trust your “friends.” Hackers target social media,
including Facebook and Twitter, because they know it’s easier to
get people to click on a link that appears to be recommended from a
friend. McAfee has identified dozens of examples, including free
dinner offers at Cheesecake Factory and fake mystery shopper
invitations. Offers that sound too good to be true, such as free
iPads or free iPhones, are also a common lure. The company cautions
against clicking on fake alerts from friends, who may have been
hacked themselves, and avoiding shortened links on Twitter that
claim to offer deals.
– Open e-cards with caution. They can be cute, but they can also be
malicious. McAfee warns that some e-cards download viruses onto
your computer when you download them. To avoid that outcome, the
company suggests only opening e-cards from domain names that you
recognize as big e-card sites.
– Use a password manager to create your passwords.
– Check up on an e-retailer before making purchases. Some
fly-by-night operations take advantage of the uptick in shopping
around the holiday season to collect cash without ever mailing out
the goods in return, warns the Better Business Bureau. The same
applies to in-person exchanges on Craigslist or other online
sites. To protect yourself, the bureau recommends never wiring
money or paying in advance, and bringing a friend to any in-person
– Review your statements. The first sign of identity theft is often
an unfamiliar charge on a credit card or bank statement; reviewing
those statements carefully and contacting your bank or card
provider with any concerns can prevent a theft from
expanding. Credit cards usually come with some measure of automatic
protection, as long as you report the scam relatively quickly.