Holiday Shopping and Security

– Hello (hackable) Barbie

Toys that talk back are some of the hottest holidays gifts this year. And they may soon be hot items for hackers.

Cybersecurity researchers uncovered a number of major security flaws in systems behind Hello Barbie, an Internet-connected doll that listens to children and uses artificial intelligence to respond. Vulnerabilities in the mobile app and cloud storage used by the doll could have allowed hackers to eavesdrop on even the
most intimate of those play sessions, according to a report released Friday by Bluebox Security and independent security researcher Andrew Hay.

But the news comes on the heels of a major breach at VTech, a Hong Kong-based seller of toys for toddlers and young children, which exposed profiles on more than 6 million children around the world. And Hello Barbie’s security issues are yet another sign that Internet-connected devices are making their way into children’s
hands with problems that leave privacy at risk. – Is Lifelock Worth It?

Some people feel safer with it, but Consumer Reports warns that it may just not be worth the money.

After watching the ad you might conclude that LifeLock somehow intervenes to shut down sites that sell identities. In fact, when LifeLock discovers its members’ data for sale, the only thing it says it will do is “notify you,” according to the 5,808 words in its terms and conditions of service, a legal document that
supersedes any advertising claims.

For its services LifeLock charges $110 to $275 a year.

Protect yourself for less. Monitor your financial statements and credit reports for suspicious activity that can lead to identity
theft. If your credit cards are lost or stolen, you don’t need LifeLock to notify your financial institutions to cancel and replace them. If your Social Security number is out there, we suggest that you put a security freeze on your credit reports at the big three credit bureaus–Equifax, Experian, and TransUnion. That will prevent creditors from accessing your file if a crook tries to open a new account in your name. Without access, creditors are likely to deny a credit application.
– Shopping online? Tips for online privacy:

– Skip attachments and hyperlinks. Even attachments from people you know can be nefarious, since those acquaintances could be infected with a computer virus. If the email contains unusual or scant
wording, don’t open the attachment. The same logic applies to hyperlinks in emails (or requests for information received over text message); Hover over the link to make sure it’s going to
direct you to a valid address.

– Don’t make purchases over coffee shop lattes. Any public Wi-Fi connection, such as those offered at coffee shops or libraries, carry extra risks, since they aren’t private. Don’t shop online or engage in any financial transactions, like logging into your bank account, from public Wi-Fi.

– Don’t trust your “friends.” Hackers target social media, including Facebook and Twitter, because they know it’s easier to get people to click on a link that appears to be recommended from a friend. McAfee has identified dozens of examples, including free dinner offers at Cheesecake Factory and fake mystery shopper
invitations. Offers that sound too good to be true, such as free iPads or free iPhones, are also a common lure. The company cautions against clicking on fake alerts from friends, who may have been hacked themselves, and avoiding shortened links on Twitter that claim to offer deals.

– Open e-cards with caution. They can be cute, but they can also be malicious. McAfee warns that some e-cards download viruses onto your computer when you download them. To avoid that outcome, the company suggests only opening e-cards from domain names that you recognize as big e-card sites.

– Use a password manager to create your passwords.

– Check up on an e-retailer before making purchases. Some fly-by-night operations take advantage of the uptick in shopping around the holiday season to collect cash without ever mailing out the goods in return, warns the Better Business Bureau. The same applies to in-person exchanges on Craigslist or other online sites. To protect yourself, the bureau recommends never wiring money or paying in advance, and bringing a friend to any in-person exchanges.

– Review your statements. The first sign of identity theft is often an unfamiliar charge on a credit card or bank statement; reviewing those statements carefully and contacting your bank or card provider with any concerns can prevent a theft from expanding. Credit cards usually come with some measure of automatic
protection, as long as you report the scam relatively quickly.