You, Your Router… and Eggs?

The old adage says “Don’t put all your eggs in one basket.” Yet most of us do exactly that with all of our expensive “smart” home electronics, and the consequences can be as calamitous as the old proverb implies. The latest cyber attacks are targeting home internet routers. Here’s my advice on what you need to know to defend yourself against router attacks…

Yes, Virginia, You Have a Router.

I sometimes hear from people who claim they have no router. But unless you’re on a super-slow dialup connection, you do. Some say they have just a modem they rent from their Internet Service Provider (ISP). For the record, the “modem” that Comcast and other ISPs talk about is the black box they overcharge you to rent.

That box contains the router which controls traffic on your home network as well as the modem that handles communication with the Internet. So yes, this article is relevant to you, too.

The “basket” I mentioned in the intro is your home’s router, the device that acts as a gateway between the Internet and all the gadgets in your home that use it. When malware compromises your router, it’s as if a fox pried open your basket of precious eggs. Everything on your home network is compromised, too.

That is one reason to run anti-malware software on each computer attached to your home network even though the router may have a firewall or other security features designed to keep intruders and malware out. If the router’s protection fails, individual devices may save themselves. The performance hit imposed by such redundancy is negligible compared to the potential risk to computers that harbor irreplaceable data. An even greater reason not to rely on your router’s security is that it is almost non-existent, in most cases.

The firmware of most consumer-grade routers is poorly written to begin with, is often left unpatched when vulnerabilities are discovered, and almost certainly will not be supported longer than two years after your particular router make/model was released. (How long have you had your router? How old was it when you got it?)

This disgraceful state of affairs is especially true for cheap, no-name routers. Brands that I consider trustworthy include TP-Link, Netgear, Linksys, ASUS, and D-Link. If you see a router advertised on Amazon, but it’s a brand you’ve never heard of, and yet somehow they’ve got thousands of glowing reviews, put down the mouse and back away slowly.

Consumer-grade routers are commodities differentiated only by price in the minds of most buyers, who do not grasp the technical mysteries of these boxes that “just sit there blinking.” Consequently, manufacturers shave their costs in every possible way. Software quality and support are sacrificed heavily.

Signs Your Router May Have Weak Security

You may have noticed that your router does not automatically update its software; that updates are never trumpeted via the trade press; that it is devilishly difficult to find current router software on manufacturers’ sites, and tricky to install it correctly if you do find the right update. Even basic documentation of the software that ships with a router is often terribly slim and reads as if was run twice through Google Translate. These are all signs that a router maker has skimped on security software and support.

Another sign of weak security is that the only advice you get for improving security is, “Change the default admin password.” That is the first thing you should do with a new router; if it is the last thing you can do, the router still may have no meaningful security.

“Disable remote administration” is another router security recommendation that should be implemented but does not hacker-proof your router. Remote administration allows you, your ISP, and possibly some hacker in Romania the ability to login to the router via the Internet. Hackers have known about “cross-site request forgery (CSRF) ” tricks that get around this safeguard for many years, but some cheap routers still don’t close this hole.

Your ISP may not even allow you to disable remote router administration. After all, it makes their job a lot easier if they have to reconfigure your router. This is a case of “better to ask forgiveness than permission.” Disable remote administration if you can; address any objections from your ISP only if necessary.

You have the legal right to use your own equipment on your side of the ISP’s box as long as it doesn’t interfere with anyone else’s service, according to the FCC and well-settled case law.

Protecting the IP addresses of the DNS servers that your router uses to look up Internet sites is another security essential that cheap routers neglect. These DNS server IP addresses are stored in the router’s memory. A badly secured router leaves it vulnerable to “DNS hijacking” in which requests for domain name lookups are misdirected to an attacker’s bogus DNS server, and what you see in your browser’s address bar may not be the site that you think it is.

If your home network’s security is worth $100 to $150 amortized over five years, then you should be willing to buy a better router, too. If you are paying for malware protection of individual devices on your home network, a competent router makes that investment more worthwhile; otherwise, you are sacrificing the redundancy that makes security as good as it can be. Check out the Asus RT-AC5300 router, Netgear’s Nighthawk AC1900 family, and models in the Linksys “Smart Wi-Fi” family of routers.

What You Can Do For Free

That said, here are some things you can do to configure better security on any router. I cannot provide detailed instructions for your specific router; but in most cases you’ll start by connecting to your router via this address: http://192.168.1.1 and providing the admin username and password. If you need help logging into your router, or changing the settings once logged in, contact your ISP or look for instructions online.

Your first task is to change the administrator’s password; this one cannot be repeated often enough. Many routers ship with a default password, or no password at all, leaving them wide open to attack.

Disable remote administration: discussed above. The router should be accessible only via a physical Ethernet cable, or from a specific, fixed IP address of a device designated for the administration of the router (such as the owner’s PC or phone).,

Change the router’s IP address. Hackers typically look for vulnerable routers at a factory-default IP address like 192.168.1.1; if that fails, the attack fails in all but the most sophisticated campaigns. But there is no reason a router can’t have another IP address, and your router’s administration interface should allow you to make such a change.

For example, you could choose 192.168.0.100 as your router’s IP address. Log in to the router’s administrative interface in the usual way, via the default IP address. Navigate to the page that enables changes to the router’s IP address and make your change. Save changes and reboot the router. Henceforth, enter the router’s new IP address in your browser’s address bar to access the router’s admin interface.

Keep router firmware up to date. Automatic updating of router firmware should be as standard as automatic Windows Update on all routers; don’t buy a new router without it. Newer models from Linksys and Netgear include automatic firmware updates as an option.

Changing the router’s default password is the first, easy step towards router security you can count on. If you also perform any one of these reinforcements to your router’s security, you will have thwarted a significant portion of other potential attacks. Implement all of these suggestions if you can.

Have a great week from all of us at Zoha Islands And Fruit Islands

Watch: Scripting in Second Life

With C#, a Feature Once on Linden Lab’s Roadmap But Apparently Forgotten

My post on UdonSharp, the user-made C# compiler for VRChat, inspired me to reach out to Jim “Babbage” Purbrick. Because when he worked for Linden Lab, he was aiming to make it possible to script in Second Life with C#. Sad to say that didn’t come to pass, and he left the Lindens in 2010. As he wrote on his blog then:

Alas, tomorrow is my last day at Linden Lab and Babbage Linden will never get to see C# scripts running in the wild in Second Life, but I very much hope that I do. I hope that C# support is eventually added to Second Life and that I don’t have to wait 170 years to turn the handle. As another Babbage said when he failed to build the Difference Engine: “Another age must be the judge”.

Watch Jim’s demo above to see how cool that could have been, with more background on his blog.

“Supporting C# and other modern languages was always the end goal with the work on Mono and we implemented the Mono scripting engine to be language-independent,” he tells me now. “Although in production we only ran LSL scripts compiled to CIL we had development builds which would run C# compiled to CIL with normal C# compilers and then processed to inject microthreading support with the same tools that processed the assemblies produced by the Linden Script Language compiler in production.”

Bringing C# to Second Life, as he explains, would be an enormous modernizing leap for the platform:

Second Life scripting LSL C Sharp Jim Purbrick

“At the time I was working on embedding Mono in Second Life I spent a lot of time talking to another engineer called Joachim Ante who was working on embedding Mono in a game engine he was working on called Unity. Since then Unity has become one of the most widely used game engines in the world. We used Unity to build experiences in Oculus partly because it’s what a lot of engineers know and expect to use. ” (After leaving Linden Lab, Jim eventually wound up working for Facebook/Oculus.) “Supporting C# in SL would make it much easier for those developers to build experiences in Second Life without first having to learn a new language.”

There is at least one barrier to making C# available in SL:

“When I stopped working at Linden the main blocker to getting C# support in to SL was that bytecode verification of untrusted code hadn’t been implemented in Mono, so we could only run trusted C# code in our demos,” as he puts it. “That functionality may well have been implemented since then.”

Another possible barrier? Given all the turnover since 2010, I’m honestly not sure anyone at Linden Lab even remembers this project is still on their shelf — or is high enough on the corporate ladder, to prioritize it.

Hat tip to reader “seph”, who inspired me to talk with Babbage via this comment:

Babbage Linden for years (2006-2010 ish?) communicated the process of getting Second Life’s scripting powered by Mono. He talked often in user groups and other places about a clear path towards supporting not just C# but other .NET languages like F#, IronRuby, IronPython, etc. I’m not sure what happened other than Babbage leaving but obviously we never got C#. It seems now with that past work already done and Mono’s licensing not being as problematic as it once was now that its owned by Microsoft (problematic LGPL then, MIT now), and there even being another option/successor like .NET Core, Linden Lab should invest in updating its own scripting again with the inclusion of C# and more .NET features.

Have a great week from all of us at Zoha Islands and Fruit Islands

 

Tucker Stilley Art Exhibit on Virtual Ability’s Cape Able Island

 

Cape Able Art Gallery - Tucker Stilley.jpg

On Wednesdays from 5:00-7:00pm SLT throughout April and May, there will be guided tours of the Tucker Stilley exhibit on Virtual Ability’s Cape Able Island.

Tucker Stilley is a multimedia artist who was diagnosed with ALS/MND (Lou Gehrig’s Disease) 20 years ago. Now fully paralyzed, he uses his eyes to control his computer and create art at a dizzying pace. Creativity runs in the family; his sister, Kate Stilley Steiner, is a documentary filmmaker and co-founder of Citizen Film. Kate and Tucker created a non-profit called the Cohort of Disembodied Artists as a way to help other artists who use assistive technologies to build a community to support their artwork.

The sibling duo has teamed up with Virtual Ability, an institution of the Second Life community, to present a virtual exhibit of Tucker’s work. Virtual Ability was founded by Gentle Heron in 2007 and has grown into a huge and vibrant community. They describe their vision as “to be the leading provider of services and information for people with disabilities in online virtual worlds.”

Tucker’s bio, available in full at the exhibit, describes him as “born in Santa Ana, California in 1961, and educated in an eclectic patchwork stretching across North America – Stilley is a child of the Space Age – with all the bizarre baggage that entails.” As a ‘distinguished alumni’ of the Massachusetts College of Art and Design, he has worked as a media artist, sound designer and film editor over the years as technology has impacted the way we create and experience art. His work has received numerous accolades, with the LA Times describing it as “breathtaking images of the frailty and strength of the human condition.”

Sign up today to attend a guided tour of ‘Palimpsessed,’ Tucker’s new exhibit, curated by Treasure Ballinger. It is available to the public and is sure to give all who attend a bit of much needed inspiration.

606ca2e35c2b0533614083.jpg

Cape Able Art Gallery

The Cape Able Art Gallery is a beautiful, eclectic gallery hosting art exhibits by deaf and/or disabled artists. Exhibits change quarterly. Artists can be contacted privately for the sale of their works. Cape Able is a nonprofit, Virtual Ability Inc. owned region. Join guided tours of Tucker Stilley’s work every Wednesday in April and May from 5pm to 7pm PT.

Visit in Second Life
Have a Great Week from all of us at Zoha Islands and Fruit Islands

An Interview With Joel Eilde

 

Cory MM.png

This week’s featured musician is Joel Eilde (Joel Tamas irl), who plays rock interspersed with little doses of jazz, country, and blues both inworld and with his band Red Heaven. He has played over 3,000 shows in SL over the last decade and encourages newcomers to join the unique virtual music scene.

Please check out the official Red Heaven website.

Q: When/how did you hear about Second Life?
A: Back in early 2007, I was working as a tech journalist and I was doing a week-long series about Second Life, which I had only just heard of at that point. So I made an account to jump in and try it out and… I stayed. Simple as that. 

Q: What instruments do you play, and what made you pick them up?
A: I sing, I play guitar, and I play bass. Like a lot of young adolescent males with unrealistic dreams of stardom, I picked up bass as a young teen and got more into guitar later on. I didn’t get singing for real until I started performing in Second Life in 2011. I had dabbled before, but never felt confident about my voice until I was in my 40s. Now I actually think of myself as a singer first, so things have really changed.

Q: Tell us the origin story of your band Red Heaven.
A: Red Heaven is, unequivocally, a Second Life success story. I started performing in Second Life because I wanted an option to play music without going to bars and all that malarkey. And doing so built up my skills really fast: singing, playing, songwriting, all of it. I really credit Second Life for being the woodshed that got me to the point where I could really make Red Heaven a proper real-life band. I honestly couldn’t have gotten to this point with the albums and real world live shows if I hadn’t been grinding in Second Life for so many years. 

Q: Are your band mates also SL Residents?
A: Only one: Olga Zoubkova, whose SL name is Loreen Aldrin. She lives in Russia so she’s not part of my performing band, but she’s all over every single Red Heaven album. The others, I don’t think they have any idea what Second Life is. :)

Q: How has your relationship to creativity been affected by the last year?
A: Well, since January 2020 I’ve released two albums (with another to come this summer), started streaming live Facebook shows, did the biggest live-streamed full-band show of my life, and have been pounding out Second Life shows on the regular. So I guess I’d say it’s been pretty good, but I’m also one of those very lucky people who’s had tons of free time during the pandemic so far, and therefore it’s been easy for me to put it to good use doing what I love.

Q: What is the most meaningful aspect of the SL music community to you?
A: What I love more than anything and with all my heart is the absence of “stardom.” An ordinary person can just turn on their mic for an hour and play their acoustic guitar and sing, and they can get a legit following and even make a little money. That’s a beautiful thing to me; the way Second Life audiences embrace amateur music without celebrity. I don’t know any other audience that’s so open to and supportive of amateur music. And I honestly wish the world was more like Second Life in that way.

 

Thank you, Joel!

We have had the pleasure of having Joel at Brick Shiphouse a few times and continue to find new and seasoned musicians alike for your entertainment pleasure.  Please check us out in world https://maps.secondlife.com/secondlife/Mango/128/128/20/

and Like us on Facebook https://www.facebook.com/BrickShiphouseSL

Have a great week from all of us at Zoha Islands and Fruit Islands

VWBPE 2021

VWBPE 2021: Patch Linden – the board, Second Life, and more

 

VWBPE 2021: Patch Linden – the board, Second Life, and more

 
VWBPE 2021

On Thursday, March 18th, 2021 Patch Linden, the Lab’s Vice President of Product Operations and a member of the company’s management team, attended the 2021 Virtual Worlds Best Practice in Education (VWBPE) conference in the first of three special events featuring representative from Linden Lab.

The following is a summary of the session covering the core topics raised. The notes provided have been taken directly from the official video of the session, which is embedded at the end of this article. Time stamps to the video are also provided to the relevant points in the video for those who wish to listen to specific comments.

Notes:

  • This is a summary, not a full transcript, and items have been grouped by topic, so may not be presented chronologically when compared to the video.
  • In places, information that is supplementary to Patch’s comments is provided in square braces (i.e. [ and ]) are used in the body text below to indicate where this is the case.

Linden Lab’s New Board

[Video: 4:04-10:55]

[For additional information on the new board members, please also see: Meet Linden Lab’s new board of directors (January 9th, 2021) and Linden Lab’s board of directors: snippets of news (February 4th, 2021).]

Linden Lab’s board of directors (l to r): Brad Oberwager, J. Randall Waterfield and Raj Date
  • New ownership team is a “joy to work with”.
  • Brad Oberwager is particularly active, and has the avatar name Oberwolf Linden  and is described as “a lot of fun” to be around and to work with. [He is both on the board and serves as Executive Chairman on the management team.]
Brad Oberwager has joined the Lab’s management team as Executive Chairman, and his long-time colleague, Cammy Bergren serving as Chief of Staff
  • As Executive Chairman Brad Oberwager’s aim is to see Second life set as the “largest and best” virtual world,  and has a genuine love for the platform.
  • Both J. Randal Waterfield and Raj Date (particularly) appear to lean more towards the Tilia Pay side of things, with Brad Oberwager more “in the middle”. However, this doesn’t mean there is a dichotomy. Tilia is a key component of Second Life (it runs the entire Linden Dollar eosystem), and Tilia’s own success and growth will benefit SL.
    • [Tilia is a wholly-owned subsidiary of Linden Research (Linden Lab). It’s board comprises two members of the Linden Research Board: Brad Oberwager and Raj Date), together with Aston Waldman, the Chief Financial Officer (CFO) at Linden Lab. The management team comprises: members of the the Lab’s management team: Aston Waldman, David Kim, Ray Johnson, Emily Stonehouse and Brett Attwood.]
    • The two entities enjoy a symbiotic relationship: Tilia is owned by Linden Research with Linden Research also a primary customer. However, day-to-day operations are carried out by two separate  teams.
  • [48:48-49:59] The new owners are bringing a tremendous new energy to Linden Lab, and are “super enthusiastic” about growing Second Life, including its educational use. What gets to be invested in the platform will only benefit everyone.
    • The key question Brad Oberwager asks and prompts people to ask is, “How will it benefit the residents, and how will it benefit Second Life?”

SL Short-Term and Longer Term

Priorities for the Second Life Team in the Next 12 Months

[Video: 10:57-16:02]

  • Immediate priority is to increase the Second Life active user base. This is very much being driven as a goal by Brad Oberwager, and includes:
    • “Drilling down into” the new user experience.
    • Refactoring the on-boarding process and orientation islands.
    • The work will include viewer-side changes that are intended to “smooth out a lot of the bumps in the road”.
    • The will will be built on two years of active study and A/B testing to try to determine what the on-boarding path should look like, together with learning from users returning to Second life as a a result of the SARS-CoV-2 impact.
    • It is hoped this work will both help LL improve user retention and also feed through to the community gateways, particularly with regards to the upcoming changes which will be made to the viewer.
    • No specifics provided, but the viewer changes are described as:
      • “New UIs”
      • Refreshed looks.
      • Easier to find information.
  • There is also the need to complete the work of transitioning to AWS – fixing the current issues directly related to the move and also on-going work to properly leverage the AWS environment for the benefit of the platform.
    • [29:24-30:00] This work includes a  lot of under-the-hood simulator performance improvements that will be continuing throughout the year.

Second Life in Five Years Time

[Video: 16:04-19:33]

  • The company would like to at least double the active user population over the next 3-5 years.
  • This is seen as a realistic goal in light of the shift in emphasis seen within business, education, etc., from purely physical world interactions towards more digitally-based interactions / hybrid opportunities that mix various formats [e.g. digital + virtual + remote working / learning].
  • AWS offers the potential for regions to be geographically located around the world, potentially bringing them closer to their core audience.
    • This could allow educational regions, for example, to be hosted much closer to the schools / colleges / students they serve, making them more responsive.
    • This approach could potentially start to be used towards the end of 2021.
  • Further out, geolocating regions could potentially offer the ability for the Lab to offer white label grids to specific customers / groups.
  • [24:00-28:25] White label grids present the opportunity for the Lab to better meet specific client requests to remove features and capabilities from the viewer – and also take features an capabilities required for a specific environment and potentially make them available across the entire Second Life product.
    • Two examples of the latter already exists: the new extended chat range feature available to region owners, and the Chrome Embedded Framework updates that allow video to be streamed into Second Life, as originally demonstrated in the Adult Swim streaming of episodes from The Shivering Truth in May 2020.

What Lessons has LL Learned due to the Pandemic?

[Video: 20:31-24:00]

  • The pandemic, particularly as a result of attempts to leverage the platform for education, business and similar use by organisations and groups, reinforced the fact that the new user experience needs to the overhauled.
  • It has also underlined the fact that people’s usage habits have changed.
  • The Land Team in particular has learned a lot about business, etc., needs of clients – the team deals directly with such requests as they come in to the Lab, and so have been dealing first-hand with understanding client requirements, determining the best for of assistance (e.g. providing one of the Lab’s turn-key solutions or brokering contact between the client and a solution provider who can meet their requirements.

Pricing and Options

[Video: 30:27-34:17]

  • Nothing on the roadmap related to pricing; land costs should remain untouched through the rest of the year.
  • There is the potential for AWS to allow the Lab to develop new region products; this is something that may start to be looked at 12-24 months hence.
  • AWS might also allow for on-demand spin-up of regions, initially building on the idea of Homestead holders being able to take a temporary upgrade to a Full region to run a specific event, then downsizing back to a Homestead.

Competition and Experimentation

[Video: 34:39-45:58]

  • Competition helps drive innovation.
  • There is no Lab-based group specifically tasked with investigation competitive platforms, but staff tend to try them out through their own interest.
  • Attention is paid to how other platforms adopt newer technologies and the challenges encountered in such adoptions.
  • There is still no real, direct competitor to Second Life in terms of size, flexibility of use, or in having an in-built content creation tool set.
  • LL don’t regard users as beta testers per se. However, major new features do require trialling / testing, which can involve selected users / tried at scale to determine feasibility / performance, etc. Sometimes the result is a capability has to be withdrawn as it is not performant enough (e.g. the VR headset viewer) and / or negatively impacts the user experience.

Oz Linden’s Departure

[Video: 46:09-46:56]

  • Oz was a fabulous colleague to work with. His retirement leaves a “gaping chasm” at the Lab.
Have a Great Week from all of us at Zoha Islands and Fruit Islands

 

Try These 10 Tips To Prevent Identity Theft

Identity fraud affected over 14 million U.S. consumers in 2019, with losses totaling $16.9 billion. Spikes have been noted in ‘new account fraud’ and ‘account takeover fraud’ — two of the most damaging types of ID theft. In addition, more than 1400 data breaches at major corporations had consumers vulnerable to phishing and other forms of fraud. I haven’t found stats for 2020 yet, but we can assume they’re equally dismal. Read on for my tips on avoiding fraud and identity theft…

 
 

Ten Ways to Protect Yourself From Identity Theft

Identity theft is one of the most traumatic non-violent crimes to which one can fall victim. When a crook uses your good name to commit fraud or robbery, the impact on your reputation, employability, and credit is severe, and can last for years. It’s even possible to find yourself arrested for crimes you did not commit. So it’s important to protect yourself against identity thieves.

Javelin Strategy and Research says “the resurgence of higher-impact fraud types such as new account fraud, account takeover, and misuse of non-card accounts casts a shadow over the progress made in fighting card fraud.”

The telltale signs that your identity has been stolen can be subtle and may go unnoticed for months, even years. Inexplicable charges on your credit card bill may be chalked up to clerical errors. Letters from creditors you’ve never heard of and certainly never did business with may be ignored. But eventually, an enormous credit card bill, legal papers, or police show up at your door. You are denied a mortgage or a job. Then the real nightmare of proving “I didn’t do it” begins.

It can be maddeningly difficult to clear your name, costing hundreds of hours and thousands of dollars. That’s why it’s important to take steps NOW to make it as difficult as possible for a scammer to victimize you. Take action on these ten tips as soon as possible, and you’ll tips the scales in your favor:

    1. Check your credit report on a regular basis, to see if there is any incorrect information, or accounts you don’t recognize. Read article FOUR Free Credit Reports Online explains how U.S. citizens can get four free credit reports per year, and avoid the credit report scammers.

    1. Shred your sensitive personal documents before throwing them away. A battery-powered cross-cut shredder can render your banking and credit card information unreadable and costs less than $30. “Dumpster diving” is a favorite, low-tech way by which ID thieves collect bank statements, credit card numbers, Social Security Numbers, and other bits of your identity from your trash.

    1. Be wary of telephone solicitors asking for personal or financial information to “verify your identity.” Common scams involve someone who claims to be from your bank or credit card company, claiming that there is a problem with your account. If you did not initiate the call, hang up and call the toll-free number on your statement, then ask for the security department. This happened to me recently, where callers claiming to be from my utility company and Chase Bank called my unlisted number and asked for me by name. I Googled their number on the caller ID, and found that many others reported similar calls.

    1. Keep important documents, such as tax returns, birth certificates, social security cards, passports, life insurance policies and financial statements secure in your home. A fireproof safe is a good idea, but remember to bolt it to the floor or hide it well. Consider using encryption for your personal and financial data, in case your computer is lost or stolen. See my article Is it Time to Start Encrypting Your Files? for help getting started with encryption tools.

    1. ATM Safety: Make sure no one is looking over your shoulder when you enter your debit card’s PIN at an ATM or point-of-sale terminal. I recommend the “two finger method” where you point two fingers at the ATM keypad, but only press with one. This makes it nearly impossible for someone nearby to discern your PIN while you’re entering it. You should also be wary of “skimming” devices at ATMs and gas pumps, which can be used to steal your card information. See All About Skimmers to learn how to identify these devices.

    1. Do not write PINs, account numbers, and passwords on scraps of paper kept in your wallet, purse, or laptop case! A password manager will help in two ways: generating strong passwords, and automatically entering them on websites when needed. See related articles How Hackable is Your Password? and Can This Robot Manage Your Passwords?.

    1. Get blank checks delivered to your bank branch, not to your home mailbox from which they may be stolen. On a similar note, eliminate junk mail which may contain “convenience checks” and credit card offers that can also be intercepted from your mailbox. Visit OptOut Prescreen for help eliminating these dangerous nuisances.

    1. Credit Cards: Check to see if your online banking service has a feature to notify you by phone, text, or email when you when a credit card transaction exceeding some threshold occurs. Also, when you order a new credit or debit card, mark the calendar and follow up promptly if it does not arrive within 10 business days. Ask the card issuer if a change of address request was filed, and if you didn’t do it, hit the panic button.

    1. Don’t give your Social Security Number to any business just because they need a “unique identifier” for you. Instead, ask if you can provide alternate proofs of identity, such as your driver’s license or birth certificate. Exceptions to this rule would be employers, banks or landlords with a legitimate reason to do a credit check or withhold taxes.

  1. Consider placing Fraud Alerts with the major credit bureaus, so new accounts cannot be opened without your knowledge. Call Equifax (800-525-6285), and they will pass along the request to both Experian and Trans Union. Fraud alerts expire after 90 days, so you can repeat the process quarterly, or lock down your credit file with a Credit Freeze. A freeze is permanent and free (in most U.S. states) but it may interfere with loans applications, employment screening, signing up for utility or phone service, new insurance policies, and other transactions. See article [ALERT] Freeze Your Credit Files Now for details on how to place fraud alerts or freeze your credit file.

There are plenty of common sense things you can do to protect against identity theft, but sometimes it’s beyond the control of even the most vigilant. Data breaches perpetrated on healthcare companies, hotel chains, airlines, department stores, mobile phone providers, and social media firms are a “treasure trove” of data that could be used to commit identity theft and fraud. Here’s a very interesting article detailing the 52 biggest data breaches of recent years, and what types of consumer data were affected.

What About LifeLock?

You may be considering LifeLock or a similar identity theft protection service. Although this can be helpful, no company can guarantee that identity theft will never happen. These services monitor your bank account, and look for suspicious online activity done in your name. They’ll alert you if they spot any red flags and promise to help you repair the damage. But because of lawsuits filed by the credit bureaus, Lifelock can no longer place fraud alerts on your behalf.

It can be a nuisance to manage fraud alerts manually. But given the recent focus by scammers on new account fraud and account takeover fraud, a service such as LifeLock, Identity Guard or IdentityForce may still be useful. The downside is that most cost $10-$20 a month, and none of them can claim to prevent all forms of identity theft.

Have a great week from all of us at Zoha Islands and Fruit Islands