Creativity is awesome. Creativity is what makes people unique and different. But creativity isn’t always a good thing. Social engineering is the use of a little bad creativity to get people to divulge information, such as usernames and passwords.

The most common methods of social engineering involve the telephone and email. This helps protect the hacker’s true identity and makes it easier to trust them because you can’t see them in face to face. However, in some circumstances, hackers will social engineer situations by dressing as a uniformed employee (security guard, repairman, etc). This uniform generates a subconscious trust between you and the hacker.

It is very important to weed out these hacker’s and their social engineering in order to protect your data. These artists are counting on your natural human nature of trusting and willingness to help others. They often appear to be in a hurry in order to keep you focused on helping rather than asking questions.

Using these simple tips can be the difference between losing your valuable data to theft or protecting it:

• Seek assistance if in doubt
• Ask for and verify contact information
• Ask who authorized the request
• Verify the authorization
• Be very concerned about unescorted persons
• Ask simply why the information is needed
• Report any suspicious activity immediately

FREE Security Awareness Poster

This article is available as a security awareness poster! PCI, MasterCard, Visa and American Express require a security awareness program at most companies who take or process credit cards. Use this free poster in your company to spread the word!

Share this on your favorite social network:

Hide Sites

A helmet is a biker’s number one method of protection in a crash, dip or fall.  Did you know that your password is the number one method of protecting your data from would be thieves, hackers and other criminals?  You can help protect your data by using complex, hard to guess passwords like the examples above.

Most password cracking software can guess your password in a matter of just a few short seconds if you use simple passwords, such as the name of your child, or spouse.  That’s because your password is a word!  In short, password cracking programs use the dictionary to search for your password, but it even makes it easy for people who know you to guess when we use common, or well known things about us as passwords.

Use these simple tips to make creating a complex password easy, rememberable by you, but hard for hackers and thieves to figure out.

• Use both letters and numbers
• Don’t use any personal information
• Intentionally misspell words
• Combine words or use a phrase
• Use upper and lowercase together
• Use special characters (#$%^&)
• Use as many characters as possible
• Avoid words listed in the dictionary

FREE Security Awareness Poster

This article is available as a security awareness poster!  PCI, MasterCard, Visa and American Express require a security awareness program at most companies who take or process credit cards.  Use this free poster in your company to spread the word!

Share this on your favorite social network:

Hide Sites

Elephants remember everything!  If elephants had fingers and used computers, they certainly wouldn’t write down their password!  Humans shouldn’t either!  Protecting your information from would-be thieves is essential.

Usernames (sometimes referred to as an ID) and passwords, whether assigned to you or selected by you, are designed to control access and log your system usage.  When a thief or hacker uses your username and password to access a system, everything that person does appears to be you!

These thieves may attempt to access your system in a variety of ways, but they almost always first look for usernames and/or passwords that have been written down in the office or work areas.  They also target computers that are left logged in when the employee walks away.  If a computer is left logged in and access by one of these thieves they can use the password saving features of web-browsers to access password protect applications and websites.

The good news is, we don’t have to have the memory of elephants to remember our passwords!  Use the informational tips below to help keep your passwords safe from thieves and hackers and protect your organizations information!

• Never write down or share a password with anyone.
• Change your password often.
• If you think your password has been stolen, change it immediately.
• Avoid using password saving features in web browsers.
• Do not allow others to see you entering your password.
• Don’t use the same password for personal accounts as you do at work.
• Log off or lock your computer when you walk away from your desk.

FREE Security Awareness Poster

This article is available as a security awareness poster!  PCI, MasterCard, Visa and American Express require a security awareness program at most companies who take or process credit cards.  Use this free poster in your company to spread the word!

Share this on your favorite social network:

Hide Sites

So what can happen if someone breaks into your network? Well for starters, it acts as a gateway for hackers to break into your system. On top of that, they can install sniffers (which allow them to steal such things as passwords and other sensitive information), adware, spyware, trojans, viruses, worms, backdoors, rootkits, and other malware as well as pursue wireless jamming attacks, encryption attacks, DoS attacks, and other various attacks. In short, given enough time, the sky is the limit on what a hacker could do when they get inside your AP.

At this point, many may say to themselves “Well, I have nothing of value on my computer, so I don”t care if they hack into it”. This couldn”t be any farther from the truth. If hackers compromise your computer, they”ll turn it into something called a “zombie” (in other words, their slave), which will do anything the hacker wants it to. This could be anything from helping crack (or decipher) passwords, to breaking into websites, to even breaking into other computers.

Here”s the kicker: if the hacker uses your computer to break into something and gets caught, guess who faces the consequences? Well, it was your computer that did the attacking, so it will be your fault, no matter if you knew about the attack or not. Whether it leads to fines or even jail time, you are stuck with a mess trying to prove that you are innocent, all while the hacker carries on with his life and pursues more targets.

Knowing about the consequences that can come from insecure AP”s, there are many things you can do to prevent outsiders from trying to break in. Ideally, you”ll use a “Defense in Depth” methodology, which means setting up multiple layers of security to try and deter hackers from breaking in. Now, some of these things discussed will not really add much in the way of security, but it is additional security nonetheless. Hackers love easy targets, so every layer of security you add makes it more difficult for them to break in, and thus acts as a deterrent. That being said, use the following security measures on your personal AP:

• Hide your SSID broadcast. Your SSID is simply the name of your AP. Without it, hackers will not know the difference between your AP and other ones in the vicinity.
• Change the name of your SSID. This may not sound like much but, the name can tell a hacker a lot about your AP. Using the default name probably means you are also using the default password, which can easily be found on the internet.
• Use MAC address filtering. A MAC address is simply an address burned into each wireless card. Using this filtering means that only the entered MAC addresses can access your AP.
• Enable Encryption. Use the WPA or WPA2 (if available) security mode as well as the AES algorithm. This makes it way more troublesome for hackers to eavesdrop your communications.
• Use both hardware and software firewalls. Chances are there is a firewall embedded right in your AP, so make sure it is enabled as well as firewalls on the networked computers.
• Keep learning about new wireless security threats. Technology keeps evolving, so it is in your best interest to research computer protection articles and other related news sources. Invest in computer security tools. While it is important to use layered security on your AP, it is even more important to do the same for your computer in case the hacker breaks through.

When it comes to wireless networks, deterrence can be one of the most powerful things working for you, providing you implement a Defense in Depth methodology like described above. With the large amount of weak and insecure AP”s that are live today, layered security will play a vital role in whether or not outsiders try to break into your wireless network. In the end, taking the time to secure your AP now could be the difference of legal repercussions or identity theft down the road.

Share this on your favorite social network:

Hide Sites

We’ve already looked at why WPA is better than WEP, so why have a new 802.11i security standard? Isn’t WPA good enough?

WPA has, rightly, been admired as a masterpiece of retro engineering. It addresses the weaknesses of WEP and the result is a very secure security system that is backwardly compatible with most existing WiFi compliant equipment. WPA is a practical solution that will provide more than adequate security for most wireless network applications.

However WPA is in the end a compromise solution. It still relies on the RC4 encryption algorithm and TKIP (Temporary Key Integrity Protocol). Although unlikely, the possibility of new weaknesses being discovered still exists.

A completely new security system, avoiding the design flaws of WEP entirely, represents the best long term, scalable solution to wireless LAN security. To this end the standards committee decided to design a new security system from the ground up. This is the new 802.11i standard, also known as WPA2 by the WiFi Alliance.

What is 802.11i?
802.11i uses the concept of a Robust Security Network (RSN). In RSN wireless devices need to support additional capabilities. This requires new hardware and software drivers making a fully compliant RSN network incompatible with existing WEP equipment. In the transitional period both RSN and WEP equipment will be supported, (in fact WPA/TKIP was a solution designed to make use of older equipment) but in the longer term WEP devices will be phased out.

802.11i allows for various network implementations and can use TKIP, but by default RSN uses AES (Advanced Encryption Standard) and CCMP (Counter Mode CBC MAC Protocol) and it is this which provides for a stronger, scalable solution.

What is AES/CCMP?
Advanced Encryption Standard (AES) is the cipher system used by RSN. It is the equivalent of the RC4 algorithm used by WPA. However the encryption mechanism is much more complex and does not suffer from the problems associated with WEP. AES is a block cipher, operating on blocks of data 128bits long.

CCMP is the security protocol used by AES. It is the equivalent of TKIP in WPA. CCMP computes a Message Integrity Check (MIC) using the well known, and proven, Cipher Block Chaining Message Authentication Code (CBC-MAC) method. Changing even one bit in a message produces a totally different result.

One of the worst aspects of WEP was the management of the secret keys. Many administrators found it impractical to manage keys in larger networks. As a result WEP keys were often not changed making it easier for hackers.

RSN defines a hierarchy of limited life keys, similar to TKIP. AES/CCMP requires 512bits to accommodate all the keys, less than TKIP.

Also like TKIP master keys are not used directly, but are used to derive other keys. Fortunately the administrator only needs to provide a single master key.

Messages are encrypted using a secret key (128bits) and a 128bit block of data. The encryption process is complex, but again the administrator does not need to be aware of the intricacies of the computations. The end result is encryption that is much harder to break than even WPA.

Conclusion
802.11i is by far the strongest security system for wireless networks. The purist would argue that anything less is the equivalent of no security at all.

When the 802.11i standard is ratified RSN (WPA2) compatible equipment will begin to appear. 802.11i (WPA2) will be the most robust, scalable, and secure solution and will appeal particularly to enterprise users where key management and administration has been a major headache.

802.11i has been designed using proven technologies. Security has been designed from scratch in full consultation with the best cryptographers and stands every chance of being the solution that wireless networks need. Although no security system can ever be considered totally unbreakable, 802.11i security is a dependable solution and seems unlikely to be breached. It suffers none of the problems of older systems.

802.11i is a wireless security system that you can depend on. You can use WPA to accommodate older equipment and as that reaches the end of its useful life you can upgrade to a fully compliant RSN network.

Share this on your favorite social network:

Hide Sites

What is WPA encryption?
WiFi Protected Access (WPA) is a newer security standard adopted by the WiFi Alliance consortium. Adhering to WiFi compliance ensures interoperability between different manufacturer’s equipment.

WPA delivers a higher level of security that further beyond anything that WEP can offer and bridges the gaps between WEP and 802.11i networks. WPA has the advantage that the firmware in older equipment may be upgradeable, without new hardware. This is not true for WPA2.

How does WPA work?
WPA uses Temporal Key Integrity Protocol (TKIP). TKIP is designed to allow WEP to be upgraded. This means that all the main building blocks of WEP are present, but corrective measures have been added to address security problems.

The weaknesses in WEP have been well publicized. Cracking methods are now available to comprimise a WEP password in less than 90 seconds. TKIP’s improvements are described below.

How WPA improves on WEP
IV values can be reused/IV length is too short. The length of the IV has been increased from 24bits to 48bits. Rollover of the counter is eliminated. Reuse of keys is less likely.

In addition IVs are now used as a sequence counter, the TSC (TKIP Sequence Counter), protecting against replaying of data, a major vulnerability in WEP.

Weak IV values are susceptible to attack
WPA avoids using known weak IV values. A different secret key is used for each packet, and the way the key is scrambled with the secret key is more complex.

Master keys are used directly in WEP
Master Keys are never used directly in WPA. A hierarchy of keys is used, all derived from the Master. Cryptographically this is a much more secure practice.

Key Management and updating is poorly provided for in WEP
Secure key management is built-in to WPA, so key management isn’t an issue with WPA.

Message integrity checking is ineffective
WEP message integrity proved to be ineffective. WPA uses a Message Integrity Check (MIC) called, Michael! Due to the hardware constraints the check has to be relatively simple. In theory there is a one in a million chance of guessing the correct MIC. In practice any changed frames would first need to pass the TSC and have the correct packet encryption key even to reach the point where Micheal comes into operation. As further security Michael can detect attacks and performs countermeasures to block new attacks.

Conclusion
WPA (TKIP) is a great solution, providing much stronger security than WEP, addressing all the weaknesses and allowing compatibility and upgrades with older equipment.

Share this on your favorite social network:

Hide Sites

A computer forensics company from New York (Kessler International), conducted a study of used hard drives available on eBay. Almost half of the hundred drives they sampled, purchased in random bulk lots, contained data that was easily recovered. A shocking amount of them required no more recovery effort than plugging them in and powering up. They found personal photos, financial records, emails, personal and corporate correspondence, corporate secrets, and more:

“The average person who knows anything about computers could plug in these disks and just go surfing,” Kessler said. “I know they found a guy’s foot fetish on one disk. He’d been downloading loads and loads of stuff on feet. With what we got on that disk — his name, address and all of his contacts — it would have been extremely embarrassing if we were somebody who wanted to blackmail him.”

While you may not be too terribly worried about the world finding out about your curious interest in Nine West Pumps, nobody should run the risk of their personal and financial data finding its way onto the Internet when it is so easily prevented.

Understanding File Deletion
The first step in securing your data is bolstering your understanding of how data is stored and what happens when you delete it. Many people operate under the impression that when they delete a file it’s gone, as though they had torn a page from a book. But the way most operating systems handle such events is by simply removing the little marker that points to the file. That’s more like having information written on a chalk board in columns, each column labeled with a header, and then simply erasing that header to signify that column is “deleted” and available for future writing over. Anyone who looks at the board can read everything written in the column, until someone starts writing over it. What does this mean for your data privacy? It means a computer-savvy middle school student could recover a filed deleted in Windows, with little effort and widely available freeware tools. You need tools that will actually wipe the chalk board.

Secure Deletion and File Overwrite
Overwriting the data on a disk with other data is a strong defense against the original data being recovered. There is an enormous amount of misinformation about the process of secure file deletion and overwriting, however. There’s no sense in wasting your time and electricity performing elaborate file deletion rituals that won’t yield you any additional benefit. An excellent example of the high effort/low yield relationship that can sometimes occur in secure deletion is the Gutmann Method. The Gutmann Method was deisgned by Peter Gutmann and Colin Plumb in the 1990s, and is held up by many as a gold standard for disk wiping. It’s also intensely time consuming and could easily take weeks to wipe a single modern drive of moderately high capacity. The image, above right, shows a screen capture of the 35-pass Gutmann Method taking fourteen days. Turns out the majority of that time would be a complete waste, as pointed out by Gutmann:

In other words, a user who wastes a week of clock cycles and electricity furiously scrubbing a disk would have been just as well served to perform a simple overnight scrub with a series of random binary code.

There are several methods for securely deleting files from your disks. Institutions like the Department of Defense, universities, and law enforcement agencies have created standards for what they would consider adequate scrambling of sensitive disk data. We’ve recommended some tools over the years that cut the same profile, or close to, their methods. Below is a list of tools, arranged by severity and operating system:

Total Disk Wipe – All Platforms

• Darik’s Boot and Nuke – an open-source boot disk utility (read: works on nearly any computer) that supports a wide variety of disk wiping methods and operates from inside the computer’s RAM, allowing it to scrub the disk thoroughly at a remove.

Selective File Wipe – Windows

• Wipe File – Portable application that overwrites the specific disk space occupied by the file you’d like erased and leaves the rest of the disk untouched.
• DeleteOnClick – Integrates with the Windows shell, adding a “Securely Delete” option to the right click menu which engages a Department of Defense 5220.22-M overwrite on the files.
• Eraser – In addition to securely deleting individual files, Eraser can be scheduled to perform regular overwrites of empty disc space ensuring you catch those orphan files hanging outside the reach of Windows.

Selective File Wipe – Mac OS X

• Permanent Eraser – Although Mac users have had the “secure empty trash” option, based on a multiple pass DoD method, since OS 10.3, Permanent Eraser offers peace of mind for those needing more assurance.

Selective File Wipe – Linux (Ubuntu)

• Wipe Package from Ubuntu Unleashed – Adds secure multi-pass file deletion to your right click menu, like the aforementioned DeleteOnClick does in Windows.

Symphony of Destruction: The Physical Method
While using the above utilities will render your data unreadable to an almost guaranteed level of certainty—especially if you’re pretty sure there’s no black helicopters nearby—there is no surer way to dispose of your data than physical destruction. When a disk has run out its life cycle, it’s time to bring out the tools.

While it’s easy to throw a CD or DVD into shredder and be done with it, outside of commercial disk-disposal centers, there aren’t many hard drive shredders. This is where—safety glasses donned—the fun begins.

There are a multitude of ways to physically damage a hard drive for data securing, ranging from careful dissection to shotgun jamboree. The ultimate goal is to render the disk inoperable and the platters—at minimum—severely fragmented. Serious forensic efforts can throw a lot of resources toward piecing your drive together, but in most situations, you’ll be covered with a concentrated destruction effort. At this point in the data-protection game, the only limit to how inoperable your disk will become is the amount of time you want to invest in destroying it. A power drill sent through the platter takes but a few minutes, a 10-minute session with a hammer and some scissors can work wonders, and every effort you take above and beyond adds a bit more security.

You can never be too vigilant with your data. The amount of effort it takes to securely wipe a disk or decommission an old disc by physically destroying it pales in comparison to the time and headaches you’ll burn through undoing the damage of identity theft—or worse. If you have a technique or handy piece of software not mentioned here, please share in the comments below to help your fellow readers keep their data secure.

Share this on your favorite social network:

Hide Sites

Unfortunately, the scam artists have also discovered ebay as a great place to steal people’s money and property. So, I decided to devote this article to showing you how to conduct business safely on ebay. Of course, there is never a way to be 100% sure somebody won’t rip you off. But if you learn the tricks of the scammers, you’ll stand very little chance of that.

Tip#1 – I can’t stress this enough. Anytime you receive an email from ebay, do not reply to it; do not click any links in that email. You need to assume the message is fake until proven otherwise. It is sad, but there are so many phishing schemes out there that are sending out fake ebay messages, you have to take this approach. So how do you verify the email? Easy – Just login to ebay using your own bookmark or by typing www.ebay.com into the browser URL bar. Once you’ve logged in, check your “my ebay” section and look at your inbox. If the same message is not present in the inbox here, then you can be sure the one you received was fake.

Tip#2 – If you are selling on ebay, be very careful of international buyers, especially from Nigeria. Often they will bid on your items and win then even if you specifically state that you will not ship overseas. Then they’ll send you an email saying that they’ll take care of the shipping for you. If this should happen, report the incident to ebay immediately. You can bet 99% of the time, this is a scam. If you follow through with it, you will loose the item you were selling along with the money you thought they had paid you. They will pay with fraudulent funds that will be retracted by the bank well after you’ve shipped the item off to Nigeria.

Tip#3 – Never allow anyone to pay you more money than what the auction ended for. They will often play games where they ask you to send back the extra amount.   What they are doing is paying you in fraudulent funds while you pay them back with legitimate funds.

Tip#4 – Don’t ever deal with zero-feedback bidders or sellers on expensive items. Everybody has to start somewhere, so I’d say not to worry about them if it is a $10 item. After all, scammers usually go for higher priced things. But for expensive items, just cancel the bid if you are a seller. If you are a buyer, just find a different auction.

Tip#5 – Check people’s feedback before buying or selling with them. Don’t just look at the rating. A 100% positive feedback rating is meaningless if the person only has 1 or 2 auctions in their history. What you need to do to be sure they are real is look at the actual auctions. For example, if the buyer/seller only has 2 feedbacks and they are both recent and both around $1 or less for the item, you can bet the person is a fraud. Often they will setup multiple accounts on ebay and sell themselves a few $1 items to generate some feedback. If still in doubt, check the other users they have transacted with. What kind of feedback do they have? Also look at how long the person has been a member. If it has only been a few days or weeks, then beware.

Tip#6 – Be very cautious about receiving “Second Chance Offers.” Ebay actually does allow this. What happens is a user sells an item on ebay but the buyer never pays. So the seller can try selling it again, or offer the item to the next highest bidder as a second chance offer. Unfortunately, 99% of these second chance offers are fraudulent. What really winds up happening is that somebody saw the auction and took down the information of what you had bid on and what amount. When the auction was over, they emailed you a fake email that appears to be from ebay giving you a second chance offer. Typically they will just tell you to send the money to a specific email address (this should be your first clue) instead of completing the transaction through ebay. If you send them money, you will never get it back, nor will you ever receive the product.   Best thing to do, as I mentioned before, is always log onto to ebay to check your inbox there. Only messages in your “my ebay” inbox are from ebay and can be trusted.

Tip#7 – Don’t use the same username on ebay as you do for your email address. For example, if you email address is johndoe@yahoo.com, then don’t use johndoe for your ebay account name. Here is the reason for this. If a person sees an auction and they want to send you a fake second chance offer, or other phishing email, how do they find your email address? Well, they don’t because ebay won’t give it out to just anyone. So if they see your name is johndoe then they automatically send the fake email to johndoe@yahoo.com, along with johndoe@gmail.com and johndoe@hotmail.com. You get the idea. By using different names, you’ll never even receive the vast majority of the fake emails.

Then there are some other things to be careful of. They aren’t necessarily scams, but they are designed to mislead you sometimes:

Tip #8 – Always check the shipping cost for an item you are bidding on. It has become extremely common for people to list an item for sale for $1 but charge $30 to ship something that really should cost $2. This isn’t illegal, but often people forget to look past the bid amount.

Tip #9 – Lookout for AS-IS merchandise. Typically if somebody sells something As-IS, that almost always means it is broken. If the item says it is “untested” or “unknown condition” then the same applies. Lets face it, most people are going to test items to see if they work. They know that a properly working item sells for more than one being sold as “untested.” There are times this may be true as in the case of unusual computer equipment that the average person doesn’t have the ability to test. But something simple like a DVD player should be tested. Otherwise, assume it doesn’t work. There is nothing wrong with selling broken stuff on ebay as lots of people like to buy things at a cheap price to repair them or use for parts. But sometimes the unscrupulous sellers like to widen the audience to people who just don’t know any better.

Tip#10 – Don’t ever assume or believe when an auction mentions the retail value of an item. Often they will come up with these numbers out of thin air. So if they say this camcorder sells new for $599, but you can buy-it-now for a mere $399, it might sound like a good deal. That is, until you discover that your local Wal-Mart sells the exact same item for $249. So always do your homework on items before buying them. Some people make a living off of buying things at Wal-Mart and re-selling them for more money.

Tip#11 – My last tip. This really has nothing to do with ebay, but is very useful for new sellers. If you sell something on ebay, pack it well. When UPS and Fedex say they recommend 6 inches of padding on all sides of the item, they mean it. Those boxes go through a nightmare getting from your house to your buyer’s house. There is nothing more irritating to find out that it arrived broken. Guess what else? All shipping companies, including the US Postal Service are notorious about denying claims for broken products on the grounds that it wasn’t packed well, or failing that, they’ll claim you cannot prove the value of the item. (Ebay sales don’t count as proof of value!!!) In fact, I’ve found shipping insurance to be completely useless unless the item is completely lost and undelivered.  So if you are unsure of how well the item should be packed, think of it this way:  You should be able to throw the box off of the roof of your house, and the item inside remain unharmed.  Then you should be able to stand on top of the box without harming the item inside.  If both of those are true, then it is probably packed well enough.

Share this on your favorite social network:

Hide Sites

I thought I’d find an example to show here.  It didn’t take long, I went to over to MySpace and the very first page I clicked on had this ad.  Lets face it,  it costs money for companies to place advertisements like the one you see to the left.   None of them are going to pay for these ads because they are so generous they want you to have a free gift!

I clicked on it.  So, what did I find?  It took me to a page where it asked me to put in my cellular telephone number.  Since I knew it was a fraud, I decided to close the browser instead of putting in my number.  Unfortunatly, the page refuses to allow me to close my browser without agreeing to the terms, so I eventually have to force-close my browser using a Control-Alt-Delete.   That right there should tell you that you aren’t exactly dealing with a legitimate and honest company.

So, what would happen if I had put in my number?  In most cases you will get your free ringtone, along with a new monthly subscription for more ringtones, and other “phone spam” that will get sent to you on an irritatingly regular basis.  You’ll find teens fall for this more than any other.  These people actively target teenagers in their advertising for several reasons:

• Teens feel like they need ringtones to “be cool” (as if the phone didn’t come with enough of them built in).
• Teens often don’t pay their own phone bills, so they won’t notice the monthly charges.
• Their parents are probably used to large phone bills anyway since teens can really rack up the charges, and these ringtones are difficult to distinguish (especially for parents who don’t even know what they are) on the bill.
• Getting these subscriptions deactivated is diffuclt at best, teens often don’t want to mess with it.  (After all, its not their money!)

The ringtone business is essentially a complete fraud.  I challange you to find a ringtone company that will allow you to purchase an individual ringtone with no strings attach, no fraudulent advertising, and no tricks.  You won’t find one.  (With the exception of Apple Computer, who is doing this for the iPhone through iTunes.)

So what advice can I give you to save you from headaches, annoying spam showing up as text messages on your phone, and a big fat bill every month for your cell phone?

• If you see an advertisement for a ringtone, do not click it.  That is the best thing I can tell you.
• Your cellphone comes with dozens of built-in ringtones, use one of those.
• Check your cell phone bill, especially if you had kids with phones.  If you see something you suspect is one of these fraudulent ringtone companies, call your cellular provider immediately and have them remove it from your service.
• Talk to your kids about these scams.  Explain to them that they are all scams, and what the consequences are.
• If you absolutely must have a new ringtone, install it yourself!  That’s right.  Most phones will accept ringtones in the format of a MID, MP3, or WAV file.  Read the manual to your phone.  Find the file you want on the internet and send it to your phone yourself!  This will get you what you want without going through one of those scams!

Remember what your Momma always used to say, “Nothing in this world is free.”

Share this on your favorite social network:

Hide Sites