Posts Tagged: ‘hacking’

Scam of the day – July 24, 2014 – StubHub hacking – what it means to you

July 24, 2014 Posted by Steven Weisman, Esq.

Six people including both Russian and American citizens were indicted yesterday in New York for hacking into 1,600 StubHub accounts and stealing more than 1.6 million dollars in tickets.  StubHub is a website where people can buy and sell sports and entertainment tickets.  Although the accounts hacked were StubHub accounts, it appears the fault was not that of StubHub, but rather of individual StubHub customers whose passwords and user names were obtained through hacking of other companies or through the use of keystroke logging malware programs unwittingly downloaded, most likely through phishing emails to the victimized consumers.

TIPS

For those people who used the same user name and password for all of their accounts, this hacking is another example of why you should not do so.  Using the same user name and password puts you in danger in all of your online accounts if merely one of your online accounts is hacked.  The better course of action is to use a different user name and password for every account that you use.  Although this may seem like a complicated thing to do, it need not be so.  Just adding a couple of letters describing the account to your password can provide you with much added security.  So for example if you used the basic, safe password of “IHatePasswords123!” which is a strong password and then added a few letters to describe the particular account such as a StubHub password of “IHatePasswords123!StubHb” you would have a difficult to break, but easy to remember password. As for protecting yourself from downloading keystroke logging malware by which you unknowingly download malware that provides access to all of the personal information on your computer the key thing to remember is to never click on a link or download an attachment unless you are absolutely positive that it is legitimate and you have independently confirmed its legitimacy.  Also, you should maintain your anti-malware and anti-virus software up to date with the latest security patches.

Scam of the day – June 23, 2014 – Duke University Press data breach

June 23, 2014 Posted by Steven Weisman, Esq.

Duke University has announced that its Duke University Press has suffered a data breach.  Although no financial information was stolen, usernames and encrypted passwords were stolen.  However even though the passwords were encrypted, it is not uncommon for sophisticated hackers to use software programs to decipher passwords that are not particularly strong.  This is just the latest hacking of an institution of higher learning.  In just the last four months, personal information on more than 750,000 students was stolen in data breaches at Iowa State University, University of Maryland, North Dakota University and Indiana University.

TIPS

Again, the advice to follow, if you were a victim of the Duke University Press hacking is to change your passwords immediately.  It also is a good time to consider changing your passwords for all of your password protected accounts and making them strong enough to withstand hackers’ decryption software.  A good password will be a combination of lower case letters and higher case letters, figures and symbols.  In order to make the passwords memorable, you can use a phrase, such as “IDon’tLikePasswords**” you can also adapt the password to different accounts, such that you make your Amazon password “IDon’tLikePasswordsAMA**.”  In this way you can establish easy to remember, but difficult to decipher passwords.

Scam of the day – June 14, 2014 – FAA orders Boeing to install computer security on all 737s

June 14, 2014 Posted by Steven Weisman, Esq.

On March 22nd in my Scam of the day I told you about the possibility that the missing Malaysian airliner may have had its computers hacked.   During the flight, two essential communication and location systems were turned off while the aircraft continued to fly.  Investigators appear to be focusing on the pilots or someone else on board physically turning off these systems.  But the systems could have been turned off by a hacker remotely sabotaging the plane.  In 2012, Boeing, the manufacturer of the Boeing 777 which was used on Flight 370 applied to the Federal Aviation Administration to make modifications to its onboard data systems because, according to federal records, “data network and design integration may result in security vulnerabilities from intentional or unintentional corruption of data systems critical to the safety and maintenance of the airplane… This may enable the exploitation of network security vulnerabilities and increased risks potentially resulting in unsafe conditions for the airplanes and occupants.”

Now the Federal Aviation Administration is ordering Boeing to make modifications to the computers on its 737 aircraft to prevent hackers from taking over control of the important inflight computers.  The order of the FAA requires Boeing to “ensure that the airplanes’ electronic systems are protected from access by unauthorized sources external to the plane.”

TIPS

Computers are more and more imbedded in almost everything we use including cars, aircraft, refrigerators, thermostats, ovens and many other devices that make up what is now referred to as the Internet of things.  It is important to remember that once a computer is linked to the Internet, it is capable of being hacked and exploited unless proper security systems are in place.  This problem is likely to get worse until it gets better so it is up to all of us to look into the security of the computerized devices that we use that make up the Internet of things.

Scam of the day – May 29, 2014 – Car hacking

May 28, 2014 Posted by Steven Weisman, Esq.

I have been warning you about the danger of the Internet of Things which refers to the increasing use of computer technology in things that formerly did not involve computers or communication through the Internet, such as refrigerators, thermostats and cars.  Too often the developers of these cutting edge computer programs used to make these various products more intelligent and useful have neglected to sufficiently concern themselves with the security of these programs resulting in new vulnerabilities that are now and will even more in the future be exploited by hackers.

Cars are more and more computerized and this has resulted in an increasing number of car thefts due to exploiting of the electronic key systems of the cars.  In London, for example almost half of the cars stolen last year were hacked by car thieves using cheap electronic devices that will open a locked car in less than ten seconds.  Other electronic devices can even take over the car’s diagnostic unit, permitting hackers to control the car’s lights, locks, steering and braking systems.

TIPS

At the moment car manufacturers have not installed security systems to prevent the opening and stealing of cars through remote entry by a hacker, however, this is something that we all should both be aware of as a potential problem and notify our car manufacturers as to our displeasure that they have not acted sufficiently to prevent this type of problem.  Certainly, no one should ever leave anything of value in a car feeling secure that the car is locked.

Scam of the day – February 23, 2014 – Serious threat to Apple iPhones, iPads and iPods

February 23, 2014 Posted by Steven Weisman, Esq.

A major security defect has been discovered by Apple that if exploited would permit an identity thief to hack into the emails and other communications sent from iPhones, iPads and iPods even if they were encrypted.  This is a potentially devastating flaw as users would believe that their communications were safe because they were using Secure Sockets Layer encryption security to protect their communications.  However, hackers who might gain access through sharing the same wireless network in a public place, such as a coffee shop could exploit this flaw to the extreme detriment of iPhone, iPad, or iPod users who falsely believed that they had taken proper precautions to protect the privacy of their communications and data.  The good news, however is that Apple has come up with a security patch which I provide you with below.  The bad news is that some security experts are now saying that the flaw is also present in Mac OSX, running Apple laptop and desktop computers and as I write this Scam of the day, Apple has not yet come up with a patch for the Mac OSX operating system.

TIPS

If you are an iPhone, iPad or iPod user you should immediately install the critical patch just released to remedy the situation.  Here is the link:  https://www.us-cert.gov/ncas/current-activity/2014/02/21/Apple-Releases-Security-Updates-iOS-devices-and-Apple-TV

Identity thieves and hackers count on people not promptly taking identity theft protection steps necessary to keep themselves safe.   Don’t be a victim.  If you use any of these devices, install the patches as soon as possible.  It is also important to remember that the battle with hackers and identity thieves is ongoing.  At the same time that you are installing a security patch, hackers and identity thieves are busy studying the new patches trying to find flaws.  I will always report to you as soon as new developments occur, so make it a point to check out www.scamicide.com each day.

Scam of the day – May 10, 2013 – Hackers attack on banks and credit unions fails – this time

May 10, 2013 Posted by Steven Weisman, Esq.

The hacking group Anonymous had reportedly targeted 130 banks and credit unions for a disruptive Distributed Denial of Service  (DDoS) attack on Tuesday, May 7th, but the attack failed to substantially materialize.  In a DDoS attack, large numbers of computers, remotely controlled by hackers as a BotNet, flood the websites of particular businesses or governmental agencies and shut them down because the websites are unable to handle the huge number of hits on the website.  Tuesday’s attack pretty much failed to materialize.  Although approximately 600 sites were shut down, few of these were inside the United States and if such an attack was indeed made against American governmental agencies, banks and credit unions, the attack was successfully defended.  But this is not to say that business and government have found a way to stop hacking into their computers.  In fact, the attack may not have occurred at all.  It may have merely been a subterfuge to see what the response would be by governmental agencies and businesses.  Additionally, although DDoS attacks are a nuisance, they are rarely more than that, however, larger more insidious attacks may occur while efforts are being focused against repelling the DDoS attack.

TIPS

Large and small businesses are and will continue to be targets for hackers.  If you operate such a business you must take necessary security steps to protect your business from hackers.  As for we, the public, we should do what we can to protect ourselves.  Limit the information available about you at companies with which you do business so if they are hacked, you are not in danger of having your personal information used to make you a victim of identity theft.  Also make sure that you have backup records for all financial dealings and accounts that you have with companies with which you do business so that if an attack either accesses your account or deletes data, you have records that show what you have.  For more information about how to protect yourself, I urge you to consider purchasing my book “50 Ways to Protect Your Identity in a Digital Age” which you can get from Amazon at a reduced price merely by clicking on the link of the book on the right hand side of the front page of Scamicide.

Scam of the day – February 24, 2013 – More income tax identity theft scams

February 23, 2013 Posted by Steven Weisman, Esq.

Every season is scam season and income tax season is a huge time for income tax identity thefts by which identity thieves access your name and Social Security number and the file a phony income tax return in your name and claim a phony income tax refund based on false information they include in the return.  The Treasury Department Inspector General issued a report last summer that predicted the IRS will lose as much as 21 billion dollars to income tax identity theft over the next five years.  However, it is not just the IRS that loses, but it is also the person whose name and Social Security number has been stolen who is harmed.  If you file your legitimate return after the identity thief has filed a return using your name and Social Security number, it can take up to a year for you to get your legitimately owed refund from the IRS.

TIPS

The key to protecting yourself from this kind of identity theft is to protect your Social Security number as much as possible.  Don’t carry your Social Security card with you.  Shred any documents that may contain personal information, such as your Social Security number so dumpster diving identity thieves cannot go through your trash and turn it into their gold.  Limit the places that have your Social Security number.  Don’t give it to companies that ask for it to use it as an identifier of you unless they legally need it, such as when you apply for a loan from a bank.  My eye doctor wanted my Social Security number and I refused to give it.  Remember, the security of your personal information is only as secure as the security of the weakest place that holds your information.  Keep your computer and other electronic devices protected with the latest security software to prevent hacking into your devices and stealing your information.  Finally, file your income tax return as early as possible to prevent an identity thief from filing before you do.

Scam of the day – February 21, 2013 – The threat to you of the recent hacking of hundreds of companies

February 21, 2013 Posted by Steven Weisman, Esq.

As I have been reporting to you, there have been a recent wave of serious hacking into companies such as Facebook and now Apple, that were long thought to be secure and safe from cyberattacks and these two companies are only two of the hundreds  that have been hacked.  Often companies do not publicize it when a hacking occurs. There is initial evidence that suggests that in the recent Facebook and Apple attacks, it may be the same people and the same vulnerability that is being exploited, namely a vunerability with Java software.  The Department of Homeland Security and many computer security experts are advising people to disable Java on their computers.  As I have told you previously, the computer security company Kaspersky Lab has indicated that Java software  security flaws were responsible for almost half of all cyber attacks in the world last year.  There are conflicting reports as to the source of these most recent hacking, some say Russia, some sayChina, but whoever it is,  the result is the same.  You and I are in danger.  There are plenty of criminals and foreign enemies who can get access to the technology necessary to hack into the computers of the companies and intrastructure of our country.  We are in grave danger.

TIPS

So what can you do?  President Obama spoke of the dangers of cyberwarfare in his State of the Union Address.  The President and Congress need to act now!  Email your Congressman and Senator and demand that they take action.  Their lack of action in the face of a problem of which they have been aware for a long time has made this problem worse.

As for you and I, as I have said before, our information is only as safe as the security of the weakest institution that holds it and we have seen that banks and other institutions are not secure.  Security begins at home so the first thing that you should do is to follow the security practices I describe in scamicide.com and in my book “50 Ways to Protect Your Identity in a Digital Age.”   Security software is important, but studies have shown it to be no more than 5% effective in protecting you from the latest viruses.  It generally takes about a month for the software security companies to catch up.  However, it is still important to have security software and make sure that it is current.   In addition, you need backup documentation in case records at your bank, brokerage house or any other place that holds your assets are hacked into and lost.  Copy them regularly to a thumb drive and keep the thumb drive in a secure place in your home.  You should also make paper copies on a regular basis of your bank accounts, brokerage accounts and all other financial accounts and keep them in a locked safe in your home.  Other personal documentation that you should copy and keep locked in a safe include birth certificates, Social Security cards, Deeds, Mortgages, credit card statements,insurance documents and evidence of all accounts that you may have.  This may seem a little over the top, but it really is necessary in case of a major cyberattack on this country.

Scam of the day – September 11, 2012 – Spearphishing

September 11, 2012 Posted by Steven Weisman, Esq.

By now, most people are aware of the scam tactic referred to as “phishing,” by which you receive an email purportedly from a legitimate company or government agency that has all of the appearances of being a true and legitimate communication from the company or agency, but in fact is from an identity thief who under the pretext of a problem with your account or some other such emergency lures you into clicking on a link contained in the email, which unbeknownst to you downloads harmful malware on to your computer, such as keystroke logging programs, sometimes called Trojan Horses that will steal all of the information from your computer and lead to your becoming a victim of identity theft.  Most often these phishing emails are not directed at you by name, but rather to you as “customer” or “consumer.”  They also may appear to come from companies with which you do not do business as from a bank where you have no accounts.  However, with the epidemic of hacking of large companies and governmental agencies, many identity thieves are able to use the hacked information to send you a personal phony email that contains your name and is definitely from a company or agency with which you do business making you more likely to respond to the urging to click on the dangerous link contained in the email.  This type of targeted phishing is called “spearphishing” and it is extremely dangerous.

TIPS

Never click on links in emails unless you are absolutely sure they are legitimate.  If you get such an email from a company, you should always be skeptical and make sure that you call the company or federal agency before considering clicking on the link to confirm whether or not the email is legitimate.  Merely because the email uses your name and even your account number does not mean that the email is legitimate.

Scam of the day – September 10, 2012 – Smart Phone Scams

September 10, 2012 Posted by Steven Weisman, Esq.

Although many of us are very cognizant of protecting our computers from the slings and arrows of outrageous hackers and identity thieves many people do not take the same security precautions with our smart phone, tablets and other portable devices.  Many people use these devices for making purchases online, doing online banking and other financial transactions as well as storing sensitive personal information.  If your portable device is hacked, it can lead to a devastating identity theft.

TIPS

Protect your portable device with a complex and unique password so that if your device is physically lost or stolen, the information contained in it will be secure.  Also get a good encryption app.  Google Play has many good encryption apps for androids.  The premium form of the app Lookout, which for only $29.99 a year, has a feature that continually scans your other apps for viruses or malware and can also lock your phone remotely or eliminate all of your stored data if your device is lost or stolen.