Scam of the day – November 3, 2015 – Vodafone accounts hacked

Following close on the heels of the hacking of British telecom company TalkTalk, it has just been announced that 1,827 customers of British telecom company Vodafone also had their accounts hacked with the hackers stealing personal information including the last four digits of their bank account numbers, their names and their cell phone numbers.  No credit or debit card information was compromised in the hacking.  However, what particularly distinguishes the data breach at Vodafone from that of TalkTalk is that unlike at TalkTalk, the data breach was not caused by any failure of Vodafone to provide proper data security.  In the Vodafone data breach, the accounts were able to be accessed because the hackers had purchased the email addresses and passwords of their victims on the black market where cybercriminals sell stolen information such as this along with credit card information, debit card information and other stolen personal information that can be used for purposes of identity theft.  What often is the key in situations such as this is that many people make the mistake of using the same password for all of their accounts so that if their password is stolen from one company with lax security, it can be used against the victim at other companies including banks where the victim uses the same password.

TIPS

The essential lesson here is that you should always use a separate and unique password for each of your online accounts.  Many people fail to do so out of a concern about remembering a large number of different passwords, but this does not have to be the case.  There is a simple way to make your passwords strong.   Start off by taking a phrase that is easy to remember, such as “IDon’tLikePasswords.” This can be the basic element of all your passwords. Then for added security add a few symbols, so it reads, for example, IDon’tLikePasswords!!!. This is a strong password that is long and combines small letters, capital letters and symbols. Now all you need to do is to adapt that basic password for each of your accounts to make it unique for each account. For example, you could adapt this for your Amazon account by making it IDon’tLikePasswords!!!Ama. That is a strong password that is easy to remember.

Scam of the day – September 21, 2015 – Dangerous new development in Ashley Madison hacking

By now everyone is aware of the major data breach at the Ashley Madison, the dating site for married people seeking to have an affair, in August the hackers followed through with their threat and released 9.7 gigabytes of the stolen data including email addresses, credit card transaction details, partial credit card numbers, addresses and even dating profiles.  Now a new and potentially dangerous development has been uncovered by the hacking group known as CynoSure Prime which discovered vulnerabilities in the password security algorithms used by Ashley Madison that put the passwords of 11.7 million users of Ashley Madison in danger of being hacked.  Ashley Madison switched over to a secure encryption program for protecting passwords in 2012, however, anyone who used Ashley Madison prior to June 14, 2012 continued to have their passwords protected by the weaker and more hackable security program used at that time.  Particularly, because many people use the same password for all of their accounts including online banking, those early users of Ashley Madison are in extreme danger of identity theft by hackers who can readily discover their passwords and use them to gain access to the online accounts of the early Ashley Madison users.

TIPS

The lesson here for early users of Ashley Madison is to change their passwords to all of their accounts as soon as possible.  The lesson to the rest of us is to remember that you should always have a distinct and unique password for each of your online accounts.  It should be a complex password so that it cannot be broken by simple brute force attacks that use millions of guessable combinations such as any word in the dictionary or such common passwords as 123456.  One good way to pick a complex password is to pick a phrase, such as “I Don’t like passwords” and turn it into the basis for a password by making it IDon’tLikePasswords.  This password is already complex in that it has words and a symbol.  Now add a couple of symbols at the end of the password so it may read IDon’tLikePasswords!!! and you have an easy to remember, but strong password.  Now you can just adapt it for each of your online accounts with a few letters to identify the account.  Thus, your Amazon password can be IDon’tLikePasswords!!!Ama and you have a strong, but easy to remember password.

Scam of the day – July 11, 2015 – Charlotte McKinney topless photos hacked

In my Scam of the day for September 2, 2014 I told you about the stealing of nude photos of more than a hundred celebrities including Jennifer Lawrence, Kate Upton, Kim Kardashian and Hope Solo that were posted online.  Now it has just been reported that model/actress Charlotte McKinney who recently was a contestant on Dancing With the Stars had topless photos hacked which were then posted on Instagram  for a short period of time.    This story has two lessons.  The first is that everyone, regardless of whether or not you are a celebrity should take the steps necessary to protect the security of their photos and other data.  Although we do not yet know precisely how Ms. McKinney’s photos were hacked, it is reasonable to conjecture that they were stolen in the same manner that photos were stolen in last year’s celebrity hacking.  According to FBI records, the hacking had less to do with Apple’s iPhone and iCloud security and more to do with the celebrities falling prey to phishing emails and password resetting that enabled the hacker to gain access to the victims’ iCloud accounts and other times stealing the photos directly from the hacked phones.

In addition to stealing the photographs from Ms. McKinney, the hackers also managed to gain access to her Instagram account to temporarily post the photos before they were taken down.  Anyone who has access to your email address who is able to either guess or steal your password can gain access to your Instagram account.

Using the “forgot password” link on Apple’s iCloud, it appears in last year’s hacking in many instances, the hacker answered the security questions and was able to reset the victims’ passwords and gain access to their iCloud accounts.  In other instances, the photos were stolen directly from the victims’ smartphones which were hacked.

The second lesson is for people who may be curious about seeing the topless photos of Charlotte McKinney to be very wary of emails, text message, websites or links that promise to take you to those photos, which have already been removed from Instagram.  Trust me, you can’t trust anyone.  Identity thieves will attach malware to links that promise to provide you with the photos.  This malware will steal all of the information from your computer or smartphone and put you in danger of identity theft.  Don’t fall for this scam.

TIPS

All of us can be targets of hacking and we need to protect ourselves.  You should use a unique password for all of your accounts so if any of your accounts are hacked, the rest of your accounts are not in jeopardy.  Make sure the password is a complex password that is not able to be guessed through a brute force attack.  Check out my book “Identity Theft Alert” for advice as to how to pick a secure and easy to remember password.    Also, even if you are not a celebrity, you would be surprised how much information is online about you that can be used to come up with the answer to your security questions.  It is for this reason that I advise you to use a nonsensical answer to your security question, such as the answer “Grapefruit” for the question of  what is your mother’s maiden name.  Also, take advantage of the dual-factor identification protocols offered by Apple and many others when possible although Instagram does not offer this service.  With dual-factor identification, your password is only the starting point for accessing your account.  After you have inputted your password, the site you are attempting to access will send a special one-time code to your smartphone for you to use to be able to access your account.  Had Jennifer Lawrence and the other hacked celebrities used the dual-factor identification protocol, they would still have their privacy.  It is also important to note that merely because you think you have deleted a photograph or video from your smartphone, that may not be the truth.  Smartphones save deleted photographs and videos on their cloud servers such as the Google+service for Android phones and the iCloud for iPhones.  However, you can change the settings on your smartphone to prevent your photos from automatically being preserved in the cloud.