Scam of the day – October 25, 2016 – Russian hacker indicted

Last week a Russian hacker, Yevegeniy Aleksandrovich Nikulin was arrested in the Czech Republic twelve hours after an International Criminal Police Organization (Interpol)  Red Notice was issued notifying law enforcement officials that Nikulin who operates with impunity inside Russia was vacationing with his girl friend in Prague.  A Red Notice is akin to an international arrest warrant.  Nikulin was under indictment in California for hacking into LinkedIn, Dropbox and another company, Formspring.  Through hacking into these companies, Nikulin was able to steal personal information on more than 167 million people.  Nikulin’s arrest came just two days after the Obama administration stated that it was the Russian government that had stolen emails from the Democratic National Committee and others in the United States.  The Russian government has demanded that Nikulin be returned to Russia.  A Czech judge has ordered Nikulin to remain in custody until an extradition hearing.

TIPS

Nikulin is the second Russian hacker arrested when he has left the safe confines of Russian on vacation.  In 2014, Roman Valerevich Seleznev was arrested in Guam and extradited to the United States where he was convicted of hacking into the cash register systems of American companies.  Zeleznev was convicted on 38 counts last summer and is awaiting sentencing.  In the wake of increased Russian hacking and cybercrimes being perpetrated against the American government, American companies and individuals, the Obama administration has indicated that it will be responding accordingly.  Meanwhile an American vigilante hacker who goes by the name of “The Jester” hacked into the website of the Russian Foreign Affairs ministry and posted a threat that if Russia did  not cease cybercrimes against the United States, he would hack Russian targets.

Scam of the day – Mary 22, 2016 – Five year old LinkedIn data breach comes back to haunt users

Recently  117 million email addresses and passwords of LinkedIn users captured in a 2012 data breach of LinkedIn were offered for sale on the Dark Web, which is that part of the Internet where cybercriminals buy and sell stolen data.  It may seem odd, but it is not unusual for such stolen material to turn up for sale long after the initial data breach.   Back in 2012 LinkedIn thought that the data breach was limited to 6.5 million user names and passwords, however, earlier this week the company acknowledged that the data of 100 million more LinkedIn members were indeed compromised.  In an effort to combat this problem LinkedIn is invalidating the compromised passwords and contacting affected members directing them to reset their passwords.

The stolen information is of value to the hackers to assist in formulating spear phishing emails that will seem to be from LinkedIn and will attempt to lure the recipient into clicking on links that will download dangerous malware such as keystroke logging malware or ransomware on to the intended victim’s computer.  The stolen passwords are also of use to the hackers because too many people use the same password for all of their accounts and therefore a person’s LinkedIn password may be the same as their banking password which could enable the hacker to gain access to the intended victim’s bank account.

TIPS

LinkedIn is contacting people affected by the data breach and instructing them to change their passwords.  It is important to note that LinkedIn will not ask people to click on a link to change their password in any email so if you get such an email, it is from a hacker seeking to steal your identity.  If you are affected by this data breach, here is a link to where you can safely change your LinkedIn password.  https://www.linkedin.com/uas/request-password-reset?trk=li_corpblog_corp_security

LinkedIn also offers dual factor authentication by which you can have a one time numerical code sent to your smartphone each time you need to access your LinkedIn account.  This is a good security measure to take.

Finally, this case serves as another reminder that you should have unique passwords for all of your accounts.  A strong password contains capital letters, small letters and symbols.  A good way to pick a strong password is to take an easily remembered phrase as your password.  For instance, you can use the phrase IDon’tLikePasswords as your base password.  Add a couple of !! at the end of the password and you have a strong password.  Since you should have a unique password for each of your accounts, you can adapt this base password for particular accounts by merely adding a couple of letters to designate the company at the end of the password so it may read, for instance for a Bankr of America account, IDon’tLikePasswords!!BnkoAm.

Scam of the day – July 13, 2012 – Yahoo data breach and how to protect yourself

Data breaches are a fact of modern digital life.  This week hundreds of thousands of Yahoo users had their usernames and passwords stolen from one of their databases and just within the past month social network sites Formspring and LinkedIn had their databases hacked into resulting in the loss of personal information of millions more people.  It is important to remember that your own personal security is only as safe as the company with the weakest security that holds your information.  But there are things you can do to protect yourself.

TIPS

Do not give your Social security number to companies that request it unless you truly legally must do so.  Your Social Security number is the key to identity theft and can provide access to to your credit report which in turn can provide an identity thief with access to your credit.  Use complex passwords and use different passwords for each of your accounts so that if a breach occurs, not all of your accounts are in jeopardy.  It is easy to pick  a passowrd with numbers and letters and just vary it slightly from account to account.  Put a credit freeze on your credit report so that even if someone gets your Social Security number and name, they cannot get access to your credit report. With a credit freeze, you credit report can only be accessed through a PIN that you keep private.