June 18, 2016 – Steve Weisman’s latest column from USA Today

Even intelligent, tech-savvy people like Mark Zuckerberg can be hacked if they don’t take essential precautions to protect themselves from hacking and identity theft.  Here is a link to my latest column from USA Today with tips about how you can protect yourself from being hacked or becoming a victim of identity theft.

http://www.usatoday.com/story/money/columnist/2016/06/18/hacking-prevention-101-where-zuckerberg-went-wrong/85893732/

Scam of the day – June 13, 2016 – The lesson of the hacking of Deray Mckesson’s smartphone

It was just last week that Mark Zuckerberg’s Twitter account was taken over by hackers who managed to send out embarrassing tweets using his account.   In the Scam of the day for June 7, 2016 I described how Zuckerberg failed to use a unique password for his Twitter account so when his password, which he used in multiple accounts, became known due to a data breach at LinkedIn, hackers were able to use the password to take over his Twitter account.  Zuckerberg’s other mistake was failing to take advantage of the Twitter offered option to use dual factor authentication for added security.   With dual factor authentication, whenever you are going to access an online account, a special code is sent to your smartphone after you have typed in your user name and password.  Without this code, you cannot gain access to your account.  Thus, even if Zuckerberg’s password was known by the hackers, they would not have been able to access his Twitter account without the one-time code provided to his smartphone.

Civil rights activist Deray Mckesson also had his Twitter account hacked recently and the hackers sent out a number of phony tweets that appeared to come from Mckesson, including one indicating his support for Donald Trump’s presidential candidacy.  However, what is particularly noteworthy in this hacking  was that the hackers did not have Mckesson’s password and his Twitter account was protected through dual factor authentication.  What the hackers did is call Verizon, Mckesson’s carrier, and tricked customer service into changed his SIM card to one in a phone controlled by the hackers. A Subscriber Identity Module, more commonly known as a SIM card,  is an integrated circuit that stores information including your smartphone number used to authenticate subscribers on mobile devices.  The SIM card is able to be transferred between different devices, and often is, when people update into a newer smartphone.  In the case of Mckesson, using a scam about which I warned you three years ago,  the hackers  contacted the Mckesson’s wireless carrier and pretending to be Mckesson and convinced Verizon to switch the SIM card to a new smartphone controlled by the hackers who were then able to not only then change Mckesson’s password, but also get the dual factor authentication one-time code sent to the phone that they controlled.  The hacker was able to convince the Verizon customer service employee that he was Mckesson merely by providing the last four digits of Mckesson’s Social Security number which in these days of massive data breaches is not that hard for a determined identity thief to obtain.

TIPS

Deray Mckesson did a better job of protecting the security of his Twitter account than Mark Zuckerberg did, but he did not do quite a good enough job to protect him from having his account hijacked.  Fortunately, there is an easy way to enhance your security to protect your SIM card from being switched thereby thwarting the protections provided by dual factor authentication and that is to set up a PIN or password to be used for access to your mobile service provider account.  Sprint and Verizon use PINs while T-Mobile and AT&T will let you set up a password.  It may seem like these are just more things to remember, but the protection they provide is worth it.

Scam of the day – June 7, 2016 – Mark Zuckerberg hacked – he should have paid attention to Scamicide

On May 22nd, I told you about the 117 million email addresses and passwords of LinkedIn users captured in a 2012 data breach of LinkedIn  that were being offered for sale on the Dark Web, which is that part of the Internet where cybercriminals buy and sell stolen data.    I also told you that stolen passwords are useful to hackers because too many people use the same password for all of their accounts and therefore a person’s LinkedIn password may be the same as those used for other accounts so that due to a single data breach, your online security for every online account you use becomes in jeopardy. Mark Zuckerberg, the founder of Facebook should have heeded this lesson because his Twitter and Pinterest accounts were hacked and taken over  for a short time because the hackers had found his password “dadada” in the LinkedIn data breach and used it to access his Twitter accounts and Pinterest accounts.

TIPS

Once again, this serves as a reminder to everyone that you should have unique passwords for all of your accounts.  A strong password contains capital letters, small letters and symbols.  A good way to pick a strong password is to take an easily remembered phrase as your base password.  For instance, you can use the phrase IDon’tLikePasswords as your base password.  Add a couple of !! at the end of the password and you have a strong password.  Since you should have a unique password for each of your accounts, you can adapt this base password for particular accounts by merely adding a couple of letters to distinguish each account at the end of the password so it may read, for instance for a Bank of America account, IDon’tLikePasswords!!BnkoAm.

In addition, Twitter provides for dual factor authentication as an option to be used as an additional security measure when accessing your Twitter account whereby a one-time code will be sent to your smartphone for you to use in order to access your Twitter account.  Zuckerberg failed, however, to take advantage of this option.