Posts Tagged: ‘passwords’

Scam of the day – February 17, 2014 – Kickstarter hacked – the lesson for all of us

February 17, 2014 Posted by Steven Weisman, Esq.

Over the last couple of years I have often reported to you about data breaches at major companies who have been hacked.  The recent Target hacking although particularly large, was not particularly unusual.  Two days ago, Kickstarter disclosed that it had been hacked.  Kickstarter is a crowdfunding platform that helps creative people raise fund for their projects by appealing to the public for funds.  In the almost four years since it was launched, Kickstarter has helped fund more than 50,000 artistic endeavors.  According to Kickstarter’s CEO, no credit card data of its customers was compromised, however user names, email addresses, mailing addresses, phone numbers and encrypted passwords were stolen.  This information can readily lead to identity theft through a technique called “spear phishing” by which emails and text messages can be sent to the potential victims by name which may make them appear more legitimate.  These texts and emails lure people into either providing personal information under various legitimate appearing pretexts or by getting the victims to click on links or download attachments riddled with keystroke logging malware that will steal all of the information from your computer or smartphone and use it to make you a victim of identity theft.  In addition, people with weak passwords, such as  the popular”123456″ or “password” may have their Kickstarter encrypted passwords easily unencrypted providing access not only to the victim’s Kickstarter account, but possibly other accounts where the victim uses the same password.

TIPS

If you are a customer of Kickstarter, change your password immediately and everyone who uses the same password for all of their accounts should change their passwords to unique passwords for each account.  You can get detailed information as to how to pick an easy to remember, complex password in my book “50 Ways to Protect Your Identity in a Digital Age,” but a simple rule is to use a phrase, capital letters, small letters and symbols, such as “ICan’tRememberit!!!.”  This is easy to remember and hard to break.  Also, make sure that you have the most current, updated anti-malware software and anti-virus software installed on all of your electronic devices including your computer, tablet and smartphone.

Scam of the day – March 6, 2013 – Evernote hacking danger

March 5, 2013 Posted by Steven Weisman, Esq.

Evernote is a popular on line service that helps you store notes, files, web pages and images on all of your electronic devices.  It has both a free and a premium service for which you pay.  Unfortunately Evernote is also popular with identity thieves as evidenced by its being hacked.  Evernote announced the hacking a couple of days ago.  According to Evernote, the hackers managed to steal the names, email addresses and encrypted passwords of its customers.  Evernote is confident that its encryption program will protect the passwords of its users, but only time will tell.  Evernote also stated that it did not believe that credit card numbers used by its premium customers had been accessed.  Again, however, premium users of Evernote should be particularly vigilant in monitoring their credit cards.  Despite its position that no passwords had been stolen, Evernote is requiring all of its customers to obtain new passwords.  The ONLY place to do this is on Evernote’s website at www.evernote.com.

TIPS

Users of Evernote should be particularly wary of an identity theft tactic called “spear phishing.”  Spear phishing occurs when you get an email that lures you to a phony website or link where you either become victimized by providing information that is used to make you a victim of identity theft or causes a keystroke logging malware program to be downloaded when you click on the link or download tainted material that steals all of the information from your computer including bank account numbers, Social Security number, credit card numbers and other information that makes you a quick victim of identity theft.  What makes spear phishing particularly insidious is that unlike most phishing emails which never use your name, spear phishing is directed to you by name which makes many people more trusting of the email.  As I always say, “Trust me, you can’t trust anyone.”  Identity thieves will be contacting people by email posing as Evernote and telling them that they need to change their password by clicking on a link contained in the email or by providing other information.  Do not fall for this ruse.  Evernote is not contacting people by email, but the identity thieves who stole their email list will be.  The only place to change your password is www.evernote.com.  This is also another good example of the fact that your security is only as safe as the weakest place that holds your information.  Limit the places that do have personal information about you as much as possible.

Scam of the day – January 1, 2013 – Smart phone identity theft risks

January 1, 2013 Posted by Steven Weisman, Esq.

One new year’s resolution that everyone should make is to to take the steps necessary to provide greater security on their smart phones and other mobile devices.  As anyone familiar with my recent book “50 Ways to Protect Your Identity in a Digital Age” knows, identity theft is rampant on smart phones and other mobile devices as people who are careful to maintain the security of their computers fail to provide similar security protections on their smart phones and mobile devices despite the fact that many of us do many of our financial transactions on our smart phones and mobile devices and store much sensitive information on our smart phones and mobile devices such that if they are hacked into by an identity thief we are likely to become a victim of identity theft in short order.

TIPS

Although there are many considerations in purchasing a smart phone, it is important to recognize that the popular Android has probably the least secure operating system and is most popular with identity thieves.  You should also make sure that your smart phone or other mobile device provides for encryption of your data and use this feature to protect your information.  All smart phones and mobile devices come with a host of features, many of which you don’t use.  For security’s sake disable those features that you don’t use to eliminate those features as an avenue for identity thieves.  Use a password to lock your smart phone or mobile device and make sure that the password you use is a good combination of letters, digits and signs.  The word “password” is a lousy password.  Pick one that is easy to remember, but difficult for a hacker to guess, such as “Safety1st!!!.”  The added digit and multiple exclamation points make this a safe password.  Look into remote storage of your smart phone’s information in the Cloud and make sure that you backup your information.  Check with your particular smart phone or mobile device manufacturer to see what security software programs they advise.  There are many free ones that work well.  These may seem like excessive steps to take, but they are not.  These steps will help prevent you from becoming one of the many people who will become a victim of identity theft this year.

Scam of the day – June 25, 2012 – Latest Facebook scam

June 25, 2012 Posted by Steven Weisman, Esq.

It is a relatively easy matter for someone to hack into the Facebook account of one of your friends.  The hacker then sends you a message with a link that you trust because it appears to be coming from one of your friends.  The link then takes you to a phony phishing page that appears to be a Facebook login page, where you insert your password to re-enter Facebook.  You have now turned over your Facebook password to the identity thief.  Once armed with that, the identity thief then has access to all of the information you have input into your own legitimate Facebook page, which often may have the information many of us use as security questions for services such as online banking.  Since many people make the mistake of using the same password for everything, you have now provided the identity thief with both your bank account password and information necessary to answer your security question.  At that point the identity thief has enough information to empty your bank account.

TIPS

Use different passwords for different accounts and change them on a regular basis.  When determining security questions, consider whether people would be able to readily access the information necessary to answer your security question from information that may be available online.  Never click on links from strangers and never click on links from friends who may have been hacked until you have actually spoken to them to confirm that the link is from them.  Even then you should exercise caution because your friend may have unwittingly be passing on a link tainted with malware.  While on Facebook, if a link takes you back to a Facebook log-in page, immediately exit the browser.  Do not type your password in.