Scam of the day – October 5, 2017 – Yahoo data breach update

Not wanting to be outdone by Equifax and its data breach affecting 145 million Americans (sarcasm), Yahoo, which was recently bought by Verizon has just announced that its massive 2013 data breach which it had previously said “only” affected a billion people actually affected all 3 billion of its customers.

Included in the stolen information was names, email addresses, telephone numbers, dates of birth, hashed passwords as well as security questions and answers, only some of which were encrypted.

While no credit card information or Social Security numbers were lost in this data breach, which has been attributed to Russian hackers by the Justice Department, the risk of identity theft from this data breach is significant.

Scammers are already contacting people through phishing emails posing as Yahoo and in an attempt to lure the targeted victims to click on links or download attachments containing malware.  In other instances, the scammers will ask for personal information in an effort to gain information that can be used for purposes of identity theft.  The real Yahoo does not do this.  If you have questions about your Yahoo account, you can contact help.yahoo.com for free assistance.

TIPS

As I have suggested many times in the past, you should have a unique password for each of your online accounts so that in the event of a data breach at one online company with which you do business, your accounts at your bank and other online accounts are not in jeopardy. Although Yahoo has indicated that the passwords stolen were hashed, which is a form of encryption, there is still concern that these passwords could still be cracked.  Go to the June 7, 2016 Scam of the day for tips about how to pick strong passwords that are easy to remember.

Whenever possible use dual factor authentication for you accounts so that when you attempt to log in, a one-time code will be sent to your smartphone to insert in order to get access to your account.  For convenience sake you can set up dual factor authentication so that it is only required if you are logging in from a different computer or device than you normally use.  Yahoo provides for dual factor authentication.

Security questions are notoriously insecure.  Information such as your mother’s maiden name, which is the topic of a common security question can be readily obtained by identity thieves.  The simple way to make your security question strong is to use a nonsensical answer for the question, so make something like “firetruck” the answer to the security question as to your mother’s maiden name.

As always, don’t click on links or download attachments in any email or text message you get unless you have absolutely confirmed that it is legitimate.

Scam of the day – December 31, 2016 – President takes action against Russian hackers

In the last Scam of the day for 2016 it is appropriate that we discuss the issue of Russian hacking of American organizations that occurred in 2015 and 2016 that were intended to influence the Presidential election.  Two days ago, President Obama ordered sanctions against Russia including the ejection of 35 Russians spies that the administration said were posing as diplomats and specific actions against three organizations that it said supported the hacking operations.  The possibility of further covert actions against Russia was also hinted at.

A day prior to the President’s announced sanctions, the Department of Homeland Security and the FBI issued a joint analysis report entitled “Grizzly Steppe – Russian Malicious Cyber Activity” in which it provided details about the hackings.  Here is a link to the report.

https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf

TIPS

Although the report contains important information about Russian hacking of American institutions, the report also provides a long list of specific steps that institutions and individuals can take to avoid being a victim of cybercrime.

Here are just a few of the things that all of us as individuals should consider.

  1. Backup all important information offline.
  2. Be on the alert for spear phishing. The report emphasizes, as I have warned you about for years, that the primary cause of hacking is people clicking on links in spear phishing emails that download malware.  Use both anti-phishing security software as well as your own brain to refrain from clicking on links in emails unless you have absolutely confirmed that they are legitimate.
  3. Use strong firewalls with whitelisting configurations by which only approved applications will be allowed to be downloaded on to your computers.  This is much better than blacklisting because it protects you from threats about which you know nothing.
  4. Limit the personal information you provide on social media.
  5. Use dual factor authentication whenever possible.

Scam of the day – November 4, 2016 – Security flaws exploited by Russian hackers

Earlier this week it was disclosed that an older version of Microsoft’s Windows software along with the much exploited Adobe Flash software had been exploited by Russian hackers to attack computer systems to gain access to information.  The group that had done these recent hacks appears to be the same Russian hackers responsible for hacking the Democratic National Committee earlier this year.  Adobe has already issued a security update to patch the vulnerability.  A link to the security update can be found in yesterday’s Scam of the day.  Microsoft has said that it will have a security patch available on November 8th.  As soon as it is available, I will let you know here at Scamicide.  Users of Windows 10, the latest version of Windows and the Microsoft’s Edge browser are protected from the attack.

Once again, the malware necessary to spread these computer hacks was spread, as so often is the case, by spear phishing emails luring unsuspecting victims into clicking on links that downloaded the malware.

TIPS

The best thing you can do to help protect yourself from being hacked is to never click on links in emails or text messages from anyone until you have absolutely verified that the messages and the links are legitimate.  Trust me, you can’t trust anyone.

It is also important to update your security software on all of your electronic devices as soon as security updates become available.  Hackers constantly exploit vulnerabilities in software for which there already exist security patches, but which have not been installed by consumers.

Scam of the day – October 25, 2016 – Russian hacker indicted

Last week a Russian hacker, Yevegeniy Aleksandrovich Nikulin was arrested in the Czech Republic twelve hours after an International Criminal Police Organization (Interpol)  Red Notice was issued notifying law enforcement officials that Nikulin who operates with impunity inside Russia was vacationing with his girl friend in Prague.  A Red Notice is akin to an international arrest warrant.  Nikulin was under indictment in California for hacking into LinkedIn, Dropbox and another company, Formspring.  Through hacking into these companies, Nikulin was able to steal personal information on more than 167 million people.  Nikulin’s arrest came just two days after the Obama administration stated that it was the Russian government that had stolen emails from the Democratic National Committee and others in the United States.  The Russian government has demanded that Nikulin be returned to Russia.  A Czech judge has ordered Nikulin to remain in custody until an extradition hearing.

TIPS

Nikulin is the second Russian hacker arrested when he has left the safe confines of Russian on vacation.  In 2014, Roman Valerevich Seleznev was arrested in Guam and extradited to the United States where he was convicted of hacking into the cash register systems of American companies.  Zeleznev was convicted on 38 counts last summer and is awaiting sentencing.  In the wake of increased Russian hacking and cybercrimes being perpetrated against the American government, American companies and individuals, the Obama administration has indicated that it will be responding accordingly.  Meanwhile an American vigilante hacker who goes by the name of “The Jester” hacked into the website of the Russian Foreign Affairs ministry and posted a threat that if Russia did  not cease cybercrimes against the United States, he would hack Russian targets.

Scam of the day – July 16, 2016 – Google warning Gmail users about foreign hackers

State sponsored hacking from countries such as China, North Korea and Russia pose a threat to everyone, but Google, which has for years been monitoring hacking attempts by foreign governments, is notifying Gmail customers when Google has reason to believe that their Gmail accounts are being targeted.  If Google finds that you have been targeted you will receive the following message that takes up your entire screen warning you of the danger and urging you to use the more security dual factor authentication.  In its warning, Google indicates that less than 0.1% of all Gmail accounts are targeted, however, it is important to note that this percentage translates into more than a million people who are in jeopardy.

Screen Shot 2016-04-01 at 3.52.40 PM

TIPS

As I have suggested many times, whenever you have the opportunity to use dual factor authentication, it is a wise choice to make because even if someone manages to steal your password or even trick you into providing it, as was the case with Jennifer Lawrence when she was convinced by a phishing email to provide her password to a cybercriminal who used it to access nude photos of her that she stored in the cloud, the hacker will not be able to access your email or other account because a special code provided to you through your cell phone is required whenever you wish to gain access to your account.

Finally, as I so often say, even paranoids have enemies so I urge you to err on the side of caution if you receive this type of notice and not necessarily trust it.  It could be a phishing communication from a cybercriminal luring you into clicking on a link which will either get you to provide personal information that can be used to make you a victim of identity theft or will download keystroke logging malware or ransomware.  The best course of action would be to merely go to Google directly from your browser without clicking on the link contained in the notification.  Here is a link you can trust that will take you to instructions for enabling dual factor authentication for Gmail  https://support.google.com/accounts/answer/185839?hl=en

Scam of the day – July 1, 2015 – Critical Adobe Flash update

Adobe Flash software is a highly used video software program so it should be of little surprise that it is highly scrutinized for vulnerabilities by hackers who exploit these vulnerabilities to gain access to their targets computers.  Unpatched vulnerabilities in Adobe Flash software were exploited by Russian hackers who hacked into the White House and State Department computer systems.  Recently, the security firm FireEye found attempts to attack aerospace, defense, construction, technology and telecom companies by exploiting a flaw in Adobe Flash uncovered by FireEye.  FireEye promptly notified Adobe which promptly created a patch for the problem.  A link to the patch can be found below.

The problem is that hackers are now distributing kits on black market websites that enable other hackers to exploit this vulnerability on computers that have not been updated and all too often individuals and companies fail to update their software in a timely basis.  Already this flaw is being exploited by hackers as a way of getting victims to download Ransomware on to their computers.  As I have written about many times before, Ransomware encrypts and locks your computer data.  The hacker then threatens to destroy the data unless a ransom is paid immediately.

TIPS

Businesses, government agencies and individual computer users must make it a priority to install the latest security patches and updates as soon as they become available.  Time after time, companies, government agencies and individual computer users have become victims of devastating computer hacks that they could have easily avoided had they promptly updated their software with the latest security patches and updates as soon as they became available.  Don’t make this mistake.  Here at Scamicide we regularly provide you the links to the latest security patches.

Here is the link to the latest Adobe Flash security update:  https://helpx.adobe.com/security/products/flash-player/apsb15-14.html

Scam of the day – December 29, 2014 – South Korean nuclear power plant hacked

Recently it was disclosed that a nuclear power plant in South Korea had been hacked.  The hackers were able to obtain blueprints, floor maps and other information about the nuclear power plant.  The hackers then went to Twitter using an account called “president of anti-nuclear reactor group” and did four postings in which they released some of the information stolen.  The hackers threatened to go public with more information unless the power plant was shut down.  Korea Hydro and Nuclear Power Co. (KHNP), the owner of the plant has stated that although they suffered a data breach, the information stolen was not of a critical nature.  KHNP further emphasized that the computers that control the power plant’s nuclear reactors are not linked to any external networks and therefore are not and were not in danger of being hacked.

Although this hacking may well, in fact, be benign, it also is a reminder that the American electrical grid and nuclear power plants as well as those in other countries around the world are quite susceptible to hacking that could have a devastating effect.  Both private industry and the United States government have been slow to take effective steps to make the power grid and nuclear power plants less vulnerable to a cyberattack.  In fact, it recently came to light that much of the American power grid and nuclear power plants have been hacked since 2011 by Russian hackers who implanted malware known as BlackEnergy and Sandworm in the computers of these industries.

TIPS

The hacking into American energy plants including nuclear power plants by Russian hackers has been interpreted by some as a return to the cold war policy of Mutually Assured Destruction (MAD) by which the Russians and Americans would be deterred from attacking each other because of the knowledge that the other major power would be able to respond in an equally devastating manner.  Whether this is an accurate assessment of today’s situation, it is of little solace when considering the ability of terrorist groups or even ransom seeking criminals who might have the means to commit cybercrimes.  Hopefully, the hacking of the South Korean nuclear power plant will serve as a wakeup call to governments and private industry around the world to take the steps necessary to increase the security of their important infrastructure.

Scam of the day – September 17, 2014 – JP Morgan data breach update

In August I first told you about the hacking of banking giant J.P. Morgan and as many as four other banks.   Investigators believe the hacking was the work of sophisticated hackers from Eastern Europe.  Some are theorizing that the hacking was sponsored by the Russian government.  Much sensitive data was compromised and stolen as a result of the hacking although to date none of the million customer accounts compromised have suffered any loss or fraudulent activity.  Investigators are now saying that the breach was limited to names, addresses and phone numbers.  The initial investigation appears to be focusing on the exploitation of computer programs used by a J.P. Morgan employee to work from a remote location.  This type of exploitation of remote desktop software such as Microsoft’s Remote Desktop, Apple’s Remote Desktop, Chrome’s Remote Desktop, Splashtop, Pulseway and LogMein that enable the convenience of logging into a company’s computers from an off site location has proven to be a major security flaw that has been continually exploited in company after company for quite a while going back to Target’s hacking last year to the recent UPS hacking.  I have warned people about this flaw for sometime and the FBI has warned American businesses to watch for this.

TIPS

Banks are a frequent target of cyberattacks and American banks have generally done a good job in recent years in protecting data, however, as this latest hacking shows, more needs to be done, particularly in regard to the particular type of malware used in this attack which may be or be similar to the “Backoff” malware I have been warning about.  As for we as consumers, there is little we can do other than to carefully monitor all of our accounts, only use credit cards rather than debit cards for retail purchases and limit the amount of personal information you provide to any company or governmental agency with which you do business.  This will not be the last major hacking exploiting this flaw to occur.

Scam of the day – September 14, 2014 – Gmail passwords being sold on the blackmarket

Reports have surfaced that hackers have made available approximately five million Gmail passwords along with associated Gmail addresses on black market websites used by identity thieves.  This may be related to the recent disclosure of the greatest data theft in history which I reported to you about on August 7th in which a Russian gang stole 1.2 billion user names and passwords along with 500 million email addresses.  If you are a user of Gmail, this news can appear to be extremely threatening, but the truth is not quite so bad.  In fact, the passwords in many instances have turned out to be passwords for other accounts of the Gmail account holders and that these passwords were obtained, not from hacking Gmail, but by hacking other accounts.  As a result of their investigation, Google has determined that less than 2% were working Gmail passwords.  Google has already acted to secure those affected accounts and contacting those people affected and advised them to change their passwords.  In response to this situation, Google has set up a new service called Account Checkup by which you can check to see if someone has logged on to your account.

TIPS

The good news is that if you have a Gmail account, it is unlikely that your Gmail password has been compromised, however the bad news is that some other password of yours has been compromised and you are in danger of identity theft.  The important thing for everyone is to have separate complex passwords for all of your accounts and to change them on a regular basis, such as every six months.  For more information about how to create complex, but easy to remember passwords, I suggest that you pick up a copy of my new book, “Identity Theft Alert.”  On the right side of this page is a link to the book on Amazon.  Where possible, you should also consider two-factor authentication for additional protection.

Scam of the day – August 29, 2014 – J.P. Morgan and other banks hacked

The FBI is investigating an apparent hacking of banking giant J.P. Morgan and as many as four other banks by what initially appears to be sophisticated hackers from Eastern Europe.  Some are theorizing that the hacking was sponsored by the Russian government in retaliation for sanctions brought against Russia in the wake of its actions in relation to Ukraine.  Much sensitive data was compromised and stolen as a result of the hacking.  The initial investigation appears to be focusing on the exploitation of computer programs used by a J.P. Morgan employee to work from a remote location.  This type of exploitation of remote desktop software such as Microsoft’s Remote Desktop, Apple’s Remote Desktop, Chrome’s Remote Desktop, Splashtop, Pulseway and LogMein that enable the convenience of logging into a company’s computers from an off site location has proven to be a major security flaw that has been continually exploited in company after company for quite a while going back to Target’s hacking last year to the recent UPS hacking.  I have warned people about this flaw for sometime and the FBI has warned American businesses to watch for this.

TIPS

Banks are a frequent target of cyberattacks and American banks have generally done a good job in recent years in protecting data, however, as this latest hacking shows, more needs to be done, particularly in regard to the particular type of malware used in this attack which may be or be similar to the “Backoff” malware I have been warning about.  As for we as consumers, there is little we can do other than to carefully monitor all of our accounts, only use credit cards rather than debit cards for retail purchases and limit the amount of personal information you provide to any company or governmental agency with which you do business.  This will not be the last major hacking exploiting this flaw to occur.