Scam of the day – October 30, 2016 – Hacker of nude celebrity photos sentenced

I first reported to you about a major hacking of nude photos of celebrities on September 2, 2014.   At that time, news of stolen nude photos and videos of more than a hundred celebrities including Jennifer Lawrence, Kate Upton, Jenny McCarthy, Rhianna, Avril Lavigne, Hayden Pannettiere, Hope Solo, Cat Deeley, Kayley Cuoco, Kim Kardashian, Scarlet Johansson and others was sweeping across the Internet. The photos were taken from  the Apple’s iCloud accounts of the hacked celebrities as well as their Gmail accounts.  A few days ago, Ryan Collins, the hacker who had pleaded guilty to the hacking the accounts was sentenced to 18 months in federal prison.

The manner by which Collins accomplished the hacking was simple but effective.  He sent spear phishing emails to his intended victims that appeared to come from Apple or Google in which under various pretenses he requested the victims’ usernames and passwords, which he then used to access their email accounts and iCloud accounts from where he stole the photos and videos.  Using the same spear phishing tactics two other unrelated hackers in Illinois and Oregon also hacked nude photos of various celebrities with both of these hackers having pleaded guilty.

TIPS

There are a number of lessons to be learned from this crime about how to protect your own security.  You should use a unique password for all of your accounts so if any of your accounts are hacked, all of your other accounts are not in jeopardy.  Make sure the password is a complex password that is not able to be guessed through a brute force attack.   Also, even if you are not a celebrity, you would be surprised how much information is online about you that can be used to come up with the answer to your security questions that can permit a hacker to gain access to your email account.  It is for this reason that I advise you to use a nonsensical answer to your security question, such as the answer “Grapefruit” for the question of  what is your mother’s maiden name.  Also, take advantage of the dual-factor identification protocols offered by Apple and many others.  With dual-factor identification, your password is only the starting point for accessing your account.  After you have inputted your password, the site you are attempting to access will send a special one-time code to your smartphone for you to use to be able to access your account.  Had Jennifer Lawrence and the other hacked celebrities used the dual-factor identification protocol, they would still have their privacy.  It is also important to note that merely because you think you have deleted a photograph or video from your smartphone, that may not be the truth.  Smartphones save deleted photographs and videos on their cloud servers such as the Google+service for Android phones and the iCloud for iPhones.  However, you can change the settings on your smartphone to prevent your photos from automatically being preserved in the cloud.

It is also important to resist providing your username and passwords in response to emails and text messages unless you have absolutely independently confirmed that the request is legitimate, which such requests seldom are.

Finally, for people considering looking up these nude celebrity photos on line, my advice is simple.  Don’t do it.   Ethically, it is the wrong thing to do.  However practically speaking, it also is too risky an activity.  You cannot trust any email, text message or social media posting that promises access to these photos and videos.  Many of these will be laced with malware and you cannot know which ones to trust.  Trust me, you can’t trust anyone.  In addition, identity thieves set up phony websites that promise to provide these photos and videos, but instead install malware on your computer when you click on links in these websites.  Identity thieves are often adept at search engine optimizing so a phony website might appear high in a search from your web browser.  Merely because a website turns up high in a search engine such as Google does not mean that the website is legitimate.

June 5, 2016 – Steve Weisman’s latest column from USA Today

Hillary Clinton isn’t the only one whose security is vulnerable on her email account.  Here is a link to Steve Weisman’s latest column from USA Today in which he describes where you are in danger and what you can do about it.

http://www.usatoday.com/story/money/columnist/2016/06/04/how-vulnerable-your-email-lesson-guccifer/85086498/

Scam of the day – June 3, 2016 – How safe are you doing online and mobile banking?

Just about everyone does some or all of their banking and bill paying through their computers online and more and more people are using their smartphones and other mobile devices to do their banking and bill paying as well.  Not only can electronic banking be fast and convenient, it can also be safe if you take the proper precautions.  Unfortunately, many people do not take the proper security steps necessary to protect themselves when doing online banking on their computers and even fewer people take important security steps when doing their banking and bill paying on their smartphones and other portable devices leaving them in serious danger of having their bank accounts hacked.

TIPS

Here is a list of important steps you should be taking to make your electronic banking more secure.

  1. First and foremost use a strong password which is one that contains capital letters, small letters and symbols.  Simple and common passwords even when they are encrypted can be cracked relatively easily through the use of sophisticated computer programs.  A good way to pick a strong password is to take an easily remembered phrase as your password.  For instance, you can use the phrase IDon’tLikePasswords as your base password.  Add a couple of !! at the end of the password and you have a strong password.  Since you should have a unique password for each of your accounts, you can adapt this base password for your banking account by merely adding a couple of letters to designate your bank at the end of the password so it may read, for instance, IDon’tLikePasswords!!BnkoAm.
  2. The answers to many security questions used by banks can be easily obtained either from public data bases or from the information that you may unwittingly post online in social media.  A common banking security question is your mother’s maiden name.  A good way to make this a strong security question is to use a nonsensical answer that only you will remember as the answer.  Thus the answer to the question could become “Pomegranate.”  It is silly enough for you to remember, but impossible for a hacker to guess.
  3. Use dual factor authentication by which when your bank account is being accessed online or through your smartphone, a one-time code is sent to you to use to access your account.  Surprisingly, some national banks such as Citibank, PNC Bank and TD Bank do not provide the option for dual factor authentication.
  4. Install and maintain with the latest security updates anti-malware and anti-virus software on both your computer and your portable devices.  Too many people do not use security software on their smartphones and many people do not update their security software promptly.
  5. When using a portable device for electronic banking do not use public Wifi. Instead use a Virtual Private Network which will encrypt all of your electronic communications.  A good VPN is CyberGhost which can be downloaded for free using this link.  www.cyberghostvpn.com
  6. Password protect your smartphone and other mobile device and don’t store sensitive information on your mobile devices.

Scam of the day – November 25, 2015 – Gigi Hadid being blackmailed after apparent hacking

Victoria’s Secret model, Gigi Hadid is reportedly being blackmailed by hackers who allegedly stole photographs of her  from her iCloud account and are threatening to make them public unless she pays a ransom.  Hadid has indicated that she has no intention of paying anything to the hackers.  This case brings back memories of the hacking and release of nude photos of a number of celebrities including Jennifer Lawrence, Kate Upton and Kim Kardashian in September of 2014.  Although presently it is unconfirmed whether her iCloud account actually has been hacked and, if so, how it was done, it is helpful to look back at how the celebrity iCloud accounts were hacked last year.  Using the “forgot password” link on Apple’s iCloud, it appears in many instances, the hacker answered the security questions and was able to reset the victims’ passwords and gain access to their iCloud accounts.  In other instances, the phones were hacked directly from where the photos were stolen.

TIPS

There are a number of lessons that we all can learn from how easy it was for hackers to gain access to someone’s iCloud account.  And to paraphrase Shakespeare  the fault is most often not “in the stars,” but our own responsibility.   All of us can be targets of hacking and we need to protect ourselves.  You should use a unique password for all of your accounts so if any of your accounts are hacked, the rest of your accounts are not in jeopardy.  Make sure the password is a complex password that is not able to be guessed through a brute force attack.  Check out my book “Identity Theft Alert” for advice as to how to pick a secure and easy to remember password.    Also, even if you are not a celebrity, you would be surprised how much information is available online about you that can be used to come up with the answer to your security questions.  It is for this reason that I advise you to use a nonsensical answer to your security question, such as the answer “Grapefruit” for the question of  what is your mother’s maiden name.  Also, take advantage of the dual-factor identification protocols offered by Apple and many others.  With dual-factor identification, your password is only the starting point for accessing your account.  After you have put in your password, the site you are attempting to access will send a special one-time code to your smartphone for you to use to be able to access your account.  Had Jennifer Lawrence and the other hacked celebrities used the dual-factor identification protocol last year, they would still have their privacy.  It is also important to note that merely because you think you have deleted a photograph or video from your smartphone, that may not be the truth.  Smartphones save deleted photographs and videos on their cloud servers such as the Google+service for Android phones and the iCloud for iPhones.  However, you can change the settings on your smartphone to prevent your photos from automatically being preserved in the cloud.

Scam of the day – June 8, 2014 – Sentencing of Guccifer

Guccifer, the alias of an infamous Romanian hacker whose real name is Marcel Lazar Lehel was sentenced two days ago for his hacking activities which involved many famous people including Steve Martin, Colin Powell, George W. Bush, John Dean, Mariel Hemingway, Lorne Michaels, Carl Bernstein, Rupert Everett, Eric Idle, Whoopi Goldberg and Julian Fellowes the writer of “Downton Abbey.”  Guccifer was sentenced to a prison term that could be as long as seven years. Although  Guccifer hacked into the email accounts of many famous entertainers and politicians, he did not exploited his hacking targets for financial gain even though the information he obtained would have allowed him to do so.  Rather his goals, more often appeared to be to embarrass his victims and shake the world up a bit.  Through hacking of his victims’ email accounts he gained access to and made public the final episode of Downton Abbey, months before it was aired.  He also made public embarrassing information he obtained through his hacking efforts of politicians and celebrities on both sides of the Atlantic including allegations that former Secretary of State Colin Powell had an affair with a European Parliament member, Corina Cretu.

One technique Guccifer, a cab driver by trade,  used was to get an email address of someone such as he did with media icon, Tina Brown, who has an extensive email address book.  He then used simple techniques to answer his victim’s security question and change the password to the account whereupon he was able to take over the account and have access to all of the information stored there.  Simple, publicly available information such as birth dates, schools attended and other such information provided the keys to answering the security questions of his victims.  He also apparently used lists of the name of pets to answer security questions as well.  And herein lies the lesson for us all.  Even if you are not a celebrity, there is so much information about us all that is publicly available; sometimes the information is even provided by us through our Facebook pages and other social media, that it is an easy task for a hacker to get at our email accounts and other password and security question protected accounts.

TIPS

Since protecting your email address is an impossible task, the key to protecting your account from being hacked is to have strong security questions and the key to that is to provide a question to which the answer can never be guessed by a hacker.  So if your security question is “What is my favorite vegetable?” you should make the answer “electronic clock” or some other totally illogical response.  Don’t worry about remembering it yourself because if the question and answer are as ridiculous as this, you will remember it.

Scam of the day – November 5, 2013 – Email hacking

Two close friends of mine had their email accounts hacked this week and they are not alone by any means.  Email hacking is a common occurrence and it can represent a serious security threat or a benign inconvenience, however, in either event, it is important to act promptly to remedy the situation. Sometimes your email is hacked and used as part of a botnet, which is a zombie network of computers used by scammers to send out spam.  Other times, however, when you are hacked, malware is installed on your computer without your becoming aware of it. One particularly troublesome type of malware is keystroke logging malware that can steal all of the information from your computer and make you a victim of identity theft.  Often you only become aware that you have been hacked when someone on your email list informs you that that you have received an email that appears to have been sent by you, but is strange and arouses suspicion.

TIPS

Here are some tips for what to do if you have been hacked.  For more detailed information, check out my book “50 Ways to Protect Your Identity in a Digital Age.”  You can order it by clicking on the link on the right hand side of this page.

1.  Change your password on your email account.  If you use the same password for other accounts, you should change those as well.

2.  Change your security question.  I often suggest that people use a nonsensical security question because the information could not be guessed or gathered online. For instance, you may want the question to be “What is your favorite color?” with the answer being “seven.”

3.  Report the hacking to your email provider.

4.  Contact people on your email list and let them know you have been hacked and not to click on links in emails that may appear to come from you.

5.  Scan your computer thoroughly with an up to date anti-virus and anti-malware program.  This is important because the hacker may have tried to install a keystroke logging malware program that can steal all of the information from your computer.

6.  Review the settings on your email, particularly make sure that your email is not being forwarded somewhere.

7.  Get a free copy of your credit report.  You can get your free credit reports from www.annualcreditreport.com.  Some other sites promise free credit reports, but sign you up for other services that you probably don’t want or need.

8.  Consider putting a credit freeze on your credit report.  You can find information about credit freezes on my blog www.scamicide.com.

 

 

Scam of the day – June 25, 2012 – Latest Facebook scam

It is a relatively easy matter for someone to hack into the Facebook account of one of your friends.  The hacker then sends you a message with a link that you trust because it appears to be coming from one of your friends.  The link then takes you to a phony phishing page that appears to be a Facebook login page, where you insert your password to re-enter Facebook.  You have now turned over your Facebook password to the identity thief.  Once armed with that, the identity thief then has access to all of the information you have input into your own legitimate Facebook page, which often may have the information many of us use as security questions for services such as online banking.  Since many people make the mistake of using the same password for everything, you have now provided the identity thief with both your bank account password and information necessary to answer your security question.  At that point the identity thief has enough information to empty your bank account.

TIPS

Use different passwords for different accounts and change them on a regular basis.  When determining security questions, consider whether people would be able to readily access the information necessary to answer your security question from information that may be available online.  Never click on links from strangers and never click on links from friends who may have been hacked until you have actually spoken to them to confirm that the link is from them.  Even then you should exercise caution because your friend may have unwittingly be passing on a link tainted with malware.  While on Facebook, if a link takes you back to a Facebook log-in page, immediately exit the browser.  Do not type your password in.