Scam of the day – December 28, 2014 – Hackers release personal information of 13,000 people

Yesterday a group of hackers posted personal information including usernames, passwords and credit card information of 13,000 people on its Twitter account @AnonymousGlobo.  The hackers indicated that they had stolen the information from a large number of popular websites that they listed.  Among the websites listed by the hackers were Amazon, Walmart, PlayStation Network, Xbox Live and a large number of popular pornography sites including Brazzers.  The hackers later wrote “We did it for the Lulz” which is slang for doing it just for their own personal enjoyment and satisfaction.  While we do that much personal information was made public and thus putting the victims in danger of identity theft, we do not know if, indeed, the hackers actually did, as they stated, steal the information by hacking into the particular websites they stated or, alternatively, if they used phishing emails to their thousands of victims luring them to click on links in the emails and download keystroke logging malware that provided through which the victims’ own computers supplied the information to the hackers.  Either alternative is a source for concern.

TIPS

There are a number of lessons to be learned from this hacking.  One is to never leave your credit card information on file with an online retailer with which you do business for the sake of convenience.  It may save you a few seconds the next time you make a purchase with the particular retailer, but it also makes your credit card information vulnerable in the event that the retailer is hacked.  A second lesson is to use different usernames and passwords for each of your online accounts because if you do, as many people do, use the same username and password for all of your online accounts, in the event of a data breach at one company with which you do business, the hackers would be able to get your user name and password for all of your accounts, thereby putting you in greater jeopardy of serious identity theft.  Finally, it is important never to click on links in emails or text messages unless you are absolutely sure that the communication is legitimate and you have confirmed that fact.  Identity thieves are adept at tricking people into clicking on links that contain malware by making the communications look legitimate or even by hijacking the email account of someone you trust.

Scam of the day – December 4, 2014 – Which online shopping websites are the safest?

Shopping online is not limited to Cyber Monday.  Many of us are fond of the ease and convenience of online shopping, not to mention the considerable savings we sometimes achieve.  However, there is always a question about the safety of the online shopping experience.  Recently, the password management company, LastPass did a security comparison of ten popular online retailers and rated them for security considering the following factors:

1.  Password requirement

2.  Assistance in setting up a strong password

3.  Use of a security question

4.  Simplicity of security question

5.  Automatic encryption of data

6.  Storage of  personal data

The optimum score would be by a company that required a password, provided assistance in evaluating the strength of your password, required a security question asking for information not readily available to an identity thief, automatically used encryption for transfer of data and stored the least information necessary.  At the top of LastPass’ list was the Apple App Store, eBay and Macy’s.  At the bottom of their list was JC Penny and Sears.

TIPS

The best place to find a helping hand is, as always, at the end of your own arm.  When shopping online, you should always make sure that a password is necessary and that you use a strong password.  You can find information about setting up a strong password in the archives of Scamicide.  Security questions are always a good idea and an even better idea is to make a nonsensical answer to your security question which will turn a weak security question, such as your mother’s maiden name into a strong security question.  For example, if your mother’s maiden name is “Smith,” make the answer to the question “Grapefruit.”  No one will find that answer by doing research.  Never provide credit card information unless the transaction is encrypted which you can determine by looking for “https” rather than merely “http” at the beginning of the website address line.  Finally, regardless of how convenient it may be, don’t leave your credit card stored with the retailer for future use. Insert the credit card anew each time you purchase something.  Leaving your credit card information with the retailer just makes you more vulnerable in the event of a data breach of the retailer.

Scam of the day – October 10, 2014 – Increasing threat of smartphone hacking

Hacking of smartphones was in the news recently with the revelation by Lacoon Mobile Security that the Chinese government through a phishing scam lured democracy protestors in Hong Kong into downloading a malware ladened app on to their smartphones that enabled the Chinese government to monitor the communications of protestors.  In this instance, smartphone users in Hong Kong were responding to a message on WhatsApp that read “Check out this Android app designed by Code4HK for the coordination of OCCUPY CENTRAL.”  Those responding to the message and clicking on the link provided ended up downloading malware that enabled the Chinese government to monitor the smartphone users’ communications as well as provide access to all of the personal information stored on the phone.  Code4HK is the name of a group of computer programmers who have been working with the pro-democracy movement in Hong Kong, but had nothing to do with this software or message.  As we all become more and more dependent upon our smartphones, use them for sensitive financial transactions and store more personal information on them, they have become an increasing target for hackers and identity thieves.  Security company McAffee has said that the incidences of mobile malware increased 197% just between 2012 and 2013.

TIPS

The key to protecting the security of your smartphone from the threat of malware is to not downloading the malware in the first place.  One important rule to follow is to not install apps only from legitimate vendors.  Most carriers will also provide security software for your smartphone as well as an app that will scan your smartphone for malicious apps you may have unwittingly downloaded.  Check with your carrier as to what security software and apps are available to you on your particular smartphone.  Never click on a link in an email, text message or other communication unless you have absolutely verified that it is legitimate.  The risk of downloading malware is too great.  Protect your smartphone with a strong password, install security software and encryption software as well as anti-malware programs such as the app Lookout which has a feature that continually scans your smartphones for viruses and malware.

Scam of the day – July 24, 2014 – StubHub hacking – what it means to you

Six people including both Russian and American citizens were indicted yesterday in New York for hacking into 1,600 StubHub accounts and stealing more than 1.6 million dollars in tickets.  StubHub is a website where people can buy and sell sports and entertainment tickets.  Although the accounts hacked were StubHub accounts, it appears the fault was not that of StubHub, but rather of individual StubHub customers whose passwords and user names were obtained through hacking of other companies or through the use of keystroke logging malware programs unwittingly downloaded, most likely through phishing emails to the victimized consumers.

TIPS

For those people who used the same user name and password for all of their accounts, this hacking is another example of why you should not do so.  Using the same user name and password puts you in danger in all of your online accounts if merely one of your online accounts is hacked.  The better course of action is to use a different user name and password for every account that you use.  Although this may seem like a complicated thing to do, it need not be so.  Just adding a couple of letters describing the account to your password can provide you with much added security.  So for example if you used the basic, safe password of “IHatePasswords123!” which is a strong password and then added a few letters to describe the particular account such as a StubHub password of “IHatePasswords123!StubHb” you would have a difficult to break, but easy to remember password. As for protecting yourself from downloading keystroke logging malware by which you unknowingly download malware that provides access to all of the personal information on your computer the key thing to remember is to never click on a link or download an attachment unless you are absolutely positive that it is legitimate and you have independently confirmed its legitimacy.  Also, you should maintain your anti-malware and anti-virus software up to date with the latest security patches.

Scam of the day – June 23, 2014 – Duke University Press data breach

Duke University has announced that its Duke University Press has suffered a data breach.  Although no financial information was stolen, usernames and encrypted passwords were stolen.  However even though the passwords were encrypted, it is not uncommon for sophisticated hackers to use software programs to decipher passwords that are not particularly strong.  This is just the latest hacking of an institution of higher learning.  In just the last four months, personal information on more than 750,000 students was stolen in data breaches at Iowa State University, University of Maryland, North Dakota University and Indiana University.

TIPS

Again, the advice to follow, if you were a victim of the Duke University Press hacking is to change your passwords immediately.  It also is a good time to consider changing your passwords for all of your password protected accounts and making them strong enough to withstand hackers’ decryption software.  A good password will be a combination of lower case letters and higher case letters, figures and symbols.  In order to make the passwords memorable, you can use a phrase, such as “IDon’tLikePasswords**” you can also adapt the password to different accounts, such that you make your Amazon password “IDon’tLikePasswordsAMA**.”  In this way you can establish easy to remember, but difficult to decipher passwords.