Scam of the day – December 6, 2013 – Massive hack of two million internet accounts

Trustwave, a cybersecurity company has just uncovered a hacking of close to two million Facebook, Google, Twitter, Yahoo, LinkedIn and other social media accounts.  Even more ominously, the hacking includes other Internet sites including ADP, a payroll service provider.  The hackings appear to have started on October 21st and still are going on.  Compromised information includes usernames and passwords.  The hacking is a worldwide phenomena with computers affected in more than 100 countries.  ADP, Facebook, LinkedIn and Twitter have already notified its users to reset passwords for affected accounts.  Particularly troublesome is the hacking of ADP, the payroll company.  Approximately 2,400 accounts had their security breached.  Although the exact manner that the hacking was accomplished still has not been identified, what is known is that the hacking was achieved by luring people into downloading keystroke logging malware that stole the information from their computers.  This technique is referred to as phishing.  You will find more about phishing in my book “50 Ways to Protect Your Identity in a Digital Age,” but in essence phishing occurs when an identity thief sends you an official looking email or you go to a counterfeit website where although the email and the website appear legitimate, they are not.  When you click on links in the email or website you download the malware.


Also distressing is the fact that in uncovering this hacking, Trustwave identified the passwords that were compromised and the large majority of them were simple passwords that are easy for identity thieves to guess.  The most common password of the stolen passwords was 123456.  Another problem for people who had their passwords and user names stolen is that people often use the same password for many different accounts so they are in danger not just in the hacked accounts, but in others they use.  Scamicide and “50 Ways to Protect Your Identiy in a Digital Age” provide detailed help in picking a simple to remember, but complex password that will make you safer on line.  Also, it is important to have anti-malware and anti-virus software installed on your computer and maintained up to date with the latest patches.  Also keep all of your software updated with the latest security patches.  For this reason, whenever software companies issue security patches, I provide links to them here on Scamicide.  Check this site each day to make sure you are safe.  Finally, do not click on links or download attachments in emails or on websites unless you are absolutely sure that they are legitimate.

Scam of the day – October 30, 2013 – Syrian Electronic Army hacks President Obama’s Twitter and Facebook accounts

It is an unfortunate fact of digital life today that it is pretty easy for a sophisticated hacker to take control of your Twitter or Facebook accounts.  It is for this reason that I have written so much about the dangers of having these accounts hacked.  You can go to the archives of Scamicide to read about these in past Scams of the day.  Despite the fact that Twitter has, as described in an earlier Scam of the day, tried to take increased security measures by permitting you to do a double authentication system, few people are taking advantage of this increased precaution.  You can find instructions as to how to better protect yourself on Twitter in my Scam of the day for June 10, 2013.  Apparently the President of the United States or his electronic security advisors have not been reading Scamicide because earlier this week both President Obama’s Twitter account and Facebook account were hacked by the Syrian Electronic Army, a group of hackers loyal to Syrian President Bashar al-Assad.  Earlier this year this same group hacked a number of high profile websites including the New York Times and the Washington Post.  In the latest hacking, the Syrian Electronic Army users were redirected to a pro-Assad video.  The hackers also posted screenshots that appeared to be from the President’s campaign email account as well as a screenshot that appeared to be from a control panel for Obama fundraisers.


The biggest lesson to take from this latest hacking is that everyone is in jeopardy of being hacked.  Often it is relatively simple flaws that are exploited by the hackers to get access to thee accounts.  Often the problem has been passwords that are just too easy for an experienced hacker to figure out.  Check out  “50 Ways to Protect Your Identity in a Digital Age” for some thoughts on how to create a complex password.  Generally you want something with capital letters and symbols.  If your password is a word in the dictionary, it is not a safe one.  But you also need something easy to remember so something like “Safety1st***” is a pretty secure password that is easy to remember and hard to crack.  Also many hackings occur as a result of the victims clicking on infected links that contain malware that is automatically downloaded on to the victims computer and then is able to provide the hacker with all the information they need to hack your accounts.  Never click on a link until you are absolutely sure that it is legitimate.  And even if you click on a link in an email or text from a friend, you must be wary of either the friend’s email or smartphone being hacked and the message coming from someone else or your friend passing on tainted malware without their realizing it.

Scam of the day – February 26, 2013 – Microsoft hacked – what it means to you

A few days ago, Microsoft announced that it, like Apple, Facebook, Twitter and hundreds of other prominent companies had been hacked.  The Microsoft hacking is still being investigated and it has not yet been determined if sensitive information was compromised or taken by the hackers, but the lesson is clear for us all.  You are only as secure from identity theft as the security of the weakest place that holds personal information about you.  In the Microsoft and other company hackings in recent days, it appears that, once again, it was a vulnerability in Java that was exploited by the hackers and since anti-virus security software is always playing catch-up when responding to the latest viruses created by the hackers and identity thieves, people should ask themselves whether or not they need to use Java software on their computer.  It has been estimated that half of the major computer hacking last year was done by exploiting vulnerabilities in Java.  It would appear that as soon as Java plugs a hole in their software, the hackers find another to exploit.


You should consider whether or not you need Java software since it is such a target for hackers who may hack into your computer just as they have done with hundreds of businesses that use Java.  If you need Java, you should install the latest security patch.  Here is the link to information about both installing the latest Java security patch as well as information about deactivating Java from your computer.

Here at scamicide, I will continue to promptly update you with the latest information about security patches you should use to make sure your computer is protected as well as possible.

You should also make sure that your Firewall is operating, use a complex password, maintain constantly updated security software and be prudent when downloading anything or clicking on a link as I have described in my book “50 Ways to Protect Your Identity in a Digital Age” because, as I have told you before, security software is only about 5% effective against the latest viruses.  It takes generally about a month before the software is updated.  Also, in order to limit your exposure to identity theft, limit the amount of information that you provide to companies and websites that store that information because if they are hacked, your security is compromised.