Posts by sroth:
- Change your passwords quarterly – especially those that protect your email accounts, domain logins and online banking accounts.
- Use passphrases with at least 12 characters consisting of upper and lower case letters, numbers and special characters.
- Never share your passphrases with others and, if you enter your passphrase on a public computer, change it once you are able to log on to your account from a secure location.
- Use two-step verifications whenever they are available.
Just when you think you can breathe a sigh of relief, we’re told to suck that air back in and brace for the inevitable fallout of what is now being considered the largest confirmed data breach of a single company’s computer network to date. According to officials at Yahoo, hackers gained access to more than 500 million user accounts registered with the technology company two years ago. And because so many people use Yahoo for their email, finances, fantasy sports and so on, everybody is being urged to take action immediately – before the cybercriminals have a chance to exploit the stolen data.
Depending on the type of information you have stored on your user account, there are all kinds of dangers associated with this type of data breach. Yahoo officials confirmed that hackers successfully gained access to user names, email addresses, telephone numbers, birth dates, encrypted passwords and, in some cases, security questions.
If you are one of those people who use the same password across all your online accounts, the recovery process will be difficult. Changing your Yahoo password is only the first step in the recovery process. Because cybercriminals can use the information collected to attempt to log in to other websites, you will also need to comb through your other online accounts to make sure they remain secure.
In the meantime, consider utilizing the following password best practices.
Think Before You Click
In addition to maintaining your passwords by taking advantage of the best practices listed above, stay vigilant when it comes to email safety. In particular, consider every unsolicited email and communication you receive as untrustworthy. A single click of the mouse can open up the flood gates and can leave your company’s network vulnerable to a myriad of cyber threats.
By Steve Roth, IT Director (New Philadelphia office)
Check out these article for even more password tips:
Could Your Computer Make You A Target For Fraudsters?
There is a new scam making the rounds and if you have a Dell computer you could be at risk.
KnowBe4 recently published a blog informing users of the newest security issue, which has apparently left owners of Dell computers vulnerable to scammers who have been able to capture their computer’s unique tag ID (the unique sticker on your desktop or laptop) from Dell’s database.
Fraudsters proceed to call potential victims and attempt to gain access to their personal computer by claiming that there is a problem with their computer – the stolen information is then used to establish credibility. Once the fraudster convinces their victim to grant them remote access to their desktop or laptop to “fix” the problem, the scam is complete and the security of your personal information has been compromised. In other words, your personal information (such as credit card numbers, banking information, Social Security number, contact information, etc.) is no longer personal.
Dell has said that the company is investigating the issue but, at this time, offers little to no explanation for the alleged breach. Rather, the company is quick to point customers to this October 2, 2015 post advising of tech support phone scams.
According to the KnowBe4 blog post, this scam is similar to a Microsoft tech support scam where fraudsters call PC users with a similar request – to be allowed to gain remote access to a computer to fix an alleged problem.
“End-users gullible enough to give access to their workstations (usually via remote software), are billed hundreds of dollars on their credit card but the scammers, of course, don’t fix anything – in some cases their PC’s are infected with ransomware until they pay up.”
This is a great time to educate yourself and your employees about ways to keep your company’s data, computers and other devices safe. For example, if you do get a suspicious call, refrain from providing any information to the caller. Instead, insist that you will call them back. When you do return the call, use a phone number you know to be accurate or visit the company’s website for the phone number. Never call back the number that shows up on your caller ID. Another way to determine if the number is legit is to search the number in Google. This is a fairly accurate way to determine the validity of the call.
Have you been a victim of identity theft? Read on to start recovering today.
It seems that a new scam pops up every week. Fortunately, education and a little common sense is the key to your ensuring your safety.
Would you like help putting controls in place to protect your business from becoming victimized by a opportunistic hacker? Email Rea & Associates and request to speak with a member of our IT audit team. For more tips and insight, take a look at the related articles below,
Want more security tips for your business, check out these posts:
While it may be the most wonderful time of the year, cyber criminals are looking for ways to stuff their own stockings – at your expense. The holiday season is also a busy time of the year for scammers because, in general, more money is being spent and more people are clicking through cyberspace for the best deals and tracking their purchases. KnowBe4 recently published a blog about the top five scams shoppers should be on the lookout for, and I wanted to pass these on to our readers. Consider the following information to be an early gift from me to you, and hopefully your bank account can welcome the New Year unscathed.
Read Also: Malware Threat Spreads To Smart Phones
1. Post-Thanksgiving Madness (otherwise known as Black Friday and Cyber Monday)
Thanksgiving is just around the corner, which means shoppers are already planning their early-morning shopping strategies. Sure there are great deals up for grabs, but there are also scammers looking forward to feeding on the hype in the hopes that you will let your guard down. Believe it or not, it can be pretty easy to mistakenly fall for those offers that appear to be too good to be true simply because we have become conditioned to believe that these deals are part of the overall allure. Tip: Before completing the transaction, visit the retailer’s actual website to make sure the deal is valid.
2. Don’t Miss This Deal – Your Facebook Friend Didn’t
Just because one of your friends shared a coupon or voucher on Facebook or another social media site, doesn’t mean it’s legit. In fact, hacked social media accounts are pretty common. Scammers like this approach because they know that you are more willing to take the bait if the scam comes from somebody you trust. If one of your friends is guilty of passing along some of these not-so-helpful posts, give them a call or send them a text to find out more. Chances are, you will be the one helping them out by letting them know that their account has been compromised.
3. What Do You Mean ‘There’s A Problem’?!
You’ve shopped, dropped and paid for two-day shipping and it looks like you will have your gifts in time for the next family gathering. But then your inbox gets hit with an urgent message from UPS or FedEx notifying you that there may be a problem with the delivery of your package. Fortunately, the email includes a link for you to click on to get the issue resolved. STOP! This is a common phishing scam. Scammers will often use this tactic in the hopes that you will click on the link. Before you know it, your computer has been infected with a virus … or worse – ransomware.
4. Click Here For A Refund
Similar to the UPS/FedEx scam identified above, this tactic is another attempt to get the unsuspecting consumer to click on an infected link. In this scenario, you might receive an email from a major online retailer – Amazon, eBay, etc. – with the message that there’s a “wrong transaction,” which requires you to click on a link to secure your refund. Instead of a refund, when you click on the link you will receive the gift of a security breech instead. Clicking on these links simply opens the door for scammers to access to your personal information, which will then be sold to the highest bidder and used against you later.
5. Use The Force Against Phishing Scams
Wouldn’t it be nice to win tickets to see Star Wars: The Force Awakens when it is released on Dec. 18? Sure, but given what you know now, would you be willing to take the risk and click on the link in your email to find out if the offer is real? Scammers use a variety of tactics to get you to make a mistake. This scam, for example, is another way popular culture is being used against unsuspecting victims.
Remember, whether it’s a deal, contest, sale, or any other type of offer, if it looks unbelievable or questionable (even if it appears to have been sent from a trusted source), don’t click on the link or open an attachment. If you have doubt, delete! KnowBe4 also offers readers two other great tips to keep your private information and your bank account safe 365 days a year:
- Never use a debit card online. Cyber criminals can (and will) wipe out your bank account in seconds once they gain access. You can protect yourself by using a credit card.
- Never use your credit card to shop when your computer is connected to an insecure public Wi-Fi. All online shopping should always be done on over a secure, private internet connection.