You’ve been Hacked! Pwned! Account Compromised. Bank account emptied. Credit cards were stolen and sold on the dark web. Facebook account hacked, now inappropriate messages or videos sent to your friends and family members. New accounts and credit cards opened in your name. Or worse, you’re on a vacation and suddenly your credit card is declined or you’re in the airport and your flight is canceled. Maybe you’re traveling through an airport and someone skims your credit card and starts making transactions while you’re in the air. What would you do? How long would it take you to respond? How many times have you received a phone call that says you have to pay some portion of a bitcoin (BTC), or a webcam video of you doing something inappropriate is going to be sent to all your contacts.
These are just a few of the scenarios that can and do happen in our increasingly connected world. With the Samsung Pay and Apple Pay, mobile payments that can be performed with your cell phone, Apple Watch, or Android Wear watch and the increasing number of Mobile devices and Internet of Things (IoT) devices security is paramount for everyone no matter what your career field or socioeconomic status. The purpose of this article is to give you some common sense tips to protect yourself and also give you the ability to help your friends and family stay safe online as well.
Part 1: Facebook:
As of the time of writing this article, Facebook has approximately 2.23 Billion users worldwide and that means that even if you are not on Facebook, many of your friends might be. So you don’t have a Facebook account you say so you’re not at risk? Well, that’s not exactly true because of a trend called cybersquatting…That means that someone can claim your Facebook name and effectively pose as you simply by creating an account in your name even if you don’t have a Facebook account. Or maybe you don’t check Facebook that often. It’s also plausible that someone might make a Facebook account that is similar to yours and people in your network or friends of your friends might send you a friend request thinking that it’s you. Additionally, you absolutely should go into your Facebook account and view your profile as someone else sees it to make sure you’re not sharing information with people you don’t want to. If you’ve seen the news recently, hackers were able to exploit a vulnerability in the supposedly secure tokens that allow you to view your profile as one of your friends.
Part 2: Passwords and Password vaults
There are three kinds of users in this world: 1. Those that use the same password for everything 2. Those that write their passwords down so they won’t forget, and 3. Those that use password vaults/generators. Passwords are the last line of defense when it comes to security and often the first thing that bad guys go after. Commonly referred to as creds, the usernames and passwords are what hackers seek to exfiltrate from the networks and systems they go after. Passwords should be changed at a minimum every 90 days and should be a complex pattern of letters, numbers, and special characters that are not easily guessed or cracked. No dictionary words allowed or any of the potential answers to your secret questions.
It doesn’t matter really the password service you use, just use one. Whether it’s LastPass, Dashlane, KeePass, or Apple’s built-in password manager. Every password in the wild is another chance for a bad guy to exploit.
Part 3: App downloads
Third party app stores are the primary way that ransomware and crypto miners are spread in the wild. Even Amazon’s own app store requires you to allow apps from unknown sources if you don’t have an Amazon-branded device. Bottom line, don’t use app stores you don’t know and us security software if possible (though that doesn’t provide much protection). Mobile apps are special in that each app runs code on a mobile device and can be reverse engineered/exploited by anyone with enough time and effort. Mobile apps are usually digitally signed by Apple and Google, but that is easily faked. Mobile apps live in an operating environment that is full of security vulnerabilities and exploits and many of them cannot be fixed because they are controlled by the carriers or equipment manufacturers. Carriers like T-Mobile, Verizon, AT&T and Sprint, many of which don’t have an interest in fixing the vulnerabilities because they are more interested in getting you to buy a new phone every year or every other year. Because data plans are at a premium, carriers can charge ridiculous amounts of money for data and wireless hotspot plans. With the introduction of 5G service, this will only amplify the speed at which attackers can serve up exploits to mobile users. Apple is notorious for convincing users to upgrade to new devices because of some new feature or operating system version and eventually, devices will no longer run the latest and greatest Operating System (anyone still remember the iPod touch?)
CHUCKYSCARNAGE 