We wrote last year about how the IRS and their Get Transcript service was instrumental in helping identity thieves file fraudulent tax returns for big refunds. The problem was that the IRS used static user identity information that was available elsewhere online. They promised to fix this security problem, but have not. This year, many users of the IP PIN system that was supposed to harden security ...
Here’s a provocative statement: If you could just prevent your staff for clicking on links or opening attachments in phishing emails, 95% of your cybersecurity problems would be prevented.
As perimeter defenses and anti-malware software products have become more effective, cyber-attackers have turned to the phishing email approach as their number one favorite method for acquiring user names and passwords or gaining unauthorized access to computers on your network. The ...
Continue Reading →
This should really be called “anti-social” engineering. A good definition is “social engineering is a non-technical method of intrusion hackers use that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. It is one of the greatest threats that organizations today encounter.”
My article on Wednesday will give an example of phone based social engineering – the fake tech support ...
Continue Reading →
Passwords – Is mine strong enough? How do I know? Every time I write a password article I feel as if this subject has already been done to death by me and others. But I always get more positive feedback on this subject than others I consider more interesting, so we offer the following suggestions:
I am getting posts from the FBI and the Internet Crime Complaint Center (IC3), and received this interesting warning on November 18th of last year. This warning was sent to law enforcement and public officials, but if you have come to the point in your life were you are feeling a bit overexposed on the Internet, these tips can help you too.
For some of us, a few of these suggestions ...
Continue Reading →
Happy New Year! This week we are going to investigate ways that we can recover some of our personal privacy and enhance the our security our online lives.
Let’s face it, many of us have been running amok on the Internet, busily sharing all sorts of personal information on Facebook, Twitter, LinkedIn, Pinterest, Snapchat, and who knows where else. Every time we buy something ...
Continue Reading →
According to a post on Sophos, Comcast has reset the passwords on 200,000 customers after a security researcher discovered an advertisement on the Dark Web offering to sell 500,000 Comcast passwords in pain text for $1000 in BitCoin. Investigation by Comcast found that “only” 200,000 of there accounts were active and proactively reset the passwords on all the affected accounts. ...
We recently learned that credit report service Experian had a breach of T-Mobile customer information. This is just another addition to the pile of Personally Identifying Information (PII) that has been exfiltrated from sundry organizations including the Office of Personnel Management, various BlueCross BlueShield organizations, and Harvard University.
So what to do when this happens to you? When you are notified by the ...
Continue Reading →
We try to save up some funny stuff for our Sunday Funnies post, and I admit this is pretty borderline. Maybe not funny. But I do love corporate-speak, and since tomorrow we will be discussing the things you can do if your personal information is part of a data breach, we thought this might be a fun way to open this discussion.
Thanks to our friends at Sophos, for ...
Continue Reading →
One of the goals of this website is to help small business owners and regular folks secure their digital world by providing useful information that can be put into practice. Today we are going to be looking at what sorts of digital assets need securing.