Worst Passwords of 2014

The latest report on our password usage in 2014 is public and it doesn’t look good. Based on an analysis of millions of leaked passwords, it shows “123456” and “password” as the two most common passwords. That is unchanged from 2013.

When you use weak passwords, you are exchanging security for convenience, which is not a good protocol, especially in today’s active hacking environment. It is evident from this list of the worst passwords of 2014, that people have not changed their bad password habits. Here are three tips for better protection:

1. Use strong passwords that are a minimum of eight characters in length and contain upper and lower case and special characters.

2. Use a password vault or manager to help you store and access strong passwords. They are plenty of free and paid options for your computer and your smartphone.

3. If you do store your passwords in a Word file or Excel spreadsheet, as my audience members often tell me they do, do yourself a big favor and encrypt and password protect the file. And don’t be like Sony and name the file “Passwords”.

An extra tip: Don’t use any of the “Worst Passwords of 2014”.

http://mashable.com/2015/01/20/worst-passwords-of-2014/

Five Ways You’ll Be Hacked on Cyber Monday

According to a June 2014 study by the Center for Strategic and International Studies, the likely annual cost to the global economy from cybercrime could reach $575 billion. It’s a big number. Here are five ways hackers will try to get you to contribute to it while you enthusiastically search for the best deals on Black Friday and Cyber Monday.

Hack #1 — Social Engineering – the process of manipulating people to give up private information.  Some of the most well publicized hacks in recent memory have been socially engineered. What’s more likely… Apple’s iCloud being hacked or someone (such as Kate Upton or Jennifer Lawrence) being tricked or willingly “lending” their password to someone?

If you are checking out on an obscure website this Cyber Monday and the site asks you to “confirm” the last four digits of your social security number, you’re about to be hacked.  No commerce site needs your social security number, not even the last four digits.  The request will look innocuous, you’ll be busy getting a deal on that awesome pair of rare Nike kicks, and you’ll be one step closer to having your credit card spoofed or worse. Countermeasures — Don’t give up more information than is absolutely necessary.

Hack #2 — Phishing – the act of defrauding an online account holder of financial information by posing as a legitimate company. Got an email from Amazan.com? Yeah, that’s not Amazon. Look closely. Thanksgiving is one of the heaviest phishing days of the year, because fewer people paid to protect you from phishing attacks are working. Phishing attacks are actually 336% more common on Thanksgiving, meaning you’re far more likely to receive a suspicious email in your inbox on Cyber Monday.

There’s a reason Gmail sent that email to your Spam folder. Leave it there. If you didn’t ask for it, don’t click on it! There’s no reason to give out your financial info because a scammer decided to send you a halfway decent-looking email.  Countermeasures — Carefully, carefully, carefully check who emails are from. If you’re not sure about a sender, it’s best to avoid that email and deal.

Hack #3 — “Scammer Grammar” and General Scamming Behavior – If a website features many misspellings and grammatical errors, be wary. No company that genuinely wants your business will rush to put up a listing that looks like it was typed by a third grader.

Beware of sites that require payment via wire transfer, or that require you to act immediately to secure the product. Consumer Affairs says, “Beware of ‘act now’ offers that tell you the seller is a soldier needing cash for possessions before deploying to a war zone or a recent divorcee wanting to unload her former husband’s belongings. These tactics are often bait to empty your wallet. Most of the time the items don’t even exist.”

Another big scam is the auction follow-up email hack. If you miss out on an auction or timed deal, ignore follow-up emails with the same offer. Scammers love to track auction sites and contact losing bidders to direct them away from secure buying environments. If you lose an item, move on to another auction. Countermeasures — Don’t shop on sites that look like they were designed by practitioners of phonetic writing or sites that would have looked awesome in 2004.

Hack #4 — Fake Black Friday Ads – Inauthentic Black Friday ads re-direct you to places you shouldn’t be, or may install malware/unwanted software on your computer.

Everyone’s looking for the best deals, so cyber criminals love to release fake Black Friday ads that trick you into visiting sites you otherwise wouldn’t visit. If you want to find great Cyber Monday deals, go directly to reputable websites, whether they’re vendors (Best Buy, Amazon, Walmart) or trusted third-party aggregators (BFAds.net).

To protect yourself against phony ads, don’t change up your browsing habits from the rest of the year. Go directly to websites instead of through Google. Walmart isn’t selling a 60″ HDTV for $97. If, by some miracle, that’s a real sale, you better believe it’s going to be front and center on Walmart.com.Countermeasures — Don’t search for phrases like “best Cyber Monday deals.” Don’t go to websites you’ve never heard of.

Hack #5 — Site Swap – Ambitious scammers build entire fake sites that look shockingly similar to popular retailers.  This is a more complicated hack, and sometimes the most convincing – so pay attention.   You will almost always get to a fake site through a search engine or a mistyped URL.  But sometimes fake sites are used in combination with email hacks.  The most sophisticated versions are single pages that actually link to the real sites so the information request looks more legitimate.

If you’re not sure about a link, there are a few great resources at your disposal. Sites like getlinkinfo.org or wheredoesthislinkgo.com will show you exactly where a suspicious link goes. Still not sure? It’s probably fake. Move on. The chance of landing a great deal is not worth credit card fraud or a credit score hit. Countermeasures — Go directly to retailers’ sites, rather than through search engines. Don’t click on links from any email you can’t verify.

Sufficiently armed with countermeasures?  I hope so.  This should be a wonderful holiday season for consumers and retailers alike.  There are great deals to be had on Ultra HD sets (they’ve come down 84% from last year).  I’ve seen amazing deals on phones and tablets, to say nothing of stunning array of wearables on sales this year.  Happy Thanksgiving from all of us at shellypalmer.com – practice safe computing and enjoy the holiday.

Cyber Crime: How It Happens And How You Can Protect Yourself

From the Desk of Desk of William F. Pelgrin, Chair

An increasing number of domestic and international criminals are using the Internet for illegal purposes. Computers and other electronic devices can be used to commit crimes. This newsletter will discuss who are potential  targets, the nature of computer and cyber crime, and what you can do to be safe.

Why are you a target?
Information, whether personal or business related, is becoming increasingly valuable to criminals. Where personal information, such as bank account, credit card, or social security numbers, is stored, whether on your personal computer or with a trusted third party such as a bank, retailer or government agency, a cyber criminal can attempt to steal that information which could be used for identity theft, credit card fraud or fraudulent withdrawals from a bank account, among other crimes.

How can you be attacked in a Cyber Crime?
Simply by connecting to the Internet you are making yourself a potential target of criminals. Everyday, criminals use automated tools to scan for unprotected or vulnerable computers. Criminals may target you specifically or you may be the subject of a random attack. Whether a specific target or just a random attack, there are two main ways by which your computer can be affected by cyber crime:

Your computer is used to steal your personal information: Two examples are trojans and spyware. Trojans are a form of malware masquerading as something the user may want to download or install, that may then perform hidden or unexpected actions, such as allowing external access to the computer. A Trojan may be used to install spyware such as ‘keylogging’ software, which records keystrokes including passwords and then forwards the ‘keylogged’ information to the attacker.

Your computer is used to facilitate other crimes and attacks on others: Computers can be hijacked to provide storage of illegal images or illegal downloads of music. Hijacked computers could also be used as a platform to launch attacks or commit crimes against others.

The best way to protect yourself from cyber crime is to use common sense, be prepared and take precautions.

How Can You Stay Safe?

  • Keep your operating system updated/patched. Set it to “auto update”.
  • Use anti-virus and anti-spyware software and keep them updated.
  • Do not visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Secure your transactions. Look for the “lock” icon on the browser’s status bar and be sure “https” appears in the website’s address bar before making an online purchase. The “s” stands for “secure” and indicates that the communication with the webpage is encrypted.
  • Be cautious about all communications you receive including those purported to be from “trusted entities” and be careful when clicking links contained within those messages.
  • Do not respond to any unsolicited (spam) incoming e-mails.
  • Do not open any attachments contained in suspicious emails.
  • Do not respond to an email requesting personal information or that ask you to “verify your information” or to “confirm your user-id and password.”
  • Beware of emails that threaten any dire consequences should you not “verify your information”.
  • Do not enter personal information in a pop-up screen. Providing such information may compromise your identity and increase the odds of identity theft.
  • Have separate passwords for work related and non-work related accounts.

Resources for more information:

MS-ISAC Tip — Surf Safe On The Internet
http://msisac.cisecurity.org/daily-tips/Surf-Safe-on-the-Internet.cfm

US-CERT Shopping Safely Online
www.us-cert.gov/cas/tips/ST07-001.html

National Cyber Security Alliance
staysafeonline.org/in-the-home/protect-yourself

FTC Identity Theft Site
ftc.gov/bcp/edu/microsites/idtheft/

For more monthly cyber security newsletter tips, visit: www.msisac.org/awareness/news/

The information provided in the Monthly Security Tips Newsletters is intended to increase the security awareness of an organization’s end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization’s overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.