6 Ways to Make Your Family Harder to Hack 2018

Hacking

While there are a thousand resolution-worthy action items out there, the time is always now for the things that need to change in our lives. Never were truer words spoken when it comes to our potential vulnerability to hackers.

The number of breaches and the granular nature of the data exposed in those attacks over the past year are both unprecedented. The Equifax breach alone included everything (and then some) that a scammer needs in order to buy a house or a car, pay for college or medical procedures, steal a tax refund or any other transaction.

But that’s not the only reason you should be on high alert. Technology is the friend of the hacker. Cybercriminals make a living being up-to-date on the latest security protocols and protections. They are also the most common spur for innovation, discovering the latest “eureka” moment in cybersecurity while reverse-engineering existing ones to steal data.

Side by side with the general threat is a “pre-set” attitude prevalent among consumers. Breaches and the identity theft that flows from them have become the third certainty in life, right behind death and taxes. The attitude tends to be, “There’s nothing I can do about it,” or “If it happens, it happens.”

I get it. I own a company that among other things, helps consumers resolve the fallout of identity theft. But working on the front lines of what amounts to a war of attrition against the bad guys, I can tell you that consumers can, and should, be doing more.

Here are my suggestions: 

  1. Avoid Account Takeover with Better Password Tactics

According to a recent survey, more than 80% of people 18 and older re-use the same password across multiple accounts—a practice called daisy-chaining.

Here’s the scary part: You will almost certainly be able to guess the most popular password used by consumers in 2016. (It was “123456.”) Consider, there are affordable machines on the market today that can hit a website’s authentication system with billions of passwords per second. “Password” isn’t going to do much in the way of keeping you from getting got.

Even if your personal email address hasn’t been exposed in a data breach—you can check on Haveibeenpwned.com—you need to take extra precautions.

Here’s why: If a scammer gets control of your personal email, they can commandeer many, if not all, of your accounts—retail, financial and beyond. For this reason, whenever possible, do not use your name or email address for login purposes. Rather, treat it like another password (but bear in mind, many sites will not allow you to do this).

If that seems like a hassle (remember, security and convenience aren’t always compatible) there’s an automated solution offered by a start-up called Joinesty that offers a Chrome extension that randomizes the email addresses used for login on various accounts thereby rendering your personal email address useless to a hacker.

  1. Use 2-Factor Authentication

Do you use 2-factor authentication on all your accounts that offer it? It’s a relatively seamless process whereby every account login requires both a password and a six-digit code that is emailed or sent to your smartphone via SMS.

It is not failsafe. If a criminal has control of your personal email account or possession of your phone—and your password—they can beat 2-factor authentication. That said, you are a much less attractive a target—the predator equivalent of a spiny hedgehog waddling down the road with an excessively plump piglet. Which one would you rather be? 

  1. Turn Off Location Services, and Don’t Overshare

Remember the bumbling duo in the holiday classic “Home Alone?” It used to be that burglars cased a neighborhood. With oversharing on social media, including location data posted in photographs that permit geotagging technology and-or volunteered by way of preference settings, we are constantly “casing” ourselves for the would-be thief.

An added layer of complication here is that even if your social sharing doesn’t include location data, other members of your family might be sharing it. Remember, you are only as secure as your most insecure family member.

The conversation about cybersecurity should be ongoing with those closest to you, because increasingly we’re all connected in ways that can get people robbed. 

  1. Have Nothing to Ransom

Ransomware is going to continue to plague consumers in 2018.

Ransomware is a form of malware that occupies a victim’s computer and then encrypts every file on its hard drive. There are few things scarier than a ransomware attack, especially when the victim has no idea what just happened.

First rule of thumb: never make a payment to get files back (or stop someone from sharing embarrassing files—another prevalent scam). Contact a resolution expert first.

Second rule: Back up your files daily.

If you want to be one-hundred percent unaffected by ransomware, back up your hard drive on an encrypted, long-and-strong password-protected external drive and store a mirror backup on a cloud server. Then when your would-be extortionist demands cryptocurrency (which if you own any, should also be stored on an external wallet), you can say: “No,” and go on with your day.

  1. Enroll in Transaction Alerts and Identity Monitoring

There is no better way to calm fears of account takeover than transaction alerts. All banks and credit card companies offer them for free. They make fraud a momentary crisis that’s easily contained, since the moment a fraudulent charge occurs, or a scammer attempts to open a new line of credit, the consumer is notified.

Think of it as an under-age keg party that gets shut down by the police—a quick burst of annoying nothing, and then everything is back to normal.

There is an added benefit to transaction alerts: Every charge you make pops up on your phone or in your email, detailing the purchase, which can help you curb spending since there is a constant—albeit instant—reminder of how much money is going to be due at the end of your billing period.

  1. Practice the 3 Ms

  1. Minimize your exposure. Don’t authenticate yourself to anyone unless you are in control of the interaction, don’t over-share on social media, be a good steward of your passwords, safeguard any documents that can be used to hijack your identity, and freeze your credit.
  1. Monitor your accounts. Check your credit report religiously, keep track of your credit score, review major accounts daily if possible. (You can check two of your credit scores for free every month on Credit.com.) If you prefer a more laidback approach, see No. 5 above.
  1. Manage the damage. Make sure you get on top of any incursion into your identity quickly and/or enroll in a program where professionals help you navigate and resolve identity compromises–oftentimes available for free, or at minimal cost, through insurance companies, financial services institutions and employers.

The New Year offers the opportunity to turn a now-old threat into new peace of mind.

The dangers out there are manifold, but if you are prepared, even the worst attacks are survivable. The above suggestions aren’t resolutions. They are common sense. At their best, New Year’s resolutions are an arbitrary deadline to change your habits in one way or another. When it comes to hack-proofing your life, were way past midnight.

 

If you’re concerned about your credit, you can check your three credit reports for free once a year. To track your credit more regularly, Credit.com’s free Credit Report Card is an easy-to-understand breakdown of your credit report information that uses letter grades—plus you get two free credit scores updated each month.

You can also carry on the conversation on our social media platforms. Like and follow us on Facebook and leave us a tweet on Twitter.

 

Image: iStock

The post 6 Ways to Make Your Family Harder to Hack 2018 appeared first on Credit.com.

Ransomware Is a Real Threat (Even to You, Apple Users)

ransomware

Maybe the thought actually occurred to you that something was “phishy” about that link, but that’s so 30 seconds ago. You clicked and now your computer screen is locked. Behind that frozen screen lie your personal files — everything from photos to tax documents — all of it encrypted by a third party that promises to return access for a ransom, which is usually between $200 and $5,000, according to the FBI.

Encryption can be a tool for good and evil. It’s the safest way for an enterprise to keep information safe from prying eyes and sticky fingers, but unfortunately it’s relatively easy for a hacker — and not even a very clever one — to use it to force an ugly situation: your files are encrypted and can only be unlocked by the thief.

A recent newsworthy item takes its lead from the popular “Saw” horror series. If you get hit with this one, Billy the Puppet from the franchise pops up on your screen with the message: “I want to play a game with you.”

Think that invitation from Billy the Puppet sounds fun? Before you go looking for the jigsaw ransomware, also known as BitcoinBlackmailer.exe, let me assure you that it’s not. There are different versions, but they all say pretty much the same thing: “Your computer files have been encrypted. Your photos, videos, documents, etc….But, don’t worry! I have not deleted them, yet. You have 24 hours to pay 150 USD in Bitcoins to get the decryption key. Every hour, files will be deleted. Increasing in amount every time. After 72 hours all that are left will be deleted.”

If you get the jigsaw ransomware, don’t panic. As ZDNet (my source for the above script) points out, a company named Forcenet already solved the problem with simple reverse-engineering. According to those at Forcenet, “A genius malware author this is not, the use of C#/.NET makes it trivial to reverse engineer and analyse.”

Not Just an Inconvenience & Not Just a PC Problem

The point here is not whether or not a particular ransomware poses an extinction-level threat. Ransomware attacks are on the rise. According to Symantec’s 2016 Internet Security Threat Report, “crypto-style ransomware grew 35% in 2015.” In this report, Symantec warns that this often profitable approach, while adept at ensnaring PC users and branching out through network-connected devices, is increasingly targeting, “smartphones, Mac and Linux systems.”

In plain English: ransomware is a danger for anyone using a network-connected device. A former NSA employee recently released a tool for Mac users called RansomWhere, which detects when files are being encrypted on an Apple device and allows the user to stop it. That’s notable because, until now, most Apple users have been relatively unscathed by ransomware.

How People Are Affected by Ransomware

While many ransomware attacks are fixable, they can be embarrassing. A number of the links that get people “got” involve sites you wouldn’t want your mother — or spouse, or child — to think were part of your regular Internet diet, or sites that would suggest you’re about to go into personal bankruptcy. Ransomware crooks use various hot-button clickbait to lure victims.

But do you know what’s worse than being embarrassed by a public airing of what piques your curiosity? A lot of things are, but when it comes to ransomware, at the top of the list has to be the increasing risk for more serious kinds of fallout as hospitals are being more frequently targeted by this form of attack.

In February, Hollywood Presbyterian Medical Center was hit by ransomware. The incident got a great deal of attention because instead of risking patients’ lives, the hospital decided to pay the ransom, which was about $17,000 — or 40 bitcoins. Another hospital was hit in Kentucky, but they only had to pay a ransom of 4 bitcoins, according to internet security reporter Brian Krebs. MedStar Health was also a victim of ransomware, with employees reporting, “a pop-up on their computer screens stating that they had been infected by a virus and asking for ransom.” MedStar owns 10 hospitals and 250 out-patient facilities in Maryland and D.C.

TrendMicro, a company that focuses on internet content security software and cloud computing security, recently predicted “2016 will be the year of online extortion.” If ever there was a time to be careful out there, it was last year. And the year before that, and the one before that, too, but also: tomorrow. Tomorrow is still really not the sort of thing that’s conducive to a good night’s sleep, because the underlying message here is that you are going to get got. Being informed is your best defense.

This story is an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.

More on Identity Theft:

Image: iStock

The post Ransomware Is a Real Threat (Even to You, Apple Users) appeared first on Credit.com.

For Mac Users, The Security Bubble Has Burst

Apple’s Mac operating systems are known for their resistance to malware, viruses, hackers and ransomware, which is one reason many people opt for Mac computers.

Still, they’re not invincible, and as a security company recently reported, Mac users should be aware of potential threats. Researchers at Palo Alto Networks reported finding “the first fully functional ransomware seen on the OS X platform,” according to a March 6 post on their site.

What Is Ransomware?

Ransomware is what it sounds like: Cyber criminals infiltrate your computer and hold it (or more specifically, its data) hostage. They demand you pay them if you ever want your files back. They often want payment in digital currency like Bitcoin, because these transactions are difficult to trace — and it’s a hassle for the victim to acquire and transfer.

Apple did not immediately respond to request for comment on the reported attack. However, Palo Alto said in its blog post that, after it reported the occurrence to Apple, the Mac maker shut down the infiltration and updated its anti-virus system.

How to Protect Yourself

Ransomware attacks can be particularly stressful for consumers if the stolen data includes personal information, work data or irreplaceable files (think photos). Not only is this a case to back up your hard drive, it’s also a reminder that you may want to install anti-virus software or malware protection on your computer, no matter how secure you think it is.

Guarding your personal information is no joke. Losing your sensitive information to a criminal puts you at risk for identity theft. It can take a lot of time and money to recover from identity theft, not to mention the credit damage you might suffer. On top of that, if someone gets access to your Social Security number, the risk of fraud never goes away, because the Social Security Administration rarely changes numbers.

Protecting your devices goes hand-in-hand with habits like reviewing your financial accounts for unauthorized activity and monitoring your credit for signs of fraud. (You can see a free summary of your credit report, updated each month, on Credit.com.)

Taking steps to prevent cyberattacks is important, but so is having a plan for how to deal with one if it happens. Ideally, such planning will make the incident less stressful and less costly. You can report cyber crime to the Federal Bureau of Investigation and go here to learn what to do if you are a victim of identity theft.

More on Identity Theft:

Image: jrwasserman

The post For Mac Users, The Security Bubble Has Burst appeared first on Credit.com.