Tag: Passwords

Categories
Casserly Consulting Blog

Don’t Be Fooled When Scammers Threaten to Spill a Dirty Little Secret

dirty_little_secret_400.jpg

What would you do if a stranger claimed to have compromising webcam footage of you and threatened to share it with your contacts? A new, very convincing email scam is making some users very nervous.

The Sextortion Scam
It’s as screwed up as it sounds. A scammer emails you saying that they got access to your passwords, and then started to run amok to see how much trouble they could get you into. They even show you one of your passwords to prove it (the password will likely come from lists found on the dark web from online businesses and services that have been hacked and stolen over the years). Then the scammer admits they’ve been watching what you do on your computer and recording your webcam, and they happened to catch you at a very inopportune time… Well, let’s let the email explain it for us. 

“You don’t know me and you’re thinking why you received this email, right?

Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.

What exactly did I do?

I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).

What should you do?

Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).”

The reader is then given the address to a Bitcoin wallet, where they are to send the ransom.

The email continues:

“Important:

You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately [sic]. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.”

This email comes in a few different versions in the wild, but all of them follow the same pattern and end with the same threat… fork over the cash, or everyone will see you in your most private moments.

Is This a Serious Threat?
This is a very real concern for many people, who will be relieved to hear that, no, there is no indication that these threats are for real. The first clue is the fact that the passwords that the email provides are usually a decade old, indicating that they came from some (relatively) ancient database from some long-forgotten hack.

However, in some ways, this is even worse news, because this threat has made a tidy sum of money: as of the 31st of July, the scam had brought in $250,000, as compared to just over $50,000 by the 19th. Clearly, this scam has been plenty effective for the perpetrators, and this won’t deter others from following its example.

Keeping Yourself Safe from an Actual Attack
Granted, this attack is just an unfair wager, but scams like this are more than possible for a criminal who actually means what they say/threaten. As a result, the security lessons we can take away from this particular attack still apply.

The first thing to remember is also the first rule of passwords – change them frequently. Again, this scam has made quite a bit of money based on a total bluff… a bluff that, paid in increments of $1,400, was worth $250,000 and counting. From this, we can infer that quite a few people who received this message had online activities that they wanted to hide, and more critically, that their passwords had remained the same for all those years.

This is an excellent example of why it is so crucial to regularly update your passwords, without repeating them – if an old database is hacked, as happened here, you won’t have to worry if your password is revealed – it won’t be any good anymore.

The second thing to remember? If you aren’t actively using your webcam, keep its lense covered up.

For more best practices to follow, including those that will improve your business’ security, make sure you keep checking back to this blog – and if you want to take more action, reach out to us at PHONENUMBER.

Categories
Casserly Consulting Blog

ALERT: Change Your Twitter Password, Says Twitter

Alert_Blog_400.jpg

Twitter is recommending that all 336 million users change their passwords as soon as possible due to the discovery of an internal security flaw. While the issue has been fixed and no data breach seems to have taken place, Twitter is clearly taking this situation seriously.

On Thursday, May 3, it came to light that there was an internal log upon which an undisclosed number of account passwords were recorded without any protection. As a result, this unknown amount of passwords can no longer be considered secure, even though there is no apparent evidence that any data breach has occurred.

Twitter uses a process called hashing to protect their passwords, as many companies do. However, a bug created a log of passwords before they were hashed, leaving them fully legible. This bug has since been resolved.

In response to this situation, Twitter is being proactive and recommending that all of its users change their passwords, just in case. To do so, log in to your account in your browser, access Settings and privacy, and from there, Password. It is also a good idea to enable two-factor authentication by accessing Settings and privacy, clicking into Account. Once there, click on the “Set up login verification” button and follow the instructions. You will find yourself on a Login verification screen, where you can activate the means to generate another authentication code.

While disaster seems to be averted this time, you should not hesitate to change your password as soon as possible, and makes sure that all of your online accounts have strong passwords in place. For more information about keeping your identity safe online, call the IT professionals at COMPANYNAME at PHONENUMBER.

 

Categories
Casserly Consulting Blog

3 Ways Your Business Can Prioritize Data Security

data_security_switch400.jpg

In the wake of the Equifax data breach, which placed the personal information of 143 million users at risk, the issue of data security is at the forefront of social consciousness. Your organization needs to go about its daily business as if it will experience a data breach at any given moment. This involves looking at the worst-case scenario, and planning for it so that you’re never caught unaware.

Here are three preventative measures that you can take to secure your business.

Use Strong Passwords and Two-Factor Authentication
Passwords are often the only thing standing between your online accounts and your personal data. Think about it; a string of maybe 8-to-10 characters is the only thing keeping your sensitive information secure. Doesn’t it make sense to make this password as complex and difficult to crack as possible? You would think so, but a surprising number of folks still use the word “password” as their password. You should be using both upper and lower-case letters, numbers, and symbols, formed into a seemingly random string of characters. Doing so keeps hackers from guessing your password and accessing an account.

Secure Your Network with Unified Threat Management
Network security depends on both internal and external measures, which include network-attached security devices like a Unified Threat Management (UTM) tool. A UTM consists of an enterprise-level firewall, antivirus, spam blocker, and content filter, all to keep threats from taking root on your network in the first place. Furthermore, you’ll be able to react to issues that become prevalent before too much damage is done, which is a valuable opportunity in its own right.

Educate Your Users on Best Practices
Your employees access important information on a day-to-day basis, and they are often in contact with more threats than you’d like them to be. Something as simple as a spam message in the wrong inbox or a carefully disguised link could be all it takes to expose your business to dangerous situations. Take the time to teach your employees how to identify potentially dangerous scenarios, like phishing phone calls and sketchy emails or attachments. Often times, you’ll stop attacks from taking off simply by keeping your employees informed.

By using these three methods to secure your organization, you’ll be less likely to suffer from a data breach. To learn more about network security and other ways to keep yourself secure, subscribe to our blog, and call our IT professionals at PHONENUMBER.

Categories
Security

Helpful Suggestions to Improve Password Security

b2ap3_thumbnail_password_security_400.jpg Passwords are important for any online account (and for most accounts in general). Sometimes they might feel like inconveniences, but it’s crucial to remember that these passwords are often the first line of defense, if not the only line of defense, that stands between your data and hackers. We’ll discuss ways that you can augment password security with other powerful measures.

There are two major ways that you can improve password security; two-factor authentication and password managers.

Two-Factor Authentication
2FA provides organizations and users with secondary credentials that can protect their network or online accounts. This type of protection can come in the form of an SMS message, a phone call, or an email sending you a secondary credential. You then enter this code into the app or service, and since you know without a doubt that only you could have access to this code, you can practically guarantee that you’re the only one accessing your account.

Basically, the biggest way this helps your organization is by making it as hard as possible for hackers to infiltrate your network and company accounts. When you involve devices like smartphones with two-factor authentication, you make it much more difficult for hackers, as they would need access to two different devices rather than just one. Reach out to COMPANYNAME and ask us about our two-factor authentication solutions.

Password Managers
A good password is often long and complex, consisting of several different types of characters, numbers, and letters. As you might expect, these types of passwords are rather difficult to remember. Plus, since you can’t (or shouldn’t) use the same password for multiple accounts, you can easily use the password for another account on accident, eventually leading to an account lockout. This is both frustrating and unnecessary. Alternatively, you can keep track of your passwords using a password manager, allowing you to use complex passwords without any problems.

An enterprise-level password manager from COMPANYNAME can allow your organization to take advantage of complex passwords. Your passwords are stored in a secure encrypted database that shields them from hackers. Furthermore, you only pull the passwords as they are needed. There’s no better way to take advantage of complex passwords, as the password manager will keep track of multiple account credentials without you having to remember them.

COMPANYNAME can help your business with all of its password managing needs. To learn more, reach out to us at PHONENUMBER.