from the Aware Force Cybersecurity Team
Keeping you safer as you work online
Earlier this month, a hacker posted a massive list of stolen usernames and passwords on the dark web.
What happens when a password is posted for sale online?
According to the cybersecurity company Agari, crooks act quickly to use stolen passwords, particularly when stolen passwords are for an employee's Office365, Dropbox or Docusign account.
To listen, click on the arrows below.
Sr Director of Threat Research
1: How quickly do crooks begin using a stolen password after it's posted for sale online? Fast!
2: Cybercrooks frequently use one method to trick unsuspecting employees.
3: Examples of the most common types of fake phishing emails that arise from stolen passwords.
1: Think first: do you really need to set up an account that requires personal information or a password? For example, when you're making an online purchase, check out as a guest rather than signing up for an account.
2: Visit the website haveibeenpwned.com to see if your username, email address or one of your passwords has been stolen. Then, change your password on any online accounts that show up on the list. The FBI is now cooperating with this website to help keep it current.
3: Consider purchasing password management software for your personal devices. This will handle the chore of creating and maintaining passwords for you. PC Magazine says reliable brands of password management software available to buy online and install on your computer, tablet and phone include Keeper, LastPass, Dashlane, and 1Password.
> If you have an Amazon Echo, Ring doorbell, or Alexa device, you are likely sharing a small slice of your internet connection with your neighbors. Amazon's new system called “Sidewalk” is designed to keep those devices functioning even if a home’s wi-fi network goes down by connecting to your neighbors'. Amazon promises Sidewalk does not put any users at risk. But ArsTechnica says users must change the “preferences” settings on the apps of their Amazon devices to opt-out of Sidewalk.
> Hackers got access to computers at Bose Electronics and stole employee compensation information and home addresses. While little has been disclosed about this breach, ZDNet reminds us that employees should never post backup copies of work-related spreadsheets to their personal online accounts.
> The most widely used parking app in North America, ParkMobile, has been breached, exposing email addresses, phone numbers, and license plate numbers of potentially 13 million users, according to security expert Brian Krebs.
> Dangerous software even makes it into official app stores. The Washington Post says 2% of the 1,000 best-selling titles on Apple’s App Store are scams. Before downloading an app that is not well-known, check user feedback and look for a pattern of negative reviews.
Consumers are increasingly concerned about how personal information they unwittingly provide online is being used, so Google, Facebook, and Apple are beginning to change their privacy policies.
But you still need to take an active role in protecting your personal information. Here are some steps you can take.
Click on the image to download and view this document.
The Aware Force Cybersecurity Team is dedicated to keeping you and your family safe online. If you think you've clicked on a phishing email, an urgent text message, or received a suspicious voice mail, alert your supervisor right away so we can check it out.
My elderly mother-in-law is constantly a target for hackers. We live over 200 miles away and want to help! Is there any software available that will allow us to access her computer to prevent her from being scammed?
Yes, but you'll need to set aside time (probably an entire afternoon) and summon up your patience! It's hard enough doing this kind of work in person.
First, understand what you're trying to accomplish. Do you need to rid her machine of bad software? Block spam emails? Install anti-virus software? Do a web search for advice before you begin working on her machine.
Next, make sure you know the kind of computer and operating system you both use. That will determine how you access her machine from afar. (This process is much easier if you both use the same operating system.) Windows 10 has built in software you can use to access her PC called "Quick Assist." Earlier versions of Windows use "Windows Remote Assistance." FaceTime allows a Mac user to access another's Mac. For Chrome, it's "Chrome Remote Desktop." You can also purchase software designed for this purpose such as GoToMyPC, TeamViewer, SplashTop, and ZoHo Assist. Some offer free or trial versions.
The most important step is education. Your mother-in-law should feel comfortable contacting you before responding to urgent emails, texts or phone calls, no matter how credible the messages seem to be.
A caller who was very convincing told me I was being offered a high-paying job based on my experience. He required me to email him a copy of my driver's license (front and back) and include my social security number. There was no job. I feel stupid, but I did it. Now, what do I do?
Scammers often get information about your work history from LinkedIn. Then they entice you with a job offer, when all they really want is your personal information. You are one of many who fall for this trick. Your next step: visit all three credit bureaus online and freeze your credit. It's free and won't affect your credit score. That move will prevent crooks from opening accounts in your name.
Equifax | www.equifax.com
Experian | www.experian.com
TransUnion | www.transunion.com
Aware Force Cybersecurity News • June 2021 b • Edition #122
Cyber cartoon © 2021 cartooncollections.com
Original content © 2021 Aware Force LLC
Aware Force is a registered trademark