By Dan Ogle
IT Security Advice from one of our own Experts!!
Ever found out that your email or social media account has been “hacked”? Or that your account security has been compromised? It happens more often than most users realize. While some of these alerts are legitimate, more often an alert like this can be a scam that, if fallen for, can lead to much bigger problems. Why are these scams so prevalent in today’s modern technological age? The answer is simple. Because they work. Phishing emails and spam messages are the easiest ways for bad actors to compromise a user’s account security and personal information.
But how did they find you?
The most likely answer to this question is that your email account, along with several hundred million others, was victim to a data breach. We use our email address for virtually everything we use on the Internet, not just email. We use it to sign up for mobile apps and games on our smart phones, social media, streaming services, software on our computers, warranty registrations, free-trials, online shopping, the list goes on. The illusion that most users believe inherently is that when they put their email address into these various platforms, that’s the last stop for that information. Actually, that information is stored into databases associated with that platform, along with whatever other account information is needed to gain access to it. First name, last name, address, phone number, password, etc.. Most of the time, these databases are managed by third-parties and, if not properly secured, can fall victim to cyber threats that result in their database being breached. Once breached, the information stored on that database can be published, bought, sold, traded, and exploited through a variety of sources; most notably, the Dark Web.
Why would someone do this? What is their goal?
What they are after may not be what you would expect. The main goal of these database breaches is to sell the information captured to other parties. These other parties have their own ideas about how to use your information for greater gains. Identity theft, ransomware, corporate espionage, and . . . marketing.
That’s right, marketing. Your information can be used against you to manipulate what you see on your day-to-day internet browsing activities, what you receive in the mail, advertisements on websites and streaming services, the list goes on. All of this done in an effort to influence what consumer goods you buy and who you buy from.
This information can also be used to trick you into downloading something onto your computer or smart device that compromises even more of your data and personal information for further gain. More on that in the next article.
So what can you do to better protect yourself from this ever-growing threat on the digital landscape? First, check to see if your email account was ever discovered in a data breach. There are many different ways to do this, but my preferred way is to use the popular website haveibeenpwned.com <link>. It is both free and simple to use. After plugging in your email address, it will provide you with a list of confirmed data breaches and the timeframe which the breach occurred where not only your email address was leaked, but any information attached to your email address within the database that was breached. Information such as passwords, nicknames, address books, geographic locations, etc. will be noted in the report.
Now, before you get into a panic, please understand this very clearly. If your email account was discovered to be a victim of a data breach, it does not mean you are up a certain creek without a paddle. In fact, take a moment to breathe a sigh of relief, because now you are aware of the situation which puts you in a significantly much better position than literally billions of users who have no idea that this could happen, has happened, is happening, or will happen to them. It can also and probably will happen again to you, but there are things you can do that I will discuss now which will help put your mind at ease for any past, present, or future occurrences.
First, change your email account password, especially if you have not changed it since the last reported data breach your email account was found in. At a minimum, your new password should be 14-characters long with at least two Uppercase, two lowercase, two numbers, and two character symbols. If you decided to use a shorter password, use no less than 8 characters with the same rules as before and ALSO enable two-factor or multi-factor authentication (also known as 2FA or MFA) on your email account.
Second, change your passwords to any account that is listed clearly in the data breach report. Use the same rules as listed for your email account, but, and I cannot stress the importance of this enough, MAKE IT A DIFFERENT PASSWORD THAN YOUR EMAIL ACCOUNT! Many users use the same password for their computer login, email account, social media, streaming account, bank accounts . . . . this is bad. Because if just one password was leaked in the data breach reported, guess what? They now have the password for ALL of your accounts with that same email address and password. Also check to see if 2FA/MFA can be enabled on those accounts for extra security.
Third, stop saving your passwords in your browser. There are several free and affordable password management platforms and applications out there that can also be added as extensions to your browser and are much safer than saving directly to the browser. I know, it makes logging in easier and you don’t have to remember every password, blah blah blah. But did you know it takes less than 5 seconds for someone with access to your browser to export all of those passwords? Yeah, that quick. Use a password management application on your computer or mobile device instead. Set it up with a DIFFERENT password than any of your other accounts as well as 2FA/MFA if possible.
While this can be a lot to process all at once, it is important to be aware of these kinds of threats and how to help protect yourself against them. Having a team that works with you can significantly help to keep you, your family, or your business prepared, protected, and secured. Have questions or need help? Give us a call! We would love to chat with you.
Dan Ogle
IT Security Specialist
Panacea Solutions, LLC
920-289-4230