Privacy and security seems to always be on everyone’s mind today. Intuitively we are always making sure our homes are locked before we leave and that our cars when left aren’t vulnerable to any intruders. Just like our homes and cars, we keep our technological devices secure and locked with some sort of authentication, but they too have a variety of different entrances for an intruder to sneak their way in.
The most popular digital entrance into a electronic device today is through its Wifi. We have all heard of the horror stories of connecting to a wrong network in a public place and having your personal information stolen. But few people think about how their Bluetooth can be effected. Minimizing your Bluetooth usage minimizes your exposure to the vulnerabilities. Most recently, an attack called BlueBorne allows for any affected device with Bluetooth turned on to be attacked through a series of vulnerabilities. These vulnerabilities don’t stem from the Bluetooth itself but the implementation in all the of the software including Windows, Andriod, Linux and iOS. This potentially puts millions at risk.
The Blueborn attack starts by going through the process by scanning devices with Bluetooth on, it then starts probing them for information such as device type and operating system to see if they have the vulnerabilities it can latch on to. The Blueborn bug can allow hackers to take control of a device and access private information. This attack can also spread from device to device in one motion if other vulnerable Bluetooth enabled targets are nearby.
The best defense against this Bluetooth security flaw is to make sure your device system is always updated with the latest software and firmware. This make sure there are no vulnerabilities in the implementation of Bluetooth within your operating system. Bluetooth does many amazing things that seem almost magical and the benefits outweigh the calculated risk of turning it on. However when not in use it is best to make sure to keep your Bluetooth setting off and use it when you know you are in a safe and secure area.
On September 7th the consumer credit reporting giant, Equifax, announced a cyber security incident that could have potentially impacted over 143 million U.S. consumers. The company discovered the unauthorized access on July 29th of this year and believes it may have been occurring from mid- May through July 2017. The information accessed includes names, Social Security numbers, birth dates, addresses and driver’s license numbers as well as credit card numbers for over 209,000 U.S. consumers.
Now before the panic ensues, the company acted immediately to stop the intrusion and utilized the help of an independent cyber security firm to conduct an in depth forensic review to determine the impact of the breach. While Equifax reported unauthorized access to limited personal information for some U.K and Canadian residents, the company found no evidence that personal information of consumers in other countries have been impacted. There was also NO evidence of unauthorized access to core consumers or commercial credit reporting databases.
If this issue concerns you, or you think you may have been one of those consumers effected, Equifax has launched a website dedicated to informing users if their information could have been impacted. Which can be found here. On this site Equifax offers an opportunity to find out if your information was potentially hacked into as well as a chance to enroll in their TrustedID Premier, that the company is offering to every US Consumer for free for a year. This service includes 3-Bureau credit monitoring of Equifax, Experian and Transunion credit reports, copies of Equifax credit reports, the ability to lock and unlock Equifax credit reports, identity theft insurance and Internet scanning for social security numbers.
This incident is not the first of its kind and will sadly not be the last. It is important for consumers to protect themselves as much as they can when handling their personal information online. This breach is also a lesson to all businesses, no matter how big or small that their IT security is one of the most important aspects to their business and core activities. A situation like this can leave a bad stigma on your businesses reputation for the future. The CEO of Equifax stated, “Confronting cybersecurity risks is a daily fight. While we’ve made significant investments in data security, we recognize we must do more. And we will.”
You wake up and like many of us today, you immediately check your phone. Scrolling through your email you see a message in your inbox that reads “Microsoft account security alert” this email then goes on to explain how someone might have accessed your account and how they may have your password and access to personal information. The email then contains a button you can click through to “recover your account”. This email looks a little something like this.
Seems normal enough right? WRONG. This email contains an abundance of red flags that to someone not so tech savvy could fall victim to. This email is meant to be malicious and ironically while it is trying to get you worried about your information getting hacked into. It is trying to hack into your information. Let’s dive into what these red flags are so that others do not fall victims to these malicious emails.
To begin with, this email claims it is from the Microsoft team, however within the email itself we see no Microsoft branding of any kind, and is overall poorly designed. The next indicator of suspicious activity is that the email keeps mentioning a Microsoft account has been accessed, but shows a Yahoo email address. The person who received this email knew that their email address was not registered with any Microsoft account, especially being that they were a Mac only user. There was also not enough characters or asterisks that reflected any email this user had.
This is just one example of a phishing email and there are many more, some are formatted well, others are blatantly a scam, but paying close attention and really evaluating each point the email is trying to make is extremely important. Be sure to be on the lookout for other signs such as:
- You are asked to send money to cover expenses.
- The message asks for personal information.
- The message contains poor spelling and grammar.
- The email contains mismatched URL’s.
- The offer of the email seems too good to be true.
Finally, if something in that email just does not seem right to you, there is most likely a reason why and immediately. If an email looks suspicious and catches you off guard or does not relate to any recent activity you have done online, it is best to not act upon that email and flag it as spam and delete the email immediately. Clicking through could cause major issues to your computer system or others if it happens in your workplace. Be sure to always be attentive, be curious and ask questions and stay protected!