Cyber Security News & Tips by Glenda R. Snodgrass for The Net Effect

[ View this email in your web browser ] [ Visit our archives ]

August 24, 2021

Good morning, everyone!

This week’s critical vulnerabilities:
  • SEOPress WordPress Plugin has released a patch for a critical vulnerability.
  • FortiNet is releasing a patch for FortiWeb, its web application firewall (WAF), to fix a critical bug that was disclosed prematurely. Very serious.
  • Cisco is NOT releasing a patch for their Small Business RV110W, RV130, RV130W, and RV215W Routers because they have reached end-of-life. Patching not possible, so replace it if you have one.

Patch All the Things!



Protecting Online Accounts

Last week I ran into a friend I haven’t seen in awhile, and she immediately said “I was thinking about you just the other day! My Facebook account was hacked!” and I thought to myself “Was it really hacked? Or cloned?” There’s a very big difference between the two, requiring different responses, and cloning is by far more common, yet I hear “My account was hacked” pretty often. So let’s tackle that today!

First, let’s look at the basics of protecting online accounts. Then we will look at how to respond when something looks odd.

(1) Use good, strong passwords. Longer is better – think passphrases, not passwords. Read more here.

(2) Always use two-factor authentication! (You knew I was going to say that, right?) It’s free, it’s easy to set up and easy to use. It protects your accounts from brute force attacks, spraying attacks and direct attacks using stolen credentials. It’s 24K gold protection.

(3) Many online services don’t have 2FA as an option, but they may have login alerts – any time you log in from a new device, they will send you an email with info on the login. At least this will alert you if someone has in fact compromised your account, so you know to act quickly.

(4) Go to Settings, then choose "Privacy" or "Security" (exact wording may vary) in ALL your online accounts, and turn on every option that you understand. ☺

(5) Keep track of the email address you have tied to every single online account. I can’t tell you how many times I’ve had people ask me to help them regain control of a social media account, when the problem is that they got a new email address and didn’t change that info on the social media account, killed the old email address, and now they can’t reset passwords or confirm logins on the social media account. Remember, your email account is the key to your online life.

(6) Keep track of who has the password. It’s so common for business accounts online to be compromised because a former employee used a bad password and it was never changed. Or a business gets locked out of their account because a former employee set it up and no one knows the password now, and that employee’s email account is no longer active. Get the picture? Keep track of important information!

Was your Facebook account hacked or cloned?

People tell me all the time that their Facebook account got hacked. While this certainly does happen sometimes, more often than not, their account was just cloned. What does this mean?

Typically it starts with someone sending you a FB message “your FB account has been hacked!” The person sending the message received a “friend request” from “you” only it wasn’t really you – someone created another FB account using your name, and they even stole your profile picture so it would look like you!!! Don’t panic. Your account probably wasn’t hacked; it was cloned.

Basically, someone created a fake twin for you, and sent friend requests to everyone you are already friends with, so they can establish fake online relationships. These fake accounts are used for a variety of reasons – social or political influence, marketing, spamming, fraud, you name it. Nord VPN published a really good blog post describing the problem and giving detailed instructions on how to prevent and how to respond when it does happen.

Two things to remember: If you get a friend request from someone you thought you were already friends with, go look them up in your friends list! If they are already there, report the new fake account. If someone tells you your account has been hacked, ask why they think that. If it sounds like a clone case you can report the fake twin and post a message to your friends, warning them not to “friend” the new fake.

If your account actually was hacked. If your account was really hacked, you should immediately log in (if you can -- if they haven't locked you out) and change your password. Enable 2FA if you haven't already. Make certain the email account is correct. Then look at your Activity to see what they have done on your behalf. Follow these steps from Facebook.

That's all for this week. Stay Cyber Aware!

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Talk to you again soon!

Glenda R. Snodgrass

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!

Security Awareness Training Goes Live Again!

Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Thankfully, live training is making a comeback! So wherever you and your employees may be, I can deliver a fun and informative training session in whatever format you prefer.

Contact me to schedule your employee training sessions. They're fun! ☺

TNE. Cybersecurity. Possible.

Speak with an Expert

Contact

The Net Effect, L.L.C.
Post Office Box 885
Mobile, Alabama 36601-0885 (US)
phone: (251) 433-0196
fax: (251) 433-5371
email: sales at theneteffect dot com
Secure Payment Center

The Net Effect, LLC

The Net Effect is a CMMC-AB Registered Provider OrganizationRPO

Copyright 1996-2022 The Net Effect, L.L.C. All rights reserved. Read our privacy policy