August 24, 2021
Good morning, everyone!
This week’s critical vulnerabilities:
Patch All the Things!
Protecting Online Accounts
Last week I ran into a friend I haven’t seen in awhile, and she immediately said “I was thinking about you just the other day! My Facebook account was hacked!” and I thought to myself “Was it really hacked? Or cloned?” There’s a very big difference between the two, requiring different responses, and cloning is by far more common, yet I hear “My account was hacked” pretty often. So let’s tackle that today!
First, let’s look at the basics of protecting online accounts. Then we will look at how to respond when something looks odd.
(1) Use good, strong passwords. Longer is better – think passphrases, not passwords. Read more here.
(2) Always use two-factor authentication! (You knew I was going to say that, right?) It’s free, it’s easy to set up and easy to use. It protects your accounts from brute force attacks, spraying attacks and direct attacks using stolen credentials. It’s 24K gold protection.
(3) Many online services don’t have 2FA as an option, but they may have login alerts – any time you log in from a new device, they will send you an email with info on the login. At least this will alert you if someone has in fact compromised your account, so you know to act quickly.
(4) Go to Settings, then choose "Privacy" or "Security" (exact wording may vary) in ALL your online accounts, and turn on every option that you understand. ☺
(5) Keep track of the email address you have tied to every single online account. I can’t tell you how many times I’ve had people ask me to help them regain control of a social media account, when the problem is that they got a new email address and didn’t change that info on the social media account, killed the old email address, and now they can’t reset passwords or confirm logins on the social media account. Remember, your email account is the key to your online life.
(6) Keep track of who has the password. It’s so common for business accounts online to be compromised because a former employee used a bad password and it was never changed. Or a business gets locked out of their account because a former employee set it up and no one knows the password now, and that employee’s email account is no longer active. Get the picture? Keep track of important information!
Was your Facebook account hacked or cloned?
People tell me all the time that their Facebook account got hacked. While this certainly does happen sometimes, more often than not, their account was just cloned. What does this mean?
Typically it starts with someone sending you a FB message “your FB account has been hacked!” The person sending the message received a “friend request” from “you” only it wasn’t really you – someone created another FB account using your name, and they even stole your profile picture so it would look like you!!! Don’t panic. Your account probably wasn’t hacked; it was cloned.
Basically, someone created a fake twin for you, and sent friend requests to everyone you are already friends with, so they can establish fake online relationships. These fake accounts are used for a variety of reasons – social or political influence, marketing, spamming, fraud, you name it. Nord VPN published a really good blog post describing the problem and giving detailed instructions on how to prevent and how to respond when it does happen.
Two things to remember: If you get a friend request from someone you thought you were already friends with, go look them up in your friends list! If they are already there, report the new fake account. If someone tells you your account has been hacked, ask why they think that. If it sounds like a clone case you can report the fake twin and post a message to your friends, warning them not to “friend” the new fake.
If your account actually was hacked. If your account was really hacked, you should immediately log in (if you can -- if they haven't locked you out) and change your password. Enable 2FA if you haven't already. Make certain the email account is correct. Then look at your Activity to see what they have done on your behalf. Follow these steps from Facebook.
That's all for this week. Stay Cyber Aware!
Talk to you again soon!
Security Awareness Training Goes Live Again!
Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Thankfully, live training is making a comeback! So wherever you and your employees may be, I can deliver a fun and informative training session in whatever format you prefer.
Contact me to schedule your employee training sessions. They're fun! ☺