Cell Number Security

cyber-crime

Digital privacy goes hand-in-hand with digital security … and there’s an increasingly-used piece of information which you control which the bad guys are after … it’s your cell phone number. More and more they are being used by the bad guys as a way to personal information that’s kept by nearly all corporations, financial institutions, and, yes, social media networks.

Your cell phone number is a gateway to your identity. It provides an entrance to all the data contained on your phone, and can connect your other information to you – your email address, physical address—everything. In a company’s database, your phone number becomes another piece of personally identifying data. But unlike our Social Security numbers, the number is not regulated, and no companies are mandated to keep it private.

Mobile phone numbers them become a target for attackers. Most of us have gotten wise to phishing and email breaches. Now there is SMiShing (pronounced “smishing”) … the act of sending a text message containing questionable links to harmful websites. Once the bad guys get your credentials, they can log into your banking site as you. Then, we all know what can be done: Monies transferred. Checks written. Stocks sold.

Even seemingly innocuous requests like the one from a sales clerk can lead to trouble. The fact that they now have it means it could be hacked. Customer phone numbers have been stolen from Anthem, Citigroup, JPMorgan Chase, Walgreens, and Yahoo.  

What you can do: 

  1. Use common sense: If you’re asked for your phone number, ask why.
  2. Get a virtual phone number: Google Voice gives you a free phone number for calling, text messaging, and voicemail. It works on smartphones and computers, and syncs across your devices so you can use the app while on the go or at home. Check out https://voice.google.com
  3. Enable two-factor or multi-factor authentication on all your devices:
  4. Sign up for the “do not call” lists, which are helpful for run-of-the-mill solicitations.
  5. Choose which private data you are willing to share: Maybe an email address, zip code or just your name as a way to identify you. It’s worth asking about with the person asking for data.

Steganography 101

images

Steganography is the practice of hiding secret messages in otherwise non-secret mediums. It has been used in various ways for years – writing Revolutionary War messages in invisible ink, as an example. In the digital world, even something as benign as an image may be stealthily encoded with information. As an example, the pixel values, brightness, and filter settings can be manipulated by a hacker using a secret code to embed a message.

Through this technique hackers are deceiving internet users and smuggling malicious payloads past security scanners and firewalls. Steganography’s goal is to hide the fact that the content exists at all by embedding it in something else. The hidden code can then be used in all sorts of malicious attacks.

Various reports indicate that steganography is being used more than ever … although it is possible that the good guys are just getting better at detecting it. Steganography is being detected not only in sophisticated hacks, but in the attacks of low-level cyber criminals as well: malvertising; phishing; and malware distribution. This may be in part to the sale of steganographic instructions, allowing the technique to trickle down to the bad guys who may not have thought of a particular attack.

For individuals and small businesses, the way to protect yourself from steganographic attacks is to continuously work on security overall. Whether a phishing or a malvertising attack incorporates steganography or not, it still requires you to click on a link or download a file. If you’re aware of these types of attacks, looking out for them, and securing your accounts with protections like two-factor authentication, you’ll reduce your risk and have defenses in place if you are attacked.

Overwhelming, isn’t it? The Network Division at 2-Way communications can help. We’ll provide you with the integrated Security Awareness Training and Simulated Phishing platform used by more than 8,000 customers nation-wide. Contact The Network Division for more information or to set an appointment today. Give them a call (603-431-6288) or send an email to NetworkSolutions@2-Way.biz.

New Ransomware in the wild

images

It should be obvious to all that hackers and cybercriminals are becoming more innovative and stealthy seemingly every day. New forms of cybercrime are regularly discovered, and, no surprise here, the cyber criminal’s techniques are more clandestine, coming with a myriad of attack vectors with low detection rates.
I read an article in The Hacker News regarding a new fileless ransomware with code injection ability. The article went into detail about the ransomware and how it infected enterprise servers and endpoints. The most important part of the article for me, though, was the section entitled “Ways to Protect Against Ransomware Attacks”. The entire article is here.
The three most important items on the list of to-dos for the SMB owner, or town admin organization were:

1. Keeping your system and network up-to-date.
2. Backing up your data regularly.
3. Adopting a cyber security-aware workforce.

If you haven’t gotten started on this yet, or have but feel you could protect yourself better with professional help, call the Network Division at 2-Way Communications Services (800-441-6288 x1746). Their remote manages services and security awareness training will help keep your organization’s network safe.

A Unique Password for Every Website

More than once we’ve heard (loginand read) from security experts about website passwords: keep them long; keep them strong; keep them unique. The first two are not much of a challenge, the third may be. It’s not uncommon to visit and use dozens of websites, some of us may get up into the hundreds. The questions becomes, then, how to generate long, strong, unique passwords for each site, and be able to recall them when needed. And without referring to a post-it  or electronic file, please.

Here’s a method that’s used by a few of us here at 2-Way that’s proven to provide strong passwords that are easy to recall. It’s based simply on the website name, three years, and three special characters. Here’s how it works:

Three of my favorite historical figures were born in 1473, 1564, and 1643. My three special characters (in alphabetical order) are the ampersand, dollar sign, and exclamation point. Finally, HP is the manufacturer of computer hardware I use. If H-P is thought of as a range of the alphabet, all of the above falls into a grid …

A – G H – P Q – Z
1473 1564 1643
& $ !
WX XY YZ

 

To create a password for Amazon, as example, I select the first and last two letters of the website name

am   on

Since the leading character is a, the four digits I choose are 1473 (from the A-G column). My password then is

am14on73

I let the last letter of the website name determine the special character. Since n falls into the range of H – P, I use (from the H – P column) the $, giving

am14$on73

Needing uppercase letters, I go one box to the right of the special character and drop down one. If your four alpha-characters can be represented by wxyz, having YZ capitalized means my password now is

am14$ON73

Done. Similarly, a password for Google would be gO14&Le73, WordPress gives WO16!ss43, and a password for Motorola becomes mO15&La64.

Since the years, special characters, and capitalization scheme you choose will be unique, the likelihood of someone guessing one of your passwords is very, very slim. And, after generating a few passwords using the chart you’ve created, creating the next dozen or more is quite easy.

That’s it. Using this scheme, I don’t need a to remember a password; the website name tells me what the password is. Try it a few times for yourself and let us know what you think.