Category: Uncategorized

Password Reuse and You

Posted on by Griz
We could talk about password strength and safety first, but it is likely that you have heard that time and time again so I will slide that one down the priority list a bit. There are storehouses of passwords that belong to compromised email addresses. You may have gotten a phishing email that claimed to have your password. One that I have seen provided a somewhat censored version of one of my old passwords.This typically comes with a ransom demand. The way that these situations happen is the result of human nature. It is all too easy to use the same password on all of your online accounts. They keep increasing the password complexity and there are so many to keep track of. When a website that you use gets hacked and the username/password database gets stolen that data gets sold off. The majority of Americans bank at one of five major financial institutions. If the criminals have control of your email address (or as we say in the industry, pwns) they can get passwords reset. If they get as far as getting your bank password, where does that leave you? It doesn’t take much imagination to see how bad that can be. If you have a list of usernames/passwords it is like having a ring of keys. You can do some poking of common email providers and other services to see if those usernames and passwords open the door allowing criminals inside. Has your email password ever been compromised? Maybe you had to change your email password because you started getting weird email bounceback messages. Would you like to see if your email address has been discovered on a list for sale, or just out for public consumption? Try this link. (I have a few email addresses that have been blown, so don’t feel badly about being listed.) https://haveibeenpwned.com/Passwords Where do you go from here? Regardless of being compromised in the past or not, you can help protect yourself from this moment forward by starting to use different passwords for each account. This is where a tool to track your passwords in a secure manner is important. There are many password storage tools out there. Some are subscription based, some are free. This is not an endorsement, but I can say that I have had good experience with Password Safe. Some of the important aspect to consider is that the tool stores your usernames and passwords using encryption, and that the tool is easy for you to use. If it is not easy, you won’t use it. Please feel free to share your experiences in the comments. Maybe you have a password storage tool that you feel is wonderful, share it with the group. I am always happy to look over new products. Perhaps your input will give the rest of us a better tool to help us in staying safer. Enjoy the day, and be good to those around you.

What is Vishing

Posted on by Griz

Vishing, also known as voice phishing, is a type of cyber attack where an attacker uses a phone call to trick a victim into giving away sensitive information such as credit card numbers, passwords, or other personal data.

In a vishing attack, the attacker usually poses as a representative from a legitimate organization, such as a bank or government agency, and uses social engineering techniques to gain the victim’s trust. They may claim that there is a problem with the victim’s account or that there has been suspicious activity, and ask for sensitive information to resolve the issue.

Vishing attacks can be especially effective because the attacker can use voice manipulation techniques to sound convincing and create a sense of urgency or fear in the victim. They may also use spoofing to make it appear as if the call is coming from a legitimate source.

To protect yourself from vishing attacks, it’s important to be cautious when receiving unsolicited phone calls and never give out sensitive information over the phone unless you are sure of the caller’s identity. You can also verify the legitimacy of the call by contacting the organization directly through a trusted channel, such as the phone number listed on their official website. Additionally, enabling call-blocking and anti-spoofing features on your phone can help to prevent vishing attacks.

What is Smishing?

Posted on by Griz

Smishing is a type of cyber attack where an attacker uses text messages, also known as SMS (Short Message Service), to trick a victim into giving away sensitive information such as credit card numbers, passwords, or other personal data.

In a smishing attack, the attacker usually poses as a representative from a legitimate organization, such as a bank or government agency, and uses social engineering techniques to gain the victim’s trust. They may claim that there is a problem with the victim’s account or that there has been suspicious activity, and ask for sensitive information to resolve the issue.

Smishing attacks can be especially effective because text messages are often perceived as more trustworthy than emails and can create a sense of urgency or fear in the victim. They may also use links or attachments in the text message to download malware onto the victim’s device.

To protect yourself from smishing attacks, it’s important to be cautious when receiving unsolicited text messages and never give out sensitive information through a text message unless you are sure of the sender’s identity. You can also verify the legitimacy of the message by contacting the organization directly through a trusted channel, such as the phone number listed on their official website. Additionally, enabling anti-phishing and anti-malware features on your phone can help to prevent smishing attacks.

Password Strength is Important

Posted on by Griz

Password strength is important because weak passwords can be easily guessed or cracked by attackers, which can lead to unauthorized access to your accounts, identity theft, financial fraud, and other malicious activities.

A strong password is one that is difficult for attackers to guess or crack, even with automated tools. It typically consists of a combination of uppercase and lowercase letters, numbers, and symbols, and is at least 8-12 characters long (or longer). Using a passphrase made up of multiple words can also be a good way to create a strong password.

A weak password, on the other hand, is one that is easily guessable or can be found through brute force methods such as dictionary attacks or password cracking tools. Weak passwords often consist of common words, names, or easily guessable sequences like “1234” or “password.”

Using a strong password is important because it can help to protect your personal and sensitive information from being accessed by unauthorized users. Additionally, using unique and complex passwords for each account can help to prevent a single compromised password from leading to multiple account breaches.

To ensure password strength, it’s recommended to use a password manager that can generate and store complex passwords for you, enable two-factor authentication whenever possible, and regularly update your passwords to ensure maximum security.