Yikes (Data Breaches, Compromised Accounts, etc.)
http://edu-observatory.org/olli/Yikes/index.html


How to Lose a Fortune with Just One Bad Click
  https://krebsonsecurity.com/2024/12/how-to-lose-a-fortune-with-just-one-bad-click/   

  Adam Griffin is still in disbelief over how quickly he was
  robbed of nearly $500,000 in cryptocurrencies. A scammer
  called using a real Google phone number to warn his Gmail
  account was being hacked, sent email security alerts
  directly from google.com, and ultimately seized control over
  the account by convincing him to click "yes" to a Google
  prompt on his mobile device.
  


FREEZE YOUR CREDIT (now!)

Report: Everyone Should Get a Security Freeze
  https://krebsonsecurity.com/2015/11/report-everyone-should-get-a-security-freeze/   
How I Learned to Stop Worrying and Embrace the Security Freeze
  https://krebsonsecurity.com/2015/06/how-i-learned-to-stop-worrying-and-embrace-the-security-freeze/   
  
How to place or lift a security freeze on your credit report 
  https://www.usa.gov/credit-freeze   
What To Know About Credit Freezes and Fraud Alerts
  https://consumer.ftc.gov/articles/what-know-about-credit-freezes-and-fraud-alerts   
  
  https://www.aprfinder.com/credit-bureau-phone-numbers
  Equifax:    888-548-7878   https://www.equifax.com/  
  TransUnion: 800-916-8800   https://www.transunion.com/
  Experian:   800-493-1058   https://www.experian.com/






MONITOR YOUR FINANCIAL ACCOUNTS (BANKS, etc.)
  
  A checking account is a useful tool for paying bills and
  covering expenses when using a debit card. Thanks to online
  and mobile banking, it's easier than ever to track debit and
  credit transactions.

  There are several good reasons to keep a close eye on your
  banking activity, particularly if you're concerned about
  preventing fraud or minimizing fees.
  
  Monitor all your finances: Bank Accounts, Credit Unions
  Accounts, Investment Accounts, and Credit/Debit Card
  Transactions. Take advantage of the smartphone apps from
  those companies and institutions.






MONITOR YOUR PASSWORDS - Data Breaches Happen

⓵ CHECK IF YOUR PASSWORD HAS BEEN COMPROMISED IN A DATA BREACH
  https://haveibeenpwned.com
  https://haveibeenpwned.com/Passwords
  
  If your password has been detected in any of these breached 
  sites -- make sure you login to your account and change the 
  password. Every password should be unique, 16-20+ 
  characters, randomly generated, and stored in a password 
  manager.


⓶ CHECK THE INTEGRITY OF YOUR PASSWORDS ON YOUR APPLE DEVICES
  https://support.apple.com/en-us/120758   
  Goto the app:  Passwords > Security
  
  iPhone/iPad/Mac can securely monitor your passwords and
  alert you if they are weak or appear in known date leaks.
  For each flagged password, log into that account and set a
  new password. Every password should be unique, 16-20+ 
  characters, randomly generated, and stored in a password 
  manager.
  

⓷ USE PASSKEYS INSTEAD OF PASSWORDS
  https://support.apple.com/en-us/102195   

  Passkeys reside on your device, not anywhere else.

  Passkeys are a replacement for passwords that are designed
  to provide websites and apps a passwordless sign-in
  experience that is both more convenient and more secure.
  Passkeys are a standard-based technology that, unlike
  passwords, are resistant to phishing, are always strong, and
  are designed so that there are no shared secrets. They
  simplify account registration for apps and websites, are
  easy to use, and work across all of your Apple devices, and
  even non-Apple devices within physical proximity.

  Passkeys are built on the WebAuthentication (or "WebAuthn")
  standard, which uses public key cryptography. During account
  registration, the operating system creates a unique
  cryptographic key pair to associate with an account for the
  app or website. These keys are generated by the device,
  securely and uniquely, for every account.

  One of these keys is public, and is stored on the server.
  This public key is not a secret. The other key is private,
  and is what is needed to actually sign in. The server never
  learns what the private key is. On Apple devices with Touch
  ID or Face ID available, they can be used to authorize use
  of the passkey, which then authenticates the user to the app
  or website. 
  
  No shared secret is transmitted, and the server does not
  need to protect the public key. This makes passkeys very
  strong, easy to use credentials that are highly
  phishing-resistant. And platform vendors have worked
  together within the FIDO Alliance to make sure that passkey
  implementations are compatible cross-platform and can work
  on as many devices as possible.


  Use passkeys to sign in to apps and websites
  https://support.apple.com/guide/iphone/use-passkeys-to-sign-in-to-apps-and-websites-iphf538ea8d0/ios   








YIKES -- IDENTITY THEFT
  https://consumer.ftc.gov/topics/privacy-identity-online-security
  https://consumer.ftc.gov/topics/identity-theft
  https://consumer.ftc.gov/features/identity-theft   
  https://www.identitytheft.gov

  IdentityTheft.gov is the federal government's one-stop
  resource for identity theft victims. The site provides
  streamlined checklists and sample letters to guide you
  through the recovery process.

  




RESOURCES FROM ELECTRONIC FRONTEER FOUNDATION (EFF) How to: Avoid Phishing Attacks | Surveillance Self-Defense https://ssd.eff.org/en/module/how-avoid-phishing-attacks Protecting Yourself on Social Networks https://ssd.eff.org/en/module/protecting-yourself-social-networks Protecting Your Device From Hackers https://ssd.eff.org/en/module/animated-overview-protecting-your-device-hackers Tips, Tools And How-Tos For Safer Online Communications https://ssd.eff.org/en PHISHING GUIDANCE: STOPPING THE ATTACK CYCLE AT PHASE ONE http://edu-observatory.org/olli/Manage/PDFs/Phishing_Guidance.pdf The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint guide to outline phishing techniques malicious actors commonly use and to provide guidance for both network defenders and software manufacturers. This will help to reduce the impact of phishing attacks in obtaining credentials and deploying malware. sam.wormley@icloud.com