How to Lose a Fortune with Just One Bad Click
https://krebsonsecurity.com/2024/12/how-to-lose-a-fortune-with-just-one-bad-click/
Adam Griffin is still in disbelief over how quickly he was
robbed of nearly $500,000 in cryptocurrencies. A scammer
called using a real Google phone number to warn his Gmail
account was being hacked, sent email security alerts
directly from google.com, and ultimately seized control over
the account by convincing him to click "yes" to a Google
prompt on his mobile device.
FREEZE YOUR CREDIT (now!)
Report: Everyone Should Get a Security Freeze
https://krebsonsecurity.com/2015/11/report-everyone-should-get-a-security-freeze/
How I Learned to Stop Worrying and Embrace the Security Freeze
https://krebsonsecurity.com/2015/06/how-i-learned-to-stop-worrying-and-embrace-the-security-freeze/
How to place or lift a security freeze on your credit report
https://www.usa.gov/credit-freeze
What To Know About Credit Freezes and Fraud Alerts
https://consumer.ftc.gov/articles/what-know-about-credit-freezes-and-fraud-alerts
https://www.aprfinder.com/credit-bureau-phone-numbers
Equifax: 888-548-7878 https://www.equifax.com/
TransUnion: 800-916-8800 https://www.transunion.com/
Experian: 800-493-1058 https://www.experian.com/
MONITOR YOUR FINANCIAL ACCOUNTS (BANKS, etc.)
A checking account is a useful tool for paying bills and
covering expenses when using a debit card. Thanks to online
and mobile banking, it's easier than ever to track debit and
credit transactions.
There are several good reasons to keep a close eye on your
banking activity, particularly if you're concerned about
preventing fraud or minimizing fees.
Monitor all your finances: Bank Accounts, Credit Unions
Accounts, Investment Accounts, and Credit/Debit Card
Transactions. Take advantage of the smartphone apps from
those companies and institutions.
MONITOR YOUR PASSWORDS - Data Breaches Happen
⓵ CHECK IF YOUR PASSWORD HAS BEEN COMPROMISED IN A DATA BREACH
https://haveibeenpwned.com
https://haveibeenpwned.com/Passwords
If your password has been detected in any of these breached
sites -- make sure you login to your account and change the
password. Every password should be unique, 16-20+
characters, randomly generated, and stored in a password
manager.
⓶ CHECK THE INTEGRITY OF YOUR PASSWORDS ON YOUR APPLE DEVICES
https://support.apple.com/en-us/120758
Goto the app: Passwords > Security
iPhone/iPad/Mac can securely monitor your passwords and
alert you if they are weak or appear in known date leaks.
For each flagged password, log into that account and set a
new password. Every password should be unique, 16-20+
characters, randomly generated, and stored in a password
manager.
⓷ USE PASSKEYS INSTEAD OF PASSWORDS
https://support.apple.com/en-us/102195
Passkeys reside on your device, not anywhere else.
Passkeys are a replacement for passwords that are designed
to provide websites and apps a passwordless sign-in
experience that is both more convenient and more secure.
Passkeys are a standard-based technology that, unlike
passwords, are resistant to phishing, are always strong, and
are designed so that there are no shared secrets. They
simplify account registration for apps and websites, are
easy to use, and work across all of your Apple devices, and
even non-Apple devices within physical proximity.
Passkeys are built on the WebAuthentication (or "WebAuthn")
standard, which uses public key cryptography. During account
registration, the operating system creates a unique
cryptographic key pair to associate with an account for the
app or website. These keys are generated by the device,
securely and uniquely, for every account.
One of these keys is public, and is stored on the server.
This public key is not a secret. The other key is private,
and is what is needed to actually sign in. The server never
learns what the private key is. On Apple devices with Touch
ID or Face ID available, they can be used to authorize use
of the passkey, which then authenticates the user to the app
or website.
No shared secret is transmitted, and the server does not
need to protect the public key. This makes passkeys very
strong, easy to use credentials that are highly
phishing-resistant. And platform vendors have worked
together within the FIDO Alliance to make sure that passkey
implementations are compatible cross-platform and can work
on as many devices as possible.
Use passkeys to sign in to apps and websites
https://support.apple.com/guide/iphone/use-passkeys-to-sign-in-to-apps-and-websites-iphf538ea8d0/ios
YIKES -- IDENTITY THEFT
https://consumer.ftc.gov/topics/privacy-identity-online-security
https://consumer.ftc.gov/topics/identity-theft
https://consumer.ftc.gov/features/identity-theft
https://www.identitytheft.gov
IdentityTheft.gov is the federal government's one-stop
resource for identity theft victims. The site provides
streamlined checklists and sample letters to guide you
through the recovery process.
RESOURCES FROM ELECTRONIC FRONTEER FOUNDATION (EFF)
How to: Avoid Phishing Attacks | Surveillance Self-Defense
https://ssd.eff.org/en/module/how-avoid-phishing-attacks
Protecting Yourself on Social Networks
https://ssd.eff.org/en/module/protecting-yourself-social-networks
Protecting Your Device From Hackers
https://ssd.eff.org/en/module/animated-overview-protecting-your-device-hackers
Tips, Tools And How-Tos For Safer Online Communications
https://ssd.eff.org/en
PHISHING GUIDANCE: STOPPING THE ATTACK CYCLE AT PHASE ONE
http://edu-observatory.org/olli/Manage/PDFs/Phishing_Guidance.pdf
The Cybersecurity and Infrastructure Security Agency (CISA),
National Security Agency (NSA), Federal Bureau of
Investigation (FBI), and Multi-State Information Sharing and
Analysis Center (MS-ISAC) are releasing this joint guide to
outline phishing techniques malicious actors commonly use
and to provide guidance for both network defenders and
software manufacturers. This will help to reduce the impact
of phishing attacks in obtaining credentials and deploying
malware.
sam.wormley@icloud.com