It's no secret that the U.S. is currently vulnerable to a debilitating online attack. But many top IT security professionals have predicted that something catastrophic is coming – and it could happen in 2013.
"Spear phishing."
It sounds kind of silly – the sort of phrase used to make these dramatic events even more sensational. But it's a real threat, and it skewered our gas pipeline systems repeatedly last year, as infiltrators scoured for information and wreaked all sorts of structural havoc. And that could be just the beginning.
Before the parade of high-profile hacks of the last few weeks, industry experts were already foreseeing a huge cyber security disaster. In January, the conference of the Information Systems Security Association sent a survey to IT gurus asking about the current strength of American online safety. Without specifying exactly which kind of disaster would occur, members of the conference were asked if they thought a major act of cyberterrorism could happen soon. The results were chilling, though unsurprising for anyone who's been paying attention: 79 percent of those surveyed said that a significant attack on our infrastructure will occur this year, and nearly 60 percent believed the government should step up and make more of an effort to keep Americans safe.
How secure do you think your email really is? Would you be surprised to learn that your inbox is scanned regularly, and not just by you?
Microsoft recently launched its humorously titled “Don’t Get Scroogled by Gmail” media campaign. The company commissioned a study that showed that 70 percent of consumers are unaware that free email service providers, such as Google, routinely scan their emails for information that allows them to deliver targeted advertisements.
Furthermore, 88 percent of respondents said they were opposed to this practice once they became aware of it. Now yes, Microsoft has an ulterior motive here. They’re not so much dedicated to your privacy as they are looking to convince users to switch from Gmail to Outlook. Let’s also not forget that Microsoft has long offered its own free email service, the all-but-forgotten Hotmail.
Google quickly responded to the media campaign taking swipes at Gmail with a statement of its own.
Quick! Name a major international newspaper that wasn’t hacked last week. It might be harder than you think.
Last Wednesday, The New York Times announced on its front page that it had been hacked over the course of four months by state-sponsored cyber criminals in China. The Times said that Bloomberg News had also recently been targeted. The following day, The Wall Street Journal said it too had been infiltrated by Chinese hackers. Next up was the Associated Press, acknowledging similar data security breaches.
According to The Times, it was breached thanks to a spear-phishing attack, at which point the hackers uploaded an array of malware to the company network and started stealing email passwords of reporters, editors and other employees.
This all stems from an October 2012 story written in the paper about the family of the Chinese prime minister quietly amassing a multi-billion-dollar fortune in recent years. Apparently, they were looking for sources used in the investigation that might be revealed in the email accounts of Times reporters and editors.
About 250,000 Twitter accounts may have been hacked last week. Was yours one of them?
On Friday, the company announced via its official blog that it has reset the passwords for those users after a breach was detected in which email addresses, usernames and encrypted password data may have been accessed by hackers.
The blog post was quick to point out that other companies such as The Wall Street Journal and The New York Times have recently fallen victim to data security breaches as well, though those attacks appear to have been state-sponsored (check back here tomorrow for more on those breaches).
There has been no indication as of yet that the infiltration of Twitter was related to those incidents. However, Bob Lord, the company’s director of information security and author of the blog post, said he does not believe this was an isolated event, and that the attack was sophisticated and not “not the work of amateurs.”
Take a moment to think about the last time you “checked in” somewhere on a social media site or were tagged in someone else’s status update. People often do this to share the cool things they see or do on vacation or their day off work.
In that moment you just took, did the term “geolocation data” spring to mind? If not, it should have – along with data security. Geolocation data includes all these tags and check-ins, where you are announcing to the world where you are and what you’re doing. Companies use this information to tailor advertisements and other marketing materials to target specific audiences.
Now, we can debate the ethical practices used by these organizations to gather our personal information until the chickens come home to roost, but there are others out there who clearly have nefarious machinations in mind. That check-in at a concert you’re having a blast at tells the online world that you are not home and now might be a good time to break into your house and steal everything you own.
Interactive Webinar, Sponsored by Deluxe Corporation, Featuring Privacy Expert John Sileo
ST. PAUL, Minn., Oct 04, 2012 (BUSINESS WIRE) — Cyber criminals sabotaged John Sileo’s business – and nearly landed him in jail. Now he’s determined to help small business owners prevent the disastrous mistakes that loom ever-larger in the age of identity theft, mobile computing and social media.
Sileo will share his story – and the lessons he learned – in an hour-long interactive webinar on Tuesday, Oct. 9 at 2 p.m. EST. Titled “5 Disastrous Decisions that Destroy Small Business,” the webinar is sponsored by Deluxe Corporation and designed to provide business owners with simple, actionable tools to help protect their operations and enhance their efficiencies.
SCAM ALERT! There is a Target texting scam going around. The text looks similar to the one in the picture to the left, and generally says you’ve won a $1,000 gift card if you simply click on the link and collect the money. When you click on the link, it takes you to a Target-looking site that a criminal has set up to collect your private information. The information is then used to steal your identity. In other cases, clicking on the link installs a small piece of malware that takes control of your phone and forwards your private information to the criminals.
Where do the criminals get my mobile phone number to text me in the first place?
They purchase it off of black-market sites on the internet
You give your mobile number away to enter contests, vote on reality shows, etc.
On this episode of Privacy Project, John confronts a coffee drinker about leaving their laptop totally alone as they talked outside on the phone at Starbucks.
America’s top Privacy & Identity Theft Speaker John Sileo has appeared on 60 Minutes, Anderson Cooper, Fox & in front of audiences including the Department of Defense, Pfizer, Homeland Security and hundreds of corporations and associations of all sizes. His high-content, humorous, audience-interactive style delivers all of the expertise with lots of entertainment. Come ready to laugh and learn about this mission-critical, bottom-line enhancing topic.
John Sileo is an award-winning author and keynote speaker on the dark art of deception (identity theft, fraud training, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust.
Get monthly strategies and tips for protecting yourself and your business delivered right to your Inbox. Signup now and you'll immediately receive John's 7 Survival Strategies for Starving Data Spies!