According to a new publication in Wired.co.uk, the FBI is seeking a hacker who has downloaded 1.2 BILLION (yes, that’s a "B") stolen logins:
"The logins for sites such as Facebook and Twitter were most likely stolen last year by a Russian crime ring dubbed CyberVor, which harvested data from a whopping 420,000 websites using botnets looking for SQL injection vulnerabilities — the same technique used to target TalkTalk.
That was revealed in August last year by Milwaukee security firm Hold Security, which told journalists at the time that the Russian hackers had hold of 1.2 billion credentials as well has half a billion email addresses."
I know you’ve heard this before, but it is important to change all passwords on a regular basis – especially accounts that have any form of payment information entered as well as social sites. Facebook is a gold mine to online criminals (see story at the very bottom).
When doing one of my regular credit card checks earlier this year, I caught a charge for $14.99 with Netflix that I did not make. I contacted Netflix and they told me the transaction was in the UK. They refunded the full amount, I closed that card and got a new card. I have one card I specifically use for all online transactions, and I never use my debit card.
That is a tactic used by many scammers…. First, they use the card for something small. If it goes unnoticed by the account holder, then they’ll charge more. Regularly log in and review all charges on your credit card, no matter how small they may be. If an account offers a double-security check, use it. For example, with PayPal, they send a code to my phone first. Once I’ve confirmed the code, then the charge will go through.
I sure you’ve heard all the do’s and don’ts when it comes to passwords. 1. Do not use any names of your kids, dogs, cats, nieces, rabbit that belongs to your next door neighbor, favorite sport team, birthdate, divorce date, etc. and 2. Use at least 8 characters, both letters and numbers. The longer, the better. If the site allows special characters (i.e. #2/*), then throw a couple of those in. Can’t remember passwords like that? I can’t either so I use a password program, and use it diligently. Just do it!
I’ve been using a password manager called KeePass for five years now. There are many others available, but may not be free. KeePass is open source so there’s no charge to download and use it. I have KeePass linked to all my computers and devices so I can pull up my passwords at any time no matter if I’m on my computer, laptop, tablet or phone. Yes, it’s a minor inconvenience, but it is worth it. Additionally, with KeePass, you can use whatever you want for the primary password to log in. I use a long sentence, including punctuation, as my KeyPass password. It is not written nor stored anywhere but in my head. Hack that, you wankers.
As I mentioned earlier, just because you may not have entered in your credit card information in your Facebook account, that doesn’t mean that someone won’t scam you. My friend, Helen’s, mother, Ruth, fell victim to such a scam….
Ruth is elderly. Like most, not experienced with internet – although she does have a Facebook account in order to keep up with the grandkids. One day, out of the blue, she received a phone call from a stranger who told her that her grandson, Bill, was locked up in Mexico and needed $300 to get out. This distressed Ruth as Bill was in Mexico on vacation. She quizzed the scammer, he had all the right answers, and convinced her that Bill was in jail. She ended up wiring $300 to some location in Mexico. Of course, Bill was not locked up. You can kiss that money goodbye.
Basically, Bill had been posting updates and photos during his trip and somehow a scammer came across Bill’s account. Having a public profile – not hiding his personal info – Bill’s trip was posted for all to see. The scammer was able to easily find Ruth, Bill’s grandma, but checking out Bill’s profile and wall. A quick phone number lookup for Grandma Ruth’s number and the dude is in business.
In closing, addition to updating passwords, make sure your social sites – especially Facebook – is set for Friends only. If you do have your wall set to public, just use some common sense and don’t post anything that can be of advantage to a scammer, which includes listing who your family members are in your profile. It’s really no one else’s business anyway and serves no benefit to anyone except a scammer.