You’ve probably heard of the gofundme.com site, where all sorts of stories are posted of people seeking donations. Some are tragic, others are trite. You may be touched by a particular story, perhaps one in which an entire family is killed in a house fire.
You click the “Donate Now” button and donate $50. So just how do you know that family who died in the fire really existed?
Gofundme.com and similar sites are loaded with “campaigns,” just tons of them. Think of the logistics involved if these sites hired people to verify every campaign. This would require enormous amounts of time and a lot of people and expense.
People don’t think. They just assume every campaign is for real. Do you realize how easy it is to start a campaign? Gofundme.com, for instance, only requires that you have a Facebook account with a valid-looking profile picture of the campaign starter, and at least 10 Facebook friends (last I checked, anyways).
It’s all based on the honor system. You take their word for it, though some campaigns are high profile cases. People have given money to fake campaigns. How can you prevent getting conned?
LinkedIn is a free service that allows professional people to network with each other. Often, a LinkedIn member will receive an e-mail from another LinkedIn member “inviting” them to join their network. Sometimes, the inviter is someone the recipient doesn’t know, but the recipient will link up anyways. And that’s the problem.
A report at www.secureworks.com says that Dell SecureWorks Counter Threat Unit™ (CTU) researchers discovered 25 phony LinkedIn profiles.
With this particular phony network (called TG-2889), most of the intended victims live in the Middle East. The profiles are convincing, including some having over 500 connections.
Signs of Fraudulence
Using phony profiles, the scammers aim to lure legitimate LinkedIn users into giving up personal information that the “threat actors” can then use either against them (like getting into their bank account) or scamming their associated company out of money.
Or, as evidenced by that one-fourth of the targets work in telecommunications, the scammers may be planning on stealing data from telecommunications companies.
TG-2889 is doing a pretty good job of maintaining the fake profiles, as they regularly make revisions, continues the secureworks.com report. This suggests that a new campaign is planned, perhaps one targeting the aerospace industry, since at least one fake profile mentions Northrup Grumman.
It’s also likely that some TG-2889 profiles have not been identified, and let’s also assume that LinkedIn is tainted with even more bogus profiles from other threat actors.
For Legitimate LinkedIn Users
Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.
Okay, so you’re 18 or 19 and in college, and are stressed because you have to be 21 in order to gain entry to a night club or bar where you’d like to drink up a storm and mingle with a “more mature” crowd. Or really, you just want to meet someone.
Life sure is tough, isn’t it? You have to wait till you’re 21, but by then…you may be graduated from college (and a lot more mature, and thus, getting plastered would no longer have appeal). What a bummer, dude! The time to have fun is when you’re young and irresponsible!
Many U.S. college kids circumvent this age restriction with the fake ID. And over the years, it’s gotten easier to get the fake ID, thanks to the Internet. In fact, the Internet is replete with sellers of fake IDs to anonymous customers.
An article at businessinsider.com describes how the “subreddit” vendor site even provides threads where visitors could get information on how to use this site, which is encrypted (not surprising).
Nevertheless, college kids can still get fake IDs the old-fashioned way: by asking around. It won’t be long before they have contact information and simple instructions regarding payment and sending the supplier a photo.
Beware of the Consequences of Getting Caught with a Fake ID
Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.
There are numerous subspecialties within the booming cybersecurity field[i]. Here are some of the most in-demand professions:
Cybersecurity Engineer: This is the all-around, jack-of-all-trades, go-to guy or gal of cybersecurity. For all intents and purposes, a cybersecurity engineer is a hacker – but a good one. Using their advanced knowledge of malware, viruses, theft, DDoS attacks and other digital threats, cybersecurity engineers defend organizations against crime online. Personality traits required for this role include being flexible, nimble and a do-it-yourselfer. Candidates also must have:
Malware Analyst: If you choose to specialize, working as a malware analyst is like being an oncologist fighting cancer. There’s research, removal or treatment, and it’s up to you to decide how to apply your training.
With millions of types of malware on PCs, Macs and even mobile devices there’s a significant shortage of experts in this highly in-demand field. Responsibilities include:
Application Security Administrator: Back in the days of desktop computing, the only means of compromising data were to insert a contaminated floppy disk into a PC or open an infected email attachment. We’ll call this the “anti-virus era.”
Next came the “network security era.” The need for cybersecurity evolved with the Internet as more companies developed internal and external networks.
Information security has evolved yet again. Today, we live in the “application security era.” The demand for application security administrators is nearly limitless. The job includes:
Chief Information Security Officer (CISO): CISO is the top position managers in the field of cybersecurity work toward achieving. Prospective candidates should take a multifaceted approach to cyber education with courses in business fundamentals. Responsibilities might include:
Security Consultant: It’s tough to land a 9-5 job as a security consultant, but this is one of the most gratifying positions one can pursue when engaged in the diverse and rapidly changing world of cybersecurity.
Consultants come in two flavors: they have a knack for solving problems in a particular niche, or they have accumulated knowledge of multiple systems over the course of their career. Security consultants are expected to:
When choosing a specialty keep a few things in mind. Try to choose one that can compliment another in the event you decide to make a change. Research how much training and education in time and money might be needed. Are there certifications that need to be re-qualified for and how often? Consider the dynamics of the specialty such as will you be working with individuals, teams, or by yourself. Will there be travel involved? Does it require overtime or is it a straight 40 hour a week job?
No matter what you choose, follow your heart.
I’m compensated by University of Phoenix for this blog. As always, all thoughts and opinions are my own.
[i] http://www.bls.gov/opub/btn/volume-2/careers-in-growing-field-of-information-technology-services.htm
It can be tough being a responsible adult sometimes, and managing these responsibilities isn’t always a chore that I want to deal with. Can you relate? Managing life takes focus and effort, and managing your online life is no different. Most of us are lazy with our online accounts, especially when it comes to our passwords. It is easy to use the same password for every account, but this also makes it very easy for hackers to access your passwords.
You Need a Password Manager
Most of us have several online accounts that require different passwords. However, trying to remember all of these passwords is difficult, so it is no wonder that people choose to only use one password for every account. How can you avoid this? You should use a password manager.
Making Passwords Strong and Secure
There are a number of ways to make your passwords secure and strong. But don’t just take my word for it, according to Bill Carey, VP Marketing for the RoboForm Password Manager “The number one thing a user can do to protect themselves online is use a strong unique password for every website”
Those who have weak passwords are more susceptible to hacks and scams. Make sure to take these tips to heart and protect your sensitive online information.
Robert Siciliano is a personal privacy, security and identity theft expert to RoboForm discussing identity theft prevention.
Companies that cut corners by giving cybersecurity training only to their technical staff and the “big wigs” are throwing out the welcome mat to hackers. Cyber criminals know that the ripe fruit to pick is a company’s sales staff. Often, the sales personnel are clueless about the No. 1 way that hackers “get in”: the phishing e-mail. Salespeople are also vulnerable to falling for other lures generated by master hackers.
In a recent study, Intel Security urges businesses to train non-technical (including sales) employees. Sales personnel are at highest risk of making that wrong click because they have such frequent contact in cyberspace with non-employees of their company.
Next in line for the riskiest positions are call center and customer service personnel. People tend to think that the company’s executives are at greatest risk, but look no further than sales, call center and customer service departments as the employees who are most prone to social engineering.
It’s not unheard of for businesses to overlook the training of sales employees and other non-technical staff in cybersecurity. Saving costs explains this in some cases, but so does the myth that non-technical employees don’t need much cybersecurity training.
Intel Security’s report says that the most common methods of hackers is the browser attack, stealth attack, SSL attack, network abuse and evasive technologies.
In particular, the stealth attack is a beast. Intel Security has uncovered 387 new such threats per minute. IT teams have their work cut out for them, struggling to keep pace with these minute-by-minute evolving threats. This doesn’t make it any easier to train non-technical staff in cybersecurity, but it makes it all the more crucial.
Training non-technical staff, particularly those who have frequent online correspondence and have the gift of cyber gab, is the meat and potatoes of company security.
If I wanted to crack one of your passwords, I could probably make a series of educated guesses and get pretty close. Why? Because people tend to stick with simple, easy to remember passwords, but these are the passwords that are easy to hack. According to Bill Carey, VP Marketing for the RoboForm Password Manager “Users need to take personal responsibility for their passwords and not assume that companies will keep them safe.”
Hackers Have Many Ways to Get Into Your Accounts
There are many ways that a hacker can get into an online account.
How to Improve Your Passwords
There are a number of expert tips that will help to improve your passwords:
Don’t learn a hard lesson when it comes to your passwords. Take the steps today to update your log in credentials, and have a safer tomorrow.
There are many reasons someone might right-click on your image and “Save image as…”
Porn, Sex and Dating Sites
Scams
Fantasy Lives
How can you protect your digital life?