Be vigilant and always cautious when providing your credentials
This last month I received a call from a Kenosha County customer whose email stopped working. They were able to receive emails just fine but they could not send anything. After diagnosing the problem, CMIT Solutions of SE-WI determined the customer’s email account had been hacked, hijacked, and flagged as a spammer so Microsoft shut down the account. Fortunately, we were able to quickly reset the password and restore access … and after running scans, determine the business network and computers were not compromised.
Unfortunately, this happens way more often than we would like. How many times in your personal life have you gotten weird emails from friends, family, and business associates? My family knows not to open anything from Grandpa, because he is frequently hacked … sorry to call you out, Pop-Pop!
So just what is the dark web?
Simply put, the dark web is where cyber criminals go to sell and traffic just about everything. Sadly, this includes drugs, stolen goods, your data and identity, and most tragically even people. Data breaches are common news today. AT&T is currently doing damage control denying that 70 million of their account holders’ credentials were auctioned off on the dark web. 70,000,000 … that’s a lot of people! If this turns out to be a true breach, the impact is enormous.
One of the big businesses on the dark web is the buying and selling of information. Account login information typically follows a pattern:
First, your information is compromised. This can happen in any number of ways, as I’ve written about before.
Second, that compromised information is validated. The cyber criminals bank on the fact that we do not often change our passwords, and that we often use the same ones in multiple places. Credentials that can access multiple accounts are more valuable.
Third, the validated credentials are auctioned off. Cybercriminals fetch a couple of dollars per identity, but they sell so many this adds up to a lot of money.
Fourth, whoever purchases this validated data can then get down to the real dirty work. This includes stealing your identity, ruining your credit, stealing your money, and tricking your friends, family, and associates into giving up their identities and money.
What can I do about it?
I have written about this a number of times, so I won’t repeat the details here. The short story is that you need to be vigilant and always cautious when providing your credentials, but even that may not be enough. Make sure you have good anti-virus/anti-malware software in place and leverage tools like LastPass password locker to set up complex and unique passwords. Your cable company likely provides firewall services with the router/gateway they supplied – these can be a great help with preventing you from accessing a bad link or website.
How do I know if my information is out there?
Unfortunately, no software or techniques out there can 100 percent guarantee that your identity will not be stolen or your systems won’t be hacked. It can happen from your desktop, tablet, or cellphone.
However, if you are curious about whether your email account is exposed, there is a free website that I like to use when I can’t run a deep dark web scan for my customers.
The site is https://www.HaveIBeenPwned.com and will list some basic information about whether your email account has been found on the dark web. According to the site, “The word “pwned” has origins in video game culture and is a leetspeak derivation of the word ‘owned’, due to the proximity of the ‘o’ and ‘p’ keys. It’s typically used to imply that someone has been controlled or compromised, for example ‘I was pwned in the Adobe data breach’.”
Small and mid-sized businesses can take advantage of more sophisticated dark web monitoring provided by IT service providers like CMIT of SE-WI.
If you do see your email account listed, you should change your email password immediately. Be sure to use something that is complex, unique, and not easily guessed. If you’re like most people, you are using the same password with your email account as the ID in many places. If you’re also like most people, you have no idea where you’ve been using them! Hit your major social media sites and certainly any banking and financial sites you use to change your passwords at these as well.
A very small investment in a password locker tool allows you to generate random, large, complex passwords and not have to worry about keeping them safe. When a data breach does occur and one of your accounts is affected, you can have the peace of mind that the exposure is limited to just one site.
For more tips and tricks, contact us today!
CMIT Solutions of SE WI is a locally owned and operated IT solutions provider serving businesses in Kenosha County and the surrounding area.
