December 09, 2013 by Brad Garnett
2013 continues to be a year full of data breaches and compromised online accounts with no slowdown anticipated for the near future. Do you use Facebook, Google, LinkedIn, Twitter? Or use payroll provider ADP?
According to this article, security researchers discovered 1.6 million stolen website login credentials and roughly 300,000 e-mail credentials. Security researchers located many stolen credentials on a command and control server recently. So why is this important to you? First, people are creatures of habit and many people still use the same password for multiple accounts.
Social networking sites are easy targets and contain a wealth of information about people. Social networks can be easy, open, and free intelligence for cyber criminals. Have you ever received an e-mail that appeared to be legitimate from a “trusted” source, only to find out it was a phishing e-mail? Business owners, partners, & managers often are prime targets due to the wide range of regular business contacts. For example, FedEx, UPS, and Xerox are reputable names in business; however, they are easily used in phishing e-mail attacks to spread malware because recipients view these companies as a “trusted” source, which means easy “fishing” for attackers. If a phishing e-mail goes out to a thousand, one hundred-thousand, or a million e-mail recipients, and only one, one-hundred, hundreds, or even a thousand recipients open the malicious e-mail attachment, the phishing attack is successful because they now have your information and possibly stolen credentials. Now the attacker will go after your online persona, and target people in your social network. Gone are the days where a cyber criminal tries to steal your credit card number. Today, they are trying to see how many credit card accounts they can open up with your personal information. Your personal information is the most valuable, but also where you are the most vulnerable.
So, what can you do? Use different, complex passwords for EACH e-mail account, social network, banking account, and other important accounts you utilize. Use different e-mail addresses and security questions/answers when setting up your account. If two-factor authentication is offered by the website, use it, and use it now! Complete an inventory of what accounts you utilize and have different e-mail addresses and passwords associated with each online account. Use password generators and a password manager to aid you in creating and securely storing your passwords. Protecting your online identity is your responsibility. Remember, if you use these FREE social networking sites, you are the product, and do not become a customer unless you are paying for a service. This is something to keep in mind, while pursuing that equal balance between online privacy and online security.
Brad Garnett, CCE®, GCFA is a Digital Forensic Consultant with Kemper Technology Consulting, a division of Kemper CPA Group LLP. Prior to joining the Kemper team, Garnett spent the last decade in law enforcement, where he specialized in digital forensics. If you have a situation where forensic technology is needed to help you find an answer or make a tough business decision, please contact Brad at 812-421-8000.
Kemper CPA Group LLP publications should not be construed as legal advice or legal opinion on any specific facts or circumstances. The content is intended for general informational purposes only. You are urged to consult your own advisor on any specific legal questions concerning your situation.
CSOOnline.com (2013). Retrieved from http://www.csoonline.com/article/744329/alert-your-password-is-probably-compromised...again
CSOOnline.com (2013). Retrieved from http://www.csoonline.com/article/744185/2-million-stolen-login-credentials-discovered-for-facebook-google-linkedin-twitter-other-sites