Archive for the ‘Cybersecurity – cybercrime’ Category

Set your phone’s passcode … right now!

August 5, 2022

Tips from my “hacked” experience
==============

In a prior post, I recounted how I got hacked …

A perp hijacked my cell phone numbe,  used it to breach my BofA bank account and withdrew a statistically significant amount of money.

For details of the sophisticated hack, see:
I was HACKED … and my story is worth reading!

==============

The first lesson that I learned (again) is that cell phones are the weakest link in online security.

Step #1 is to secure your phone with — at a minimum – a passcode.

Yeah, it’s an annoying inconvenience, but…

It’s not just to keep kids from grabbing your phone to play games … or keep peering friends & family from sneaking a peek at your texts and emails.

If you lose your phone (or have it stolen), it buys you some time to call your carrier and de-activate your number.

An amateur may get stymied trying to guess which of the 10,000 possible 4-digit numeric codes you use on your phone … a hack-pro can eventually crack the code, but it takes time & effort, so it buys some time … and the perp may just toss the phone and hunt for a non-passcode phone.

Of course, if your phone is equipped with fingerprint or facial recognition, consider using it.

It adds to the inconvenience, but it ups your phone security by orders of magnitude.

============

Why is this important?

If perps can open your phone, they can see where you have accounts.

For example, they can scan text message alerts that you’ve received from your banks and credit card companies.

Bingo, they know where you keep your money.

Then, they can go to the banks’ web sites and simply click “Forgot user ID & password “.

The bank will likely recognize the device (remember, the perps have your phone) … and, if you’ve activated 2-factor authorization, the bank may unwittingly send the 2FA code to your phone … which the perp is holding in his hand.

BINGO … account breached … and the perp is off to the races.

==============

P.S. My phone wasn’t lost or stolen.  It and my number) were hijacked when my carrier “sold” a perp a new iPhone, charging my account and over-riding my activation with the fraud purchased phone.

My bet: A likely “inside job”.

You (and I, now) are way more likely to lose our phones (or get them stolen) than getting them hijacked … which is why passcode protecting them is important.

Again, doing so may cut off some easy paths to your accounts … and may at least buy you some time to contain possible financial damage.

=============
P.P.S. If you have any anti-hacking ideas, please post a comment or email me.

I was HACKED … and my story is worth reading!

August 3, 2022

Strong passwords and two-factor-authorization gave me a false sense of security … lessons learned!
===============

Cutting to the chase: a perp breached my B of A account and withdrew a statistically significant amount of money.

Here’s the story as I’ve been able to piece it together…

Somebody (in Ft Worth TX) “bought” a new phone on my Verizon account and activated it to “highjack” my cell phone number.

It’s not clear to me how he did it.

It appears that he bought the phone in a Verizon store (though some Verizon reps say it was an online purchase).

My questions…

If a store purchase, why didn’t somebody check his photo ID and notice that the account has a Maryland address … not a Texas address?

If an online purchase, he might have illicitly got his hands on my ID and password, but how did he get by the “challenge question”?

=============

My theory of the case:

The perp downloaded the Bank of America app to the highjacked phone, signed on to B of A and clicked the “forgot ID & password” button.  B of A sent my 2FA code to the hijacked phone … which allowed the perp to access my B of A account … changing the password and processing transactions

My B of A “connection log” does show transactions via the B of A app … which I have never even downloaded,.

B of A did send me email alerts about “User ID lookup” and “Password changed” … but I didn’t notice them until about an hour after-the-fact … and, it took me another hour to finally get through to B of A’s fraud department.

In the 2 “open season” hours, the perp made 2 withdrawals from my B of A account. — an online funds transfer and a branch bank cash withdrawal

Again, all of this is happening in Fort Worth TX … it’s not clear to me why the branch didn’t check a photo ID and take notice of the account’s Maryland address

Once I connected with the fraud department, they froze my account and started the process of reversing the fraudulent transactions.

I’m confident that B of A will make me whole.  I’ll keep you posted on that.

Since my account is now frozen (for 6 months, deposits ok but no outflows), I had to open a new account.

That sounds simple enough, but …

Opening a new account means:

  • Changing the delivery instructions for all of my direct deposits (e.g. Social Security and retirement “checks”)
  • Restoring my list of “Bill Pay” accounts
  • Changing instructions for a couple of recurring direct debit charges (e,g, medical insurance)

That all sounds easy enough, but trust me, it’s a frustrating and time-consuming process …. and I’m sure some things will fall through the cracks.

The bad news: Getting to the “right” customer service reps is a challenge.

Many are “above my pay grade” or “not my department” people … some speak with practically unintelligible accents … some sound like they’re using fast-food drive-thru speaker technology to communicate

The good news: While it took many calls to get to them, several of the Customer Service reps were fantastic.

They obviously knew what they were doing …they spoke clearly … they were patient with “dumb” questions … they knew how to “work” their company’s systems … and they “got it done”

=============

My biggest takeaway

Our IT director at Georgetown frequently reminded me that cell phones are the weakest security link … and strongly advised not using them for online transactions.

I don’t use my phone for online transactions … and I never dreamt of my phone number being hijacked … and, I didn’t even consider the implications (e.g. 2FA codes going to the hijacked phone number).

=============

Some action items

Some things that I’m doing:

  1. Tightening security on my cell phone account
  2. Changing (and strengthening) all financial account passwords.
  3. Activating 2FA for all accounts (after being sure that #1 is done)
  4. Updating accounts’ contact information (especially fraud dept. phone numbers) for all financial accounts.

Trust me, #4 is easier to do before, not during, a hack when nerves are frayed.

Countering cyber-terrorism with equity math … say, what?

May 19, 2021

I’m still scratching my head over Team Biden’s public response to the Colonial Pipeline hack & shut-down.

Let me count the ways:

1. Biden: “The Russian government (i.e. the iron-fisted Putin) had no knowledge and no involvement.”

My take: Biden was probably confusing Putin with Sergeant “I See Nothing”  Schultz (from Hogan’s Heroes).

=============

2. Biden, when asked if he approved the policy-busting ransom payment to terrorists: “No comment”.

My take: If you think that paying people to not work doesn’t disincentivize job-seeking, then it logically follows that paying ransom to terrorists does not incentivize terrorist acts.

=============

3. Energy Secretary Granholm: “This is another good  reason to drive electric cars.”

My take: Does she have any idea where and how the electricity that fuels electric vehicles is produced?

=============

4. Biden when asked how U.S. will counter cyberterrorism: “More education”.

Let’s go into some detail on this one…

The first 3 are patently incredible on their obvious merits (demerits?).

The last, an off-the-cuff statement is another example of why Biden’s handlers don’t want him to answer questions.

For sure, U.S. needs more American students studying technical STEM subjects.

But, that’s, at best, a long-run fix that won’t provide much near-term protection.

Even then, there is a grand irony that Biden is casually promoting technical education at the same time that he’s supporting (or at least, not opposing) the “equity mathematics” movement that is advocating:

> The end of racially-toxic right answers and “dictated” solution methods … to be replaced by  free-form methods, approximate answers and “nice tries”.

> The elimination of advanced mathematics in high school …  to mitigate cultural disadvantage and keep all students at the same terminal level of proficiency.

With some American educators seriously considering those misdirections, I doubt that more education will counter the cyberterrorism threat either short- or long-run.

How many cyberterrorists do you think are rushing to enroll in equity-math courses?

If your answer is greater than zero, then I’m betting the under.

Fighting back against the cyber-attackers…

August 30, 2018

Yesterday, we posted about the Chinese cybersecurity threat.

Coincidentally, the WSJ ran an article: America Goes on the Cyberoffensive

image

The essence of the article:

Obama-era rules restricting the use of cyberweapons have been rolled-back.

U.S. government hackers will now have more latitude to respond to and deter cyberattacks by adversaries.

Here are some details….

(more…)

About the hyperventilation over Russia…

June 1, 2017

Some key points are being overlooked.

=====

Fueled by rumors and “secret intel assessment”, election-deniers are having a field day blaming Queen Hillary’s loss on the Russians and alleging that Trump is in Putin’s back pocket.

Beyond the hypocrisy of the Dems hissy fit over Trump’s  refusal (in debate #3) to commit to accepting the election results if they seemed tainted (<= ironic, isn’t it?), the deniers seem to be overlooking a couple of key points.

(more…)

About the alleged Russian email hack …

December 19, 2016

Some key points are being overlooked.

=====

Fueled by a “secret CIA assessment”, election-deniers are having a field day blaming Queen Hillary’s loss on the Russians.

clip_image001

Beyond the hypocrisy of their post-debate-3 hyperventilation over Trump’s refusal to commit to accepting the election results if they seemed tainted, the deniers seem to be overlooking a couple of key points.

(more…)

Cellphones: “Biggest threat to your cybersecurity”

February 23, 2016

We’re not talking Apple building a backdoor to access your encrypted info, we’re talking ordinary old cyber-criminals intercepting messages, seizing account numbers and passwords, and taking remote control of cell phones.

image

According to Knowledge @ Wharton

By 2015, more Americans are expected to access the Internet through a mobile device than a PC.

And,  45% of surveyed users do not see cybersecurity on their mobile devices as a threat in the same way as they see it on their computers.

The 55% couldn’t be more wrong.

Here’s why …

(more…)

Cellphones: “Biggest threat to your cybersecurity”

May 22, 2015

We’re not talking NSA tracking, we’re talking ordinary old cyber-criminals intercepting messages, seizing account numbers and passwords, and taking remote control of cell phones.

image

According to Knowledge @ Wharton

Nowadays, more Americans are expected to access the Internet through a mobile device than a PC.

And,  45% of surveyed users do not see cybersecurity on their mobile devices as a threat in the same way as they see it on their computers.

The 55% couldn’t be more wrong.

Here’s why …

(more…)

Hacked: What I learned when I was credit hacked …

July 1, 2014

Last year around this time, I told the said story about how some bad guys tried to steal my identity and open up credit cards and car loans in my name.

Bottom line: An ordeal that burned up a bunch of my time and caused plenty of angst … but, no serious damage (that I know of).

A friend just got had his identity hacked.  Somebody filed an IRS 1040 under his name and social security number, hoping to bag a refund check.  Fortunately, the IRS flagged the return as suspicious and didn’t pay-off against the fraudulent return.

 

image

 

Now, as a public service, here’s what I learned that may help you …

(more…)

Hacked: What I learned when I was credit hacked …

August 1, 2013

Yesterday, I told the said story about how some bad guys tried to steal my identity and open up credit cards and car loans in my name.

Bottom line: An ordeal that burned up a bunch of my time and caused plenty of angst … but, no serious damage (that I know of).

 

image

 

Now, as a public service, here’s what I learned that may help you …

(more…)

Hacked: “Criminals huddled over computers all over the world.”

July 30, 2013

This is going to be “hacked” week”

Computer hacker

First, the national story …

(more…)

Cellphones: “Biggest threat to your cybersecurity”

June 27, 2013

We’re not talking NSA tracking, we’re talking ordinary old cyber-criminals intercepting messages, seizing account numbers and passwords, and taking remote control of cell phones.

image

According to Knowledge @ Wharton

By 2015, more Americans are expected to access the Internet through a mobile device than a PC.

And,  45% of surveyed users do not see cybersecurity on their mobile devices as a threat in the same way as they see it on their computers.

The 55% couldn’t be more wrong.

Here’s why …

(more…)


%d bloggers like this: