Cyber Extortion
How often do you use your email? Your Twitter / Facebook / other social media accounts? Your cloud apps? What would you do if you lost it all? What is recovering it worth to you?
When we have something of value, it becomes a target. And, the more we entwine our lives with technology, the more valuable those 1s and 0s become to us.
Though cyber extortion is not new, it is interesting how common it is becoming.
The latest attempt I recently read involved the loss of the @N twitter handle, which was facilitated by both PayPal and GoDaddy.
Then there is the case of Hunter Moore who was arrested and indicted by the FBI for his involvement in hacking private email accounts to gain access to explicit pictures that were meant for private use only. While this was not exactly extortion, it was a method of hacking and stealing of personal digital property that was used to shame and make money off of unsuspecting people.
Last year the story making the rounds was about Cryptolocker hijacking people’s data and then requiring money to unlock it and regain access to it.
Then there was of course the great Facebook, Gmail, Twitter hack I wrote about in December.
This is by no means an exhaustive list, rather just one to show the different ways your data can be used against you.
What does this all mean for you? It should heighten your awareness of cyber security and the very real threats that exist out there today. How do we mitigate these threats? We do what we can to protect our data. Following is a simple list of steps you can take immediately to avoid becoming a victim.
- Back up your data
- Use 2-Factor Authentication
- Hide Sensitive Information
- Be Wary of Strangers
- Be Careful Online
This means not only data you physically have access to like your financial documents, family photos/videos, or your music – but also your online presence. Many social networks let you download the entire contents of your user profile. You should also consider redundant backup options such as physical backups and off site backups. Just remember to make sure both are secure.
Facebook, Gmail, Twitter, Paypal and more utilize 2-factor authentication. My first introduction to this was using an authenticator for my World of Warcraft account, which I opted for as soon as they were made available. I still use 2-factor on that account today. This Life Hacker article has a great rundown of all the places you should enable it. Do it now!
While sites may require you to provide a birthday or email address, the also usually give you the ability to keep this information private. Those who need to know the year you were born or your private email address already have that information or can ask for it. There is no need for it to be out in the open for everyone to see. Also, don’t let sites save your credit card information. While it is an added convenience, as the case of @N above demonstrates, it can be used against you. Other advice he offered in his article was to call your institutions and require them to NOT share any of your personal information over the phone. That means birth dates, names, or partial information like last 4 of social or credit cards.
This may sound odd as the whole allure of the internet is connecting with strangers. However, if you don’t know someone, you should be very cautious about letting them into any social network circle where they can find out more information about you as this can be used against you.
Don’t click on anything you can’t easily identify. Don’t submit information to sites you are not familiar with. Don’t trust things just because they come from people you know. Don’t download things to your computer without some sort of software protection installed.
In summary, treat your digital property much like you would treat your physical property. Follow the Hide Lock Take philosophy. It works for both your email and your car.