With the forthcoming holidays, we're heading into the high season for cybercrime and online scams. This is the time of year we avail ourselves to all TDS clients for an annual account review. Here, we can discuss:
Your questions and concerns.
Updated inventory of computers and phones.
Your home's ISP, router, and network status.
An update on email hacks and staying vigilant when at your inbox.
Other topics, like best practices, passwords, and backups.
✓ Please reply to this email or contact us below with somedates and times you are available for a phone appointment.
Microsoft and Proofpoint reported a massive phishing campaign that pumps out emails with links to malicious web pages mimicking the Microsoft 365 login page. The goal is to get your password by way of a reset request.
Estimates by security researchers exceed 50 million such bogus emails.
An example of the bogus email is below:
To avoid being a victim of this massive scam, recall the rules of vigilance when at your inbox:
Consider every email guilty until proven innocent.
When in doubt, delete it out.
Contact TDS with questions or doubts about phishy emails.
✓If you use a Microsoft account and receive an email asking to reset your password, it is likely a scam and should be treated as such (see the three inbox rules above).
Back It Up
TDS is initiating a recommendation for backup software and services with Backblaze. I've been using Backblaze since June and am impressed with its simplicity and usability.
TDS is now an affiliate for Backblaze, and we are compensated when you purchase it from our affiliate link. If you are interested, you can get started here:
✓ If you'd like some help coming up the learning curve with Backblaze, our computer coach, Eric J. is an expert and can get you up and running in an hour.
There’s a $12 Billion Market for Your Phone’s Location Data
47 companies that you likely have never heard of are hawking access to the location history on your mobile phone.- an estimated $12 billion market,
“They operate on the fact that the general public and people in Washington and other regulatory centers aren’t paying attention to what they’re doing.”
Sep. 30th - The Markup
The U.S. govt is secretly ordering Google to provide data on anyone typing in certain search terms, an accidentally unsealed court document shows
"Google complies with invasive "keyword warrants." This puts innocent bystanders at risk."
BTW - DuckDuckGo doesn't have any search histories and, because of that, has had 0 search warrants (of any kind) since its founding in 2008.
Oct. 4th - Forbes
Why You Shouldn't Speak When You Get a Robocall
"In rare cases, they record your voice to impersonate and use against you. More often, when you say yes, it lets the scammer know that your number is active and that you’re willing to answer calls. This allows the scammer to then sell your number to other telemarketers for a higher price."
Oct. 5th - LifeHacker
A Pentagon official said he resigned because US cybersecurity is no match for China, calling it 'kindergarten level'
"I am just tired of continuously chasing support and money to do my job. My office still has no billet and no funding, this year and the next,"
"We have no competing fighting chance against China in fifteen to twenty years," he said.
Oct. 11th - The Insider
Many cybercrime services sell for less than $500
"Dark Web hackers can be hired for specific jobs that aren't packaged as a ready-made service. A single job typically costs around $250
Stolen account credentials sell for as little as 97 cents per 1,000. "
Oct. 13th - TechRepublic
Suspected Ransomware Payments Nearly Doubled This Year, Treasury Says
"Financial firms flagged nearly $600 million in suspected ransomware payments; Treasury investigators identified billions more."
Oct. 15th - Wall St. Journal
FBI, NSA Warn Cybersecurity Experts of Impending BlackMatter Ransomware Attacks
"U.S. federal security bodies have published a joint advisory for cybersecurity experts, warning of the inevitability of a slew of new ransomware attacks from black hat hacking group BlackMatter - itself born from the ashes of the infamous DarkSide group."
Oct. 18th - Tom's Hardware
Google Reveals 5 New ‘High’ Rated Vulnerabilities In Chrome
"Chrome users, all 2.65 billion of you, need to be on high alert (for thethirdtime this month) because Google has confirmed multiple new High-level hacks of the browser."
Oct. 20th - Forbes
I was Hacked and You Can Be Too
"Invasive hacking software sold to countries to fight terrorism is easily abused. Researchers say my phone was hacked twice, probably by Saudi Arabia."
Oct. 24th - The New York Times
Brave Replaces Google With Its Own Search Engine: What This Means for Users
"Brave has replaced Google with its own search engine in its privacy-focused browser. Here, we'll take a look at what this means for users."
Oct. 25th - makeuseof.com
How Facebook Fails 90% of its Users
"Internal documents show the company routinely placing public-relations, profit, and regulatory concerns over user welfare. And if you think it’s bad here, look beyond the U.S."
Oct. 25th - The Atlantic
Nearly all US execs have experienced a cybersecurity threat, but some say there's still no plan
"A new survey suggests the disruption, share price drops, and theft are common consequences of attacks."
Oct. 26th - ZDNet
Russian Hackers Reportedly Hid Behind Americans' Home Networks to Mask Their Cyber Espionage
"Russian military hackers have been waging an ongoing hacking campaign against high-level American targets and have used a special technique to mask their activities: a tool to hide behind addresses associated with everyday Americans’ home and mobile networks."
Note; TDS first observed and reported on Russians in residential networks in April 2018.
Oct. 26th - Gizmodo
Hackers-for-hire identified as largest cybersecurity threat, cryptojacking also popular
"A recent report from a cloud security firm found that certain cybercrime services cost less than $500. Moreover, hackers can be hired to perform specific jobs like credit card scams or identity theft for as low as $250."
Oct. 27th - TechSpot
Microsoft Starts Campaign to Fill 250,000 Cybersecurity Jobs
"‘We face a cybersecurity skills crisis,’ Brad Smith says"
Oct. 28th - Bloomberg
Is my phone listening to me? We ask the expert
"Even the Pentagon is worried because they’ve realized their staff are having their profiles created. And that information is available to everyone: an advertiser or a foreign intelligence agent. We need to have control over who has this information and why. Data protection is a key battleground for human rights."
Oct. 29th - The Guardian
Security researchers say iPhone users who care about privacy should delete the Facebook app
"What's even worst is that security researchers discovered that even if you don't allow the app to gather your data information, Facebook somehow managed to find a way to continue tracking in the latest iOS update. How it was discovered is that Facebook is using the iPhone's accelerometer to constantly monitor your movement."
Oct. 29th - TechNave
Computer Coaching Services by TDS
Want to clean your computer or set up a new one? Learn to use a password manager or backup files? The coaching approach is about learning long-lasting knowledge that increases your satisfaction and security with personal technology.
Total Digital Security
For previous CyberAdvisor Letters:
To view Blog posts:
Total Digital Security, 7777 Glades Rd, Suite 100, Boca Raton, Florida 33434, United States, 877-643-6391