Is Two Factor Authentication a Good Thing to Use?

“TechWorld” has some interesting information, such as a story on a report from the National Institute of Standards and Technology. And while you may not see this as being “fun”, it is at a minimum interesting. I’m here to break it down for you.

two factor authenticationIn this report, the public was advised to stop using two factor authentication. However, other people suggest that this is the very best way to prevent identity theft. So, which is it? Let’s take a look.

When you get a message from someone, you surely want to make sure that they are who they say they are. In fact, many of us rely on tools like Caller ID. However, you might want to stop doing that, as caller ID can be faked. As hackers start using this more, they are finding ways to also fake SMS, too, which means technically, they could be faking two-factor or two step authorization/verification which heavily relies on text messaging. So, it is very important to stay vigilant about protecting your information and being careful about what you respond to via text

Why Authorization is Important

When it comes to the importance of authorization in transactions, it’s imperative that you are confident that you can access your info. We now know that it is very easy for a criminal, if they know what they are doing, to get into your accounts by using your password and username. But just a username and a password isn’t enough.

How Two-Factor Authentication Works

When you choose to use two-factor authentication, after entering your password online, you will receive an SMS, one-time use code, which you then use to fully log into your account. For this to work, the following must occur:

  • You must have a mobile device
  • You must know how to access the device (PIN or biometrics)
  • You must have a username and password to an online account
  • You must have the one-time use code, which will be sent to the device

Unless all four of these things are present, the account cannot be accessed. So, even if a hacker has your username and password, if you have two-factor authentication set up, they would also need your device to access the account. This makes it much more difficult to illegally access an account and helps your account to be much safer.

How Hackers are Being Smarter than Two-Factor Authentication

Though it is more difficult for a hacker to get into your account that has two-factor authentication, it is not impossible. Here are some ways that hackers are able to get around it:

Man in the Middle Attack:

  • The hacker gets access to your username and password
  • The hacker tries to login and is denied because you have two-factor authentication set up.
  • The hacker contacts you via social media, email, or phone with some type of trick to get your one-time code.

Phone Cloning:

  • The hacker will go into a brick and mortar cell phone carrier store and pretend they are you. They get a new phone with your number.

Changing the Number

  • The hacker creates a fake website, and you enter your number into it. They then take your number and change it, and then they keep your original number. This sounds more complicated than it is.

There is a Lot of Confidence About SMS Two-Factor Authentication

When you use SMS two-factor authentication, you don’t’ have to worry or have concern if your password gets into the wrong hands. Remember, the criminal who has your password still needs your one-time code…and unless they have your phone, they can’t access it.

Companies that offer two-factor authentication give their customers more confidence, and there is an increased interest in the company’s products and services because transactions are more secure.

So, should you be nervous about SMS two-factor authentication? No, you don’t need to. You really do have an extra level of protection, but remember, it isn’t totally fool proof. There are still ways that a hacker can access your accounts, though it is quite difficult.

You can have confidence in two things – First, that banks continue to come up with easy and friendly way to keep all of us safe with an alternative to two-factor authentication, and second, that you are already a step ahead of hackers thanks to your new-found knowledge from reading this article.

One simple way to engage and activate two factor authentication for all critical websites is to simply do a Google search for “two factor” and then the name of the site. And example would be “two factor Amazon. ”You’ll definitely find plenty of options to enable to factor authentication on every critical website your visit.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Have You Heard of a “Credit Profile Number?” It’s a Fake Social Security Number

Cyber criminals are always trying to keep one step ahead of the crowd, and now there is another scam that you should be aware of. It’s called “synthetic identity theft,” and it is when a bad guy takes some of a victim’s personal information, and then they make up the rest. These people also will use fake Social Security numbers, which are known as “credit profile numbers,” or CPN.

Thanks to this type of identity theft, however, we can see that our credit system is very vulnerable. Essentially, it tells us that it is very easy to create a credit file by using this information, and once they do, they can get a loan or credit card with the information of their victims.

Of course, this practice is illegal, but cyber criminals don’t care, and there is really no way of distinguishing a fake Social Security number from a real one. Social Security numbers are randomly generated, and it makes it very difficult for a lender to notice when a fake one comes in. Technically, these lenders could contact the Social Security Administration, SSA, but most of them don’t take that step. Why? Because the SSA requires a signature from the owner of the SSN, and lenders are too lazy to do this.

A better idea would be to create a way to allow lenders to check to see if a Social Security number is real, but as of now, without the lender making significant financial investments in additional fraud prevention technologies, this is not a possibility. Lenders do, however, have their own tools for fraud-detection, but these fakes still fall through the cracks way more often than they should.

This practice has also made the job of a fraudster easier because they know that this is a system that is very vulnerable. It’s simply a numbers game, the more synthetic identities or CPNs submitted in applications for credit, the more likely they are to get approved. It is true that most lenders don’t accept credit applications from people who don’t have a credit history, which would be the case of a “credit profile number, but some do, and the more often they try to apply for credit or a loan, the better the odds are that they will be successful. Though the lender probably won’t give the applicant a lot of credit, this number can rise the more often it is used.

If there is one takeaway here, it is that you should be aware of any and all scams that are targeting your finances and identity. Take steps now to keep your personal and private information safe.

At a minimum, get yourself a credit freeze and consider investing in identity protection services. These layers of protection make you a tougher target.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

This is What a Scary Psycho Cyber Stalker Looks Like

Ryan is a stalker. Ryan was arrested on charges of cyberstalking in October 2017 after it was discovered that he was cyberstalking his former roommate, a 24-year old woman, along with her friends, family, and other acquaintances.

cyberstalkingThe victim claims that Ryan was involved in hacking and cyberstalking since April 2016. She says that he began hacking into her accounts and stole her photographs, personal diary entries, and personal information. Once Ryan had this information, she says that he sent it to her friends, family, and acquaintances.

On top of this, the female victim also says that Ryan created online profiles using her name and photos, and then used those accounts, pretending he was her, to find sexual partners. She claims that because of Ryan’s actions, strange men began showing up at her home, as Ryan would give them her address. Ryan also did things like use the victim’s photos and information to threaten others, and even went as far as claiming that she was going “shoot up” a school.

Many people like Ryan believe that they can use the internet anonymously to terrorize others. They also often believe that they are smarter than law enforcement and will get away with these crimes. The Department of Justice has announced that it is focused on not only identifying and arresting stalkers but prosecuting and punishing them for these actions.

Ryan created a huge cyber stalking campaign where he hacked and harassed his victim. This, of course, was terrible for her to go through, but it also used up law enforcement resources, which was totally unnecessary. Too many people see hacking and cyber stalking as a prank or even as harmless, but it is far from it. It is very scary, and it causes the victims to become very frightened. No one should feel unsafe in their school, home, or workplace, yet Ryan made sure that people did, especially his victim. It is the hope of law enforcement that Ryan’s arrest will stop others from doing similar things. But it won’t.

Protect Yourself:

  • Do background checks on roommates. Although this may not find anything
  • Get references. Just like shopping on eBay or Amazon, check the “reviews”
  • Cover your tracks online by using various privacy and security software
  • Password protect all your devices
  • Install a Home Security system
  • Take self defense
  • Consider firearm training if you face a significant threat
  • Get a protection dog
  • If you can afford it get a body guard
  • Freeze your credit and get identity theft protection. Even though this doesn’t stop a stalker, it makes the victim and less appealing target.

Though Ryan was arrested in the state of Massachusetts, cybercrimes like hacking and cyber stalking fall under the jurisdiction of the federal government. All sentences are giving by a federal district court judge, and the sentences are based on both federal sentencing guidelines and other important factors.

Ryan is in jail. He was sentenced to 210 months, over 17 years in prison and five years of supervised release, after pleading guilty in April 2018 to seven counts of cyberstalking, five counts of distribution of child pornography, nine counts of making hoax bomb threats, three counts of computer fraud and abuse and one count of aggravated identity theft.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Boom! 14 Different Disasters Caused by Social Media

There are a number of ways that you or your small business could get caught up in a disaster on social media. Can you think of any? If not, that’s cool. Here are 14 that could be dangerous:social media

  1. A Horrific Reputation Online – Do you watch your company’s Facebook page? Do people post to it? Are you staff members posting? Even things that seem lighthearted at first, they could easily be taken in the wrong way by others.
  2. Racy Text or Images – If you or your employees are sharing racy text or images on their own social media pages, it could affect your business and your life. Though you cannot control what others are posting, you can absolutely educate them on how to use social media in an intelligent way. Generally, these things happen simply because of ignorance, but even something seemingly innocent could give your company or yourself a bad name.
  3. Fakers – You might not realize it, but there could be someone out there posing as your company or yourself. So, make sure to scope out the internet to see if anyone is using your company name or logo. There could even be fake websites out there. You can set up a Google Alert to notify you if your business name or personal name appears on the internet.
  4. Financial ID Theft – Though it might seem safe to post a picture of your new puppy on your company’s website, it could lead to a stolen identity. How? Well, if you post the photo, you will probably put the puppy’s name on it. A lot of people use the names of their pets as passwords or as answers to online security questions. Now, a scammer has one more piece of the puzzle that they can use to hack into your accounts.
  5. Photo GPS – When you post a photo to your social media account, make sure that the GPS is turned off. This way, a criminal cannot use it to locate you nor your employees. GPS is great, but it can also be dangerous.
  6. Vacations – Remind your staff about the dangers that can come when they post vacation information on their social media accounts. A burglar can easily use this information to find homes to break into. If they know, for example, that Sally in HR is on vacation, they know that she is not home, and now her house is a target.
  7. Corporate Snooping – There is also the possibility that a corporate snoop could set up a Facebook account, pose as a staff-member of a well-known company, and then pull in your real staff into a fake Facebook group. Then, they can feel free to talk about sensitive information that the criminal could then steal.
  8. Sex Offenders – Always know who you are chatting to online. Additionally, make sure to tell your kids or staff or staffs kids to be careful about talking with anyone new. This person could be a sex offender.
  9. Badmouthing – At some point, there will be a former or current employee who is disgruntled. They might feel like they were not terminated justly, or they might not like that they were passed over for a promotion. These are people who might try to get revenge by posting negative posts on your company social media pages.
  10. Bullying – Additionally, you might find that someone on your staff is a bully. Are they posting these types of bully messages on your social media? This could be bad for your business.
  11. Government Spying – Though it might sound crazy, there are instances where law enforcement agents can use social media to learn more about suspects in crimes.
  12. Fake Websites – You might also find that someone is setting up a fake website, and then pretending to be from your company. When a customer goes to your site, they could be giving them information about themselves, including their email address, account numbers, and phone numbers.
  13. Taking Over Accounts – Do you remember when the Associated Press and 60 Minutes had their Twitter accounts hacked? The AP account tweeted that President Obama was attacked. In response, the stock market tanked within minutes, causing people to lose millions of dollars because of a fake tweet.
  14. Liability – You can use the privacy settings on Facebook to hide certain posts, but that doesn’t mean they cannot be used in a future legal case. In fact, studies show that Facebook posts are used as evidence in 1 out of 5 cases of divorce.

What should you takeaway here? It is that there is no such thing as a social media account that it totally private. Someone who has bad intentions or even a post that isn’t meant to be malicious could ruin your or your company’s reputation.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.