Prepare Your Digital Life Before You Die

/in /by

In life as in business, we need to have contingency plans. That means backing up our back up and that means having a plan for when we expire. Nobody really wants to deal with that expire part. Nobody wants to address the fact that the clock is ticking. But you need to.

Prepare Your Digital Life Before You DieBeing in the business of security awareness training, and having a relatively accessible (and some might say – high) online profile. I am contacted by a lot of people facing a number of different issues. Lots are victims of various crimes, both in the physical and virtual world, such as victims of stalking, or they claim their devices are being spied on, (often I think they might be legit paranoid), or they’ve lost money in some type of a scam, you name it. Sometimes I function as a “victims advocate” and I do have a soft spot for those in a bind.

However, there are a number of situations where I am simply not in a position to help. I may not have the resources, for example I can’t (nobody can) call Facebook and get your hacked account back, and I am not a boots on the ground detective in a position to intervene in whatever wire fraud loss you may be dealing with.

What I often do, is provide perspective, like, for example, if they were notified of a data breach, and their credit card is involved, they call me freaking out, and I tell them that doesn’t necessarily mean their identity is at risk because credit card fraud is not the same thing as your Social Security number in the hands of criminals and so on.

Sometimes people just need a little “talking off the ledge” and engage with an expert to feel better about their situation. And then there are situations that come up, like the unexpected death of a loved one. To me, those are often the worst. That’s because I am empathetic to someone’s real pain and problems, but I’m not fully equipped to help. But like most plugged-in people, I do have some pretty good connections.

That brings me to Bob Young of FIFO Networks. Bob was introduced to me by my vCISO Mike. Bob is a guy who has a skill set that very few have, and he has a bedside manner that makes him perfect for his job. He is a super nice guy. Bob specializes in a number of technology disciplines, but what he’s really good at is getting access to digital devices that few can get access to. So, for example, if your loved one dies, Bob has a good chance of getting in their phone or computer or accounts. Frankly, I hope that you never ever have to meet Bob.

One word for a guy like Bob might be a “hacker”. And while to some, this word might be offensive, there are all kinds of hackers out there. There are good hackers known as “white hats” and there are bad hackers, known as “black hats”, these terms come from the old spaghetti westerns. Bob is definitely one of the good guys.

Below is a discussion between Bob and I and a little bit about what he does, and what you should be doing now to prepare for the inevitable. Yes, inevitable. You are going to die. Me too. It’s coming.

Robert (Me): Thank you for joining me today. Can you share a story or two about what it looks like when someone comes to you to assist in digital recovery after someone’s passing?

Bob: Certainly. Recently a grieving brother called me to access his deceased brother’s computer. The brother mentioned significant investments and a missing will, hoping the computer held clues.

Robert: What are the primary goals in digital recovery after someone dies?

Bob: There are two main goals: data recovery and account recovery. While these goals overlap, they’re distinct. Data recovery involves retrieving information, while account recovery focuses on gaining access to accounts, often requiring passwords and recovery keys.

Robert: In our discussion, you mentioned various encryption methods. Could you elaborate on how encryption impacts the recovery process?

Bob: Absolutely. Encryption, like BitLocker or FileVault, adds complexity. For example, recovering data from a Windows computer with BitLocker may require accessing the Microsoft account for the recovery key. Physical security keys or a Yubikey can be game-changers, but they’re rare.

Robert: Two-Factor Authentication (2FA) and Multi-Factor Authentication (MFA) play a significant role. How do these impact the recovery process?

Bob: 2FA and MFA add an extra layer of security, often involving codes sent via text or authenticator apps. Accessing the deceased’s phone becomes crucial for unlocking accounts requiring 2FA/MFA.

Robert: Unlocking devices seems central to the process. Where do you usually start, with the phone or the computer?

Bob: It’s somewhat circular. While unlocking the computer might grant access to significant accounts, you often need the phone for 2FA. I typically start with the phone, ensuring its accessibility.

Robert: Unlocking a deceased person’s phone appears challenging. How do you approach this?

Bob: While biometric authentication is common, knowing the PIN or pattern code is usually sufficient. In case family members don’t have this information, alternate methods exist to bypass biometric authentication using a PIN.

Robert: What if the computer is locked? What steps do you take to unlock it?

Bob: Unlocking methods vary, but it’s best to start by asking relatives or friends for the password. Failing that, searching for written records or changing the unknown password can be attempted. Password-cracking tools and password removal are more complex options.

Robert: Can you share a specific case, like Ron’s, where you successfully recovered critical information?

Bob: In Ron’s case, finding a will and stock market investments was a priority. After searching Ron’s office, I used professional tools to change the computer password. No encryption hurdles meant swift access to essential information, including the will stored on the computer and a backup in county records.

Robert: What advice do you have for individuals to prepare for digital recovery after their passing?

Bob: Preparation is key. Maintain a well-organized offline list of passwords, use a password manager, grant access to your phone, document financial accounts, file your will with county records, and ensure your trusted person knows about any physical security keys.

Robert: Lastly, you mentioned legal considerations. How do you navigate the legal aspects of account and data recovery?

Bob: Legalities are crucial. I comply with government laws and often require proof of relationships. However, online account providers may have their own procedures, emphasizing the importance of proactive steps like setting up Legacy Contacts on platforms such as Facebook.

Robert: Thank you for providing insights into this intricate process. If our readers have further questions, they can contact you at your website, correct?

Bob: Yes, that’s correct. If anyone needs more information, they can reach out to me at fifonetworks.com/contact-us.

Thank you Bob. And to my loyal readers, like I said, as much as I like Bob, I hope you never have to meet him. Meanwhile, to summarize, here are some action items, things that you can, and should do now to prepare for your demise.

  1. Maintain a Password List: Keep a complete, well-organized, offline list of all passwords, including those for computers, online accounts, and other devices.
  2. Use a Password Manager: Simplify the process by using a password manager. Have written records of two passwords: the master password for the password manager and the computer login password.
  3. Grant Access to Your Phone: Ensure that your trusted person knows the PIN or pattern code for your phone. Consider including this information in your password list.
  4. Financial Accounts List: Keep an updated list of all financial accounts, including banks, investments, and other relevant details that your trusted person might need.
  5. File Your Will: File a copy of your will with the County Records office. This ensures a legal and easily retrievable document for your family.
  6. Physical Security Key: If you use a physical security key, like a Yubikey, make sure your trusted person knows about it, what it looks like, and where to find it.
  7. Set Up Legacy Contacts: On platforms like Facebook, set up a Legacy Contact to manage your page after you die. This proactive step facilitates smoother access for your family.
  8. Emergency Information: Consider creating a sealed envelope or a digital document containing essential information about your digital assets and how to access them. Ensure your trusted person knows where to find this.
  9. Online Account Provider Procedures: Familiarize yourself with procedures offered by online account providers. Some platforms have features like Legacy Contacts that you can set up in advance.
  10. Communication: Lastly, communicate your wishes regarding digital assets to your trusted person. Let them know your preferences and where to find critical information in case of your passing.

Taking these proactive steps ensures a smoother transition for your family members when dealing with your digital afterlife.

Spammy Scammy Text Messages: Fake Accounts on the Rise as Scammers Use Phone Farms

/in /by

Every single time I get on a stage and present a security awareness training program, someone desperately asks me how to stop all the scammy text messages. My response is the same for everybody; You can’t. What you can do is play the Whac-a-Mole game and continually mark them as spam and block them. That’s it. It’s just an annoyance, like mosquitoes.

Spammy Scammy Text Messages: Fake Accounts on the Rise as Scammers Use Phone FarmsThere are a few things that you can, and should do… straight from Apple:

Block messages from a specific person or phone number on an iPhone

When you block a specific contact or phone number, messages from that person or number aren’t delivered. (The person sending the message doesn’t know that their message was blocked.)

1.    Open the Messages app on your iPhone.

2.    In a Messages conversation, tap the name or number at the top of the conversation.

3.    Tap Info, scroll down, then tap Block this Caller.

Most of us are receiving spammy scammy text messages on a regular basis. These text messages pose as somebody who we are supposed to know who lost their phone or someone who supposedly is our friend asking us out to lunch or some other request designed to engage us in a conversation.

The texts themselves serve a few different purposes for the scammers. The impetus for all of them is some form of fraud. This will include a romance scam where they engage you and eventually it leads to a crypto scam, called “pig butchering”. Weird name, but very lucrative for the bad guys.

Another is so they can create Google Voice accounts and compromise your Gmail and Google account. In this scam, the scammer approaches sellers on Facebook Marketplace and pretends to be interested in something you’re selling. They ask for your phone number to discuss the purchase. Then scammer uses the victim’s phone number to create or take over a Google Voice account by convincing you to fork over any form of two factor authentication alert you might receive on your device during the transaction.

Many of the scams involved compromising your phone number so they can be used for verification on various websites.

The verification stage required for opening new online accounts is usually the one thing internet users dread the most. It can be a pain in the neck, and most people would rather forget the process altogether.

However, the reason why many sites force their users to verify their identity is to safeguard their details and for the safety of all legitimate account holders on their platform. Despite these efforts, it seems scammers have found a way to bypass the security measures that have been put in place.

There are services, such as 5Sim, that allow users to rent a phone number specifically for use in the SMS verification process. What’s worse is that these fraudulent phone numbers are available for just a few pennies!

Sites, such as Instagram, Amazon, and Discord, use SMS verification to prevent people from creating bogus accounts which are difficult to trace. How it works is that, when a user tries to open a new account, an SMS will be sent to their phone number and they have to verify that they have received it before being allowed to continue.

This simple but effective method has worked quite well for a long time now. That is until scammers found a way around it, using large-scale, automated services, such as 5Sim, that lease out phone numbers.

In a post shared via its website, 5Sim said that users who do not want to use their personal numbers for SMS verification when registering an account can use a phone number from 5Sim. 

They said all that is needed is an internet connection, which means the process works even without a SIM card placed inside the phone. Users can even select a phone number from any part of the world.

In another interview on VICE, an employee of another website, Discord, said they were also aware of the existence of companies, such as 5Sim. The spokesperson went on to say that they try to block such accounts whenever they identify them.

Discord, like many other sites, requires a valid phone number for SMS verification, instead of VoIP numbers. This is probably an attempt to reduce the incidents of fake accounts. However, according to 5Sim, they provide users with ordinary numbers.

5Sim did say that its customers are not allowed to use their phone numbers for any illegal activity, or any actions that might cause harm to third parties or to the service. AhmOkYaAllRightyThen!

It is not clear how far 5Sim goes in ensuring that its customers adhere to these regulations, or whether it does indeed impose the restrictions on accounts in cases where fraudulent activities are suspected. In the meantime, though, scammers have a guaranteed way to bypass a lot of very important safety precautions.

For you, just knowing what’s happening in the background, understanding of the various scams, knowing there are a few things that can be done in addition to the game of whack-a-mole. The key here is to keep paying attention. Don’t let anyone CONvince you otherwise.