Robert Siciliano Identity Theft Expert
Google disclosed that it had been breached by Chinese hackers, who were apparently targeting Chinese dissidents:
“The cyber-assault came to light on Tuesday when Google disclosed to the public that the Gmail Web service was targeted in a highly-organized attack in late December. Google said that the intrusion attempt originated from China and was executed with the goal of obtaining information about political dissidents, but the company declined to speculate about the identity of the perpetrator.”
McAfee found evidence that the attack exploited a vulnerability in Internet Explorer. Google Enterprise president Dave Girouard blogged to inform Google App clients their data was safe: “This incident was particularly notable for its high degree of sophistication. This attack may understandably raise some questions.” Girouad stated, “We believe our customer cloud-based data remains secure.”
The most successful techniques of Chinese hackers involve phishing and social engineering. These hackers determine their targets, then send a “spear phish,” or targeted email, to a specific employee, in which they pose as a coworker or a vendor. Once the target clicks a link, a remote control or malicious software is automatically downloaded. On a broader scale, hackers may send a blast to everyone in the company and ultimately hook a few employees, giving them access to company accounts.
The recent Google attack indicates that criminal hackers with financial incentives aren’t necessarily the only ones attempting to penetrate your networks. There is a strong possibility that hacking is being sponsored by foreign governments with a much bigger agenda.
- Never click on links in the body of an email. NEVER!
- Always be suspect of any external or internal communications. You could be a target of a phish.
- Before you go divulging usernames and passwords to anyone in response to an email, pick up the phone to verify the need
- Make sure your PC is fully and automatically updated with its critical security patches.
- Anti-virus must be run automatically and fully up to date.
- Its not enough to just run anti-virus. Run a program that immunizes your PC against keyloggers
- Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
- Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)
Robert Siciliano Identity Theft Speaker discussing being an imposter and social engineering invasions on the Montel Williams Show
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- email Addresses Hacked via a Botnet or Phished?
Robert Siciliano Identity Theft Expert Recently Microsoft, Yahoo, Google, Comcast and Earthlink announced thousands of email addresses and their passwords were phished by identity thieves and posted in an online forum. One report suggests the emails phished could be up to a million victims. Researchers parsed the hacked passwords and broke them down into categories based on
- Up to 1 Million email Accounts Phished for Identity Theft
Robert Siciliano Identity Theft Expert Hotmail, Earthlink, Google, Yahoo, Comcast and other web-based email users have been giving up al their login details to phishers and current estimates are as many as 1 million accounts may have been compromised. News of the scam broke when technology blog neowin.net reported an anonymous user had published confidential details on pastebin.com.
- Targeted Injection Attacks on the Rise
Robert Siciliano Identity Theft Expert In the latter half of 2009, criminal hackers went from mass SQL injection campaigns to targeted attacks. SQL is abbreviation of Structured Query Language. Pronounced ”Ess Que El” or ”Sequel”. The attackers shift in strategy focused on targeting high-profile websites, concluded Websense’s State of Internet Security report for the third and fourth quarter of
- Women Proved “Securest” in the Defcon Social Engineering Game
In a recent post (Hackers Play “Social Engineering Capture The Flag” At Defcon), I pointed to a game in which contestants used the telephone to convince company employees to voluntarily cough up information they probably shouldn’t have. Of 135 “targets” of the social engineering “game,” 130 blurted out too much information. All five holdouts were women
- Social Media A Big Risk To Banks
For more than a decade criminals have been attacking online banking successfully by one upping security professionals their and clients by creating viruses to bypass existing security measures. In response security companies offer new technologies to fight new threats and federal regulators have continually updated their compliance rules in response to existing vulnerabilities. However one variable that
Leave a Comment
You must be logged in to post a comment.