You’ve been hacked

How did this happen

I received an email the other day stating I had visited a porn site and that everything was recorded that I had looked at.  If I did not pay $500 in bitcoin, this information would be made public on the internet.   It even included my email address and an old password, with the remarks “Now do I have your attention”.  The only problem was, I don’t look at porn sites.   But how did they get my email address and password?

The number one answer is a data breach.  My email, name, and password were stolen from a retail website that I had purchased something from. To see for yourself, visit https://monitor.firefox.com and enter your email address.  I am 99% certain your information will be found in some kind of data theft (be sure to try multiple email addresses you use to make online purchases with).

With this information, hackers will now use this data (email address and password) by using a password tester/cracker that tests thousands of sites per minute including Gmail, Amazon, eBay, and many other popular sites.  Even if you have multiple email addresses, hackers know that you use the same password for all of them.  Not to mention your password is probably easy to guess.  My old password could have been cracked in 4 days and I thought it was a secure password.  Test your current password to see how long it would take to crack by visiting https://howsecureismypassword.net. You may be amazed at how quickly someone could guess your password.   (This is a secure site, and no data is saved. )

Consider these identity theft statistics:

  • In 2017, 6.64 percent of consumers became victims of identity fraud — that’s about 1 in 15 people
  • Overall, 33 percent of U.S. adults have experienced identity theft, which is more than twice the global average
  • One in five victims of identity theft have experienced it more than once
  • Over 1 million children in the U.S. were victims of identity theft in 2017, costing families $540 million in out-of-pocket expenses
  • There’s a new victim of identity theft every 2 seconds
  • Identity theft is one of the most common consequences of data breaches, and exposed consumer records jumped 126 percent in 2018
  • Emotional distress is reported by 77.3 percent of identity theft victims

In other words, if your chances of winning the lottery were 1 in 15,  like the odds of being an ID theft victim, we’d all have family, friends, and colleagues who are millionaires.

What can you do

  • Protect all of the accounts of the websites you log in to by NOT using the same password.   A person has an average of 12 accounts for things like Amazon, Paypal etc… and the username and passwords to these 12 accounts are 83% of the time the same.
    I highly recommend using a password manager like LastPass (https://www.lastpass.com) to keep track of your username and passwords.  It works on desktop and mobile devices, and I have found this to be the best password manager for myself and my family.

    • It keeps track of all the username and password to all of your accounts
    • Easy authentication with autofill for desktop and mobile
    • Automatically saves new account login credentials
    • Creates 30 characters randomly generated passwords
    • Makes sure that no single account uses the same password.
    • Share folders of accounts with other family members (Sling TV, WiFi passwords etc..)
    •  I also highly recommend using the LastPass Authenticator app to secure your LastPass account.
  • Change your password every 3 months.   Easy to do using LastPass.  This way, any data that sits around more than 3 months consists of old passwords.
  • Protect your Gmail account using 2-Step Verification.  Why Gmail, because this is the email address most commonly used to make financial transactions (purchase something).
    • Turn on 2-Step Verification
      2-Step Verification helps prevent a hacker from getting into your account, even if they steal your password. To avoid common phishing techniques associated with text message codes, choose a stronger second verification step
    • I highly recommend Google Prompts (More secure than text message codes)
  • Signup for Firefox monitoring and enter all of the email addresses you and your family use.  Firefox will notify you in the event they find your email address in a data breach.  Somehow they seem to be way ahead of the game when it comes to monitoring stolen data.

When it comes to paying for credit monitoring services, it depends on yourself and your family and what you are wanting to pay for.  And yes, include all of your kids in this monitoring service.    Here is a link to “The 7 Best Credit Monitoring Services of 2020“.

 

 

 

VeChain is the future

VeChain

Recently, I have been researching a new blockchain called VeChain, which I believe will solve many common issues that surround supply chain management.   VeChain is the first blockchain that has embraced a practical solution for keeping a secured ledger for things like parts in cars, the shipment of fruits and quite possibly the ledger for trade and balance on a world platform.   VeChain creates a stronger trust system for shipping, receiving, and warehousing.  If you are into commerce and data, then you need to understand VeChain as there is no doubt this blockchain technology is going to play a pivotal role in commerce in the very near future.

So what is VeChain?
VeChain is an up-and-coming blockchain that currently exists as an ERC20 smart contract on Ethereum. VeChain plans to be a partially centralized blockchain that uses a “proof-of-authority” system whereby the VeChain Foundation gets to choose who the blockchain’s block producers – all 101 of them – will be. Smart contracts will be supported via the Ethereum Virtual Machine (EVM). VeChain will also have a unique dual asset economic system with VET and Thor Power. On a high level, VET is used to generate Thor Power, and Thor Power acts as a stable coin that pays for blockchain operations.

VeChain is a leading enterprise-focused dApp/ICO platform for products, services, and data. It aims to connect blockchain technology to real use cases by providing a robust infrastructure for data management and IoT solutions, removing issues with counterfeiting, data fraud, data manipulation, assurance practices, and business barriers such as financial services and 3rd party trust. VeChain is designed from the ground up to secure data entry methods and remove the borders between businesses, financial services, and data security.

VeChain currently operates out of seven offices located in Shanghai, Singapore, Paris, Luxembourg, Palo Alto, Tokyo, and Hong Kong, with an international team of over 100 staff members including over 50 professional blockchain application developers. Please visit www.vechain.org for more information.

In the next few months, I will be posting more articles about VeChain technology and the opportunities that exist for creating a blockchain startup company.

 

Why are we allowing this to happen?

A few weeks ago I was instructed to look into a phishing website that was stealing personal information and credit card information of suspected customers.  You think you are ordering something and expect to have it delivered in a few days but what really happened was, there are no products being delivered and your credit card and personal information have just been stolen!  Most likely for creating new accounts under your name.    I have investigated many phishing and fake websites before but this one caught my eye because it was perfect, I mean it was one of the best phishing websites I have ever seen.

I provide technology consulting services for a company which manufactures holiday and seasonal products.  The customer demographics are primarily women between the age of 32 and 65.   Some of the products manufactured are actually collector items and can be resold for thousands of dollars.   So when I started investigating this phishing website, the products that were shown which people could purchase, were 50% off and highly collectible.  Not to mention the graphics and layout of the website looked extremely professional.  Even had an SSL Certificate.  Cheese for a hungry mouse!

So what do you do in a case like this?  File a DMCA? Report it to the FBI and FTC?
Because the website was using the manufactures logo and images which they clearly did not have the authorization to do,  I filed a DMCA copyright violation with Godaddy.  However, after many attempts with emails and phone calls, I never received a reply email nor could I even open a ticket with them to have someone call me back.

As for the FBI and the FTC, they are just as bad.  I submitted many requests about this website and never heard back, knowing every day they are stealing hundreds of identities and credit card numbers.  Guess they have bigger things to investigate.

Go after the hosting company some said?
My next approach was to contact the hosting company because one would think if you notified the right person or company about this fraud they would turn it off ASAP.  Not even close!!   The hosting company sits behind a company called CloudFlare.com, and CloudFlare.com is a  proxy / caching services for websites.  I  contacted CloudFlare.com to inform them that this website engaging and conducting online fraud using their services.  Cloud Flares response, “Sorry, but we do not police the content of our customers.  Please contacting the hosting provider to have them turned off. ”  The email they provided for the hosting provider was 123TakefromMe@hotmail.com.    Needless to say, they did not return my email.
The real problem is, as soon as I get the website turned off, it’s back up under a different domain name and hosting provider usually within an hour.

So how do you get a fake phishing website turned off?
Well, you would think that CloudFlare,  a company located in the U.S, would help protect people with identity and credit card fraud, but think again.   This company and CEO Matthew Prince know exactly what is going on, and they will not do a thing about it.   They really don’t care because they are making millions from sites like this.  Why would they want to turn away any customers?  Even if the customer is from North Korea, which is where this phishing website originates from and is where your stolen identity is going.  I am pretty sure there are hundreds if not thousands of these websites being hosted at CloudFlare and at another proxy/ caching service companies.

So, in the end, there is not much you can do to stop a fake phishing website like this.  The best thing for my customer to do was to put up a social media post notifying all of their customers/collectors not to purchase from this website. 

Companies like Cloud Flare that allow these fake phishing websites are just pushing people to sites like Amazon and Walmart.   Eventually, these large enterprise websites will be the only place where people feel safe to purchase from.    But in the end, we are just doing it to ourselves.  It is only a matter of time before cybersecurity is a ticket for a presidential hopeful. 

My Awakening.

With a 15-year-old son and 13-year-old daughter, I am smack dab in the middle of trying to figure out how to raise two kids in a world of technology.   I was amazed the other day when I logged into my router and noticed there were 47 wireless devices connected.  At first, I thought a few of my neighbors and their friends had connected into our router, but after looking at each device, I realized just how electronically connected my family was.  From TV’s and phones to tablets, watches and a few desktop computers, it hit me hard. If there was ever an awaking, this was mine.   I shall call this

          “My Awakening”.

Now I am no doctor nor a parental physiologist, but I do know from experience that these electronic devices have shaped me and my kids into something I am concerned with. I want my kids to be educated with electronic devices but I do not want them to become desensitized from reality. I want my kids to be a part of this electronic revolution, I just don’t want to see them die from it. Having a wife who works at Sony and specifically on the Sony PlayStation, I know it is not going away nor is it going to get any easier. But I do know I can do something about it and thus, I am.

My Awakening is to help parents find the rights tools to assist them in bringing up their teenage kids in a world of technology.   Yes, I found some great apps that limit the amount of time on an electronic device, however, some would call this bad parenting and in some ways, I agree.  There are many books to read about technology parenting and I will continue to post these on my blog.   Thanks to my good friend Rob, I am currently reading Queen Bees and Wannabes for my daughter, and Masterminds & Wingmen for my son.  Both books are written by Rosalind Wiseman and so far have really struck home.

Over the next several months I will be posting what I have learned from counselors and friends and the research I have done on my own.  My goal here is to really share the knowledge I am about to find.  However, I think my ultimate goal is to eventually start a new business that does just what I am looking for:   Providing the right tools to assist parents in bringing up their teenage kids in a world of technology.

So for now, I am going to kick off my awakening by re-sharing these two pages of house rules (shown below) on my refrigerator door and wait for my kid’s response and feedback, which is going to be awesome I assure you.   In the meantime, please start by reading this page called Cognitive Development in Adolescence from the University of Rochester Medical Center.    Cognitive development means the growth of a child’s ability to think and reason.    You first have to understand your child’s ability to “think and reason” before you can help a child.

Stay tuned.