Con Watch: Protecting Yourself from Iran War Cyberattacks

Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.

While the war in Iran may seem far away, you are at risk for cyberattacks by Iran, Iranian affiliated organizations such as Hezbollah, and even conventional scammers seeking to take advantage of the situation.

Iran has already shown the ability to perpetrate cyberattacks in the past, such as in 2012 when Iranian hackers used DDoS attacks against 46 major banks and financial institutions including the New York Stock Exchange. In a Distributed Denial of Service (DDoS) attack bots flood targeted sites with so much traffic that the sites become overwhelmed and nonoperational. In 2022, Iranians hacked into the computer networks of small businesses, government agencies, healthcare centers, and utilities.

In addition to the threat posed by Iranian and Iranian-affiliated hackers, ordinary scammers will try to take advantage of the war to send emails and text messages intended to lure you into clicking on infected links or provide sensitive personal information.

Here are some steps to help protect yourself from possible cyberattacks.

In the past, Iranian hackers have exploited computers, routers, phones, and Internet of Things devices that have not installed the latest security patches and updates. Be sure to set up your phone, computer operating system, and any software to receive automatic updates.

Your router is another vulnerable attack point. It’s the critical networking device that transfers data between your computer and the Internet.  Last May, the FBI issued a warning about 13 outdated, end-of-life routers, particularly routers manufactured before 2010 that are no longer supported by their manufacturers with software updates and patches to fix vulnerabilities.  Cybercriminals exploit the lack of security of these routers to gain access to your computers and other devices. If your router is one of these outdated routers, you should replace it.

Disable remote management settings on your router and make sure you are using a strong password as well as encryption. Many people fail to change their router’s default password, rendering it extremely vulnerable to a cyberattack. Configure network firewalls to block traffic from unauthorized IP addresses and disable port forwarding.

Use strong, unique passwords for each of your accounts.  Doing so will keep your important accounts more secure if there is a data breach at any of your other accounts. A password manager is a good choice for many people.

However, if you don’t want to use a password manager, there is a way to strong, unique, complex passwords for each of your accounts that are easy to remember: Start with a strong base password constructed from a phrase, such as IDon’tLikePasswords that has capital and lowercase letters; then add a few symbols at the end so it may read IDon’tLikePasswords!!!. Then adapt it with a few letters for each particular account. For instance, your Amazon password could be IDon’tLikePasswords!!!AMA.

Security.org has a great tool that will tell you how long it would take for a hacker to crack where your password.  According to them, it would take 2 septillion years to crack my base password.

Regardless of how good you are at creating a strong password and keeping it private, passwords will inevitably be compromised through data breaches, which is why you should also to use dual factor authentication on all your accounts.

Be particularly wary of any social media posts, emails, text messages, or phone calls related to the war that ask you to click on links, download attachments, provide personal information, or make a contribution.  Scammers can insert harmful malware in such communications.

Backup your important data such as health care records and bank account records in the cloud and on a portable hard drive to protect you from DDoS attacks that may temporarily shut down your bank or health care provider’s online presence.

Monitor your online accounts and your credit reports regularly.  Monitoring your credit report can be done for free as often as every week through AnnualCreditReport.com. This is the only website to use to monitor your credit reports for free. Scammers set up phony free credit report sites that may have hidden charges or steal your information.

Finally, freeze your credit at each of the three credit reporting agencies, which will protect your credit from being accessed by identity thieves.

• https://www.equifax.com/personal/credit-report-services/credit-freeze/
• https://www.transunion.com/credit-freeze
• https://www.experian.com/freeze/center.html