Con Watch: 5 Best Practices to Prevent Getting Hacked on Social Media

Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.

The recent hacking of the Twitter accounts of many prominent people including Joe Biden, Bill Gates, Elon Musk, Warren Buffet, Jeff Bezos, and Mike Bloomberg highlighted how vulnerable all of us are when using social media. The hacking of your social media accounts can be leveraged by sophisticated criminals to make you a victim of identity theft or to steal your assets. However, there are simple steps you can take to avoid being hacked. Here are five best practices that we all should follow to protect ourselves.

1. Use Strong Passwords

Having a strong and unique password for each of your social media accounts can go a long way toward protecting your security. Unfortunately, too many people use the same password for all of their accounts. This makes you particularly vulnerable to being hacked because in the event of a data breach at one of your online accounts, the hackers now have the password for all of your accounts, which puts you in great jeopardy. (I’ll have Identity Theft for $500, Alex).

Consider using a password manager, which is an app you can use that will create complex passwords for each of your online accounts. All you have to do is remember the one password to your password manager. Some people are concerned that even a password manager can be hacked. While this has not occurred yet, it is a reasonable concern. A good way to generate your own complex passwords for each of your accounts that are easily remembered is to start with a base password, such as IDon’tLikePasswords. This is a good base password that has capital letters, small letters and a symbol. Now make it even stronger by adding a few symbols such as !!! to make your base password IDon’tLikePasswords!!!. This base password can easily be customized for each of your accounts with a few added letters. So, for instance, your Amazon password could be IDon’t LikePasswords!!!Ama. This is an easy way to create complex, unique and easy to remember passwords for each of your accounts.

2. Provide Fake Answers to Security Questions

A security question is an important element of protecting you from being hacked. Unfortunately, enterprising hackers have managed to change the passwords of their targeted victims by answering common security questions with information found through online searches. Often we are our own worst enemies when we provide too much information on social media that is available for a hacker to learn the name of your dog, for instance, or other information that might provide the answer to your security question. An easy solution to this problem is to provide a nonsensical answers. There is no legal requirement that you answer your security question honestly. Thus, the answer to the security question asking your mother’s maiden name can be “firetruck.” You will remember this because it is so silly and no hacker will be able to guess it.

2. Use Dual Factor Authentication

One of the best things you can do to protect yourself from being hacked is to use dual factor authentication on your accounts. With dual factor authentication , when you login to one of your accounts, an additional form of authentication is required. Most commonly, after you type in your password, a special one-time code is sent to your cell phone. You then must enter that code in order to access your account. Even if someone manages to steal your password, they will not be able to access your account. Actress Jennifer Lawrence’s iCloud account containing nude photos of her was hacked when she unwittingly responded to a socially engineered email that appeared to come from Apple asking her to confirm her password. If she had used dual factor authentication, even if the hacker had her password, he would not have been able to access her account.

3. Beware of SIM Swapping

Some very sophisticated hackers have been able to defeat dual factor authentication by SIM swapping your phone number to the hacker’s phone. A Subscriber Identity Module, more commonly known as a SIM card, is an integrated circuit that stores information used to authenticate subscribers on mobile devices, such as cell phones. SIM cards can and are transferred between different devices, such as when you get a new phone. Hackers call your cell phone provider posing as you, answer a security question, and have your SIM card switched to their phone, enabling them to defeat dual factor authentication, because now the authentication code is going to their phone and not your phone. Fortunately, you can set up a PIN or password in order to access your mobile service provider account to protect yourself from SIM swapping. Particularly prudent people can even require that their SIM card only be changed in person.

4. Use Security Software and Install Security Updates Right Away

Make sure you have installed good security software on all of your devices and install the latest updates on your programs, applications, and computer and mobile device operating systems as soon as they become available. Note that even the most up-to-date security software will always be at least a month behind the latest strains of malware. This is why, even if you have the best security software, you should never click on links in emails or text messages unless you have absolutely confirmed they are legitimate. Clicking on links infected with malware sent through socially engineered phishing emails and text messages is the most common way that malware is installed.

Nothing you can do will absolutely guarantee that you will not have your social media accounts hacked, but following these five best practices will go a long way toward keeping you safe.

Featured image: (AngieYeoh / Shutterstock)

14 Things Your Smart Phone Is Killing

We know about landlines. We know about clocks, stopwatches, and kitchen timers. We’re well aware of calendars, address books, separate still and video cameras, and even tape recorders. All of those things are slowly being replaced by your smart phone. With every new upgrade and every new slate of apps that becomes available, the need for certain formerly helpful things goes away. Several are obvious, but there are still quite a few more that you might not have considered.

1. Take-Out Menus

It’s okay to admit that you still have the take-out menu drawer. You know it’s there, stuffed with folded food lists from that new burger joint or that Chinese buffet that you know closed six months ago. Frankly, you don’t really need it anymore. Most restaurants now have comprehensive versions of their menus on their sites, and that’s without getting into places that have their own individual apps or that are part of larger delivery services. When you can pass your phone to one of your kids so that they can order pizza while you’re already on your way to the parlor, you know that the menus have passed their overall expiration date.

2. Translators

Sure, nuance in conversation is important, particularly between cultures. But computer programs have gotten better and better over time at making communication across the language barrier easy. Google Translate might be the most popular service, but it’s not the only one out there. The cultural gap of being able to simply talk to one another has definitely shifted closer to closed.

3. TVs

Bear with us a minute. We know you’re probably not giving up the big smart TV on your wall anytime soon. On the other hand, phones and tablets have liberated you from the need to have an actual TV set. Take a look around when you travel; Netlfix and its kin are available on your personal devices, giving you a massive range of program choices. You’re not even stuck with what’s on the hotel TV when you travel. Phones aren’t an absolute, outright TV killer, but the younger generations are definitely adjusting to watching on the smaller screen.

4. Travel Agents

We’re not encouraging the death of a profession, but it’s becoming increasingly obvious that you can plan and purchase a trip by doing your own research and hitting a few buttons. That includes booking your hotel (or Airbnb), making your own travel arrangements, and planning itineraries all on your phone; there’s even a device at the boarding gate to scan the virtual ticket you have on your phone. In fact, some destinations all but require you work with your apps ahead of time; consider Disney, where you can manage your Fast Passes and meal purchases from your phone throughout the day.

5. Flashlights

If you’ve ever said, “I need a flashlight; hand me my phone,” then this one is incredibly self-evident.

6. Cash Registers

This might not be entirely true yet, but it’s getting there. The traditional register is getting smaller and smaller, driven in part by apps like Square, PayPal, and more. Square, among others, makes devices for turning your tablet into a mini-register, and other companies market similar compact devices for food trucks and other operations. The clunky, ringing register of the past is certainly fading.

7. Wallets

The increasingly popularity of “paying with your phone” via digital wallets points toward a time when people abandon physical wallets completely. Some people will always prefer to carry cash, but with store-specific apps replacing membership cards and built-in galleries and cloud storage taking the place of wallet photos, the billfold is definitely in danger of extinction.

8. Radio

Portable radios have been on a steady downward progression for decades. The old transistor got supplanted by the Walkman, which gave way to the Discman, which died on the hill of the iPod. Then, with no small irony, the iPod faded as smart phones took on the ability to play, store, and stream music. With the bulk of terrestrial radio stations available from I (Heart) Radio, and many other music player options available, the portable handheld radio is all but gone.

9. Cable Guides and TV Remote

Today’s cable systems come equipped with remotes that access the laundry list of available channels, and those will remain standard for some time. However, those same cable systems have made flipping through the guide a bit less necessary with searchable apps that allow you to remotely set your DVR or even stream programming. Similarly, Smart TVs like the Roku also have remote apps that allow you to access settings or even perform standard channel and volume changing functions. With the final death of these pieces isn’t totally imminent, the ease with which you can make them irrelevant doesn’t say good things about their long-term survival.

10. Parental Math Anxiety

All parents have been there. Your child is doing homework, and they’re confronted with a particularly challenging math problem. You want to help, but it’s been at least a decade since you’ve given any thought to quadratic equations or finding the surface area of a rectangular solid. Assuming that you can remember or reason out how to do the problem, you’re still not certain that you’re right. That’s where apps like Photomath come in. You open the app, hold your phone as if you’re taking a picture of the problem, make sure you’ve got the whole problem in the box, and click. It gives you the answer. Parental Math Anxiety has been solved.

11. Rolling Dice

The online gaming community frequently posts videos evaluating dice rollers.

A non-scientific study (okay, a random observation) says that dice are the most easily lost component of board games. Fortunately, quite a few apps exist that allow you to roll virtual dice. Even more incredible, apps specifically tailored to the six dice of Dungeons & Dragons and the other specialty games that employ numerous and differently-sided dice are also available. It’s easy to see a time when game-makers simply tell you where to get the app for their game to save production costs and free up game mechanics.

12. Separate GPS Devices

As the advent of the separate GPS device slayed the bulky Atlas, so did various programs and apps dispense with the need for a separate device. Today, a number of apps are focused on getting you where you want to go, from Waze to CoPilot and beyond. Some still like Yahoo Maps or MapQuest (that’s a good one, too), but some say Google Maps is the best (true that, double true).

13. The Need to Hail a Cab

This one should be pretty obvious, but cabs are definitely fading. A cab driver in Washington D.C. told us recently that Uber and Lyft have taken more that 30% of his personal business. So while they’re not dead yet, the act of standing on the street and waving for one is certainly in decline. Hotels and airports still deal with the trade, and there are a plenty of apps to summon a taxi, but the rise of ride-shares and services you hit from your cell has certainly caused a quantum shift in how we pay to get around.

14. Other Phones

We normally only think of this in the context of the landline, but smart phones continue to shove other phone styles out of existence. While a few flip phones or regular-function cell phones are still sold, they’ve taken up less and less shelf space over the years. According to one study, over 80% of the U.S. population will be using a smart phone this year; that number is projected to be around 84% by 2022. As smart phones continue their inevitable takeover, one of the remaining questions we have is “What won’t the smart phone eventually replace?”

 

Featured image: Shutterstock.com

Con Watch: Is Your SIM Card Safe?

Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.

What Is a SIM Card?

A Subscriber Identity Module, more commonly known as a SIM card, is an integrated circuit that stores information used to authenticate you on your cell phone. The SIM card is able to be transferred between different devices, and often is, such as when you get a new phone but keep the same cell phone number.

What Is the Danger?

If identity thieves take over your SIM card, they can control your email and any other accounts you access through your cell phone, such as Amazon, eBay, PayPal and Netflix. Even more worrisome, criminals can also intercept security codes sent by text message as part of dual factor authentication, which is often used to verify your identity for more secure transactions, such as online banking. The thief now has the opportunity to empty your bank accounts and cause financial havoc. They can easily reset your password on any online accounts that you have that are tied to your cell phone number. If that weren’t bad enough, they now also have access to any personal information, such calls or texts, that could potentially be used to blackmail you.

How Do They Get Your SIM Card Information?

A criminal calls your phone carrier claiming to be you and telling them your phone has been lost or damaged. Then they ask the carrier to transfer or swap your SIM card to a new phone controlled by the criminal. This is known as SIM card swapping.In another type of scam known as porting, the thief calls your carrier, saying they want to transfer the phone number to a new company.

In order for the scam to work, the identity thief needs to have personal information about you so that when they call your carrier, they can impersonate you effectively. They are quite adept at contacting victims by email or telephone and getting them to supply Social Security numbers by posing as a legitimate company or agency. Even if one is cautious about giving out personal information, it can often be bought on the Dark Web thanks to all of the recent corporate data breaches, including those at Marriott, Equifax, and Facebook.

Recently, Sydney, Australia police charged a man with involvement in a conspiracy where criminals took over the mobile phone accounts of 70 people and gained access to their bank accounts, using them to purchase more than $100,000 in goods. It was estimated that this type of crime cost Australians at least $10 million in the last year.

In February, 20-year-old college student Joel Ortiz became the first American to be convicted of crimes related to SIM swapping. Ortiz was sentenced to ten years in prison for hacking into the online Bitcoin wallets of his victims, stealing more than $5 million in Bitcoin.

How Do You Protect Yourself?

The best thing you can do to protect your SIM card from porting or swapping is to set up a PIN or password for access to your mobile service provider account. This will help prevent a criminal from calling your carrier posing as you.

AT&T will allow you to set up a passcode for your account that is different from the password that you use to log into your account online. Without this passcode, AT&T will not swap your SIM card.

Verizon enables customers to set up a PIN or password to be used for purposes of authentication when they contact a call center.

T-Mobile will allow you to set up a passcode that is different from the one you use to access your account online. This code will not only protect you from criminals attempting to call T-Mobile and swap your SIM card, but will also prevent someone with a fake ID from making changes to your account at a T-Mobile store.

Sprint customers can establish a PIN that must be provided when doing a SIM swap.

Remember to never provide personal information in response to an email, phone call or text. You can never be sure who is really contacting you. If you think the communication might be legitimate, contact the real company or agency directly using a phone number or address that you know is accurate in order to confirm whether or not the original contact was legitimate.

These simple steps can help protect you from becoming a victim of SIM swapping.

Featured image: Shutterstock.com