Welcome!  

Although most of us are still locked down due to this Pandemic, things are beginning to open up. However, while we were hidden away not paying detailed attention to our security the cybercriminals have been actively attacking our businesses with identity theft. So sit back and see what you can do to protect yourself.

For more tech tips, news, and updates visit – CraigPeterson.com


Automated Machine Generated Transcript:

Hey, welcome back everybody. Craig Peterson here on WGAN of course online is wild at CraigPeterson.com that’s Peterson as in S. O. N. Hopefully you can join me there. I have all kinds of the great information we send out every week, so I’ll make sure you sign up for the email list as well. Well, we have talked about identity theft before, and I want to get into it a little bit here now from two different aspects.

[00:00:31] First of all, you as a consumer are a target of identity thieves, and the younger you are, the more valuable a target you are. Now, many times these identity thieves are just casting an extremely wide net. They’re sending out these phishing emails that are just trying to get you to click. They might have the name of your bank in it, but it just happens to be your bank.

[00:00:58] They don’t know that. Or they might have the name of. Someone that you deal with like Starbucks, Walmart, those are always big ones. Amazon is the biggest one. Lately, I’ve been getting a lot of Amazon scams over the last couple of weeks, and of course every year you got the IRS. Now you’ve got the world health organization.

[00:01:19] We’ve got all of this stuff going on. So what they’ll try and do is get you to look at this email and maybe puzzle over it for a half a second, but hopefully, not even puzzle over it. Hopefully, you’re just going to look at it and say, wow, I was wondering when I was going to get that email, and then you’re going to click on it and now they got ya.

[00:01:41] Because what you’re trying, what they’re trying to do is get you to go to your bank or go to Amazon, and then you’re going to click on that link. This is supposedly going to take you there, right? And then you’re going to type in your username and your password, and then what they’ll typically do is they’ll just send you on your way to Amazon.

[00:02:00] And Amazon’s going to say, you know, log in again and you’re just, you’re going to chalk that up to, Oh man, darn, I must have fat-fingered something or stupid internet. It’s just not reliable at all. And it keeps doing this stuff to me. And you’re not going to think twice about it. But here’s what happened.

[00:02:18] You clicked on the link thinking it was really Amazon or whomever. It took you to a website that looked. Exactly like Amazon or whatever. In fact, they’re selling templates right now on the black market for these websites, so the guys don’t even have to spend any time setting it up. It’s just set up for them and then it goes to.

[00:02:41] The next step, which is okay, putting in your username, your password, you put it in and you just gave your username and password to the bad guys. Now, this is why two-factor authentication is so important. We’ll get into in just a second. Okay. But the bad guys have your username and password and then they now redirect you to the real Amazon website and you’re none the wiser.

[00:03:05] And the, you know, the real Amazon websites can ask for username and password, as I said, just going to chalk it up to, Oh man, they screwed that up. they shouldn’t have screwed it up. But you know, whatever, and, life’s gonna go on. In the meantime, they can now go to Amazon. They’ve got choices, name your password, and they can order stuff just as an example, right?

[00:03:25] They can give themselves an Amazon gift card, whatever it is that they might’ve wanted to do. Well, the reason that you want the two-factor authentication, in this case, is, okay, you have my username and my password, but you don’t have my two-factor authentication setup. So the best type of login for security is something you know along with something you have.

[00:03:52] So in this case, as something you know, is your username and your password. The two-factor authentication or multifactor authentication, is that something you have? So what we do is we use one password and one password has something in it that’s kind of like Google authenticator and it generates a new six-digit number.

[00:04:15] I think it’s everything. 30 seconds or might be 60 seconds. And so now when I try and log into a site, it challenges me. Okay, here’s my username, here’s my password, and instead of asking me one of these password recovery questions, it says, type in your pin. So now I go into one password, one password shows me what the pin is the second.

[00:04:38] And so I type it in quickly so it hasn’t expired. And now I’m in. So in the case of these bad guys, if I fell victim to their phishing scam, and they now were trying to get my login credentials so they could log in and get more identity information about me. Like what address do I have stuff shipped to? What’s my full name?

[00:05:00] What are my family members? Maybe the last four of my social security number and some credit card numbers. You know what? That’s enough in most cases for them to commit a scam in your name. To call up a bank and try and get right into your account. They have enough information. But if you’re using the two-factor authentication again, or the multifactor authentication, they can put in the username.

[00:05:26] They can put in the past who are, but they can’t get that pin. That’s changing, as I said, every 60 seconds. So they, they just don’t, they don’t have it. They can’t get it. So even if they ask you for a pin. They have on average 30 seconds to use that pin before it expires and they’re just not likely to do that.

[00:05:47] So they don’t even bother asking for pins cause most people don’t bother putting pins in right now. Here’s another thing to consider when we’re talking about multi-factor authentication, and that is people’s use of SMS. In other words, text messages. Some of these websites will let you have multifactor authentication where you put in your username, you put in your password, and then it texts you a number.

[00:06:13] While there’s a problem with that. Yeah, I bet you knew Husky to say that. Right. There is a problem with that and the problem is that SMS texts that are being sent to you could be intercepted. See what the bad guys do is they’re, they got, let’s say they got into your Amazon account. They probably got access to your phone number.

[00:06:37] And now that they have access to your phone number, they can call up the phone company and switch your service from your phone to a quote, new phone on growth that you just bought. So now when that SMS message comes in as part of your multifactor authentication for Amazon or your bank or whatever they’re trying to get from you when that text comes in, it doesn’t come to you and you don’t even notice anything until you try and use your phone.

[00:07:05] That text goes to the bad guy. So keep that in mind. Use things like one password or Google authenticator. Microsoft has their own authenticator, but it’s not compatible with anything except Microsoft. Yeah. Big surprise there. Right. So use Google authenticator. That’s what I use even on the Microsoft side.

[00:07:23] So that’s how the bad guys are stealing our identity. Let’s talk now about companies here. 79% of companies are now reporting identity-related breaches in the last two years. 80% of companies absolutely amazing, and they are using fishing. The bad guys using fishing. That’s the same thing I just described.

[00:07:52] To do it. Nearly all businesses that were surveyed here have experienced an identity-related security breach. We’re talking 94. Percent of businesses and of those 94% 79% have suffered one in the last two years. That is absolutely amazing. This is from researchers with the identity defined security Alliance.

[00:08:19] They there a bunch of identity and security vendors and they looked at 502 security and identity professionals to figure this whole thing out. But we’ve got to be careful because the top cause of identity-related breaches for businesses as well as individuals is fishing. It’s so simple. Emails, and now that we have so many people working from home, it’s gotten.

[00:08:45] Even worse because people are just clicking on stuff. They’re not paying the type of attention they should be, and in many cases, they’re working from home and they don’t have the protection of the company’s protected firewalls, DNS servers, fire jumpers, right. The firepower firewalls that we use from our friends over at Cisco, they do make small ones.

[00:09:09] It’ll work for a home and there are ways to make them work from home as well. But that’s just not the case overall, right? Yeah. If everybody was Craig, you wouldn’t need Craig. I’m so glad to be here and I really want to help you guys out, so make sure you subscribe. Go to Craig peterson.com/subscribe get on my email list so you get this and so much more every week.

[00:09:35] Hey, will we come back? We’re going to talk about what’s going to happen to college. This is amazing. This is from a New York mag, all of that and more. So stick around. You’re listening to Craig Peterson on WGAN and online@craigpeterson.com. Stick around. We’ll be right back.

More stories and tech updates at:

www.craigpeterson.com

Don’t miss an episode from Craig. Subscribe and give us a rating:

www.craigpeterson.com/itunes

Follow me on Twitter for the latest in tech at:

www.twitter.com/craigpeterson

For questions, call or text:

855-385-5553

Listen to this episode

Malcare WordPress Security