Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label cybersecurity tips. Show all posts
Password Manager
cybersecurity tips Data Breach delete old accounts identity theft protection Online Security Password Manager

Why It’s Critical to Delete Old Online Accounts Before They Endanger Your Security

 

Most people underestimate just how many online accounts they’ve signed up for over the years. From grocery delivery and fitness apps to medical portals and smart home devices, every service requires an account—and almost all require personal information.

Research by NordPass last year revealed that the average person manages close to 170 passwords for different accounts. For anyone who has spent a significant part of their life online, that figure is likely much higher.

Abandoned or forgotten accounts still hold sensitive data—your name, email, address, birthdate, and payment information. All this information is exactly what shows up in massive data breaches and is precisely what cybercriminals look for.

In an era where data leaks often compile older breaches into vast collections of stolen personal details, inactive accounts lacking updated protections like strong passwords or two-factor authentication become major security liabilities.

Once hackers gain access to your information, they can leverage it in countless ways. For example, if they compromise your email or social media, they can impersonate you to launch phishing attacks or send scams to your contacts. They might also try to trick your friends and colleagues into downloading malware.

Dormant accounts can hold even more sensitive material, such as scans of IDs or insurance documents, which can be exploited for identity theft or fraud. Accounts with saved financial information are an even bigger risk since attackers can drain funds or resell the details on dark web marketplaces.

Deleting old accounts is one of the simplest yet most effective ways to strengthen your online security. It may seem tedious, but it’s something you can easily do while catching up on your favorite shows.

Start by searching your email inbox for common registration keywords like “welcome,” “thank you for signing up,” “verify account,” or “validate account.” A password manager can also help you see which logins you’ve saved over time.

Check the saved password lists in your browser:
  • Chrome: Settings > Passwords
  • Safari: Preferences > Passwords
  • Firefox: Preferences > Privacy & Security > Saved Logins
  • Edge: Settings > Profiles > Passwords > Saved Passwords
Many services let you sign in with Google, Facebook, Twitter, or Apple ID. Review the list of connected apps and services—while disconnecting them doesn’t automatically delete accounts, it shows what you need to remove.

Visit Have I Been Pwned? to check if your email has been involved in breaches. This resource can remind you of forgotten accounts and alert you to which passwords should be changed immediately.

If you spot apps you no longer use on your phone or laptop, log in, close the accounts, and delete the apps from your device. Some antivirus tools, such as Bitdefender, offer features to find all accounts you’ve created using your email with a single click.

Certain platforms intentionally make deletion difficult. If you’re struggling, search the site’s name along with “delete account,” or use justdelete.me, a helpful directory with step-by-step removal guides. If that fails, reach out to the site’s support team.

If you cannot fully delete an account, take steps to minimize the risk:

  • Remove saved payment information.
  • Delete personal details such as your name, birthdate, and shipping address.
  • Clear any stored files or sensitive messages.
  • Use a fake name and a disposable email like Mailinator.

Before creating new accounts in the future, consider whether you can use a guest checkout or a dedicated email address just for sign-ups.

For accounts you decide to keep, always update your passwords, store them securely in a password manager, and enable multi-factor authentication or passkeys to strengthen security.
Read more »
VPN for public Wi-Fi
AI Privacy cybersecurity tips Incogni data removal Passkeys Password Manager Protect Personal Data Technology two-factor authentication VPN for public Wi-Fi

Digital Safety 101: Essential Cybersecurity Tips for Everyday Internet Users

 9to5Mac is brought to you by Incogni: a service that helps you wipe your personal data—including your phone number, address, and email—from data brokers and people-search websites. With a 30-day money-back guarantee, Incogni offers peace of mind for anyone looking to guard their privacy.


1. Use a Password Manager

The old advice to create strong, unique passwords for each website still holds true—but is only realistic if you use a password manager. Fortunately, Apple’s built-in Passwords app makes this easy, and there are many third-party options too. Use these tools to generate and save complex passwords every time you sign up for a new service.

2. Update Old Passwords

Accounts created years ago may still have weak or repeated passwords. This makes you vulnerable to credential stuffing attacks—where hackers use stolen logins from one site to access others. Prioritize updating your passwords for financial services, Apple, Google, Amazon, and any accounts that have already been compromised. To check this, enter your email on Have I Been Pwned.

3. Enable Passkeys Where Available

Passkeys are becoming the modern alternative to passwords. Instead of storing a traditional password, your device uses Face ID or Touch ID to verify your identity, and only sends confirmation of that identity to the site—never the actual password. This reduces the risk of your credentials being hacked or stolen.

4. Use Two-Factor Authentication (2FA)

2FA provides an added layer of security by requiring a rolling code each time you log in. Avoid SMS-based 2FA—it's prone to SIM-swap attacks. Instead, opt for an authenticator app like Google Authenticator or use the built-in support in Apple’s Passwords app. Set this up using the QR code provided by the service.

5. Monitor Last Login Activity

Some platforms, especially banking apps, show the date and time of your last login. Get into the habit of checking this regularly. Unexpected logins are an immediate red flag and could signal that your account has been compromised.

6. Use a VPN on Public Wi-Fi

Public Wi-Fi networks can be unsafe and vulnerable to “Man-in-the-Middle” (MitM) attacks. These involve a rogue device impersonating a Wi-Fi hotspot to intercept your internet traffic. While HTTPS reduces the risk, using a VPN is still the best protection. Choose a trusted provider that maintains a no-logs policy and undergoes third-party audits. “I use NordVPN for this reason.”

7. Don’t Share Personal Info With AI Chatbots

Conversations with AI chatbots may be stored or used as training data. Avoid typing anything sensitive, such as passwords, addresses, or identification numbers—just as you wouldn’t post them publicly online.

8. Consider Data Removal Services

Your personal information may already be listed with data brokers, exposing you to spam and scams. Manually removing this data can be tedious, but services like Incogni can automate the process and reduce your digital footprint efficiently.

9. Verify Any Request for Money

If someone asks for money—even if it looks like a friend, family member, or colleague—double-check their identity using a separate communication method.

“If they emailed you, phone them. If they phoned you, email or message them.”

Also, if you're asked to send gift cards or wire money, it's almost always a scam. Be especially cautious if you're told a bank account has changed—confirm directly before transferring funds.
Read more »
secure QR scanning
Cyber Security cybersecurity tips Phishing Prevention QR code scams QR code security secure QR scanning

How to Identify and Avoid Malicious QR Codes

 

QR codes are widely used for various legitimate purposes, from accessing restaurant menus to making digital payments. However, cybercriminals have found a way to exploit them by overlaying fraudulent QR codes on top of genuine ones. 

These altered codes typically direct users to deceptive websites designed to steal personal information or install malware. Without vigilance, unsuspecting individuals may fall victim to such scams.

Inspect the QR Code for Signs of Tampering

One of the most effective ways to avoid scanning a malicious QR code is by examining it carefully. Fraudsters often place their own QR codes over legitimate ones. If a QR code appears to be stuck over another or seems misaligned, proceed with caution. While not all modified QR codes are fraudulent—restaurants, for instance, may update their codes for new menus—it’s always best to verify before scanning.

Assess the Context Surrounding the QR Code

The environment in which a QR code appears can offer critical clues about its authenticity. If a QR code looks out of place or is presented in an unusual manner, such as an email requesting a scan instead of providing a direct URL, it could be a red flag. Vague messages accompanying QR codes, particularly in emails or promotional materials, may indicate phishing attempts.

Furthermore, QR codes placed in public spaces like bus stops or shopping malls should be approached with skepticism. Scammers often post fake codes in high-traffic areas to trick people into scanning them.

Verify the Website Destination

Fortunately, scanning a malicious QR code does not immediately compromise a device. Before interacting with any website it directs to, analyze the URL carefully. Many QR scanners display the destination URL before opening it—take a moment to check for inconsistencies or suspicious elements.

If a QR code leads to an app download, ensure it redirects to the official Google Play Store or Apple App Store. Cybercriminals often create fake websites mimicking legitimate platforms, tricking users into downloading malware-infected applications. When in doubt, manually search for the app in an official store instead of relying on the QR code.

Use a Secure QR Code Scanner

For added protection, consider using a secure QR code scanner app. Unlike standard scanners, these security-focused apps analyze the code’s destination and alert users to potential threats. For example, the Trend Micro QR code scanner evaluates scanned codes for safety before allowing access to a website or download link.

While QR codes provide convenience, they can also pose security risks. By inspecting QR codes for tampering, assessing their context, verifying their destination, and using secure scanner apps, individuals can significantly reduce the risk of falling victim to scams.
Read more »
VPN malware threats
antivirus software cybersecurity tips malware Phishing Attacks PLAYFULGHOST malware SEO Poisoning VPN malware threats

This New Malware Exploits VPN Apps to Hijack Devices

 

A newly discovered malware, named PLAYFULGHOST, is causing concern among cybersecurity experts due to its versatile capabilities for data theft and system compromise. According to researchers, this malware employs techniques such as screen and audio capture, keylogging, remote shell access, and file transfer, enabling threat actors to launch further attacks.

PLAYFULGHOST is primarily delivered through phishing emails or SEO poisoning techniques, which distribute trojanized VPN applications. Once executed, it establishes persistence using four methods: the run registry key, scheduled tasks, Windows startup folder, and Windows services. This persistence allows the malware to collect a vast array of data, including keystrokes, screenshots, system metadata, clipboard content, and QQ account details, as well as information on installed security products.

The malware also exhibits advanced functionalities such as deploying additional payloads, blocking mouse or keyboard inputs, clearing event logs, deleting cache and browser profiles, and wiping messaging app data. Notably, it can use Mimikatz, a tool for extracting passwords, and a rootkit to conceal registry entries, files, and processes. PLAYFULGHOST further utilizes Terminator, an open-source utility, to disable security processes via a BYOVD (Bring Your Own Vulnerable Driver) attack.

The initial infection often begins with phishing emails containing lures such as warnings about code-of-conduct violations. Alternatively, it leverages SEO poisoning to distribute malicious versions of legitimate VPN apps like LetsVPN. For instance, one victim unknowingly launched a malicious executable disguised as an image file, which subsequently downloaded and executed PLAYFULGHOST. Google’s Managed Defense team notes that this backdoor shares features with the Gh0st RAT, whose source code was leaked in 2008.

PLAYFULGHOST infections employ DLL search order hijacking and sideloading to launch malicious DLLs, decrypting and loading the malware directly into memory. It also uses combined Windows shortcuts and rogue DLL construction for stealthy execution.

How to Protect Yourself

To avoid falling victim to PLAYFULGHOST, adopt the following security practices:
  • Be cautious with phishing emails: Verify the sender and context before clicking links or downloading attachments. If unsure, confirm directly with the sender or relevant departments.
  • Download only from trusted sources: Always access applications from official websites rather than links in emails or messages.
  • Avoid urgency traps: If contacted about urgent matters like account issues, manually visit the company’s website by typing its URL into your browser.
  • Strengthen account security: Use unique passwords, a password manager, two-factor authentication, and robust antivirus software across devices.
For additional protection, consider antivirus programs with integrated VPNs or hardened browsers for enhanced security. Stay informed about phishing techniques and remain vigilant online. As Google’s Managed Defense team warns, “PLAYFULGHOST’s sophistication highlights the need for constant vigilance against evolving cyber threats.”
Read more »
ransomware prevention
Cyber Security Cyber Threats Cybersecurity cybersecurity tips extortion scams fake hacking Phishing Scams ransomware prevention

Understanding the Threat of Fake Hacking: How to Stay Protected

  •  

In the dynamic and high-stakes field of cybersecurity, the word “hacking” often evokes thoughts of complex cyberattacks and data breaches. However, a lesser-known but equally concerning issue is the emergence of “fake hacking,” where individuals or groups falsely claim to have infiltrated computer systems.

Fake hacking occurs when attackers pretend to breach a network or device without actually doing so. While these actions may not always cause long-term technical damage, they can lead to serious consequences such as extortion and reputational harm. “Fake hacking is particularly insidious because it leverages people’s fear and uncertainty about cybersecurity,” explains William Petherbridge, Manager of Systems Engineering at the cybersecurity firm Fortinet. “Attackers are essentially tricking victims into believing their systems have been compromised in order to extract money or other concessions.”

A common tool used in fake hacking is the “hacker typer,” a website that mimics the look of a system being hacked, displaying lines of code scrolling rapidly across the screen. Other deceptive tactics include emails falsely claiming ransomware infections or pop-ups warning of non-existent malware.

“The goal of the fake hacker is to create a sense of panic and urgency in order to pressure the victim into paying a ‘ransom’ or purchasing some kind of ‘protection’ service,” says Petherbridge. “And unfortunately, if the target isn’t vigilant, they can fall for these tricks quite easily.”

To differentiate between legitimate and fake hacking threats, Petherbridge highlights key warning signs:
  • Money Demands: Requests for relatively small amounts of money, often in cryptocurrency, are a strong indication of fake hacking.
  • Unchanged Systems: Genuine breaches usually involve noticeable changes, such as altered files, new accounts, or unusual network activity. If everything appears normal, the hack is likely fabricated.
  • Disorganized Communication: Fake hackers often lack the sophistication of genuine attackers, with poorly structured emails, inconsistent demands, and an absence of technical details.
To combat fake hacking, Petherbridge advises verifying any claims before taking action and consulting cybersecurity professionals, including former hackers, who can identify fabricated threats. Employee training to recognize these red flags is also crucial.

“The most important step is to never panic or rush into a decision when faced with a purported hacking incident,” Petherbridge emphasizes. “Take the time to carefully assess the situation, double-check the facts, and respond accordingly. Falling for a fake hack can be just as damaging as a real one.”

The rise of fake hacking highlights the complexity and evolving nature of cybersecurity. While these attacks lack the technical sophistication of genuine breaches, they can cause significant harm through financial loss, reputational damage, and eroded trust.

By recognizing the signs of fake hacking and implementing strong security protocols, individuals and organizations can safeguard themselves from these deceptive threats. Vigilance, education, and a calm, calculated response remain the best defenses.
Read more »
travel account security
Cyber Security cybersecurity tips Data Safety preventing hacking Protecting online travel accounts Safety Security travel account security

Here's How to Safeguard Your Online Travel Accounts from Hackers

 

Just days following Kay Pedersen's hotel reservation in Chiang Mai, Thailand, via Booking.com, she received a troubling email. The email, poorly written in broken English, warned her of "malicious activities" within her account.

Subsequently, Kay and her husband, Steven, encountered issues. Steven noticed unauthorized reservations at different hotels, prompting them to report the fraudulent activity to Booking.com. In response, Booking.com cancelled all their bookings, including the one in Chiang Mai. Despite their immediate action, restoring their original reservation proved challenging. While Booking.com eventually reinstated the reservation, the new rate was more than double the original.

The Pedersens are not isolated cases. A recent surge in hacking incidents has targeted travellers. Criminals reportedly obtained Booking.com passwords through its internal messaging system. Loyalty program accounts and other online travel agencies have also been popular targets.

The susceptibility of travel accounts to attacks is attributed to the wealth of sensitive information they hold, including passports, driver’s licenses, and travel dates. Caroline McCaffery, CEO of ClearOPS, underscores the importance of safeguarding this information.

To mitigate the risk of hacking, travellers can employ several strategies:

1. Utilize two-factor authentication, preferably through an authenticator app, to enhance security.
2. Enable login notifications to receive alerts of any unauthorized account access.
3. Avoid reusing passwords and opt for strong, unique passwords for each account. Password management services like Google Password Manager can be helpful.
4. Exercise caution when using public Wi-Fi networks, and employ a Virtual Private Network (VPN) for added security.

However, travellers themselves also contribute to the problem by sharing excessive personal information and falling victim to phishing scams. Bob Bacheler, managing director of Flying Angels, highlights the risks associated with oversharing on social media and with unknown websites.

Phishing, in particular, remains a prevalent method for hacking attempts. Albert Martinek, a customer cyber threat intelligence analyst at Horizon3.ai, emphasizes the dangers of clicking on suspicious links.

The Pedersens' case underscores the challenges travellers face in resolving hacking incidents. While Booking.com investigated and secured their account, the couple endured uncertainty regarding their hotel reservation.

Ultimately, responsibility for addressing these security concerns lies with the companies that handle travellers' data. Implementing passwordless authentication systems like Passkeys could offer a solution to mitigate hacking risks. However, until travel companies prioritize safeguarding personal information, travellers will continue to bear the consequences.
Read more »
Subscribe to: Posts (Atom)