Over the years, companies all around the world have been in a battle to protect their customer’s data. Unfortunately, companies large and small have had data breaches that have exposed a wealth of personal data of individuals all around the world.
When you look at the list below, you can see companies all around the world, with many names you know well. Let’s be honest like most of us; we utilize a common password across many websites. If a website is compromised and someone can obtain your username and password, there is a good chance they may try that same username and password on other sites.
In the past few weeks, I have seen a rash of random Facebook and Instagram direct messages and chats coming to my account from people I know. The messages are often vague and state something along the line of “Hey, check out this photo of you.”
Since the message came from a friend in many cases, you feel comfortable and go ahead and click on the link. The issue is that the message is not coming from your actual friend but someone who is looking to engineer information from you socially. The links will often take you to a malicious website that may look like a login window for a site you utilize, or they may ask you for other bits of personal information.
At the end of the day, the attacks are focused on gaining more and more usernames and passwords with the hopes to gain access to bank accounts, credit card accounts, or find ways to socially engineer people you may know by asking them to send money because you are in an emergency.
The best course of action is to go through all your social media accounts, banking accounts, and any account that could be used for malicious purposes or gather your personal information. When you go through those accounts in addition to changing the password you want to find out if the company supports Multi-Factor Authentication. See my previous post on how Mutli-Factor Authentication works for more details. It add a layer of verification that stops 99% of the attacks out there, and something I have enabled on all my accounts.
Below are the directions for securing Office 365, social media platform Facebook, financial services account Bank of America, and the developer platform Github. Many companies are now offering multi-factor authentication as part of their authentication options. While it may be an extra step when logging into your accounts, it’s better to know your accounts, data, and money are safe.
- Facebook – Reset your Facebook Account: https://www.facebook.com/help/248976822124608/?helpref=hc_fnav
- Force a log out of Facebook on all devices: https://www.facebook.com/help/211990645501187?helpref=faq_content
- Setup Multi-Factor authentication: https://www.facebook.com/help/2FA
- Office 365 – https://docs.microsoft.com/en-us/office365/admin/security-and-compliance/set-up-multi-factor-authentication?view=o365-worldwide
- Bank of America – https://www.eff.org/deeplinks/2016/12/how-enable-two-factor-authentication-bank-america
- Github – https://help.github.com/en/articles/securing-your-account-with-two-factor-authentication-2fa
Stay safe and alert! I have seen a significant increase in social engineering attempts trying to trick people into doing something that would potentially cause a financial loss.