How to Protect Against Identity Theft by Using Unique Passwords

So here you are sitting at the beach on the French Riveria, its June and you have hardly a worry on your mind when your cell phone rings. Your financial advisor asks you if you really want to sell $1.2M worth of stocks which would cause you to have a huge tax liability. You say what? I’m not selling any stocks. And then you realize your online investment account has been compromised. Someone is selling your assets and transferring cash overseas where you will never be able to retrieve it. Your vacation comes to an immediate end as you start damage control. The good news is you had someone watching your account. But what if you didn’t? This happens more than people realize and much more than banks want you to know. How do you protect yourself?

The path that leads to theft of your identity and your money is a complex web of deceptions. In this article, I will explain some of those vulnerabilities, how evil players compromise your identity, and some steps you can take to protect yourself.

Let me begin by saying that I am not an expert in security nor do I offer professional advice on the subject; but I have responsibility to protect numerous websites from exploitation. That responsibility has exposed me to many of the best practices in the information technology industry. I see the websites I manage being attacked hundreds of times each day from Russia and China based operators. I watch these operators, after getting blocked, change their IP address dozens of times to retry the same exploits.

Most people don’t realize how dangerous the Internet is. It feels safe sitting in your living room typing away on your computer; but it isn’t! There are a lot of bad players out there. They are professional thieves. They are experts at circumventing law enforcement. They operate where US laws have no jurisdiction and everyone is vulnerable. Once you become a victim, there is no magic bullet to restoring your identity or retrieving your money. In actuality, you may find yourself in a multi year lawsuit against your bank or their insurance company rather than capturing the criminals. I hope you find this article helpful to protect yourself and your family in a world of unchecked cyber criminals.

Exploits and Vulnerabilities

New exploits and vulnerabilities emerge every day and information security is a moving target. Read on to learn some common ways that your personal information gets revealed and exploited by hackers and cyber-criminals.

Your passwords are already floating around on the dark web

That may sound preposterous but it is true. Most people reuse userids and passwords, especially on low risk sites and “throw away” accounts. Some popular sites are infact vulnerable themselves to hacking. Forbes magazine reported that numerous popular websites including Netflix, Last.FM, LinkedIn, MySpace, dating site Zoosk, adult website YouPorn, as well as popular games like Minecraft and Runescape have been hacked and over 1.4 billion user names and passwords are available for hackers to use in brute force attacks.

Most people get careless with using the throw away logins and expose their personal information. The best protection from this type of exploit is to use unique passwords. I will explain how to implement a system of unique passwords that is easy to use and difficult to crack later in this article.

Brute Force Attacks

Brute force attacks use software to perform thousands of login attempts to websites, social media, and non-financial services. Two approaches are used: (1) decryptors – computer generated combinations of every possible combination of characters like you see in the movies, or (2) database credentials – exploitation of hacked userid/password combinations that are in use on multiple websites. The brute force attack software keeps trying until a login is successful. At that time personal information is harvested. It can include things like your mother’s maiden name, your best friend’s name, your pets names, your date of birth, etc. That information goes into the database and the search continues until they get into your email account and bank account. With access to email criminals can reset passwords on your more sensitive sites, harvest bank information, tax information, and potentially hack your phone. Many times the exploits are made without doing anything to alert the user. The hacker just continues to harvest information until they can get to your bank account and lock you out.

Longer complex passwords slow down the computer generated decryptor attack. Database attacks are prevented by using sufficiently complex, website-specific unique passwords. Website administrators can take aggressive approaches to locking out users who make too many wrong login attempts. At Utopia, we lock out a user immediately for using the wrong user id. This gives hackers no practical chance of ever getting access to the members only site without a correct user id and only a few chances to login with the wrong password.

Phishing

Phishing is one of the most prevalent attacks. It is the means by which the Russians were able to hack the Democratic National Convention and John Podesta’s emails. It begins with an email or text message that asks the user to click on a link which installs malware on the host computer. From there personal information such as passwords and bank information is gathered and sent to the hacker.

Be very careful to examine the URL of any links sent to you before opening them. Never install software or open executable objects in an email attachment.

Website exploitation

There are a variety of mechanisms where a hacker can exploit a trusted website and inject malicious code that compromises the users computer or personal information. One method of compromising a website is to use upload functions on forms to inject code that then executes on the server. Once a backdoor is installed, the hacker can do many bad things including corrupting the page banner with malware. Website malware can cause visitors to unknowingly install malware on their computers. It can redirect pages to a malware site, install spyware, harvest cookies from ecommerce sites, and much more. Hijacking a trusted website has become a very sophisticated method of spreading malware and infecting client machines.

Antivirus software on your individual computer can protect you from inadvertently installing malware, adware, and spyware on your device. It should be kept up to date as new attacks are released into the wild daily. Website administrators run anti-malware software to continuously scan for and prevent the exploitation of their websites. The Utopia website uses a robust real time scanning system to block malware and exploits.

Phone Port Exploit

Your cell phone is a key device to gaining access to your most secure information. Most banks will grant access to someone with a little personal information who who can retrieve a one-time use PIN sent to your cell phone. One of the latest exploits being perpetrated is the “phone port” exploit. The phone port exploit involves someone calling your telecom provider and having your phone number ported over to their “new phone” using information hacked from your exploited websites. Your phone stops working and within minutes, all your websites and email are attacked. Especially those with mobile phone two-factor authentication.

You can protect yourself from the phone port exploit by contacting your cell phone provider and setting up a secret passcode that must be provided before your phone can be ported. This protects if your phone is lost or maliciously hijacked. Using a screen lock on your phone is also key to preventing a lost phone from being compromised. Several anti-virus companies also provide the ability to remotely take control of your phone from a trusted computer and execute a full wipe of data in the event of a lost or stolen phone.

Password Security – Best Practices

Best practices on password security is constantly evolving. The latest thinking on password security involves pass phrases and password managers. Longer passwords are considered much better than complex passwords (special characters, numbers, and upper/lower case letter combinations). Also changing passwords frequently is considered a vulnerability threat as the new passwords tend to be minor modifications of the old ones making them easier to guess if compromised. So here is what you can do.

Password Manager

Password managers are great for creating a unique password for every website but they are subject to being hacked on the “managing device”. Additionally, if you need to access a website from a new computer you will never be able to guess the password to logon without accessing your password manager. Your password manager should never be used on a public computer. So it is necessary to consider how often and where you will need to access your secured websites before deciding on a password manager. Most browsers now have built in password managers that can be synchronized across several devices you may use. The key here is to make sure the password to the password manager is very secure. A password manager will ask you for the master password when you start your online session. It will then generate long, complex random passwords when ever you sign up for a new site and it will provide that password to the login whenever you visit the site using the browser with the password manager activated. The benefit is very secure passwords you don’t have to remember. It works well when you only use a limited number of trusted computers.

Pass Phrases

Pass phrases help you remember long, non-dictionary passwords that others will not easily remember. Pass phrase passwords (PPPs) are created by using a base pass code and then making it unique based on the website. Here is one example. You create a phrase that is easy to remember like “the sun will always rise in the morning”. The base pass code is created by the first letter in each word of the pass phrase “tswaritm”. This is now a non-dictionary text string that forms the base of your passwords. It is easy for you to remember. Make it more complex by adding a special character and a number. The special character can be anything you like. For this example I’ll use an asterisk “*” and the number will be last number in my birth year “5”. So this is my complex base pass code “tswaritm*5”. Now to make it unique to the website lets try picking some letters out of the URL. Lets choose to capitalize the second, third, and fourth letters. So here goes the unique password for amazon.com “twaritm*5MAZ”, or the code for cnn.com “tswaritm*5NNC”. Now you have a scheme to create and remember a UNIQUE, complex password for every website you visit. Its not as easy as a password manager but you’re not tied to a specific device.

Other Best Practices to Safeguard Your Identity

Use two-factor authentication on sensitive websites but protect your phone from the phone port exploit (above)
Create a strong passphrase based password and change it occasionally or if it gets compromised
As a precaution, change your passphrase and passwords anytime one of your credit cards is compromised
Never write down your password or pass phrase
Never speak the password or pass phrase
Never share passwords or pass phrases
Use anti virus and anti-malware software on all your devices
Set up a remote wipe capability if your phone is ever lost
Do not use dictionary words, names, or pet/child names in your password
Use screen locks on your phone and consider the finger print lock to prevent someone from seeing your unlock pattern
Never enter your password while someone is watching
Physically cover the lens to any camera attached to your computer when not in use. Disconnect the microphone.
Always use a secured, password protected, router with anti-hacking firewall behind your Internet modem
Do not click on suspicious links in email or text messages
If you find yourself on a website that locks your computer or demands money unplug your computer immediately, disconnect from the Internet and run a full anti-virus scan on startup. Restart and scan twice before reconnecting to the Internet.
Do not put bill payments with a signed check in your mailbox, put them in a secure mail drop.
Shred bank statements, credit card statements, brokerage statement, and other financial documents with account numbers or social security numbers.
Check your credit report at least once a year from each credit reporting service, stagger the requests throughout the year
Never send money based on a strange email from a friend or relative
Never give anyone information to access your bank accounts
Never respond to threatening calls from the IRS demanding payment. The IRS will write you a letter long before they call

Happy and safe computing…

Coconut Grove Playhouse Public Comments

The Coconut Grove Playhouse is a cornerstone and landmark of our neighborhood. There are a lot of different options being proposed on how to redevelop the Playhouse. Please take notice of this important opportunity to shape the future of our neighborhood.

Can You Help Save the Fallen Tree in Our Park?

FORWARDING A MESSAGE FROM MARIELOS BALTODANO

Dear Neighbors,
I have contacted an arborist who took a look at the fallen tree on the little park at La Playa Blvd and Ventura Ave…. He said it can be saved!!!

Generally the charge to do such an elaborate work it would be $ 2,750 but he said, for this particular case, he could do it for $ 1,950.

Please contact me at 786.777.8064 if you wish to donate towards the efforts to stand it right up.

It only takes $20.00 if 100 of us chips in…. $10.00 if 200… and so on. I will collect the money and keep a list and obviously, present all invoices necessary…. please help me stand this tree up….

UPDATED (9/27)

14 people in total have offered to contribute so far…

-7 of the 14 have offered a specific amount (for a total of $ 540….)

– 7 out of the 14 will donate but don’t know how much…

Please drop off your checks/cash on my mailbox (3909 La Playa Blvd) and send me a text with your name and amount dropped so I can retrieve it & easier for me to keep track of $$$ in case I need to return it…you can make checks payable to Marielos Baltodano….

I can’t hire arborist until I can at least secure $1,500…. thank you for those who have already dropped money, and the ones that have offered to help…& will ask for all of us to spread the word around… the faster the better!

TRULY APPRECIATE all of the efforts made by ALL of us…. thank you!

~Marielos

Security Sign Preservation

All members, please take your security association signs down and store them safely. These signs can become dangerous projectiles during a hurricane. Additionally, replacement of the signs may cost over $50 each. Your Board requests that you take these signs down as one of the final preparations for the storm. Put them back up as soon as it is safe after the storm so security patrols and people to people security contacts can identify your house as a member home.

Every evening at 6 PM after the storm, weather permitting, we will meet at the park in the triangle near Ensenada and Ventura to offer assistance to neighbors. Our village is strong!

Stay safe.

Hurricane Irma Safety Notice

Utopia Security Services

Hurricane Irma, the most powerful Atlantic hurricane in history is currently forecasted to make landfall near Miami Sunday morning with tropical force winds expected to begin Friday evening to Saturday morning. The size and intensity of this storm and its current forecasted track is a warning for south Florida residents to prepare for catastrophic damages and lengthy periods of power outages, blocked roadways, water shortages, fuel shortages, and lack of other infrastructure. Your Homeowners Security Association has met with our police department representative and have developed plans to keep our neighborhood safe during this event and its aftermath. Please read on to learn what we are doing and how you can participate in keeping Utopia safe.

The City of Miami begins its full time emergency rotational shifts beginning 36 hours prior to the forecasted landfall of a hurricane and continues indefinitely. All officers serve 12 hour on – 12 hour off rotating shifts. This means our patrol officers will not be available for off duty security patrols. The Board is investigating alternative private security patrols though we have not made any decisions at this time.
You can help by banding together with your neighbors, members and non-members to keep a vigilant eye out for possible crime. Do not immediately assume a stranger is here to commit a crime. Approach a stranger and ask if they need help. They may be here to offer assistance or be in need of assistance themselves. You will soon be able to discover if the person has bad intentions, in which case you should notify the police (911) and your immediate neighbors. Criminals will frequently flee from a group of people who can identify them as the perpetrators of crime.
Several Utopia members have volunteered to be points of contact all across the neighborhood. Should you need assistance contact one of the people listed below and they will relay the request to all other contacts to help get the resources needed.
We are assuming there are no technologies available to assist in communications and have organized a people to people network for helping neighbors. Every evening after the storm has passed, weather permitting, we will meet at 6 pm in the park in the triangle at Ensenada and Ventura. Everyone is invited to attent whether seeking assistance, offering assistance, or just wanting to meet some neighbors.
You can help by letting your contact person know how you can help the neighborhood with things as simple as sharing your gas grill to cutting some trees with your chainsaw. Anyone trained in first aid is requested to notify your contact person in the event that emergency services are not available or unable to reach us due to road closures.
Hurricanes are good times to meet your neighbors. Consider reaching out to see how you can help. Perhaps you can grill some of their food before it spoils, share a flashlight, or share your cell phone to notify family members. Remember, we are a village. We want to be of assistance to everyone in our village whether they are member or otherwise. By putting our best foot forward, lending a helping hand, and being a good neighbor we make our village stronger and your good neighborly actions may be the thing that makes someone want to join our association.

The Time To Prepare Is Now!

What to expect in the face of a major hurricane.

1. Loss of Power: The power company is likely to cut power early in the landfall to prevent transformers from exploding which delays restoration of power after the storm. Set your freezer and refrigerator at their coldest settings before the storm and do not unnecessarily open the door while the power is out. It may be days or weeks before power is restored. If you have a generator, leave it off until after the storm passes unless it is on an automatic switch. Even then it might be best to leave it off so the unit is not running on and off line with surging power.

2. Risk of Electrocution: When power is restored, downed wires are likely to be reenergized and can pose a threat to life, especially when in standing water. Never assume a downed power line is safe, even if it was at an earlier time.

3. Loss of Drinking Water: Power outages may prevent the utility from purifying and pumping water into municipal supplies. Travel with plenty of drinking water. Save the empty water bottles to refill when you find potable water supplies and carry Clorox bleach to sanitize small amounts of non-potable water for drinking. Store water in bath tubs but be sure they do not leak – you may need to use a silicon caulk to temporarily seal the drain. Toilets can be manually flushed with a bucket of water.

4. Flooding: Flooding is caused from several factors. Heavy rainfall saturates the ground and has no place to go. Additionally, storm surge may back up the drainage canals and cause flooding from rising sea water itself. Storm drains are likely to get clogged with debris further slowing the drainage. Do not cross flooded areas and especially running waters. Be careful not to get sucked into storm drains in parking lots and streets.

5. Impassible Roads: Trees will fall across roads making them impossible to travel on. It is easy to get stranded as trees will continue to fall from saturated soils after the storm winds subside. If possible travel with a chainsaw and gasoline can. Test your chainsaw days before the storm and make sure your gas mix is fresh.

6. Emergency Services: Emergency services such as police, fire, and ambulance may not be available or able to access your location. Organize your neighbors to provide assistance in advance of the storm. Emergency personnel will be mobilized to protect lives and deliver emergency supplies; they will not be responding to property crimes such as looting. Again a good neighborhood watch is the best security for your property.

7. Loss of Telecom Services: With loss of power comes loss of telecom service. Even cell phones may not work. Do not expect to be able to use your Internet or telecom services. Have a plan to communicate through person to person means and then have a plan to notify friends and family of your safety when you have telecom services available. Cell phone service may be available in small pockets for short durations. A battery operated AM radio will be a good source of news in periods of extended telecom loss.

8. Unavailable Food Supply: Grocery stores are unlikely to receive their regular deliveries until roads are cleared and power is restored. Be prepared with canned and dry foods such as rice and beans which can be prepared with minimal energy.

9. Unavailable Energy Supplies: The supply chain for gasoline and propane fuel will be stressed. It is quite possible that you may not be able to find gas stations operating. They may be out of gas or unable to pump the gas without electricity. Carefully consider the range you can travel with the fuel in your tank and whether you actually need to travel. Save fuel for emergencies. Also, call your propane supplier before the storm and advise them to service you frequently after the storm.

10. Cash: ATM Machines may not be available and credit cards services may not be functioning. Have sufficient cash on hand for emergency purchases.

11. Medications: Be sure you have ample supply of your medications and protect them from water damage by storing them in zip lock bags before the storm.

12. Data Protection: Backup your computer data and if possible store the backup off site. Consider using cloud services such as Dropbox and Google to get your most sensitive data out of the storm area. Photograph important documents and email them to yourself. Also consider placing your computers in water tight plascti containers or covering them with large plastic yard bags.

13. Pets: Have an emergency plan for your pets, including food and water supplies.

14. Eye of the Storm: Be prepared for powerful winds. Secure all loose objects before the storm and stay sheltered during the wind storm. Large projectiles and even small rocks are extremely dangerous in a windstorm. When the eye of a hurricane passes over, the wind will stop and the sun may actually shine. This is no time to go outside. The back side of the eye wall will be coming soon and you may not even see it coming until it is too late.

15. Repairs: Be prepared for some damage to your roof, doors, and windows. Even storm windows may experience damage. Have plenty of heavy duty duct tape and 6 mil rolls of plastic available to cover open windows and doorways. Tarps are also desirable to cover damaged roofs. If you know a contractor or handyman, give them a call before the storm and ask them to check with you first thing after the storm. Skilled labor will be in short supply with everyone seeking repairs.

16. Mosquito Repellent: Mosquitoes will be swarming in all the stagnant water after the storm. You will most likely be exposed to the elements without power. Have plenty of mosquito repellent available. It will become your cologne of choice for a while.

17. Batteries, Flashlights, and Candles: Be prepared for lighting at night and especially if you need to go outside after dark.

18. Stay Informed: Hurricane forecasts are changing rapidly so it is important to stay tuned in to the national weather service advisories and local emergency notices.