Millions of Gmail, Yahoo, Twitter, and Facebook Passwords Stolen

Hackers have stolen usernames and passwords for nearly two million accounts at Facebook, Google, Twitter, Yahoo and others, according to a report released this week.

The massive data breach was a result of keylogging software maliciously installed on an untold number of computers around the world, researchers at cybersecurity firm Trustwave said. The virus was capturing log-in credentials for key websites over the past month and sending those usernames and passwords to a server controlled by the hackers. You can read the details of the breach here  but you should change your passwords as soon as possible. on these services.  Spread the word!

Security Tips for Cyber Monday

I am a seasonal retailer's worst nighmare...

...I am a consumer who shops for Christmas well before the holidays. 

I've never done a Black Friday nor a Cyber Monday shopping extravaganza;  by this time of the year I am focusing on decorating the house, writing Christmas cards, and swinging by the local supermarket to pick up some gift cards as stocking stuffers.  The idea of queuing in lines for hours and then fighting over towels is as bewildering to me as staying up until midnight in front of a computer screen to snag an online deal.  Nevertheless, millions of consumers in the US will engage in these post Thanksgiving rituals with eageness and zeal.  

This year several prognosticators are anticipating more retail revenue generated on Cyber Monday than on Black Friday.  In anticipation of this onslaught, many in my professsion are reemphasizing the importance of protecting yourself while online shopping.  There are several decent articles out there with lists of good practices (you can find two of them here and here)...but one more can't hurt.  

Here are my Tips for Safe Cyber Shopping:

1. Patch Your Systems.  Sounds simple, doesn't it?  Still many personal computing devices and applications remain unpatched and vulnerable (as this year's data breach reports point out   Again.).  Patch the O/S.  Patch applications.  Update your virus software definitions...and run a thorough scan of the system before your start surfing.  
2. No-App Monday.  Cyber Monday is not the day to download new apps or ringtones onto  your personal device.  Expect an onslaught of "new" or "discounted" apps to hit the app sites, offering you every convenient phone functionality you can think of.  While many of these might be legitimate, a significant percentage will not be.  Remember that the easiest way for the bad guy to get into your systems is for you to willingly let him in.  Downloading an app opens your front door to the cyber crook.  
3. Ignore Pop-Ups.  Do not respond to any pop-up window offering your additional discounts/savings/deals simply by clicking on the window.  
4. Know Your Retailers. If you are going to shop online on Cyber Monday, do so with retailers that you know and have done business with before.  Cyber Monday is not the day to "try out" a new online retailer or a known retailer's new online functionality.  Also, remember to check the URL of any known retail site that you visit by hovering over the link or inspecting the full URL in the browser windor.  Look at the beginning of the string and make certain that the site you are on is the correct one (e.g.:  amazon<dot>com versus amaz0n<dot>com).  Do not assume that you will recognize a phony website just by surfing it;  scammers have become quite proficient at creating professional-looking sites.
5. Manage Your Risk.  Limit the amount of risk you incur when shopping online by controlling the dollar amount that the bad guys are exposed to.  Using credit cards is the most popular method of mitigating this risk, but not the only way.  PayPal is, by its design, a risk-limiting method of payment and is also effective.  You can also get creative with your banking instruments and designate one checking account/debit card for online shopping and only populate that account with the monies necessary to pay for your online purchases.  
6. Password Sunday.  Scammers are looking for access to your accounts and data as well as your financial instruments.  If you shop online on Cyber Monday, consider doing a full-fledge password update and lockdown the day before.  Most individuals use the same password for multiple accounts...and (as recent breaches continue to show) most of these passwords are extremely weak.  If a scammer utilizes Cyber Monday activities to gain access to your system, having strong individual passwords stored in a secure offline container may slow down the potential damage that can be done.  Given the plethora of passwords that most people need to remember, it would be foolish of me to tell you not to capture them somewhere; be smart/prudent re: where and how you store them, though.  Personally, I am a fan of KeePass which I store on an IronKey that I keep in my firebox...though there are less-paranoid and less technical solutions.
7. Remember Barnum.  P. T. Barnum is often credited with saying that "There's a sucker born every minute."  Scammers and criminals live by this philosophy.  If something sounds too good to be true, it probably is.  Be skeptical of "dream" deals and discounts.  Do not go down the rabbit hole of exploring such deals, regardless of how tempting they are.  Remember, it only takes a nanosecond to compromise a system.   

(Historical note:  for the purists out there, I am aware that Barnum never said the aforementioned maxim;  go here if you want the correct reference.  Yes, I have friends who will obsess over that point [squirrel!])

Hope this helps.  Please feel free to pass this along to your friends.  Safe shopping, all!