Placeholder Content Image

"It's quite disturbing": Woman receives messages from dead husband

<p>A widow has been left feeling "distressed" after receiving cryptic messages from her husband's Facebook account, two years after he died. </p> <p>Jenny Singe said her husband's social media account had become active earlier this year, when online hackers began messaging friends and family and posting on her husband's timeline.</p> <p>"It's quite disturbing really," Singe told <a href="https://www.9news.com.au/national/social-media-hack-woman-left-disturbed-after-receiving-messages-from-latehusbands-facebook-account/8c9dab63-11a6-4912-ba5c-61a06f51dd8e" target="_blank" rel="noopener"><em>Nine News</em></a>. </p> <p>Jenny said most of the posts were cryptic advertisements, further distressing her friends and family who were still in mourning. </p> <p>"My husband died almost two years ago and I am still grieving," she said.</p> <p>"I keep getting Facebook messages from (the hackers) and the first time was very distressing."</p> <p>Jenny attempted to contact Facebook to get her late husband's account taken down permanently, but said the social media platform was incredibly "unhelpful".</p> <p>"I have been through enough with losing my husband and now they were asking me to prove that he was dead," she said.</p> <p>"Facebook wanted me to provide them with all these details including his death certificate and all these other additional things."</p> <p>"Yet the hackers can continue on their merry way. I just thought, 'Why do I have to do all these things when I have done nothing wrong?'"</p> <p>"It's just not good enough."</p> <p>Protocols are currently in place for how to handle Facebook profiles of deceased people, however they must be either set up by the account holder prior to their death, or a family member must submit a death certificate online to the company.</p> <p>Family members can also memorialise an account which will prevent anyone from logging into it and will keep it visible on Facebook - however, it must be applied for with evidence of death. </p> <p>A Meta spokesperson told <em>Nine News</em> that the matter was being investigated.</p> <p>"We extend our heartfelt condolences to Jenny Singe for her loss. Meta is committed to protecting our community from hackers and the distress they cause, and the matter is being investigated," the spokesperson said.</p> <p><em>Image credits: Getty Images</em></p>

Family & Pets

Placeholder Content Image

What hackers can do with just your phone number

<p><strong>Your number can be used in many malicious ways</strong></p> <p>Your phone number is an easy-to-find key that can be used by hackers and scammers to unlocking your personal data. They can also use your number in many other malicious ways.</p> <p>I used to think that maybe, at best, a person could possibly find my name and address using my phone number. I was wrong. Recently, someone I don’t know used my phone number to find out the private details of my life, then emailed me everything they had discovered.</p> <p>With just my phone number this person found out where I live, my previous addresses, information on if I’ve ever been evicted, some personal financial information, a map of my neighbourhood, and my birth date. They even found the only speeding ticket I’ve ever had, way back in 2006. It was disturbing, to say the least.</p> <p>I felt, and still feel, violated. I reported the person to the social media site they contacted me through and blocked them, but is there more I can do?</p> <p>After contacting some security experts for their take, it turns out that finding important details about someone’s life with just a phone number is incredibly alarmingly easy…and profitable.</p> <p>“In the wrong hands, your phone number can be used to steal your identity and take over almost every online account you have,” Veronica Miller, cybersecurity expert at VPN overview, tells Reader’s Digest.</p> <p>There are several ways a hacker can use a phone number to turn your life upside down. Here are some ways criminals can target you.</p> <p><strong>Data mining the easy way</strong></p> <p>The easiest way to use your phone number maliciously is by simply typing it into a people search site. Sites like these can reveal personal information about you in less than a few seconds, according to tech expert Burton Kelso.</p> <p>People search sites, purchase your personal information and then sell it to people who want your data, like hackers with your phone number.</p> <p>The information found through these sites includes your address, bankruptcies, criminal records and family member’s names and addresses. All of this can be used for blackmail, stalking, doxing or identity theft.</p> <p><strong>Rerouting your number</strong></p> <p>Another tactic is to contact your mobile carrier provider claiming to be you, said Miller. Then, the hacker can make it so your number routes to their phone. From there, the hacker will log into your email account. Of course, they don’t have your password, but they don’t need it.</p> <p>They just click “Forgot your password” and get the reset link sent to their phone that now uses your phone number. Once the hacker has access to your email account, it’s easy to gain access to any of your accounts.</p> <p>While many service providers have some security features to prevent scammers from switching phones, if the person has your phone number, though, they may be able to find enough information about you to get past the security questions.</p> <p><strong>Spoofing</strong></p> <p>There were billions of scam calls in 2019, according to data collected by YouMail, and scammers are getting smarter. Now they are using a technique called spoofing to make it easier to scam you. Spoofing is when someone makes your phone number pop up on a caller ID when it really isn’t you that’s making the call.</p> <p>For example, a scammer once spoofed my daughter’s phone number to make me think she was calling me. The goal was to trick me into answering the phone. It worked, because what if it was an emergency and my daughter needed me?</p> <p>When a scammer gets you to pick up, they have the chance to trick you into whatever scheme they’ve come up with, like tricking you into giving them your credit card information.</p> <p>It doesn’t take much to spoof a phone number. There are apps and websites that allow scammers to simply type in a phone number and make a call. It’s super easy and quick, which makes it appealing to scammers.</p> <p><strong>Texting scams</strong></p> <p>Scammers can also use your phone number to send you malicious text messages. This type of scam is called ‘smishing’, according to digital privacy expert Ray Wallsh.</p> <p>In these texts, scammers can send links that can infect your phone with malware that can steal your personal information, or they can straight-up scam you by pretending to be your bank, the IRS, or your doctor.</p> <p>Posing as someone you trust, the scammers will then try to trick you into giving them personal information and credit card numbers.</p> <p><strong>How to protect yourself</strong></p> <p>All of the experts I contacted recommended that to combat your phone number being misused, share it as little as possible. “Many apps and services require a cell number for verification at sign up. By handing your data to these apps, services and businesses, you increase the likelihood that your phone number will be passed on to third parties and data aggregators,” said Wallsh. Limit giving out your phone number to friends and family and your doctor.</p> <p>For everyone else, you need a virtual number that can forward calls to your phone so you don’t need to give anyone your real number that is linked to your personal information. You can set up a virtual number for free through Google Voice or through services like Burner.</p> <p>Also, never click on links sent to you in text messages, even if they look like they were sent from a trusted contact. If your bank, credit card company, doctor or service you use contacts you through text, call them using a verified number from their website to confirm the communication was truly sent from them to avoid malware or scams.</p> <p>To protect yourself from hackers rerouting your number, ask your mobile carrier to add an extra layer of security like a password or PIN number to your account, advises Miller.</p> <p>All of these steps can help keep your personal information private, but it only works to a point. Your personal data has probably already been sold to people search sites and while you can send these sites requests to remove your information, it’s a huge task. Plus, the site may simply repost your information later.</p> <p>So, in the end, there may not be a way to completely prevent hackers and scammers from getting access to your phone number. Knowing what someone can do with your number, though, can help you avoid scams and protect your information from being more widely spread.</p> <p><em>Image credits: Getty Images</em></p> <p><em>This article originally appeared on <a rel="noopener" href="https://www.readersdigest.co.nz/true-stories-lifestyle/science-technology/what-hackers-can-do-with-just-your-phone-number" target="_blank">Reader's Digest</a>.</em></p>

Technology

Placeholder Content Image

Fake Banksy print sold on the artist’s website for over $450,000

<p><span style="font-weight: 400;">A hacker has been forced to return over $450,000AUD to a British art collector after he tricked him into purchasing a fake Banksy print. </span></p> <p><span style="font-weight: 400;">The NFT (non-fungible token) print was posted on Banksy’s official website, fooling many fans of the elusive street artist. </span></p> <p><span style="font-weight: 400;">The auction of the print ended early after the art collector offered 90% of rival bidders. </span></p> <p><span style="font-weight: 400;">Banksy’s team spoke to the </span><a href="https://www.bbc.com/news/technology-58399338"><span style="font-weight: 400;">BBC</span></a><span style="font-weight: 400;"> and assured art fans that, </span><span style="font-weight: 400;">"any Banksy NFT auctions are not affiliated with the artist in any shape or form."</span></p> <p><span style="font-weight: 400;">NFT’s are a relatively new phenomenon in the art world, which show artworks that can be “tokenised” to create a digital certificate of ownership that can be bought and sold. </span></p> <p><span style="font-weight: 400;">They often don’t give the buyer the actual artwork of copyright, but are seen as more of an investment. </span></p> <p><span style="font-weight: 400;">The man who got duped by the site believed he was buying Banksy’s first ever NFT. </span></p> <p><span style="font-weight: 400;">The man, who wished to remain anonymous, explained over Twitter that he suspected Banksy’s official site was hacked and that he was the victim of an elaborate scam. </span></p> <p><span style="font-weight: 400;">The hacker returned all the money, with the exception of $9,000AUD transaction fee once he was caught out. </span></p> <p><span style="font-weight: 400;">The prominent NFT collector used the online name Pranksy, and said the whole experience was bizarre but that the hacker may have got scared.</span></p> <p><span style="font-weight: 400;">"The refund was totally unexpected, I think the press coverage of the hack plus the fact that I had found the hacker and followed him on Twitter may have pushed him into a refund. “</span></p> <p><span style="font-weight: 400;">"I feel very lucky when a lot of others in a similar situation with less reach would not have had the same outcome," he said.</span></p> <p><span style="font-weight: 400;">The NFT was called Great Distribution of the Climate Change Disaster, and is not linked to the famous street artist.</span></p> <p><em><span style="font-weight: 400;">Image credits: Banksy</span></em></p>

Art

Placeholder Content Image

Hackers are getting smarter by targeting councils and governments

<p>In recent weeks, <a href="https://www.zdnet.com/article/city-of-johannesburg-held-for-ransom-by-hacker-gang/">Johannesburg’s computer network was held for ransom</a> by a hacker group called Shadow Kill Hackers. This was the <a href="https://www.bbc.com/news/technology-49125853">second time</a> in three months a ransomware attack has hit South Africa’s largest city. This time, however, hackers didn’t pose the usual threat.</p> <p>Rather than denying the city <a href="https://www.hkcert.org/ransomware.hk/ransomware-basic.html">access to its data</a>, the standard blackmail in a ransomware attack, they threatened to publish it online. This style of attack, known as <a href="https://en.wikipedia.org/wiki/Ransomware#Leakware_(also_called_Doxware)">leakware</a>, allows hackers to target more victims in a single attack – in this case the city’s citizens.</p> <p>The latest Johannesburg attack was the second leakware attack of this type ever recorded, and a similar attack could hit Australia soon. And although our current cyberattack defences are more advanced than many countries, we could be taken by surprise because of the unique way leakware operates.</p> <p><strong>A new plan of attack</strong></p> <p>During the Johannesburg attack, city employees received a computer message saying hackers had “compromised all passwords and sensitive data such as finance and personal population information”. In exchange for not uploading the stolen data online, destroying it and revealing how they executed the breach, the hackers demanded four bitcoins (worth about A$52,663) - “a small amount of money” for a vast city council, they said.</p> <p><em><a href="https://images.theconversation.com/files/299645/original/file-20191031-187903-1ykyg4q.png?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=1000&amp;fit=clip"><img src="https://images.theconversation.com/files/299645/original/file-20191031-187903-1ykyg4q.png?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;fit=clip" alt="" /></a> <span class="caption">The hacker group operated a Twitter account, on which they posted a photo showing the directories they had access to.</span> <span class="attribution"><span class="source">ShadowKillGroup/twitter</span></span></em></p> <p>In this case, access to data was not denied. But the threat of releasing data online can put enormous pressure on authorities to comply, or they risk releasing citizens’ sensitive information, and in doing so, betraying their trust.</p> <p>The city of Johannesburg decided <a href="https://coingeek.com/we-shall-not-pay-the-ransom-johannesburg-tells-hackers/">not to pay the ransom</a> and to restore systems on its own. Yet we don’t know whether the data has been released online or not. The attack suggests cybercriminals will continue to experiment and innovate in a bid to defeat current prevention and defence measures against leakware attacks.</p> <p><a href="https://images.theconversation.com/files/299644/original/file-20191031-187898-hhld2p.jpg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=1000&amp;fit=clip"><img src="https://images.theconversation.com/files/299644/original/file-20191031-187898-hhld2p.jpg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;fit=clip" alt="" /></a> <span class="caption">This login screen message was displayed on computers in Johannesburg following the attack.</span> <span class="attribution"><span class="source">pule_madumo/twitter</span></span></p> <p>Another notable leakware attack happened a decade ago against the US state of Virginia. <a href="https://www.govtech.com/security/Cyber-Criminal-Demands-10-Million.html">Hackers stole</a> prescription drug information from the state and tried obtaining a ransom by threatening to either release it online, or sell it to the highest bidder.</p> <p><strong>When to trust the word of a cybercriminal?</strong></p> <p>Ransomware attack victims face two options: <a href="https://www.sciencedirect.com/science/article/pii/S1361372316300367">pay, or don’t pay</a>. If they choose the latter, they need to try other methods to recover the data being kept from them.</p> <p>If a ransom is paid, criminals will often decrypt the data as promised. They do this to encourage compliance in future victims. That said, paying a ransom <a href="https://www.bleepingcomputer.com/news/security/paying-the-coverton-ransomware-may-not-get-your-data-back/">doesn’t guarantee the release or decryption of data</a>.</p> <p>The type of attack experienced in Johannesburg poses a new incentive for criminals. Once the attackers have stolen the data, and have been paid the ransom, the data still has extractive value to them. This gives them <a href="https://arxiv.org/pdf/1707.06247.pdf">duelling incentives</a> about whether to publish the data or not, as publishing it would mean they could continue to extort value from the city by targeting citizens directly.</p> <p>In cases where victims decide not to pay, the solution so far has been to have strong, separate and updated <a href="https://www.csoonline.com/article/3331981/how-to-protect-backups-from-ransomware.html">data backups</a>, or use one of <a href="https://www.nomoreransom.org/en/index.html">the passkeys available online</a>. Passkeys are decryption tools that help regain access to files once they’ve been held at ransom, by applying a repository of keys to unlock the most common types of ransomware.</p> <p>But these solutions don’t address the negative outcomes of leakware attacks, because the “<a href="https://www2.deloitte.com/content/dam/Deloitte/bm/Documents/risk/cayman-islands/2017%20Deloitte%20-%20Taking%20data%20hostage%20-%20The%20rise%20of%20ransomware.PDF">hostage</a>” data is not meant to be released to the victim, but to the public. In this way, criminals manage to innovate their way out of being defeated by backups and decryption keys.</p> <p><strong>The traditional ransomware attack</strong></p> <p>Historically, <a href="https://www.techopedia.com/definition/4337/ransomware">ransomware attacks denied users access to their data, systems or services</a> by locking them out of their computers, files or servers. This is done through obtaining passwords and login details and changing them fraudulently through the process of <a href="https://en.wikipedia.org/wiki/Phishing">phishing</a>.</p> <p>It can also be done by encrypting the data and converting it to a format that makes it inaccessible to the original user. In such cases, criminals contact the victim and pressure them into paying a ransom in exchange for their data. The criminal’s success depends on both the value the data holds for the victim, and the victim’s inability to retrieve the data from elsewhere.</p> <p>Some cybercriminal groups have even developed complex online “<a href="https://www.computerworld.com/article/3173698/ransomware-customer-support-chat-reveals-criminals-ruthlessness.html">customer support</a>” assistance channels, to help victims buy cryptocurrency or otherwise assist in the process of paying ransoms.</p> <p><strong>Trouble close to home</strong></p> <p>Facing the risk of losing sensitive information, companies and governments often pay ransoms. This is <a href="https://www.synergetic.net.au/ransomware-attacks-on-the-rise-in-australia/">especially true</a> in Australia. Last year, 81% of Australian <a href="https://www.synergetic.net.au/ransomware-attacks-on-the-rise-in-australia/">companies</a> that experienced a cyberattack were held at ransom, and 51% of these paid.</p> <p>Generally, paying tends to <a href="http://www.rmmagazine.com/2016/05/02/ransomware-attacks-pose-growing-threat/">increase the likelihood</a> of future attacks, extending vulnerability to more targets. This is why ransomware is a rising global threat.</p> <p>In the first quarter of 2019, <a href="https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-aug-2019.pdf">ransomware attacks went up by 118%</a>. They also became more targeted towards governments, and the healthcare and legal sectors. Attacks on these sectors are now more lucrative than ever.</p> <p>The threat of leakware attacks is increasing. And as they become more advanced, Australian city councils and organisations should adapt their defences to brace for a new wave of sophisticated onslaught.</p> <p>As history has taught us, it’s <a href="https://www.theguardian.com/australia-news/2019/oct/01/systems-shut-down-in-victorian-hospitals-after-suspected-cyber-attack">better to be safe</a> than sorry.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important; text-shadow: none !important;" src="https://counter.theconversation.com/content/126190/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: http://theconversation.com/republishing-guidelines --></p> <p><em><a href="https://theconversation.com/profiles/roberto-musotto-872263">Roberto Musotto</a>, Cyber Security Cooperative Research Centre Postdoctoral Fellow, <a href="http://theconversation.com/institutions/edith-cowan-university-720">Edith Cowan University</a> and <a href="https://theconversation.com/profiles/brian-nussbaum-874786">Brian Nussbaum</a>, Assistant Professor at College of Emergency Preparedness, Homeland Security and Cybersecurity, <a href="http://theconversation.com/institutions/university-at-albany-state-university-of-new-york-1978">University at Albany, State University of New York</a></em></p> <p><em>This article is republished from <a href="http://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/hackers-are-now-targeting-councils-and-governments-threatening-to-leak-citizen-data-126190">original article</a>.</em></p>

Technology

Placeholder Content Image

7 alarming things a hacker can do when they have your email address

<p><strong>1. Send emails from your address</strong></p> <p>This is probably the most obvious thing hackers can do with your email address, and it’s a nuisance for sure. Once hackers have your email address, they can use it to target more than just you, sending out email blasts to anyone (maybe even everyone!) in your contact list. As Garry Brownrigg, CEO &amp; Founder of <a href="https://www.quicksilk.com/">QuickSilk</a>, explains, “They can ‘spoof’ an email message with a forged sender address – they don’t even need your password for this.” The things they send can be anything from harmful malware to scams and requests for money; either way, you’d certainly rather they didn’t come from your address.</p> <p>And although it’s mostly harmless (most savvy internet users are able to catch on when they receive a scam email from a friend’s address), it could still be a problem in some cases. “If a criminal really wanted to hurt someone, they could use this as a way to hook a romantic partner, hack the victim’s employer, get the person in trouble at work, or cause any number of problems in their personal or professional life by impersonating them online,” says Jason Glassberg, co-founder of <a href="https://www.casaba.com/">Casaba Security</a> and former cybersecurity executive at Ernst &amp; Young and Lehman Brothers.</p> <p><strong>2. Send phishing emails</strong></p> <p>Since there isn’t a lot that hackers can do with just the email address, they’re not going to stop there. “When a hacker knows your email address, they have half of your confidential information – all they need now is the password,” warns Greg Kelley of <a href="https://www.vestigeltd.com/">Vestige Digital Investigations</a>. They employ a few different methods to access it, the most common being the phishing email. This is an email, in the guise of being a legitimate email from a trusted source, designed to trick you into logging in. “They might create a legitimate-sounding email that appears to be sent from a service such as Amazon, eBay, Paypal or any number of other popular services… Links in phishing emails will always direct the user to a purposefully built website that looks identical to the real service,” explains Ray Walsh, a digital privacy expert at <a href="https://proprivacy.com/">ProPrivacy.com</a>. “However, if people use the login on that fake website, the hacker instantly receives the credential and password for the real account.”</p> <p>Another way they can do this, ironically, is by sending you an email saying that your account is compromised or has been accessed from a new device, so you need to change your password for security reasons. (You’ve almost definitely had one of those at one point or another!) When you change your password, then your account really is compromised and the hacker has your password. Once hackers have your password, the range of things they can do becomes much greater.</p> <p><strong>3. Access your online accounts</strong></p> <p>Nowadays, our emails do double duty as our logins for scores of social media sites, in addition to Google Docs, online retailers, and so on. Internet users also have a very understandable tendency to use the same passwords for all of these accounts. And even if you don’t use the same password, the hacker can click the old ‘forgot password’ button and use the resulting email – which comes to your email address, which they do have the password for – to change the password, and voilà. Your accounts are their accounts, and they have access to anything on them that you do.</p> <p><strong>4. Access personal information</strong></p> <p>The things hackers can do with your information seem to be something of a chain reaction. Once a hacker has access to your online accounts, just think about all of the information that is right at their fingertips. Allan Buxton, Director of Forensics at SecureForensics, sums it up: “At a minimum, a search on Facebook can get a public name and, unless privacy protections are in place, the names of friends and possibly pictures,” he says. “Throw that email address into LinkedIn, and they’ll know where you work, who your colleagues are, your responsibilities, plus everywhere you worked or went to school. That’s more than enough to start some real-world stalking. That’s just two sites – we haven’t talked about political views, travel or favourite places they might glean from Twitter or Instagram.”</p> <p>Glassberg admits that such ‘real-world stalking’ is rare, sure, but anything is possible in an era where people document nearly everything online.</p> <p><strong>5. Steal financial information</strong></p> <p>Things start to get really problematic if hackers are able to find your credit or debit card information – which, more likely than not, you’ve sent via email at one point or another. Your online bank accounts can also be a major target for hackers, especially if you use your email address as a login for those, too. And, needless to say, once a hacker has access to those, your money is in serious jeopardy. “This is one of the biggest risks you’ll face from an email hack,” Glassberg says. “Once [hackers] have the email, it’s easy to reset the bank account and begin issuing transactions.” In addition to potentially being devastating of your finances, this can also hurt your credit score, as <a href="https://www.beenverified.com/">BeenVerified</a>’s Chief Communications Officer Justin Lavelle explains: “Cybercriminals can use your credit card details, open bank accounts in your name, and take out loans. It will likely ruin your credit card’s rating and your credit report will take a hit.”</p> <p><strong>6. Blackmail you</strong></p> <p>As if things weren’t scary enough, hackers can use your personal info to ruin, or threaten to ruin, your reputation. This is fairly rare, but it can happen, especially if a hacker finds something that the user wouldn’t want to be seen publicly. “[Hackers] can use this access to spy on you and review your most personal emails,” says Daniel Smith, head of security research at <a href="https://www.radware.com/">Radware</a>. “This kind of information could easily be used to blackmail/extort the victim.”</p> <p><strong>7. Steal your identity</strong></p> <p>This is definitely a worst-case scenario, but “once the hacker has your personally identifiable information, they can steal your identity,” Brownrigg warns. With information like your tax file number and credit card info, identity theft can sadly be well within reach for hackers. So, if you start noticing signs someone just stole your identity, consider that your email address may have been compromised.</p> <p><strong>How you can stay safe from hackers</strong></p> <p>Hopefully, though, you won’t have to encounter any of these problems, and there are some measures you can take to keep your information safe. Avoid using your verbatim email address as a login for other sites, and make sure that your password is strong and difficult to guess. You should also change those passwords every couple of months or so for maximum security. Glassberg also recommends securing your email account with two-factor authentication. This “[requires] a one-time code to be entered alongside the password in order to gain access to the email account,” he told RD. “In most cases, the code will be texted to the person’s phone, but there are also apps you can use, like Google Authenticator.”</p> <p>And, of course, just use common sense. Don’t share information or type in your email password on public WiFi networks, and be smart about the information you share over email.</p> <p><strong>What to do if you think you’ve been hacked</strong></p> <p>Starting to notice some strange online activity? There are a couple of ways you can try to get ahead before it gets too bad. If you hear about spam emails being sent from your address, change your password immediately. You should also tell your contacts so that they know to ignore anything coming from you. Finally, Lavelle offers some other suggestions: “Change your email settings to the highest privacy setting, scan your computer for malware and viruses, and be sure your browsers are updated,” he says.</p> <p><em>Written by Meghan Jones. This article first appeared in </em><em><a href="https://www.readersdigest.com.au/true-stories-lifestyle/science-technology/7-alarming-things-a-hacker-can-do-when-they-have-your-email-address">Reader’s Digest</a>. For more of what you love from the world’s best-loved magazine, </em><a href="http://readersdigest.innovations.co.nz/c/readersdigestemailsubscribe?utm_source=over60&amp;utm_medium=articles&amp;utm_campaign=RDSUB&amp;keycode=WRN93V"><em>here’s our best subscription offer</em></a><em>.</em></p> <p><img style="width: 100px !important; height: 100px !important;" src="https://oversixtydev.blob.core.windows.net/media/7820640/1.png" alt="" data-udi="umb://media/f30947086c8e47b89cb076eb5bb9b3e2" /></p>

Technology

Placeholder Content Image

How to stop hackers from attacking your mobile phone while online shopping

<p><span style="font-weight: 400;">In new research revealed by Norton’s cyber safety insight report, about 30 per cent of shoppers have fallen victim to cybercrime in the past year at a cost of a shocking $1.3 billion.</span></p> <p><span style="font-weight: 400;">The report noted that 21 per cent of smartphone users had no idea that their device was able to be hacked.</span></p> <p><span style="font-weight: 400;">Cybercrime expert Julian Plummer agrees that users are laxer about mobile security compared to their laptops.</span></p> <p><span style="font-weight: 400;">“As mobile becomes increasingly de rigueur the security risk to consumers will only rise,” said Mr Plummer, who is the managing director of Midwinter Financial Services in Sydney.</span></p> <p><span style="font-weight: 400;">There are two ways that your smartphone is able to be hacked, which is phishing and over public wi-fi networks.</span></p> <p><span style="font-weight: 400;">As hackers are only getting smarter at duping their victims when it comes to phishing, sophisticated criminals are now impersonating big-name brands, including banks and other institutions.</span></p> <p><span style="font-weight: 400;">“It used to be that seeing a padlock in the URL bar meant that the site was safe, but now hackers are ‘securing’ their sites using cheap security certificates to provide a false sense of security,” Mr Plummer warned to </span><a href="https://thenewdaily.com.au/life/tech/2019/05/29/mobile-phone-cybercrime-safety/"><span style="font-weight: 400;"><em>The New Daily</em></span></a><span style="font-weight: 400;">.</span></p> <p><span style="font-weight: 400;">The second way is via public Wi-Fi networks, which is surprisingly sophisticated.</span></p> <p><span style="font-weight: 400;">“Hackers use a ‘Wi-Fi pineapple’ to mimic a public wi-fi access point,” he explained.</span></p> <p><span style="font-weight: 400;">“Unfortunately, logging on to these malicious wi-fi access points allows hackers to intercept any unencrypted personal data. Always be very wary when connecting to an untrusted wi-fi network – especially overseas.”</span></p> <p><span style="font-weight: 400;">It’s easy to protect yourself from hackers though, according to Mr Plummer.</span></p> <p><span style="font-weight: 400;">“The crucial thing for mobile phone users is to stop reusing passwords,” Mr Plummer said.</span></p> <p><span style="font-weight: 400;">“With a major security breach happening almost on a monthly basis, if hackers were to get your password from one shopping website, they then have access to all your online accounts if you re-use your password.”</span></p> <p><span style="font-weight: 400;">The second way to keep your information safe might be tedious, but it’ll be worth it in the long run. It involves keeping your phone’s operating system up to date.</span></p> <p><span style="font-weight: 400;">“The main reason manufacturers provide updates is to close off security loopholes within their device,” Mr Plummer said.</span></p> <p><span style="font-weight: 400;">“Hackers are well versed in any security bugs in your mobile device, so make sure you have automatic updates turned on for your mobile phone.”</span></p>

Technology

Placeholder Content Image

The scary new way hackers can find out your passwords

<p><span style="font-weight: 400;">New research from the University of Cambridge in England as well as Sweden’s Linköping University has explained that malware is now capable of accurately guessing your passwords by listening to the sound of your fingers tapping the screen.</span></p> <p><span style="font-weight: 400;">The hackers use the malware to listen via the microphone of your smartphone and use technology that can accurately guess where you’re touching the screen to get every password you use on the smartphone device. </span></p> <p><span style="font-weight: 400;">“We showed that the attack can successfully recover PIN codes, individual letters and whole words,” researchers wrote in the paper, according to </span><a href="https://www.9news.com.au/technology/iphone-android-hackers-can-find-out-your-passwords-by-hearing-how-you-type/bf7c66ce-0d49-4c26-8be2-1dd5c6196d30"><span style="font-weight: 400;">9News</span></a><span style="font-weight: 400;">.</span></p> <p><span style="font-weight: 400;">“We have shown a new acoustic side-channel attack on smartphones and tablets.”</span></p> <p><span style="font-weight: 400;">Research showed that during testing, the machine learning software correctly guessed a four-digit passcode 73 per cent of the time after ten tries.</span></p> <p><span style="font-weight: 400;">The software was also able to identify 30 per cent of passwords that ranged from seven to 13 characters in length after 20 tries.</span></p> <p><span style="font-weight: 400;">The malware is reliant on machine learning to predict which key a user has tapped by tracking which sound the microphone heard first. This is a detail that is picked up in a matter of seconds.</span></p>

Technology

Placeholder Content Image

Warning: WhatsApp voicemail scam gives hackers access to your account

<p>A worrying new WhatsApp hack allows cyber criminals to access victim’s accounts via their voicemail inbox.</p> <p>According to <a href="https://nakedsecurity.sophos.com/2018/10/08/attackers-use-voicemail-hack-to-steal-whatsapp-accounts/"><strong><em style="font-weight: inherit;"><u>Naked Security</u></em></strong></a>, a blog run by British security company Sophos, scammers are attempting the attacks at night so they can take advantage of the app’s six-digit verification code.</p> <p>The attacks have become so prevalent that Israel’s National Cyber Security Authority issued a nationwide warning.</p> <p>Hackers start the scam by installing WhatsApp on their own phone using a legitimate user’s phone number.</p> <p>To verify the login attempt, WhatsApp sends a six-digit verification code via text message to the victim’s telephone.</p> <p>However, hackers are carrying out this scam at night, so victims are most likely sleeping rather than checking their phones.</p> <p>WhatsApp then allows the hacker to send the six-digit verification code via phone call with an automated message.</p> <p>As the victim is not on their phone, the message ideally goes to voicemail.</p> <p>The cyber criminal then exploits a security flaw in many telecommunication networks which allows customers to use a generic phone number to call and retrieve their voicemails.</p> <p>For many mobile phone owners, only a four-digit pin is required to access their voicemails – which if they haven’t changed is commonly 0000 or 1234 by default.</p> <p>Hackers will then enter the password and gain access to the victim’s voicemail inbox, allowing them to retrieve the WhatsApp message containing the six-digit code.</p> <p>Once the scammer enters the code into their own phone, they have complete access to the victim’s WhatsApp account.</p> <p>To avoid being hacked, it is recommended that users turn on two-factor authentication on their account, adding an extra layer of security.</p> <p>“Using application-based 2FA ... mitigates a lot of the risk, because these mobile authentication apps don’t rely on communications tied to phone numbers,” Sophos researchers explained. </p> <p>This can be done by navigating to Settings in WhatsApp, then tapping ‘Account’.</p> <p>Users must then press on ‘Two-step verification’ and tap ‘Enable’.</p> <p>Experts also encourage users to have a strong PIN on their voicemail inbox.</p> <p>Have you encountered this WhatsApp scam? Let us know in the comments below. </p>

Technology

Placeholder Content Image

How hackers can get into your accounts without the password

<p>On Wednesday morning, high-profile Twitter accounts were hacked and then flooded with swastika-laden propaganda.</p> <p>Twitter accounts such as Duke University, Forbes and Amnesty International were victims of this latest online scandal.</p> <p>These accounts are most likely protected by high security measures including two-factor authentication and strong protections. Although these measures are important, hackers have found a way to bypass them.</p> <p>Hackers are now using app permissions to infiltrate online accounts. App permissions involve logging into an app or service by using one of your key social accounts such as your Google, Facebook or Twitter account. This feature allows you to worry about fewer passwords and sometimes is necessary for apps to work with other accounts, but it also presents security issues.</p> <p>This recent hack was caused by an app called “Twitter Counter”. This app provides analytics of Twitter accounts and the app not only requests permission to see your data, but to also Tweet. This feature could prove helpful if you want to send out tweets inside the app but this is how these high-profile accounts were compromised.</p> <p>Apps that have permissions are generally limited in the access they have over your account. In most cases, they don’t have the ability to change your password and they also never get your real password. Your main account just gives them a generated one once you use that account to sign up. Although you can still have control over your password and regain your account back, once an account has been infiltrated, the world has already seen the information the hacker has posted on your profile.</p> <p><strong>The solution</strong></p> <p>Take a look at what apps have access to the accounts you use online. Revoke as many permissions as you can and create a practice of checking it regularly.</p> <p>On Twitter, click on your avatar on the top right next to the “Tweet button” and then press <strong>Settings and privacy</strong>. Look at the list on the left side and then select <strong>Apps</strong> and you can scroll through and revoke access to any apps that don’t need to be linked to your Twitter account.</p> <p>On your Google account, conduct a <a href="https://myaccount.google.com/secureaccount" target="_blank"><strong><span style="text-decoration: underline;">Security Check-up</span></strong></a> which will automatically run through your app permissions. Then revoke the apps that have permission to use your account.</p> <p>On your Facebook account, click on the question mark menu on the left side of your notifications icon and select <strong>Privacy</strong>. On the left-hand side select <strong>Apps</strong> and then press <strong>Show All</strong> at the bottom of the box that is marked with <strong>Logged in with Facebook</strong>. Get rid of any apps that you don’t need on the list. </p>

Technology

Placeholder Content Image

How to secure your Wi-Fi network from hackers

<p>An insecure Wi-Fi network can result in more than just slower internet and a burnt-through data cap. You could lose access yourself or even let private information get into the wrong hands. As more devices in our home become Wi-Fi connected - from your home security to your lightbulbs - making sure your Wi-Fi is secure is more necessary than ever. Here's how.</p> <p><strong>Change passwords</strong></p> <p>This seems obvious, but stick with me. While you might have set a pretty good password for your Wi-Fi network when you set it up – what with capital letters and numbers and everything - the password to log in to your actual router might still be the default.  This means anyone already on your network can easily change the actual Wi-Fi password themselves.</p> <p>(There's also the possibility that your Wi-Fi password is still the one written on the back of your router. You should definitely change that.)</p> <p>To change either of these passwords, you'll want to log in to your router. (Your router is that box with flicking lights that gives you internet. It probably has some antennas.)</p> <p>Open a web browser (Chrome, Safari, Internet Explorer - whatever you use) on a device that's connected to your Wi-Fi and type "192.168.0.1". This should open a login page. (If it doesn't try "192.168.1.1".)</p> <p>Logging in here, disturbingly, should be pretty easy. Check your router's make and model here or on Google. It's likely "admin" and "admin" or "admin" and "password".</p> <p>Once you've logged in you should see your router's settings page. Each one of these is different, but changing the password for both the router and the Wi-Fi network itself should be relatively easy. If not, Google is your friend. Remember to go long and to add numbers. If you're worried about forgetting it, try a long sentence of song lyrics along with a few numbers - easy to remember, extremely hard for a computer to crack.</p> <p><strong>Change the name of your network</strong></p> <p>If your Wi-Fi network already has some dumb joke name, skip this section. If it's called NETGEAR 5345 or something like that, time to get one of those dumb joke names. You can do this, again, by logging into your router. Look for an option to change the "SSID".</p> <p>Why? Because for potential hackers, knowing the type of router or connection you have makes the job a lot easier. Getting rid of the default name makes this a bit harder for them.</p> <p><strong>Encrypt your network</strong></p> <p>Your router is likely already encrypted with WAP encryption, which is fairly standard, but is also quite easy to crack. Luckily, most newer routers should offer "WPA2" encryption - don't worry about what it means - which is much stronger. However, it also will lock out any device from prior to 2006, so if you've got some ancient laptop somewhere, be wary.</p> <p>To do this, you're going to want to - once again - log in to your router. (See why it's so important to make sure your router is password protected too?) Encryption options should be under security settings.</p> <p><strong>Restrict your Wi-Fi to certain devices</strong></p> <p>This is something of a nuclear option, and can be extremely inconvenient. Basically, instead of allowing any device with the right password onto your network, it will restrict the network to only allow access for devices on a list. To do this, assemble a list of all the MAC addresses of every device you own, then input them into their router. MAC addresses are basically unique IDs for every device that has Wi-Fi - Google how to find them on each of your smartphones, laptops, tablets, and consoles.</p> <p>Once you've got that list, log back in to your router and into the security settings again.</p> <p>Have you ever taken measures to secure your Wi-Fi? Do you think you’re going to take them now? Share your thoughts in the comments.</p> <p><em>First appeared on <a href="http://Stuff.co.nz" target="_blank"><strong><span style="text-decoration: underline;">Stuff.co.nz</span></strong></a>.</em></p> <p><strong>Related links:</strong></p> <p><a href="/entertainment/technology/2016/06/14-tricks-that-will-change-how-you-use-your-ipad/"><strong><em><span style="text-decoration: underline;">14 tricks that will change how you use your iPad</span></em></strong></a></p> <p><a href="/entertainment/technology/2016/06/how-to-keep-your-facebook-messages-private/"><em><span style="text-decoration: underline;"><strong>How to keep your Facebook messages private</strong></span></em></a></p> <p><a href="/entertainment/technology/2016/05/hints-for-using-gmail/"><em><strong><span style="text-decoration: underline;">5 hints for using Gmail</span></strong></em></a></p>

Technology

Placeholder Content Image

5 things hackers love to see you share on social media

<p>Whether you got a new job, new digs or just want to post a cool selfie, chances are you've shared what you've been up to on social media. Communication channels like Facebook, Twitter and Instagram make sharing information fast and easy.</p> <p>Sharing what you're doing might sound innocent, but your friends and followers aren't the only ones paying attention. Social media hackers are also taking interest in your updates to see what they can exploit.</p> <p>To help you play it safe, here's a list of things you should never share on social media:</p> <p><strong>Your phone number</strong></p> <p>You wouldn't broadcast your phone number to complete strangers, so why would you share it on social media? Although you might think you're just innocently sharing with friends, social media hackers want your number, too.</p> <p>Social media hackers want phone numbers because they are unique identifiers that typically last a long time.</p> <p>For example, hackers can type your phone number into a Facebook search to find your profile page if you have it listed. This could lead to theft, fraud and misrepresentation.</p> <p>Hackers might also bypass security and use your phone number as a caller ID to send text messages that ask recipients to unknowingly click on a malware link.</p> <p><strong>Your home address</strong></p> <p>To avoid burglars showing up at your home would be one reason not to share your home address on social media.</p> <p>However, social media hackers aren't looking to just rob your home - they're out to get everything you're worth.</p> <p>Addresses may be leveraged by attackers to create more convincing and effective phishing schemes that can ultimately lead to identity theft and credit card fraud.</p> <p>Additionally, home addresses are often used by financial institutions to verify your identity. Reverse lookup services can supply anyone with your home address with a phone number, and vice versa.</p> <p><strong>Your new credit card</strong></p> <p>Even though it should be a no-brainer, some people become overly excited about receiving a new credit card and end up sharing a picture of it on their social media accounts.</p> <p>Doing this is simply handing social media hackers exactly what they want. Sharing your credit card info gives hackers easy access to your financial accounts - since your account number and name are right on the card - and this could easily turn your life upside down.</p> <p><strong>Hashtags</strong></p> <p>Hashtags make it easy to follow a conversation on social media sites like Twitter. But be careful what you hashtag: Social media hackers are watching your every move.</p> <p>Sharing too much information about yourself or your whereabouts can be quite simple with hashtags, particularly with society now having the tendency to hashtag their whole lives. But hashtags can be useful tools for hackers as they provide another avenue for attackers to obtain information about you.</p> <p><strong>Where you've checked in</strong></p> <p>Although it's fun and easy, checking in to your favourite places on Foursquare, Facebook or Twitter isn't very smart.</p> <p>In fact, it would be wise not to check in, as social media hackers will know where you are - or where you aren't.</p> <p>This notifies hackers that you will be using your credit card in different locations, making it easier to post transactions that would otherwise be unusual.</p> <p>First appeared on <a rel="noopener" href="http://www.stuff.co.nz/" target="_blank"><strong><em><span style="text-decoration: underline;">Stuff.co.nz</span>.</em></strong></a></p> <p><strong>Related links:</strong></p> <p><strong><em><span style="text-decoration: underline;"><a href="http://www.oversixty.co.nz/entertainment/technology/2016/01/myths-about-facebook/">3 myths about Facebook busted</a></span></em></strong></p> <p><strong><em><span style="text-decoration: underline;"><a href="http://www.oversixty.co.nz/entertainment/technology/2016/01/how-to-spot-fake-apple-products/">How to spot fake Apple products</a></span></em></strong></p> <p><strong><em><span style="text-decoration: underline;"><a href="http://www.oversixty.co.nz/entertainment/technology/2016/01/great-tip-for-using-youtube/">YouTube tips you didn’t know</a></span></em></strong></p>

Technology

Placeholder Content Image

11 signs you’ve been exposed to hackers

<p>The internet has become so ingrained into our day to day lives, that sometime we don’t fully appreciate the risks involved. We need to be aware of the fact that hackers still represent a huge security threat. Here are 11 tell-tale signs your computer has been exposed to hackers.</p> <p><strong>1. You’re receiving fake antivirus messages</strong></p> <p>While not nearly as prevalent as they used to be, a fake antivirus warning is a sure sign your system has been compromised. By the time the fake message appears the damage has often already been done, and malicious software may have already made use of unpatched software on your system.</p> <p><strong>2. Unwanted browser toolbars</strong></p> <p>If you’ve noticed your browser now has multiple toolbars that you haven’t installed, that’s probably not a good thing. Names may seem to indicate legitimate sources, but unless you’ve installed the additional toolbars yourself odds are you’ve been exposed to malicious computer hackers.</p> <p><strong>3. Redirected internet searches</strong></p> <p>Hackers make a living out of redirecting people’s browsers to places they don’t want to go. Usually these redirected internet searches are well-hidden from users by additional proxies, but if you type common words into most search engines and scan the results you should know if something’s up.</p> <p><strong>4. Frequent random popups</strong></p> <p>Frequent random popups are probably the most obvious (and annoying) sign that your computer has been exposed. If you’re getting random browser popups when you visit websites that don’t normally generate them then that’s generally a sure sign that your system has been compromised.</p> <p><strong>5. Friends receive fake emails</strong></p> <p>While this form of hacker attack is by no means as popular as it used to be, malware programs and hackers can still pull email addresses and contact lists from social media sites. Often the bogus emails now won’t have your address as the sender, but they may use your name.</p> <p><strong>6. Online passwords suddenly change</strong></p> <p>Obviously if your password changed and you don’t remember doing it this is cause for concern. Often this happens when someone has responded to an authentic-looking phish email that collects login information, logins and changes the passwords which hackers with bad intensions can use.</p> <p><strong>7. Unexpected software installs</strong></p> <p>Most malware programs these days like Trojan viruses and worms typically install themselves in the same manner as legitimate programs. So it stands to figure if you’ve noticed some unexpected software suddenly appearing in your Downloads folder you’re in a bit of strife.</p> <p><strong>8. Mouse pointer moves itself</strong></p> <p>While it may look as though your computer has suddenly become possessed by a poltergeist, if your computer mouse pointer is moving on its own volution there could be some hackers at play. Hackers have been known to log into idle computer, break into your bank account and steal money.</p> <p><strong>9. Anti-malware software is disabled and won’t restart</strong></p> <p>If your anti-malware software is suddenly disabled and won’t start up again then that’s probably a sign that things have taken a turn for the worst. Similarly, if you can’t get into Task Manager or Registry Editor or they start and disappear, or even start in a reduced state that could be bad.</p> <p><strong>10. Your bank account is missing money</strong></p> <p>This is probably the most obvious sign, and definitely the hardest one to take. Hackers have been known to get online, break into someone’s account and transfer large sums of money to themselves. If you notice something a bit irregular about your bank account, contact your bank immediately.</p> <p><strong>11. Calls from store about non-payment of shipped goods</strong></p> <p>If someone from Uzbekistan is calling about the delivery fee for your drone that you never actually bought that’s probably not a good sign. Whenever this happens make sure you take the appropriate action and ensure your computer and the security of your overall system hasn’t been compromised.</p>

Insurance