As 2022 comes to a close, it’s certain most of us will reflect back on the past 12 months and think ahead to planning a successful 2023. This past year showed the world tremendous change, enduring ample tough times and uncertainty, but garnished with a glimpse of hope for a brighter tomorrow. We aim to learn from our mistakes, keep lessons learned on our minds, and keep a watchful eye for new challenges to come.
Let’s welcome a new year by reflecting on the important lessons we learned through this blog in 2022.
Phishing is a relatively low-tech attack that relies on deception and illusions. Be sure to learn how malicious actors sneak past your defenses and lure you into their trap.
Phishing starts with a spoof website–– a page operated by the hacker but designed to look exactly like a legitimate website, hoping an unsuspecting user won’t be able to tell the difference. Once on the phishing site, the user will be prompted to log in, answer a security challenge question, or provide some form of private data.
Suppose you bank with ACME Bank and you log in to online banking at acmebank.com. Hackers may set up spoof websites with similar URLs or ones that look legitimate, such as: acmebank.onlinebanking.com, www-acmebank.com, or even acme-bank.com. The site will exactly copy the design of the legitimate website, bearing the ACME Bank logo, using the same fonts, same stock images, and an identical layout. The victim will land on a login screen and enter their login credentials. Unfortunately, once they click that “login” button, it’s too late. Whether the victim is given a login error, redirected to the legitimate bank website or something else, the hacker now has their credentials, which the hacker can use to login to the real ACME Bank site and potentially transfer money to their own account. Even worse, with the average user’s tendency to re-use passwords, the hacker can gain access to the victim’s accounts on other websites and do further damage.
Read the full blog for details on how to protect yourself.
We often forget to think about protecting our children’s identity and credit profile because we know children don’t apply for credit nor do they have their own money. But your child does have a social security number, and to a hacker, that’s a blank slate that often goes unchecked by its owner.
To hackers, child identity theft is a goldmine. The tablet is the modern pacifier. According to the American Academy of Pediatrics, “up to 75% of young children have their own tablets, and infants are estimated to start handling mobile devices during the first year of life.” Mobile apps, video games, and online educational resources often require an account –– which is sometimes linked to a credit card or bank account. This leaves hackers with lots of low-hanging fruit to target for account takeover and financial fraud. And not to mention, children have social security numbers too, making them prime targets for identity theft.
Be sure to read the full blog to understand how to protect your child’s identity and credit.
As we putter around the internet, our digital exhaust lingers in cyberspace. Unlike your car’s exhaust, your digital exhaust won’t dissipate on its own—either you have to clean up after yourself or hackers will use your own data against you.
How Does Digital Exhaust Occur?
We know our digital identity is made up of a large collection of data, but why is it on the internet in the first place? There are four main reasons.
- Human Nature. As human beings, we like to share everything we do on the Internet.
- Data Leakages. Accidental publications of your data, due to misconfigurations and errors, by companies you have or currently engage with
- Data Brokers.Their main business is to sell your data on the Internet, and most of them operate fully within the law!
- Data Breaches.Although the companies you engage with make a concerted effort to safeguard your data, this information is valuable to hackers, and so data breaches happen frequently, exposing your personal information on the Dark Web.
Check out both part 1 and part 2 of this blog to learn about how you emit digital exhaust, what that means for you, and how you can protect yourself.
If you use the internet with any frequency, your data will eventually wind up exposed to hackers for no fault of your own. Data breaches expose billions of records containing PII and credentials and the best way to defend against it is to remain informed of your data’s exposure. But if you’re inundated with alerts because your identity monitoring provider can’t differentiate between fabricated data and a critical alert, you may stop paying attention.
The truth is, your PII is very valuable to malicious actors, and despite considerable efforts to keep your personal information private, organizations of all sizes are frequently targeted and infiltrated by hackers. And unfortunately, some organizations have less-than-mature security and privacy practices, and inadvertently expose your data either via misconfigured software or careless security practice, or distribution to an unintended recipient.
You’ve probably heard about Identity Theft Protection services that monitor the deep and dark web for your exposed information. Subscribing to such a service is a great way to protect yourself from becoming a victim of cybercrime, but not all deep and dark web monitoring service providers are created equally. The steps a provider takes between data breach and alert delivery make a big difference in the quality of the result.
Continue reading to learn how to bolster your dark web monitoring offering with dependable data.
Happy New Year
On behalf of the Constella Intelligence team, we wish you and yours a wonderful holiday season and New Year. May your 2023 be free of security incidents, data breaches and account takeovers; full of good health, happiness and fun instead!