Cybersecurity Blog

Criminals could hack your device through Bluetooth – 9/14/2017

 

Researchers have discovered a vulnerability in Bluetooth enabled devices that would allow an attacker to take control of them with no action on the part of the user. The majority of manufacturers have issued updates to patch this vulnerability.  As Bluetooth is a fairly complicated protocol, experts warn that there may be more vulnerabilities not yet discovered. To protect yourself, make sure you:

  • Keep your device updated.
  • Turn off Bluetooth when not using it

Preventing Identify Theft – 09/12/17

 

With the news of the Equifax breach consumers are left reeling, not sure what action to take to prevent identity theft.  There are tons of articles talking about credit freezes, alerts and monitoring. Most of this information refers to laws and services particular to US citizens. Some are not even available in Canada.  As a Canadian, what do you do?

1. Contact Equifax
  • Visit the Equifax site for details.
  • All impacted customers will be contacted directly. If you have not been contacted, call them at 1-866-699-5712.
2. Set up a credit file alert.
  • With a credit file alert, a request for a new credit product or a change in a credit product cannot be approved without confirmation with the consumer who owns the credit.  This prevents fraudsters from signing up for new credit cards or loans as well as preventing them from increasing credit limits.
  • A credit file alert should be set up with both Equifax Canada and TransUnion Canada. Each provider has different types of alerts and they don’t share information. Contact the companies for details.
  • Equifax will be providing free credit monitoring and identify theft protection for 12 months to everyone who is impacted. Equifax will contact you directly with the details.
3. Check your credit report monthly.
4. Sign up for credit monitoring.
  • Be notified of new debts.
If your identify is stolen or accounts are accessed:
  1. Contact your local police department and get a police case number.
  2. Contact all your financial institutions and give them the police case number to  hold in your file.
  3. Call Equifax Canada and TransUnion Canada and have them place the police case number on your credit reports.
  4. Report the incident to the Canadian Anti-Fraud Centre.

Get notified when your email credentials have been stolen – 09/01/2017

As the majority of account providers use email for usernames, a compromised email can give hackers access to all of your accounts.  This is especially true if you tend to use the same password for multiple accounts. Ideally, you should have a unique password for every account  so if one account is compromised the rest are safe. You should also be using a password manager to make storage and generation of passwords easy and secure.  However, being the realist that I am I know many of you are still using the same password across multiple accounts.

Have I Been Pwned to the rescue!! After Adobe was hacked in 2013 the website Have I Been Pwned was created.  The website allows users to enter their email and find out if the associated credentials appear in for sale lists on the Dark Web.  This handy little website also lets you sign up for notifications, informing you the minute they discover that your email credentials have been compromised.

Interestingly enough, many hackers don’t actually use the credentials they steal. Instead they sell them to other hackers who use them at their leisure. This practice gives users a chance to change their credentials before any damage is done. Have I Been Pwned was created with this in mind.

You may be thinking…why sign up for this service, won’t I be notified by the account provider when they have a data breach? Unfortunately, account providers haven’t always been the first ones to detect a data breach and they are sometimes reluctant to inform their users that a breach has occurred.  For this reason, we strongly recommend that you check out www.haveibeenpwned.com and sign up for notifications.  The sooner you are aware that your account has been compromised, the sooner you can take corrective action.