Cybersecurity Blog

Travel company hit by data breach – 03/21/18

Did you book travel online between January 1, 2016 and December 22, 2017? If so your payment card information, date of birth, phone number, email address, full name, gender and mailing address may be in the hands of hackers. Orbitz online travel has reported hackers have infiltrated an older version of their booking platform, exposing the data of over 800 000 customers.

As Orbitz is used by other companies such as AMEX to book travel, the breach reaches beyond Orbitz’s direct customers.  So how do you know if you have been affected? Orbitz and its business partners will be reaching out to notify you. However, in the meantime keep an eye on your bank statements, credit card balances and credit report.  The good news is Orbitz’s current systems have not been affected. For more details, visit their website.

Preventing Identify Theft – 09/12/17

With the news of the Equifax breach consumers are left reeling, not sure what action to take to prevent identity theft.  There are tons of articles talking about credit freezes, alerts and monitoring. Most of this information refers to laws and services particular to US citizens. Some are not even available in Canada.  As a Canadian, what do you do?

1. Contact Equifax
  • Visit the Equifax site for details.
  • All impacted customers will be contacted directly. If you have not been contacted, call them at 1-866-699-5712.
2. Set up a credit file alert.
  • With a credit file alert, a request for a new credit product or a change in a credit product cannot be approved without confirmation with the consumer who owns the credit.  This prevents fraudsters from signing up for new credit cards or loans as well as preventing them from increasing credit limits.
  • A credit file alert can be set up with Equifax Canada or TransUnion Canada. Each provider has different types of alerts. Contact the companies for details.
  • Equifax will be providing free credit monitoring and identify theft protection for 12 months to everyone who is impacted. Equifax will contact you directly with the details.
3. Check your credit report monthly.
4. Sign up for credit monitoring.
  • Be notified of new debts.
If your identify is stolen or accounts are accessed:
  1. Contact your local police department and get a police case number.
  2. Contact all your financial institutions and give them the police case number to  hold in your file.
  3. Called Equifax Canada or TransUnion Canada and have them place the police case number on your credit reports.
  4. Report the incident to the Canadian Anti-Fraud Centre.

Get notified when your email credentials have been stolen – 09/01/2017

As the majority of account providers use email for usernames, a compromised email can give hackers access to all of your accounts.  This is especially true if you tend to use the same password for multiple accounts. Ideally, you should have a unique password for every account  so if one account is compromised the rest are safe. You should also be using a password manager to make storage and generation of passwords easy and secure.  However, being the realist that I am I know many of you are still using the same password across multiple accounts.

Have I Been Pwned to the rescue!! After Adobe was hacked in 2013 the website Have I Been Pwned was created.  The website allows users to enter their email and find out if the associated credentials appear in for sale lists on the Dark Web.  This handy little website also lets you sign up for notifications, informing you the minute they discover that your email credentials have been compromised.

Interestingly enough, many hackers don’t actually use the credentials they steal. Instead they sell them to other hackers who use them at their leisure. This practice gives users a chance to change their credentials before any damage is done. Have I Been Pwned was created with this in mind.

You may be thinking…why sign up for this service, won’t I be notified by the account provider when they have a data breach? Unfortunately, account providers haven’t always been the first ones to detect a data breach and they are sometimes reluctant to inform their users that a breach has occurred.  For example,  the Adobe breach was discovered by security journalists and not announced for two weeks while Yahoo delayed informing users of their breach for two years.

We strongly recommend that you check out www.haveibeenpwned.com and sign up for notifications.  The sooner you are aware that your account has been compromised, the sooner you can take corrective action.

How to Limit the Potential Damage from Stolen Credentials – 05/11/17

 

Another day, another list of Mount Royal emails that may have been compromised. How? The emails were used as usernames to login to external websites/accounts. These external websites then had their user’s login credentials stolen.  This is not a concern if each website has a unique password.  However if you reuse the same username and password combinations for multiple websites, once one is compromised they are all compromised.

As it is not a question of if but when one of your websites has their user’s credentials stolen, how do you minimize the damage?

  • Avoid using your Mount Royal email to login to external websites whenever possible. Some sites require your work email to access their services. However the majority of sites allow you to enter any email address.
  • Create a separate gmail account for logging in to work related websites. New accounts can be created/added from the Google login page.  Once a new account has been added, you can view its inbox on a separate tab giving you access to both your accounts at once.
  • Use personal emails for personal sites. This will save you from embarrassment. When a site has a Mount Royal email in its list of usernames and it gets hacked, we are notified. We really don’t want to know that you have a Neopets account.
  • Use a unique password for every website. Having difficulty coming up with and storing so many passwords? Use a password manager to store and generate passwords.
  • Change your passwords regularly.  A significant amount of time often passes before theft of login credentials is detected giving criminals lots of time to use them before they are changed. Changing your password makes stolen credentials useless.

Help!! I can’t get into my Gmail account – 03/30/2017

You begin your day like any other, logging into your computer and then logging into your Gmail to check the day’s messages.  But this morning is different. For some reason your password isn’t working. You are certain that you are entering the correct password. You have checked to see if Caps Lock is on and still you can’t get in.  What do you do?

Your first step is to call the Service Desk. There is a very big possibility that your Gmail account has been compromised. Especially if you use your Gmail username and password combination to login to other accounts.

Once the Service Desk has reset your password and you can get into your account, you need to check your settings. As mentioned in a previous post, once cyber criminals break into your account they like to change its settings so they can regain control of it once you get wise. By checking your account settings, you can make sure your signature hasn’t been changed, that your name appears in the Sent field, that your mail isn’t being forwarded to the criminal and they haven’t given themselves additional access to your account.

Want to decrease the chance that your account will be compromised in the future? Enable two step verification on your account and don’t use your Gmail password for other accounts.

Satan Ransomware Removal Instructions – 01/23/17

Sooo, you have been nailed by the Satan Ransomware bug. What do you do? Well, if the nasty thing is sitting on a Mount Royal workstation, device or laptop call the ITS Service Desk. If it is your home machines or device, no worries because you have followed our terrific advice and have backed up your data regularly…right? If you didn’t quite get around to that all is not lost.  Some nice people at PCrisk have a solution for you. More specifically the wonderful Tomas Meskauskas has written an article detailing how to get rid of the awful thing.  Do note, that his instructions only apply to the Satan Ransomware bug. If you have another version of ransomware, his procedure will not work. Once you have followed his advice and successfully averted disaster, do remember to perform those regular backups. The next time you get a ransomware infection, there might not be removal instructions for it.

Used a public computer lately? You may have left your credit card data behind. – 01/09/17

How I almost fulfilled my dream of owning a pair of red soled shoes

Most days the horror stories I read about and pass along to our community do not directly affect us.  They are simply tales of cyber security woe that I pass along to warn the unsuspecting in an attempt to prevent a possible future disaster.  Today was different. Today I had an OMG moment. Once of those moments when the world seems to go on pause while you try and process what you have just seen.  Today one of our lovely analysts in ITS put a library loaner laptop on my desk.  The type of laptop that hundreds of students and staff check out of the library for temporary use every week.  On the screen plain as day for everyone to see,  was the credit card information of the last person who had logged into Google Chrome on the laptop.

After the shock had worn off, I briefly entertained the idea of doing some post Christmas shopping. I had always wanted a pair of Christian Louboutin’s red soled shoes. However, sanity kicked in and I realized that if this one unfortunate individual had made such an enormous mistake, then there is probably a pretty good chance that others have too.

How was such an error made? How did his credit card information get on that laptop? Google Chrome is to blame.  To understand how this could happen, you need to understand how Google Chrome works. Chrome has this fabulous little time saving feature called Autofill.  As you fill out forms, Chrome will ask you if you want it to remember the information.  Things like passwords, your address and yes your credit card information. So the next time you are asked for it in a form, Chrome fills the form out for you. This is a feature that you can disable. Thing is, if at any time you enabled it and information was stored, the data remains stored in Chrome until you go in and delete it.

That is exactly what happened with our poor library laptop borrower.  They logged into Google, synced their account so they would have access to their Chrome bookmarks and then when they were done they closed Chrome and returned the laptop.  Thing is when you sync your account it syncs everything including your Autofill information. In addition, when you close Chrome it does not log you out of the browser, so the next person who comes along and opens Chrome sees all your bookmarks and has access to your Autofill information which in this case included address and credit card data. Thankfully the good people at the library noticed something was up before it was loaned out again and disaster was averted.

I really would love to go shopping on your dime, however my tastes are rather expensive…Louboutin’s start at 500 Euro… so I think the smarter thing would be to tell you how to avoid leaving your personal information on a workstation that isn’t yours.

  1. If you plan on accessing your Google bookmarks on devices or workstations that are not your own, disable Autofill and delete any stored information.
  2. When you are done working in Chrome on someone else’s workstation, logout of the Chrome browser. Logging out of Gmail does not log you out of Chrome.

By following these two simple steps, you will avoid receiving a bill for a pair of these beauties.

 

Consider getting Rid of Your Yahoo Account – 12/16/16

With more information everyday coming out about the extent of the hack at Yahoo it may be time to dump your Yahoo account. The scariest part about the breach? It has been determined that the hackers got a hold of Yahoo’s code for cookies and have the possibility to forge them. Why is that so scary? It allows the hackers to access user accounts without passwords, making changing your password a useless exercise. Yahoo is contacting users who may have had their cookie information stolen. However, do they really know which users have been effected and to what extent?

Have a Yahoo account, but you aren’t sure how to proceed?  Check out this article from KrebsOnSecurity.

Dailymotion Accounts Hacked – 12/07/16

Hack concept

Around the 20th of October, 85 million usernames and emails were taken from Dailymotion servers along with 18 million hashed passwords. For those of you who don’t use Dailymotion, it is popular video sharing website. Because the passwords were encrypted, it will take some time for the cyber criminals to crack them. This gives users time to change their passwords on their Dailymotion account as well as change the password for any other accounts using the same password.

Once again this drives home the importance of having a different password for each account. It is not a matter of if one of your accounts will get hacked, it is a matter of when. Limit the damage…use unique passwords.

How to Avoid ATM Fraud – 11/28/16

As the Christmas shopping season goes into full swing, cyber criminals are upping efforts to steal your hard earned cash. Most people have heard the horror stories of devices called card skimmers being placed on ATM card slots. These devices scan the magnetic strip on your card while tiny cameras capture your finger movements as you enter your pin.  The majority of you have been educated enough to not use ATMs that have large plastic thingy’s sitting over the  card slot.

However, the latest card skimmers are so thin they are inserted inside the card slot and are impossible to detect.  Check out this video.

How do you protect yourself from such ingenious technology? Simple, cover the pin pad as you enter your pin number. The information that a skimmer scans from your card is useless without the pin. If you cover the pin pad, the criminals camera is unable to record your pin regardless of where it is placed.

Want to reduce your chances of encountering skimmers at all? Only use ATMs that are physically installed in a bank, they are harder to hack. Also, try and avoid using ATMs on weekends. Thieves tend to install these devices on a Friday when they know the bank won’t be open for a while.

Technology is every changing and so are the criminals methods. As careful as we may be, a breach may still happen. Reduce the damage by keeping an eye on your bank statements and disputing any unauthorized charges immediately.

Happy Shopping!!