❗ Lock down your cybersecurity: I work with brands I trust to keep you secure. Hit this page to see the five must-have tools I recommend.
A New Jersey family is living a nightmare
It started back in September. Dan in Bridgewater, New Jersey, had his bank account hacked. Their first step was to withdraw money and apply for a loan. In October, he got a letter from TD Bank notifying him of an address change on his account.
Dan told CBS News hackers are now in all his financial accounts, took over his email and Amazon accounts, and have taken complete control of his cellphone and even his landline. It’s a safe bet the hackers are in other facets of his life, including stealing his medical ID and selling off access to his insurance.
It’s really not that hard for someone with the right know-how to find these login credentials. Often, your passwords are part of data sets hackers will give anyone for free. Others cost only a few bucks on the Dark Web. For as little as $30, someone can buy enough details to do this to you, too.
Imagine that for a second. What started out as a strange bank charge has become a full-blown disaster.
Whoever hacked Dan has applied for 18 credit cards, tanking his credit score. He gets texts saying, “[A]m watching you,” and, even with the police and FTC involved, there’s been no progress in solving the case.
It can happen to anyone
Unfortunately, Dan’s story isn’t unique. It’s just an example of how quickly one hack can spiral into a full-blown identity theft attack. These are all folks I’ve talked to recently on my national radio show:
- Peter called me after his 85-year-old mom lost her life savings — $1.4 million. Scammers convinced her they were bank officials and federal agents.
- Debby, an Air Force vet and successful banker, was conned out of $1 million by a man pretending he loved her.
- Rick got a message on WhatsApp from a woman who eventually convinced him to start investing in a fake crypto scheme. That was tens of thousands of dollars he’ll never see again.
‘OK, Kim. What do I do?’
The good news: Cybersecurity basics I’ve been telling you about for years still work. I’ll get to those. The bad news: Most of us don’t have the time and energy to take every step we know we should. Here’s what I do that you should consider, too.
- Strong passwords matter: I’m a broken record, but you need a strong, unique password for every account. A password manager can handle this for you, generating and securely storing them so you don’t have to. It’s the most important step here, so more on that below.
- Add extra security: Two-factor or multifactor authentication (MFA) adds enough friction to stop lazy hackers and might alert you if the good ones are going after you. Turn it on for any financial account, your email account and your cellphone provider. Make sure you put a PIN on your cell account to prevent SIM swapping.
- Set up alerts: Turn on notifications for your bank and credit accounts so you know instantly if there are big charges or withdrawals. Train yourself not to ignore these. It could save your butt.
- Freeze your credit: I did this proactively, and I recommend you do, too. Steps here for all four (yes, four) credit agencies.
- Once a month doesn’t cut it: Set a calendar reminder if you have to and scan your accounts once a week. Catching suspicious activity early can save you a lot of trouble.
A few simple habits can make a world of difference in keeping your personal information safe. So do the right tools.
Unsecure page error: 5 things to try if you get this warning
There are countless threats on the internet, from scams to malware-infested websites. Then there are unsecured websites, which your browser warns you about. If you get a message that says, “Your connection is not private,” you might jolt in alarm.
Wipe your mouth! There’s a tiny amount of BS on your lips: The FCC approved a “U.S. Cyber Trust Mark” label for smart devices that meet their cybersecurity standards. No word on criteria yet, but expect rules around data privacy, regular updates and issue detection. Most internet-connected devices qualify … but not computers and phones, which we all use all the time.
40% increase
In phishing attacks, thanks to one trick. Cybercriminals buy up super-cheap and easy-to-register domain extensions like .shop, .top, .xyz, .vip and .club. If you see one, move on.
Why I used Incogni to wipe my info off the internet
I got this note the other day from Mike S. (Hi, Mike! 👋): “Next time you talk about Incogni, maybe you can do a deep dive?”
Mike, you’re not the only reader who’s asked for a more in-depth look at how Incogni works and why I chose it to wipe my info from data broker sites. I picked this service before they became a sponsor. So, without further ado …
Bank fraud is rising – How to protect yourself
The scams don’t stop — and here’s another one you need to know about. Your phone rings. It’s a rep from your bank, and they’re warning your account has been compromised. You’re smart, so you immediately suspect it’s a scam.
🔐 5 tools to lock down your cybersecurity: I work with brands I trust to keep you secure. Hit this page to see the tools I recommend.
🇨🇳 Communist China hacked the U.S. Treasury: They stole a key from a third-party cybersecurity firm called BeyondTrust (ironic name) on Dec. 8 to take a good, long look and steal a ton of unclassified docs. The U.S. Cybersecurity and Infrastructure Security Agency and FBI are still sussing out how bad the breach was. China denies everything, of course.
🇷🇺 So long and farewell, comrade: The U.S. government banned Kaspersky Lab and its cybersecurity products over the company’s ties to the Kremlin. If you’re using Kaspersky for your antivirus protection, try my antivirus pick instead.
🎓 Hit or MIS: It’s a tough job market for computer science grads. The tech hiring boom has gone bust, with mass layoffs and fewer openings. Some opt for a Master of Management Information Systems (MIS) degree to ride out the downturn. These jobs pay roughly $112,000 a year for master’s grads, compared to $72,000 annually with only a bachelor’s degree. I’d rather see you get a cybersecurity or AI degree.
🍩 Krispy Kreme’s security hole: The doughnut giant’s fessing up about a Nov. 29 security breach that took down its online ordering system in parts of the U.S. Along with your credit card details, it’s a safe bet your deep, dark secrets (like how many times you bought a doughnut on the way to work) were leaked, too. Sing it with me: “Doughnut go breaking my heart. I couldn’t if I fried.” Yeah, that was bad.
Small-biz tip: Don't overlook this digital danger
Are you the type of business owner who forgets about ex-employees as soon as they’re gone? Failing to remove former employees’ access to your systems and data could lead to security breaches. Don’t let poor offboarding practices be the weak link in your cybersecurity chain.
10 things you should never say to an AI chatbot
This is a heartbreaking story out of Florida. Megan Garcia thought her 14-year-old son was spending all his time playing video games. She had no idea he was having abusive, in-depth and sexual conversations with a chatbot powered by the app Character AI.
Why you can’t access some sites while you’re on a VPN and what to do
Let’s say you’re browsing the web with a VPN. You’re protecting privacy, so you’re confident hackers and advertisers can’t track you. Then you try to go to a site, and it just won’t load.
This can throw a wrench into productivity when working. Or it can ruin your mood when trying to have fun online.
Biggest hack in US history: How to encrypt your communications
I’ve been talking about it for weeks, and now it’s all over the news: Communist Chinese hackers infiltrated telecommunications giants like AT&T and Verizon and wormed their way into government surveillance systems. The massive breach was detected over a month ago, but it’s been going on for over a year.
Another scammer is now rich: A retired Florida therapist thought she was helping the FBI take down a Mexican cartel. Really, scammers convinced her to wire $600,000 from her retirement account to a protected “government locker.” Her banks tried to warn her, but she was fed a script to get them off her back. How awful.
Don’t fall for it! Hackers are trying to get you to scam yourself
You’re pulling your hair out, trying to fix something on your computer. You Google it and find what looks like a helpful website or a tutorial with easy step-by-step instructions.
Phew, you’re finally solving your problem, but hold up! You’ve just walked into a “scam-yourself” attack. Cybercreeps use this clever strategy to trick you into compromising your tech so they don’t have to do the dirty work.
iScam, you scam: Cybercriminals are sending fake emails claiming your Apple ID is suspended, urging you to click a link to “verify” your info. Don’t fall for it. Apple never asks for sensitive info via email.
Russian hackers at work: They exploited two security flaws in web browsers Firefox and Tor to plant malware. Mozilla and Microsoft patched the issues, so update ASAP. Restart your browser (or browsers), then, in Windows, go to Start > Settings > Update & Security > Windows Update and hit Check for updates.