Protecting Your Privacy January 24, 2024 by Paul Byrne privacy security good practices empowerment 4 Easy Things You Can Do To Protect Your Privacy in 2024 A few months ago, I listened to a podcast by Jack Rhysider, whose amazing podcast, Darknet Diaries, chronicles the exploits of both criminals and white hat hackers. In this particular episode, he discusses a scam where a hacker pretends to be a vendor for a company. They social engineer the accountant to get them to change the payment information for invoices. The podcast describes a successful hack against Facebook and Google who were billed for hundreds of millions of dollars. Even after listening, never did I think a company our size would not be subject to this kind of hack. Yet, lo and behold, less than two weeks ago, my accountant received an email appearing to be from me, asking for a list of our vendors and their contact information. Unfortunately, she put together a spreadsheet and responded to the email with said information. For the hacker, this was the first step of the process. We discovered the ruse when, in a weekly meeting, she mentioned the email and the spreadsheet. We examined the email. It was cleverly put together. The email was crafted to look like a legitimate request from me in conversation with a lawyer. We were being targeted with the same scam I had just heard about from Jack’s podcast! The following steps were taken to protect my accounts after hackers unsuccessfully attempted to open a loan account in my name: Purged (deleted) my accounts from old websites Reset all of my passwords Set up two-factor authentication on accounts I wanted to keep Deleted saved credit cards on non-subscription accounts In theory, step 4 will make online shopping a bit tedious. However, I’d prefer to use PayPal or Apple Pay in case the merchant does not use the same level of vaulting and safety Razoyo uses. When going through this process, I found that not all companies make it possible to delete your account. For your reading pleasure, here are some that I found: Websites that wouldn’t let me delete my account: Zappos Apptha - Magento extension developer Fusion Connect - BirchConnect BrainVire - ecomextension FME Extensions LoopNet / CoStar IKEA Magemart MagePlaza State of Minnesota Accounts that were not immediately deleted: Uprinting Websites and accounts without a 2-factor authentication option: Monopirce Apptha Fusion Connect - BirchConnect BrainVire - ecomextension FME Extensions - Magento Extensions IKEA LoopNet Magemart MagePlaza State of Minnesota Accounts with a weak 2-factor authentication implementation (i.e., only based on SMS, no authenticator option): Walmart If there’s a chance your site could be vulnerable or is currently under attack, contact us and we will be more than happy to provide you with a FREE consultation.