Nothing to see here...
October 2022 – MTA Communications
Categories
Cybersecurity News & Alerts

5 Ways to Minimize Your Risks After a Data Breach Alert


Prevent your data from being used against you

Data breaches happen constantly. Unfortunately, no matter how effective your personal online security is, you cannot prevent attackers from stealing your private information from a service you’ve used.

Some breaches only include passwords, but often criminals find ways to steal bank card information, social security numbers, and other crucial pieces of personally identifiable information. These compromises and the leaks that follow can expose your private data to online criminals, who can use that information to fuel phishing attacks, fraud and even identity theft.

F-Secure Labs also notes that a data breach doesn’t just put your information at risk, because following an account takeover your personal details may then be used by criminals to commit further online crimes against other individuals.

“We have seen, for example, cryptocurrency scams promoted by stolen Youtube or Twitter accounts,” says Maria Dacuno, Senior Researcher at F-Secure Labs.

But you shouldn’t feel singled out if your details are included in a breach, because just about everyone who uses the internet will eventually get a data breach alert. And in this post you’ll find out the five steps you should take as soon as you get one, which will help prevent your data from being used against you.

1. Change that password—and any similar password

In the aftermath of a breach, publicity will often lead to websites of the affected services or companies being overloaded with worried individuals, all trying to check their data. In addition, the security team of a breached company may restrict your account access while they assess the damage.

After a few days, though, the breached service will likely be accessible. That’s when you should login and change your password to a new, longer, unique password.

And you should change your password for any service that has been breached, regardless of whether a company told you that your information was affected by the cyber attack. If you have used the same password, or any variation of this password–for example, adding a number or symbol to the end of the password for use on another service–you should also change those passwords.

And it is worth noting here that password tricks, like adding a number or slightly varying the ending of a password for use on multiple logins, add absolutely no additional security to your recycled passwords. And whilst your password may be breached, there are steps you can take to ensure that your account remains secure. According to F-Secure Labs one of the best ways to do this is to make sure that you turn on multi-factor authentication (MFA) for this and every account where it’s available.

“Multi-factor authentication in general adds a layer of protection for your accounts,” says Dacuno. “However, enforcing an MFA through a more secure method like an authenticator app is highly recommended.”

2. Check your cards

Following a breach alert you should check your account on the compromised service and immediately delete any stored bank or credit cards.

In general, it is good practice to avoid storing card details with any online services. So, this is a good time to remove any stored financial account information for any of your online services, unless absolutely necessary.

Even the most careful companies can be breached. And you do not want your cards to be part of any eventual breach.

3. Monitor and cancel

If you have been notified that your bank or credit card details have been leaked, you need to take immediate action. Call your bank and cancel your card.

This is a huge inconvenience, but necessary, especially if you do not have an alternative card to use, or have automatic payments set up with this card. You will have to wait for a new card to arrive, which can take days, or even weeks. But This is exactly why it is good practice to never save your cards with online services.

You should monitor the transactions on any card connected to a breached service, whether you were informed that card data was breached or not. Check for suspicious activity on a weekly basis–at least–and be ready to contact your provider to cancel the card.

4. Consider temporary credit cards (US only)

Services like privacy.com allow you to generate a unique, limited, temporary credit card number. These temp cards reduce the risk of credit card compromise. However, such services, sadly, do not seem to be available outside the United States.

Temporary credit cards require extra effort. Yet they are worth your time–as they limit the damage of any individual service being breached. This strategy is like using unique passwords for every service: the uniqueness helps avoid a domino effect of one breach impacting your whole digital life.

5. Use a password manager

The best time to start using a password manager is before your data is breached. The second-best time is right now.

Not only is using a password manager the single best thing most people can do to improve their cyber security, it’s also much easier than most methods of storing and using secure data.

A password manager makes creating, saving, and using strong unique passwords for all your accounts easy. By simply using this tool many cyber security experts trust for their password and refusing to store your card numbers with any online services, your risks of data breach will be quite minimal. Especially if you do a good job of monitoring your online identity in general.

MTA Shield + ID Protection secures your passwords and your online identity

If your passwords and private data are breached, criminals can take over your accounts and steal your identity. ID theft is expensive and painful to fix. Preventing identity theft can save you money and time.

MTA has partnered with F-Secure, a global leader in cybersecurity, to build a solution so our members have the tools to stay safe online. Avoid data breaches and identity theft with 24/7 risk detection, secure browsing, and password management with MTA Shield.

Keep your data protected around the clock, with MTA Shield – designed to work specifically with our totalWiFi gateway.


Categories
Cybersecurity News & Alerts

5 Quick and Easy Ways to Avoid ID Theft


Identity theft has gone online

Identity theft happens when criminals use a victim’s identity to, for example, buying things and paying in installments. But to do this, criminals first need to steal your personal information, such as your name, phone number, birthday, social security number, address, and credit card number.

And the internet is a perfect place to find these details; social media, shopping accounts and other profiles are full of them. Of course, they can’t be accessed by just anyone. But cyber criminals have multiple ways of stealing information, and with identity data available in huge quantities online, it makes it far easier to use for fraud, with a small risk of getting caught. That’s why ID theft nowadays mostly happens online.

The damage can be severe and long-lasting

Repairing the damages of identity theft takes a lot of time and effort, with some victims only realizing that their identity has been stolen when they get bills or contacts from debtors. And as well as all the financial costs, becoming a victim can cause emotional distress, too. So, while the criminals walk away with the profits, the victim is left with all the consequences.

Anyone can become a victim of identity theft

When it comes to our personal information online, many people think they don’t have anything worth stealing. Or that nobody would bother trying to steal their identity. Unfortunately, this couldn’t be further from the truth. Online criminals are ruthless. They often prey on easy targets. And the victim’s wealth or lack of it doesn’t prevent identity theft. Because credit cards, payday loans and installment agreements can be acquired in anyone’s name.

But to do that, criminals first need to steal personal information.

Thankfully, though, there are a number of ways that you can make identity theft less likely, and by following the simple steps below you can protect your personal information.

1. Set your email address under 24/7 breach monitoring

Most online accounts are created with an email address and a password. When criminals breach an online service, they aim to steal the personal information within. Like passwords and email addresses. And if criminals manage to get their hands on this information, they have access to all the information in your account.

But if you don’t know about a data breach , you can’t really protect yourself from the damage. So set your email address for data breach monitoring. Once you’ve done this, when a service with an account created with it gets breached, you will get an alert. And if you change your password immediately, criminals will be left with your old password, and they can’t steal your data with that.

2. Use unique passwords

Passwords are keys to personal information in online accounts. Almost every online service uses them to restrict unauthorized access. Criminals steal passwords through data breaches, phishing  scams, malware, and intercepting web traffic.

Use unique passwords and you can protect your personal details online. By using unique passwords if your password gets compromised, the damage is limited to only one account. Whereas if you use the same password everywhere, all your accounts across the web are compromised. Use a password manager so you can store your unique passwords and have them at hand always when you need them. And use a strong password generator to make it as secure as possible.

3. Use antivirus software

Computer viruses and malware steal personal information. Some record your keystrokes when you type in passwords. Others go through your cookies, or the passwords saved on your browser. Stop them from stealing your data with an antivirus software. It’s easier and safer to prevent infection than to deal with a virus that’s already on your device.

4. Be careful when opening links and attachments

Phishing means tricking you into giving your personal information to criminals. Phishing sites, emails and messages often resemble a real and famous brand. They can look very convincing. URLs (aka the www. address of the page) on phishing sites may have just a one-character difference with that of an actual site. Same goes with email sender addresses.

So be careful. Don’t click any suspicious links or open attachments, especially in emails. They can lead to phishing sites and also include malware. And if you feed in your credentials, the site owner can then use them for ID theft. To avoid this, make sure to check the sender and the URL of the page before feeding in your info.

5. Use a VPN on public WiFi networks

Setting up a public WiFi hotspot is really easy. And nothing prevents naming it “Free airport WiFi”, “Hotel Guest”, etc. That’s why you can never know if a public WiFi network is safe. The network owner can intercept your usernames, passwords, messages, and bank information, if your connection is not secure.

But with a VPN , you can use any WiFi network without having to worry about criminals stealing your data. VPN encrypts your web traffic so outsiders can’t steal your passwords and other information from it.

MTA Shield+ ID Protection helps you avoid identity theft

If criminals steal your personal details, they can steal your identity. ID theft is costly, and fixing things takes long. Preventing identity theft can save you money and time.

MTA has partnered with F-Secure, a global leader in cybersecurity, to build a solution so our members have the tools to stay safe online. Avoid data breaches and identity theft with 24/7 risk detection, secure browsing, and password management with MTA Shield.

Keep your data protected around the clock, with MTA Shield – designed to work specifically with our totalWiFi gateway.


Categories
Cybersecurity News & Alerts

4 Steps to Take if Your Email has Been Pwned


What does being pwned mean?

Being pwned means that someone has taken control of your email address, or a user profile that has been created with it. And hacking an account is possibly the first step of identity theft, with online accounts often containing sensitive personal information, such as your credit card number, phone number, home address, and full name.

Identity theft can cause financial damage, intense personal stress, and a plethora of legal problems. And if your email account and password end up in the wrong hands, criminals can access your personal details and purchase goods in your name. Things can get even worse, though. Because if you have reused the same password and email on other accounts, criminals can access these profiles as well, increasing the risk of identity theft exponentially.

How does your email get pwned?

Your login credentials can be stolen in a data breach  – and there’s a significant data breach almost every week. So, it’s a good idea to regularly check if your information has been stolen in a data breach with F-Secure’s free Identity Theft Checker. But it doesn’t stop at data breaches. As your accounts can also be hacked through malware attacks, or through phishing  scams.

But there’s no need to panic. If your account has been pwned, here are four things you can do to mitigate the risk:

1. Make sure your antivirus and operating system are up to date

Viruses and spyware can steal personal information and login credentials. Having up-to-date antivirus and operating systems on your devices is important in protecting your accounts from being pwned. The majority of core software that we use is regularly updated by vendors to prevent hackers from utilizing flaws and vulnerabilities. So turn on automatic updates, which can save you from a lot of trouble if you do not yet have them enabled.

2. Scan your device for malware

If there is malware on your device, changing your account password isn’t enough. That’s because the attacker can steal your newly created password using malware. So, before you change any passwords, run a virus scan. If the scan detects an infection, deal with it first. If you already changed passwords, change them again. Because they might have already been compromised.

3. Now, change your passwords

Changing your password is the most important thing to do if your account has been pwned. If you have reused your password on other accounts, you should change passwords for those accounts as well.

Criminals will try to access accounts with payment details and other valuable data. But if the attacker has already changed your password to in a hacked account, don’t panic. You may still be able to restore your account through the “forgot your password” function.

4. Check your email settings

If your email account has been pwned, criminals can set it to automatically forward your messages to the attacker and to send malware, phishing scams, or spam. So check your settings and see if you find anything alarming.

You might also want to send an email to your contacts or post on social media that your email has been pwned, to warn against opening any attachments sent by you. This can save your contacts from being infected by malware.

How can you protect your email from being pwned?

Dealing with a compromised email address is possible, but the best course of action is to never let it happen in the first place. And you can cut that risk significantly by following these simple steps:

  1. Pay attention to the sender addresses of emails and SMS messages; don’t fall for phishing or smishing
  2. Be cautious when you open files, links, or install programs. Your bank or authorities don’t ask you to authenticate information online. Most likely you didn’t win a lottery prize either, and the “hot singles in your area” would probably use other methods to contact you
  3. Enabling two-factor authentication is essential in protecting your online accounts. That’s why many banks and service providers use it. Follow their example when possible
  4. Set your email address under 24/7 breach monitoring, and you’ll get alerts when a data breach including your personal information has occurred. This gives you time to change the password before anyone can get into your account
  5. And finally, always use unique passwords.

You can create unique passwords for free with F-Secure Strong Password Generator. Get a password manager, and you can then save all these passwords securely. This way they are always with you, and you can copy paste or autofill them when needed. It’s easier, safer, and faster.

MTA Shield + ID Protection – Full Online Protection

MTA has partnered with F-Secure, a global leader in cybersecurity, to build a solution so our members have the tools to stay safe online. Avoid data breaches and identity theft with 24/7 risk detection, secure browsing, and password management with MTA Shield.

Keep your data protected around the clock, with MTA Shield – designed to work specifically with our totalWiFi gateway.