Sticky Password

Consumers who fail to practice effective online security may quickly find themselves victims of identity theft. Passwords are one of the first and most important safeguards for keeping sensitive data safe from malicious criminals. However, many use identical credentials for all of their accounts or fail to ever update these phrases, making them a prime target for identity fraud.

Identity theft costs consumers a lot in the long run

USA Today reported that a majority of security breach victims have to replace their credit and debit cards, but identity theft incidents are much more costly beyond that process. The news source explained that people may spend years trying to restore bad credit from debt at the hands of thieves. Some consumers are forced into bankruptcy, struggle to borrow money or even lose their homes because of such malicious activity.

In addition to seeking passwords to take advantage of unsuspecting consumers, cybersecurity expert Mark Pribish said that identity thieves are also looking for ways to obtain user names, PIN numbers, Social Security numbers, banking data, insurance information, driver’s licenses, phone numbers and employment/student IDs, USA Today reported.

People who often access accounts online are vulnerable to identity theft because vendors fail to shore up weak points with their security measures. Mark Rasch (@mdrasch‎), a former federal cybercrime prosecutor and cybersecurity expert, said many businesses are content with reaching a settlement following security breaches rather than spending money to fix the problems with their systems, according to the news source. Law enforcement is not helping the matter, Rasch said.

“Police don’t want to be bothered,” Rasch said, USA Today reported. “It’s a difficult crime to investigate, and the feeling is, ‘Oh, we’re never going to catch these guys.’”

Identity theft becoming bigger problem for Americans

If 2013 follows a similar trend to 2012, Americans will experience the brunt of identity theft activity. A report by Javelin Strategy & Research found that 12.6 million Americans were identity fraud victims in 2012, increasing by more than 1 million from previous studies. Criminals cost people more than $21 billion last year, marking the highest total since 2009.

Jim Van Dyke, CEO of Javelin, said 2012 was a successful year for criminals and a difficult one for consumers.

“Consumers and institutions are now starting to act as partners – detecting and stopping fraud faster than ever before,” Van Dyke said. “But fraudsters are acting quicker than ever before and victimizing more consumers. Consumers must take data breach notifications more seriously and maintain vigilance to safeguard personal information, especially Social Security numbers.”

The study said that credit card information is the most popular type of data obtained by fraudsters, but other credentials are vulnerable as well. User names, passwords and Social Security numbers are other targets.

Passwords are often the first line of defense, yet most overlooked. Consumers who want to avoid the dangers and financial losses of identity theft should strongly consider ways to bolster their online security. Our password manager Sticky Password is a great way to generate complex credentials without the hassle of remembering such phrases. The tool is available for free, or a PRO version can be purchased to keep all of a person’s accounts safe from malicious criminals.

People can take other preventive measures to minimize their risk of experiencing identity theft. Javelin encouraged people to avoid mailing checks to pay bills, always have updated software on PCs and mobile devices, shred documents that contain sensitive information, employ direct deposit options for payroll checks and only connect to trusted WiFi locations. 

Do you know how secure are you online? Check it out in our infographic. And of course, lets discuss this topic under the post in comments.

Share/Bookmark

Social media websites are a hotbed for cybercriminals looking to take advantage of consumers with lax password security. People who participate in these channels on a regular basis may find themselves a victim of identity theft or other fraudulent activity if they are not careful.

People with ineffective passwords are prone to Identity theft

Members of the Blekinge Institute of Technology in Sweden said that many consumers are putting their sensitive information at risk with ineffective security practices. The team found that too many users have common credentials like “123456″ or even “password” as their passwords, which is just what sophisticated hackers are hoping for.

“Our results indicate that bad password strategies may be ‘taught away’, or that there would be a point in having good password strategies and online safety taught in primary or secondary school to increase security awareness,” the researchers explained.

Cybercriminals show little sign of slacking the immense pressure on consumers worldwide. Rather than use identical passwords for their social media websites, bank accounts and other channels, people should practice effective security measures. Industry professionals encourage the use of a password manager to keep sensitive information from falling into the wrong hands. One of the most tedious aspects of password security is simply remembering different phrases. A password manager generates credentials so people no longer have to endure such annoyances, while simultaneously gaining greater protection when browsing the internet.

A recent survey conducted by the Ponemon Institute for Nok Nok Labs found that consumers often fail to complete online transactions because they forget key information. Overall, roughly half of respondents said they cannot remember passwords, usernames or answers to security questions. Rather than experience such frustrations, people using a password manager no longer have to endure such struggles.

Please share this article with your friends if you find it interesting or leave us a comment if you have any questions or topics to discuss, we like to interact

Share/Bookmark

The cybersecurity landscape is a dangerous one, especially for unsuspecting consumers who neglect to update their passwords. How significant is this type of protection? Every two out of three adults who access the internet will be victims of cybercrime in their lifetime. Overall, 44 percent of crimes this type are reported by those between 40 and 59 years old.

Hackers stop at nothing to take advantage of people with ineffective security measures. In fact, 1.5 million people are victimized every day, which means that 18 consumers are attacked each second.

Passwords are often the first line of defense for people, but are the most overlooked. The average person has 26 online accounts that require passwords, but typically, people only use 5 different login phrases. As a result, more than 90 percent of login credentials are vulnerable to cybercriminals.

Tools like password generators and managers create secure passwords and track people’s credentials to ensure safe web browsing. Consumers shouldn’t use the same credentials for their accounts and disable “remember password” options on their browsers. Those accessing websites should always look for the HTTPS designation, which is a signal that the site is secure. If someone connects to public WiFi, it is essential to turn off the device’s file sharing function.

Hackers may not ever curb their malicious intent, but consumers no longer have to fall victim by neglecting password security.

We have prepared the following infographic so you can better understand all of the information mentioned before. Feel free to share this with everyone, there are share buttons below the post.

Cyber invasion infographic

Sources:

http://now-static.norton.com/now/en/pu/images/Promotions/2012/cybercrimeReport/2012_Norton_Cybercrime_Report_Master_FINAL_050912.pdf

http://lifehacker.com/5938980/how-secure-are-you-online-the-checklist

http://finance.yahoo.com/blogs/the-exchange/password-isn-t-safe-90-vulnerable-hacking-213820350.html

http://www.ic3.gov/media/annualreport/2011_IC3Report.pdf

Share/Bookmark

Hello our dear Sticky Password users, fans and enthusiasts,

we would like to share some great news with you and ask you for a little favor. We have been promising you a new version, tons of additional features and today we would like to offer a quick peek into the 7.0 user interface and website. We have changed the user interface of the application according to the web redesign, so:

• top left menu has been moved to one menu on the right called “Menu” – not final wording
• logo has been simplified
• colors are matching the new website design (which is final)
• added online synchronization area on the bottom of the dialog

What is the first thing that comes to mind when you see this?! Let us know so we can do some last minute adjustments. Comment under this blog post, let us know at support@stickypassword.com, or on our social media profiles, we listen everywhere.

Thank you very much

Sticky Password Team

Share/Bookmark

Evernote recently discovered malicious activity on its network, alerting all of its users that in order to protect their data, a password reset was necessary.

Cybercriminals frequently target popular channels, prompting many companies to reset users’ passwords to avoid further harm. Evernote recently discovered malicious activity on its network, alerting all of its users that in order to protect their data, the reset was necessary.

In a company blog post, Evernote explained that there is no evidence to suggest that any customer content was accessed, lost or altered during the incident. The report also indicated that users of its Evernote Business and Evernote Premium accounts did not have any of their payment information obtained either.

The malicious individuals, however, did obtain usernames and email addresses during the event, according to the report. Evernote encouraged users to follow some guidelines to protect their passwords by avoiding simple phrases that contain common dictionary words, and never use the same password for multiple accounts. The company indicated that consumers should never click on the “reset password” option requested in emails. If a person wants to change his or her password, it is best to go directly to the service’s website. You may also consider changing the password for other accounts like Twitter, Facebook and Apple , which servers have been hacked earlier this year.

Although many agree that using different passwords for various accounts is smart, it can be hassle for consumers to remember many passwords at once. Some may write this information down on a piece of paper to remember, but this is also dangerous. In addition to the simple problems that would come from losing the list, criminals who obtain this data can access a person’s online activity quite easily.

Instead of struggling to remember a bunch of different passwords, which may very well be weak to begin with, consumers can adopt a password manager to protect their online accounts. This means that people no longer have to come up with their own passwords again, instead relying on a tool that always safeguards their activity with hard-to-crack phrases.

We have a special 40% discount deal for our Blog readers – grab it now and save 40 % off the regular price.

Share/Bookmark

The latest Twitter hack in the past few days was targeted at Donald Trump’s official Twitter account (@realDonaldTrump). On Thursday afternoon when a tweet appeared on Trump’s Twitter profile saying “These hoes think they classy, well that’s the class I’m skippen”, everyone knew something was wrong. And it was. 15 minutes later the tweet was deleted and Trump’s account recovered. Then the profile said “My Twitter has been seriously hacked— and we are looking for the perpetrators.” We wish him luck to find the bad guys.

Donald Trump's Twitter hacked

Another hacking news story concerns Zendesk – customer service software and ticketing system – was hacked earlier this week and three of their clients were affected. Namely Twitter, Tumblr and Pinterest. It doesn’t look like any passwords were stolen, however email addresses and subject lines of users seeking support were.

The official Zendesk statement about the breach says: “Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system. We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support email subject lines. We notified our affected customers immediately and are working with them to assist in their response.”

It seems like the Twitter hack of 250,000 users started this whole “hacking spree”. Earlier this week the  Twitter accounts of BurgerKing and Jeep were hacked, also Apple and Facebook head some troubles too. Now we have Donald Trump and Zendesk, who’s next? Maybe it is time to change your passwords or strengthen your security policies.

And the last but not least: MTV and BET Twitter accounts appeared to be hacked, however they did this on purpose to get more followers and media attention. What do you think about that? Let us know in comments.

Share/Bookmark

Burger King, the US fast-food company, had its official Twitter account (@burgerking) compromised on Monday. Their Twitter profile picture was changed to the McDonalds logo and the background picture was switched to show a McDonald’s background and Fish McBites. Many posts were tweeted under the hacked account, with some of them containing racial oaths, drug use and obscene messages.

The scandal started with the tweet: “We just got sold to McDonald‘s! Look for McDonalds in a hood near you @DFNCTSC”.

Burger King official Twitter account hacked

According to Mashable “Burger King Twitter account gained 5,000 new followers in the first 30 minutes since the hackers took over.” And The Wall tells us that since the breach, Burger King gained 30,000 new Twitter followers. It’s probably safe to assume that most of these are gawking onlookers hoping to catch a little more excitement.

Burger King spokesman Bryson Thornton (@BrysonWThornton) apologized to customers in his statement: “Earlier today, our official BK Twitter Account was compromised by unauthorized users, upon learning of this incident, our social media teams immediately began working with Twitter security administrators to suspend the compromised account until we could re-establish our brand’s official Twitter page. We apologize to our loyal fans and followers, who might have received unauthorized tweets from our account. We are pleased to announce that the account is now active again.”

On February 1st Twitter acknowledged that hackers may have stolen 250,000 user names and passwords, but they also said that they notified users of the breach at that time. Which brings up the question of whether the owners of the hacked accounts took appropriate action to change their password when they were notified by Twitter. Of course, if they didn’t take action, or if their password really was “whopper123″, then it wouldn’t be hard for hackers to gain access to the account.

Either way, having secure, strong and unique passwords for your online accounts is a must. Having tens or hundreds of accounts makes it nearly impossible to remember strong passwords. That‘s when a password manager comes in handy and that is when Sticky Password is here for you.

Try Sticky Password and you won’t have any more password nightmares or bad Mondays like Burger King.

Recent update: Jeep Twitter account (@Jeep) was hacked on Tuesday, the day after Burger King was hacked. The background was changed to some gentleman riding around in a McDonald’s vehicle, and the account’s description claimed it has been sold to Cadillac.

Share/Bookmark

Twitter recently announced that as many as 250,00 users may have been impacted by a cyberattack.

Twitter recently experienced a security breach that impacted 250,000 of its users.

Password security is a must for anyone who logs into websites and social media accounts. The popularity of sites like Twitter has made such channels likely targets for dangerous cybercriminals.

In an official blog post, Twitter recently announced that as many as 250,00 users may have been impacted by a cyberattack. The hackers gained access to information like usernames, email addresses, encrypted/salted passwords and session tokens. The company said it noticed unusual activity and determined that there were unauthorized access attempts against the site.

As a result, Twitter reset its passwords and ended previous session tokens as a precaution, the company said.

“If your account was one of them, you will have recently received (or will shortly) an email from us at the address associated with your Twitter account notifying you that you will need to create a new
password,” Twitter Information Security Director Bob Lord (@boblord) said. “Your old password will not work when you try to log in to Twitter.”

Social media’s popularity has been impressive to say the least, but employees’ use of such channels is cause for concern among many businesses. According to research firm Gartner, 60 percent of all
companies will likely adopt social media monitoring programs by 2015 to protect themselves from cyberattacks.

As long as hundreds of millions of people are using social media, hackers will continue to target these channels in some capacity. Consumers looking for ways to protect themselves from such malicious activity can adopt password generators to ensure all of their accounts are backed by sophisticated phrasing that is never stagnant. The worst thing a person can do is use the same password for all of his or her accounts. And if you have generated strong and unique passwords for all your accounts, you have to remember them, change them regularly – in one word: manage them. Here comes password manager like Sticky Password in hand.

Share/Bookmark

Yesterday, I have received an email from PayPal – at least it appeared so at first glance – about limiting my PayPal account and that the PayPal system detected unusual charges to a credit card linked to my PayPal account. Since I found out immediately that it is a phishing email, I want to share this with you and give some advice how to avoid being caught in a phishing trap.

First of all I noticed that my PayPal account was not linked to the email address at which I received the PayPal notification email. I also noticed, that I received the email from paypal@service, which is kind of weird, isn’t it? It should have been sent from the paypal.com domain (actually they send such emails from service@paypal.com), not from services.com and also, this mail was sent to several other undisclosed users, which is not common behavior of PayPal emails and notifications: Especially when they are talking about a violation!

The email looked very authentic, however, there was the email address, which I have recognized that is not official and also the link in the email body – “Click here to activate your account” – which led to http://petshotzinc.com/usa/ which has nothing to do with PayPal, also when you Google this site, you will get some links from PhishTank and no official or reasonable results and resources which would assure you to go there and do something with your PayPal account. Luckily, when I launched this site, I didn’t get a “spoof” website, which is also a common practice of phishing emails, but I did get a warning from Google – “Suspected phishing site”. Phishing emails try to simulate the same site which is used for changing passwords or changing your account details, but only on a different domain, so if you do not pay attention, you can get caught in their phishing trap. Here is the screenshot of the phishing email, I have received:

Phishing email

Here are some instructions from PayPal on how to spot a fake email:

1. Sender’s address – the “From” line may include an official-looking address that mimics a genuine one. It’s easy to alter the sender’s email address – so don’t trust it.
2. Generic greetings – be wary of impersonal greetings like “Dear User,” or your email address. A legitimate PayPal email will always greet you by your first and last name.
3. Typos/Poor grammar – emails sent by well-known companies are almost always free of misspellings and grammatical errors.
4. False sense of urgency – many scam emails tell you that your account will be in jeopardy if something critical is not updated right away.
5. Fake links – these may look real, but they can lead you astray. Check where a link is going before you click by hovering over the URL in an email, and comparing it to the URL in the browser. If it looks suspicious, don’t click.
6. Attachments – A real email from PayPal will never include an attachment or software. Because they can contain spyware or viruses, you should never open an attachment unless you are 100% sure it’s legitimate.

Here is the official Guide to Phishing from PayPal, where you can learn how to avoid the phishing emails and how to recognize them.

However, phishing emails come from various vendors – eBay, Amazon, Google, Twitter, Facebook, banks and many others! Be aware, be careful and always read the emails, take some time to investigate if the email is real and that it isn’t a phishing email or scam. A couple of easy steps can save you from lot of problems like stolen identity, loss of money, etc.

Share/Bookmark

Yet another password hacking exploit highlights the question ‘how can I protect myself?’

The hack of Gawker (operator of technology sites Lifehacker, Jezebel, Gizmodo, Gawker, Kotaku, Deadspin, io9, Jalopnik and Fleshbot) servers exposed over 1.3 million accounts earlier this week and again brought attention to the vulnerability of even reputable websites.

The security breach uncovered the login details of people submitting comments on the several Gawker sites. This data was then used to hack the Twitter accounts of the individuals who use the same login and password for their Gawker site and Twitter.

Some steps to take if you have an account with one of the Gawker sites:

-        Check if your account has been exposed. http://www.didigetgawkered.com/ [Duo Security] has set up a site to help with this. Whether or not your account has been exposed, yet, make sure you change passwords for any sites associated with Gawker. Make sure you also change your Twitter password.

-        Pay attention to exploits. An awareness of the latest hacks and exploits will give you a chance to protect yourself.

-        Use a password manager like Sticky Password for strong and unique passwords for all of your logins. Make sure that the tool or program you choose is secure and easy to use, and don’t forget to use a consistent approach for all your sites.

As shown by the exposed data, we continue to see the same irresponsible passwords that have been revealed in hacks over the past two, three years and more. At the top of the list are always strings like ‘123456’, ‘password’, ‘qwerty’ and ‘abc123’. If a bad guy knows that he has a 10% chance of getting into an account using one of these passwords, then there’s a really good chance that that’s where he’ll start. And it gets worse, too many people use the same password on several sites. Just imagine the damage a hacker can do if he discovers that your email login and password are the same that you use for your online banking!

Take a little moment to think about that. About the importance of using strong, unique passwords and about using a tool like Sticky Password to managing them easily. It will save you lot of time, keep you out of troubles.

Share/Bookmark