Why did you decide to write Hack-Proof Your Life Now?
Back in 2013, we’d been following the growing concerns about identity theft for quite a few years. We work with financial planners and it’s a topic many of their clients are deeply concerned about. Once the Target breach hit late that year, we began to realize a few things: Everyone’s personal identifiable information is at risk. The companies and institutions we’ve shared that information with have done a terrible job of protecting it. The online security advice being offered to the general public seemed fragmented, overwhelming, wrong, or incomprehensible. Yet, we could see that there were clear, sensible steps anyone could take to easily improve their security. Even today, you’ll read an article in a major national newspaper or website about a new threat—say, for instance, the growing threat of ransomware against people or their employers. The article will be intriguing, well-written, and researched, yet it will often offer no discussion about the steps anyone can take to inoculate themselves or their company against falling victim to the blackmail threats of ransomware. The public gets all the scare and not a single solution. In our book, we certainly take the time to tell our readers stories about the new threats and types of victims who’ve succumbed. But then we give them do-able solutions. We tell you exactly what you need to do to ensure that you don’t suffer the same way. We didn’t see anyone really offering a personal system of consolidated and do-able actions that measure and boost your cybersecurity.
What new knowledge did you gain whilst writing the book?
Most people still don’t realize the importance of two-step verification for their email and financial accounts. Very few people do this even though it is now widely available and easy to accomplish. It’s a great feature because you’ll be instantly notified if any hacker starts hammering at your accounts. Should a hacker get as far as knowing and using a valid username to access your email or any financial account, they’ll be stopped and you’ll be notified with the alert to complete the second part of the login process. Since you didn’t initiate the first part and the hacker can’t receive the second part, you’ll know a failed attempt to hack your account has transpired and you can investigate. But as long as you have the second part of the two-step login, you’ll know you’re safe. Hardly anyone is putting two-step verification on their email and financial accounts. Below is the beginning of the first part of Hack-Proof Your Life Now!
Increase Your Stealth,
Boost Your Security
Regardless of anyone’s Cybersecurity Score, we must accept and act upon the strong likelihood that hackers already compromised our personal security. The theft happened some time during the last few years, as the world witnessed an unprecedented wave of cyber attacks and data breaches. Just consider this: Security experts estimate that fraudsters send upward of thirty-four trillion emails per year—ninety-four billion per day. Ninety percent of all spam carries malicious attachments or dangerous links aimed at stealing your money.1 Some of those poisoned emails triggered break-ins of corporate and government computer systems that led to your birth date, Social Security number, employment history, residential addresses, and other identifying data falling into the hands of nefarious organizations. We all know someone whose email account was hacked, credit card or bank account falsely used, or identity stolen. A few years ago, it was estimated that more than thirteen million people suffer from identity theft each year—that’s one new victim every two seconds.2 One study by Consumer Reports estimates that in recent years, cybercriminals stole the personal identifying information of more than seventy million Americans.3 In 2016, the Identity Theft Resource Center estimated that nearly 170 million records were stolen the previous year.4 The number of victims keeps growing and almost every adult has a connection to an organization penetrated by hackers in recent years.
Data Breach Victims
Here’s a partial list of companies and organizations that have lost control over some or all of their customer data since 2005: Adobe, TD Ameritrade, Anthem, AOL, AT&T, Bank of America, Bank of New York Mellon, Blue Cross/Blue Shield, P.F. Chang’s, Card Systems, Chicago voter database, Citigroup, Community Health Systems, Countrywide Financial Corp., Dairy Queen, eBay, Evernote, Experian/Court Ventures, Facebook, Fidelity National Information Services, Gawker, Global Payments, Inc., Goodwill, Hannaford Brothers, HealthNet, Heartland Payment Systems/Certegy Check Services Inc., Horizon Blue Cross Blue Shield of New Jersey, Home Depot, Honda, Hyatt Hotels, Internal Revenue Service, Jimmy John’s, Kmart, LivingSocial, Ashley Madison, T.J. Maxx, MBIA Inc., Michael’s, JPMorgan Chase, Nationwide Mutual Insurance Company and Allied Insurance, National Archive and Records Administration, Neiman Marcus, Office of Personnel Management, Office of the Texas Attorney General, Oklahoma Department of Human Services, Premera Blue Cross Blue Shield, RSA Security, Sally Beauty, Scottrade, Sony Corporation, South Carolina Department of Revenue, Target, T-Mobile, U.S. Department of Veterans Affairs, RBS Worldpay, Wyndham Hotels and Resorts, and Zappos.5 Staggering, isn’t it? Yet the statistics don’t count organizations (public and private) that were hacked but said nothing about it, or those organizations that have hackers prowling inside their networks right now and simply don’t know it.
A New Level of Stealth Required
Stolen personal data can deliver big paydays for thieves who routinely buy and sell swiped information used to impersonate us in cyber frauds. Individually, the prices your personal details command seem small: For instance, hackers receive just two dollars for selling one Walmart login6 and up to eight dollars for one iTunes login.7 But when miscreants possess millions of credentials to sell, the value of the digital booty adds up: Experts estimate that swiped personal information translates into fraudulent activities valued at $16 billion a year.8 While you can’t stop hackers from sweeping up your data held by corporations and governments, you can make it fruitless for criminals to use. More importantly, by adopting a new level of secrecy in a few critical aspects of your life—drawing a tighter security ring around your personal and financial data—you can boost your security and regain confidence that you’ll be safe from most types of cyber fraud. Once you learn the New Cybersecurity Rules and complete the action steps in this first section, you’ll have a new approach to email, new security measures to block hackers, new ways to handle passwords, new methods to safely connect to the Internet at home and in public, plus clear directions on keeping your connected devices safe and enjoying social media without worry. Follow our recommendations and your Cybersecurity Score will improve as you start to hack-proof your life. Your Email Address Is the Key to Your Digital Life: It Shouldn’t Be Everywhere!
The Case of the Professor Who Hacked
His Friend’s Bank Account
HACK REPORT: Herbert Thompson, a software security expert and professor, wanted to show how easy it is to break into a person’s online bank account. He decided to conduct an experiment and recruited his wife’s friend as his target. Writing in Scientific American, Thompson detailed the steps he took to unlock the woman’s bank account.1 He started with only her name, hometown, and employer. The professor knew that one little personal fact often provides a stepping stone that unravels someone’s entire weak security system. So he Googled the woman’s name and discovered two sources of information about her: an old résumé and a personal blog. Both would prove critical to Thompson’s challenge—the blog contained the woman’s personal email address and the résumé included her college email. Pulling up the school’s email login page first, he used the “reset password” feature to start the break-in. The system asked Thompson to answer a security question about the woman’s birthday. He knew the answer, because she had discussed it on her blog. Voilà! Thompson had cracked her alumni email. From there, Thompson could see a possible path to the woman’s bank account. First, he needed to crack her personal email, so he went to that account’s login page and started another reset password request, which sent an email to her secondary address—the college email account he now controlled. Again he answered the account’s challenge question with facts gleaned from the résumé and blog posts, breaking the security of her personal email address and changing its password. Now he was just one step from the woman’s bank account, which used her personal email. Once more Thompson used the reset password feature for her online banking and answered the security questions with details from her résumé and blog (pet name, phone number, college). That’s all the professor needed. He cracked the account’s security, changed its password, and had instant access to the money. Mission accomplished. “Her whole digital identity sat precariously on the foundation of her college email account; once I had access to it, the rest of the security defenses fell like a row of dominoes,” Thompson wrote. “For many of us, the abundance of personal information we put online combined with the popular model of sending a password reset email has our online security resting unsteadily on the shoulders of one or two email accounts.” Thompson’s experiment demonstrated the many pitfalls and weaknesses we face with our cybersecurity. Our personal identifying information appears in many places on the Internet, and it’s hard to hide or remove. Hackers can find it, too.
Rule #1: Create a Secret Email Address
for Your Financial Accounts
Secrecy is an essential ingredient to a stronger, more secure digital life and something we all need more of in this age. Being more private, more discreet, indeed more secret is simply a must. And this secrecy starts with your email. Let’s look at what happens when a hacker tricks you into revealing enough of your personal data to seize your email account—or gains entry other ways. You must understand the danger before you learn our New Cybersecurity Rules about email and passwords. For many of us, our primary email address, whether personal or business, unlocks the rest of our digital life. Once a cyber crook seizes any email account linked to other logins, such as online banking, he just needs to run a “reset password” request to start causing trouble. And getting hacked involves a wider violation than just the loss of money. As our communication choices have expanded from paper to computers to tablets and smartphones, we’ve all become digital citizens with vast amounts of our personal lives recorded on the Internet. While we think our username and password protect us, once a hacker pilfers our email credentials, he gains a commanding view over our lives. Let’s look at what an email breach exposes.
Anatomy of an Email Hack
For starters, a break-in of your primary email account exposes your private life: your correspondences, names, addresses, phone numbers, appointments, emails, birth dates, and passwords, plus photos, videos, or other recordings. Suddenly, the hacker possesses a trove of your personal information. Any social media sites you frequent also become vulnerable, including your accounts at Facebook, Twitter, Instagram, and Pinterest. In addition, a hacker can view your online public life: organizations you support, donations you’ve made, and petitions you have signed. The threats even bleed into your medical life. People communicate with their doctors (and insurance companies) by email and log in to “patient portals” to review tests and discuss medications, treatments, and payments. The wider use of electronic medical records (EMR) only heightens the danger of an email hack. Your inbox also may reflect your business life. It contains your contacts, company documents, meeting notes, client notes, competitive intelligence, expense reports, employee reviews, salary records, business plans, and other sensitive files. The same is true about your community life. If you sit on a committee or board of a local nonprofit, hackers can access sensitive documents including capital plans, donor lists, fundraising strategies, volunteer problems, board politics, staff issues, and communication with executive staff.
Email Address Vulnerability
Finally, and most importantly, your email account opens the door to your financial life: checking and savings, debit, direct deposit, credit card, PayPal, and other services. Quickly the hacker who invades your email account and resets your password exercises vast control over your digital life. Shocked barely conveys the violation when you view your loss of privacy through the lens of an email hack. Now you can understand why security experts say that when a hacker owns your email, he owns your life, at least on the Internet.2 Stopping that from ever happening requires a mindset of Secrecy—a key element to stronger cybersecurity. We don’t think twice about sharing our email address with countless businesses, organizations, and people. If you’ve used the Internet for any amount of time, you have entered your address at dozens of online accounts for shopping, traveling, exercising, gaming, dating, and hundreds of other activities. But having your email addresses in so many hacked databases puts you at a significant risk. Our stolen personal data, paired with questionable security, puts the criminals in position to seize our email, break into other accounts linked to that address, and inflict mayhem.3
Reduce Your Digital Footprint
We need to protect our most important accounts from this fate. You may not care if someone hacks your Food Network account, but you don’t want your online banking exposed in the same way. Using the same email address for each is not a safe practice. Reduce your digital footprint by creating a secret email address for your financial accounts.4 You want to eliminate the chance that the email address you’ve used for dozens of websites—including banking—gets scooped up in the next gigantic data breach. Make sure your secret email address reveals nothing about you: Do not incorporate your first name, last name, initials, or other identifying personal information in your username. When selecting your password reset option, choose the most secure option available. Many email providers have started phasing out password recovery questions because the answers can often be found by searching on the Internet. Instead, many offer recovery phone numbers or recovery email addresses. When you need to reset your password, a code or link will be sent to you. Pick the more secure phone number reset option, since it would require the hacker to have access to your device to complete the break-in. You just don’t want your everyday email linked to your secret financial email address. By keeping them separate, you’re maintaining secrecy and increasing the likelihood that hackers never enter your bank account.
The information above can be used to track you, target you for ads, and monitor what you do online.
VPNs can help you hide this information from websites so that you are protected at all times. We recommend ExpressVPN — the #1 VPN out of over 350 providers we've tested. It has military-grade encryption and privacy features that will ensure your digital security, plus — it's currently offering 49% off.
Visit ExpressVPN