I've been noticing several attempted charges of 88¢ against my privacy.com cards.
I'm glad it exists for any site that seems sketchy or any time I have to verbally give a CC number.
But stay vigilant. A small charge could be a probe charge or it could be there just to drain a little money from lots of people, hoping that small charges would go undetected.
It's cybersecurity awareness month.
I don't have much to pay right now, but go through the #cososec and #securityhygiene tags.
Remember: Cyber Safely 😜
Some re-hashing of old advice:
URL Shorteners.
Don't use them, don't click on shortened links.
Yeah, thy can get you under that 500 character limit... but at what cost?
They can be used malevolently: a writeup espousing something great, but a link to a nefarious site ready to install a bitcoin miner on your system.
And don't use them, because we don't know that they aren't malicious, and won't click on them.
Some #securityHygiene advice: CoSo allows you to set up 2 factor authentication.
It's a small road bump at first, but a huge deterrent to account takeover attempts.
Combined with a strong unique password stored in a password manager, this will cover all but the best nation-state funded account takeover attempts.
US Nauts - Starting weds.
https://www.covidtests.gov/ will start giving away Covid tests.
Be wary of look-alike sites, I'm sure there are already plans to grab typoed domains.
^^ BTW: Don't do this.
use a password manager.
Be careful where you type your password.
But never do this.
Seriously
Biggest takeaway - if you get a SMS message purporting to be from a bank or company you do business with, go to the business's homepage directly, and not through the link in the text message.
https://arstechnica.com/information-technology/2021/11/securing-your-digital-life-part-3
I know I've posted my "Don't use link shorteners" spiel in both #CoSoSec and #SecurityHygiene
But don't just take my work for it: https://gcs.civilservice.gov.uk/blog/link-shorteners-the-long-and-short-of-why-you-shouldnt-use-them/
The one exception is when you need an easy-to-remember link you're displaying in a physical space somewhere.
Conversely don't click on shortened links - don't trust them, ask the original sender to send you the actual link. (This goes for apple news too since many of us don't use iphones/macs)
Apparently it's Safer Internet Day.
So, here's my list for the average user:
1. Use a #PasswordManager
2. Use an ad-blocker whenever possible. (lots of malware comes from ads)
3. Turn on 2 Factor Authentication (a.k.a. 2FA, MFA) whenever possible.
4. If you see something outrageous, really think about that link, the source, the probable outcome and if you really need to expose your computer or mental health to that.
5. Backup your devices to non-connected media.
BTW, if anybody /did/ have a parler account (no judgement), and if you reused a password for it (ok, a little judgement there) then you may want to reconsider changing your password for every other place you reused it. It would be a great time to pick up a password manager.
I know I haven't posted one lately, but some might want a refresher, some might be new to it.
Use a password manager.
Most account compromises occur because a username/password combination was lifted off one breach and tried (successfully) on another site.
A pwd manager mitigates this because it can generate a unique password for each site and stores it so you don't have to remember hundreds of passwords: just 2. One for your computer, one for your pwd manager.
Just a reminder, turn on 2 factor authentication on any site you remotely care about.
https://lifehacker.com/dont-wait-for-microsoft-to-reset-your-accounts-password-1840272138
Don't bother for throw away accounts, but you should always have *something* other than a username/password protecting anything you care about.
And not all 2FAs are created equal. Hardware tokens are the best, followed closely by App-based (time based) 2fa. Lagging far behind is phone/SMS based and "better than nothing" is email-based 2FA.
1/2
It's confirmed: The Disney + hack was due to credential stuffing.
Yet another reason to USE A PASSWORD MANAGER AND A UNIQUE PASSWORD PER SITE!
Don't be these people.
Use a password manager. Make sure you use it to create random passwords that even you can't remember.
longer is better
Turn on 2FA, ok?
I know... I've said this before
2FA or 2 factor authentication is a way to prevent hostile takeover of your online accounts.