I received an email from one of my credit card security services.
It was not surprising but a bit startling, none-the-less. I have been expecting it.
It was a Compromised Social Security Number alert from one of my credit card companies: “We have located your Social Security number on a Dark Web site. Review the date your Social Security number was found as it may have been in the past.”
I attended a Cyber Security Conference a few weeks ago and was alarmed at how AI has influenced phishing emails to look real. I observed the URLs connected to the links on the email alert and it looked real, but just to be sure, I logged on to the credit card that sent the alert to verify they were the origin of the email.
Unfortunately, it was real.
ALL my identifiable personal details were found on the dark web. Name, email address, physical address, all my phone numbers, as well as my social security number. This is all personally identifiable information that is not easy to change or cannot be changed.
WHY WAS AT&T HACKED?
Pure and simple – $$$$$$$$ and to disrupt business at AT&T. AT&T’s hacking admittance is on the heels of the February service outage. Am I the only one wondering if the outage is somehow related to this current information? The investigators said no but it is a very strange and timely coincidence.
According to an April 2 press release post from Malwarebytes, “a hacker calling themselves ‘MajorNelson’, claimed it had been stolen from AT&T three years prior.” Another hacker released data on the dark web in 2021, stated from AT&T, but AT&T denied it. It took AT&T a few years to admit what had happened, and only when the information began being put up for sale on the dark web. So much for due diligence.
And because of that AT&T has warned that the affected customers should go back several years (pre-2019) to review their credit history and ensure there has been no identity theft.
HOW DO HACKS / BREACHES SUCCEED?
Typically, from poor password policies/enforcement, weak/non-existing antivirus security protections, not updating antiquated security systems, et al.
This could be summed up with humans not taking the danger seriously.
During the cyber security conference, all experts stated that the cause of most breaches is human.
NEVER ever click on a link in what looks like a valid email. ALWAY go to the source, whether it be your bank, credit card, Amazon, Facebook to verify and report the email.
IT IS THE YEAR 2024
Every dental practice, every healthcare practice, every business must have a highly knowledgeable, highly trained IT team in place to protect their customers’ information, their business information and their financial information. The ultimate responsibility falls upon the business to ensure their IT team is qualified and on top of it all. To believe nothing will happen to you is naïve and irresponsible.
The FBI speaker spoke of the high volume of hacking coming from Russia, China and North Korea. And with the onset of Artificial Intelligence (AI), that volume has increased. “AI is the amplifier of misconduct, by stealing or influencing.” AI makes the generation of phishing emails much easier. These emails are much more difficult to quickly identify as phishing. There are fewer grammar issues and misspellings. And AI has made the “virtual kidnapping” phone calls much more genuine sounding, as well as loads of bogus news clips and romance hoaxes.
ELECTION YEAR GENERATED AI
This is an election year. If you see any videos that support your candidate, do not believe it simply because it says what you believe to be true. I saw one yesterday circulating on Facebook that is obviously AI generated, that was shared by a friend. Please use common sense. Who does the video or meme or news alert appeal to and who does it benefit? The countries mentioned have their preferred candidate that they want to win our election, and the FBI stated the AI emails and AI videos are alive and strong, increasing in number at a rapid rate.
AI SPAMBOTS
One of the FBI stories included how AI spambots try to scam and steal social media profiles to use for their own use. I know several people who have lost their Facebook profile, including all the pictures stored on their profile. That is why I strongly recommend turning on Facebook’s two-factor authentication and login alerts, so you would be notified of a login not on your device. I get weekly notifications that someone has tried to change my Facebook password, which in itself is probably a scam!
It is logical to assume that because my personally identifiable data is among 73 million AT&T users, the hackers will be making a bit of money reselling the information. What that financial landslide is funding, is anyone’s guess. Was the hack from Russia, China, North Korea or another self-serving country for financial gain? Strongly possibly.
Again, I cannot express firmly enough that everyone should lock their credit down at EACH of the credit bureaus. One bureau locked down does not stop fraudulent activity. Let me explain why.
From Experian’s website:
WHEN YOUR CREDIT IS LOCKED:
- Receive alerts if someone tries to access your file.
- All credit applications in your name are blocked.
- Easily unlock when you’re ready to apply for credit.
- Insurance companies and potential employers can still access your file.
Prior to a lender issuing credit, they run a credit report. VERY few of them run all three. Most of the lenders pick the strongest credit bureau for the area they are in and run a single report. The larger the loan amount, the lender may run a FICO score for all three, but not very often do they run individual reports from all three bureaus.
Because of this, you must be prudent and overprotective of your identity. Identity theft takes months and massive amounts of money to recover from. Locking your credit identity at all three bureaus is the ONLY response to the many numbers of financial institution breaches. Not to repeat myself but allow me to repeat myself for your well-being. Lock down at Experian, Equifax, and TransUnion.
HOW DOES IT HAPPEN?
It is possible that the hacker used AI to create a highly convincing email, sent to an unsuspecting employee’s AT&T corporate email address. It could have even been: “Hey Penelope – George wants to set up a meeting asap to discuss next month’s sales goals. Click here to schedule a time that works with your schedule.” This sounds completely viable and clicking the link unknowingly installs malware/ransomware/viruses, which opens the hacking gate.
In fact, the tone of the Cyber Security conference could have been called The Dangers of AI, Now and The Future.
I read daily from colleague’s posts of how they are using AI to help generate business. I understand it is here to stay. Have you heard that ChatGPT passed exams from four different law and business schools? ChatGPT learns (evolves) as it goes at an incrementally faster rate than any computer program thus far.
Forbes posted an interesting article Will ChatGPT Lead To Extinction or Elevation of Humanity? A Chilling Answer. In this article, it states the obvious: AI has no moral compass. Another quote from Katrina vanden Heuvel states “The people who understand it best are frightened by how quickly the technology has accelerated.” She suggests the scenario gets worse, citing a survey of AI experts in which almost half said the chance that AI would lead to human extinction was 10% or more.” I have also read articles that stated AI would lead to human uselessness.
I hear all this and remember the general feeling when Microsoft launched Windows 3.1, then Windows 95. On the front page of the USA Today newspaper was a list of all the programs that would not work with Windows 95, and the prediction of Window’s death, that it should be pulled from the market.
Doom and gloom. Gloom and doom.
USA Today got that a bit wrong, didn’t they? Windows 95 was a bit buggy, but it certainly did not die.
My takeaway from the Cyber Security conference?
AI IS HERE TO STAY SO TAKE THESE PRECAUTIONS NOW:
- Family safe word – your protection from very real sounding virtual kidnappings. In other words, if you received a phone call or text from someone you know that sounds weird or otherwise makes you feel uncomfortable, especially if they are asking for financial help, you could ask the communicator for the family password. If they use it, it is valid. This could be a single code word or a phrase that the entire family knows and agrees upon. Choose something unique and not normally used in conversation. This is so vitally important as voice cloning is on the rise.
- Have a team meeting (and family meeting) about emails and not clicking on any links, regardless of how real it looks.
- Create MultiFactor Authentication (MFA) for all financial institutions and other important used logins, like Facebook. Google has an external MFA application as well. I have implemented MFA on many sites. If you have access to something in the cloud, and it would cause great pain should it be compromised by an outside source, you need multifactor authentication to add a layer of protection.
- Check to ensure your passwords are a healthy combination of upper- and lower-case letters, numbers and symbols. If you need a password vault, like Keeper, get one. If the password requirement is a minimum of 10 characters, use 15. You must be proactive and determined to protect your identity and finances.
Every day I receive notifications of some new internet attack. In the midst of all this, my county appraisal district was the victim of a recent ransomware attack. They did not pay the ransom, thus the homeowner’s compromised information was up for sale on the dark web, which included social security numbers. Since they increased the market value of my home 67% in three years, I guess they need the additional tax revenue to strengthen their security systems.
Microsoft just published their Digital Defense Report 2023. The report supports what I have been trying to convince readers (and listeners): Human Operated Ransomware attacks are up over 200% and password-based attacks have increased nearly 80%. Please take this seriously.
And please share this information with your family and friends. It is time to start protecting yourself with stronger protocols.