5 Million Credit and Debit Cards Are For Sale. The average internet consumer will not participate in this sale, but if you shop on the dark web, you could.
This data breach, sponsored by Saks and Lord & Taylor customers, is a result of a mafia hacker group known as Joker’s Stash. The group was also behind the Whole Food, Chipotle and Trump Hotel breach.
Though not yet confirmed, some news sources are speculating, a particular talent of theirs, that an employee clicked on a phishing email and opened an executable file, which is akin to holding the server’s door open for the hackers and rolling out the red carpet. This type of hack happens too often to too many.
There are two aspects of this breach that must be addressed:
Debit Cards. Do not use your debit cards for retail, restaurants or internet purchases. I personally do not even use my debit card any longer. A debit card is the gateway to your bank account. Some banks are offering purchase protection in case of a breach, but it is not worth the time it will take to untangle the mess it will create. Use your debit card at your own high risk.
Employees and emails in your business. The beauty of an email service, such as Google, is that the email service does not download to the accessing computer. The hacking risk is greater if your business downloads emails to the computers using a software program such as Outlook. All the security implementation installed cannot prevent an unsuspecting employee from clicking a virus contained or phishing email. Phishing emails are often branded, looking like a reputable company with matching logo – a bank, an insurance company, a business.
The email will often say you need to change your password, update your information or something else that compels you to urgent action – fear based. Their goal is your logins and passwords. Some links will even lead you to what looks like the “bank’s” valid website. Do not be fooled. Again, the goal is to obtain your logins and passwords. They will do what they can to obtain that information. Then when they have access through what you have provided them, they can wreak havoc [enter stage right – Saks and Lord & Taylor.]
Never, and I mean never, click on email links or open any attachments from senders you do not know. And never assume the sender is the true “sender.” If you have an account at the “sender’s” business, go to their main website to see if it states you need to update any information.
For reference, I once received an email from “Paypal,” and while it looked legitimate, I called Paypal to confirm. Surprisingly, it was actually them. I then I asked what insane person at Paypal thought it would be a good idea to send emails to confirm personal information in the phishing email world we live in. I have not gotten another email from them since.
Update your anti-virus, anti-spyware, filters and firewalls/vpns and update your employees as well – never ever assume your employees know about phishing emails and how dangerous they can be.
Beware of pop-up warnings on your computers or smart devices that state you have a virus. Do NOT click on anything. Close the window and move on. It might also be a good idea to run anti-virus and anti-spyware programs for peace of mind.
Speaking of anti-virus and anti-spyware software, they’re not running at their best if they’re not routinely updated. Setting the software to automatically download and update will provide you maximum protection for all software. This also includes your QuickBooks software. Some of the updates are security enhancements to keep your data protected. Click Install Now when you see that message.
Welcome to the Information Age was March’s eNewsletter and it contains a plethora of information for you and your business. I will keep writing about ways to protect your business and yourself but it is up to you to implement!