We spend a lot of time online, whether it is taking classes, reading the news, watching television, visiting social websites, or posting pictures. There are a lot of ways to pass the time in the inter-webs. We also store lots of information. I, myself, have four terabytes of storage on my server computer. I am not using it all, but I have plenty for when I need it. I store financial documents, homework, pictures, and music, just to hit the basics. However, a lot of people have moved to cloud-based storage. One such service, iCloud, was recently hacked.
With the iCloud hack, some very personal photos of celebrities were leaked onto the internet. Information that was supposed to be safe and secure was compromised. How, you might ask? It appears, while reading Smith's article, as though security vulnerabilities outside of Apple's control were to blame; at least, that is what Apple wants you to believe. In fact, reading through the articles by Reed and Leyden, I am led to believe it was a phishing scam that led to the vulnerabilities. This brought the question to my mind, how safe and secure do you really feel?
Phishing scams abound. It is the process by which a third party tries to gain access to your account by posing as the actual company you have an account with. As Leyden puts it, the iCloud case involves an SMS scam where users are sent a text message indicating there was an unauthorized attempt to gain access to their accounts. They must provide their ID and password or risk being locked completely out. Once you do that, it is too late; and, before you know it, your iCloud account is in the hands of mischievous bandits. You have just opened the door for the enemy.
Many would like to blame the companies for our blunder. After all, the email was from "them," wasn't it? However, most companies I have ever dealt with specifically state in their terms and/or frequently asked questions that they will never ask you for your user ID or password. If you ever receive a message stating you should provide it, look very, very carefully to ensure it is legitimate. It is not the company's fault that you let your guard down, momentarily, and allowed the enemy through the gates. So, how can you combat these false requests for information?
There are several things you can do to help protect yourself and your information online. For sites that require a password, as Schneier states, you can use a password manager. I use Google Chrome as my browser of choice and I love the fact that it has a built-in password manager. It even auto-fills the usernames and passwords for me when I return to sites. While Schneier discusses his password manager and how auto-fill prevents inadvertently entering a phony site, I would argue that Google Chrome's manager will only auto-fill the information if the domain is the same. Visiting PayPal.com will load my username and password; however, if I were to visit MyPayPal.com, it would not. You should look at this address on your browser when you visit it. If the URL does not look like the one tied to the company, LEAVE! Many phishing links arrive via email. An easy way to determine if the link is legitimate is to hover over it. The text of the link may say PayPal, but the link may take you to mypaypal.com, not the legitimate site.
In the end, companies can only do so much to protect you and your information. You should feel secure in the online environment and trust that companies will hold up their end of the bargain. However, they are relying on your just as much to keep your information safe and secure. The next time you get a strange email or text message, do a little investigation of your own. It might just be the next attempt at phishing information from consumers.
References
Leyden, John. "Something Smells PHISHY: It's the Celeb Nudie ICloud PERV Trap..." The Register. The Register, 04 Sept. 2014. Web. 07 Sept. 2014. <http://www.theregister.co.uk/2014/09/04/icloud_privacy_flap_phishing_warning/>.
Reed, Brad. "Apple Provides Key New Details on the Massive ICloud Hack of Nude Celebrity Pics." BGR. BGR Media, 02 Sept. 2014. Web. 07 Sept. 2014. <https://bgr.com/2014/09/02/apple-icloud-nude-celebrity-pictures-hack/>.
Schneier, Bruce. "Schneier on Security." Schneier on Security. Bruce Schneier, 05 Sept. 2014. Web. 07 Sept. 2014. <https://www.schneier.com/blog/archives/2014/09/security_of_pas.html>.
Smith, Chris. "Tim Cook Vows to Improve ICloud Security, Prevent Future ‘nudegates’." Yahoo! News. Yahoo!, 05 Sept. 2014. Web. 07 Sept. 2014. <http://news.yahoo.com/tim-cook-vows-improve-icloud-security-prevent-future-153310951.html>.
No comments:
Post a Comment