How Are Cyber Crimes Committed? You Don’t Need The Dark Web

how-are-cyber-crimes-committed

Have you ever wondered how exactly a threat actor or cyber criminal gets access to your information? The truth is, it’s not as difficult as you think. Most of the data they need to target you for identity theft and other scams is already public information. We’ll think like a bad actor and walk you step by step through their process.

It starts with a news article. Let’s say Business Insider posts a list of the top jobs in tech, along with their annual salary. One of the jobs listed is VP of Public Policy for Facebook. You can find the name of the employee, Brian Rice, who holds that position on LinkedIn. So already you have a name, occupation, workplace and salary. 

Next, Whitepages.com lists two phone numbers and a home address for Brian Rice, along with the names and ages of several family members. Searching the address on Redfin reveals the estimated property value, the square footage, and photos of the home. And not just the street view, but photos of the interior and floor plans may be available if the realtor has forgotten to remove them once the house is sold. 

On to social media. If Brian Rice’s profile is public, you can learn all about his passions and interests, frequent location, and travel activities. There are photos of his children, and information about where they attend school. It’s easy to find the profiles of his wife, his mother, and other relatives, exposing even more personal data.

The exposure of your information to the public can lead to dire consequences. Bad actors can use this information for stalking, extortion and blackmail, home robbery, identity theft, credit card fraud, and other scams or criminal activity. It puts you, your children, your family, and your business at risk. 

Hush searches the web for your full digital footprint. All of the random data points that you would never think to look for–including audio, video, and photos–we find and eliminate them, reducing your digital footprint. Take control of your privacy, and take control of your life with Hush.

Categories: Uncategorized.

When Your Name Is In The Press, What Should You Share?

Whether you’re a small business owner, social media influencer, or other public figure, you probably know the value of publicity. You welcome attention from news articles or media because it has the potential to promote and grow your business. Publicity can help create a positive image for your brand and could even attract new clients. Plus, having your name in the press is a way to celebrate your career’s milestones and achievements.

While publicity can have a positive impact, exposing too much of your personal information is a threat to your personal privacy and security. News media outlets occasionally cross the line when it comes to invasion of privacy. For example, in a 2015 shooting in San Bernardino, reporters barged their way into the homes of the two suspects on live national television. They rooted through family photos, displaying Social Security cards and driver’s licenses of not only the suspects but their family members. Similar cases of doxxing have become more frequent in the last few years, with journalists digging up regular people’s personal information and using it against them.

Let’s say your name, job title, and salary is mentioned in a Business Insider article. If there’s enough public information out there about you, threat actors can create a dossier on you, track down where you live, and execute a robbery. Alternatively, they might assault your employees with social engineering scams, making your business vulnerable to a data breach. So, how do you protect yourself once your name is in lights? If having some public information out there is inevitable, you can still lessen your digital footprint to defend the more sensitive stuff.

You deserve the right to privacy. When being interviewed, protect your family members by not mentioning their names and avoid dropping hints about where you live. Avoid flaunting your wealth on social media, announcing that you’re going away on vacation, or sharing photos of your home. All of these advertise to bad actors that you’re a prime target, exposing you to physical threats, extortion, robbery, and kidnapping. Your perceived accessibility plays into your risk of becoming a target.

The best way to protect yourself and your information is to use Hush, a digital privacy service. We search the Internet for information that makes you vulnerable to threat actors. Once we find and flag it, you get to decide what stays or goes. We scrub the data points you prefer to keep private, and leave anything that brings value to your brand or business without putting you in harm’s way. Take control of your digital privacy with Hush.

Categories: Uncategorized.

Top 5 Ways To Protect Yourself From Cyberstalking

It probably comes as no surprise that the way men and women experience the Internet is vastly different. Women are three times as likely as men to experience online sexual harassment. Social media gives harassers a sense of power through anonymity, and they face few consequences even if they’re reported. Cyber harassment encompasses any behavior intended to cause discomfort or harm, including threatening comments and messages, inappropriate photos, cyberstalking, doxxing, and catfishing.

In severe cases, online abuse can lead to offline violence, with women being stalked or otherwise physically threatened. Online harassment can have long-term consequences on women’s mental health, taking an emotional toll and damaging their self-esteem. It’s not always realistic to simply log off or choose not to engage, especially if you’re a public figure and your job relies on your social media presence. That’s why it’s essential to have strategies to protect yourself online.

1.) Report and Block Abusers

How effective is reporting an account? While the results may not be instantaneous, reporting a harasser only takes a minute, so it’s worth your while. If more than one person files a report, it’s likely that their account will be suspended and investigated. In the meantime, block them and any other affiliated accounts.

2.) Hide Your Location Data

Maybe you’re out at happy hour with some co-workers. You snap a photo of your cocktail and post it to your IG story, geotagging the bar you’re at. Geotagging is when your post includes the location from which it was sent. To keep yourself safe from doxing and stalking, it’s best not to use this function, or only share photos after you’ve left the location.

3.) Check Your Pictures for Identifying Data

You can accidentally give away your location even without tagging it by posting a photo with identifying data. Stalkers can analyze your pictures for clues of where you are, such as landmarks, business names, street signs, house numbers, and more. Turn off your location data for social media apps and check your pictures for data that could reveal your location before posting.

4.) Set Your Profile To Private

Control exactly who sees what by making all of your social media profiles private. This gives you the ability to choose who can follow you and see your content or personal information. By keeping your access limited to friends, families, and people you know, you’ll avoid uncomfortable exchanges with strangers creeping on your page.

5.) Reclaim Your Digital Privacy With Hush

The best way to protect your digital privacy is to use Hush. The Internet is boundless, and you may not be able to find all the places your personal information is exposed with a simple Google search. Hush is constantly searching to find, flag, and remove any sensitive data that leaves you vulnerable. Protecting information such as your name, birthday, address, email, phone number, etc. reduces your digital footprint, so that you’ll never be a victim of harassment and stalking. It’s possible to exist online safely by taking your digital privacy into your own hands, with Hush.

Categories: Uncategorized.

The Number One Way Your Bank Account Can Become Compromised

Digital banking has become the new normal. The emphasis on digital was expedited by the pandemic, as banks limited hours and fear around contaminated paper bills rose. As of 2020, 1.9 billion individuals worldwide actively used online banking services, with that number forecasted to reach 2.5 billion by 2024. The increase in the use of mobile apps and websites for banking transactions has created a prime target for hackers.

There are many ways your bank account can become compromised, including malware, trojans, keylogging, phishing, and social engineering scams. Many of these are up to your financial institution to invest in digital security to protect your information. But there is one key to your data that you have complete control over, and that’s your security questions.

If a bad actor already has the email or username associated with your banking account, they can attempt to reset the password by answering security questions. Some common security questions might be:

  • In what city were you born?
  • What was the name of the street you grew up on?
  • What is the name of your pet?
  • What is your mother’s maiden name?
  • What high school did you attend?
  • What was the make of your first car?

Look familiar? You’ve probably answered them to get back into an account you’ve forgotten the password for. The problem is that the answers to these questions are predictable and easy to find. Think about all the information compiled on your social media profile. Maybe you have a post revealing the name of your pet, or you recently attended a high school reunion and you’re tagged in a group photo. Maybe your mother lists her maiden name on Facebook, and someone can find her by searching your friends list. A bad actor takes one glance at your social media or does a quick Google search, and your bank account is completely exposed.

So what can you do? One method of protecting yourself is to create strong, difficult-to-guess answers to your security questions. They could be a completely untrue or unrelated answer—say your father’s name is Wolfgang Amadeus Mozart. Or use a mix of numbers, letters and special characters to code your answer.

The best way to protect your banking or any other account from being compromised is to use a digital privacy service, such as Hush. We search the Internet for any sensitive or personal data that might leave you vulnerable to bad actors—including your email address, date of birth, where you live and work, etc. Hush finds, flags, and removes this information to eliminate personal security threats and keep you safe. Leaving your personal data exposed is like keeping your front door unlocked. It’s an invitation for bad actors to come in and wreak havoc on your life. Take control of your digital privacy with Hush.

Categories: Uncategorized.

The Invisible Crime: 6 Tips To Prevent Identity Theft From Ruining Everything

identity-theft

Imagine you wake up one day and there’s an arrest warrant out for you—for a crime you didn’t commit. It’s a nightmare scenario, and yet it’s not entirely implausible. 

What is Identity Theft?

Identity theft is when a bad actor steals someone’s personally identifiable information and uses it for fraud. The identity thief can use the information to apply for loans or credit cards, file taxes, pay medical bills, or commit a crime under a false name. ID theft has only grown more and more prevalent as people keep their sensitive data online. In 2021, there were nearly 1.4 million reports of identity theft received by the Federal Trade Commission. Reports of the crime spiked during the pandemic as bad actors used fraudulent identities to gain unemployment benefits and pandemic assistance.

How Does it Happen?

Thieves acquire personal information such as Social Security numbers, bank account information, addresses, phone numbers, birthdays, driver’s license numbers, insurance information, and credit card numbers. 

 

There are various methods bad actors can obtain this information, including stealing mail, looking over your shoulder at an ATM, hacking your computer through malware, or conducting social engineering schemes to convince you to reveal personal information. They may impersonate your bank, the IRS, or a hospital over a phishing email, or gather personal information about you through your social media page. 

The Lasting Impact of Identity Theft

Depending on what the stolen identity is used for and how long the scheme goes on undetected, it can have a devastating impact on the victim’s finances, credit report, criminal record, and personal life. Identity theft can ruin your credit score, and many victims may not realize that their identity has been stolen until they try to buy a house or car. Some people are even forced to declare bankruptcy. The crime could leave your insurance and medical care compromised if the thief left large medical bills, driving up your health insurance rate. In some cases, victims resort to changing their name, which can be a tedious process.

How Can You Prevent Identity Theft?

The number one way to prevent identity theft is by securing your personally identifiable information.

 

1.) Shred any documents that have identifying information on them—credit card statements, bills, bank statements, etc.

2.) Read privacy policies closely, and opt out of data sharing if the option is available.

3.) Keep track of all your usernames and passwords and change them periodically. Never use the same login info across multiple accounts.

4.) Be suspicious of unsolicited emails or texts asking you to click links, reset your password, or confirm personal information.

5.) Don’t post any sensitive data online, including your birth date, address, email, or Social Security number.

 

The best way to protect yourself from identity theft is to use a digital privacy service like Hush. We search the Internet for any trace of information that would make you vulnerable to bad actors. We find, flag, and remove sensitive information, eliminating threats and keeping your data safe.

Categories: Uncategorized.

Is Your Facebook Profile Private? Think Again.

Is your Facebook profile private? The implicit deal you strike when you sign up for any social media account is that you get to use their services for free in exchange for your privacy. You scroll, post, and message all while sites collect your data to serve you ads, and you hand over more and more personal information about yourself.

Facebook is notoriously careless when it comes to protecting your data. The company has been tangled in several privacy debacles in the last few years, from the Cambridge Analytica scandal to hacked accounts and security breaches. The site is also the biggest culprit when it comes to getting people to fork over their personal information. Your Facebook profile includes a long list of items that make you vulnerable: your name, age, birthday, hometown, current location, job history, education, marital status, family relationships, places you’ve checked into, even your likes and interests. All of this information can be used by bad actors to create a detailed dossier on you and your life, and target you for hacking and other threats.

Facebook does have privacy settings that allow users to make their profile pages private, semi-private, or totally public. But a private profile doesn’t protect you quite like you think. Even if it’s supposed to only be visible by friends, your profile is still open to indexing by search engines. A major threat to your privacy on Facebook is the security of your friend’s accounts. If one or more of your friends’ Facebook accounts is hacked, then the hacker will have access to your content and personal information.

Although it’s difficult to put a definitive number on how often social media accounts get hacked, we’ll just say it happens a lot. To give you an idea, Google reports that 20% of social accounts will be compromised at some point. Social engineering and phishing scams are the most common. Hackers can pretend to be Facebook to get you to hand over your login info and lock you out of your account. They can impersonate you, reading your posts to mimic your online voice, and scam your friends list, coworkers, and workplace. In the worst-case scenario, cyberstalkers can use your information—restaurants you’ve checked into, frequent locations, hometown, office location—to present a real-life threat.

Even if your information is completely hidden, there are a few other privacy-invasive settings that feel unsettling. For one, the platform uses facial recognition, and automatically tags you or a friend in a photo or video. Additionally, people you aren’t technically ‘friends’ with can see your posts by ‘following’ you instead, and you may not even notice. The privacy settings are an impossible to navigate labyrinth. New features that Facebook implements can inadvertently open up loopholes that people can exploit to view your content, even if you’ve opted to keep it private.

Creeped out yet? If deleting your Facebook isn’t an option, do everything you can to lock down your privacy settings and remove any personal information from your profile. Hush can help by finding, flagging and eliminating vulnerabilities from the Internet to keep your identity safe.

Categories: Uncategorized.

Online Directories: An Invasion of Digital Privacy With Deadly Consequences

Remember the phone book? Back in the day, when you wanted to find a business’ phone number or a person’s address, you had to crack open those heavy tomes and scour the white or yellow pages. Telephone directories moved online in 1996, so now instead of physical books you have online directories and people-finding sites. With information moved online, the data used to find people is more detailed and accessible than ever.

“People search sites” such as Whitepages.com, are search engines based on public and sometimes private data. They list names, addresses, phone numbers, even family relationships and criminal histories. They assemble data points into a detailed dossier on who—and where—you are. Anyone with a credit card can pay to access your personal information. This can feel like an invasion of privacy and the process of opting-out is tedious, considering the hundreds of sites that are out there.

People search sites insist on their own helpfulness, designed to help friends or family reconnect. Yet there are no measures in place preventing people from wielding the information for malicious means. Whitepages asks visitors to disclaim that they won’t use the data for identity fraud or invasion of privacy, but it’s little more than an honor pledge, and the consequences are real. For example, the public exposure of your personal information can lead to doxxing, stalking, and physical threats. For domestic abuse survivors, it puts them at risk of being discovered by their abusers—it’s a matter of life and death.

In the case of writer and gaming programmer Kathy Sierra, the abuse she experienced online ended her career. In 2007, Sierra was targeted by a harassment campaign, facing rape and death threats. Hacker Andrew Auernheimer posted graphic doctored images of her, and doxxed her by spreading her address and Social Security number online. He later bragged about it to the New York Times. Sierra entirely withdrew from the Internet and the tech world to protect herself and her family’s safety. She gave up book deals, speaking engagements, and even fled her home.

Doxxing isn’t illegal if the information exposed is already public domain, although lawmakers are attempting to change that. Future laws could ban posting information online if there’s clear hostile intent behind it. However, they don’t prevent the initial problem, which is that there is no regulation of people searching sites and who has access to your personal information.

Until laws change or online directories become obsolete, what can you do to protect yourself? Uncovering every corner of the Internet where your personal data is exposed seems like an insurmountable task. Luckily, that’s where Hush comes in. We find, flag, and remove sensitive information that puts you at risk of being harassed, stalked, doxxed, or threatened. We protect your data and your privacy to help keep you and your identity safe.

Categories: Uncategorized.

How Your Data Is Weaponized, And What You Can Do To Stop It

Have you ever wondered what someone might be able to find out about you by simply Googling your name? From terrifyingly close-to-reality episodes of Black Mirror to the dangerous impact of social networking revealed in The Social Dilemma, everyone is slowly waking up to the constant infringement on our privacy that we face in the digital age.

Bad actors wield our lack of privacy to their advantage, using our publicly exposed information to target us. All of the data that you leave behind online is called your digital footprint. Your digital footprint grows when you post to social media, share an article, leave a review or comment, fill out a form using your personal information, etc.

What We Can Do To Help

We find and flag sensitive information that puts you at risk of being targeted. From there, we can remove the information from the internet, or keep it if it’s something you feel comfortable sharing publicly.

Why does the information in your digital footprint matter? Bad actors weaponize this data to target victims for social engineering, as well as theft, blackmail, exploitation, phishing scams, harassment, or stalking. Even the most seemingly innocent pieces of information can be used against you. Your home address, your frequent locations, where you went to school and the year you graduated, wealth information, even images of your pets and kids.

A Real Example of Weaponized Data

For example, let’s say you upload a picture of your dog to Instagram. A bad actor could zoom in on the tag on your dog’s collar, revealing your name and home address. They can use that information to open credit cards or take out loans in your name, intercept mail, steal your identity, or make physical threats against you and your family. Alternatively, maybe you use your pet’s name as a password, or it’s the answer to an account security question. A quick glance at your social media page could give away that password.

We’re not saying all this to scare you, or saying that you should delete all of your social media. Technology is a powerful tool, and we believe in a world where it is used to uplift and connect people, rather than target them. As technology is integrated more and more into our lives, it’s important to maintain our privacy and avoid being vulnerable to bad actors. The first step to a strong defense is education— now that you know the threat exists, what can you do to stop it? Hush offers digital privacy for individuals, businesses and families.  Our goal is to eliminate the sensitive, personal information from the Internet so you can live a more digitally private life, and feel safer online.

Categories: Uncategorized.

Your Facebook Profile Puts You At Risk: Is It Really Worth The Likes?

The seemingly frivolous information that we tend to share online can actually be weaponized against us. Facebook is the biggest culprit for getting you to reveal personal information about yourself and your loved ones. The ‘About’ section on your profile alone contains your birthday, age, gender, hometown, current location, occupation and workplace, where you went to school, and even lists your family members’ profiles. That’s a lot of sensitive information in one place, making your profile a goldmine for bad actors.

Leaving your personal details public makes you an easy target for social engineering scams and hacking. Even if your profile is set to private, you never know who could see your information, and capture or share it in some way. Let’s take a look at some of the pieces of info that put you and your loved ones at risk.

Mother’s Maiden Name

When you set your password for email and financial accounts, you’re typically asked a series of security questions. The answers to those questions help you retrieve forgotten passwords. Your mother’s maiden name is a common security question, which is all too easy for hackers to discover by searching social media profiles. It doesn’t matter how difficult-to-crack your password is if your security questions are accessible, and identity thieves don’t need a lot of information to make an impact. If you tend to use the same passwords for every account, they can access multiple accounts with the same credentials. Security experts advise using a combination of numbers and special characters, or simply lie—there’s no real reason you actually have to tell your bank your mother’s maiden name.

Pet’s Name

Yes, even your good boy’s name can be weaponized against you. Pet names are another common answer for password security access. Scammers could take one glance at your social media page and zoom in on your pet’s name tag, revealing your password or security answer.

Birthday

Who doesn’t love receiving well-wishes on their birthday? Don’t feel too special, though—your friends only remember because it’s probably listed on your Facebook. But did you know someone can guess your social security number using only your birth date and hometown? And once someone has your social security number, they essentially become you. They may be able to open credit cards, bank accounts, make purchases, take out loans, even commit crimes—all in your name.

School

Your child worked really hard to get into the college of their dreams. Once they get that acceptance letter in the mail, your first instinct might be to take a picture and post it online to celebrate. However, it’s better to keep where your child goes to school confidential. Bad actors can use that information in social engineering scams and phishing attacks. They may write a compelling email pretending to be a teacher, student, or academic official, and persuade you to provide more personal information or send money to them. There is also a physical risk present, such as stalking, harassment, or kidnapping.

If you think you may have revealed any sensitive information, it’s not the end of the world. Hush keeps you and your family safe from bad actors by finding, flagging, and eliminating items in your digital footprint that put you at risk.

Categories: Uncategorized.

Should You Keep Your Income A Secret? How Your Personal Salary Can Be Weaponized

It’s common to avoid making yourself a target for mugging or attack, like avoiding walking home alone at night or never flaunting cash in public. Yet we tend to lack the same hypervigilance in the digital world.

As corporate defenses against hackers have grown stronger, cybercriminals focus on individuals. High-net-worth individuals (HNWIs) are especially under threat, as their affluence and reputations make them attractive targets for theft, blackmail, extortion, and harassment. According to a 2017 study, 28% of HNWIs have been victims of at least one cyber attack. Perhaps more shocking is that a third of respondents had no cybersecurity plan in place. Anyone with a high net worth or valuable personal assets has the potential to be targeted, and those who are attacked suffer not only financially but reputationally.

Sharing Your Salary Comes With Consequences​

There are several ways bad actors can gain access to wealth and salary information. Company pay rates could be leaked by employees themselves, either accidentally or on purpose, like in the case of Microsoft employees who shared their salaries in a push for pay transparency. Bad actors weaponize salary or net worth information to select future targets for fraud, hacking, scams, or worse. Hackers use social engineering to gain a victim’s trust and discover sensitive information for blackmail, such as inappropriate texts or fraudulent company activity. Exposed wealth information also poses the physical threat of burglaries, car theft, or even kidnapping for ransom.

Bad actors don’t just go after HNWIs, but the people surrounding them, including staff. For example, if a staff member such as a personal assistant lists on their LinkedIn who they work for, hackers could break into their device to find the target’s home information—and not just the address, but floor plans and entry points, which can be used to plan a robbery. Similarly, cybercriminals prey on the children of wealthy families, who could be careless about sharing personal information on social media.

Even tech giants are unable to fully defend themselves against attack. Bad actors impersonate celebrities online for financial schemes, like in the Twitter hack of 2020 that targeted wealthy individuals. Hackers hijacked the accounts of Elon Musk, Jeff Bezos, Kanye West, and Kim Kardashian, among others, and lured followers into sending Bitcoin payments. The incident occurred because of a social engineering attack that targeted Twitter employees.

Let Hush Be Your Secret Weapon Against Bad Actors

Generic cybersecurity programs aren’t a strong enough defense to protect families and businesses from bad actors. Hush takes a comprehensive approach by examining your entire digital footprint for vulnerabilities and accounting for financial, reputational, and physical risks. We find, flag, and remove sensitive information, like your salary, that puts you at risk of being targeted. We take care to find anything friends, colleagues, or family members may have revealed online too. Hush is the best defense to protect yourself, your family, and your business from bad actors.

Categories: Uncategorized.