Analyzing the Global Impact of Cybersecurity, Law, and Business Risk
October is National Cyber Security Awareness Month in the United States. There is excellent cyber awareness content available by going to #CyberAware and #CyberAvengers hashtags on Twitter and visiting The #CyberAvengers Website for free resources, including this free Good Cyber Hygiene Checklist.
President Trump and Kanye West put a big ‘ole Texas-sized exclamation point on the [need for?] #CyberAware campaign with Kanye’s password demonstration while on national tv in the Oval Office.
When there is an account that is pretending to be your account on Facebook (or other social media platforms) that is sending friend requests to others, in most cases, this does not mean that your account has been “hacked” (i.e., inappropriately accessed by someone other than you).
In most cases, nothing has happened to your account. Rather, someone is attempting to “clone” your account by making a new account that appears to be you by using your information and pictures. When this happens, your account has not been “hacked”!
If this happens to you, go to the profile pretending to be you and report it to Facebook. The pictures below show you how to do it.
Given all of the hysteria about this right now, just do not accept new request from people on Facebook immediately and let them sit for a while — give it a few days before accepting them because if the account is reported to Facebook and then taken down, the illegitimate friend request will disappear.
If you’re interested to learn more about the real “Facebook Hack”, you can listen to these radio segments where I discussed it:
Cybersecurity is a team sport and many people within a business must work together to help effectively manage their businesses’ cyber risk. In-house counsel plays a critical role in this process. A recent Law360 article (subscription required) identified the following key things they can do:
I am adding one more because it is critical: Ensure the business has appropriate cyber insurance to address its unique risks.
Cybercriminals are using yet another new twist on the old email phishing attack: they email people claiming to have infected porn sites with malware that allowed them to take over the recipient’s webcam and record them sitting at their computer watching porn and if they don’t pay up, the video is going public. I discuss this new method of attack in the video above.
For people who know they have never watched porn on their computers, this probably isn’t too effective. For everyone else, this threat of public shaming can be a powerful motivation to comply with the extortion demand.
This is another example of what I have often described as shame hacking, the use, or threatened use, of purportedly hacked data for embarrassing or extorting people by threatening to expose such compromising data if they do not comply with the demands made of them.
Shame hacking is one more way that cyber criminals have learned to monetize the fruits of their criminal actions and represents an increasing trend for how hacked information can and will be used for many ways. I have blogged about other cases where hackers have relied on shame hacking for profit.
Dallas / Fort Worth CBS News station in Dallas / Fort Worth did a story about this latest attack and invited Shawn Tuma on to explain more about it. See story here
In my latest article in Ethical Boardroom article, I explain some of the not-so-obvious reasons why you need an experienced cyber attorney on your team: Why you need a cyber attorney (Spring 2018)
Here are other Ethical Boardroom (@EthicalBoard) articles that I have written or contributed to that are also available for free:
