There was a time when child identity theft was thought of as a family problem, and it’s true that many cases over the years have been perpetrated by a custodial or non-custodial parent, a close relative, or even a family friend. Once the individual gained access to the child’s sensitive documents, they could open numerous lines of credit with the child’s “untarnished” credit record. In many cases, the identity thief may have been trying to get out of a dire financial situation, and fully intended to pay off any debt incurred in the child’s name; at the same time, some unscrupulous thieves didn’t care what consequences waited for the child down the road.

Too often, the children didn’t even know they’d been victimized until they reached adulthood and tried to use their legitimate credit.

In more recent years, though, hackers and identity thieves have begun targeting kids in order to take advantage of clean credit that no one will be monitoring for years to come. Schools, doctor’s offices, daycare centers, even school lunch computers have suffered data breaches intent on nabbing kids’ personal identifiable information.

According to Javelin Strategy and Research’s 2018 Child Identity Fraud Study, there were more than one million reported cases of child identity theft in the US last year, with the majority of those cases victimizing children under the age of eight. Another 20 percent of the victims were between the ages of eight and twelve.

Unfortunately, those are just the cases that were reported, which means the actual number of victims may be much higher.

But this new avenue of data breaches leading to identity theft doesn’t mean that parents can let their guards down about friends or relatives. The same Javelin study found that in 60 percent of the cases last year, the child knew their identity thief; that’s very different from the data point that says only 7 percent of adult victims know their identity thief.

One of the increasingly common methods of using children’s stolen credentials is to grab a Social Security number and combine it with a fake name, address, phone number, and more. Known as “synthetic identity theft,” the thief isn’t using the child’s complete identity, but rather has created a whole new person with this information. That makes it a little harder for victims and law enforcement to notice the problem in the first place or take action after the fact.

Concerned parents or guardians have a few steps they can take, though. If the child in question is over 14, they can request a credit report in the same way that any consumer does. Visiting annualcreditreport.com will provide the minor in question with a free credit report, and allow them to look it over for signs of suspicious activity. If the child is under the age of 14, the steps are a little harder. The adult must prove they have a right to access and see the information, but it’s a worthwhile step if there’s reason to believe a child’s identity may have been compromised.

Social media has become an inevitable part of our lives. Networks such as Facebook and Instagram have billions of users, many of whom share personal information. This leaves hackers, burglars and identity thieves with limitless opportunities to cause harm.

During summer season, many people are taking time off, traveling and posting digital updates more than usual, making it more important than ever to pay attention to online security and privacy.

Here are some practical tips on how to stay safer and more secure on social media while enjoying the summer fun.

Pay Attention to Privacy Settings

Each social media platform has privacy settings that you can customize to your comfort level.

On most platforms you decide who can view your posts, friend lists and the pages you follow or like. You can also limit friend requests and prevent people from seeing your email address and other personal information. To get the most out of these privacy features, we recommend reviewing your settings regularly.

Don’t Reveal Everything

Have you ever posted a photo of your home or shared your address on social media? How many times have you told the internet that you are out of town or abroad? As benign as it may seem, such practices could put you in harm’s way.

A lot of burglars scout social profiles to find out whether someone is home. If thieves know you are away, it allows them more time to break in and steal. Save the vacation pictures and updates for when you return!

Choose Friends Carefully

An average social media user is glad to see new friend requests. After all, you want to feel acknowledged and appreciated by your peers. But popularity isn’t everything. A best practice is to only accept friend requests from people you know or have met in real life.

Criminals are known to create fake accounts and befriend thousands of users in order to gain access to their personal information. If a name doesn’t ring a bell, check out the profile to learn more details. If it seems strange or you don’t know them, we strongly suggest you reject their request to be friends.

Links May Lead to Malware

When in doubt, throw it out: Links in emails, social media posts and online advertising are often how cybercriminals try to steal your personal information. Even if you know the source, if something looks suspicious, delete or ignore it.

Strengthen Passwords

We saved the best for last. Most hackers use gigantic databases to break passwords; a weak password  will increase the odds of your account being accessed. A strong password is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music.”). On many sites, you can even use spaces!

Millions of people post personal information online without even realizing it, allowing burglars and digital thieves to exploit their private data. If you want to avoid this problem and use social networks safely, keep these five tips in mind.

A highly critical cryptographic vulnerability has been found affecting some Bluetooth implementations that could allow an unauthenticated, remote attacker in physical proximity of targeted devices to intercept, monitor or manipulate the traffic they exchange.

The Bluetooth hacking vulnerability, tracked as CVE-2018-5383, affects firmware or operating system software drivers from some major vendors including Apple, Broadcom, Intel, and Qualcomm, while the implication of the bug on Google, Android and Linux are still unknown.

The security vulnerability is related to two Bluetooth features—Bluetooth low energy (LE) implementations of Secure Connections Pairing in operating system software, and BR/EDR implementations of Secure Simple Pairing in device firmware.
 

How the Bluetooth Hack Works?

Researchers from the Israel Institute of Technology discovered that the Bluetooth specification recommends, but does not mandate devices supporting the two features to validate the public encryption key received over-the-air during secure pairing.

Since this specification is optional, some vendors' Bluetooth products supporting the two features do not sufficiently validate elliptic curve parameters used to generate public keys during the Diffie-Hellman key exchange.

In this case, an unauthenticated, remote attacker within the range of targeted devices during the pairing process can launch a man-in-the-middle attack to obtain the cryptographic key used by the device, allowing them to potentially snoop on supposedly encrypted device communication to steal data going over-the-air, and inject malware.

"For an attack to be successful, an attacking device would need to be within wireless range of two vulnerable Bluetooth devices that were going through a pairing procedure."

"The attacking device would need to intercept the public key exchange by blocking each transmission, sending an acknowledgment to the sending device, and then injecting the malicious packet to the receiving device within a narrow time window. If only one device had the vulnerability, the attack would not be successful."

On Monday, CERT/CC also released a security advisory, which includes additional technical details about the Bluetooth vulnerability and attack method.

According to the CERT/CC, Bluetooth makes use of a device pairing mechanism based on elliptic-curve Diffie-Hellman (ECDH) key exchange to allow encrypted communication between devices.
 

Stop Bluetooth Hacking—Install Patches from Vendors

To fix the issue, the Bluetooth SIG has now updated the Bluetooth specification to require products to validate public keys received as part of public key-based security procedures.

Moreover, the organization has also added testing for this vulnerability within its Bluetooth Qualification Process.

The CERT/CC says patches are needed both in firmware or operating system software drivers, which should be obtained from vendors and developers of the affected products, and installed—if at all possible.

Many small businesses are opting for cloud storage solutions rather than having their own server in-house. But this has led some business owners to wonder whether these services are safe.

Thankfully, as cloud storage has been around for a number of years, there are a multitude of organizations successfully using cloud storage as safe and secure way to store their data.

The real question is “is it safer for you to use cloud storage or internal servers?”

What Are The Benefits of The Cloud?

There’s no doubt that one of the major benefits of the cloud is not having the expense of running your own server or data centre. This doubles up as one of the reasons why the cloud is safer; costs can be so high that businesses fail to spend enough to get a high quality and secure system.

The security of cloud stored data tends to be better provided that passwords are strong and protected. It also means that you do not need to have members of staff with the knowledge and expertise needed to manage your server, as this will all be taken care of for you. There is also the benefit that if your data is stored away from your premises, there is less risk that you could lose it in the event of a disaster, such as a flood or fire.

An additional advantage of cloud storage is that your level of usage can be reduced or expanded to suit your current needs. This means that you won’t be overspending on a large server that you don’t need, nor struggling with limited capacity.

Are There Any Risks?

Of course, like any technology, using cloud is not free from risk. One of the clear risks is that you are no longer in full control of how and where your data is held. You are handing that responsibility over to another company. This is why it is essential to choose a reputable company that you can trust – especially if you’re handling highly sensitive data such as medical records. Your data is the lifeblood of your business, so you need to be certain that the company storing it can be completely relied upon.

Remember, the “cloud” is still a physical server, it’s just located somewhere else. There is still the risk of data being lost, wiped or even stolen. You might assume that keeping your data on the cloud will guarantee that it will never go missing or be corrupted, but there is always the possibility, however small.

Is Data Safer On The Cloud?

There are undoubtedly many reasons that data can be considered safer on the cloud – for example, major data breaches tend to occur mostly against companies with their own internal servers rather than those utilizing cloud storage. Additionally, it tends to be issues such as outdated systems that are the major cause of these breaches.

Working with a high-quality cloud storage provider will almost certainly carry fewer risks than having your own server in-house. Still, they are not invulnerable. If passwords are stolen, a hacker can use them to access your data just as they would with an in-house server.

Choosing a good cloud storage provider

Choosing a cloud provider might seem like a daunting task at first, especially if you do not have much data security experience. It’s worth noting that some providers specialize in the storage of certain types of data, so it’s wise to search for cloud storage that suits your business’ needs.

Nebula Consulting offers several cloud storage options. Contact us today to speak with one of our engineers for a free consultation.

Amazon launched Prime Day in 2015 during the company’s 20th anniversary. And they’ve been stepping up their game ever since. To date, Prime Day is hailed as the biggest shopping event in the company’s history, surpassing its 2016 Black Friday and Cyber Monday revenue.

Phishing emails are a popular tool for cybercriminals. They are extremely successful at finding new victims with these scams. Recognizing fraudulent messages that look official can be difficult to the untrained eye.

It won’t be a surprise, then, to expect that Prime Day 2018 will be even bigger than last year—and cybercriminals may be counting on this.

Watch out for this Amazon Prime Day phishing attack

What we're talking about is an Amazon Prime Day phishing email scam that is spreading like wildfire. The email thanks the recipient for a recent order on Amazon.com. It goes on to say you're invited to write up a quick review on the product, for your time you will receive a $50 bonus.

Here is what the phishing scam looks like:

As you can see, there is a link provided inside the email to review and print the reward.

Warning! Do NOT click on the provided link, it's malicious.

The criminals behind the attack can change the malicious links' payload at any time. The link currently takes you to a spoofed Amazon page that asks for your login credentials. It can be changed at any point, leading to malware infecting your computer or even ransomware that will encrypt the critical files on your gadget.

These types of attacks are on the rise. That's why you need to know what to watch for and how to handle the situation when it arises.

Here are suggestions from Amazon on how to recognize a phishing attack:

• Fake orders - If you receive an email claiming to be from Amazon confirming an order that you did not place, it's a scam. Instead of clicking links within the email, type Amazon.com into your browser, sign in and go to the Your Orders page to verify your purchases. If you didn't buy the item from the email, it's a phishing scam.
• Credential request - Amazon does not send emails requesting your username and/or password. If you receive an email like this, it's a scam.
• Update payment information - You should never click a link within an email asking you to update your payment information. Instead, go to your Amazon account and click Manage Payment Options in the Payment section. If you are not prompted to update your payment method on that screen, the email is not from Amazon.
• Fraudulent links - If you receive an email with a link that supposedly goes to Amazon, hover over the link with your cursor. If it does say that it's going to direct you to Amazon, it's a phishing scam.
• Attachments - Emails purportedly from Amazon that contain attachments or prompts to install software on your computer are scams.

If you receive an email from Amazon that you suspect is fraudulent, you need to report it. Click here to report the scam to Amazon.

How to protect against phishing attacks:

• Be cautious with links - If you get an email or notification that you find suspicious, don't click on its links. It could be a phishing attack. It's always better to type a website's address directly into a browser than clicking on a link.
• Do NOT enable macros - You should never download PDF, Word or Excel files attached to unsolicited emails to begin with. If you do open one of these documents and it says that you need to turn on macros, close the file and delete it immediately.
• Watch for typos - Phishing scams are infamous for having typos. If you receive an email or notification from a reputable company, it should not contain typos.
• Use unique passwords - Many people use the same password for multiple websites. This is a terrible mistake. If your credentials are stolen on one site and you use the same username and/or password on others, it's simple for the cybercriminal to get into each account. 
• Set up two-factor authentication - Two-factor authentication, also known as two-step verification, means that to log in to your account, you need two ways to prove you are who you say you are. It's like the DMV or bank asking for two forms of ID.
• Check your online accounts - The site Have I Been Pwned allows you to check if your email address has been compromised in a data breach.
• Have strong security software - Having strong protection on your gadgets is very important.