Go to the U of M home page

Wednesday, October 3, 2018

Advisory: Facebook breach: what to do next

FTC advice regarding the recent Facebook breach.

Facebook breach: what to do next

Facebook recently announced the largest breach in the company’s history. The breach affected about 50 million users, allowing hackers to take over their accounts. If you use Facebook, you may be wondering what to do next. Here are a few steps you can take.
First, you probably want to know more about the breach. According to Facebook, the attackers took advantage of a weakness in the “View As” feature, which lets people see what their profile looks like to others. The hackers stole digital keys that keep you logged in to Facebook so you don’t need to re-enter your password every time. Facebook says they’ve fixed the vulnerabilities and reset digital keys on 50 million affected accounts, plus an additional 40 million accounts that used the “View As” function.
To better protect yourself after this breach:
  • Watch out for imposter scams. With access to your Facebook account, hackers can get a lot of information about you. That information could be used to impersonate people you know or companies you do business with. If someone calls you out of the blue, asking for money or personal information, hang up. Then, if you want to know for sure if the person calling you was really your family member or was really from a company you know and trust, call them back at a number you know to be correct before you give any information or money. And remember: anyone who demands that you pay by gift card or by wiring money is scamming you. Always.
     
  • Consider changing your password. Facebook says that it fixed the vulnerability, so there’s no need to change your password. But, to be safe, log in and change your password anyway. If you use the same password other places, change it there, too. Don’t forget to change your security questions, as well – especially if the answers include information that could be found in your Facebook account.
For more information about what to do after a data breach, visit IdentityTheft.gov/databreach and watch the FTC’s video on What to Do After a Data Breach.
If you learn that someone has misused your personal information, go to IdentityTheft.gov to report identity theft and get a personal recovery plan. Because recovering from identity theft – and data breaches – is easier with a plan.

Tuesday, October 2, 2018

Advisory: 5 Easy Ways to Protect Yourself Online

Tips from staysafeonline.org:

Every day, it seems we hear about a new internet scam, from Nigerian princesrequesting a wire transfer of $10,000 to online dating catfishing. As helpful as the internet can be, such stories are worrisome.

While the internet can sometimes seem like a jungle of a million different threats, you can take steps to protect yourself. Here are five easy, free and quick ways to safeguard yourself.
  1. Enable Two-Step Authentication
Also known as multi- or two-factor authentication or login approval – two-step verification provides an extra layer of security beyond your username and password to protect against account hijacking. When using this security mechanism, you will log in using your password and then be prompted verify your identity again. This second verification is usually done via a biometric (fingerprint or face scan), security keys or a unique one-time code through an app on your mobile device.
Many websites and companies offer two-step verification, and they make it easy to set up this second layer – usually found in the settings section of your account. Using two-step authentication can help you feel more secure, especially for sites containing your financial information.
....
  1. Check a Site’s SSL Certificate ....
  2. Don’t Save Financial Information on Shopping Sites ...
  3. Be Careful Who You Trust  ...
  4. Create Strong, Unique Passwords ...