Hacked Accounts, what to do

Hacked Accounts | StaySafeOnline.org:

If your account has been compromised or hacked, here are ways to regain control.

How do I know if my email or social network account has been hacked?
  • There are posts you never made on your social network page. These posts often encourage your friends to click on a link or download an App.
  • A friend, family member or colleague reports getting email from you that you never sent.
  • Your information was lost via a data breach, malware infection or lost/stolen device.

If you believe an account has been compromised, take the following steps:
  • Notify all of your contacts that they may receive spam messages that appear to come from your account. Tell your contacts they shouldn’t open messages or click on any links from your account and warn them about the potential for malware.
  • If you believe your computer is infected, be sure your security software is up to date and scan your system for malware. You can also use other scanners and removal tools.
  • Change passwords to all accounts that have been compromised and other key accounts ASAP. Remember, passwords should be long and strong and use a mix of upper and lowercase letters, and numbers and symbols. You should have a unique password for each account.
If you cannot access your account because a password has been changed, contact the web service immediately and follow any steps they have for recovering an account.

Here are some resources:

Help with eBay mail violations
Help with a hacked account
Help with inappropriate trading
eBay Security Center

Help with suspicious emails
Help with a hacked account
PayPal Security and Protection Center

Help with cyberbullying and impostor profiles
Help with a hacked account
Facebook Help Center

Help with a hacked account
Help with an inaccessible account
General safety tips

Help with a hacked account
Help with an inaccessible account
Twitter Safety Center

Help with a hacked account
What to do if your account is sending spam
Help Center

Help with a hacked account
Help with an inaccessible account
Hotmail Help Center

Help with cyberbullying
Help with flagging a spam-based video
Help with a hacked account
YouTube Safety Center

Protect Yourself with these STOP. THINK. CONNECT. Tips:
  • Keep a clean machine: Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.
  • Make passwords long and strong: Combine capital and lowercase letters with numbers and symbols to create a more secure password.
  • Unique account, unique password: Separate passwords for every account helps to thwart cybercriminals.
  • When in doubt, throw it out: Links in email, tweets, posts, and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it’s best to delete or if appropriate, mark as junk email.
more news below

ID Theft and Fraud: If you become a victim of cybercrime

ID Theft & Fraud | StaySafeOnline.org: "ID THEFT, FRAUD & VICTIMS OF CYBERCRIME"*

If you're the victim of cybercrime, you need to know what to do and respond quickly.

The Realities of Cybercrime
When dealing with cybercrime, an ounce of prevention is truly worth a pound of cure. Cybercrime in all its many forms (e.g., online identity theft, financial fraud, stalking, bullying, hacking, e-mail spoofing, information piracy and forgery, intellectual property crime, and more) can, at best, wreak havoc in victims’ lives through major inconvenience and annoyance. At worst, cybercrime can lead to financial ruin and potentially threaten a victim’s reputation and personal safety.

It’s always wise to do as much as possible to prevent cybercrime.

One of the best ways to learn how to prevent cybercrime is to check out STOP. THINK. CONNECT. at http://stopthinkconnect.org/tips-and-advice/.

But, despite our best efforts, our increasingly digital lives may put us in harm’s way. The fact remains that the bad guys continue to find new uses for ever-expanding—but easily accessible—online technologies to steal, harass, and commit all sorts of crime. If cybercrime happens to you, you need to know what to do and to respond quickly.

Should I Report Cybercrime?
Cybercrime can be particularly difficult to investigate and prosecute because it often crosses legal jurisdictions and even international boundaries. And, many offenders disband one online criminal operation—only to start up a new activity with a new approach—before an incident even comes to the attention of the authorities.

The good news is that federal, state, and local law enforcement authorities are becoming more sophisticated about and devoting more resources to responding to cybercrime. Furthermore, over the past several years, many new anti-cybercrime statutes have been passed empowering federal, state, and local authorities to investigate and prosecute these crimes. But, law enforcement needs your help to stop the nefarious behavior of cyber criminals and bring them to justice.

Who to contact:
  • Local law enforcement. Even if you have been the target of a multijurisdictional cybercrime, your local law enforcement agency (either police department or sheriff’s office) has an obligation to assist you, take a formal report, and make referrals to other agencies, when appropriate. Report your situation as soon as you find out about it. Some local agencies have detectives or departments that focus specifically on cybercrime.
  • IC3. The Internet Crime Complaint Center (IC3) will thoroughly review and evaluate your complaint and refer it to the appropriate federal, state, local, or international law enforcement or regulatory agency that has jurisdiction over the matter. IC3 is a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center (funded, in part, by the Department of Justice’s Bureau of Justice Assistance). Complaints may be filed online at http://www.ic3.gov/default.aspx.
  • Federal Trade Commission. The FTC does not resolve individual consumer complaints, but does operate the Consumer Sentinel, a secure online database that is used by civil and criminal law enforcement authorities worldwide to detect patterns of wrong-doing, leading to investigations and prosecutions. File your complaint at https://www.ftccomplaintassistant.gov/FTC_Wizard.aspx?Lang=en. Victims of identity crime may receive additional help through the FTC hotline at 1-877-IDTHEFT (1-877-438-4388); the FTC website atwww.ftc.gov/IDTheft provides resources for victims, businesses, and law enforcement.
  • Your Local Victim Service Provider. Most communities in the United States have victim advocates ready to help following a crime. They can provide information, emotional support and advocacy as needed. Find local victims service providers here: http://ovc.ncjrs.gov/findvictimservices/search.asp

Collect and Keep Evidence
Even though you may not be asked to provide evidence when you first report the cybercrime, it is very important to keep any evidence you may have related to your complaint. Keep items in a safe location in the event you are requested to provide them for investigative or prosecutive evidence. Evidence may include, but is not limited to, the following:
  • Canceled checks
  • Certified or other mail receipts
  • Chatroom or newsgroup text
  • Credit card receipts
  • Envelopes (if you received items via FedEx, UPS, or U.S. Mail)
  • Facsimiles
  • Log files, if available, with date, time and time zone
  • Messages from Facebook, Twitter or other social networking sites
  • Money order receipts
  • Pamphlets or brochures
  • Phone bills
  • Printed or preferably electronic copies of emails (if printed, include full email header information)
  • Printed or preferably electronic copies of web pages
  • Wire receipts

Additional Tips for Specific Types of CybercrimeOnce you discover that you have become a victim of cybercrime, your response will depend, to some degree, on the type and particular circumstances of the crime. Here are useful tips to follow for some specific types of cybercrimes:

In cases of identity theft:
Make sure you change your passwords for all online accounts. When changing your password, make it long, strong and unique, with a mix of upper and lowercase letters, numbers and symbols. You also may need to contact your bank and other financial institutions to freeze your accounts so that the offender is not able to access your financial resources.
Close any unauthorized or compromised credit or charge accounts. Cancel each credit and charge card. Get new cards with new account numbers. Inform the companies that someone may be using your identity, and find out if there have been any unauthorized transactions. Close accounts so that future charges are denied. You may also want to write a letter to the company so there is a record of the problem.
Think about what other personal information may be at risk. You may need to contact other agencies depending on the type of theft. For example, if a thief has access to your Social Security number, you should contact the Social Security Administration. You should also contact your state Department of Motor Vehicles if your driver's license or car registration are stolen.
File a report with your local law enforcement agency. Even if your local police department or sheriff’s office doesn’t have jurisdiction over the crime (a common occurrence for online crime which may originate in another jurisdiction or even another country), you will need to provide a copy of the law enforcement report to your banks, creditors, other businesses, credit bureaus, and debt collectors.
If your personal information has been stolen through a corporate data breach (when a cyberthief hacks into a large database of accounts to steal information, such as Social Security numbers, home addresses, and personal email addresses), you will likely be contacted by the business or agency whose data was compromised with additional instructions, as appropriate. You may also contact the organization’s IT security officer for more information.
If stolen money or identity is involved, contact one of the three credit bureaus to report the crime (Equifax at 1-800-525-6285, Experian at 1-888-397-3742, or TransUnion at 1-800-680-7289). Request that the credit bureau place a fraud alert on your credit report to prevent any further fraudulent activity (such as opening an account with your identification) from occurring. As soon as one of the bureaus issues a fraud alert, the other two bureaus are automatically notified.

For additional resources, visit the Identity Theft Resource Center at www.idtheftcenter.orgor the Federal Trade Commission athttp://www.ftc.gov/bcp/edu/microsites/idtheft/tools.html.

In cases of Social Security fraud:
If you believe someone is using your social security number for employment purposes or to fraudulently receive Social Security benefits, contact the Social Security Administration’s fraud hotline at 1-800-269-0271. Request a copy of your social security statement to verify its accuracy.

For additional resources, visit the Social Security Administration athttp://oig.ssa.gov/report-fraud-waste-or-abuse.

In cases of online stalking:
In cases where the offender is known, send the stalker a clear written warning saying the contact is unwanted and asking that the perpetrator cease sending communications of any kind. Do this only once and do not communicate with the stalker again (Ongoing contact usually only encourages the stalker to continue the behavior).
Save copies of all communication from the stalker (e.g., emails, threatening messages, messages via social media) and document each contact, including dates, times and additional circumstances, when appropriate.
File a complaint with the stalker’s Internet Service Provider (ISP) and yours. Many ISPs offer tools that filter or block communications from specific individuals.
Own your online presence. Set security and privacy settings on social networks and other services to your comfort level of sharing.
Consider changing your email address and ISP; use encryption software or privacy protection programs on your computer and mobile devices. (You should consult with law enforcement before changing your email account. It can be beneficial to the investigation to continue using the email account so law enforcement can also monitor communication.)
File a report with local law enforcement or contact your local prosecutor’s office to see what charges, if any, can be pursued. Stalking is illegal in all 50 states and the District of Columbia.

For additional resources, visit the Stalking Resource Center at www.ncvc.org/src.

In cases of cyberbullying:
  • Tell a trusted adult about what’s going on.
  • Save any of the related emails, texts, or messages as evidence.
  • Keep a record of incidents.
  • Report the incident to the website’s administrator; many websites including Facebook and YouTube encourage users to report incidents of cyberbullying.
  • Block the person on social networks and in email.
  • Avoid escalating the situation: Responding with hostility is likely to provoke a bully. Depending on the circumstances, consider ignoring the issue. Often, bullies thrive on the reaction of their victims. If you or your child receives unwanted email messages, consider changing your email address. The problem may stop. If you continue to get messages at the new account, you may have a strong case for legal action.
  • If the communications become more frequent, the threats more severe, the methods more dangerous and if third-parties (such as hate groups and sexually deviant groups) become involved—the more likely law enforcement needs to be contacted and a legal process initiated.

For more information, visit www.stopcyberbullying.org and www.ncpc.org/cyberbullying.

How Did This Happen To Me? A Word about Malware.Many cybercrimes start with malware—short for “malicious software.” Malware includes viruses and spyware that get installed on your computer, phone, or mobile device without your consent—you may have downloaded the malware without even realizing it! These programs can cause your device to crash and can be used to monitor and control your online activity. Criminals use malware to steal personal information and commit fraud. If you think your computer has malware, you can file a complaint with the Federal Trade Commission at www.ftc.gov/complaint.

Avoid malware with the following tips from the STOP. THINK. CONNECT. campaign:
Keep a clean machine by making sure your security software, operating system and web browser are up to date.
When in doubt throw it out. Don’t click on any links or open attachments unless you trust the source.
Make your passwords long and strong and unique. Combine capital and lowercase letters with numbers and symbols to create a more secure password. Use a different password for each account.
Set your browser security high enough to detect unauthorized downloads.
Use a pop-up blocker (the links in pop-up ads are notorious sources of malware).
Back up your data regularly (just in case your computer crashes).
Protect all devices that connect to the Internet. Along with computers, smart phones, gaming systems, and other web-enabled devices also need protection from malware.
Make sure all members of your family follow these safety tips (one infected computer on a home network can infect other computers).

Other Places to Find Resources or File a Complaint:
Avoid malware with these STOP. THINK. CONNECT. Tips:
  • Keep a clean machine: Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.
  • Automate software updates: Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an available option.
  • Protect all devices that connect to the Internet: Along with computers, smart phones, gaming systems, and other web-enabled devices also need protection from viruses and malware.
  • Plug & scan: “USBs” and other external devices can be infected by viruses and malware. Use your security software to scan them.
  • Protect your $: When banking and shopping, check to be sure the sites is security enabled. Look for web addresses with “https://” or “shttp://”, which means the site takes extra measures to help secure your information. “Http://” is not secure.
  • Back it up: Protect your valuable work, music, photos, and other digital information by making an electronic copy and storing it safely.
Additional Resources:
*The National Cyber Security Alliance would like to thank the National Sheriffs’ Association and International Association of Chiefs of Police for their assistance in creating this resource.

more news below

Passwords and Securing Your Accounts

Passwords & Securing Your Accounts | StaySafeOnline.org: " PASSWORDS & SECURING YOUR ACCOUNTS - Passwords are like keys to your personal home online. You should do everything you can prevent people from gaining access to your password. You can also further secure your accounts by using additional authentication methods."

When creating a password, make sure it is long and strong, with a minimum of eight characters and a mix of upper and lowercase letters, numbers and symbols.

You should also remember to:
  • Not share your password with others.
  • Make your password unique to your life and not something that is easily guessed.
  • Have a different password for each online account.
  • Write down your password and store it in a safe place away from your computer.
  • Change your password several times a year. 
Other Ways to Secure an Account -Typing a username and password into a website isn't the only way to identify yourself on the web services you use.
  • Multi-factor authentication uses more than one form of authentication to verify an identity. Some examples are voice ID, facial recognition, iris recognition and fingerscanning. 
  • Two-factor authentication uses a username and passowrd and another form of identifcation, often times a security code. Over time, more websites will be adopting multi-factor authentication. In some cases, the services may be available, but are not required. 
Many email services offer two-step verification on an opt-in basis. Ask your financial institution and other online services if they offer multi-factor authentication or additional ways to verify your identity.

Additional Resources:
  • Secure your accounts: Ask for protection beyond passwords. Many account providers now offer additional ways for you verify who you are before you conduct business on that site.
  • Make passwords long and strong: Combine capital and lowercase letters with numbers and symbols to create a more secure password.
  • Unique account, unique password: Separate passwords for every account helps to thwart cybercriminals.
  • Write it down and keep it safe: Everyone can forget a password. Keep a list that’s stored in a safe, secure place away from your computer.

more news below

US Spy Chief Leading US Into Cyberwar

NSA Snooping Was Only the Beginning. Meet the Spy Chief Leading Us Into Cyberwar | Threat Level | Wired.com: "And he and his cyberwarriors have already launched their first attack. The cyberweapon that came to be known as Stuxnet was created and built by the NSA in partnership with the CIA and Israeli intelligence in the mid-2000s. The first known piece of malware designed to destroy physical equipment, Stuxnet was aimed at Iran’s nuclear facility in Natanz. By surreptitiously taking control of an industrial control link known as a Scada (Supervisory Control and Data Acquisition) system, the sophisticated worm was able to damage about a thousand centrifuges used to enrich nuclear material." (read more at link above)

U.K. to Probe Huawei Cyber-Security Center | News & Opinion | PCMag.com: "The U.K. government will conduct a review of a cyber-security center run by Huawei to ensure that it is actually effective. The country's National Security Adviser will "carry out a review" of the center, which is known as the Cell, according to a new report from the U.K.'s Intelligence and Security Committee. The committee issued its report after Prime Minister David Cameron last month raised concerns in his own report to Parliament about Huawei's operations in the U.K."

more news below

Attackers hide code to thwart defenders

How Attackers Thwart Malware Investigation -- Dark Reading: " . . . Yet if the attackers find better ways of hiding their code and making analysis more difficult for defenders, it could result is less intelligence on attackers tools and techniques, ThreatGRID's De Beer says. "Ultimately, all of these things can be decoded and decrypted and figured out over time, whether it be through dynamic or static means, but the goal on the attackers' side is to increase the workload to the extent where it becomes a very difficult thing to scale," De Beer says. "If you can't scale your analysis and you can't scale your ability to produce actionable content and threat intelligence, then they have an advantage over you at any point in time."" (read more at link above)

more news below

DDoS Attack Takes Down DNS Provider Network Solutions and Clients

DDoS Attack Takes Down DNS Provider Network Solutions | Threatpost: "A distributed denial of service attack knocked the website of the domain name registrar Network Solutions LLC offline this morning and affected an unknown number of its clients’ sites as well. Network Solutions announced on its Facebook page that it was experiencing a DDoS attack just before 11 a.m. EST, and then at 1:30 p.m. said the attack had been mitigated. Beyond that, the company has been relatively mum on the issue, angering its customers by failing to keep them adequately updated on its website and various social media channels."

Emergency Alert System Vulnerable to Hackers

Emergency Alert System Vulnerable to Hackers, Report Finds | News & Opinion | PCMag.com: "Hackers could have a field day with the Emergency Alert System (EAS), thanks to vulnerabilities with equipment used to transmit the alerts, according to a new report. According to Seattle-based IOActive, the systems that intercept emergency messages from federal officials and then interrupt regular broadcasts to transmit the message - known as DASDEC - are susceptible to cyber attacks."

more news below

Students Question the NSA at Recruiting Session

▶ Students Question the NSA at Recruiting Session by Madiha:

US Expands Role in Cyber Defense
Reports on chinese hacking activity -- let's bring in a chief security officer at a cyber security firm who has published several reports on chinese hacking activity. This is a fairly new program. It's important to realize that the information ...

Dramatic increase in phishing scams as criminals target Apple IDs
Muscat Daily
Kaspersky Lab recently published a report that analysed increase in cyber criminal campaigns to steal users' Apple IDs and account information by creating fraudulent phishing sites that imitate the official Apple site (www.apple.com). Cyber criminals ...

more news below

Port of Baltimore vulnerable to cyber attack

Port of Baltimore is vulnerable to cyber attack, Brookings study says
Baltimore Sun
The port and the MDOT work with the FBI Baltimore Cyber Crime Unit and a liaison with the NationalSecurity Agency at Fort Meade to ensure the integrity of the computer network, he said. "We have the highest level of security available and a thorough ...read more at link above

more news below

China and US to discuss cyber security at forum

China, US to discuss cyber security at forum
Las Vegas Sun
It will include the inaugural gathering of a U.S.-Chinese cyber security group. Beijing is under U.S. pressure to crack down on cyberspying after security consultants tracked a wave of hacking attacks to China. An assistant foreign minister, Zheng ...read more at link above

more news below

Cyber attacks growing more advanced

Cyber attacks growing more advanced - report
Upstream Online
The threats posed by state-backed intelligence outfits, industry insiders and freelance hackers is evolving and could deal a blow to US national security and economic competitiveness, the non-partisan think tank said in a report this week. "Once in the ...

West must work with the rest to secure Internet
At a time when China and the US are striving to build a new type of relationship, it is imperative that both should be guided by good faith, one of the basic requirements of international relations of whichcyber security affairs is a part. They should ...

Nation at high risk of cyber attacks
VietNamNet Bridge
The study, which was based on data from the Kaspersky Security Network cloud service, found that what was once a subset of spam has evolved into a rapidly growing cyber threat in its own right.Phishing is a form of internet fraud in which criminals ...

more news below

General in leak probe quit Pentagon post suddenly

General in leak probe quit Pentagon post suddenly, citing health reasons
NBCNews.com (blog)
“He was a crucial voice in communicating both the opportunities and dangers of cyber warfare,” said Peter Singer, a national security expert at the Brookings Institution think tank. More from NBC News Investigations: Report: Millions wasted on ...

more news below

Cyber threats are here to stay

Panelists : Cyber threats are here to stay
Aspen Times
The two participated in a discussion called “The Cyber Threat to America's Economy, Infrastructure, and Security,” as a part of the Aspen Ideas Festival. ... So what's the motivation for this kind ofwarfare? ... “If there's a missile attack you have ...

more news below

NSA wasting money and resources - Terrorists Don't Use Verizon. Skype or Gmail

Sorry, NSA, Terrorists Don't Use Verizon. Or Skype. Or Gmail. | Motherboard: . . . Or, as Bloomberg more bluntly puts it, the "infrastructure set up by the National Security Agency ... may only be good for gathering information on the stupidest, lowest-ranking of terrorists. The Prism surveillance program focuses on access to the servers of America’s largest Internet companies, which support such popular services as Skype, Gmail and iCloud. These are not the services that truly dangerous elements typically use." Read more: http://motherboard.vice.com/blog/hey-nsa-terrorists-dont-use-verizon-or-skype-or-gmail#ixzz2XLaWIu4z Follow us: @motherboard on Twitter | motherboardtv on Facebook

more news below

cyber security - Google News

cyber warfare - Google News

cyber defense - Google News

US-CERT Cyber Security Tips

Cyber War News

Alive in the Cloud