You've Been Pwned! (A followup to the episode)

You may have noted my ire in the last episode, such that Tom decided to add an EXPLICIT rating because, I don't know... I said "pissed," I said "eff," I exist? (We can ask Tom at some later date, because I know I should get to the bottom of it.)

Explicit, or not, I was riled for good reason, not the least of which was what appear to be some pretty crappy (sure, I'll slap an explicit rating on this post, too) marketing techniques by companies looking to make a dime off of your insecurity and the "mystery" of terminology like DARK WEB, PHISHING, HAVING ACCESS TO YOUR CAMERA, so lets have a look at why.

Behold! two "ADs" from services purporting to be a in the business of helping you protect your data.

Exhibit One: Chase Bank

Exhibit Two: McAfee

Note that both of these are sales pitches and both are designed to make you worry about the safety of your personal information. In other words, this is a shitey (oops!) way to up sell you on some feature these companies offer to monitor your information on the web.

To be clear, there is nothing wrong with these services. They are valuable and and worthwhile, and useful for helping you set and maintain password safety and privacy on the Internet. What I object to is the way this stuff is marketed. It's using scare tactics, jargon, (dark web, yo!) an very unspecific information to get you to flick the link, go to their respective sites, and buy their product.

Unexpurgated Garbage

To be clear, when my mother-in-law went to the bank to ask about what was going on, the bank manager had no clue about this email , thought it was SPAM or a phishing attempt, and recommended that she get rid of her current email address and get a brand new one.

When I went to my clients McAfee site, there wasn't a list of compromised passwords for her to look at nor was there any information about the breaches her email address was exposed in. There was, instead, a link to "scan the web" and see if there were any breaches.

In other words... this was garbage marketing.

The Good Guys

Exhibit Three: Hudson Valley Credit Union

Note the following email the the aforementioned bank:

Same tools, significant difference, right? Not one mention of the Dark Web, no scare tactics designed as clickbait, just gentle guidance as to what you should know and what you should do to keep your information safe on the web. Love it and love this credit union. Classy all the way around.

How To Keep Yourself Safe and Your Info Safe

There are several tools you can use to make sure your passwords are safe and secure:

1. If you're on a Mac or iOS device you have security built right in.  Open the Settings App, then open the Passwords app. if you're saving passwords on any of your Apple devices (which you should be) The passwords app will alert you to sites that may be compromised.
   
2. If you don't have an Apple device, use a password management app such as 1Password. Like Apple's built-in password tool, 1Password will help you create and save good passwords for every place on the Web a password is required and will scan the web for passwords that have been compromised and help you to change them.
3. Put your email address in HaveIBeenPwned and see if your password has been exposed in a data leak. If it has, you can go to each of the sites listed and change those passwords.
4. Finally follow these few guidelines:

Always

1. Text/Email/Call a trusted friend or family member to confirm whether not a message you've received as real or fake.
2. Call trusted numbers to confirm whether or not the message you've received is legit. For example, if you've received a message from your bank, call a number you know you already have to confirm or deny that what you're seeing is real.
3. Be aware that no bank, credit card company, Nigerian prince, or computer company such as Microsoft is going to email or call directly you offering you an investment opportunity, ask for your SSN or personally identifying information, promise to put a million dollars in your bank account, or offer to take care of all the viruses on your computer. These things to not happen. EVER.
4. Scan your device with a good, free scanning tool such as Malwarebytes.

NEVER

1. Call, email, or respond any phone number or email address your receive in a text message. A message like the following isn't a happy accident, it's a Phishing attempt:

2. Don't click links in text messages like the one above or click email addresses you see in email or in your Web browser stating that your computer has been compromised and they can fix it.

2. Never let anyone you don't know have access to your computer. Good computer technicians you've worked with before may use applications such as TeamViewer to connect to your computer and resolve your computer issues. But no random person who just called you on the phone should ever control your computer screen. Hang up now.

3. Scan a QRCode from a source you don't recognize, which is something called Quishing. (Don't look at me, I didn't name it.) QR code at your community theatre so you can see a digital show program, good, QRCode on a telephone pole in your neighborhood offering a suitcase full of $100 bills, bad. Don't do it.

4. Don't give your personal information to anyone unless you are absolutely certain who they are.

And that, as they say, is all.

See ya!

-Jeff