How Safe Is Your Money?

Suppose you receive an email which pretends to be from Yahoo, Google or wherever else. It tells you your account has seen some suspicious activity and you must change your password right away.

This is no longer some klutzy looking email with typos and bad grammar telling you to send money to claim your winnings in some Nigerian lottery.

No, instead, these emails are sophisticated copies of real emails sent by real US tech companies. Even the address in the “From” box will appear legitimate. The only difference is that the link that you click on takes you to a phony site.

The phony site is also absolutely identical to a real site from Google, Yahoo or whoever else’s customers hackers are targeting.

Then under the impression you’re on the correct site, you willingly enter in your username and password. You absolutely have zero reason to be suspicious because the site is truly identical to an authentic site (at least on the outside it is….)

Then a series of things start to happen. They’re all bad.

First, the hackers use your credentials to login to your account. They are not sitting there typing anything in by hand. It is all automated and it happens instantaneously. Next, they immediately change your passwords and recovery options (such as phone numbers and secret questions).

This locks you out of your account. Once that happens, you generally have no way to access your accounts. EVER. IF you don’t believe me, try contacting Yahoo or Google and telling them “I am locked out of my account, and my password phone number and secret questions are all not working”. I assure you, you will be completely out of luck because those automated recovery options are the only ones offered for free accounts.

In the meantime, the hackers have full access to everything in your account. They now know your password that you used on that account, meaning they can try using the same password on your other accounts, like you credit and bank accounts.

Next Comes the Real Damage…

Those things all happen instantaneously. But the real damage often takes a few weeks. As the hackers run these scripts on hundreds of millions of emails, they start automatically creating large file dumps containing the actual details of the underlying account (email contents, user names, passwords, bank accounts, etc.)

Periodically, they will check in on the contents of each of those file dumps and then make individual targeted attacks. In many cases, rather than do this leg work themselves, hackers sell the contents of their identity theft files to any willing buyer via “The Dark Web”. This is particularly true for hackers who are in China or Russia and don’t speak English.  (They can’t read the contents of your files, so they just sell them to those who can.)

Either way, the initial phase of the attack is so perfectly convincing that many people will have no idea that they have been hacked. They just assume that there is something wrong with their account. Again, this can happen with any account, including Yahoo, Gmail, AOL, etc.

Thinking you can simply change your other passwords to thwart such attacks?  Sadly, the truth for just about everyone reading this alert is that the password you are using is basically the equivalent of having no password at all.

Just when you thought it couldn’t get worse!

Your Passwords Are Likely Terrible

There is certain “data recovery” (i.e. hacking) software on the market for just a few hundred dollars that is specifically designed to crack passwords. The latest generation of this software allows hackers to try as many as 6 billion password attempts EVERY SECOND!

That is where huge computing power has taken us to today. And by the way, these password crackers don’t make their attempts in sequential order. They use artificial intelligence to figure out what are the most likely passwords and then use dictionary algorithms with minor modifications to each word.

In short, that means if your password is a derivation of the word “password” or if it is anything like abc123 etc., then it will literally take the hackers less than one second to get into your account. If you use any standard dictionary word (like “puppy” or “monkey” etc.) with a number attached, then maybe it will take one hour.

Remember, 6 billion attempts per second equates to 360 billion attempts per minute, or 21.6 trillion per hour!

Your only hope here is if you have a password with at least 10 characters with a combination of  uppercase letters, lowercase letters, numbers AND special characters, without using any words found in the dictionary. If you do it right, your password should look like pure gobbledygook, something like r%Tz13@m8G#.

It is definitely a significant pain, but your safety, and financial security is well worth it!

Protect Yourself! Add 2FA Today…

You also really need to enable “2 Factor Authentication” (“2FA”). This means that when you login to your accounts, the site will send a code to your cell phone or email which you then need to enter into the website in order to complete the login process. This feature is now available on nearly every major email service and social media account.

How many people do you know who are already doing all of this? Exactly. Me neither.

As the frequency and severity of cyber-attacks continues to increase, we are no doubt going to see a sharp increase in purchases of anti-cyber-attack software.

That’s bullish for the entire cybersecurity space and the stocks of companies working on ways to combat internet theft and fraud.

Be careful out there… and take all the steps you can to protect your data and information.

Regards,

Rick Pearson

Rick Pearson

Editor’s Note: The Kinetic Window trading system is so powerful it’s predicting dozens of wins with 93.5% accuracy.

And this same system is also boasting returns as high as 2,705%.

You read that right… It’s a game changer!

Click here for the full story.

The Daily Reckoning