Special Tech Thursday with Dave Hatter


  • How hackers steal your passwords:
    • Here are some common ways that hackers get users' passwords:
      • Phishing: Hackers "phish" for user credentials with bogus emails, social media posts, text messages and instant messages
      • Keylogger: Malware that captures a user's keystrokes which would likely contain a their credentials
      • Brute Force: Algorithms use brute computer power to derive the password
      • Password Spraying: Use a list of commonly used passwords
      • Credential Stuffing: Test lists of stolen credentials
      • Discovery: Passwords are written down and/or stored in unencrypted files that someone can access
    • Use a strong, unique passphrase for every site/app/platform
    • Use a password management application. At Intrust IT, we recommend LastPass
    • Enable multi-factor authentication (MFA, 2FA)
  • Signs your mobile phone is infected with malware:
    • Malware can be installed on your device by posing as legitimate app or by clicking a malicious link
    • Red flags that may indicate a malware infection include:
      • The phone begins to lag
      • The battery drains more quickly than normal even when you aren't using it
      • It behaves erratically and/or crashes often
      • Unexplained data usage
      • You’re locked out of certain settings or apps
      • Apps found that you didn't install
      • Unexpected changes. For example, the home page of your browser changed
      • Unexpected pop-messages or applications open without any action on your part
    • Javvad Malik, security expert at KnowBe4 said "The best thing to do for most users would be to wipe the phone and reinstall from scratch"
    • Protect your phone from malware:
  • The most devious phishing techniques Microsoft saw in 2019:
    • Microsoft recently released a cybersecurity report indicating that phishing was one of the few attack vectors that increased in activity over the past two years
    • They reported that phishing grew from under 0.2% in January 2018 to around 0.6% in October 2019 of all emails they analyzed
    • The three most devious types of Phishing attacks they seen in 2019 are:
      • Hijacked search results
      • Bogus error pages
      • Man-in-the-Middle (MITM) phishing
    • While anti-virus and anti-Phishing software is constantly improving, the bad guys are always at least one step ahead
    • You must be highly skeptical of ANY web page that asks for your user credentials unless YOU went directly to that URL by typing it in, and confirm that it's correct by carefully examining the URL
    • Use a strong, unique passphrase for every site/app/platform
    • Use a password management application. At Intrust IT, we recommend LastPass
    • Enable multi-factor authentication (MFA, 2FA)
    • Read the MS blog post here:https://www.microsoft.com/security/blog/2019/12/11/the-quiet-evolution-of-phishing/
    • Read the Microsoft Security Intelligence Report here:https://www.microsoft.com/securityinsights/