by John Fisher (assisted by AI)

Cybersecurity breaches have become a recurring problem in my personal and professional life. Here are three examples that highlight the challenges I face and my efforts to address them.

1. Phishing Attempts

Phishing attempts are the most frequent cybersecurity threat I encounter. Almost weekly, I receive emails at work designed to trick me into clicking on a malicious link or providing sensitive information. These emails often appear to be from colleagues, but the content or request is suspicious. For example, I’ve received emails requesting immediate action on tasks that are unusual or texts claiming to be urgent but vague in detail.

What can I do?

To combat phishing attempts:

  • Verify with the sender: If an email seems suspicious, I call or contact the colleague directly to confirm its authenticity.
  • Report the incident: I promptly report phishing attempts to the cybersecurity team at my university.
  • Increase awareness: Regularly updating my training on recognizing phishing emails has been instrumental in reducing the chances of falling victim.

2. Password Breaches

Another issue I’ve faced involves stolen passwords resulting from corporate data breaches. Companies like Equifax, Marriott, and LinkedIn, where I’ve had accounts, have been breached, exposing my credentials. The problem is compounded because I reused the same password across multiple accounts for years. Even now, when I log into older apps, I occasionally see warnings such as, “There was a data breach. Protect yourself by changing the password.”

What can I do?

Here are some steps to address this issue:

  1. Use a password manager: Password managers like LastPass, Dashlane, or Bitwarden can generate and securely store unique passwords for every account.
  2. Enable multi-factor authentication (MFA): MFA adds an extra layer of security by requiring a code sent to your phone or email for account access.
  3. Check for breaches: Regularly monitor your email addresses and accounts using tools like Have I Been Pwned to identify if your data has been exposed in breaches.
  4. Update passwords promptly: Unfortunately, there’s no way to change all passwords at once. A password manager can simplify the process by automating updates across accounts.

3. Ransomware Attack on My Blog

Recently, my blog was targeted by a ransomware attack. My blog has a feature allowing posts via email, and the attacker exploited this vulnerability to send a ransom note that bypassed normal security filters. Fortunately, I have a review process for email submissions before posting, so the ransom demand was caught in time.

Summary of the Ransom Note:

The attacker claimed to have breached my system via malware from an adult website, gaining remote access to my device, including the ability to activate my camera and microphone. They alleged they had collected sensitive data and recordings of embarrassing activities and threatened to distribute this information to my contacts unless I paid a cryptocurrency ransom. They offered two options:

  1. Ignore the message, leading to the public release of the alleged material.
  2. Pay the ransom to secure the deletion of all evidence.

Should I worry?

Ransomware threats like this often rely on scare tactics and psychological manipulation. Here’s what you can do:

  • Verify the claim: In many cases, the attacker does not have the data they claim to possess. Look for evidence, such as logs of unusual access or actual malware.
  • Strengthen your blog’s security:
  • Disable vulnerable features like email posting if not needed.
  • Regularly update plugins, themes, and the content management system (e.g., WordPress).
  • Use two-factor authentication for admin access.
  • Do not engage with the attacker: Paying a ransom often leads to further exploitation without guaranteeing the issue is resolved.
  • Report the incident: Notify local authorities or cybersecurity experts. Ransom demands are criminal activities that should be documented and investigated.

Conclusion

Cybersecurity threats like phishing, password breaches, and ransomware attacks can disrupt both personal and professional lives. By staying vigilant, implementing robust security measures, and seeking expert guidance when necessary, I can mitigate these risks. For others facing similar challenges, adopting these practices can significantly improve your cybersecurity resilience.