In this issue:

• PDF of the previous blog articles now available here

• 184 million passwords in a data breach

• Threat of the week: Advertisements scams on Facebook and Instagram

• Let me know if there’s a topic you want me to cover

182 million passwords breached

Every single day there is a new data breach where confidential information is lost. Data breaches have happened at Equifax, Yahoo, Facebook, LinkedIn, and many more.

A few weeks ago a security researcher found a treasure trove of 184 million emails, logins, and passwords stored on the internet. The information was associated with Apple, Google, Facebook, Microsoft, the US government, and financial services accounts.

Unfortunately there is no way to know how many people have copies of this data.

I know it's not easy to remember hundreds of passwords, but these are some important tips to keep you secure:

• Never use the same password on more than one website

• Don't use the same format for different sites: yahoo74-8$, gmail74-8$, facebook74-8$

• Always create strong (unique and complicated) passwords

• Use a second method for confirming your login (called two-factor authentication or multifactor authentication), even if it must be through text messaging or an email

Criminals also try to hack your email which makes two-factor authentication ("2FA") or multifactor authentication ("MFA") suspectable to criminals, but this is hard for them to do if you have a strong password on your email account.

I'm positive the passwords you currently use are in many of the data breaches. I'll do a post soon on password managers (software where you can store your passwords), but if you like to write down your passwords, there are lots of password log books on Amazon.

Ad scams on Facebook and Instagram

Never trust an advertisement on Facebook, Instagram, or TikTok to buy products. You'll get more than you bargained for.

I wrote an article a few weeks ago about ads being using to lure people to fake AI video generation websites. In that case malicious software is being installed on your computer when you download the files.

But the real money is in the con game. If I wanted to, I could copy a real ad, create a new shopping website, and set up payment collection in less than a few minutes. It's very easy and everyone is doing it. Everyone being the criminals, that is.

Here's a picture of a fake advertisement.

But if I were doing it, I wouldn't list it for $19.99 which is obviously too far under it's value. Instead, I would advertise if for half-off the regular price. Then I would email an order confirmation that says it will ship in a week. After a week I would send the shipping confirmation.

The shipping confirmation could be fake or legitimate. For just a few dollars, a scammer could even send an empty package to your home. The delivery confirmation would prove that you received it, so you'd never be able to get your money back from the credit card.

Eventually the credit card company would know the merchant wasn't legitimate, but by then the criminals have scammed people for tons of money before starting their next game.

Alternatively, to make things even easier, the criminals aren't even doing the shipping part. Instead they are closing up shop within a few days.

Here's some tips to spot fake ads:

• The ad is too good to be true.

• The price is way too low.

• It asks you to direct message ("dm") credit card information or use another form of payment (Zelle, CashApp, Venmo, PayPal, gift cards) -- never do this because you can't get the money back!

• Comments are disabled.

• Too many five star reviews.

• The website name is complicated and is not part of the real company's website, such as www.thegapjeans.com instead of www.gap.com -- if you aren't sure if a website is legitimate, ask me.

There are many real ads on Facebook, Instagram, and TikTok, but don't take a chance. If you really want the product, you should be able to find the website and product on legitimate websites.

Do you have an idea for a future newsletter? Please reply to this email and let me know.

Thank you so much!

Sincerely,
Cassie Crossley
Founder, Cyber Safe Center
https://www.cybersafecenter.com