Cybercrime Made Easy

The Truth That You Don’t Know

“There are only two kinds of companies in

today’s business world. Those that have

been hacked… and those that don’t know

that they’ve been hacked.”

Is Your Company Next?

How to Get Hacked

In 5 Easy Steps

1. Social engineering

2. Carelessness

3. Spearphishing

4. Malware and virus attacks

5. Poor or non-existent authentication

How to Get Hacked #1

LEAK PLENTY OF INFORMATION• Afraid of the NSA?

– Google, Amazon, Facebook and Instagram know more about you than the NSA ever will

– With this information they can change the email address on your account

• It is being used against you in ways you can’t imagine…

How to Get Hacked #1

WATCH A GENIUS

How to get Hacked

Step #2 - CARELESSNESS• Over 500,000 laptops were lost at airports LAST

YEAR – Encrypt and password-protect them– Attach a business card or engrave them with info– Add authentication to login

• Passwords on sticky notes under the keyboard

• Passwords that can be easily hacked (1 billion/minute)– Send them to HowStrongIsMyPassword.com– Have your IT department require 1 upper/1 lower/1 special

character

From: eBay eBay@reply1.ebay.com

Subject: Important - eBay Password Reset Required

Date: May 26, 2014 at 4:35 AM

To: scottjgoldman@gmail.com

Important - eBay Password Reset Required

IMPORTANT: PASSWORD UPDATE

Dear eBay Member,

To help ensure customers' trust and security on eBay, I am asking all eBay users to

change their passwords.

Here's why: Recently, our company discovered a cyberattack on our corporate

information network. This attack compromised a database containing eBay user

passwords.

What's important for you to know: We have no evidence that your financial

information was accessed or compromised. And your password was encrypted.

What I ask of you:

Go to eBay and change your password. If you changed your password on May 21 or

later, we do not need you to take any additional action at this time.

Changing your password may be inconvenient. I realize that. We are doing

everything we can to protect your data and changing your password is an extra

precautionary step, in addition to the other security measures we have in place.

If you have only visited eBay as a guest user, we do not have a password on file.

If you used the same eBay password on any other site, I encourage you to change

your password on those sites too. And if you are a PayPal user, we have no

evidence that this attack affected your PayPal account or any PayPal financial

information, which is encrypted and stored on a separate secure network.

Here are other steps we are taking:

Oops!

How to Get Hacked Step #3 –

SUCCUMB TO SPEARPHISHING

• An attack that individualizes the come-on

– Cyber criminals are jerks but they aren’t stupid

– Incredibly sophisticated-looking emails

• Never, ever, EVER click on links in an email

• Don’t believe every email – hover over links

From: American Express Statement statement@ien11-3-88-183-193-217.fbx.proxad.net

Subject: Your April 2014 Online Merchant Financial Activity Statement from American Express is now available

Date: May 21, 2014 at 12:06 PM

To: admin@textpower.com, mark@textpower.com, sales@textpower.com

View Your April 2014 Online Merchant

Financial Activity Statement

Keep track of your account with your latest Online MerchantFinancial Activity Statement from American Express. It's available foryou to view at this secure site. Just click to select how you wouldlike to view your statement:

View/Download as a PDF

View all EStatements

So check out your statement right away, or at your earliestconvenience.

Thank you for managing your account online.Sincerely,

American Express

Please do not respond to this e-mail. If y ou have any questions about this inquiry

message or your American Express

Merchant account, please speak to a Customer Service representati ve at 1-800-

374-2639

View Our Privacy Statement

Add Us to Your Address Book

Unsubscribe

American Express Customer Service Department

P.O. Box 297817 | Ft. Lauderdale, FL 33329-7817

Copyright 2014 American Express Company. All rights reserved.

AGNEUOMS0006001

From: American Express fraud@aexp.com

Subject: [Spam] Fraud Alert : Irregular Card Activity

Date: June 24, 2014 at 9:44 AM

To: info@textpower.com

Irregular Card Activity

Dear Customer,

We detected irregular card acti vity on your American

Express

Check Card on 24 June, 2014.

As the Primary Contact, you must verify your account

activity before you can

continue using your card, and upon verification, we will

remove any restrictions

placed on your account.

To review your account as soon as possible please.

Please click on the link below to verify your information

with us:

https://www.americanexpress.com/

If you account information is not updated within 24 hours

then your ability

to access your account will be restricted.

We appreciate your prompt attention to this important

matter.

2014 American Express Company. All rights reserved.

AMEX Fraud

Department

From: American Express Customer Service AmericanExpress@welcome.aexp.com

Subject: American Express - Safe Key

Date: June 24, 2014 at 8:48 AM

To: bobjones@textpower.com

Amex Logo Safe Key

Create your safe key now

Please create your Personal Security Key. Personal Safe Key (PSK) is

one of several authentication measures we utilize to ensure we are

conducting business with you, and only you, when you contact us for

assistance.

American Express uses 128-bit Secure Sockets Layer (SSL) technology.

This means that when you are on our secured website the data

transferred between American Express and you is encrypted and

cannot be viewed by any other party. The security of your personal

information is of the utmost importance to American Express, please

click here to create your PSK (Personal Safe Key).

Note: You will be redirected to a secure encrypted website.

The contained message may be privileged, confidential and protected

from disclosure. If the reader of this message is not the intended

recipient, or an employee or agent responsible for deli vering this

message to the intended recipient, you are hereby notified that any

dissemination, distribution or copying of this communication is

strictly prohibited.

Sincerely,American Express Customer Service

Contact Customer Service | View Our Privacy Statement | Add Us to Your Address BookThis is a customer service e-mail from American Express. Using the spam/junk mail function maynot block servicing messages from being sent to your email account. To learn more about e-mailsecurity or report a suspicious e-mail, please visit us at americanexpress.com/phishing. We kindlyask you not to reply to this e-mail but instead contact us securely via customer service.American Express. All rights reserved.DTWEUSDP1535320

How to Get Hacked Step #4

OPEN THE INTERNAL GATES

• Malware

• Trojans

• Keyloggers

All from downloading an innocent-looking file, cartoon,

video, discount offer or any other way to get you to click a link

How to Get Hacked #5

DON’T BOTHER WITH 2-FACTOR

AUTHENTICATION• ID/password systems just aren’t enough

• Use an additional “factor” of authentication

– Something you have (cell phone, token/key fob)

– Something you know (password, challenge)

TextKey™ is OMNI-Factor

Authentication

• Strongest security solution available

• Easier for users (= more participation)

• Lower cost than other solutions

• Simplified implementation

“Ironclad protection”(Network World Magazine – May, 2013)

TextPower, Inc.

www.TextPower.com

Info@TextPower.com

888.818.1808