The Kavalan Cyber Safety Newsletter

Cyber security and cyber hygiene spoken simple

(This newsletter contains links to external websites. Please review their terms of use and privacy policies before using those websites.)

September 2023 Edition

EXECUTIVE SUMMARY: The weather is getting cooler and it is not Turkey day yet but Maureen the Clean would like to discuss stuffing - not the edible kind. It is not Halloween yet, but Jake the Pedantic is stirring old memories by trying to show off that he knows what we all did last Sunday. Turns out he can find all this out from his Mom's basement. Very scary! It is not the holiday season yet but Samuel the Harangued has found out scammers have been gifting themselves billions of dollars including some of Aunt Mabry's money.
Follow Us On Social Media For Weekly Cyber Safety Tips

Know Your Cyber Threats


Maureen The Clean

Credential Stuffing Attacks

Hacker finds or buys compromised user names and passwords a.k.a credentials, on the Dark Web. Hacker then attempts to login to common or popular websites and online services using those same credentials. Oh yeah, there are already software tools available to automate this for hackers so that they can try millions of accounts on thousands of sites. And voila, just like that, we have a credential stuffing attack!  Why does this work? Because millions of people reuse their passwords on multiple sites! Norton Lifelock, Paypal, Chick-fil-A, United Healthcare and most recently clothing company Hot Topic have all experienced this attack in 2023.

anatomy of a credential stuffing attack

How to Protect Yourself?

Here are 3 things you can do to reduce your risk:
  • Change the default password on all devices, apps and websites you use and make them strong passwords i.e. complex 13 characters or more.
  • Do NOT reuse passwords!
  • Wherever possible, enable 2 factor authentication or one time passwords for your accounts. That way, even if they guess the password, they will still need to enter the second factor code.

'I know what you did last Sunday'


Jake The Pedantic

There are thousands of data brokers on the internet and the list includes some very well known large tech companies. Many are foreign companies including companies out of Russia and China. Data brokers collect, trade and sell information about each and every one of us. They collect information about us from tracking technologies such as cookies, beacons, pixels and more that lurk on websites, apps and devices (yes, that smart TV you bought, that has trackers in it too!) that we use as well as from companies that we do business with such as banks, credit card companies, etc. They will sell the information to anyone who asks - including hackers! Yes, that is correct - your online safety is linked to your online privacy!

How big is this problem?
Here are some numbers: 

How can you protect yourself and your family's privacy better?
Remember, this is a game of risk reduction and there is no one single cure. You can use 'Incognito Mode' on your browser in combination with privacy preserving search engines. But this still leaves you exposed on apps, devices such as your smart TV, smart speakers, smart thermostats, gaming systems and other connected devices and online services. Also remember, apps are not just on phones, they are on smart TVs, smart speakers and gaming systems too. You also need whole home online privacy and security solutions likethat protect you from cyber threats but also automatically identify and block privacy threats.

Aaargghh! with Samuel the Harangued

Senior scams with an extra dose of creativity

Advance fee scams, romance scams, Medicare scams, grandparent scams, tech support scams, government imposter scams - the list keeps growing! Seniors are increasingly targets of online and real life scams. Seniors lost an average of $35,101 in 2022 for a total of over $3.1 billion! Staggering numbers and they only keep increasing. Awareness and alertness are indeed the most effective tools to prevent seniors from falling prey. Local and federal governments have woken up to the scourge and issue alerts on new and emerging scams. If you are a victim of a scam, help is available at both state and federal levels.

read about the justice department's national elder fraud hotline

Threats and Breaches

Social media platform X, formerly known as Twitter, has been flooded with crypto giveaway scams impersonating Elon Musk, SpaceX or Tesla's accounts utilizing a deepfake video of Elon Musk. Yikes - trust no face, trust no account!

Musk Crypto Giveaway Scams

The Clorox Company, the makers of the pseudonymous bleach product, was hit by a cyber breach last month and is still struggling to get their operations back online resulting in shortages for multiple of their products.

No Bleach Due to Breach

NodeStealer malware is targeting Facebook business accounts to steal user credentials and browser data. It is distributed a malicious file attachment sent through Facebook Messenger using pictures of defective products as bait!

Nodestealer Facebook Malware