Cybersecurity consultant Chris Duque lends his expertise to the Honolulu Prosecutor’s Office following a one-year grant as an investigator in its white collar crime unit in 2013. These days, he lends his expertise on a wide range of issues, typically on cases involving any device that can access the Internet, such as cell phones.
The anonymity afforded by such devices should cause people to be more vigilant in verifying who they are sharing information with. However, he shared a case in which a CEO used a single email account for business, personal matters, shopping, and company financials using Quicken. Worse yet, he had a simple password that was easy to hack, let’s say “hawaii123”. Within one day, a single hacking incident caused $80,000 from sales to be diverted to the hacker’s bank account in the Netherlands. The hack was discovered when the CFO was unable to access his account, and learned that the hacker had changed the password.
In another case, a retired shipyard worker was referred to a financial planner by a friend. The financial adviser convinced him to make several wire transfers, incurring service fees and subsequently falling behind on their mortgage. His friend dissuaded him from calling the police; he later found out the financial planner and the friend was one and the same.
The biggest risk in social media is oversharing. LinkedIn does not have dual authentication, so anyone can pose as a fake company, and claim that it is hiring in order to obtain personal information from resumes.
Cybersecurity tips from Chris Duque:
o use 5-8 characters
o use foreign language or pidgin phrases, combining words and numbers
o have 5-7 “core” passwords, e.g. “p1l1k1a*”
o add a prefix or suffix by website, e.g. “p1l1k1a*fb” for Facebook account
Separate business email accounts from personal emails and other purposes
To battle fake profiles, use dual authentication to verify identities of message sends, e.g. call or contact friends outside of social media.