Hackers Breach Third Party Site to Tweet Political Messages

Hundreds, or possibly thousands of Twitter accounts were hacked and used to send political messages. Accounts of organizations and individuals around the world such as Forbes, the U.K. Department of Health, Starbucks in Argentina, the European Parliament, Amnesty International, Justin Bieber, and many others were victims in this attack that appears to support the Turkish president Recep Tayyip Erdogan.

Being blamed is two-time offender Twitter Counter. This is a tool that users can connect to their Twitter accounts to retrieve analytics such as responses to tweets, number of retweets, etc. Analysts believe that the hackers breached this site, which then gave them direct access to the victims’ accounts where they could tweet away without intervention. To its credit, Twitter Counter is taking some responsibility and investigating.

The risk of using social media accounts to connect to third party apps, or to log into third party apps is clearly demonstrated with this story. If the third party is breached, whomever did it (or sells the information) can also get to the social media account(s) connected to it. If there is an option, and there usually is, to create new and different login credentials for a site you want to use, take them up on it.

Also, always use unique, and strong, passwords for each site you log into.

Yes, these two pieces of advice might be a little cumbersome to follow, but just a few extra seconds can prevent your accounts from being used to promote someone else’s agenda.

Also, while there is no evidence this is what happened here, hackers have been successful at getting into accounts by requesting a password reset. Often in order to reset a password, challenge questions are presented. These are the ones that are set up when an account is first created. Many times, the choices of the questions have corresponding answers that are easily found on social media.

For example, if you have a Facebook account, there is a lot of information about you in the “About” section, such as where you are from. If you show this on your profile page, it isn’t so difficult for a cybercriminal to look that up and answer that “City where you were raised” question that often comes up as a choice so often in these lists.

In these cases, choose questions and answers that cannot easily be guessed or learned by perusing your social media profiles. Consider what you do share with others too; in your profiles and in your posts, tweets, stories, and shares. The more you share, the more others can find out about you and use it against you.

The other time Twitter Counter was breached was in November of 2016. At that time, it was advertising that was tweeted. Then, the CEO of the company promised that the hackers would not be able to do it again and that he was 95% sure that the issue had been resolved.

Twitter has blocked access from Twitter Counter and as of writing, that site was completely taken down. A message appears stating, “It seems there has been an internal server error with the page you requested. Send if the problem persists!”

© Copyright 2017 Stickley on Security

Don’t File the Wrong Tax Form

Tax time is time of making decisions, so why make life more complicated than it has to be? Use the appropriate federal income tax form for your situation.

The options most individuals may choose from are forms 1040EZ, 1040A, and 1040. You may download the form you want directly from the IRS website (www.irs.gov) or call 800-TAX-FORM (800-829-3676) to have it mailed to you.

Form 1040EZ

Form 1040EZ is by far the simplest to complete. However, the conditions to use it are strict, and you may neither itemize deductions nor receive a student loan interest deduction and education credit.

You may use Form 1040EZ if all of the following are true:

-Your taxable income is less than $100,000
-Your filing status is “single” or “married filing jointly”
-You claim no dependents
-You (and your spouse, if filing a joint return) were under 65 and not blind
-You have $1,500 or less of taxable interest income


The next easiest to fill out is Form1040A. While you still cannot itemize deductions, you can adjust your income to include IRA contributions, student loan interest deductions, unreimbursed educator expenses, and higher education tuition and fees. You may also claim a whole slew of credits.

You may use Form 1040A if:

-Your taxable income is below $100,000
-You have capital gain distributions
-You claim certain tax credits
-You claim adjustments to income for IRA contributions and student loan interest

Form 1040

Your final option is Form1040. Because you may itemize deductions and claim the most tax credits and adjustments to income, it is more time-consuming to complete than the two others.

Use Form 1040 if:

-Your taxable income is $100,000 or more
-You claim itemized deductions
-You are reporting self-employment income
-You are reporting income from sale of property
-Using the correct form will not only save you money, it will save you time, making life a lot less taxing

Revised January 2016

Practical Financial Planning for Parents-to-Be

Planning for a baby is exciting and sometimes a little frightening for expectant parents, especially first-time parents. The months will fly by and soon you’ll be at home embarking on an adventure along with the newest member of your family. Welcome to the excitement, exhaustion, fascination, bewilderment and love that is parenthood.

Along with the joy and fulfillment that a new baby brings, you’ll have new financial responsibilities. Some costs are unavoidable, while others may largely depend on your discretion. Sticking to a financial plan could help you provide wonderful opportunities and experiences for your child while keeping your family’s costs under control.

Preparing for the cost of birth. Paying down debt, creating a new budget, building an emergency fund, setting up automated personal finance software and reviewing the beneficiaries on your accounts could all be on your pre-birth checklist. You might not have the time or energy for these tasks once you’re a parent.

You’ll also want to review your health insurance policy and get a clear understanding of your coverage during prenatal care, labor and delivery. Affordable Care Act (Obamacare) and Medicaid plans always cover pregnancy and birth, but copays, coinsurance, deductibles and maximum out-of-pocket amounts can vary. You might not be covered at all if you have a grandfathered plan.

You can change to a new Marketplace plan, and add your child, after the birth as you’ll be eligible for a Special Enrollment Period.

Saving money during the first few years. As you adjust to life as a new parent – sleepless nights, bath times and diapers galore – you’ll likely be tempted by a wide range of childcare products. Some are necessary, but there are many ways to save on everyday infant purchases.

Ask at the hospital, research online and check with pediatricians for free childcare samples. They may not last long, but having a stockpile of various sample-size products can come in handy. Also ask about a free breast pump, which you may have a right to with an ACA healthcare plan.

Consumables, such as formula, diapers and wipes, can be bought in bulk at warehouse stores or shipped to you via a subscription from an online retailer. Either option could provide long-term savings compared to buying as you go.

Discuss childcare options. Some families need the income from two working parents, others can choose to stay at their job or become a full-time parent.

Weighing the pros and cons of leaving work can be difficult as you’ll want to consider a variety of ancillary costs and benefits. In the end, the decision may not be entirely financial. You could value extra parent-child time over a second income, even if it means living with a tighter budget. But even if you’re unsure of daycare, you may want to sign-up for local centers’ waitlists now because it can take years to get a spot.

Plan for the worst-case scenario. As a parent, you’re responsible for the wellbeing of your child. Now may be the time to prepare or revise a will and consider appointing a guardian. Also, if you don’t have life insurance, this is a good time to start shopping for a policy. If something happens to you, life insurance can help provide financial support for your child in the coming years.

Whole or permanent life insurance policies will cover you for as long as you pay your premium while term life insurance covers you for a specific period, such as 10 or 20 years. Premiums on term policies may be lower than on whole life insurance, and this could be the better option if you’re only looking for coverage while you support your child.

Bottom line: A new child will bring great joy to your family, and when wants or needs arise, you will want your finances to be in order. Whether you’re early in the planning process or already expecting, it’s never too early to prepare for the cost of raising a child. After all, a new addition to your family is the best gift and the start of an amazing adventure.

by Nathaniel Sillin

Realistic Gmail Login Page Used in Clever Phishing Scam

Hitting the news this week is a story about a Gmail scam that was actually seen by Wordfence and reported on about two months ago. In this one, Gmail users may receive a message with an attachment. It looks like one you already received, but is actually just a thumbnail of that one. However, if it’s clicked a dialogue pops up asking you to enter your login credentials for your Gmail account again.

This one is ridiculously realistic and looks nearly, if not exactly identical to the actual Gmail login page. Even those who are very experienced at detecting phishing have had some difficulty with this one. The only difference is the URL which starts with “data:text/htyml” rather than the typical “https://.”

If you are asked to login again to any account after you already have logged in, especially after you clicked an attachment, eye it with suspicion. Then try following to avoid installing malware or giving someone access to your account that you don’t intend to:

-Click the “X” to close the window and log out of your account and then try again.

-If it doesn’t allow you to click an “X” to close it, shut your browser down and restart it. If it still gives you trouble, restart your computer.

-Change your password just for extra safety. Make sure it’s unique to this account. Do this before doing the next steps.

-Check the other connections to your account in your Google account activity page under My Account > Manage your Google Activity > Personal info & privacy > Connected apps & sites. That will list what other devices are using your account and you can disconnect the ones that are not familiar. Then restart your browser.

-Use multifactor authentication (MFA) that is offered by Google for Gmail. There are several options for this in your Google account settings. The most secure one, and possibly the “wave of the future” in MFA is a secure key. This is a tiny device that is inserted in the USB port of your computer. It authenticates to your Google or other accounts and unless someone has that key, your account will not work. Some keys also work with mobile devices and many other companies are supporting this now including Facebook and Dropbox.

-If none of the available MFA options work for you, take an extra moment to make sure that you see the secure login indicators in the browser when entering sensitive information such as passwords. This is the “lock” icon that usually precedes the address of the site and/or make sure it has “https://” in front of the domain name. It’s no longer a guarantee of a secure site, but it is much more likely to be.

In addition, make sure that if you are not expecting an attachment or link from anyone, verify that it is legitimate before clicking. It is very easy to make an email address appear that it came from someone you know, when it really didn’t. So if you receive something out of the blue, text or call the sender to make sure before clicking it.

In this scam, as soon as a password is entered into the fake login dialogue box, someone logs into the account and the attackers start perusing your messages.

They use documents in them to send icon images in messages to contacts in the address book. This makes it appear that the messages are coming from someone the recipients actually know. A recent study by Avecto found that 68% of survey participants would click links from someone they know without question. That makes a scam like this one likely to be successful. With a little bit of caution, you can help prevent that.

© Copyright 2017 Stickley on Security

New Type of Phishing Attachment Proves No Attachments are Sacred

As if there aren’t enough phishing scams to watch for, there is another one targeting customers of several well-known banks and users of money transfer services. In an email that appears to have been sent by one of the following organizations, an attachment in an email requests users to open it to “verify” accounts, otherwise they will stay frozen.

The organizations used include, Chase Bank, Capital One, and Wells Fargo for online banking and PayPal and Venmo. The email claims that user accounts are frozen because “security alerts” were triggered and the user needs to verify the account to release it. There is an attachment that brings up the phishing page where personal information is requested.


This type of trick has been seen numerous times before. In fact, one targeting PayPal users was going around very recently. However, in most cases the attachments in the email messages that appear are disguised as PDF, EXE, or DOC. This one, however, is an HTML file, proving that, as Jim Stickley of Stickley on Security says, “Literally no type of attachment is guaranteed safe to open these days.”

The obvious message is never click attachments in email, particularly if they are unexpected or come from unknown senders. Always make sure they are not infected with some type of malware before opening. If you cannot be 100% sure, don’t do it.

If you need to verify your account details, log into your accounts directly by going to a previously bookmarked link or by typing in the address you know is the correct and safe one. If all looks well when you do that, you know for certain the email message was trying to phish you and you can pat yourself on the back for not falling victim to it.

The cloud security company that found this scam, Cyren said that this one is particularly common right now. It increased 50% over February in only the first half of March.

© Copyright 2017 Stickley on Security

Personal Finance for Millennials

Many Millennials, who graduated during a time of job scarcity and enormous student debt, are more than a little skittish about financial matters. After all, in addition to their own challenges, many saw their parents’ generation struggle with layoffs, stock market losses, and the housing crisis. Still, there’s a lot that today’s 20-somethings can do to build a brighter financial future.

Commit to Saving
If you’re living paycheck to paycheck, saving may seem out of reach. But the first step is to make a budget, identifying where, exactly, all of your money’s going now and pinpointing the wallet sucks that are keeping you from saving. Make it a goal to save at least 10-15% of your income, and start by creating an emergency fund with 3-6 months of living expenses. If, after seriously scrutinizing your budget, you just don’t see room for saving, at least commit to saving any financial windfalls—like bonuses and tax refunds – and saving future salary increases.

Looking for Supplemental Income
For many young people who are just starting out, the best way to find money to save is to generate additional income with a side job. If your employer doesn’t prohibit it, you might take on a second job during your off-hours or earn extra cash Ubering or pet-sitting. Or, if you’re a crafty sort, you could try selling your wares on a site like Etsy.

Start Investing Early
Once you have a decent emergency fund, you should start thinking about retirement. Yes, retirement! If your employer offers a 401(k) plan, sign up as soon as you’re eligible, because even small amounts set aside while you’re young will add up to a significant nest egg decades from now. And, if your employer offers 401(k) matching funds, be sure to contribute enough of your earnings to max out the match. Otherwise, you’re leaving money on the table.

Manage Your Debt
No discussion of Millennials’ finances would be complete without a word or two about student debt. If you’re carrying a heavy burden in federal loans, you may have options for restructuring your debt to make it more manageable. If your loans are with private lenders, you’ll have less flexibility, but focus first on paying off the loans with the highest interest rates. The same goes for credit card debt. New grads are often bombarded with credit card offers, so it’s easy to get in over your head. If that’s where you are, rip up any new offers and commit to whittling down your debt by refraining from new charges and always paying more than the monthly minimum.

Shape Up Your Credit Score
Being late with payments or, worse yet, defaulting on your credit obligations has a huge and negative impact on your credit score. This may not seem like a big deal if you’re not looking to buy a house or car anytime soon, but it isn’t just lenders who make decisions about you based on your credit score. A poor credit score can cause you to pay higher rates for car insurance in some states. Most landlords and many employers also check credit scores when evaluating candidates.