banner image

Protecting Your Privacy

January 24, 2024 by Paul Byrne

good practices

4 Easy Things You Can Do To Protect Your Privacy in 2024

A few months ago, I listened to a podcast by Jack Rhysider, whose amazing podcast, Darknet Diaries, chronicles the exploits of both criminals and white hat hackers. In this particular episode, he discusses a scam where a hacker pretends to be a vendor for a company. They social engineer the accountant to get them to change the payment information for invoices.

The podcast describes a successful hack against Facebook and Google who were billed for hundreds of millions of dollars. Even after listening, never did I think a company our size would not be subject to this kind of hack. Yet, lo and behold, less than two weeks ago, my accountant received an email appearing to be from me, asking for a list of our vendors and their contact information. Unfortunately, she put together a spreadsheet and responded to the email with said information.

Darknet Diaries logo
Vector art showing a cartoon burglar with a happy mask sitting at a computer doing crimes.

For the hacker, this was the first step of the process. We discovered the ruse when, in a weekly meeting, she mentioned the email and the spreadsheet. We examined the email. It was cleverly put together. The email was crafted to look like a legitimate request from me in conversation with a lawyer. We were being targeted with the same scam I had just heard about from Jack’s podcast!

Screenshot of a scam Phishing email

The following steps were taken to protect my accounts after hackers unsuccessfully attempted to open a loan account in my name:

  1. Purged (deleted) my accounts from old websites
  2. Reset all of my passwords
  3. Set up two-factor authentication on accounts I wanted to keep
  4. Deleted saved credit cards on non-subscription accounts

In theory, step 4 will make online shopping a bit tedious. However, I’d prefer to use PayPal or Apple Pay in case the merchant does not use the same level of vaulting and safety Razoyo uses.

When going through this process, I found that not all companies make it possible to delete your account. For your reading pleasure, here are some that I found:

Websites that wouldn’t let me delete my account:

  • Zappos
  • Apptha - Magento extension developer
  • Fusion Connect - BirchConnect
  • BrainVire - ecomextension
  • FME Extensions
  • LoopNet / CoStar
  • IKEA
  • Magemart
  • MagePlaza
  • State of Minnesota

Accounts that were not immediately deleted:

  • Uprinting

Websites and accounts without a 2-factor authentication option:

  • Monopirce
  • Apptha
  • Fusion Connect - BirchConnect
  • BrainVire - ecomextension
  • FME Extensions - Magento Extensions
  • IKEA
  • LoopNet
  • Magemart
  • MagePlaza
  • State of Minnesota

Accounts with a weak 2-factor authentication implementation (i.e., only based on SMS, no authenticator option):

  • Walmart

If there’s a chance your site could be vulnerable or is currently under attack, contact us and we will be more than happy to provide you with a FREE consultation.

Subscribe to our newsletter for regular community updates, case studies, and more.