Factors to Consider When Choosing Accounts Payable Services Providers.pptx
What you need to know about all the breaches v1.0
1. With all the breaches
What YOU need to know
Michael Gough – Co-Founder
MalwareArchaeology.com
IMFSecurity.com
LOG-MD.com
2. Who am I
• Blue Team Defender Ninja, Incident Responders, Malware
Archaeologist
• I help people recover from breaches, evaluate malware
• Co-Creator of “Log-MD” – The Log and Malicious Discovery Tool
Podcast - “Brakeing Down Incident Response”
LOG-MD.com
3. Where to find me
• Twitter - @HackerHurricane
• Blog – HackerHurricane.com
• Website
– MalwareArchaeology.com
• Windows Incident Response Tool
– LOG-MD.com
LOG-MD.com
5. You’re Next
97,000 76 Mil + 8 Mil
1000+ Businesses395 Stores
4.5 Million
25,000
4.9 Million
4.03 Million
105k trans
40 Million
40+70 Million
$148 Mil
33 locations
650k - 2010
??????
76,000
670,000
1900 locations
145 Million
20,000
3 Million
35,000
60,000 alerts
990,000
56 Mil
550,000
TBD
Citigroup, E*Trade Financial Corp.,
Regions Financial Crop, HSBC
Holdings and ADP
??????
11. Debit Cards
• They are a REALLY bad idea these days
• With fraud so high, your checking account is at
risk
• Remember the movie ‘Catch me if you can’?
LOG-MD.com
12. Debit Cards
• Use it at ONE place and ONE place only !!!
– The Grocery Store
• You can pay for food AND get cash, so it is an
ATM too
• Use the SAME chain when traveling
• Then if it gets compromised you know
EXACTLY where
LOG-MD.com
13. Credit Cards
• They are insured
• No risk to you
• 30 days or so until you have to pay your bill
• Debit Cards are taken directly out of your
checking account
• It is always better to use someone else's $$$
before yours
LOG-MD.com
14. Shredding
• People do not do enough of this
• It is cheap and easy
• Shred your stuff
• Even Frank says so
• Don’t throw away
mail, shred it !
LOG-MD.com
16. Credit Monitoring
• It let’s you know something has occurred
• Usually way too late for you to do anything
about it
• 10 days was my experience when I unfroze my
credit to buy our property here in Salado
• We already closed the deal before I was
notified
• It is NOT worth the money… unless FREE
LOG-MD.com
17. Credit Freeze – Your BEST Friend
• There are FIVE (5) agencies
– Bet you thought there were only 3
• Equifax
• Experian
• Trans Union
• Innovis
• NCTUE (Telco’s) – Serviced by Equifax
LOG-MD.com
18. How to Place a Freeze
• Equifax
– https://help.equifax.com/s/article/What-are-the-security-
freeze-fees-in-my-state
• Experian
– https://www.experian.com/freeze/center.html
• Trans Union
– https://www.transunion.com/credit-freeze
• Innovis
– https://www.innovis.com/personal/securityFreeze
• NCTUE
– 1-866-349-5355
LOG-MD.com
19. Credit Freeze
• Security researcher and author Brian Krebs
does more research on this subject than
anyone
• https://krebsonsecurity.com/2015/06/how-i-
learned-to-stop-worrying-and-embrace-the-
security-freeze/
• You can see articles on ATM skimmers and
other credit card fraud
LOG-MD.com
20. Credit Offers
• Placing a security alert at ChexSystems, which
is used by thousands of banks to verify
customers that are requesting new checking
and savings accounts. In addition, consumers
can opt out of pre-approved credit offers by
calling 1-888-5-OPT-OUT (1-888-567-8688), or
visit optoutprescreen.com
LOG-MD.com
21. Salary History
• How to Opt Out of Equifax Revealing Your Salary
History
• To place a security freeze on your The Work Number
employment report, send
your request via mail to:
• TALX Corporation
ATTN: Employment Data Report Dept 19-10
11432 Lackland Road
St. Louis, Missouri 63146
• Or, you may contact them at
http://www.theworknumber.com
• or call 800-996-7566.
LOG-MD.com
22. RoboCalls
• They are annoying
• Your Cell provider offers a service for around
$3/mo.
• There are apps for your phone too, also
around $3/mo.
• It is about all you can do until Congress
changes the law
– So send them an email and/or call them
LOG-MD.com
23. Email.. Is EVIL
• Please learn NOT to open attachments
• Or click on Links/URLs in emails
LOG-MD.com
24. Passwords
• Use a Password Manager
• LastPass is my favorite
• DON’T REUSE PASSWORDS
• Different for every website
LOG-MD.com
25. Two-Factor - MFA
• Anywhere you can USE IT !!!
• It is an App on your phone that provides an
expiring token every minute that you enter in
websites or applications that support it
• Even if you password is stolen, if you are using
2-Factor then they would need your phone to
get the tokens
• Google Authenticator for LastPass is awesome
LOG-MD.com
26. Questions
• You can find us on the Twitters
– @HackerHurricane
– @Boettcherpwned
• LOG-MD.com
• MalwareArchaeology.com
• Preso will be on SlideShare and linked on
MalwareArchaeology.com
• Listen to the BDIR PodCast to hear more on email phishing
– BDIRPodcast.com
LOG-MD.com