As readers of this blog know, VPNs are a great way to protect your privacy and security. But they address only some of the online threats we all face every day. Another important class of problems are caused by attacks that lead to accounts being taken over, identities being appropriated, data theft and financial losses. A number of recent articles on the topic in the tech press remind us that even today, when most experienced online users are well aware of the issue, it is still possible for their credentials to be swiped. That might be by dropping your defenses for a second, and logging into a phishing site, or as a result of security lapses by others. Here, for example, is John Biggs, writing on TechCrunch:
At about 9pm on Tuesday, August 22 a hacker swapped his or her own SIM card with mine, presumably by calling T-Mobile. This, in turn, shut off network services to my phone and, moments later, allowed the hacker to change most of my Gmail passwords, my Facebook password, and text on my behalf. All of the two-factor notifications went, by default, to my phone number so I received none of them and in about two minutes I was locked out of my digital life.
Information from the accounts was used to cook up a ridiculous story about Biggs needing 10 Bitcoins immediately, or else an Ohio hospital would switch off his sick father’s life-support system, causing him to die. The friends of Biggs in the cryptocurrency community that were contacted by the phisher were not fooled by this, and led him or her a merry dance.
Although no money was transferred, the incident shows how a compromised system can have knock-on effects in terms of losing control of other services that