The greatest faux-news site on the Internet has just gone where many real news sites have gone before: Syria.

Still, this begs the question: how does this continue to happen?

Spear-Phishing

You’re probably familiar with the concept of phishing. A site sends you a fake email, usually in the form of a security warning, and asks you to enter your username and password. As awareness of phishing email scams spread, hackers had to take it one step further.

According to Slate, the AP hack originated from an email that appeared to be from an actual AP staffer, had the subject line “News”, and had a link that appeared to go to the Washington Post’s WordViews blog. Apparently, it didn’t. That email was sent out to many, many AP employees. Someone clicked the link. Chaos ensued.

We don’t know if that’s exactly what happed with The Onion, but it’s a fair guess. These new forms of phishing, that utilize personalized information and fake senders with familiar names, are a lot easier to fall for when one is rushing through a busy news (or faux-news) day.

Two-Factor Authentication

We’re still waiting on the obvious solution. We recently discussed two-factor authentication and how it can help you keep your email and cloud storage accounts secure. Google, Microsoft, DropBox, and many other popular services all offer it.

Twitter doesn’t. That’s why, in our humble opinion, Twitter is so frequently hacked. Whether the hackers use phishing or brute force tactics to obtain your password, the problem is that there is no second layer of security.

With Google’s two-factor authentication, after you enter your password on an unfamiliar computer or device, it either texts you a numeric code or you can use a smartphone app to get one. This requires access to your phone — something nearly all hackers lack. Plus, if you are logging in from the same computer repeatedly, such as the office PC, you can choose to “remember” that computer so that two-factor only annoys those on unfamiliar devices.

It’s been long-rumored that Twitter has this feature in the pipeline. It can’t come soon enough.

Related Resources:

  • WordPress Sites Targeted by Hackers; Strong Password Myths (FindLaw’s Technologist)
  • Samsung’s ‘Knox’ Smartphone Security Delayed; Worth the Wait? (FindLaw’s Technologist)
  • King and Spalding Does Right IT Thing, Blocks Personal Email (FindLaw’s Technologist)

You Don’t Have To Solve This on Your Own – Get a Lawyer’s Help

Civil Rights

Block on Trump’s Asylum Ban Upheld by Supreme Court

Criminal

Judges Can Release Secret Grand Jury Records

Politicians Can’t Block Voters on Facebook, Court Rules