Cyber Security Tips
Cyber Security Tips
Each and every one of us needs to do our part to make sure that our online lives are kept safe and secure.
Game of thrones Phishing Attack
There is a current email phishing scam going on where you get an official-looking email forwarded by your ISP, which states you have violated HBO copyrights and illegally downloaded Game of Thrones.
The email has a link to a website where they say you can pay the fine. Don’t fall for it. The message was sent by cybercriminals and they would get any money you pay.
In general, it’s a bad idea to illegally download shows and movies for two reasons. First, you are indeed violating copyrights which can turn out to be very expensive when you get sued. Second, the websites promising these downloads are often compromised and infect your computer with all kinds of malware.
If you receive such a notice and want to verify if this is for real or not, contact the real IP-Echelon directly which you can do here:
Remember: Think Before You Click!
The FBI published some very helpful tips to protect yourself online:
- Do not open e-mail or attachments from unknown individuals.
- Monitor your bank account statements regularly, as well and as your credit report at least once a year for any fraudulent activity.
- Do not communicate with the cyber criminals.
- Do not store sensitive or embarrassing photos of yourself online or on your mobile devices.
- Use strong passwords and do not use the same password for multiple websites.
- Never provide personal information of any sort via e-mail. Be aware, many e-mails requesting your personal information appear to be legitimate.
- Ensure security settings for social media accounts are turned on and set at the highest level of protection.
- When providing personally identifiable information, credit card information, or other sensitive information to a website, ensure the transmission is secure by verifying the URL prefix includes https, or the status bar displays a “lock” icon.
One thing that is driving mainstream recognition of ransomware is the move by the Dridex banking Trojan gang into ransomware with their Locky strain. They have taken over from CryptoWall, which from their perspective is just an upstart. Locky was linked to the notorious Dridex gang by both Palo Alto Networks and Proofpoint. The Russian Dridex criminal group is the most prominent operating banking malware.
The Dridex Locky ransomware strain isn’t more sophisticated than other latest generation ransomware, but it is rapidly spreading to victim systems. Forbes claims that the Locky ransomware is infecting approximately 90,000 systems per day and that it typically asks users for 0.5-1 Bitcoin (~420 dollars) to unlock their systems.
Locky is disseminated through phishing emails containing Microsoft Word attachments. Each binary of Locky ransomware is reportedly uniquely hashed; consequently, signature-based detection is basically impossible.
The Dridex gang is the 800-pound gorilla of banking Trojans. Apparently they have seen the profit potential and leveraged their extensive criminal infrastructure to get their Locky strain infecting as many machines as possible. Consequently, financial institutions are likely the next major sector to be actively targeted by ransomware.
Don’t Get Hooked by a Phishing Attempt
Scammers use tricky techniques to lure their victims via email. Know what to look for so you won’t take the bait. read more
Hackers: Bad for Your Healthcare
Your credit card information is still tempting bad-guy bait, but it turns out your health care data can be even more valuable. read more
Should You Use a Password Manager?
Though changes may be on the security horizon, passwords still serve as the primary keys to our online lives. That’s why…read more
Dell Tech Support Service Tag Hack
A number of people using Dell PCs have been contacted by scammers claiming to be Dell Tech Support who actually had specific data that only Dell could have had. We’re talking the customer service tag number, a support number printed on a sticker on every Dell computer. I have used Dell machines for 20 years and am very familiar with that sticker.
This is a variant on the Microsoft tech support scam where they call PC users and claim they have detected a problem with the person’s computer and need to fix it. End-users gullible enough to give access to their workstations (usually via remote software), are billed hundreds of dollars on their credit card but the scammers of course don’t fix anything — and in some cases their PCs are infected with ransomware until they pay up.
Last week, there was a story in Ars Technica where a man said he called Dell about a problem with his optical drive, and soon after he got a call from a scammer who knew about his specific problem and had his service tag number and other customer information.
In October the company posted a warning about this type of telephone scam on its website, but it doesn’t mention a service tag number hack. Dell does not seem to know what exactly is going on and is investigating.
Cyber Security Tip – “Stop. Think. Connect.”
The trend is increasingly toward more online shopping, and that means heightened awareness of cybersecurity issues is of paramount importance. Hackers are continuing their efforts to rip off those who do not take precautions. The Better Business Bureau urges consumers to be vigilant and make every effort to protect themselves online.
Be digitally deliberate
Key to the awareness program that the BBB promotes this time of year is the catchphrase “Stop. Think. Connect.” Because online activity has become so automatic for most consumers, it’s a good idea to remind ourselves that we should slow down our speedy online habits and be more deliberate about our actions in the digital world. We can better protect ourselves from identity theft (and the headaches that come with it) if we take appropriate security measures. Safeguarding our personal information is the goal.
Tips for Web security
Here are some tips for protecting your digital devices from identity thieves during this shopping season:
- Constantly update your devices’ security software. Your operating systems should always stay current with the latest update in order to thwart malware, viruses and other online threats.
- Shred. Every statement and loan or credit-card application that comes in the mail, insurance forms, utility bills – anything that you do not plan to keep – should be shredded. Shred everything with your name and address on it just to be safe.
- Change passwords frequently. Every six months is a good time to make this change, whether or not it is annoying. A breach of your security will be even more annoying.
- Make your password secure. Don’t use words from the dictionary. Combine uppercase and lowercase letters, numbers and symbols. Make it long, strong and unique. Don’t repeat passwords for multiple accounts.
- Never click on links that show up in unsolicited emails, texts or social media posts. They may lead to malware installations on your device.
- Watch out when using public Wi-Fi. They are not secure networks. Reveal personal information only to websites that are fully encrypted. Be sure the site has the “https” prefix in its address.
- Never reveal any personal information to anyone over the phone who calls you. You cannot trust the readout on your Caller ID, as many have technology now to make it read however they wish.
- Carefully read your account statements. Question even the smallest charge that you are unsure of.
- Check your credit report annually. Go to annualcreditreport.com to get a free update. Don’t use the sites that advertise a free report but then ask for credit-card info. They may sign you up for services that aren’t needed.
- Limit what you share online, even in social media. Scammers are watching.
The tricks that online scammers use are almost endless. The treats they hope to get all come from your bank account. Safeguard your identity and keep the crooks away. If you have questions about protecting your cypbersecurity, call the Better Business Bureau or visit the website bbbinc.org.
Top 10 Holiday Scams
As the new holiday cybercrime season rolls in, it’s a good idea to look at the scams of last year, which will be recycled with a few small updates. It’s becoming more important as online shopping increases every year. Here are the Top 10 scams to keep an eye out for this holiday season:
Black Friday Deals
Black Friday and Cyber Monday are the busiest on-line shopping days and the bad guys are out to get rich with your money. Don’t buy anything that seems too good to be true.
Complimentary Apple Watch
Watch out for the too-good-to-be-true coupons that offer complimentary watches, phones, or tablets on sites all over the Internet. Don’t fall for it. Make sure the offers are from a legitimate company.
Watch out for alerts via email or text that you just received a package from FedEx, UPS or the US Mail, and then asks you for some personal information. Don’t enter anything. Think Before You Click.
There is a fake refund scam going on that could come from Amazon, a hotel, or a retail chain. It claims there was a “wrong transaction” and wants you to “click for refund” but instead, your device will be infected with malware.
The Grinch E-Card Greetings
Happy Holidays. Your email has an attachment that looks like an e-greeting card, pretty pictures and all. You think that this must be from a friend. Nope. Malicious e-cards are sent by the millions, and especially at the office, never open these things as they might infect your workstation.
The Fake Gift Card Trick
Internet crooks promote a fake gift card through social media but what they really are after is your information, which they then sell to other cyber criminals who use it for identity theft. Here is an example: A Facebook scam offering a complimentary 1,000 dollar Best Buy gift card to the first 20,000 people who sign up for a Best Buy fan page, which is a malicious copy of the original.
The Charity Tricksters
The holidays are traditionally the time for giving. It’s also the time that cyber criminals try to pry money out of people that mean well. But making donations to the wrong site could mean you are funding cybercrime or even terrorism. So, watch out for any communications from charities that ask for your contribution, (phone, email, text, and tweets) and make sure they are legit. It’s a good idea to contact the charity to make sure the request did in fact come from them. It is safest to only donate to charities you already know, and refuse all the rest.
You tweet about a holiday gift you are trying to find, and you get a direct message (DM) from another twitter user offering to sell you one. Stop – Look – Think, because this could very well be a sophisticated scam. If you do not know that person, be very careful before you continue and never pay up front.
The Extra Holiday-Money Fraud
People always need some extra money during this season, so cyber fraudsters are offering work-from-home scams. The most innocent of these make you fill out a form where you give out confidential information like your Social Security number which will get your identity stolen. The worst of them offer you work where you launder money from a cyberheist which can get you into major trouble.
The Evil Wi-Fi Twin
If you bring your laptop/tablet/smartphone to the mall to scout for gifts and check if you get it cheaper somewhere online. But the bad guys are there too, shopping for your credit card number. They put out a Wi-Fi signal that looks just like a complimentary one you always use. Choose the wrong Wi-Fi and the hacker now sits in the middle and steals your credit card data while you buy online. When you use a Wi-Fi connection in a public place, it is better not to use your credit card.
National Cyber Security Awareness Month – October
October is National Cyber Security Awareness Month!
Protect Yourself with these STOP. THINK. CONNECT. Tips:
- When in doubt, throw it out: Links in email, tweets, posts, and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it’s best to delete or, if appropriate, mark it as junk email.
- Think before you act: Be wary of communications that implores you to act immediately, offers something that sounds too good to be true, or asks for personal information.
- Secure your accounts: Ask for protection beyond passwords. Many account providers now offer additional ways for you verify who you are before you conduct business on that site.
- Make passwords long and strong: Combine capital and lowercase letters with numbers and symbols to create a more secure password.
- Unique account, unique password: Separate passwords for every account helps to thwart cybercriminals