Cybersecurity Awareness Basics
How to avoid identity theft, frauds, scams and more. Click below for more information.
Wildfires raging out West. The hurricane season. Civil unrest. And all of this happening during a global pandemic that has claimed its own devastating share of deaths and cost people their livelihoods. In response to these events, the season of giving is starting even before the usual holidays, since we all just want to help where and as we can. But shameless scammers want to help themselves to your money. And they’re competing with legitimate charities, taking advantage of your generosity. So, as you open your heart and wallet to help people and causes, be sure to consider these tips for safe giving.
From “Federal Trade Commission” Lisa Lake (9/17/2020)
It’s a common practice to include a lot of details in our email signatures. Often, we include the complete office address, phone number with the extension, mobile numbers, company website, Twitter and LinkedIn profiles, and a host of other information in our email signatures. Little do we realize that these details are generally of no use to the recipient of the email, but of immense use to cyber criminals.
From “Data Quest” Dqindia Online (9/14/2020)
More than eight in 10 adults (83%) said they have been concerned about having their identity stolen, and the level of distress over this crime occurring has increased for nearly one-third of them (32%) in 2020, the survey of 2,108 U.S. adults, conducted by the public sector business of TransUnion on Aug. 11, found.
From “Credit Union Times” Natasha Chilingerian (9/10/2020)
There is also an onus on individual account owners to change their online account details or even deactivate their accounts if they plan to drop or switching phone numbers, said Rogers. This is also potentially an important lesson for businesses, which sometimes provision and re-provision corporate-owned mobile devices to multiple employees who may go on to use those devices to register for online accounts.
From “SC Media” Bradley Barth (9/16/2020)
Perhaps the biggest challenge to the last quarter of 2020, and the planning process for 2021, is the desire to simply surrender and assume that any activities and strategic planning you perform will be quickly abandoned based on emerging circumstances outside your control. It's an understandable impulse to throw your hands in the air and assume events will dictate your actions rather than attempting to plan, but this is fatalism rather than leadership. Rather than looking at planning as an exercise that could be rendered futile, look at the remaining weeks of 2020 as an opportunity to solidify the advancements you've made, and incorporate them into a flexible, compelling plan for 2021.
From “Tech Republic” Patrick Gray (9/10/2020)
QR codes are going through a renaissance today. All businesses are focusing on how they can protect employees, customers and suppliers during the pandemic by adopting touchless transactions and services to provide a safer, more streamlined buying experience. Fraudsters are quick to capitalize on the opportunity QR codes’ soaring popularity present too. Combining social engineering with QR codes that can be created in a second, fraudsters are using them to open victims’ bank accounts and drain it within seconds, install malware, penetrate entire corporate networks and more.
From “Forbes” Louis Columbus (9/20/2020)
Some believe hackers are aggressively targeting smaller firms because they believe SMBs lack adequate resources and enterprise-grade security tools, making them easier prey than larger businesses. A new report from Cisco, however, challenges this assumption. SMBs have made significant strides enhancing their security protocols and are closing the gap with their bigger counterparts. The report notes 87 percent of SMB business owners rank security a top priority, and more than 99 percent have a dedicated resource focusing on security.
From “The Hacker News” The Hacker News Editorial Team (9/07/2020)
Cybersquatting is a type of fraud in which a minor change is made in a domain name to confuse a consumer into believing they are visiting a legitimate website. The goal of these attacks is to extract login credentials or payment card data from their victims.
From “Bank Info Security” Doug Olenick (9/04/2020)
“Actors first began using unattributed Voice over Internet Protocol (VoIP) numbers to call targeted employees on their personal cellphones, and later began incorporating spoofed numbers of other offices and employees in the victim company. The actors used social engineering techniques and, in some cases, posed as members of the victim company’s IT help desk, using their knowledge of the employee’s personally identifiable information—including name, position, duration at company, and home address—to gain the trust of the targeted employee.”
From “Krebs on Security” Brian Krebs (8/20/2020)
Once you click, they can trick you into giving personal information — letting scammers steal your passwords, account numbers, or Social Security numbers. Clicking these links could also let scammers download malware onto your device.
From “Federal Trade Commission” Ari Lazarus (9/21/2020)
The Securities and Exchange Commission’s exam division is warning about an increase in cyberattacks against advisors and financial institutions. These involve “credential stuffing,” in which bad actors target client accounts via compromised client login credentials and can result in loss of customer assets and unauthorized disclosure of personal information.
From “Credit Union Times” Melanie Waddell (9/16/2020)
While data breaches and ransomware get the spotlight, BEC attacks tend to be considered second-tier security issues. The unfortunate truth is that companies are seriously affected by BEC attacks, especially since they don’t require the technical knowledge needed for some of the more complex ransomware incidents.
From “Security Boulevard” Silviu Stahie (9/04/2020)
Have you seen a message on WhatsApp or Facebook offering you free help during the pandemic? People have reported seeing messages that seem to be from Pepsi, Walmart, Whole Foods, Target, and other big-name brands. These messages all offer money to people who need it — through grants, coupons for food support, or other giveaways. But they’re all fake, and not from those companies at all.
From “Federal Trade Commission” Diana Shiller (8/28/2020)
A new SMS-based phishing (“smishing”) campaign is using the United States Postal Service (USPS) as a disguise to target mobile users.
From “Trip Wire” David Bisson (9/16/2020)