Cybersecurity Awareness Basics
How to avoid identity theft, frauds, scams and more. Click below for more information.
Scams That Start On Social Media
Scammers are hiding out on social media, using ads and offers to market their scams, according to people’s reports to the FTC and a new Data Spotlight. In the first six months of 2020, people reported losing a record high of almost $117 million to scams that started on social media. People sent money to online sellers that didn’t deliver, to romance scammers, and for phony offers of financial help.
From “Federal Trade Commission” Bridget Small (10/21/2020)
Microsoft Office 365 Accounts A Big Target For Attackers
With more than 258 million active users per month, Microsoft's Office 365 environment — like several other Microsoft technologies — has become a popular target for attackers.
From “Dark Reading” Jai Vijayan (10/15/2020)
Spear-Phishers Leverage Office 365 Ecosystem To Validate Stolen Creds In Real Time
Attached to the message is a bogus payment remittance report that looks like a text file with a title along the lines of "ACH Company Name." Opening that file automatically opens up a look-alike Office 365 sign-on page with the user's email address already pre-entered, with a message that says, "Because you're accessing sensitive info, you need to verify your password."
From “Dark Reading” Ericka Chickowski (9/11/2020)
Phishing Scam Imitates SharePoint & OneNote For Nefarious Clicks
The scams start with an email that is actually from a genuine company – but the company has likely been hacked and email addresses have been compromised. By coming from a ‘genuine’ sender, the scams are more likely to work because the intended victims trust the sender more than they would trust a stranger. The email contains an attachment that asks victims to use SharePoint to access a OneNote file.
From “Security Brief” Newsdesk (9/08/2020)
CISA And MS-ISAC Release Ransomware Guide
The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have released a joint Ransomware Guide that details practices that organizations should continuously engage in to help manage the risk posed by ransomware and other cyber threats. The in-depth guide provides actionable best practices for ransomware prevention as well as a ransomware response checklist that can serve as a ransomware-specific addendum to organization cyber incident response plans.
From “CISA” (9/30/2020)
Deep Dive: Fighting Back Against The Fraud Plaguing P2P Payment Apps
Payment app users also have to take security into their own hands. The first step is often fixing poor password hygiene. A recent study from data analytics firm FICO found that only 37 percent of bank customers use separate passwords for different accounts, for example, while 22 percent use two to five passwords across all their online profiles. This represents a massive security risk as a data breach that compromises a single account could give fraudsters access to any other account using the same password.
From “Pymnts.com” (10/20/2020)
Instagram Bug Allows Account Takeover Attacks, Turns Mobile Devices Into Spying Tools
A critical Instagram bug could allow attackers to convert a mobile device into a spying tool through an Instagram account takeover, according to Check Point researchers. If an Instagram user saved a malicious image and then opened an Instagram app, the bug would be activated, granting the attacker full access to the app and critical features of the device. The Instagram bug originated from a third-party library used in uploading pictures on the Instagram app.
From “CPO Magazine” Alicia Hope (10/12/2020)
Cybersecure My Business Related Links
Here are helpful links from the National Cyber Security Alliance's (NCSA's) sponsors, partners and friends to help you keep your business secure.
From “National Cyber Security Alliance” (10/01/2020)
The FTC Chairman Is Not Writing To You
If you saw an email from FTC Chairman Joseph Simons, it wasn’t. From him, that is. Scammers pretending to be him are emailing, though. They’re trying to trick you into turning over personal information, like your birth date and home address, which could help them scam you. So: if you get an email from the Chairman of the Federal Trade Commission about getting money because of an inheritance or relief funds related to the impact of the COVID-19 pandemic — or anything else — do not respond. Do not give out your personal information. But do hit “delete.”
From “Federal Trade Commission” Karen Hobbs (10/01/2020)
Treasury Department Warns Against Paying Hackers Involved In Ransomware Attacks
The Treasury Department on Thursday issued two adversaries highlighting the dangers of ransomware cyberattacks, and warning against paying ransoms demanded by hackers. “Demand for ransomware payments has increased during the COVID-19 pandemic as cyber actors target online systems that U.S. persons rely on to continue conducting business,” OFAC wrote in its advisory. “Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations.”
From “The Hill” Maggie Miller (10/01/2020)
Microsoft Digital Defense Report
This report makes it clear that threat actors have rapidly increased in sophistication over the past year, using techniques that make them harder to spot and that threaten even the savviest targets.
From “Tech Republic” R. Dallon Adams (9/30/2020)
CISA Releases Telework Essentials Toolkit
The Cybersecurity and Infrastructure Security Agency (CISA) has released the Telework Essentials Toolkit, a comprehensive resource of telework best practices. The Toolkit provides three personalized modules for executive leaders, IT professionals, and teleworkers. Each module outlines distinctive security considerations appropriate for their role.
From “CISA” (9/30/2020)
5 More Things To Know About Ransomware
Ransomware attacks are getting more expensive, which is one reason why you should have an incident response plan. Tom Merritt provides more information about this cybersecurity threat.
From “Tech Republic” Tom Merritt (9/28/2020)
Generally speaking, fake news is a false narrative that is published and promoted as if it were true. Historically, fake news was usually propaganda put out by those in power to create a certain belief or support a certain position, even if it was completely false. Social media has now created an environment where anyone with an agenda can publish falsehoods as if they were truths. People can be paid to post fake news on behalf of someone else or automated programs, often called bots, can publish auto- generated fake news. The motivations as to why people create and distribute fake news are as numerous as there are individual opinions.
From “SANS” Jason Jordaan (10/07/2020)