Cybersecurity Awareness Basics
How to avoid identity theft, frauds, scams and more. Click below for more information.
The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. But one increasingly brazen group of crooks is taking your standard phishing attack to the next level, marketing a voice phishing service that uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from employees.
From “Krebs on Security” Brian Krebs (8/19/2020)
With so many of us now working from home, you are most likely finding yourself remotely connecting with your co-workers using virtual conferencing solutions like Zoom, Slack, or Microsoft Teams. Your family members - perhaps even your children – may also be using these same technologies to connect with friends or for remote learning. Regardless of why you are connecting, here are key steps you can take to make the most of these technologies safely and securely.
From “SANS” Lodrina Cherne (8/05/2020)
Phishing is the top digital fraud scheme worldwide related to the COVID-19 pandemic, TransUnion reveals. “From the impacts of phishing and other well documented COVID-19 scams like unemployment fraud, it’s clear that fraudsters have the data and increasing opportunities to create synthetic identities and utilize stolen identities,” said Shai Cohen, senior vice president of Global Fraud & Identity Solutions at TransUnion.
From “Help Net Security” (7/24/2020)
Hackers will begin by sending low-level employees emails that look trustworthy, but might include links directing them to a scam website that asks them to input their username and password. Once they have access to that employee's account, they can use it to send trustworthy-seeming emails to others in the company.
From “Business Insider” Aaron Holmes (7/18/2020)
Each attack is preceded by an email sent to the victim explaining it will be hit with a DDoS attack if the ransom is not paid by a preset date. If the victim declines to pay the attackers by that time, a five-bitcoin per day penalty is applied until the deadline is reached. At that point an attack is launched.
From “Bank Info Security” Doug Olenick (8/18/2020)
The continuing rollout of the fifth generation of mobile networks and technologies, known collectively as 5G, is set to radically transform the business world. Incredible new speeds, dramatically reduced latency and fresh swathes of bandwidth will allow real-time connectivity on a whole new scale. Smart cities, autonomous vehicles and augmented reality present amazing opportunities, so it’s no surprise that investment in 5G technologies from governments and businesses is enormous and growing. Amid the excitement of all this technological promise, significant new dangers are being overlooked.
From “Forbes” Steve Durbin (8/11/2020)
Scammers may pose as census takers to get your personal information — and then use it to commit identity theft and other frauds. But there are ways you can identify official census takers. The Census Bureau will never ask for your full Social Security number, bank account or credit card numbers, money or donations, or anything on behalf of a political party. The 2020 Census will not ask citizenship status.
From “Federal Trade Commission” Colleen Tressler (8/19/2020)
Never pay up front for mortgage help. In fact, it’s illegal for companies to charge you before they help you with your mortgage — but that doesn’t stop scammers from trying. If you find yourself behind on your mortgage, talk with your mortgage servicer right away to see what options you have. And whether you own or rent, it’s worth talking with a legal services organization if you feel like things are taking a hard turn south toward foreclosure or eviction.
From “Federal Trade Commission” Jennifer Leach (8/11/2020)
A greater number of Netflix phishing scams are circulating the internet than ever before, thanks to a dramatic increase during lockdown. Analysis of the entire lockdown period (March-July 2020) uncovered a 646% increase in the number of phishing URLs targeting Netflix users, compared with the same period in 2019.
From “Tech Radar” Joel Khalili (8/10/2020)
The last thing struggling small business owners need right now is to have money unlawfully taken from their pockets. According to a complaint filed today by the FTC, that’s exactly what a company that offered financing to small business did to its customers.
From “Federal Trade Commission” Rosario Méndez (8/03/2020)
While multifactor authentication is still a security best practice, there have been recent attack vectors that circumvent the mitigation controls it provides and prove once again that no security solution is 100% effective.
From “Forbes” Jeff Hughes (8/21/2020)
Because this phishing scam closely spoofs the SBA email address and loan application, it could prove difficult to detect that it's fraudulent. Those who receive an email about a loan application should call the SBA to check its legitimacy.
From “Bank Info Security” Prajeet Nair (8/10/2020)
If a victim clicks on a crafted link -- potentially sent personally through the app or posted on a public forum -- PII, profile data, user characteristics -- such as those submitted when profiles are created -- preferences, email addresses, IDs, and authentication tokens could all be compromised and exfiltrated to the attacker's command-and-control server (C2).
From “ZDNet” Charlie Osborne (7/29/2020)
The first half of 2020 saw malware decline 24% globally, but IoT attacks and ransomware are up, with the US seeing a staggering 109% rise in ransomware, according to new data from the security company SonicWall. In the first six months, global malware attacks fell 24%, to 3.2 billion from 4.8 billion in the year-earlier period, according to SonicWall's midyear threat report. The drop is the continuation of a downward trend that began last November, the company said.
From “Tech Republic” Esther Shein (7/23/2020)
Ransomware-wielding attackers are increasingly doing much more than just crypto-locking systems with malware and demanding a payoff in return for the promise of a decryption tool.
From “Bank Info Security” Mathew J. Schwartz (7/29/2020)