Cybersecurity Awareness Basics
How to avoid identity theft, frauds, scams and more. Click below for more information.
The Fed has defined synthetic ID fraud as "the use of a combination of personally identifiable information to fabricate a person or entity in order to commit a dishonest act for personal or financial gain."
From “Bank Info Security” Suparna Goswami (4/14/2021)
At this moment, one of the scams being perpetrated in the U.S. is a “smishing” scam, where the fraudster is texting customers as the fraud or digital department of your institution. They tell the customer that they’re securing their products and will be receiving a push notification from the online banking system. Unbeknownst to the customer, the fraudster has their username and password already. The fraudster then tries to sign into the online platform and is stopped by the multi-factor authentication and the code notification then goes directly to the customer.
From “Jack Henry FinTalk” Rene Perez (4/08/2021)
Some of the top ransomware gangs are deploying a new pressure tactic to push more victim organizations into paying an extortion demand: Emailing the victim’s customers and partners directly, warning that their data will be leaked to the dark web unless they can convince the victim firm to pay up.
From “Krebs on Security” Brain Krebs (4/05/2021)
It's important to know the attacker and the tools in their arsenal before you can fight back. To this end, we've compiled a list of five attack vectors commonly used by cybercriminals to exploit your system vulnerabilities.
From “Make Use Of” Fawad Ali (3/24/2021)
To help software vendors and customers defend against these attacks, CISA and the National Institute for Standards and Technology (NIST) have released Defending Against Software Supply Chain Attacks. This new interagency resource provides an overview of software supply chain risks and recommendations. The publication also provides guidance on using NIST’s Cyber Supply Chain Risk Management (C-SCRM) framework and the Secure Software Development Framework (SSDF) to identify, assess, and mitigate risks.
From “US-CERT” (4/26/2021)
Ultimately, organizations should consider DDoS to be a normal part of their risk posture and plan to include protections as part of the core security measures in place.
From “Tech Republic” Brandon Vigliarolo (4/14/2021)
What sets spear-phishing and whaling apart from their more generic, down-market siblings is the focused nature of the attacks. While spear-phishing involves going after specific types of targets, often by organizational affiliation, whaling involves going after specific targets (usually substantial and presumably wealthy) by position, identity or name.
From “Forbes” Perry Carpenter (3/25/2021)
Don’t give your own or your deceased loved one’s personal or financial information to anyone who contacts you out of the blue. Anyone who does that and asks for that information is a scammer.
From “Federal Trade Commission” Seena Gressin (4/13/2021)
You want to know that the information on your report is accurate. And if it’s wrong, you want to make sure someone didn’t steal your identity.
From “Federal Trade Commission” Emily Wu (4/08/2021)
The website asks for personal information, including your name, Social Security number (SSN), date of birth, prior year’s annual gross income (AGI), driver’s license number, address, and electronic filing PIN. Scammers can use or sell this information for identity theft.
From “Federal Trade Commission” Ari Lazarus (4/05/2021)
Things don’t get much worse than having to admit to your employees that a gang of cybercriminals have broken into your infrastructure, stolen the private details (social security numbers, names and home addresses) of your staff, and are demanding that your company pays a ransom before further sensitive data is leaked. Well, actually they do.
From “Hot For Security” Graham Cluley (3/25/2021)
In this instance, the customized HTML logo appears in a phony fax notification. Displaying the logo with SharePoint branding, the email contains a link for the alleged notification that says: "Preview or Download Here." Clicking the link briefly takes the user to the China UNICEF site and then redirects to a legitimate web development tool site called CodeSandbox where malware is installed on the computer. The fake table and logo combined with redirects to legitimate sites can trick people into taking the bait.
From “Tech Republic” Lance Whitney (4/28/2021)
Wray noted that some type of mandatory breach notification law to encourage the private sector to report cyberattacks would help to “further strengthen the glue between the private sector and the intelligence community and the rest of the government,” which he said would be “the key ingredient to any long-term solution.”
From “The Hill” Maggie Miller (4/14/2021)
Employees are increasingly using their own devices and accounts to work from home - largely because it's easier to do so. Yet this rise in 'shadow IT' puts corporate security at risk.
From “Tech Republic” Owen Hughes (3/31/2021)
Cybercriminals are using a variety of methods to harvest data and turn it against corporations in order to reroute bank transfers, steal paychecks, and perform other nefarious actions. None of them are new, unique or surprising, but they are tricky and can be hard to defend against.
From “Tech Republic” Brandon Vigliarolo (3/29/2021)
“Fraudsters can always find identities to buy on the dark web, but they’re now gaining identities through phishing attacks because of COVID. Then, they’re turning around and using stolen credentials at financial institutions – opening credit cards, and going off and buying things,” Gaddis said. “Fraudsters are so good of taking advantage of what’s going on in the world.”
From “Credit Union Times” Natasha Chilingerian (3/25/2021)
There are many different definitions of “privacy.” We are going to focus on personal privacy, protecting the information about you that others collect. In today's digital world, you would be astounded at all the different entities that not only collect information about you, but who then legally share or sell that information. Each time you browse or purchase something online; stream a video; buy groceries; search the web; visit your doctor; or use an app on your smartphone, smart TV, or other home devices, information about you is being collected. This information can be used to sell you goods or services, decide your interest rates for loans, or determine the type of medical care you get or the jobs you are eligible for. Additionally, if this information falls into the wrong hands, it can be used by cyber attackers to target and attack you.
From “SANS” Kenton Smith (4/07/2021)