Cybersecurity Awareness Basics
How to avoid identity theft, frauds, scams and more. Click below for more information.
E-mail spoofing, or the creation of fake e-mails that seem genuine to fool users into actions that benefit an attacker, have nearly doubled from April to May this year…These “spoofed” e-mails regularly appear to come from legitimate organizations, putting not only the targets at risk, but the reputations of those entities whose domain was abused.
From “IT Web” (6/15/2021)
A security culture is a set of beliefs and values ingrained in an organization that result in all employees behaving and operating in a way that promotes cybersecurity. A strong security culture recognizes that security is everyone's job -- not just IT's.
From “Tech Target” Matt Warner (6/08/2021)
If you’re tempted right now to console yourself with the ‘it won’t happen here’ response, I strongly encourage you not to run and hide there. We shouldn’t have to look any further than all of the events from the last 16-18 months to know that just about anything can happen anywhere.
From “Jack Henry FinTalk” Eric Flick (6/01/2021)
A tactic that started toward the end of 2020 and has continued into 2021, is triple extortion, Check Point said. In this scenario, the criminals send ransom demands not only to the attacked organization but to any customers, users or other third parties that would be hurt by the leaked data.
From “Tech Republic” Lance Whitney (5/12/2021)
In simple terms, if organizations wish to avoid the Peltzman effect in information security, they must implement both a risk management framework that will define risk response by considering risk compensation and risk homeostasis theories, and an awareness program that will ensure that users understand the effects of risky behavior.
From “ISACA” Sunil Bakshi (6/09/2021)
CISA has published the Rising Ransomware Threat to OT Assets fact sheet in response to the recent increase in ransomware attacks targeting operational technology (OT) assets and control systems.
From “US-CERT” (6/09/2021)
Due to the majority of the general workforce’s shift to remote work following the onset of the COVID-19 pandemic, the frequency of cyberattacks has dramatically increased by 600%...The extent of an employer’s liability following a data breach that results in the disclosure of employees’ confidential information is a developing area of the law in Florida and the Eleventh Circuit.
From “Credit Union Times” Barron F. Dickinson (6/01/2021)
Pay with a credit card if possible, and never pay with a gift card or prepaid debit card. You can dispute credit card charges, but gift cards and prepaid debit cards can disappear like cash. Once you give the number and PIN to a scammer, the money is gone.
From “Federal Trade Commission” Emily Wu (6/15/2021)
The 2021 version of RockYou contains so many passwords because it tapped into a host of leaked databases from the past, including the Compilation of Many Breaches (COMB), which revealed more than 3.2 billion unique pairs of emails and passwords in clear text. The only bright spot is that many of these passwords may be from inactive accounts or have since been changed.
From “Tech Republic” Lance Whitney (6/09/2021)
The things we do throughout the course of our day give businesses access to information about our habits, tastes, and activities. Some might use it to deliver targeted ads to you, or to give you content based on your location, like stores nearby or the weather forecast. Others might sell or share that information. Whether you use a computer, tablet, or mobile phone to go online, there are things you can do to protect your privacy. Check out ftc.gov/yourprivacy, your guide to protecting your privacy online.
From “Federal Trade Commission” Maneesha Mithal (6/02/2021)
One of the oldest scams around — the fake job interview that seeks only to harvest your personal and financial data — is on the rise, the FBI warns. Here’s the story of a recent LinkedIn impersonation scam that led to more than 100 people getting duped, and one almost-victim who decided the job offer was too-good-to-be-true.
From “Krebs on Security” Brian Krebs (5/21/2021)
Mobile devices, such as tablets, smartphones, and smartwatches, have become one of the primary technologies we use in both our personal and professional lives. What makes these devices so powerful are the thousands of apps we can choose from. These apps enable us to be more productive, communicate and share with others, train and educate, or just have more fun. Here are steps you can take to securely use and make the most of today’s mobile apps.
From “SANS” Domenica Crognale (6/09/2021)
Now that the "spraying and praying" tactic is less useful, bad actors are personalizing attacks. This means deep victim profiling and victim-specific ransom pricing. Criminals now have the ability to infiltrate a network and spend as much time as necessary to search for and identify the highest value assets. The attacker now knows much more about the target, including the number of employees, revenue numbers and the industry. This personalization also allows the attackers to estimate possible ransom amounts for each victim.
From “Tech Republic” Veronica Combs (6/08/2021)
A Russian group that was behind the massive SolarWinds supply chain attack has returned with a fresh phishing campaign, according to Microsoft. This new campaign compromised a marketing firm used by the U.S. Agency for International Development - USAID - to send malicious messages to thousands of potential victims.
From “Bank Info Security” Scott Ferguson (5/28/2021)
Plenty of people willingly abandon a mobile number without considering the potential fallout to their digital identities when those digits invariably get reassigned to someone else. New research shows how fraudsters can abuse wireless provider websites to identify available, recycled mobile numbers that allow password resets at a range of email providers and financial services online.
From “Krebs on Security” Brian Krebs (5/19/2021)
Summer is right around the corner. With things reopening, kids getting out of school, and days lasting longer, this summer promises, we hope, some much-needed relaxation, adventure, and a chance to reconnect with family and friends…we’re kicking off our summer safety series to share some thoughts on ways to make your summer season as enjoyable and safe as possible. Unfortunately, scammers love summer, too, and they’re not taking any time off. So we want you to pack your sunscreen, but leave the SPFs (scams, phonies, and frauds) behind.
From “Federal Trade Commission” Jim Kreidler (6/14/2021)