Cybersecurity Awareness Basics
How to avoid identity theft, frauds, scams and more. Click below for more information.
Read our latest Fraud Newsletter: Citizens Fraud Update, Spring 2024
July is Military Consumer Month, so we’re deploying advice you can use. No matter what stage of military life you’re going through, you could encounter an imposter scam: someone pretending to be your bank’s fraud department, the government, a relative in distress, a well-known business, or a technical support expert. Want to protect yourself and the people you care about? Let the FTC help.
Nacha's Payments Innovation Alliance, a membership program bringing together diverse global stakeholders seeking to transform the payments industry, has published the Security Incident Response Procedure Guide for Companies. This free tool provides procedures and actions to take when a company reasonably suspects a security incident or breach involving personal or other proprietary data has occurred. (Nacha, 2024)
Microsoft Patches Zero-Day Active Since 2023
Microsoft's July Patch Tuesday included security updates for 142 flaws, including two actively exploited zero-days, one of which hackers may have exploited as early as January 2023.
That flaw, tracked as CVE-2024-38112, allowed hackers to send a Windows Internet Shortcut file that would open Internet Explorer to visit a malicious website. Researchers from Check Point who discovered the flaw said attackers "could do many bad things because IE is insecure and outdated." Microsoft long ago deprecated its former flagship browser but can't quite seem to fully shake it off, much to the delight of hackers. (More, 2024)
Massive AT&T Hack Exposed ‘Nearly All’ Customer Phone Numbers
AT&T disclosed on July 12 that data from “nearly all” of its customers from May 1, 2022 to October 31, 2022 and on January 2, 2023 was exfiltrated to a third-party platform in April 2024. Customers whose data was exposed will be informed. AT&T said the access point through which the cyberattack was conducted has been secured, and the data is no longer available. (Crouse, 2024)