Cybersecurity Awareness Basics
How to avoid identity theft, frauds, scams and more. Click below for more information.
Read our latest Fraud Newsletter: Citizens Fraud Update Fall 2022
Cybersecurity As An Employee Benefit
Cybersecurity training is not most people’s idea of a good time. However, employees sit up and take notice when trainers talk to them about the prevalence and severity of the cyber threats to themselves personally, including their identities, credit files, financial accounts, personal devices and home networks. Additionally, explaining that their aging parents and children face these same threats never fails to get employees meaningfully engaged. Employers can then translate that personal engagement into an increased awareness and commitment to the cyber security policies and practices that protect the business.
From “NH Business Review” Cameron G. Shiling (9/15/2022)
5 Basic Tech Tips Every Computer User Needs
Every so often, I start to do something on a computer and have to stop myself to say: “That’s not a good idea.” Fortunately, it’s all I need to prevent myself from doing something I shouldn’t that could lead to possible disaster or a least ruin my day. But not every computer user has the understanding or the control to stop themselves from making such a mistake.
From “Tech Republic” Jack Wallen (8/24/2022)
Apathy Is Your Company’s Biggest Cybersecurity Vulnerability – Here’s How To Combat It
Employee apathy, while it may not seem like a major cybersecurity issue, can leave an organization vulnerable to both malicious attacks and accidental data loss. Equipping employees with the tools and knowledge they need to prevent these risks has never been more important to keep organizations safe.
From “Dark Reading” Kim Burton (8/23/2022)
With a little bit of knowledge, you can defeat phishing emails and keep your most important information safe from prying eyes. We’ll teach how to keep your senses sharp to identify dastardly phishing attempts. We’ll also teach you all about multi-factor authentication (MFA), an easy way to add another layer of security to your key accounts – think of it like placing your safe inside a vault.
From “National Cybersecurity Alliance” (8/22/2022)
5 Ways To Mitigate Your New Insider Threats In The Great Resignation
Companies are in the midst of an employee "turnover tsunami" with no signs of a slowdown. According to Fortune Magazine, 40% of the U.S. is considering quitting their jobs. This trend – coined the great resignation - creates instability in organizations. High employee turnover increases security risks, and companies are more vulnerable to attacks from human factors worldwide.
From “The Hacker News” (9/15/2022)
As States Ban Ransom Payments, What Could Possibly Go Wrong?
As ransomware continues to pummel organizations left, right and center, two states have responded by banning certain types of ransom payments, and more look set to soon follow suit. But in the words of one expert, the bans could have "terrible consequences."
From “Bank Info Security” Mathew J. Schwartz (8/29/2022)
Preventing Attacks On Mobile Applications In The Enterprise
It only takes one compromised mobile device for an attacker to access an organization's network. Corporate-owned and BYOD mobile devices are the ultimate target for land-and-expand attacks, where an attack on a mobile device sets the stage for another attack on a back-end system or cloud application. A typical corporate user's mobile device may have business email, a unified communications application such as Slack or Teams, and a Salesforce or other customer relationship management (CRM) client. When attackers compromise such a device, they have full access to the corporate network resources -- as if they're authorized users of the device.
From “Tech Target” Will Kelly (8/25/2022)
CISA warns users to remain on alert for malicious cyber activity targeting potential disaster victims and charitable donors following a hurricane. Fraudulent emails—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with hurricane-related subject lines, attachments, or hyperlinks. In addition, be wary of social media pleas, texts, or door-to-door solicitations relating to severe weather events.
From “Cybersecurity & Infrastructure Security Agency” (9/30/2022)
Using Free Antivirus? Beware Of Companies That Sell Your Data Or Even Plant Malware
There are plenty of free antivirus programs on the market, but protecting your devices takes more than basic defenses. Not only that, but those free antivirus programs could be selling your data or worse.
From “Kim Komando” Kim Komando (9/11/2022)
Cookie Theft Threat: When Multi-factor Authentication Is Not Enough
Cookies associated with authentication to web services can be used by attackers in ‘pass the cookie’ attacks, attempting to masquerade as the legitimate user to whom the cookie was originally issued and gain access to web services without a login challenge.
From “Tech Republic” Cedric Pernet (8/22/2022)
PayPal Phishing Scam Uses Invoices Sent Via PayPal
Scammers are using invoices sent through PayPal.com to trick recipients into calling a number to dispute a pending charge. The missives — which come from Paypal.com and include a link at Paypal.com that displays an invoice for the supposed transaction — state that the user’s account is about to be charged hundreds of dollars. Recipients who call the supplied toll-free number to contest the transaction are soon asked to download software that lets the scammers assume remote control over their computer.
From “Krebs on Security” Brian Krebs (8/18/2022)
Say Hello To Crazy Thin ‘Deep Insert’ ATM Skimmers
A number of financial institutions in and around New York City are dealing with a rash of super-thin “deep insert” skimming devices designed to fit inside the mouth of an ATM’s card acceptance slot. The card skimmers are paired with tiny pinhole cameras that are cleverly disguised as part of the cash machine. Here’s a look at some of the more sophisticated deep insert skimmer technology that fraud investigators have recently found in the wild.
From “Krebs on Security” Brian Krebs (9/14/2022)
The O.MG Elite Cable Is A Scarily Stealthy Hacker Tool
this ordinary-looking cable is, in fact, designed to snoop on the data that passes through it and send commands to whatever phone or computer it’s connected to. And yes, there’s a Wi-Fi access point built into the cable itself. That feature existed in the original cable, but the newest version comes with expanded network capabilities that make it capable of bidirectional communications over the internet — listening for incoming commands from a control server and sending data from whatever device it’s connected to back to the attacker.
From “The Verge” Corin Faife (8/25/2022)
As Prices Rise, Keep An Eye Out For Scammers
Scammers may zero in on your anxiety over money in several ways. They might say they’re from the government and giving away grant money for home repairs or unpaid bills. Or they have an investment that’s guaranteed to deliver quick and high returns. Or they know of a high-paying job that’s yours as soon as you pay a fee or give them your personal information.
From “Federal Trade Commission” Kira Krown (8/19/2022)
If you use a computer or mobile device long enough, sooner or later something will go wrong. You may accidentally delete the wrong files, have a hardware failure, or lose a device. Even worse, malware may infect and wipe or encrypt your files. At times like these, backups are often the only way you can rebuild your digital life.
From “SANS OUCH! Newsletter” Greg Scheidel 9/07/2022)