#they set up a fake phishing email and monitored the number of people who clicked on the links | Explore Tumblr Posts and Blogs

marleahsblogs · 3 years

Text

✨ Internet Safety ✨

For our generation today, the internet is probably the safest place to be in. People can be whoever they want, express whatever they want, and enjoy themselves however they want. I must admit, I would also say that I couldn’t live without the internet. Internet is just the solution to every problem, right? Now, we can even earn money in the comfort of our rooms with the help of the internet. Should we spend hours travelling just to buy stuff? Nah, we got the internet! With just several clicks we can already make an order and just wait on our couch to receive it. Oh no, COVID-19 ruled the world! No worries, we are backed up by the internet. Online classes, online transactions, online dating. You name it. The internet is there for us, or is it? Is it our safe haven?

We have put so much trust in the internet, but we didn’t know it can also be our biggest predator. Online transactions were fun until you got scammed and lost all your money. Online dating them feel loved until the person they were talking to is a catfish. Streaming online made him famous and rich, until his account got hacked. And there are still millions of stories out there that should awake us from believing that the internet is the safest thing in the world.

Below are some possible dangers you could encounter online.

1. Cyberbullying

I’m sure many of you have heard of this. But even though we are fully aware of it, it is still one of the major problems until now. As we casually scroll in our social media feeds, it is already normal for us to see people making fun of or “bashing” other people. It became so prevalent that we could call it a normal thing. According to UNICEF (2019), one in three young people has said that they have been a victim of cyberbullying and that it affected almost half of the Filipino children aged 13-17. We need to know that even a single word like “tanga” or “bobo” we see in our social media platforms and online gaming worlds could affect or traumatize us greatly.

2. Data Being Stolen

Some people nowadays are getting better at doing this. They can steal your money from your accounts, apply for a loan or credit card using your name, or sell your information to an online criminal as well. The hidden website is packed with criminals who purchase and sell stolen personal data. If your data is stolen, you can experience spam attacks. But most of these data thefts try to steal sensitive information, such as your credit card or personal information to commit identity theft.

3. Exposure to Inappropriate Material

Another risk especially for children and teenagers are exposure to inappropriate materials that are sexual, hateful, or violent. The chance and probability for children to look at anything inappropriate rely on how much they do online as they get more active online at a younger age. Whether it's a free-time graphic pop-up commercial, children's cartoon characters in adult circumstances or a self-harm forum, an innocent search might expose these children to contents that make them feel puzzled and angry. Some of the inappropriate content includes pornographic material, content containing swearing, sites that encourage racism, violence, terrorism, or even suicide, sexism sites, or gambling sites, and so on.

Based on my own experiences, here are some tips I would like to share to you to look after your privacy and secure your internet safety:

1. Keep your software up-to-date

Not only will you get a better program experience, but you will also be able to iron out your security issues. But the reason why you must keep it updated is that hackers are fast enough to become aware of certain software’s vulnerabilities, thus could harm your computer system and personal data. If you avoid doing these updates, you are bound to face persistent bugs, data loss, malware infection, and of course security issues.

2. Update your passwords

Why do we need to constantly change our passwords? So that we can reduce the risk of other people having access to our accounts, thus corrupt our personal data. Using strong passwords is necessary for us to prove our identity in our accounts, websites, or our computer itself (Wright, 2021). My tip in creating passwords is random characters with a symbol, number, and at least one capital letter. The reason for this is that using weak passwords, such as patterns of letters and numbers, or simply your name and some important date you know can cause hackers to guess and open your account, hence impersonate you to commit fraud and other crimes.

3. Use two-factor authorization

Familiar with this term? Yes, a two-factor authorization (2FA) is an extra step to keep your accounts more secure and avoid getting hacked by others. One of the most common 2FA methods is one-time codes sent through SMS or email, authenticator apps such as Google Authenticator, and security keys such as U2F tokens (Drozhzhin, 2018). This one for me is the best 2FA authorization because only your private key will confirm your login. If someone will try to log in to your account with the wrong security key, they will not be granted access to your account. So, there you go. A series of two-factor authorizations that will secure your accounts the best way possible. You’re welcome!

4. Be careful what you click on

Have you heard of phishers? They are attackers that send a fraudulent message designed to trick and victimize us into revealing sensitive information to them. As scary as it sounds, we need to be aware of what we click on to avoid experiencing this. Phishing is usually done in an email when they get your email address from somewhere. These phishers try to create a fake website to trick you into typing in your personal information. It’s much easier for them to hack our accounts this way. To avoid this, you can check the URL’s legitimacy by using the Google Transparency Report or simply avoid suspicious emails which require your personal information. Think before you click!

5. Back-up your data

Data back-up and recovery has many advantages. Some of these are protecting and saving your data, provides ease of management, ensures accurate information of your data, quick access to data, scalability, and such (Becker, 2021). There are many other ways to back up your data, but here’s a simple way to manually back up your data in your phone is to open your phone’s settings app, tap system and click backup or search backup in your settings app, then tap back-up now. It’s that simple.

6. Set up notifications for your most important bank accounts

As online bank account holders, it is our responsibility to making sure our accounts are protected. Online accounts are one of the easy targets of hackers to whisk away our money with just a couple of keystrokes. To safeguard our online banking, we may choose an industrial-standard security bank or credit union that utilizes text or e-mail warnings avoids the use of public Wi-Fi access and periodically changes your password.

7. Protect your personal information

This might be difficult for those who like to express themselves on social media, but we must protect our personal identity to avoid any sort of online threats. To protect our identity, we must limit the amount of personal information we share or provide. We shouldn't share or provide this information online: exact home address, your place and schedules of classes or work, birthday, cellphone number, and most importantly our passwords or account information. Another tip is to write down in a small notebook all your passwords and keep them safe in a secure place away from your computer.

8. Use parental controls and stay present

With the pandemic going on right now, parents should be extra careful of what their children see and hear about themselves and who they encounter on the internet. To protect your children from internet risks, talk to them frequently, utilize tools to safeguard them and watch out for their work. Monitor the time of your child, especially the younger ones, about when and how long they stay online. Keep your computer at a central location in your house, where it's easy to watch what your children do and look at online. You may configure them for mobile devices to forget Wi-Fi passcodes for your kids not to go online without knowledge. Review privacy and location settings, parental control and use secure browsers, apps, search engines and YouTube search settings. Lastly, limit camera and video to prevent your children from accidentally taking photos or videos of themselves or others.

The internet does not usually hurt us unless we react to suspect material and websites. The first reason you don't know what you're doing is because of internet damage. Secondly, you may react or click on links such as appealing advertisements, infected software and communications when you have other forces. To ensure internet safety, just remember those tips above and these three things: secure your network, be responsible, and make the internet child-safe.

References:

Becker, D. (2021). 6 Advantages of Data Backup and Recovery. IT Central Station. Retrieved from https://www.itcentralstation.com/articles/6-advantages-of-data-backup-and-recovery

Drozhzhin, A. (2018). SMS-based two-factor authentication is not safe — consider these alternative 2FA methods instead. Kaspersky Daily. Retrieved from https://www.kaspersky.com/blog/2fa-practical-guide/24219/

Wright, J. (2021). Why Is it Important to Change Your Password? Small Business Chron. Retrieved from https://smallbusiness.chron.com/

Online bullying remains prevalent in the Philippines, other countries (2019). Unicef Philippines. Retrieved from https://www.unicef.org/philippines/press-releases/online-bullying-remains-prevalent-philippines-other-countries

25 Best Internet Safety Tips for Every Situation (2021). The Neeva Team. Retrieved from https://neeva.com/learn/25-best-internet-safety-tips-for-every-situation

3 notes · View notes

cybersecurityinfo · 3 years

Text

How 3 Billion Phishing Emails Can Be Stopped?

When security researchers report on cyber statistics, they ending up being scary rather than informative. A recent statistic about email security was recently published which can have a similar effect: cyber criminals send over 3 billion phishing emails daily from spoofed email addresses. Phishing links are everywhere. Emails that look like they came from a legitimate source, but are in fact a scam. This article explains 3 ways you can stay safe when surfing the internet and avoid getting scammed. Phishing emails have been around since the early days of the internet and spammers have always been keen to get their hands on sensitive information. But with the rapid growth of the internet and the use of computers by more and more people, the problem has become far worse. There are now more than 3 billion emails sent through email every day and more than 500 million of those are destined for spam shelves. But how do you recognize phishing emails?

A Basic Overview of These Phishing Emails

These phishing attempts are carried out by spoofing (disguising) the sender’s email address in the ‘from’ field in messages, and cloaking it under a valid, trusted email address. In this way, hackers get their victims to open fraudulent emails by making them falsely believe they are reading an email from a valid person / organization that they know and trust. Emails are sent in the name of a trusted brand prone to sending newsletters (like Forbes) or sending notifications through email (like Amazon’s delivery system). Hacking is an international problem. Hacking victims come from many countries and nationalities. However, the true number of victims is much larger than reported. According to a report by the cyber security company Symantec, there were over 800 million email accounts hacked in 2016, and that number is expected to grow to 1.8 billion by 2019. Phishing is a form of cyber-attacks that attempt to exploit weaknesses in webmail and other online systems to steal sensitive information.

Hackers can take advantage of these weaknesses to send out spam emails designed to trick recipients into revealing sensitive information. Phishing attacks are very common, and for good reason. They can be used to take control of banking accounts and personal finances if users are not careful. Hackers can also use phishing to spread malware between devices, making it harder to protect against threats. Fortunately, there are ways to combat phishing attacks and generate a false sense of security on your online activity. Below are three tips on how you can increase your safety while protecting yourself from hackers trying to take advantage of you? Phishing scams have become so common that they are almost boring. That's why they have become such successful marketing tactics; convincing individuals that they need to click on a link in an email or download a file when in reality they should be wary.

Social engineers, hackers who obtain private information for financial gain, have been around for years. But in recent years, there has been an increase in the sophistication and efficiency of their scams. Phishing emails come in all shapes and sizes. They can be legitimate, but often they are ruses designed to exploit human emotions. When you open a phishing email, there is a chance you could be taken to a fake website that directs you to an actual website that could steal your sensitive and personal information. If you have ever received an email with a link or attachment that appears to be from a trusted source, but is actually a scam my business pitch or an impersonation of someone trusted, you can imagine how devastating this can be. These phishing emails somehow get you to react emotionally, forgetting all warning bells and cautions. That’s why so many phishing emails still work, even after numerous methods and signatures of phishing attempts get exposed through security blogs and seminars.

According to an email security company, phishing emails consist of 1% of the overall email traffic.

DMARC – Stop Phishing Emails Once and For All

Email spoofing can happen when an email address is used but the domain name (also known as a web hosting provider or web site) is not. Spoofing can also happen when an email address is entered in the address bar and the browser tries to access a web page that isn’t there. This technique can be used to send out mass emails with forged domain names or to steal banking information. It can also be used to obtain personal information from employees of companies and government agencies. If you have ever received an email from someone purporting to be from Google, but it has a different look and feel to an actual Google email, then you can guarantee that it was probably spoofed.

DMARC is an initiative of the Digital Marketing Association (DMA), an industry group made up of more than 90 leading companies in the supply chain. It is implemented at the application, navigation and domain level to stop phishing scams. Phishing scams originate from many sources: government agencies, corporations, hackers. All share one goal: to fraudulently obtain sensitive data from you or your business. While there are many scams out there, most are dependent on the availability of data and connections in order to replicate. By implementing basic email security practices along with minimizing interactions on unknown networks, you can drastically reduce your chances of falling victim to such scams. Domain Management Advanced Trading (DMARC) is a set of enterprise-grade authentication mechanisms designed to fight spam and other spoofing attacks. Although DMARC is primarily designed to help protect corporate networks from malicious actors attempting to spoof email addresses, it can also be used by individual web site owners to prevent phishing scams targeting their site visitors.

Email is the worst form of communication. It is unreliable, it is wasteful of time, and it is easily lead to phishing scams and other security breaches. DMARC, or Domain-based Message Authentication, is a secure alternative to email which uses cryptographic technology to verify the identity of the author of an email message. It requires your cooperation and cooperation alone to establish a secure channel of communication. By implementing this security measure in your DMARC policy, you can stop anyone from spoofing your email address and impersonating you in communications over email, social networks, etc. If you are looking for a security vendor who can help you with DMARC implementation, look no further. Emailauth DMARC Monitor can help make your domain a No Phishing Zone. You can buy DMARC from our online platform.

Source :-https://atozcybersecurity.blogspot.com/2021/09/how-3-billion-phishing-emails-can-be.html

#dmarc #dkim #spf

0 notes

toyinvb4 · 3 years

Text

All Notes NDPR. IMPLEMENTATION FRAMEWORK ENHANCING DATA SECURITY. Note 1 NDPR. IMPLEMENTATION FRAMEWORK ENHANCING DATA SECURITY. IMPROVING DATA SECURITY TIPS. Be farmiliarised with the company's IT rules. Extra care should be taken when taking data offsite Information should be shared only 'on a need to know' basis. Documents classification should be understood and checked properly. The password rules should be followed. INCREASING DATA SECURITY IN A COMPUTER SYSTEM. The data itself should be protected. Attention should be paid to insider threat. All devices should be encrypted. Redundant data are deleted. More money and time should be spent on cyber security. Strong passwords are established. Security should be fraged. Programme are updated regularly. PASSWORD PROTECTION. It is a security protection. The password protects the information accessible to the computer. The information is protected from certain users. Access can be gained to certain information by only those with an authorised password. DATA ENCRYPTION. Use an encryption algorithm and an encryption key. It results in an ciphertext that is viewable in an original form if decrypted with an original key. The same key for encrypting and decrypting a message or rule is used by symmetric key ciphers. PROTECTING DATA. Software updated are applied. Passwords should be protected. Lockscreen notification should be disabled. Apps should be locked. Your browsing should be kept to yourself. Data should be encrypted Back up. TYPES OF DATA SECURITY. Authentication. Control should be accessed. Back ups and recovery. Encryption. Masking data. Tolerisation Deletions and erasures. KEEPING THE DATA SAFE AND SECURE. The data should be backed up. Strong passwords are used. Care should be taken when working remotely. You should be wary of suspicious emails. Antivirus and malware protection should be installed. Paperwork or laptops should not be left unattended. Ensure the WiFi you use is secure. SECURING THE HOME COMPUTER. Firewall should be used. All software should be kept up to date. Antivirus software should be used and kept current. Ensure your password are well chosen and protected. Suspicious attachments or unusual links should not be opened or checked. Web should be browsed safely. You should stay away as much as possible for pirated material. Protecting Hardware Drive Data. You should have regular backup. Defrag periodically. Check disk should be run at least once a week. Scan disk should be run at least once a week. A regular diagnostic should be run. Protecting your Privacy Online. Stay safe online to protect you and your loved ones. Protect yourself. Protect your loved ones. Protect your identity. Protect your personal information. The above points can be protected against risk or theft. Do not share personal information such as Address Phone number Social media. Configure your privacy settings to ensure who sees your post. Keeping Data Safe by the Company. Encrypted hard drives. USBs Phone . Data encrypted. Antihacking Software Reason core security Anti hacker Trojan remover Enhance mitigation experience toolkit. Windows defender Advanced Threat Protection. Note 2 NDPR. IMPLEMENTATION FRAMEWORK ENHANCING DATA SECURITY. Implementation of Data Security. Security Aspects. Privacy . Authentication Identification Trust Verification. Types of Security Controls. Management security Operational security Physical security. Components of Information Security. Confidentiality Integrity Availability . Possession Authenticity Types of Security Attacks. Denial of services attacks Distributed denial of services attacks Man in the middle attacks. Phishing attacks. Spear phishing attacks. Drive by attacks. Password attacks. Cross site scripting attacks. Eavsdropping. Security Principles. Confidentiality . Authentication Non reputation . Access control Availability 5 CS

of Cyber Security. Change Compliance Cost Continuity Coverage. . Types of IT Security Network security Internet security . Endpoint security . Cloud security Application security. The Components of Organisational Security Policy Security policies Standard policies Guidelines Procedures. Steps in Operation Security. Identification of critical information Threat analysis Vulnerabilities analysis. Risk assessment. Appropriate counter measures application. Components of Information System Computer hardware Computer software Network Human resources. Securing Windows. Bitloader should be enabled. A local login account should be used. Controlled folder access should be enabled. Windows Hello should be turned on. Windows defender is enabled. Admin account should not be used. Windows 10 should be kept updated automatically. Preventing Spyware . Trusted antivirus software with anti spyware features should be used. Suspicious looking email attachments should be downloaded. Online popups should not be clicked. .. Links from unknown numbers in text messaging should not be opened. In messaging apps, you should avoid chatting with strangers. Encryption Problems. Systems can not be encrypted. Encryption can't be audited. A fake sense of security is given by encryption. Encryption does not have the power to work against insider threat. Biggest threat in cyberspace is data integrity Work of encryption is not proved Risks to Data Security Data tampering. Eavsdropping and data threat. User identities falsification. Related threats from passwords. Tables and columns with unauthorised access. Data flows with unauthorised access. The lack of accountability. User management requirements corrupted. Note 3 NDPR. IMPLEMENTATION FRAMEWORK ENHANCING DATA SECURITY. Framework Types Linear automation Modular based testing Library architect testing Data driven Hybrid testing. Privacy Framework Functions Identify Govern Control Communicate Project. .. Cobit Principles. Meeting the needs of shareholders End to end covering of enterprise An application of a single integrated framework. Holistic approach is enabled. Cobit Framework Systems audit and control association. SACA An information management and information governance technology or IT Enterprises are helped to assure information in accuracy for business support decision. Strategic goals are achieved by using IT assistance. Framework Components Vision Mission Time frame Objectives. Elements of Framework . Carbon Oxygen Hydrogen Framework Examples Process inputs Manage hardware device . System software interaction. Components of Security Framework. Business objectives. Approach used in achieving goals Management of achievement and report. Target on forecast and improvement to define success. Types of Network Attacks. Malware Phishing Man in the middle Denial of service attacks. SQL injection DNS tunneling. Note 4 NDPR. IMPLEMENTATION FRAMEWORK ENHANCING DATA SECURITY. Security Pillars Confidentiality Integrity Authentication Authorisation Availability. Implementing Cyber Security Strategies. The current state of the security environment should be accessed. Networks should be monitored. You should collaborate with colleagues and stakeholders. Security measures and controls should be gotten. Dynamic security culture should be created. Have a budget review Transparency Implementing Information Security Policy. Risks are identified. You should learn from others Ensure the conformation of policy to legal requirements. Security level equals level of risk. Staff includes in policy development. Employees should be trained. Put everything in writing. Clear penalties are set and enforced. Security Strategies A cyber security culture is created Your infrastructure should be tested. Update antivirus software regularly. . Strong passwords are recorded. Your browser is secured.

Router default security settings are changed. Critical data are backed up frequently. Phishing attacks are guarded against. Elements of National Security Sociopolitical stability. Territorial integrity Economic solidarity. Public safety Law and order. Social justice. Security Principles Notice Chance Integrity Access Enforcement. The other Security Policies. Awareness Constant Participation. Security Redress. Cyber Pillars. People Infrastructure Procedure. Principles of Information Technology. Confidentiality Privacy . Quality. Availability Trustworthiness Integrity. Best Cyber Security Strategy Physical access to computer and network components are controlled. Your WiFi networks are secured. Each employee's individual user account are secured. Employee access to data and information are limited The authority to install software is limited. . Change the passwords regularly. Posts of Threat Detection. Strategic Operational Tactical. Pillars of Internet Security . People Processes Technology. Network Pillars Remote office connectivity Design Implementation. Principles of Fundamental Security. Layer Limit Diversity Obscurity Simplicity. Design Principles Contrast . Balance Emphasis Proportion Hierarchy Repetition Rhythm Pattern White space Movement Variety Unity Implementation Principles Evaluation Training Definition Farmiliarity References. Life Principles Moment living Nurture family and friends Healthy Be there for others Develop Principles of Logo Design . Simple Memorable Timeless Versatile Approach. System Types Closed system Open system Isolated system Graphic Principles Balance Alignment Hierarchy Contrast Rhythm Proximity Color and space. Types of Design Implementation Design architecture Design entry Logic synthesis

0 notes

marylin562312-blog · 4 years

Text

It's Nonetheless Okay To Eat Chocolate! The List Of Do's And Don'ts When Pregnant

In numerous ways it is verified that the most advantageous way is to purchase a second hand car, only if you pick an apposite 1 to fit your purpose. A used automotive can prove to be a truly intelligent expense if you carry out complete study and choose a car as per your objective. It not only reduces the expenditure but also helps you steer clear of downgrading because if a car reaches a definite age its value does not reduce any longer, while, the moment you purchase a new automotive and drive it off the dealership great deal; its worth will drop correct absent. Put an offer on the back again of your company card to get individuals to sign up for your newsletter. For If you liked this short article and you would certainly like to obtain additional info pertaining to GSA SER verified Site list kindly go to our own web-site. example, "visit my website com to obtain twenty Leading Tips for Outsourcing to a Virtual Assistant". When they land on your page, ask for their e-mail address in purchase to receive the totally free report. Attending trade exhibits is not only a totally free magic formula it is also a fantastic chance exactly where you can get product developments preview and connect with producers and talk about the opportunity of promoting their products on eBay. Make GSA verified list certain to bring your business playing cards and be ready for conversations! Another way you can develop your list utilizing forums is through ad swaps. Probabilities are there are other individuals on the forum attempting to develop their choose in list. If what the member is providing is some thing your list would be intrigued in, method the marketer about trading mailings. You won't usually get a sure, but you have to ask. Most people will be prepared to assist you, especially if the size of your list is similar to theirs. Yahoo Site Explorer is an additional useful, free tool. It allows you to monitor the number pages inside a area that are indexed by SLURP. SLURP is Yahoo's search engine crawler. Yahoo Site Explorer analyzes relevant inbound links information. You can also export the GSA verified list results. 82. Also, ask customers to signal up for your publication advisably following the payment is processed. After the payment is via, and purchasers are looking at the "Thank you for your purchase" screen- it is the ideal moment to get them to sign up. 32. Be conscious of figures and numbers over a week, month, quarter or year. Some of them are revenue, number of orders, buying cart abandonment price, average order value (Revenue/Orders) etc. Also scrutinize Top 10 exit pages and top five opening webpages to your on-line shop. Video marketing is similar to article advertising because they both market goods. Several sites allow users to publish their movies. These sites also offer a space for your links and you could post relevant movies and create a link from your video to the item or to your own site. Then they could subscribe on your site and permit you to develop your B2B list for your B2B e-mail marketing company. The link that you send people for optin is the URL for the optin file that you loaded into Dropbox. You should mask this link using a link shortener like bitly or small.cc or else individuals will see that you are utilizing community Dropbox information which they could accessibility straight. Before you know it, other individuals that share your passion and interest (in your topic region) will discover your blog, see your amazing freebie offer and feel the uncontrollable urge to subscribe to your publication. In addition there are hundreds of people who publish e-zines and they are usually looking for beneficial content, an additional purpose why your articles ought to exude high quality information. These e-zines are circulated by way of their web site and also directly to their email GSA verified list so your article will get broader circulation. Welcome to the world of viral e-marketing. A entire lot of distribution that occurs with out you getting to provide the effort. Spam is a typical way people get lured into online phishing fraud. Phishing fraud happens when a scammer sends a spam e-mail that pretends to be from your financial institution, credit card business, eBay, PayPal, etc. The link requires you to a phony web site that appears just like the genuine web site. When you click on on the link to the fake web site and try to log in to your genuine account, the scammers have software program set up to immediately collect your log in name and password. As quickly as you do, they use your info to log in to your genuine account and do their harm. Beliefs do shape our thinking and actions/behaviors. Numerous of the beliefs we hold in our mind are self- GSA verified list limiting and will hold us back again till we try new types instead. However, your self-restricting thoughts will initially cause you resist the new patterns of thinking. Craigslist is a totally free classified open up to just about anyone who feels like posting an ad. Up until now it has been one of the easiest classified websites to publish on. What utilized to be easy has now turn out to be complicated in the never-ending battle against spam.

0 notes

andypanda27 · 4 years

Text

COVID-19 Scams On The Rise: How To Protect You And Your Loved Ones

Author: Alice Rodriguez, financial health executive with JPMorgan Chase & Co. Millions of people fall victim to fraud each year and scammers pocket other people’s money by preying on fear, embarrassment and confusion. Between January 1, 2020 and April 15, 2020, the Federal Trade Commission (FTC) received 18,235 reports with Americans losing a combined $13.44 million related to COVID-19 fraud. The top complaint categories were fraud attempts related to travel, vacations, online shopping and even fake vaccinations. To help protect you and your loved ones, there are a variety of online resources like these (hyperlinked) from AARP Foundation in collaboration with Chase to help older adults learn how to spot fraudulent activity, prevent scams and gain confidence with financial technology. The more skilled we become at spotting fraud, the better our defenses. As social distancing continues to be recommended, more of us are using mobile apps, including financial technology, for daily activities. Banking online may be new to some, and that is why taking a safety-first approach is important for tackling everyday tasks while safeguarding your information. Here are a few tips to help protect you and your loved ones from financial fraud during this time, as well as in the future: Don’t Give Out Personal Information Scammers often present themselves as someone trustworthy, like a charity representative or government official. If you’re getting calls, emails or texts, keep in mind that the government will never call you out of the blue to ask for your personal information or money. Trustworthy organizations will never threaten you or force you into immediate action. Furthermore, financial institutions will never ask for confidential information such as your name, password, PIN and other account information when they reach out to you. If someone you don’t know requests personal information over the phone, hang up. Look up the phone number online and call to see if you can independently confirm where the call is originating from. You also can use your phone features to block them from reaching you in the future. If you believe you have been contacted by scammers, report them. It only takes a few minutes to file a complaint with the FTC. You can also help protect yourself against potential phone scammers by signing up for The National Do Not Call Registry. Check the Language Used While “stimulus check” has been a commonly used term surrounding COVID-19 government relief checks, according to the IRS, its official term is “economic impact payment.” If you get a message referring to the “stimulus check” or “stimulus payment” it is a clear sign that the message is a scam. Always trust your instincts, if something doesn’t feel quite right, or too good to be true, it is likely to be a scam. Set Alerts Take advantage of accessible tools that can help you detect fraud and manage your account. For example, Chase offers 24-hour fraud monitoring with alerts for customers. Transaction alerts can help you protect your account. By setting up an alert every time there is a withdrawal from your savings or checking account, you are given a notification about your account activity and can confirm that the charge came from you. Not only will these alerts help you to spot financial fraud, but they will also help you better manage your finances and keep track of your spending habits Be Wary of Phishing Fraud The Justice Department has shut down hundreds of suspicious websites (many with terms such as “Coronavirus” and “COVID19” in the domain name) that are promising vaccines and other aid. These sites are often pretending to represent government agencies or humanitarian organizations and once you click on those malicious domains, you’ll likely start to receive phishing emails from fraudsters in an attempt to collect your personal information. Be careful when you are browsing the web for information about COVID-19. Official information on vaccines and other forms of aid will come from a trustworthy source such as the U.S. Centers for Disease Control and Prevention (CDC) or the World Health Organization (WHO). Make sure you are going to the legitimate CDC and WHO websites with a “.gov” or “.int” address. Scams Targeting Your Social Security Benefits Despite local Social Security Administration (SSA) office closures in many areas, the SSA will not stop or decrease Social Security benefit payments due to the current pandemic. Scammers may mislead people into thinking they need to provide personal information or pay by gift card, wire transfer, internet currency or by mailing cash, to maintain regular benefit payments during this time. Keep in mind that any communication on the SSA suspending or decreasing your benefits due to the pandemic is a scam, regardless of whether you receive the message by text, letter, email or phone call. While consumers are always subjected to potential fraud, we need to be on particularly high alert during the pandemic. Also, if you think you have fallen victim to a scam, never be embarrassed to report it or look for help. Always remember, if something doesn’t feel right to you, trust your gut! Read the full article

0 notes

holytheoristtastemaker · 4 years

Quote

The Interpol has issued a purple notice to alert police forces around the world of ransomware attacks against hospitals and other healthcare institutions The Interpol has warned of a significant increase in the number of attempted ransomware attacks against hospitals and other healthcare institutions on the front lines of the fight against the Covid-19 pandemic. At this point, the ransomware appears to be spreading primarily via emails – often falsely claiming to contain information or advice regarding the coronavirus from a government agency, which encourages the recipient to click on an infected link or attachment. To support global efforts against this critical danger, the Interpol has issued a purple notice alerting police in all its 194 member countries to the heightened ransomware threat. The Interpol’s cyber crime threat response team at its Cyber Fusion Centre is also monitoring all cyber threats related to Covid-19, working closely with cyber security companies to gather information and provide support to organisations targeted by ransomware. Meanwhile, it is assisting police with investigations into ransomware cases in affected member countries, providing first-hand technical support to help safeguard critical medical infrastructure and analysing cyber crime threat data to help law enforcement agencies mitigate the risks. Additionally, it is collecting a list of suspicious internet domains related to Covid-19 and undertaking further analysis and evaluation, and will work with the relevant countries to take action. “As hospitals and medical organisations around the world are working non-stop to preserve the well-being of individuals stricken with the coronavirus, they have become targets for ruthless cyber criminals who are looking to make a profit at the expense of sick patients,” said Interpol secretary-general Jürgen Stock. All criminals will now realise that they have to be part of cyber crime and that means cyber crime, which wasn’t industrialised before the current situation, will be institutionalised after this is over Serguei Beloussov, Acronis “Locking hospitals out of their critical systems will not only delay the swift medical response required during these unprecedented times, it could directly lead to deaths. Interpol continues to stand by its member countries and provide any assistance necessary to ensure our vital healthcare systems remain untouched and the criminals targeting them held accountable,” he added. The Interpol said prevention and mitigation efforts are key to stopping further attacks, particularly for frontline organisations like hospitals which are facing the highest risk. In an interview with Computer Weekly, Acronis CEO Serguei Beloussov said besides phishing and ransomware attacks, the company’s global network of cyber protection operations centres has detected a rise in the number of cryptomining attacks on unattended machines in business facilities that are mostly empty as more workers work from home. “There have been a lot of requests to create new cryptominers and ransomware on the dark web because people are only protected against the old threats,” he said. “Just like us, criminals need to make money and their businesses are challenged right now by the outbreak.” “All criminals will now realise that they have to be part of cyber crime and that means cyber crime, which wasn’t industrialised before the current situation, will be institutionalised after this is over,” he added. In Australia, the number of phishing attacks has been “greatly increasing”, Karl Hanmore, acting head of the Australian Cyber Security Centre told ABC Radio Sydney on 27 March 2020. “If we look at cyber crime activity more broadly, not just this Covid-inspired set of scams, but what the normal sort of harm to the community is looking like, we’re getting people self-reporting about 145 cyber crime incidents to us a day and their self-reported losses are in the order of just under A$1 million a day. “Now, certainly we’re seeing some upticks now in the Covid space and it’s most likely the same cyber criminals just trying to go about their normal day job of stealing from us all,” Hanmore said, adding that instead of capitalising on a topical media story, criminals are now all coalescing behind Covid-19. In Singapore, cyber criminals had sent out a phishing email purportedly from Singapore prime minister Lee Hsien Loong that provided an update on the Covid-19 situation and encouraged people to respond with their contributions and thoughts to the situation. The World Health Organisation (WHO) was also reportedly targeted by an advanced persistent threat group which set up a fake website spoofing the WHO’s internal email domain to steal credentials.

http://damianfallon.blogspot.com/2020/04/interpol-warns-of-more-ransomware.html

#SEO #Local SEO training

0 notes

i-globalone · 4 years

Quote

Common sense and a careful backup plan are just a couple of the ways to be prepared for online and traditional dangers during the season. Even if you’ve barely drawn breath since Black Friday and Cyber Monday deals filled your inboxes, you’re not out of the shopping woods just yet. More about cybersecurityThe holidays are only days away; although the days never come soon enough for those under 10, the average adult is lamenting how quickly the need for even more shopping looms ominously above. SEE: 10 ways to raise your users’ cybersecurity IQ (free PDF)Pretty on the outside onlyNo matter how anxious or stressed you’re feeling, the first big bit of advice is a sensible one. Do not be swayed by the great marketing ads that populate your social media pages. The ads may look good, but never click and buy without doing your due diligence. Beware of clicking on links delivered to your email“During the holiday season, a phishing attempt may come via an email with a link to a fake website built to steal your personal information,” said Chris Duvall, senior director at The Chertoff Group. “Exercise caution in refraining from clicking on such links and downloading files from unknown sources—also beware of emails or websites with typos and grammatical mistakes, which are common characteristics of phishing attempts,” he added. Look up the name of the company proposing to sell you some coveted item and see what kind of feedback they’ve gotten from review pages. Read the lowest (one) star first, so that you have an idea of what might be going on. Granted, it may seem, in general, like the first ones to complain and dole out a bad review are written by those for whom criticism is a daily thing. But if you continue to read, you’ll get a sense of mutuality. For example, if you’re looking to get a shower radio, and the majority of the one—and two-star reviews state that the volume control knob comes off too easily, then that’s probably what’s wrong with it. The same can be said for ads touting great bargains. Be sure to read the fine print. Assess website securityDuvall advised: “Look for the padlock symbol in the address bar, or a URL that begins with ‘https’ as opposed to ‘http,’ with the ‘s’ standing for ‘secure.’ Some browsers will even indicate whether it’s safe for you to give out your credit card information by showing you a green address bar, while unprotected ones will be red.” Be skeptical of suspiciously low prices“While big sales are a holiday trademark, if a price seems ‘too good to be true,’ then it probably is,” Duvall said. “Compare prices for the same items on other websites. If the price is drastically lower, then it is probably a scam designed to acquire your information.” Deals can be diceyThe holidays are defined by gift-giving, whether for genuine sentiment or obligation, and you may be eager to jump on the deals. Monique Becenti, product and channel specialist with the website security company Sitelock, says proceed with caution. “With the great deals available, shoppers may be tempted to click on third-party links offering coupons or promotions,” Becenti said. “A shopping holiday means there is vast opportunity for cybercriminals to try to steal shopper information through spoofed sites, malicious coupon code links and phishy marketing campaigns.” Be on the lookout for fake shopping apps“Hundreds of fake retail apps designed to steal your credit card information are popping up in Apple’s App Store and Google Play,” Duvall warned. “Make sure to download the legitimate version of retail apps by downloading it directly from a store’s website, or by thoroughly checking user reviews if downloading from an app store.” Prioritize shopping at trusted sites and do your researchDuvall said: “On the internet, some websites are created by people just wanting to steal your information. To avoid this pitfall, shop at retailers you are familiar with and have used before. If you want to purchase an item from an unfamiliar retailer, do some research first. “Consider checking out the company’s social media following, customer reviews, its record at the Better Business Bureau, and even contact the business directly. When buying from online marketplaces like eBay, thoroughly review the seller’s reputation, assess the item description carefully, read comments, and even ask the seller direct questions before buying.” Never use that ‘other’ cardWhile you may have the best intentions, such as avoiding using your credit card too much, don’t use your debit card, either. Yes, when you want to return an item to a company like Target or Old Navy or Nordstrom, having a card number, credit or debit, in their “system,” makes it much easier when you don’t have a receipt, as they can look you up through your card. That’s a convenience for those who lose their receipts easily and pay in cash, but it’s a convenience you could and should do without. With debit cards, while regulated by the Electronic Fund Transfer Act, it’s easier for fraudsters to hack your account. You also are subject to more liability. If you report an issue with your debit card within two business days, your liability is only $50, but after two days, leaps to $500. Credit card liability is limited to $50. And, if a bartender or hotelier wants to ensure you have the funds to pay them, your debit coin may be on hold, whereas with credit cards, it is instantaneous. Debit cards are also not beneficial to travelers, you won’t get points or credits, and lastly, they won’t help you rack up rewards. Use your debit card for what it’s best and intended for: the ATM and cash withdrawals. Handling a hackingIf you’re unlucky enough to be hacked, Becenti said, there are steps to take. “Affected consumers should start by changing usernames and passwords for any connected accounts. If you can implement two-factor authentication, do so.” “For website owners keen on avoiding a similar fate, enacting security plugins that will monitor your site for suspicious activity, ensuring your website software is always up to date, and utilizing parameterized queries are all key steps to take to keep your data secure,” she added. “It’s also important for businesses to evaluate the cybersecurity practices of their partners.” The key to being cybersafe is to not shop rashly, take time to not only ensure you’re getting the best deal, but to give yourself time to do even the most minimal of searching for the company online, never use your debit card, and on-ground, be sure your card has been returned to you by the cashiers. Here are 7 tips1. Don’t rush and don’t let “time-sensitive” sites bully you into buying things quickly. If you are on a site you don’t know and haven’t ordered successfully from, open another browser window and look the seller up. You can put the name of the seller and “review” and you are very likely going to get helpful feedback. 2. Be on the lookout for spoofed sites, malicious code links and too-good-to-be-true marketing campaigns. 3. If it’s available to you, opt for two-step verification. Use the cybersecurity available to you. 4. Don’t use a debit card for anything but the ATM. 5. If shopping at a store, make sure you get your card back, and put it back into the same place in your wallet right away. 6. If you suspect you’ve been hacked or lost your card, call the company as soon as you can. One way to ensure you have all the necessary numbers is to keep your CC information admins in your phone contacts, using a simple pneumonic or device you’ll easily figure out and you’ll have handy. 7. Some stores are open very late. The discount chain shop Ross is open throughout the holidays until midnight (or even later in some locations). That said, and if you have to actually set foot in a shop, be sure you go with someone. Don’t park far away from the store entrance (that’s where the security guards will be, too). And be aware of your surroundings. Don’t worry about hurting someone’s feelings if you get a weird vibe and don’t want to share an elevator. Wait for the next elevator car. Cybersecurity Insider Newsletter Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays Sign up today Also see Getty Images/iStockphoto

http://www.globalone.com.np/2019/12/stay-cybersecure-when-shopping-for.html

#SEO #Local SEO training

0 notes

ttorialcom · 6 years

Text

[Udemy] Cyber Security Bootcamp : Awareness

For Beginners, Students, Small Businesses, Large Organizations, C Level Executives, IT Pro, Kids, Family and Friends Able to be Cyber Safe, Protect and Guide their Family, Friends and Organizations Be able to understand the tricks of trade of cyber criminals Save cost Prevent Data Breach and Information Leak Apt idea to identify Fishy and non fishy email Identify traps laid down by malicious cyber criminals Requirements Access to PC or Mobile Phone or Tab and PDF Reader Description Learn cyber security basic hygiene to advance defense, simple tips to powerful security, Bitcoin scams, protection against sensitive data theft, tips to counter social engineering threats, IoT, tips to protect your hard earned money, stay safe from cyber con artist, Not to be phished, exploited, defrauded, Tips, Counter ATP, Email Scams, Vishing Calls, Whatsapp Scams, Zero-day Threat, Cloud Security, Social engineering attacks, Ransomware risk, Online Banking Frauds, Dating Scams, PDoS, data security, Tor and lot more. ???????????????????????????????????????????????????????? Eyeopener Facts... ???????????????????????????????????????????????????????? 1 in 131 emails contains a malware. There is a hacker attack every 39 seconds. Organizations worldwide stand to lose an estimated $9 billion in 2018 to employees clicking on phishing emails. Total cost for cyber crime committed globally has added up to 100 billion dollars. The average cost of a data breach in 2020 will exceed $150 million. 43 percent of cyber attacks target small business. 78 percent of people claim to know the risks that come with clicking unknown links in emails and yet still click these links. ????? About 250,000 new malware samples are produced every day.????? Large-scale DDoS attacks up 340 percent since 2013. Over 75% of health care industry has been infected with malware. 7 out of 10 people and organisations are hacked every minute. Since 2013 there are 3,809,448 records stolen from breaches every day. ?????Human attack surface to reach 6 billion people by 2022.????? The potential cost of cyber-crime to the global community is a mind-boggling $500 billion, and a data breach will cost the average company about $3.8 million.-Microsoft Ransomware attacks increased by 48 percent in 2018.The average amount demanded after a ransomware attack is $1,077 ????? People, Celebrity, health care, drones,aeroplaneMedical devices, Ships, Baby Monitors, Voice Control Systems, CCTV, Traffic Signals, Nuclear Plant, Water Dam, Defense, Military Intelligence, Social Media, Banks and Financial organizations, Stock Exchanges, Gas Control Systems, Telecom, Transportation System, Schools, Digital and Cryptocurrency, IoT Devices, 3D Printers, Scanners and many more are targeted by cyber criminals (hackers) daily. ????? Cyber attacks is the BIGGEST threat to mankind — even more of a bigger threat than nuclear weapons. - Warren Buffett ???????????????????????????????????????????????????????? ???Course Highlights??? ?Introduction ?Don't fall in love with pdf attachments: PDF attacks - the dedication of the criminals ?Image can hack your Whatsapp account - risk, threats and countermeasures ?Hookups on public Wi-Fi could be deadly ?Don't leave your cookies for others ?You don't share underwear... Then why do you share your OTP (one time password)? ?IoT: what is it? How vulnerable is it and how to protect your IoT devices? ?What's on cloud? How it can be breached? ?HTTPS security be compromised ?Ftp File Transfer Security Risk. What is FTP? Threat, Risk, Vulnerability & Countermeasures ?Online Job, Friendship Club Fraud and Dating Scams ?Bot is not so hot! - Threats, protection and defense for you and your family, friends and organization. ?Antivirus & free Antivirus: The Fake Zone of Security. ?Endpoint protection - End Zero Day ?Know how Firewall catch fire (Security holes) ?Stinking passwords ?Call frauds and card cloning - Don’t loose your hard earned money ?Trash can crash your bottom line ?Nude, Sex-texting ?Web site vulnerability ?Plain text attacks ?Pop up Malicious ads ?Whatsapp spam ?Overlooked social media scams ?Bitcoin Scams ?Malicious apps ?Secure your secured browser ?Don't track me ?2FA - double protection for you ?Don't allow skimmers to skim away hard earned money from ATM Anti-zero-day ?What's NFC? What's RFID? How hackable is it? What are the protection measures? ?One click threats ?Block ATP attacks: tips to deal and counter it ?Email scams (credit limit lowered, jobs offers, private venture scams) & protection tips ?Ransomware: Is the biggest threat to your data. Tips to protect your critical or sensitive data and information ?P2P threats: All are invited.. But think twice before you join. ?Risk Management Policy: How it's an countermeasure for cyber threats and security risks? ?Safety tips for Tor users: Checklist for privacy revealed Link attacks ?Human (Mind) re-engineering: Is the Number 1 threat. Protect yourself and create awareness culture. ?Assess your vulnerability and patch it quickly ?Super fast exploration targets - office, adobe reader, flash players, Internet Explorer RAT... Smell Awful! : Must know threats and tips to avoid RAT (Remote Access Trojan) ?Google drive attacks and threats ?Admin Rights is not the Birth Rights for everyone: Control and Strategies for administrative rights ?Why should you keep your employees happy? ?Targeted attacks via Mobile malware ?Sound Transmit virus ?Safe Internet banking Tips ?Your Identity is mine… Modus operandi of identity theft and preventative tips ?Browser Bot: What is it? How it hijack your data, privacy and launch hacking attacks. ?Hacker can compromise your system with QR Code ?What is Metadata? How hackers steal data? How privacy is at stake? ?Dating apps and security risk ?Don’t get pawned by Vishing Calls and Smishing Frauds ?DDS (Default Deadly Settings) ?Creepy apps on Google Play Store and tips to protect yourself ?PDoS (Permanent Denial of Service ?Cyber Bullying ???????????????????????????????????????????????????????? Do: ? Go through all video tutorials, supplementary resources and references ? Enroll if you are serious about protecting yourself, family, friends, children and organization from cyber criminals ? Highlight Audio and Video Issues that may creep in. ? Suggestions welcome ? Leave Feedback and Rating ? Ask questions, just don't keep it to yourself ? Go through the FAQ Session and Discussion Forum ? Get in touch for any query, help or suggestions ? This course will be updated regularly, please go though the updates Don't: ? Enroll if you have issues with accent or have difficulty in understanding different accent ? Pirate this Course, Respect Handwork of Instructor ? If unwilling to ask questions and share feedback ? If you have difficulty with slight or unavoidable background noise ? If you are want to learn Hacking ? There is no Lab Sessions or Practicals but few demos included Who is the target audience? Beginners and Pro who wants to be cyber security awareness Anyone who is serious about cyber security Bust Cyber Criminals, Fraudster and Hackers Attempts to defraud you Safeguard their Hard Earned Money Who doesn't want to get pwn by cyber criminals source https://ttorial.com/cyber-security-bootcamp-awareness

0 notes

benoorblog-blog · 6 years

Text

What are the likely crimes to be committed?

--Crimes People Would Most Likely Commit For Money and Security Threats.

Who, and where, are the threats coming from, both internally and externally?

The word 'threat' in information security means anyone or anything that poses danger to the information, the computing resources, users, or data. The threat can be from 'insiders' who are within the organization, or from outsiders who are outside the organization. Studies show that 80% of security incidents are coming from insiders.

Security threats can be categorized in many ways. One of the important ways they are categorized is on the basis of the “origin of threat,” namely external threats and internal threats. The same threats can be categorized based on the layers described above.

External and Internal Threats

External threats originate from outside the organization, primarily from the environment in which

the organization operates. These threats may be primarily physical threats, socio-economic threats specific to the country like a country's current social and economic situation, network security threats, communication threats, human threats like threats from hackers, software threats, and legal threats. Social engineering threats like using social engineering sites to gather data and impersonate people for the purpose of defrauding them and obtaining their credentials for unauthorized access is increasing. Theft of personal identifiable information, confidential strategies, and intellectual properties of the organization are other important threats. Some of these physical threats or legal threats may endanger an entire organization completely. Comparatively, other threats may affect an organization partially or for a limited period of time and may be overcome relatively easily. Cybercrimes are exposing the organizations to legal risks too.

Internal threats originate from within the organization. The primary contributors to internal threats are employees, contractors, or suppliers to whom work is outsourced. The major threats are frauds, misuse of information, and/or destruction of information. Many internal threats primarily originate for the following reasons:

• Weak Security Policies, including:

• Unclassified or improperly classified information, leading to the divulgence or unintended sharing of confidential information with others, particularly outsiders.

• Inappropriately defined or implemented authentication or authorization, leading to unauthorized or inappropriate access.

• Undefined or inappropriate access to customer resources or contractors/suppliers, leading to fraud, misuse of information, or theft.

• Unclearly defined roles and responsibilities, leading to no lack of ownership and misuse of such situations.

What technical security measures would be most appropriate, and why?

10 Ways to Keep IT Systems Secure

Use these tips to protect your business from hackers, crooks and identity thieves.

Technology continues to be a boon for entrepreneurs, offering increased mobility, productivity and ROI at shrinking expense. But as useful as modern innovations such as smartphones, tablet PCs and cloud computing are to small businesses, they also present growing security concerns. Following are 10 safety tips to help you guard against high-tech failure:

1. Protect with passwords. This may seem like a no-brainer, but many cyber attacks succeed precisely because of weak password protocols. Access to all equipment, wireless networks and sensitive data should be guarded with unique user names and passwords keyed to specific individuals. The strongest passwords contain numbers, letters and symbols, and aren’t based on commonplace words, standard dictionary terms or easy-to-guess dates such as birthdays. Each user should further have a unique password wherever it appears on a device or network. If you create a master document containing all user passcodes, be sure to encrypt it with its own passcode and store it in a secure place.

2. Design safe systems. Reduce exposure to hackers and thieves by limiting access to your technology infrastructure. Minimize points of failure by eliminating unnecessary access to hardware and software, and restricting individual users’ and systems’ privileges only to needed equipment and programs. Whenever possible, minimize the scope of potential damage to your networks by using a unique set of email addresses, logins, servers and domain names for each user, work group or department as well.

Related: How Small-Business Owners Can Award Against Online Security Threats

3. Conduct screening and background checks.While rogue hackers get most of the press, the majority of unauthorized intrusions occur from inside network firewalls. Screen all prospective employees from the mailroom to the executive suite. Beyond simply calling references, be certain to research their credibility as well. An initial trial period, during which access to sensitive data is either prohibited or limited, is also recommended. And it wouldn’t hurt to monitor new employees for suspicious network activity.

4. Provide basic training. Countless security breaches occur as a result of human error or carelessness. You can help build a corporate culture that emphasizes computer security through training programs that warn of the risks of sloppy password practices and the careless use of networks, programs and devices. All security measures, from basic document-disposal procedures to protocols for handling lost passwords, should be second-nature to members of your organization.

5. Avoid unknown email attachments. Never, ever click on unsolicited email attachments, which can contain viruses, Trojan programs or computer worms. Before opening them, always contact the sender to confirm message contents. If you’re unfamiliar with the source, it’s always best to err on the side of caution by deleting the message, then potentially blocking the sender’s account and warning others to do the same.

6. Hang up and call back. So-called "social engineers," or cons with a gift for gab, often prey on unsuspecting victims by pretending to be someone they’re not. If a purported representative from the bank or strategic partner seeking sensitive data calls, always end the call and hang up. Then dial your direct contact at that organization, or one of its public numbers to confirm the call was legitimate. Never try to verify suspicious calls with a number provided by the caller.

7. Think before clicking. Phishing scams operate by sending innocent-looking emails from apparently trusted sources asking for usernames, passwords or personal information. Some scam artists even create fake Web sites that encourage potential victims from inputting the data themselves. Always go directly to a company’s known Internet address or pick up the phone before providing such info or clicking on suspicious links.

Related: Seven Steps to Get Your Business Ready for the Big One

8. Use a virus scanner, and keep all software up-to-date. Whether working at home or on an office network, it pays to install basic virus scanning capability on your PC. Many network providers now offer such applications for free. Keeping software of all types up to date is also imperative, including scheduling regular downloads of security updates, which help guard against new viruses and variations of old threats.

9. Keep sensitive data out of the cloud. Cloud computing offers businesses many benefits and cost savings. But such services also could pose additional threats as data are housed on remote servers operated by third parties who may have their own security issues. With many cloud-based services still in their infancy, it’s prudent to keep your most confidential data on your own networks.

10. Stay paranoid. Shred everything, including documents with corporate names, addresses and other information, including the logos of vendors and banks you deal with. Never leave sensitive reports out on your desk or otherwise accessible for any sustained period of time, let alone overnight. Change passwords regularly and often, especially if you’ve shared them with an associate. It may seem obsessive, but a healthy dose of paranoia could prevent a major data breach.

The average cost to an organization to recover from such a breach is $6.75 million, according to Javelin Strategy & Research. And that doesn’t count damage to your reputation or relationships. So be proactive and diligent about prevention. An ounce far outweighs a pound of cure.

0 notes

jennifersnyderca90 · 6 years

Text

Voice Phishing Scams Are Getting More Clever

Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. Think you’re too smart to fall for one? Think again: Even technology experts are getting taken in by some of the more recent schemes (or very nearly).

Matt Haughey is the creator of the community Weblog MetaFilter and a writer at Slack. Haughey banks at a small Portland credit union, and last week he got a call on his mobile phone from an 800-number that matched the number his credit union uses.

Actually, he got three calls from the same number in rapid succession. He ignored the first two, letting them both go to voicemail. But he picked up on the third call, thinking it must be something urgent and important. After all, his credit union had rarely ever called him.

Haughey said he was greeted by a female voice who explained that the credit union had blocked two phony-looking charges in Ohio made to his debit/ATM card. She proceeded to then read him the last four digits of the card that was currently in his wallet. It checked out.

Haughey told the lady that he would need a replacement card immediately because he was about to travel out of state to California. Without missing a beat, the caller said he could keep his card and that the credit union would simply block any future charges that weren’t made in either Oregon or California.

This struck Haughey as a bit off. Why would the bank say they were freezing his card but then say they could keep it open for his upcoming trip? It was the first time the voice inside his head spoke up and said, “Something isn’t right, Matt.” But, he figured, the customer service person at the credit union was trying to be helpful: She was doing him a favor, he reasoned.

The caller then read his entire home address to double check it was the correct destination to send a new card at the conclusion of his trip. Then the caller said she needed to verify his mother’s maiden name. The voice in his head spoke out in protest again, but then banks had asked for this in the past. He provided it.

Next she asked him to verify the three digit security code printed on the back of his card. Once more, the voice of caution in his brain was silenced: He’d given this code out previously in the few times he’d used his card to pay for something over the phone.

Then she asked him for his current card PIN, just so she could apply that same PIN to the new card being mailed out, she assured him. Ding, ding, ding went the alarm bells in his head. Haughey hesitated, then asked the lady to repeat the question. When she did, he gave her the PIN, and she assured him she’d make sure his existing PIN also served as the PIN for his new card.

Haughey said after hanging up he felt fairly certain the entire transaction was legitimate, although the part about her requesting the PIN kept nagging at him.

“I balked at challenging her because everything lined up,” he said in an interview with KrebsOnSecurity. “But when I hung up the phone and told a friend about it, he was like, ‘Oh man, you just got scammed, there’s no way that’s real.'”

Now more concerned, Haughey visited his credit union to make sure his travel arrangements were set. When he began telling the bank employee what had transpired, he could tell by the look on her face that his friend was right.

A review of his account showed that there were indeed two fraudulent charges on his account from earlier that day totaling $3,400, but neither charge was from Ohio. Rather, someone used a counterfeit copy of his debit card to spend more than $2,900 at a Krogers near Atlanta, and to withdraw almost $500 from an ATM in the same area. After the unauthorized charges, he had just $300 remaining in his account.

“People I’ve talked to about this say there’s no way they’d fall for that, but when someone from a trustworthy number calls, says they’re from your small town bank, and sounds incredibly professional, you’d fall for it, too,” Haughey said.

Fraudsters can use a variety of open-source and free tools to fake or “spoof” the number displayed as the caller ID, lending legitimacy to phone phishing schemes. Often, just sprinkling in a little foreknowledge of the target’s personal details — SSNs, dates of birth, addresses and other information that can be purchased for a nominal fee from any one of several underground sites that sell such data — adds enough detail to the call to make it seem legitimate.

A CLOSE CALL

Cabel Sasser is founder of a Mac and iOS software company called Panic Inc. Sasser said he almost got scammed recently after receiving a call that appeared to be the same number as the one displayed on the back of his Wells Fargo ATM card.

“I answered, and a Fraud Department agent said my ATM card has just been used at a Target in Minnesota, was I on vacation?” Sasser recalled in a tweet about the experience.

What Sasser didn’t mentioned in his tweet was that his corporate debit card had just been hit with two instances of fraud: Someone had charged $10,000 worth of metal air ducts to his card. When he disputed the charge, his bank sent a replacement card.

“I used the new card at maybe four places and immediately another fraud charge popped up for like $20,000 in custom bathtubs,” Sasser recalled in an interview with KrebsOnSecurity. “The morning this scam call came in I was spending time trying to figure out who might have lost our card data and was already in that frame of mind when I got the call about fraud on my card.”

And so the card-replacement dance began.

“Is the card in your possession?,” the caller asked. It was. The agent then asked him to read the three-digit CVV code printed on the back of his card.

After verifying the CVV, the agent offered to expedite a replacement, Sasser said. “First he had to read some disclosures. Then he asked me to key in a new PIN. I picked a random PIN and entered it. Verified it again. Then he asked me to key in my current PIN.”

That made Sasser pause. Wouldn’t an actual representative from Wells Fargo’s fraud division already have access to his current PIN?

“It’s just to confirm the change,” the caller told him. “I can’t see what you enter.”

“But…you’re the bank,” he countered. “You have my PIN, and you can see what I enter…”

The caller had a snappy reply for this retort as well.

“Only the IVR [interactive voice response] system can see it,” the caller assured him. “Hey, if it helps, I have all of your account info up…to confirm, the last four digits of your Social Security number are XXXX, right?”

Sure enough, that was correct. But something still seemed off. At this point, Sasser said he told the agent he would call back by dialing the number printed on his ATM card — the same number his mobile phone was already displaying as the source of the call. After doing just that, the representative who answered said there had been no such fraud detected on his account.

“I was just four key presses away from having all my cash drained by someone at an ATM,” Sasser recalled. A visit to the local Wells Fargo branch before his trip confirmed that he’d dodged a bullet.

“The Wells person was super surprised that I bailed out when I did, and said most people are 100 percent taken by this scam,” Sasser said.

HUMAN, ROBOT OR HYBRID?

In Sasser’s case, the scammer was a live person, but some equally convincing voice phishing schemes use a combination of humans and automation. Consider the following vishing attempt, reported to KrebsOnSecurity in August by “Curt,” a longtime reader from Canada.

“I’m both a TD customer and Rogers phone subscriber and just experienced what I consider a very convincing and/or elaborate social engineering/vishing attempt,” Curt wrote. “At 7:46pm I received a call from (647-475-1636) purporting to be from Credit Alert (alertservice.ca) on behalf of TD Canada Trust offering me a free 30-day trial for a credit monitoring service.”

The caller said her name was Jen Hansen, and began the call with what Curt described as “over-the-top courtesy.”

“It sounded like a very well-scripted Customer Service call, where they seem to be trying so hard to please that it seems disingenuous,” Curt recalled. “But honestly it still sounded very much like a real person, not like a text to speech voice which sounds robotic. This sounded VERY natural.”

Ms. Hansen proceeded to tell Curt that TD Bank was offering a credit monitoring service free for one month, and that he could cancel at any time. To enroll, he only needed to confirm his home mailing address.

“I’m mega paranoid (I read krebsonsecurity.com daily) and asked her to tell me what address I had on their file, knowing full well my home address can be found in a variety of ways,” Curt wrote in an email to this author. “She said, ‘One moment while I access that information.'”

After a short pause, a new voice came on the line.

“And here’s where I realized I was finally talking to a real human — a female with a slight French accent — who read me my correct address,” Curt recalled.

After another pause, Ms. Hansen’s voice came back on the line. While she was explaining that part of the package included free antivirus and anti-keylogging software, Curt asked her if he could opt-in to receive his credit reports while opting-out of installing the software.

“I’m sorry, can you repeat that?” the voice identifying itself as Ms. Hansen replied. Curt repeated himself. After another, “I’m sorry, can you repeat that,” Curt asked Ms. Hansen where she was from.

The voice confirmed what was indicated by the number displayed on his caller ID: That she was calling from Barry, Ontario. Trying to throw the robot voice further off-script, Curt asked what the weather was like in Barry, Ontario. Another Long pause. The voice continued describing the offered service.

“I asked again about the weather, and she said, ‘I’m sorry, I don’t have that information. Would you like me to transfer you to someone that does?’ I said yes and again the real person with a French accent started speaking, ignoring my question about the weather and saying that if I’d like to continue with the offer I needed to provide my date of birth. This is when I hung up and immediately called TD Bank.” No one from TD had called him, they assured him.

FULLY AUTOMATED PHONE PHISHING

And then there are the fully-automated voice phishing scams, which can be be equally convincing. Last week I heard from “Jon,” a cybersecurity professional with more than 30 years of experience under his belt (Jon asked to leave his last name out of this story).

Answering a call on his mobile device from a phone number in Missouri, Jon was greeted with the familiar four-note AT&T jingle, followed by a recorded voice saying AT&T was calling to prevent his phone service from being suspended for non-payment.

“It then prompted me to enter my security PIN to be connected to a billing department representative,” Jon said. “My number was originally an AT&T number (it reports as Cingular Wireless) but I have been on T-Mobile for several years, so clearly a scam if I had any doubt. However, I suspect that the average Joe would fall for it.”

WHAT CAN YOU DO?

Just as you would never give out personal information if asked to do so via email, never give out any information about yourself in response to an unsolicited phone call.

Phone phishing, like email scams, usually invokes an element of urgency in a bid to get people to let their guard down. If call has you worried that there might be something wrong and you wish to call them back, don’t call the number offered to you by the caller. If you want to reach your bank, call the number on the back of your card. If it’s another company you do business with, go to the company’s site and look up their main customer support number.

Unfortunately, this may take a little work. It’s not just banks and phone companies that are being impersonated by fraudsters. Reports on social media suggest many consumers also are receiving voice phishing scams that spoof customer support numbers at Apple, Amazon and other big-name tech companies. In many cases, the scammers are polluting top search engine results with phony 800-numbers for customer support lines that lead directly to fraudsters.

These days, scam calls happen on my mobile so often that I almost never answer my phone unless it appears to come from someone in my contacts list. The Federal Trade Commission’s do-not-call list does not appear to have done anything to block scam callers, and the major wireless carriers seem to be pretty useless in blocking incessant robocalls, even when the scammers are impersonating the carriers themselves, as in Jon’s case above.

I suspect people my age (mid-40s) and younger also generally let most unrecognized calls go to voicemail. It seems to be a very different reality for folks from an older generation, many of whom still primarily call friends and family using land lines, and who will always answer a ringing phone whenever it is humanly possible to do so.

It’s a good idea to advise your loved ones to ignore calls unless they appear to come from a friend or family member, and to just hang up the moment the caller starts asking for personal information.

from https://krebsonsecurity.com/2018/10/voice-phishing-scams-are-getting-more-clever/

0 notes

amberdscott2 · 6 years

Text

Voice Phishing Scams Are Getting More Clever

Haughey said after hanging up he felt fairly certain the entire transaction was legitimate, although the part about her requesting the PIN kept nagging at him.

A CLOSE CALL

“I answered, and a Fraud Department agent said my ATM card has just been used at a Target in Minnesota, was I on vacation?” Sasser recalled in a tweet about the experience.

And so the card-replacement dance began.

“Is the card in your possession?,” the caller asked. It was. The agent then asked him to read the three-digit CVV code printed on the back of his card.

That made Sasser pause. Wouldn’t an actual representative from Wells Fargo’s fraud division already have access to his current PIN?

“It’s just to confirm the change,” the caller told him. “I can’t see what you enter.”

“But…you’re the bank,” he countered. “You have my PIN, and you can see what I enter…”

The caller had a snappy reply for this retort as well.

“The Wells person was super surprised that I bailed out when I did, and said most people are 100 percent taken by this scam,” Sasser said.

HUMAN, ROBOT OR HYBRID?

The caller said her name was Jen Hansen, and began the call with what Curt described as “over-the-top courtesy.”

After a short pause, a new voice came on the line.

“And here’s where I realized I was finally talking to a real human — a female with a slight French accent — who read me my correct address,” Curt recalled.

FULLY AUTOMATED PHONE PHISHING

WHAT CAN YOU DO?

Just as you would never give out personal information if asked to do so via email, never give out any information about yourself in response to an unsolicited phone call.

from Amber Scott Technology News https://krebsonsecurity.com/2018/10/voice-phishing-scams-are-getting-more-clever/

0 notes

alpinesecurityllc · 6 years

Text

The 8 Most Common Cyber Attacks and How to Stop Them

Richard Clarke, a former counter-terrorism expert for the United Government, once said, "If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked". While the latter is a tad harsh (we wouldn't wish a cyber attack on anyone!), the former is certainly true.

If you don't protect yourself and your business from cybercrime, it's only a matter of time before you'll be the victim of an attack. In 2015, worldwide cybercrime damages amounted to $3 trillion. Forecasts say that this amount will double by 2021.

The best way to protect yourself is to know about the different types of cyber attacks. Then you can use that information and take steps to make your networks secure.

8 Common Types of Cyber Attacks

Cyber attacks can come in different forms. Some target the human attack surface. This refers to security holes that are created by people due to negligence, employee turnover or human error. Other attacks target security holes in the networks themselves.

1. Password Cracking Attacks

In password-based attacks, hackers use software and brute force attacks to access secure accounts. They have password-cracking software that can test thousands of potential passwords. These machines are successful because password rules have made passwords less secure.

Users often follow patterns when told that their passwords need to contain a capital letter and punctuation mark. The result is that it is easier for machines and hackers guess your password and break into your account.

The best way of securing your accounts is by using passwords that are legitimately random. Give up your habit of using the street you grew up on or your locker combination from high school. Another way to protect your accounts is by having long passwords. These are much more difficult for machines to guess.

Finally, be sure to keep your passwords safe. This means using different passwords for business and personal uses and changing them on a regular basis. Also, consider using a password or credential manager.

2. Social Engineering Attacks

Social engineering attacks such as password phishing emails are one of the most common types of attacks. For these cyber attacks, hackers send out emails that have been designed to look official. This means that they'll spoof the emails that are sent out by companies like Paypal and Amazon. Hackers hope that potential victims will follow the links in the email and enter their passwords or banking information.

The Nigerian prince emails from the 90s are one example of a social engineering attack. And while people familiar with this scam may laugh about it, there are many internet users falling prey to social engineering attacks. Not all phishing attacks are as outlandish as the Nigerian prince wanting to give you several million dollars. The majority of successful cyber attacks on businesses are the result of spearphishing. This is a strategy where emails are carefully tailored to seem authentic to their recipient.

The best way to protect your business from social engineering attacks is through training and education. These attacks are only successful when people are not able to spot the false emails. Encourage your employees to be vigilant when clicking email links before they enter their secure data.

Another way to protect your business is by implementing two-factor authentication (2FA). This is a secure login system that requires a physical object as well as the username and password. Some examples of this include receiving an SMS on a registered number or biometric data.

You can also look into phishing detection tools such as email filters, anti-virus software, and firewalls. These tools will give a warning if they detect something suspicious.

3. Social Media Attacks

Have you ever seen a post on Facebook where a friend or family member is inexplicably hawking sunglasses? This person has fallen victim to a social media attack. These attacks are usually designed as friend requests or invitations to play a game. When you accept the request or invitation, it grants excessive access to your profile that hackers can take advantage of.

Facebook no longer requires a registered email address to sign up. This makes it difficult for the average user to prevent someone from creating a fake profile in their name. Then, when people see a request from someone they know (or so they think), they don't think twice about accepting it.

For companies, there is often a team of people who have access to the company's accounts across social media. This leaves companies open to savvy corporate hackers who will then take over the account in order to embarrass the company.

Again, education plays a pivotal role in preventing social media attacks. Remind employees not to share the passwords for social media accounts. In addition, teach your social media managers what to look for to determine if an account has been hijacked.

4. Malware attacks

Malware is a portmanteau for "malicious software". Hackers design viruses, worms, Trojan horses and more to disrupt companies by destroying or encrypting their files.

The best way to prevent malware attacks in the first place is by having the right software protecting you. This means not just installing anti-virus software and setting up firewalls but also keeping them updated. When your anti-virus and other protective software becomes outdated, it actually becomes easier for hackers to get in then if you didn't have any anti-virus software in the first place.

5. Denial-of-Service Attacks

A denial-of-service attack is where hackers render a site inaccessible to legitimate customers. Hackers do this by overwhelming the website with traffic and data until the website crashes. Although denial-of-service attacks do not have a direct financial cost to the victims, the indirect cost of lost sales can be high not to mention the frustration of getting the website up and running again.

E-commerce websites are the most likely targets of denial-of-service attacks. That said, hackers have been known to go after different types of high-profile businesses including media agencies and government organizations.

Besides keeping your anti-virus software and security patches up-to-date, you should also be monitoring your traffic reports to protect against a denial-of-service attack. A sudden increase in traffic or other strange traffic patterns could be an early sign of this type of attack.

6. Man-in-the-middle Attacks

With the normal flow of information, data flows seamlessly from users to the servers and back. With a man-in-the-middle attack, that flow gets disrupted when the hacker steps in the middle and intercepts the data being sent. One of the most frustrating things about a man-in-the-middle attack is that the users are not aware of what is happening or that their data has been breached.

To prevent man-in-the-middle attacks, pay attention to the security of websites you're using. This means, only enter confidential information on websites where the URL is "HTTPS" instead of HTTP. Also, pay attention if your browser warns you that a website's security certificate is out-of-date. These websites are vulnerable to man-in-the-middle attacks.

7. Eavesdropping Attack

With an eavesdropping attack, hackers listen in on data that flows through the network. This gives them access to things like passwords, identifying details and credit card numbers. Eavesdropping attacks are different from man-in-the-middle attacks because the data still directly reaches its destination. Because of this, eavesdropping attacks are even harder to detect than man-in-the-middle attacks.

There are two types of eavesdropping attacks; passive eavesdropping and active eavesdropping. With passive eavesdropping, the hacker simply "listens" to data that is passing through the network. With active eavesdropping, hackers disguise themselves. This allows them to impersonate a website where users would normally share their private data.

To prevent being the victim of eavesdropping attacks, make sure that you're using data encryption in transit.

8. Drive-by Download Attacks

Hackers use drive-by download attacks to spread malware. With this style of attack, hackers are casting a wide net as opposed to attacking specific targets. They upload the malicious code to unsecured websites. When users visit this site, the webserver code automatically installs the malware or redirects the user to another corrupted site. These drive-by download attacks may be lurking in emails or pop-up windows as well.

The best way to avoid drive-by download attacks is to stay away from suspicious websites. That said, malware can be installed on any website so you need an additional layer of protection. Keeping your firewall software up to date will help in this regard. Finally, keep apps and plugins on your device to a minimum. These tools increase your attack surface and leave you vulnerable to attacks.

Stay Vigilant to Protect Your Business and Prevent Attacks

Cybercrime isn't going anywhere so businesses need to adopt a "not if but when" attitude to staying vigilant. By educating your employees and maintaining the quality of your anti-virus software and firewalls, you will be taking the first steps towards protecting your business.

To further secure your business against different types of cyber attacks, get in touch with us at Alpine Security. We can run penetration testing on your current security procedures and advise you how to improve your security protocols.

#cybersecurity certification training #penetration testing services #cybersecurity risk management

0 notes

lbcybersecurity · 7 years

Text

Your Holiday Cybersecurity Guide

Many of us are visiting parents/relatives this Thanksgiving/Christmas, and will have an opportunity to help our them with cybersecurity issues. I thought I'd write up a quick guide of the most important things.

1. Stop them from reusing passwords

By far the biggest threat to average people is that they re-use the same password across many websites, so that when one website gets hacked, all their accounts get hacked.

To demonstrate the problem, go to haveibeenpwned.com and enter the email address of your relatives. This will show them a number of sites where their password has already been stolen, like LinkedIn, Adobe, etc. That should convince them of the severity of the problem.

They don't need a separate password for every site. You don't care about the majority of website whether you get hacked. Use a common password for all the meaningless sites. You only need unique passwords for important accounts, like email, Facebook, and Twitter.

Write down passwords and store them in a safe place. Sure, it's a common joke that people in offices write passwords on Post-It notes stuck on their monitors or under their keyboards. This is a common security mistake, but that's only because the office environment is widely accessible. Your home isn't, and there's plenty of places to store written passwords securely, such as in a home safe. Even if it's just a desk drawer, such passwords are safe from hackers, because they aren't on a computer.

Write them down, with pen and paper. Don't put them in a MyPasswords.doc, because when a hacker breaks in, they'll easily find that document and easily hack your accounts.

You might help them out with getting a password manager, or two-factor authentication (2FA). Good 2FA like YubiKey will stop a lot of phishing threats. But this is difficult technology to learn, and of course, you'll be on the hook for support issues, such as when they lose the device. Thus, while 2FA is best, I'm only recommending pen-and-paper to store passwords. (AccessNow has a guide, though I think YubiKey/U2F keys for Facebook and GMail are the best).

2. Lock their phone (passcode, fingerprint, faceprint)

You'll lose your phone at some point. It has the keys all all your accounts, like email and so on. With your email, phones thieves can then reset passwords on all your other accounts. Thus, it's incredibly important to lock the phone.

Apple has made this especially easy with fingerprints (and now faceprints), so there's little excuse not to lock the phone.

Note that Apple iPhones are the most secure. I give my mother my old iPhones so that they will have something secure.

My mom demonstrates a problem you'll have with the older generation: she doesn't reliably have her phone with her, and charged. She's the opposite of my dad who religiously slaved to his phone. Even a small change to make her lock her phone means it'll be even more likely she won't have it with her when you need to call her.

3. WiFi (WPA)

Make sure their home WiFi is WPA encrypted. It probably already is, but it's worthwhile checking.

The password should be written down on the same piece of paper as all the other passwords. This is importance. My parents just moved, Comcast installed a WiFi access point for them, and they promptly lost the piece of paper. When I wanted to debug some thing on their network today, they didn't know the password, and couldn't find the paper. Get that password written down in a place it won't get lost!

Discourage them from extra security features like "SSID hiding" and/or "MAC address filtering". They provide no security benefit, and actually make security worse. It means a phone has to advertise the SSID when away from home, and it makes MAC address randomization harder, both of which allows your privacy to be tracked.

If they have a really old home router, you should probably replace it, or at least update the firmware. A lot of old routers have hacks that allow hackers (like me masscaning the Internet) to easily break in.

4. Ad blockers or Brave

Most of the online tricks that will confuse your older parents will come via advertising, such as popups claiming "You are infected with a virus, click here to clean it". Installing an ad blocker in the browser, such as uBlock Origin, stops most all this nonsense.

For example, here's a screenshot of going to the "Speedtest" website to test the speed of my connection (I took this on the plane on the way home for Thanksgiving). Ignore the error (plane's firewall Speedtest) -- but instead look at the advertising banner across the top of the page insisting you need to download a browser extension. This is tricking you into installing malware -- the ad appears as if it's a message from Speedtest, it's not. Speedtest is just selling advertising and has no clue what the banner says. This sort of thing needs to be blocked -- it fools even the technologically competent.

uBlock Origin for Chrome is the one I use. Another option is to replace their browser with Brave, a browser that blocks ads, but at the same time, allows micropayments to support websites you want to support. I use Brave on my iPhone.

A side benefit of ad blockers or Brave is that web surfing becomes much faster, since you aren't downloading all this advertising. The smallest NYtimes story is 15 megabytes in size due to all the advertisements, for example.

5. Cloud Backups

Do backups, in the cloud. It's a good idea in general, especially with the threat of ransomware these days.

In particular, consider your photos. Over time, they will be lost, because people make no effort to keep track of them. All hard drives will eventually crash, deleting your photos. Sure, a few key ones are backed up on Facebook for life, but the rest aren't.

There are so many excellent online backup services out there, like DropBox and Backblaze. Or, you can use the iCloud feature that Apple provides. My favorite is Microsoft's: I already pay $99 a year for Office 365 subscription, and it comes with 1-terabyte of online storage.

6. Separate email accounts

You should have three email accounts: work, personal, and financial.

First, you really need to separate your work account from personal. The IT department is already getting misdirected emails with your spouse/lover that they don't want to see. Any conflict with your work, such as getting fired, gives your private correspondence to their lawyers.

Second, you need a wholly separate account for financial stuff, like Amazon.com, your bank, PayPal, and so on. That prevents confusion with phishing attacks.

Consider this warning today:

Phishing warning! Fake emails are being sent out pretending to be from the US Postal Service, claiming that you requested your mail be held this week. Don't click on the attachment OR the links.

— Wendy Nather (@wendynather) November 21, 2017

If you had split accounts, you could safely ignore this. The USPS would only your financial email account, which gets no phishing attacks, because it's not widely known. When your receive the phishing attack on your personal email, you ignore it, because you know the USPS doesn't know your personal email account.

Phishing emails are so sophisticated that even experts can't tell the difference. Splitting financial from personal emails makes it so you don't have to tell the difference -- anything financial sent to personal email can safely be ignored.

7. Deauth those apps!

Twitter user @tompcoleman comments that we also need deauth apps.

Social media sites like Facebook, Twitter, and Google encourage you to enable "apps" that work their platforms, often demanding privileges to generate messages on your behalf. The typical scenario is that you use them only once or twice and forget about them.

A lot of them are hostile. For example, my niece's twitter account would occasional send out advertisements, and she didn't know why. It's because a long time ago, she enabled an app with the permission to send tweets for her. I had to sit down and get rid of most of her apps.

Now would be a good time to go through your relatives Facebook, Twitter, and Google/GMail and disable those apps. Don't be a afraid to be ruthless -- they probably weren't using them anyway. Some will still be necessary. For example, Twitter for iPhone shows up in the list of Twitter apps. The URL for editing these apps for Twitter is https://twitter.com/settings/applications. Google link is here (thanks @spextr). I don't know of simple URLs for Facebook, but you should find it somewhere under privacy/security settings.

8. Up-to-date software? maybe

I put this last because it can be so much work.

You should install the latest OS (Windows 10, macOS High Sierra), and also turn on automatic patching.

But remember it may not be worth the huge effort involved. I want my parents to be secure -- but no so secure I have to deal with issues.

For example, when my parents updated their HP Print software, the icon on the desktop my mom usually uses to scan things in from the printer disappeared, and needed me to spend 15 minutes with her helping find the new way to access the software.

However, I did get my mom a new netbook to travel with instead of the old WinXP one. I want to get her a Chromebook, but she doesn't want one.

For iOS, you can probably make sure their phones have the latest version without having these usability problems.

Conclusion

You can't solve every problem for your relatives, but these are the more critical ones.

The post Your Holiday Cybersecurity Guide appeared first on Security Boulevard.

from Your Holiday Cybersecurity Guide

0 notes

attendantdesign-blog · 7 years

Text

New Post has been published on Attendantdesign

New Post has been published on https://attendantdesign.com/getting-ready-for-school/

Getting ready for school?

Ready or not, here comes a new college 12 months.

While it is hit-the-books time for the students in your house, it shouldn’t be break-the-price range time for you.

Rising fees can make it seem that way although unless you store wisely.

The National Retail Federation reviews that households with faculty kids will spend a median of $687.72 this yr on returned-to-college shopping 30 tips for emergency preparedness

But except budgets, there’s every other important difficulty associated with the faculty 12 months: your children’s on line protection. ready gov emergency preparedness

The Better Business Bureau has advice for people who are coping with purchasing costs in addition to the problem of students’ online protection.

Shopping smartly

Here are five ways to get the maximum from your returned-to-faculty purchasing dollars as you fill your students’ backpacks:

▪ Make a listing. Compiling (and sticking to) a listing of items is a great deal extra green than impulse buying. Try on every occasion feasible to find the items across the house before you hit the stores. Consider clothing desires in addition to simple faculty materials.

▪ Create a budget. Know your spending limits and stick with them. Use discount shops whilst feasible for primary substances like notebooks, folders, and pencils. Sign up for sale indicators from your favorite stores and watch advertisements for coupons.

▪ Look for the pleasant print. Carefully study ads for quantity restrictions, sale dates and return rules. Return regulations are mainly critical for on line purchases.

▪ Network with other mother and father. Consider doing a garb switch for gently used items as a manner of saving money. Check out the opportunity of buying college resources in bulk and splitting the value with other families.

▪ Look for scholar and teacher discounts. Many shops provide them on objects like laptops and uniforms. Retailers need to make room for the modern day fashions and can have large reductions on older ones.

Online defenses in your toddler

It’s tough to monitor your infant’s online interest whilst they are in school (though maximum faculties do block questionable web sites from student use while within the building.)

These pointers can assist decrease your infant’s online Getting dangers ready school

▪ Cyberbullying is still a trouble. It most usually takes place via social media sites, emails and textual content messages. It’s essential which you speak with your infant about their on line studies.

Visit SafeKids.Com for plenty online protection assets log i ready

▪ Reputation-harming online posts may have lasting consequences. Children do not often apprehend the repercussions of “online is all the time.” Make positive your toddler is aware of the risks of their posts, in particular photographs, being used within the future to purpose them damage.

▪ Phishing attempts and identity robbery are commonplace. Explain in your baby how emails can appearance actual however nevertheless be fake. Clicking on links in emails can motive malware to be installed on electronic gadgets. They must in no way share a password with every person but you.

Be sure all running systems are kept up to date as a safeguard as nicely.

▪ Inappropriate content can without difficulty be stumbled upon by way of your child. SafeKids.Com has the exact recommendation in this issue for parents.

▪ The online predator danger requires common-feel rules. If an internet verbal exchange on your infant veers into inappropriate territory, have them quit it. They should remember the fact that you should be informed approximately such incidents. Don’t hesitate to contact the police if you have the motive to suspect a person.

▪ Privacy safety rules ought to be reviewed with your children. Let them know that they should never reveal private statistics like their call, address, phone quantity, age, faculty or friends’ names.

▪ Use your Internet provider’s website online-blocking off functions.

The first very important thing that any internet marketing company will tell you as the number one tip for success is to know your market. Know your product, know your audience and get to know your competitors. You want to focus on this in everything you do from your website design to the online marketing that you choose to do, whether it’s pay per click advertising, social media advertising or both.

Next, you will want to set yourself goals. Setting goals are essential to monitor

your progress and ensure that your efforts are meeting your unique online needs. Setting goals should be realistic, from increasing your ranking to growing your followers on social media to setting up a blog or increasing your brand using pay per click advertising. There are so many things to remember and so many different goals to set and if you don’t have online marketing experience, you may find that an internet marketing company is the best choice to help you grow your business online in the long run.

Always set yourself an internet marketing budget. You will be pleased you did. Your budget should be set if you are using an internet marketing company to identify how much you can spend with them each month. It is easier if the company you choose has set packages to take advantage of, so you can ensure your budget remains the same on a monthly basis. If you are considering pay per click advertising, set a daily budget, so that you only pay for the leads generated as a result up to a set amount, so that you are sure to not exceed your budget at any time.

Ensure that you focus on your branding. You want to have set and identifiable brand before you even start with your online marketing campaign. Your brand should be catchy and noticeable, easy to remember and something that relates to your audience. There is no point getting technological if you aren’t catering to a technological audience, for example. Your internet marketing company should be able to provide you with advice, recommendations, and assistance when it comes to your brand so that you can ensure to increase visibility moving forward.

The final thing you are going to want to consider in 2017 when it comes to your internet marketing is search engine optimization. SEO has changed dramatically over the past few years and there are so many different factors to consider from focusing on your local audience to making your website mobile friendly. Then there are links, social media, keywords and more to make sure you meet in order to see your brand name increase through the rankings and dominate your market in the long run.

0 notes

makeitwithmike · 7 years

Text

5 Social Media Security Risks and How to Avoid Them

By Jylian Russell

Scams on social media skyrocketed by 150 percent across Facebook, Twitter, Instagram, and LinkedIn in 2016. And the number is likely to continue climbing as more cyber crooks see social as a fruitful target.

So, what are businesses to do? Pull away from social altogether? Well, no.

For most brands today, social media is critical to their marketing and customer service success. To pull away would mean risking important stakeholder engagement and market opportunity.

Instead, brands must ensure they’re educated about the risks and take steps to protect themselves.

In this post we’ll look at five of the most common social media security risks and offer tips on how to protect your organization from them.

5 social media security risks to business

1. Human error

From accidental tweets, to unknowing clicks on phishing links, human error is one of the most common social media security threats to brands today.

Back in 2014, a US Airways employee accidentally posted an X-rated image to the company’s Twitter feed. Dubbed ‘the worst tweet of all time’, the error brought on days of tough press coverage. While the company ultimately made it out unscathed, the situation highlighted just how quickly things can go wrong due to human error on social media.

2. Not paying attention on social media

Related to human error, not paying attention to your social media accounts can have serious consequences. Leaving your account unmonitored, for example, puts it at risk of being infected by a malicious virus that could spread to your followers.

Worse still, if that virus sends spammy messages from your account you could run the risk of losing followers who no longer see you as trustworthy.

3. Malicious apps and attacks

The internet is rife with malicious software—ranging from malware and spyware to adware and the evil ransomware variety (of which there were over 4,000 attacks every day in 2016).

One of the most sophisticated attacks to go down on social media in recent memory was that of the Locky app. Initially spread through email attachments, Locky directly targeted social networks through the circulation of corrupt jpegs (those sneaky Locky hackers found a way to embed malicious code into an image file).

When an unknowing user clicked and opened the image, Locky would immediately put a lock-down on all their computer files. A nasty little note would soon follow demanding the user make a payment (via the anonymous Tor network) in exchange for a key to unlock the user’s files.

4. Phishing scams

Like malicious apps, phishing scams use social media to trick people into handing over personal information (like banking details and passwords). Phishing attempts on social media soared by an astounding 500 percent in 2016—largely attributed to fraudulent customer support accounts targeting customers on Facebook, Twitter, Instagram, and LinkedIn.

One such example was the Facebook “fake friend” phishing attack that made the rounds in 2016. According to global cybersecurity watchdog, Kaspersky Lab, thousands of users received a Facebook message saying they’d been mentioned by a friend in a comment. When users clicked on the message, the scam would automatically download a malicious Chrome browser extension onto their computer.

Once installed, the malicious file would take hold of the user’s Facebook account—where it would then extract the user’s personal data and further spread the virus through that user’s friends.

5. Privacy settings

Privacy and protection on social media is extremely important. Yet many businesses continue to put their reputations at risk by not implementing strict privacy settings. As a result, hackers can easily take control of a brand’s social channels and wreak havoc at will— sending fraudulent posts to followers or making adjustments to a channel’s appearance.

Many major brands have fallen prey to social media hacks, including Burger King, whose Twitter account was hijacked and made to look like it was promoting McDonald’s.

7 tips on how to avoid social media security risks

1. Create a social media policy

Before people can avoid making social media blunders, they need to know what things to watch out for. One of the most effective ways to do this is by creating a social media policy.

Social media policies can help to keep your brand safe while encouraging participation from your employees. While policies will vary from organization to organization, typically they’ll include best practices, safety and security guidelines, and procedures on training and enforcement.

Policies are especially useful for organizations that operate more than one social media account to stay coordinated.

Cambridge University is one such organization. With over 260 social media accounts bearing the university’s name, Cambridge created a social media policy to help protect their online reputation.

Viewing the policy as a “living document,” the university uses Hootsuite’s monitoring and insights features to keep employees informed of best-practices related to their various social networks.

Be sure to include clear guidelines on how to:

Create a secure password

Effectively monitor and engage with brand mentions

Avoid spam, phishing attacks, and human error

Avoid malware and related malicious software (spyware, ransomware, etc.)

Proceed in the event of malware attacks

Engage on social media following a corporate crisis

Share on-brand and approved content

Check out our complete guide for more tips on writing social media policies.

2. Give your employees social media training

Next, bring your policy to life with in-person social media training. Doing so will give your employees the chance to ask questions about policy items they don’t understand. It will also bring to light any gaps in your policy that could become potential security threats.

Organizations like famed publisher Wiley, for example, regularly deliver in-house social media training to keep their social efforts streamlined and secure.

During the training, clearly highlight your company’s do’s and don’ts of sharing, how to use secure social media tools, and what phishing links or malicious accounts look like.

If your brand is worried about full-scale malware attacks, hacks, or bad press, weave crisis communications training into your policy and training—detailing what to do in the event of a hack or PR disaster on social.

3. Limit access to social media

You want to make sure that only the right people have publishing rights on your social media channels. This applies regardless of how many people contribute to message drafting and content creation.

Read-only settings, like those offered by Hootsuite, can help mitigate the risk of human error caused by employees who aren’t properly trained on the channels and tools.

If you’re using Hootsuite, you can easily set-up permission levels and a system of approval to follow the natural hierarchy of your organization. Staff members can be given limited permission to draft messages, which must then be fed into an approval queue for senior management to sign-off on before publishing.

Limited permissions also allow you to restrict employees to specific social accounts and capabilities.

Learn how to get even more out of Hootsuite with free social media training from Hootsuite Academy.

4. Put someone in charge

Too many cooks in the kitchen spoil the broth, or so the saying goes. Similarly in social media, one key person should lead the charge on all of your brand’s social media activities.

Having a key person acting as the eyes and ears of your social presence can go a long way towards mitigating your risks. This person should monitor your brand’s presence, listen for related conversations, be responsible for your social media security, and manage who has publishing access.

5. Invest in secure technology

With social media hacks on the rise, brands must take vigilant and innovative measures to keep their accounts—and their reputations—safe. One of the most effective ways to do this is by investing in secure technology.

Safeguard your passwords

Not so long ago, shared social media accounts meant shared passwords—which also meant more opportunities for crooks to get their hands on your information. These days, a slew of password management tools are available to keep your passwords safe.

Lastpass is a great example of a site that can generate and store complex passwords on your behalf. Two-factor authentication tools, like One Login, add an added security layer where users are required to use two devices (computer and mobile device) in a series of commands to access an account.

One social platform to rule them all

Secure social media management platforms, like Hootsuite, are another great way to keep your content secure. By using a single platform to manage all your networks, you can confidently keep control of who’s publishing and accessing your accounts.

Scan for threats

Arm yourself with security software, like ZeroFOX, that automatically scans for and sends alerts of any brand impersonations, scams, fraud, malware, viruses, and other cyber risks.

6. Monitor your social media channels

If a social media blunder happens, you’ll want to make sure you immediately hear about it. But to know what’s being said, you need to do more than keep an eye on each of your networks—you also need to know what to look for.

Monitoring tools, like Hootsuite, can help you confidently keep on top of what’s being said about you, across each of your networks, from a single dashboard.

For an even more comprehensive understanding of the conversation happening around your brand on social media, try an app like Brandwatch, which lets you monitor and analyze social mentions from more than 70 million sources.

7. Perform a regular audit

As you would with any other business function, be sure to perform regular audits of your social media security measures to make sure your efforts are up-to-date and that potential security gaps haven’t crept in. At least once every quarter, check on:

Network privacy settings: Networks routinely update their privacy settings which will likely have an impact on your account.

Access and publishing privileges: Perform a scan of who has access to and publishing rights on your social media management platform and sites and update as needed.

Recent security threats: Perform a scan of reputable news outlets and security sources for an update on the latest social media threats in circulation.

Social media opens a world of opportunity for your business to grow and connect with customers. Arm yourself against threats and go forth knowing you’ve done everything in your power to protect your business.

From monitoring social channels to managing permissions, Hootsuite can help you secure your social media.

Learn More

The post 5 Social Media Security Risks and How to Avoid Them appeared first on Hootsuite Social Media Management.

The post 5 Social Media Security Risks and How to Avoid Them appeared first on Make It With Michael.

from 5 Social Media Security Risks and How to Avoid Them

#5 Social Media Security Risks and How to Avoid Them

0 notes