Category: Uncategorized

From ransomware to SolarWinds, the cybersecurity space has been as hectic as it has ever been over the last 12-24 months. However, for all of the emerging threats and news that are cropping up on the horizon, phishing — one of the oldest pain points in cybersecurity — is continuing to quietly wreak havoc, and is as big of a threat as it has ever been.

Despite often being overlooked in terms of hype, phishing has been a mainstay in the cybersecurity threat landscape for decades. In fact, 43 percent of cyberattacks in 2020 featured phishing or pre-texting, while 74 percent of US organizations experienced a successful phishing attack last year alone. That means that phishing is one of the most dangerous “action varieties” to an organization’s cybersecurity health. As a result, the need for proper anti-phishing hygiene and best practices is an absolute must.

With that in mind, here are a few quick best practices and tips for dealing with phishing threats.

1. Know the Red Flags

Phishes are masters of making their content and interactions appealing. From content design to language, it can be difficult to discern whether content is genuine or a potential threat, which is why it is so important to know the red flags. Awkward and unusual formatting, overly explicit call outs to click a hyperlink or open an attachment, and subject lines that create a sense of urgency are all hallmarks that the content you received could be potentially from phish and indicate that it should be handled with caution.

2. Verify the Source

Phishing content comes in a variety of ways, however, many phishes will try to impersonate someone you may already know — such as a colleague, service provider or friend — as a way to trick you into believing their malicious content is actually trustworthy. Don’t fall for it. If you sense any red flags that something may be out of place or unusual, reach out directly to the individual to confirm whether the content is authentic and safe. If not, break-off communication immediately and flag the incident through the proper channels.

3. Be Aware of Vishing and Other Phishing Offshoots

As more digital natives have come online and greater awareness has been spread about phishing, bad actors have begun to diversify their phishing efforts beyond traditional email. For example, voice phishing — or vishing — has become a primary alternative for bad actors looking to gain sensitive information from unsuspecting individuals. Similar to conventional phishing, vishing is typically executed by individuals posing as a legitimate organization — such as a healthcare provider or insurer — and asking for sensitive information. Simply put, it is imperative that individuals be wary of any sort of communication that asks for personal information whether it be via email, phone or chat — especially if the communication is unexpected. If anything seems suspicious, again, break-off the interaction immediately and contact the company directly to confirm the veracity of the communications.

—

Phishing may be “one of the oldest tricks in the book,” but it is still incredibly effective. And although it may be hard to spot when you may be in the midst of a phishing attempt, by exercising caution and deploying these few fundamentals, individuals and organizations more broadly can drastically mitigate the chances of falling victim to a phishing attack.

Data breaches have become a part of modern life in our connected world. Everyone is at risk of potential data breaches and having their data used fraudulently. However, just because there is a data breach, it doesn’t mean you’ll become a victim of Identity theft. To avoid any further harm to your online identity, there are certain steps you can take to make sure you contain the threat. These will potentially save your finances, credit score and your identity, keeping them away from criminals.

Here are the steps you need to take right away if you find out that your data has been breached:

1.) Immediately change your password. 

These need to be a combination of letters, numbers and special characters. The password needs to be unique to every online account you have. Duplicating passwords gives hackers more chances to access your accounts. Using a password manager can help you store your passwords securely. You also need to change your passwords regularly.

2.) Set up two factor authentication. 

Adding two factor authentication increases your protection, companies such as Facebook and Microsoft have these authentication processes in place if you wish to use them. They add an extra layer of security, usually requiring you to enter a code you’ve received via SMS.

3.) Check your credit report and accounts regularly.

Make sure that there is nothing there that is unfamiliar to you, if there is, contact the company straight away and alert them to what has happened, the quicker you act the less damage caused. A credit report allows you to view most of your financial information in one place.

4.) Look out for regular updates from the breached company.

They may release press releases and maintain a feed to the affected parties. For example, users were usually logged out of their Facebook accounts if they were affected in the most recent Facebook data breach. Users should keep up to date with any information regarding the breach by using social media platforms or the company websites, users may also be notified by email.

Following these steps may result in limiting the amount of damage caused by your leaked data. There are many tools that can alert you to suspicious activity and help protect your personal data, such as Cyberman365. There is also a free service offered by the Federal Trade Commission which offers a recovery plan for when the worst happens, you can find it here: https://www.identitytheft.gov/#/ 

Take a look at our other articles for more useful resources.

Overall, 33 percent of U.S. adults have experienced identity theft, which is more than twice the global average. Make sure you are aware of these common traps when it comes to identity theft.

Malware & Viruses

Criminals use tactics to infiltrate your devices and may steal information or hold your device and files to ransom until you pay a fee.

Data Breaches

Unfortunately companies often fall victim to data breaches where customers’ personal information is exposed. This means criminals can get hold of your data.

Mail Theft

If you have an unlocked mailbox, identity thieves can easily steal your mail containing your personal information.This also applies to your garbage so make sure you shred any personal data.

Change of Address

With just a name and address someone can divert your mail. They can then collect additional information about you such as credit card information or your Social Security Number.

Wallet Theft

If someone gets hold of your wallet, think about how much information they would have on you, SSN, name, age, bank accounts, health insurance details and more.

Oversharing on Social Media

Always be aware of what you are sharing, if strangers can predict your movements it’s easy for them to steal your identity or belongings.

You may be shocked to discover just how much these sites share about you.

People data sites may contain your current and previous home addresses, relatives, phone numbers, email addresses, neighbors and more. Anybody can visit these sites and look up your personal data.

Cyber and Privacy expert David Derigiotis has created a useful resource to explain how you can opt-out of these data sites.

This is a great first step to start reducing your digital footprint.

The downloadable resource covers the following points and more:

1. When removing the information from the following organizations, consider creating an anonymous email.
2. Consider using the following email service providers which offer users a greater sense of privacy.
   • ProtonMail: https://protonmail.com
   • Tutanota: https://tutanota.com
3. These two email providers offer a secure email service with built in end to end encryption. With end to end encryption, content within the email is not accessible by the company itself when emailing within the network (ex. ProtonMail to ProtonMail user). Only the communicating users can read the content.

The list is not exhaustive but will provide a good start for reducing your digital footprint. Many of these sites may require your follow up before successful data removal occurs. Please be sure to record the date you initially contact the service and document once removal is verified. Be diligent.

Download our guide with links for the websites that are holding your information and where you can opt-out to remove your data.

COVID-19 vaccines are rolling out and that’s great news! While we eagerly anticipate vaccine distribution, please stay alert for COVID-19 vaccine scams.

Here’s how to avoid a vaccine-related scam:

• The vaccine will most likely be free (given the public health emergency) so be highly skeptical of any email or communication requesting money in exchange for the vaccine.
• You can’t pay to put your name on a list or get early access to the vaccine.
• No one from a vaccine distribution site or health care provider will contact you for your Social Security number, credit card or bank account information.
• Stay alert for providers offering other products, treatments, or medicines to prevent the virus.
• ALWAYS check with your health care provider before paying for or receiving any COVID-19-related treatment.

Additionally, be highly skeptical of emails that create a sense of urgency or fear and persuade you to click on a link or open an attachment like the following. 

• “CLICK here/OPEN this attachment to learn about the potential side effects of the vaccine!”
• “CLICK here/OPEN this attachment to hear real stories of allergic reactions to the vaccine!”
• “CLICK here/OPEN this attachment to get early access to the vaccine!”

You may feel like there is little you can do to protect your personal data. However, there are steps you can take to learn about how your data is collected, shared and used. Follow these basic privacy tips to help improve how you manage your personal information and make informed decisions about who receives your data.

Tips to protect your privacy:

1. Personal info is like money: Personal information, such as your purchase history, IP address, or location, has tremendous value to businesses – just like money. Have you ever received something for free? Installed a free app or downloaded an eBook? If so it’s usually not really free, the cost is access to your personal information. Consider whether the benefit is worth sharing your data.
   
2. Keep tabs on your apps. Many apps ask for access to personal information, such as your geographic location, contacts list and photo album, before you can use their services. Be wary of apps that require access to information that is not required or relevant for the services they are offering. Delete unused apps on your internet-connect devices and keep others secure by performing updates. 
   
3. Manage your privacy settings. Check the privacy and security settings on web services and apps and set them to your comfort level for information sharing. Each device, application or browser you use will have different features to limit how and with whom you share information. Get started with NCSA’s Manage Your Privacy Settings page:https://staysafeonline.org/stay-safe-online/managing-your-privacy/manage-privacy-settings/
   
4. Check for data breaches. Google Chrome has a super useful feature that alerts you if your accounts have been breached and alerts you to change your passwords. You can also use other sites like https://haveibeenpwned.com/ to see if your email address has been involved in a data breach.

Find out more here.