Cyber Warfare Is Here: Are You Prepared?

When you think about cyber warfare, you probably imagine an underground bunker full of people working computers to try and take down the Pentagon, or to shut down air traffic control. You probably don’t imagine North Korea or Russian agents coming for your small business.

Cyber Warfare Is Here: Are You Prepared?It’s time for that thinking to change. In its 2022 Digital Defense Report, Microsoft reported that nation-state attacks targeting infrastructure rose from 20% of the attacks they detected to 40%. Microsoft cited espionage attacks on NATO countries and attacks on IT firms as areas of higher activity.

What Does Cyber Warfare Look Like?

Cyber warfare is happening right now, every time a nation-state hacker infiltrates an IT backbone or targets a public health provider. Nation-state actors will not “declare cyber war” or announce their intentions. They will simply strike at whatever targets they can compromise, with the intent of causing as much disruption as possible.

What Is a Nation-State Cyber Attack?

Nation-state cyber warfare differs from criminal cyber attacks in two ways. First, the attack is either carried out directly by foreign agents, or by people who get funding, training and infrastructure support from an enemy country.

Cyber criminals can often be stopped with basic cyber security and phishing awareness training, because they’re looking for easy money and easy victims. They use well-known malware and common social engineering techniques to extort their victims.

Cyber warfare is far more sophisticated. It uses techniques and custom-designed software designed to avoid detection, and to prevent common methods of restoring system access. In less-destructive forms, it is a tool to harass and extort an adversary. In more sinister applications, it can silently exfiltrate information that can give an enemy a strategic advantage, such as the ability to delete needed data or take control of mechanical and energy systems.

Why Would a Nation State Attack My Business?

As in any conflict, there are degrees of cyber warfare. In any attack, the following entities are vulnerable:

  • Energy generation, transmission and controls
  • Water utilities
  • Chemical and fuel facilities
  • Public health facilities
  • Telecommunications, including emergency response

The goal of these attacks is to sew chaos. The size of the target does not matter. Most cyber warfare analysts expect big-city infrastructure and large health systems to be primary targets, but nation-state attackers will look to spark terror in any way they can. Opening a dam in a small town or poisoning a water supply will lead to widespread fear, and smaller municipalities may not be as well protected against a cyber attack as urban providers.

In a wider attack, a nation-state will almost certainly target the following:

  • Banking
  • Food processing and distribution, including supermarkets
  • Logistics, including package delivery, rail and trucking
  • Pharmacies
  • Managed service providers
  • Cloud networks
  • Payroll processing

The goal is to cause as much disruption as possible by denying people access to everyday goods and services. Shutting down thousands of websites via an attack on a cloud provider or managed service provider interrupts the flow of goods and services and gets media attention. Shutting down pharmacy computers makes it harder for people to get essential medications. Adversaries want media amplification of their attacks that will make people fearful.

Your (Unexpected?) Role in Cyber Warfare

We tend to think of cyber attacks in terms of breaches, monetary theft or lost access to systems. If you operate a system that has been compromised, it is easy to see that you have been attacked. If your managed service provider, ISP or cloud servers go down, you may be surprised to find out that you are the reason why.

This is where cyber warfare becomes every online organization’s responsibility. Nation-state attackers continually probe for weaknesses and novel ways to get at essential online infrastructure. Everyday things that many business and developers do can be opportunities for foreign adversaries.

  • Posting source code on GitHub or other online repositories. We recently explained how that led to Federal sanctions against a U.S. executive. Posting source code can expose passwords and pathways to adversaries.
  • Launching new apps or forms without thorough testing. Nation-state attackers have a catalog of known software vulnerabilities and near-unlimited resources to find websites that have those vulnerabilities. You could be the crack in the door that gives an adversary the access needed to take down an ISP or managed services provider.
  • Insufficient online monitoring. The antivirus program will not stop a nation-state attacker, who is using new methods of attack that the software does not recognize. In the most sophisticated attacks, adversaries embed their code in system software so that it looks normal to any scanner. Dark Web monitoring is sometimes the most reliable way to identify these vulnerabilities.

Every business and organization that publishes or maintains a website, whether you collect information or not, is a potential target of nation-state cyber warfare. You could have an unexpected and unwanted role in the next attack, because the United States does not prioritize the role individuals play in cyber security. Major targets may have significant defenses against nation-state attackers, but they also have necessary connections to the World Wide Web. This is like building a massive wall to protect a town but leaving a tiny hole for the wastewater to flow downstream. Enemies will find that hole, find a way to get into it and run wild once they are on the other side.

We often discuss cyber security in terms of business interruption and liability. Those are still significant concerns, but with determined nation-state attackers continually working to find new methods of attack, we need to consider how individual vulnerabilities could escalate into a local or national emergency.

Protect Now specializes in cyber security and compliance for small businesses. We provide affordable VCISO support, cyber security training and Dark Web monitoring. Call us at 1-800-658-8311 or contact us online to speak to a cyber security expert.

Cybercrime and ALMOST EVERYTHING You Need To Protect Yourself

One of the most lucrative illegal business ventures out there is cybercrime, and there are no signs that it is slowing down anytime soon. Over the past 10 years, the “bad guys” have created new and highly sophisticated methods of capitalizing on users of the internet, and the odds are that they will simply not be caught. At the same time, consumers are facing more risk than ever before.

Why is Cybercrime so Dangerous and Can You Be Safer?  

If you are a service professional like me who “puts it out there” I’m sorry to inform you that we are at high risk of becoming a victim of cybercrime. Most of us have gotten phishing emails from people asking for something; many of us have websites that contain a lot of personal info and it is very easy to find our social media pages. Not only is this enough to scam us, it is also enough to scam our clients. You can also add the dangers that traveling puts us into thanks to risky public Wi-Fi. Fortunately, there are some things that you can do to keep yourself safer.

Social Media Risks 

Anyone who uses social media is at risk of becoming a victim of a criminal hacker. It’s pretty dangerous, but I have some good advice. I do training and conferences all of the time, and one of the things I recently told a group of our US Army soldiers is this; “Do not post anything online that you would not tell the enemy.”

It’s that simple.

Afterall, you never know who is paying attention. Do you remember the “Bling Ring?” This was when those teenagers broke into the homes of celebrities like Orlando Bloom and Paris Hilton a number of times. They stole jewelry, clothes, watches, and more…and the teens knew about it because these celebs were posting the items on social media accounts.

Protecting Yourself from Spyware and Viruses  

Here are some tips that you can use to protect yourself from spyware and viruses:

  •  Consider using a safe search web browsing software that is often found in full versions of antivirus software. This helps to alert you of potentially malicious sites by showing a red, yellow, or green dot next to the links on the search engine. Green dots are safe, yellow dots show you should use caution, and red dots…those have some sketchy reports, so be careful.
  • Don’t download any file that doesn’t come from a safe site, and never download a torrent file or software crack. These almost always have spyware.
  • Don’t click on any pop-up window that you are not expecting. Instead, close the window or get out of your browser.
  • Make sure that you are updating your OS’s security patches and always have the latest version of your web browser installed.

Understanding Social Engineering 

Have you heard of social engineering? It is the act of manipulating others into doing certain actions or giving information. Generally, it applies to some type of deception for the purpose of collecting information to commit fraud or gain access to a computer. In most situations, the cybercriminal will never meet or come in contact with their victims, so you must always use caution.

Some Things are Safe, But Some are Not 

It is quite important that you recognize that most people aren’t out to get you; but guess what? Some of them are. This means that you have to realize that some emails you get are not safe, some people who call you are not who they say they are, not everyone who walks into your work is honest, and not everyone who knocks on your door has the best of intentions. Social engineering is a con between people, but technology can help to keep you safer.

Have You Heard of ATM Skimming?  

The danger isn’t always online. It can also happen as you are out and about during your day. You probably use your debit or credit card a lot, and the cybercriminals are out there waiting to collect your information through ATM skimming. They do this by placing a device over an ATM card slot. It easily blends in, and when you swipe your card, the criminals can collect information on your card. They even install cameras to record you putting in your PIN.

Protecting Yourself from ATM Skimming

You can protect yourself from the ATM skimming scam by doing the following:

  • Pay attention to credit card and bank statements
  • Report unauthorized transactions as soon as possible
  • If you can, use your credit card over your debit card. Generally, a credit card offers more protection against fraud than a debit card. Plus, it’s better to get fraudulent credit card charges than a totally empty bank account
  • Cover your hand when you are entering your PIN into any keypad

Caller ID Spoofing; What You Need to Know 

Another cybercrime you need to know about is called ID spoofing. These days, odds are higher than ever that the person on the other end of a ringing phone is a scammer. Criminals can use a method called “spoofing” to hide their information. Basically, they hide the phone number that they are calling from, and instead create a new one. Oftentimes, they will create a number that has the same area code as the person they are calling, as people are more likely to answer local numbers.

Protecting Yourself from Caller ID Spoofing 

You should never assume that the number popping up on your caller ID is legit, and you should never ever give any personal information over the phone, even if the caller ID looks real. If a person on the other end of the line says that you have won something, or creates a sense of urgency, tell them that you are going to call them back. Then, look up the number of the company or person and call that number back.

Protecting Yourself When Shopping/Banking Online

It doesn’t matter if you are shopping, banking, or answering emails online. Protecting yourself is important. Here are some things you can do:

  • Be suspicious of any email that contains an offer of some kind, especially one that is too good to be true. The same should be said for getting offers via social media.
  • Beware of possible phishing scams. Do not click on email links; always type in website addresses into the browser or use a bookmark.
  • Are you aware of typo-squatting? Pay attention to how website addresses are spelled. They might look remarkably like a real website but are a letter off…. i.e. GOOGLE.com vs G00GLE.com.
  • Only engage in business with companies or people who you know and trust. It is best to buy big-ticket items from brick-and-mortar stores, too.
  • Ensure your computer is secure. You should always keep your operating system updated with security patches, virus definitions, and antivirus software. Do not use a public Wi-Fi connection when doing online shopping.

Is Public Wi-Fi Safe?

Unfortunately, public Wi-Fi is not secure. There are a number of security risks that are associated with public Wi-Fi. These networks broadcast signals through radio frequencies, which means that anyone who has the right tools…and these tools are easy to find…can intercept the data that is sent through it.

To protect yourself when using public Wi-Fi, you should use a virtual private network (VPN) software. I really like Hotspot Shield VPN, but a lot of people really like Nord VPN, too, and it’s pretty good.

When you go online, whether it’s at a hotel, airport, or even local coffee shop, don’t log into any account unless you are connected to a VPN.

Even if you have a VPN, keep the following in mind:

  • Be smart about what you are doing online when connected to a public Wi-Fi connection. Do you really need to check your 401k while drinking your cappuccino?
  • Don’t sore any type of critical data on a device, and then use it outside of a network that is not secure.
  • Turn off Bluetooth and Wi-Fi on your cell phone or laptop when you aren’t using them. A device can still be sending wireless signals is very appealing to a hacker.

Should I Have ID Theft Protection?

You might have seen ads for ID theft protection but assumed that your identity would never get compromised, so that would be an unnecessary expense. Unfortunately, that’s just not true. We all should have ID theft protection. These services monitor your credit report and protect you if your identity is stolen.

Though, keep in mind that these services don’t protect against credit fraud or bank accounts, but they are good to have.

What is a Credit Freeze?

If you don’t have a credit freeze on your account, you are putting yourself at risk even more. A credit freeze, sometimes called a security freeze, locks down a credit file so that a lender cannot check your credit. This is a good thing, as it means that criminals cannot open any new accounts using your name nor your Social Security number…and if a lender can’t check your credit, they are very unlikely to extend a line of credit.

Keep in mind that you need to get a credit freeze from all of the credit bureaus including Experian, Innovis, TransUnion, and Equifax.

You can easily find out more about credit freezes for each company by searching on Google. While you are at it, you can freeze the credit of your kids, too. Make sure you keep records and learn how to “thaw” your credit when it’s time.

Keeping Your Passwords Safe and Protected

The most important thing that you need to know about passwords is that there is no such thing as a totally secure password. Some passwords are more secure than others, of course, but they can always be found out. Passwords are extremely convenient for people who want to access your accounts.

Is a Password Manager a Good Idea?

You might have heard of password managers, and if you have more than one online account…which you probably do…you should consider using one. You should have a unique password for every account, and it can be difficult for you to remember them. So, it is very tempting to use the same password for every account. But, if a hacker gets this password, they have access to all of your accounts. Instead, use a password manager to make your life easier.

  • When you use a password manager, you create a password that is secure and safe, and all of your passwords are protected by a hard to guess master password.
  • This master password allows you to access any site you have an account on through your password manager.
  • When you update a password on a website, the password manager will remember it and update it on all of the computers or devices you have the software on.

When you begin using a password manager, it is very likely that you will notice that you don’t have to worry about your online accounts. You will also notice the following:

  • When you visit a website for the first time, you won’t need to put your password in. Instead, you open your password manager and enter your master password.
  • The password manager you use fills in your username and password, which then allows you to log into the site.

Set Up Two Factor Authentication on All Accounts

Any account that you have that has any importance should have two-factor, or two-step, authentication. This is a further step you can take to protect your passwords. Remember, once a hacker has access to your password, that’s all they require to get into your account.

When you use two-factor authentication, the first thing you have to do is enter your password. However, there is an additional step here, too, which is why it is also called two-step authentication. Basically, the site you are trying to log into will send a code to your phone or email, whichever you choose. This is a unique, one-time code that you can use to log in. Essentially, you are using two passwords, your original password and the code, to log into your accounts. This code changes each time you log in, so a hacker would have to have access to both your password AND your phone and/or email address, in order to get into your account.

  • Almost every major company and corporation website that you use has some type of two-factor, or two-step, authentication.
  • To find out if the accounts that you have offers two-factor log ins, simply search for the term “two step verification” and the name of the company, i.e. eBay, Gmail, Amazon, etc.

Protecting Your Credit Cards

Many of us use credit cards in our daily lives, and there are a number of things you can do to protect yourself from credit card fraud.

  • Take a close look at your credit card accounts on a regular basis. Check on your purchases every month, and then look to see if there are any odd or unfamiliar charges on them. Don’t only look for big charges, either. A small charge could still be a scam, and sometimes the hackers make a small purchase to make sure it goes through before buying something big. If you can, check your accounts a couple of times a week.
  • Set up “push” alerts on your credit card accounts. These alerts might come via email or text, and you can set them up for different activities. For instance, you can get a text any time you make a purchase over $100 or get an email when there is an online credit card transaction.
  • Don’t save your credit card information online. Some website allow you to store your credit card information if you make regular purchases, but it is much more secure to manually enter the number every time you shop.

This is all good advice, and you shouldn’t get overly worried about it, but be smart about it and take this advice to heart.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

The Tricks Behind the Clicks: Cyber Scams and Psychology

What is it that makes people fall for scams? Cybercrime is as hot as ever, with new and more creative scams popping up all the time. There is plenty of focus on spotting scams, but less so on what makes people miss the signs.

The Tricks Behind the Clicks: Cyber Scams and PsychologyMartina Dove, Ph.D., is a senior UX researcher at Tripwire and an expert in fraud psychology. Her research into the brain’s reaction to cyber scams and how the human mind operates when presented with a scam makes for an interesting read. On top of this, it also takes a look at fraud, and how susceptible we are to it, and it does this by using Dove’s own model.

Cybercrime from a Psychological Standpoint 

Discussions around cyber security often center on the technical aspects of security and data protection for businesses and people’s personal lives. New gadgets, devices, controls, and defenses are constantly circulating- which helps the fight to fortify our information and secure the confusing and tricky online environment.

Trust is a fundamental human trait. Humans trust by default. Scammers capitalize on this knowing that people look at life and scams and trust first, and scrutinize later. The hard part is how we can best keep ourselves, and our minds, safe against scams and where the holes might lie. The fundamental psychology behind the cybercrime mentality is underexplored, and so far, discussions often go no further than scratching the surface.

This is surprising, considering that it has such huge impact on what motivates people on either side of a scam. According to the latest Verizon Data Breach Investigations Report (DBIR)social engineering is the most common type of attack in regard to cybercrimes.

The psychological elements of how phishing emails are presented, the power of persuasion, and what makes people fall for scams are all important to really understand how things work and ultimately how to avoid becoming a victim.

Martina Dove’s Research into Fraud Psychology and Scams 

Few people have provided quite as much insight into this topic as Dove. Having specialized in fraud psychology, Dove became particularly interested in the concept of gullibility when pursuing her master’s degree and ultimately decided to carry it through into her Ph.D.

In an interview with Tim Erlin of Tripwire, Dove said that she had always been interested in the idea of gullibility, which is what makes a person gullible- and what it really means to be a gullible person. After reading an article published by two psychology researchers who were exploring the tricks and techniques used by scammers (particularly in phishing emails), Dove decided to drive her own studies down a similar route, diving deeper into the human psyche and scam vulnerability.

The main point of this research is a fraud susceptibility model that looks at the ins and outs of what puts a person at risk on a psychological level of falling victim to spam, scams, and phishing.

According to Dove, it was not her intention to create a model when she first started- the research naturally took her in that direction as she uncovered more fascinating theories about persuasive techniques, thought processing, and personalities that may influence how people react to these attacks.

Martina Dove’s Ph.D. research has also been turned into a book called The Psychology of Fraud, Persuasion, and Scam Techniques, which is available on Amazon.

The Fraud Susceptibility Model 

The research that ultimately led to the model in Dove’s book started as a questionnaire designed to build a “measurable scale of fraud vulnerability.” It was scorable, with the answers determining what areas of a person’s personality put them at risk.

After a series of tests and experimental studies, along with expert analysis and validation, the model just created itself. Dove explained that some factors that influence susceptibility could actually be mapped and used to predict a person’s natural reaction when faced with a fraudulent situation. The fraud psychology expert also went on to describe how the model is used to determine compliance and the reasons behind it, as well as how people strategize after they realize they have been victimized.

It looks into the characteristics that leave a person most susceptible at each stage of a scam.

1.   Precursors

How do personal circumstances- emotional, social, financial, etc. – influence how we react to fraud? Does our demographic play a role? Our family situations? Essentially, how great an impact do our social surroundings and everything that comes with them have on our ability to identify and avoid scams?

2.   Engagement with scammers

Once a person is on the hook, what techniques does the scammer use, and how do personal character traits change how we respond? What types of persuasion works best on different personalities, and how do scammers identify and exploit these vulnerabilities?

3.   Dealing with victimization

Dove’s model explores the conscious versus unconscious decision-making processes that occur when people deal with phishing emails and other fraudulent communications- and after they realize they have been fooled. How do people accept what happened, and how does it impact their behaviors?

Throughout her research, Dove shares examples of circumstances and characteristics that can make people more or less susceptible.

  • Group mentality: Someone who is highly concerned with being part of a group and uncomfortable going against the status quo may ignore signals of uncertainty and doubt if others disagree.
  • Compliance: Naturally compliant individuals are hardwired to follow instructions. Scams prey on this, hoping that the ‘no questions asked’ mentality is enough to make a person adhere to requests.
  • Impulse: Impulsive people are less likely to take time to assess a situation and take the necessary steps to confirm a source or authenticity. Those who tend to favor fast decision-making over meticulous processes are more likely to become fraud victims.
  • Belief in justice: It may sound strange, but people who believe criminals will get caught and that bad things don’t happen to good people are vulnerable. Because they don’t see these things as pressing threats, they may overlook obvious signs. The naivety that says, “this won’t happen to me- I am a good person,” is potentially dangerous.
  • Background knowledge and self-evaluation: How much a person knows- or thinks they know- about cyber security can be a hindrance. People assume that their understanding of how scams work and what to look out for will protect them from becoming victims. This is, to a point, true, but it can also make people complacent. Being an expert in a field doesn’t disqualify a person from falling victim to targeted fraudulent communication.
  • Reliance on authority and social confirmation: If someone is particularly concerned with what others think, they may be at more risk. Authority-driven individuals may make decisions based on the belief it is a request from a superior, and socially-driven people may go along with something because of influence from friends or family.
  • A general predisposition to scams: According to a study published via ScienceDirect, some people are just prone to fraud because of their engagement levels. Everything about them may suggest otherwise, but they have something in them that makes them more likely to go along with a scam.

Examples of Scams and Victim Profiles 

Here are two examples of scams and the types of psychological profiles they are likely to target. 

  • Business Email Compromise Scam: The basis of this type of scam is a boss or member of management emailing an employee asking for urgent funds. It preys on qualities such as compliance, obedience, respect for authority, and hierarchical values. People who have a strong belief in the pecking order are less likely to question a demand made by a superior and are therefore more likely to comply without hesitation.
  • Sexploitation Scams: These scams use fear as the driving force to get people to comply with demands. A scammer working in this field uses language to evoke a person’s most primal drives- hoping their influence takes over the more practical aspects of human thinking. Anyone can struggle to make intelligent decisions when they are especially scared or excited, but someone prone to fast emotions is more likely to be a prime target.

It is interesting to see how different these two examples are, which shows how much a person’s emotional makeup and core values can impact their likelihood to become a victim of fraud.

The Challenges Facing Scam Awareness 

As Tim Erlin rightfully pointed out during his interview with Martina Dove– a significant challenge that stalls the progress of beating cyber criminals is the underlying sense of shame and embarrassment many scam victims feel. He stated that people don’t want to admit they fell for it and may not even report that it ever happened. This, sadly, is true and only adds to the stigma of fraud victimization- making it harder to build a substantial defense against these crimes.

Furthermore, there is a dangerous habit out there of immediately labeling scam victims as stupid, making them feel guilty for being the target of what is, at the end of the day, a crime. Fraud is as real as robbery, yet the victims are treated very differently.

Increasing the awareness and understanding of why these things happen and changing the narrative of how victims are perceived could help bring a more accepting mainstream view.

How Can Martina Dove’s Research Help with Fraud Awareness Training? 

Modern businesses are acutely aware of the very real risk of cyber scams and take steps to protect and educate their staff, but is there enough focus on vulnerability rather than vigilance? The idea that anyone can fall for a scam needs to be more publicized, and people made aware of what exactly is it about a person’s personality and psychology that makes them vulnerable.

As cyber security professionals can confirm- the human aspect is and always has been the weak link in the defense chain because people can make mistakes, and the brain is open to mind games. If scammers are getting better at playing on the mind, then security experts need to get better at educating people on how this exploitation works.

Using Dove’s research to make anti-fraud training more human-focused and interactive could be the difference between a person falling victim and feeling ashamed and being aware of emotions used against them- and being able to stop an attack in its tracks.  

Practical Advice for People at Risk

As part of Dove’s research, she complied a checklist of actions to take towards proactively identifying potential scams and avoiding being drawn into the deception. Here is a brief summary of the key points for consideration. 

  • Question how it makes you feel: Scams play on emotion and aim to evoke a strong reaction, so how you feel when you read something could be an instant warning sign.
  • Look for further language clues: Is there any wording that seems overly strong or makes you feel bad in a way that seems unnatural?
  • Beware of links: A quick and convenient ‘click here to solve your problems’ may not be what it seems. Only access trusted links and log into any secure accounts via the official portals and never through an email.
  • Make space for rationality amongst emotion: Understand that what you feel in the moment could have been engineered through clever psychological tricks and attacks. Take a step back, wait to make a decision, and ask for opinions from family and friends if you are not sure about how to proceed.
  • Scrutinize the details: Look into correspondence for any sign of falsification or something that just doesn’t feel right. Emotional people may be quick to act, but they can also have strong senses of instinct.
  • Don’t rush to action, no matter the request: Sometimes, a pause is all it takes. Stopping and thinking is never bad practice in any walk of life or decision to be made.  

Final Thoughts 

Everyone was not created equally when it comes to emotions and how they drive our thoughts. Moderating how they impact decisions and how vulnerable they make us to gullibility is not easy, and greater awareness is needed.

The ties drawn between psychology and cybercrime are truly fascinating and open up an interesting and far overdue conversation about the correlations.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Top 5 2022 Cybercrime Scams Targeting Everyone

According to experts in threat analysis, 2022 could be the year that cybercriminals start focusing more on the Average Joe instead of focusing on big corporations as they have in the past. These days, consumers could be a lot more lucrative to hackers, so it makes a lot of sense. Here is what you need to know about what is happening to help hackers:

Cybercriminals Like to Take the Easy Path

No one really likes to do a lot of hard work, and this includes hackers and other cybercriminals. So, they will focus on the path of least resistance when targeting a victim. Where they used to find a lot of loopholes with corporations, now they are focused on individuals…specifically those who work from home as a remote worker.

Remote Workers Are Easy Prey

Though the pandemic is starting to fade away, remote working seems to be here to stay, and with that comes more security risks. While all of this is going on, organizations are focusing more on internal security and forgetting that they have employees out there who can easily be connected to the network remotely and are vulnerable to hackers.

So, it is totally possible that for a hacker, it is much easier to access a company network by using social engineering or a phishing scam on Mary in Customer Service, who now works from home in her jammies, than it is to go through traditional hacking methods.

We are in a Crypto-World, Now, Too

2021 was the year for those who mine cryptocurrency because coins like Ether, Bitcoin, and other cryptos rose greatly. Meanwhile, we also…and are still seeing…the rise of NFTs on the market. People who are just now getting into this are really focused on this new crypto-craze, and they don’t know how to protect themselves. Hackers are focused on them, too, and it is thought that it will continue to rise into 2022.

Meta is also here, now, and it is expected to create even more payments via digital assets, and this is expected to add even more fuel to the fire.

Stopping Macros

Another thing that is happening right now is that companies like Microsoft are working to disable things like Excel 4.0 macros, which hackers often use to get malware on a victim’s device. However, hackers are one step ahead, and they are now working on fooling victims to go to a malicious website instead, and using things like social media sites, fun games that are actually designed to steal passwords, and even posting YouTube videos designed to hack.

For much of 2021, experts noted that there were tons of threats to people that came from software that looks innocent, such as games, and though a person can play the game in some cases, the software also installs things like miners onto the device. This, too, is expected to increase throughout 2022.

Even More Adware

For most cybercriminals, adware is seen as a great way to make money, and they use it to exploit networks, smartphones, and even computers. It is expected that in the remainder of 2022, these attacks will continue to rise as they are difficult to detect but spread fairly quickly. Many consider adware to just be annoying and not particularly dangerous, these programs may be bundled with other types of software including ransomware, viruses, and more.

Speaking of Ransomware…

Finally, when we think of ransomware these days, we still see a lot of threat, but they had been focused more on larger companies and corporations. As we settle nicely into mid-2022, however, we have seen more ransomware targeting governments and other similar organizations, as well as people who may own something of value. These attacks are common for hacking groups, as they are easy to pull off.

We also see the ransom demands falling a bit, with hackers asking individuals for $1000 or less in order to access their device. This means that consumers have to be more careful than ever before, and they need to keep the following in mind:

  • Only use unique passwords that are very strong and varied. (I.e. a mixture of letters, numbers, and symbols.)
  • Use security software, like Microsoft Defender, if you have a Windows computer or any antivirus as long as you ay for it. With free, you get what you pay for.
  • Never open any email attachments from a person or company that you don’t know. Call them first to confirm its OK.
  • Don’t expose internal services, like NAS devices or a Remote Desktop, to the internet.
  • When OS and software updates are available, make sure you install them.
  • Don’t download key generators or software cracks, which often contain viruses or ransomware.

By taking these simple steps, we can work together to make sure that 2022 is NOT the biggest year of cybercrime, and instead, the year we do our best to fight back against hackers.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now#1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Protecting Your Accounts from Russian – or Any — Cyberattacks

No matter when you look at the news, there is probably a story about Russian hackers…and if there is not a story about hackers from Russia, there is likely a story about hackers from China or a place like Turkey. There is definitely a chance that any hacker or hacking group could launch an attack against the US, and the government has even briefed companies about what to do if they believe they are at risk.

hacker chest

Just because you are an individual, it doesn’t mean that you are not at risk of a cyberattack, just like a company is. You may be wondering how you can protect yourself, since this is the case. This is a great time to learn more about how to stay safe from cyberattacks – no matter where they come from.

Many cybersecurity threats are coming from what is known as a “Distributed Denial of Service” (DDOS) attack, which is often launched against a website or a financial network. Basically, the hackers push so much traffic to a network or site that it totally crashes, which disrupts business. At this point, the IT team has to focus on getting the network or site back up, which opens a window for a hacker to move in right under their noses.

These attacks can happen at any time, and they can be quite far reaching. Back in 2012, a group of Iranian activists attacked more than a dozen banks in the US, which disrupted all of their sites.

So, what can you do to make sure this doesn’t happen to you? Here are some tips:

In addition to below, check out our post: Russian Hackers: 14 Ways to Protect Yourself and Your Business

  • CASH, YES Cash: Try to keep a little cash available, especially if you are going out of town. This way, you will have money in case a banking network or ATM is not working due to a DDOS.
  • For every banking or financial account you have, make sure you have a strong and unique password. Don’t reuse any passwords, and do not use any social media password for any banking site.
  • Always watch your financial accounts for unusual activity. Check your bank account online or via phone at least once a week, and if you can, every day or two. If there is a problem, it is always best to find it as early as possible.
  • Russian hackers often try phishing scams on social media or via email in order to get access to corporate networks. Never, ever click a link in an email or on social media from someone you do not know. They also use text messages to try to get people to respond with information that will allow them into accounts. Even if it seems like it’s coming from a company you are familiar with or even do business with…confirm everything before you click or give information.
  • Sign up for email or text alerts for all of your financial accounts. This way, if there is a weird transaction, you will be notified immediately.
  • You should also consider signing up for multi-factor authentication for any financial account. When you do, and someone tried to sign into your account…even yourself…the bank or other company will send you a code to the email or phone number they have on file. Even if you put the correct username or password in, you cannot get into the account without that code.
  • Always update all of your apps and software on every device, including phones, tablets, and computers. To make it easy, set these updates to occur automatically, and then you don’t have to worry about it.
  • Don’t believe everything you see online. There are a lot of scams out there, and there is a lot of “news” out there that is not real nor correct. Use common sense before doing anything.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Tips to Protect Your Identity from Cyber Thieves

There are several tried and true ways that you can use to protect yourself from ID theft, and some of them you might have never even considered:
Check Your Passwords – Every online account you have should have a different password. Never use the same password for more than one account. You can easily fix this issue by using a password manager. Also, don’t use specific words/phrases or keyboard sequences when creating passwords. A password manager can even generate passwords for you.

Don’t Post Personal Information on Social Media – This including things like your kid’s school or teacher, the town your parents live in, your pet’s name, or even where and when you are going on vacation. Cyber thieves can use this information to guess passwords.

Ignore Any Email from People You Don’t Know – If you get emails from people you don’t know that have a link or attachment, never, ever click or open them.

Put a Password on Your Phone – This way, if your phone is lost or stolen, you don’t have to worry.

Shred Important Documents – Anything that comes in that has personal information, that would go in the rubbish, should be shredded. This includes credit cards bills and medical records.

Never Give Your Social Security Number Out – Unless you absolutely have to, you should not give up your Social Security number. Just because someone asks for it, that doesn’t mean they actually need it, or you should hand it over. That said, I give up my social all the time. But only on documents or applications that absolutely require it.

Check Out Your Credit Report Each Year – Every year, or every quarter, you can get access to your credit report for free. Check it out when you can to make sure it’s accurate.

Inspect Your Statements – Look for anomalies or unauthorized transactions. This includes any banking and credit card statements, and you should do this each month.

Get a Locking Mailbox – A locking mailbox is available at most big box hardware stores or online.  Or pay for a PO Box.

Stop Your Mail When You Travel – You should also stop your mail delivery when you take a long trip.

Freeze Your Credit – Consider freezing your credit. This will stop an ID thief from opening new accounts in your name.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

8 Cyber Security Tips You Can Start Today to Keep Yourself Safe

These days, it seems like there is one data breach after another, and each time, they are being done by those who want to steal your identity. Thankfully, it is much easier than you probably think to keep your info safe. Here are some tips that you can start doing right now to put yourself in a position to fight this:
Cyber Security Tips
Take a Look at Your Accounts

Almost any account allows you to check the recent activity. Even Facebook, Google, and Twitter have this available. When you take a look at this, you can see every log in and authorization. If something looks strange, such as a log in from Nigeria, odds are good that you have been compromised. Most of these sites allow you to log out of every location, so you should definitely do that.

Take a Look at Your Computer

 You may not realize it, but at any time, there are a number of programs running on your computer. However, some of these might not be safe. So, it is always a smart idea to check to see what is running in the background. To do this, you can check Activity Monitor for Mac or Task Manager for Windows. If you don’t know what a program is, look on Google. It will tell you if it is good or bad. If it is not good, figure out how to uninstall or remove it.

Take a Look at Your Passwords

 Also, take a close look at your passwords. Do you think they are really safe? Every account should have its own password, and if you use the same passwords for more than one account, your chances of getting hacked rise exponentially. You also need to make sure you are changing your account passwords on a regular basis. You can use our FREE Email Checker and check your email address and passwords.

When you do this, you can check to see if your account has been compromised. If so, change your password immediately. You should also consider using a password manager.

Take a Look at Your Wi-Fi Connection

Are you paying attention to your Wi-Fi connection? Do you have a password protecting it? Do you have a WPA encryption? Do you have anyone piggybacking on your connection? You can install a program like Wireless Network Watcher. It is also very important that you are cautious when on public Wi-Fi. Only use a VPN, virtual private network, when connecting to public Wi-Fi.

Take a Look at Connected Apps

You also may not realize that you have given your social media accounts permission to connect to other apps. Though this isn’t extremely dangerous, they can result in account takeovers and data leaks. So, if you don’t use a specific app or service any longer, you should sever the connection.

Take a Look at Installed Apps

When you look at those connected apps, also take a look at what apps you have installed on your computer and your mobile device. You may have downloaded some type of malicious program that looks like a tool or game, but it could end up wrecking your system. If you have any weird apps, check Google to see if there were any vulnerabilities or flaws.

Update Everything

You also want to make sure you are updating your apps and OS regularly. These updates often contain security improvements in order to keep your devices safe. The newer the update, the safer your device. Also, don’t forget to check for updates on your browsers, routers, and even printers, as these can be manipulated, too.

Protect Your Identity

Finally, do everything you can to protect your identity. There are two ways to do this, especially when it comes to stopping someone from opening new lines of credit in your name. You should set up a credit freeze through every credit bureau. You should additionally set up an account that offers identity theft protection. This helps to watch your data, and it monitors your credit reports. If something goes wrong, when you have this type of protection, there are people standing by to fix things, and by doing this, you can minimize the damage that could occur.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Survey Shows Most People Back Up…But Not as Often as They Should

According to a new survey, we now have a good idea of the habits of the regular person in regard to backing up their devices. The survey, which covered almost 3,000 people, looked at people around the world. What it shows is that 91 percent of people back up their devices and their data. But, 68 percent of people still lost data because of a different reason. These include accidentally deleting the data, software or hardware failure, or even because they hadn’t backed up their data recently. The truth is, only 41% of companies and people back up each day, which leaves most of us…and most businesses…vulnerable to data loss.

surveyThe data from this survey stress how important it is to implement some type of cyber protection strategy for a business, which includes backing up data several times a day, and using the 3-2-1 backup rule. This is creating three copies of your data (a single primary copy and two backups), storing your copied on two different types of storage option, and then storing one of the copies in the cloud or remotely.

Change the Game with Cyber Protection

With more cyberattacks happening all of the time, the traditional methods of backing up our data is no longer working. We simply cannot rely on only backing up our information. It is way too dangerous.

Cybercriminals will target backup software with their own ransomware, and then try to modify the files, which makes it even more important to protect your information.

Recommendations for Cyber Protection

There are a number of different ways you can protect your personal or company’s information. Here are just five things you can do to ensure that your data is relatively safe:

  • Create a backup of your most important data…always – Keep a number of different copies of your backup locally and in the cloud. You want to do it locally so you can access it quickly and frequently, and you want to save it in the cloud to make sure that even if there is a fire, flood, or other disaster, your data is safe.
  • Ensure your OS and applications are all the current versions – If you are not updating your OS or apps, it means that they are much more vulnerable to getting hacked. These updates often contain patches and fixes that can keep cybercriminals out.
  • Beware of any suspicious links, emails, or attachments – Most ransomware and virus infections are created by using social engineering, and they trick unsuspecting people into opening these infected attachments or clicking on a link that installs malware to the device or network.
  • Install anti-virus, anti-ransomware, and anti-malware software – While you are doing your automated updates for your apps and OS, you should also be using all of these different software options, too.
  • Consider using an integrated cyber protection solution – You want to choose an option that combines anti-ransomware, anti-virus, backup, patch management, and a vulnerability assessment all in a single solution. This type of solution increases efficiency, ease of use, and the reliability of your protection.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

 

8 Scams That go Beyond Pandemics

As you might know, scammers often take advantage of people during times of trouble, such as in the current atmosphere of the COVID-19 pandemic. Here are some of the scams that you should be on the lookout for:

pandemicAccount Takeovers

This is a scam where the cybercriminals take credentials obtained from data breaches to take over accounts. They are also trying to reach out to kids to give up their account credentials, as they know most of them are out of school.

Phishing

There are a lot of phishing scams out there that are taking advantage of peoples’ fears about COVID-19 pandemic. Right now, the most prolific are coming out about the World Health Organization, WHO. Preying on fears is a common tactic that people use, and when people click on links in emails that look like they come from WHO, they can get access to your devices, collect private information, and even steal address books.

Vishing

This is a tactic that scammers use to get access to people’s back account information. The scammer informs people that there is something wrong with their bank account, and that they should call a number. When they do, it is a VoIP number, and the victim can unknowingly give up their personal information, including their banking information.

Smishing

A smishing attack is similar to a vishing account, except it uses SMS instead of emails or phone calls to lure in their victims. Most of these smishing attacks are focused on the coronavirus and have a sense of urgency to them.

Social Media Attacks

Social media attacks are looking pretty legit these days, and that’s why it’s easy to fall for them. Essentially, they look like a social media post from a real retailer who is giving something away.

Fake e-Commerce Sites

There are also a ton of new fake e-commerce sites popping up, most of them claiming to sell things like masks, gloves, and other COVID-19 related products.

Rogue Mobile Apps

Fake mobile apps are also on the rise, and when downloaded, these apps can install things like spyware, malware, and ransomware on the person’s device.

Work at Home Scams

Finally, we have work at home scams, which are becoming very popular due to so many people being out of work. Often, these scams make people lose more money than they could make.

Don’t be a Victim

Here are some tips that you can use to stop yourself from becoming a victim of these scams:

  • Don’t respond to any texts or calls from numbers you don’t know or that seem suspicious
  • Don’t share any financial or personal information via text, email, or on the phone.
  • Be careful if you are asked to share information or make an immediate payment.
  • Scammers might try to spoof numbers to trick people into answering. Remember, there are no government agencies that will ask you for money or personal info.
  • Don’t click on links that you get in text messages. If you get one from a friend, make sure it is legitimate before clicking on it.
  • Always check that a charity is real before making any type of donation.

These cybercriminals are poised to profit from this pandemic, and they are doing all they can to take advantage of people. So, it’s important that you use caution.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Working from Home Due to COVID-19? Protect Yourself from Cyberattacks

As we start to get used to living in a world where COVID-19 is changing everything, one of the differences that many have people are doing is working from home. With so many people now working on their home networks, cybercriminals are stepping up, and they are hoping to take advantage of people making security mistakes and doing more searches, specifically on COVID-19. This is a great opportunity for these thieves to target their victims.

COVID-19

Keep in mind that most people who are working from home are not working on a very secure network. Cyber attackers know this, and its important that both individuals and companies take the steps to protect themselves from COVID-19 and their information.

What Can Companies Do?

During this time, managers, owners, and supervisors should be setting clear expectations about how their businesses are going to work in these new environments. When these changes come down, they should come from the top. Here are some things to keep in mind:

  • You Must Understand the Threats – Business leaders should understand what threats are likely and prioritize protection methods based on that.
  • You Must Release Clear Guidance – It is also important that your organization’s at-home policies are easy to understand for all employees. This should include informing staff to communicate with security teams in the case of suspicious activity.
  • You Must Offer the Right Security – All business leaders should ensure that any company-owned devices are equipped with the best security capabilities. This includes the following:
    • The ability to connect securely to a business-owned cloud, and access to video teleconferencing apps that are important for remote workers.
    • Endpoint protection for all mobile devices and laptops including VPN tools and encryption.
    • Enforce the use of multi-factor authentication.
    • The ability to put a block on malware, exploits, and other threats using the best types of software and hardware.
    • A plan to filter any malicious domain URLS and stop any phishing attacks.

What Can Individuals Do?

People working from home should also take steps to ensure that they are remaining safe when working remotely.  Here are some things to do:

  • Create Strong Passwords – You should always create strong passwords and consider a password manager to facilitate multiple passwords opposed to the same passwords across multiple accounts.
  • Update Software and Systems – Install any system updates or patches as soon as you see them.
  • Make Sure Your Wi-Fi Access Point is Secure – Look at your Wi-Fi access point and make sure to change the passwords and default settings.
  • Use a VPN (Virtual Private Network) – A VPN is a good way to create a safe connection between a home computer and the worker’s organization.
  • Be Smart About COVID – 19 Scams – There are a ton of scams out there, including fake apps, so be smart.
  • Don’t Mix Work and Personal Tasks – Use your work device for your work and your personal device for personal tasks.

By taking these steps into consideration, either as a business leader or an employee, you can help to address some of the most common risks that you might face when working from home. Keep all of these tips in mind, and if something seems a little weird or strange, it’s probably best to report it to your company’s IT professional.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.