The Tricks Behind the Clicks: Cyber Scams and Psychology

What is it that makes people fall for scams? Cybercrime is as hot as ever, with new and more creative scams popping up all the time. There is plenty of focus on spotting scams, but less so on what makes people miss the signs.

The Tricks Behind the Clicks: Cyber Scams and PsychologyMartina Dove, Ph.D., is a senior UX researcher at Tripwire and an expert in fraud psychology. Her research into the brain’s reaction to cyber scams and how the human mind operates when presented with a scam makes for an interesting read. On top of this, it also takes a look at fraud, and how susceptible we are to it, and it does this by using Dove’s own model.

Cybercrime from a Psychological Standpoint 

Discussions around cyber security often center on the technical aspects of security and data protection for businesses and people’s personal lives. New gadgets, devices, controls, and defenses are constantly circulating- which helps the fight to fortify our information and secure the confusing and tricky online environment.

Trust is a fundamental human trait. Humans trust by default. Scammers capitalize on this knowing that people look at life and scams and trust first, and scrutinize later. The hard part is how we can best keep ourselves, and our minds, safe against scams and where the holes might lie. The fundamental psychology behind the cybercrime mentality is underexplored, and so far, discussions often go no further than scratching the surface.

This is surprising, considering that it has such huge impact on what motivates people on either side of a scam. According to the latest Verizon Data Breach Investigations Report (DBIR)social engineering is the most common type of attack in regard to cybercrimes.

The psychological elements of how phishing emails are presented, the power of persuasion, and what makes people fall for scams are all important to really understand how things work and ultimately how to avoid becoming a victim.

Martina Dove’s Research into Fraud Psychology and Scams 

Few people have provided quite as much insight into this topic as Dove. Having specialized in fraud psychology, Dove became particularly interested in the concept of gullibility when pursuing her master’s degree and ultimately decided to carry it through into her Ph.D.

In an interview with Tim Erlin of Tripwire, Dove said that she had always been interested in the idea of gullibility, which is what makes a person gullible- and what it really means to be a gullible person. After reading an article published by two psychology researchers who were exploring the tricks and techniques used by scammers (particularly in phishing emails), Dove decided to drive her own studies down a similar route, diving deeper into the human psyche and scam vulnerability.

The main point of this research is a fraud susceptibility model that looks at the ins and outs of what puts a person at risk on a psychological level of falling victim to spam, scams, and phishing.

According to Dove, it was not her intention to create a model when she first started- the research naturally took her in that direction as she uncovered more fascinating theories about persuasive techniques, thought processing, and personalities that may influence how people react to these attacks.

Martina Dove’s Ph.D. research has also been turned into a book called The Psychology of Fraud, Persuasion, and Scam Techniques, which is available on Amazon.

The Fraud Susceptibility Model 

The research that ultimately led to the model in Dove’s book started as a questionnaire designed to build a “measurable scale of fraud vulnerability.” It was scorable, with the answers determining what areas of a person’s personality put them at risk.

After a series of tests and experimental studies, along with expert analysis and validation, the model just created itself. Dove explained that some factors that influence susceptibility could actually be mapped and used to predict a person’s natural reaction when faced with a fraudulent situation. The fraud psychology expert also went on to describe how the model is used to determine compliance and the reasons behind it, as well as how people strategize after they realize they have been victimized.

It looks into the characteristics that leave a person most susceptible at each stage of a scam.

1.   Precursors

How do personal circumstances- emotional, social, financial, etc. – influence how we react to fraud? Does our demographic play a role? Our family situations? Essentially, how great an impact do our social surroundings and everything that comes with them have on our ability to identify and avoid scams?

2.   Engagement with scammers

Once a person is on the hook, what techniques does the scammer use, and how do personal character traits change how we respond? What types of persuasion works best on different personalities, and how do scammers identify and exploit these vulnerabilities?

3.   Dealing with victimization

Dove’s model explores the conscious versus unconscious decision-making processes that occur when people deal with phishing emails and other fraudulent communications- and after they realize they have been fooled. How do people accept what happened, and how does it impact their behaviors?

Throughout her research, Dove shares examples of circumstances and characteristics that can make people more or less susceptible.

  • Group mentality: Someone who is highly concerned with being part of a group and uncomfortable going against the status quo may ignore signals of uncertainty and doubt if others disagree.
  • Compliance: Naturally compliant individuals are hardwired to follow instructions. Scams prey on this, hoping that the ‘no questions asked’ mentality is enough to make a person adhere to requests.
  • Impulse: Impulsive people are less likely to take time to assess a situation and take the necessary steps to confirm a source or authenticity. Those who tend to favor fast decision-making over meticulous processes are more likely to become fraud victims.
  • Belief in justice: It may sound strange, but people who believe criminals will get caught and that bad things don’t happen to good people are vulnerable. Because they don’t see these things as pressing threats, they may overlook obvious signs. The naivety that says, “this won’t happen to me- I am a good person,” is potentially dangerous.
  • Background knowledge and self-evaluation: How much a person knows- or thinks they know- about cyber security can be a hindrance. People assume that their understanding of how scams work and what to look out for will protect them from becoming victims. This is, to a point, true, but it can also make people complacent. Being an expert in a field doesn’t disqualify a person from falling victim to targeted fraudulent communication.
  • Reliance on authority and social confirmation: If someone is particularly concerned with what others think, they may be at more risk. Authority-driven individuals may make decisions based on the belief it is a request from a superior, and socially-driven people may go along with something because of influence from friends or family.
  • A general predisposition to scams: According to a study published via ScienceDirect, some people are just prone to fraud because of their engagement levels. Everything about them may suggest otherwise, but they have something in them that makes them more likely to go along with a scam.

Examples of Scams and Victim Profiles 

Here are two examples of scams and the types of psychological profiles they are likely to target. 

  • Business Email Compromise Scam: The basis of this type of scam is a boss or member of management emailing an employee asking for urgent funds. It preys on qualities such as compliance, obedience, respect for authority, and hierarchical values. People who have a strong belief in the pecking order are less likely to question a demand made by a superior and are therefore more likely to comply without hesitation.
  • Sexploitation Scams: These scams use fear as the driving force to get people to comply with demands. A scammer working in this field uses language to evoke a person’s most primal drives- hoping their influence takes over the more practical aspects of human thinking. Anyone can struggle to make intelligent decisions when they are especially scared or excited, but someone prone to fast emotions is more likely to be a prime target.

It is interesting to see how different these two examples are, which shows how much a person’s emotional makeup and core values can impact their likelihood to become a victim of fraud.

The Challenges Facing Scam Awareness 

As Tim Erlin rightfully pointed out during his interview with Martina Dove– a significant challenge that stalls the progress of beating cyber criminals is the underlying sense of shame and embarrassment many scam victims feel. He stated that people don’t want to admit they fell for it and may not even report that it ever happened. This, sadly, is true and only adds to the stigma of fraud victimization- making it harder to build a substantial defense against these crimes.

Furthermore, there is a dangerous habit out there of immediately labeling scam victims as stupid, making them feel guilty for being the target of what is, at the end of the day, a crime. Fraud is as real as robbery, yet the victims are treated very differently.

Increasing the awareness and understanding of why these things happen and changing the narrative of how victims are perceived could help bring a more accepting mainstream view.

How Can Martina Dove’s Research Help with Fraud Awareness Training? 

Modern businesses are acutely aware of the very real risk of cyber scams and take steps to protect and educate their staff, but is there enough focus on vulnerability rather than vigilance? The idea that anyone can fall for a scam needs to be more publicized, and people made aware of what exactly is it about a person’s personality and psychology that makes them vulnerable.

As cyber security professionals can confirm- the human aspect is and always has been the weak link in the defense chain because people can make mistakes, and the brain is open to mind games. If scammers are getting better at playing on the mind, then security experts need to get better at educating people on how this exploitation works.

Using Dove’s research to make anti-fraud training more human-focused and interactive could be the difference between a person falling victim and feeling ashamed and being aware of emotions used against them- and being able to stop an attack in its tracks.  

Practical Advice for People at Risk

As part of Dove’s research, she complied a checklist of actions to take towards proactively identifying potential scams and avoiding being drawn into the deception. Here is a brief summary of the key points for consideration. 

  • Question how it makes you feel: Scams play on emotion and aim to evoke a strong reaction, so how you feel when you read something could be an instant warning sign.
  • Look for further language clues: Is there any wording that seems overly strong or makes you feel bad in a way that seems unnatural?
  • Beware of links: A quick and convenient ‘click here to solve your problems’ may not be what it seems. Only access trusted links and log into any secure accounts via the official portals and never through an email.
  • Make space for rationality amongst emotion: Understand that what you feel in the moment could have been engineered through clever psychological tricks and attacks. Take a step back, wait to make a decision, and ask for opinions from family and friends if you are not sure about how to proceed.
  • Scrutinize the details: Look into correspondence for any sign of falsification or something that just doesn’t feel right. Emotional people may be quick to act, but they can also have strong senses of instinct.
  • Don’t rush to action, no matter the request: Sometimes, a pause is all it takes. Stopping and thinking is never bad practice in any walk of life or decision to be made.  

Final Thoughts 

Everyone was not created equally when it comes to emotions and how they drive our thoughts. Moderating how they impact decisions and how vulnerable they make us to gullibility is not easy, and greater awareness is needed.

The ties drawn between psychology and cybercrime are truly fascinating and open up an interesting and far overdue conversation about the correlations.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Top 5 2022 Cybercrime Scams Targeting Everyone

According to experts in threat analysis, 2022 could be the year that cybercriminals start focusing more on the Average Joe instead of focusing on big corporations as they have in the past. These days, consumers could be a lot more lucrative to hackers, so it makes a lot of sense. Here is what you need to know about what is happening to help hackers:

Cybercriminals Like to Take the Easy Path

No one really likes to do a lot of hard work, and this includes hackers and other cybercriminals. So, they will focus on the path of least resistance when targeting a victim. Where they used to find a lot of loopholes with corporations, now they are focused on individuals…specifically those who work from home as a remote worker.

Remote Workers Are Easy Prey

Though the pandemic is starting to fade away, remote working seems to be here to stay, and with that comes more security risks. While all of this is going on, organizations are focusing more on internal security and forgetting that they have employees out there who can easily be connected to the network remotely and are vulnerable to hackers.

So, it is totally possible that for a hacker, it is much easier to access a company network by using social engineering or a phishing scam on Mary in Customer Service, who now works from home in her jammies, than it is to go through traditional hacking methods.

We are in a Crypto-World, Now, Too

2021 was the year for those who mine cryptocurrency because coins like Ether, Bitcoin, and other cryptos rose greatly. Meanwhile, we also…and are still seeing…the rise of NFTs on the market. People who are just now getting into this are really focused on this new crypto-craze, and they don’t know how to protect themselves. Hackers are focused on them, too, and it is thought that it will continue to rise into 2022.

Meta is also here, now, and it is expected to create even more payments via digital assets, and this is expected to add even more fuel to the fire.

Stopping Macros

Another thing that is happening right now is that companies like Microsoft are working to disable things like Excel 4.0 macros, which hackers often use to get malware on a victim’s device. However, hackers are one step ahead, and they are now working on fooling victims to go to a malicious website instead, and using things like social media sites, fun games that are actually designed to steal passwords, and even posting YouTube videos designed to hack.

For much of 2021, experts noted that there were tons of threats to people that came from software that looks innocent, such as games, and though a person can play the game in some cases, the software also installs things like miners onto the device. This, too, is expected to increase throughout 2022.

Even More Adware

For most cybercriminals, adware is seen as a great way to make money, and they use it to exploit networks, smartphones, and even computers. It is expected that in the remainder of 2022, these attacks will continue to rise as they are difficult to detect but spread fairly quickly. Many consider adware to just be annoying and not particularly dangerous, these programs may be bundled with other types of software including ransomware, viruses, and more.

Speaking of Ransomware…

Finally, when we think of ransomware these days, we still see a lot of threat, but they had been focused more on larger companies and corporations. As we settle nicely into mid-2022, however, we have seen more ransomware targeting governments and other similar organizations, as well as people who may own something of value. These attacks are common for hacking groups, as they are easy to pull off.

We also see the ransom demands falling a bit, with hackers asking individuals for $1000 or less in order to access their device. This means that consumers have to be more careful than ever before, and they need to keep the following in mind:

  • Only use unique passwords that are very strong and varied. (I.e. a mixture of letters, numbers, and symbols.)
  • Use security software, like Microsoft Defender, if you have a Windows computer or any antivirus as long as you ay for it. With free, you get what you pay for.
  • Never open any email attachments from a person or company that you don’t know. Call them first to confirm its OK.
  • Don’t expose internal services, like NAS devices or a Remote Desktop, to the internet.
  • When OS and software updates are available, make sure you install them.
  • Don’t download key generators or software cracks, which often contain viruses or ransomware.

By taking these simple steps, we can work together to make sure that 2022 is NOT the biggest year of cybercrime, and instead, the year we do our best to fight back against hackers.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now#1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Protecting Your Accounts from Russian – or Any — Cyberattacks

No matter when you look at the news, there is probably a story about Russian hackers…and if there is not a story about hackers from Russia, there is likely a story about hackers from China or a place like Turkey. There is definitely a chance that any hacker or hacking group could launch an attack against the US, and the government has even briefed companies about what to do if they believe they are at risk.

hacker chest

Just because you are an individual, it doesn’t mean that you are not at risk of a cyberattack, just like a company is. You may be wondering how you can protect yourself, since this is the case. This is a great time to learn more about how to stay safe from cyberattacks – no matter where they come from.

Many cybersecurity threats are coming from what is known as a “Distributed Denial of Service” (DDOS) attack, which is often launched against a website or a financial network. Basically, the hackers push so much traffic to a network or site that it totally crashes, which disrupts business. At this point, the IT team has to focus on getting the network or site back up, which opens a window for a hacker to move in right under their noses.

These attacks can happen at any time, and they can be quite far reaching. Back in 2012, a group of Iranian activists attacked more than a dozen banks in the US, which disrupted all of their sites.

So, what can you do to make sure this doesn’t happen to you? Here are some tips:

In addition to below, check out our post: Russian Hackers: 14 Ways to Protect Yourself and Your Business

  • CASH, YES Cash: Try to keep a little cash available, especially if you are going out of town. This way, you will have money in case a banking network or ATM is not working due to a DDOS.
  • For every banking or financial account you have, make sure you have a strong and unique password. Don’t reuse any passwords, and do not use any social media password for any banking site.
  • Always watch your financial accounts for unusual activity. Check your bank account online or via phone at least once a week, and if you can, every day or two. If there is a problem, it is always best to find it as early as possible.
  • Russian hackers often try phishing scams on social media or via email in order to get access to corporate networks. Never, ever click a link in an email or on social media from someone you do not know. They also use text messages to try to get people to respond with information that will allow them into accounts. Even if it seems like it’s coming from a company you are familiar with or even do business with…confirm everything before you click or give information.
  • Sign up for email or text alerts for all of your financial accounts. This way, if there is a weird transaction, you will be notified immediately.
  • You should also consider signing up for multi-factor authentication for any financial account. When you do, and someone tried to sign into your account…even yourself…the bank or other company will send you a code to the email or phone number they have on file. Even if you put the correct username or password in, you cannot get into the account without that code.
  • Always update all of your apps and software on every device, including phones, tablets, and computers. To make it easy, set these updates to occur automatically, and then you don’t have to worry about it.
  • Don’t believe everything you see online. There are a lot of scams out there, and there is a lot of “news” out there that is not real nor correct. Use common sense before doing anything.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Tips to Protect Your Identity from Cyber Thieves

There are several tried and true ways that you can use to protect yourself from ID theft, and some of them you might have never even considered:
Check Your Passwords – Every online account you have should have a different password. Never use the same password for more than one account. You can easily fix this issue by using a password manager. Also, don’t use specific words/phrases or keyboard sequences when creating passwords. A password manager can even generate passwords for you.

Don’t Post Personal Information on Social Media – This including things like your kid’s school or teacher, the town your parents live in, your pet’s name, or even where and when you are going on vacation. Cyber thieves can use this information to guess passwords.

Ignore Any Email from People You Don’t Know – If you get emails from people you don’t know that have a link or attachment, never, ever click or open them.

Put a Password on Your Phone – This way, if your phone is lost or stolen, you don’t have to worry.

Shred Important Documents – Anything that comes in that has personal information, that would go in the rubbish, should be shredded. This includes credit cards bills and medical records.

Never Give Your Social Security Number Out – Unless you absolutely have to, you should not give up your Social Security number. Just because someone asks for it, that doesn’t mean they actually need it, or you should hand it over. That said, I give up my social all the time. But only on documents or applications that absolutely require it.

Check Out Your Credit Report Each Year – Every year, or every quarter, you can get access to your credit report for free. Check it out when you can to make sure it’s accurate.

Inspect Your Statements – Look for anomalies or unauthorized transactions. This includes any banking and credit card statements, and you should do this each month.

Get a Locking Mailbox – A locking mailbox is available at most big box hardware stores or online.  Or pay for a PO Box.

Stop Your Mail When You Travel – You should also stop your mail delivery when you take a long trip.

Freeze Your Credit – Consider freezing your credit. This will stop an ID thief from opening new accounts in your name.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

8 Cyber Security Tips You Can Start Today to Keep Yourself Safe

These days, it seems like there is one data breach after another, and each time, they are being done by those who want to steal your identity. Thankfully, it is much easier than you probably think to keep your info safe. Here are some tips that you can start doing right now to put yourself in a position to fight this:
Cyber Security Tips
Take a Look at Your Accounts

Almost any account allows you to check the recent activity. Even Facebook, Google, and Twitter have this available. When you take a look at this, you can see every log in and authorization. If something looks strange, such as a log in from Nigeria, odds are good that you have been compromised. Most of these sites allow you to log out of every location, so you should definitely do that.

Take a Look at Your Computer

 You may not realize it, but at any time, there are a number of programs running on your computer. However, some of these might not be safe. So, it is always a smart idea to check to see what is running in the background. To do this, you can check Activity Monitor for Mac or Task Manager for Windows. If you don’t know what a program is, look on Google. It will tell you if it is good or bad. If it is not good, figure out how to uninstall or remove it.

Take a Look at Your Passwords

 Also, take a close look at your passwords. Do you think they are really safe? Every account should have its own password, and if you use the same passwords for more than one account, your chances of getting hacked rise exponentially. You also need to make sure you are changing your account passwords on a regular basis. You can use our FREE Email Checker and check your email address and passwords.

When you do this, you can check to see if your account has been compromised. If so, change your password immediately. You should also consider using a password manager.

Take a Look at Your Wi-Fi Connection

Are you paying attention to your Wi-Fi connection? Do you have a password protecting it? Do you have a WPA encryption? Do you have anyone piggybacking on your connection? You can install a program like Wireless Network Watcher. It is also very important that you are cautious when on public Wi-Fi. Only use a VPN, virtual private network, when connecting to public Wi-Fi.

Take a Look at Connected Apps

You also may not realize that you have given your social media accounts permission to connect to other apps. Though this isn’t extremely dangerous, they can result in account takeovers and data leaks. So, if you don’t use a specific app or service any longer, you should sever the connection.

Take a Look at Installed Apps

When you look at those connected apps, also take a look at what apps you have installed on your computer and your mobile device. You may have downloaded some type of malicious program that looks like a tool or game, but it could end up wrecking your system. If you have any weird apps, check Google to see if there were any vulnerabilities or flaws.

Update Everything

You also want to make sure you are updating your apps and OS regularly. These updates often contain security improvements in order to keep your devices safe. The newer the update, the safer your device. Also, don’t forget to check for updates on your browsers, routers, and even printers, as these can be manipulated, too.

Protect Your Identity

Finally, do everything you can to protect your identity. There are two ways to do this, especially when it comes to stopping someone from opening new lines of credit in your name. You should set up a credit freeze through every credit bureau. You should additionally set up an account that offers identity theft protection. This helps to watch your data, and it monitors your credit reports. If something goes wrong, when you have this type of protection, there are people standing by to fix things, and by doing this, you can minimize the damage that could occur.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Survey Shows Most People Back Up…But Not as Often as They Should

According to a new survey, we now have a good idea of the habits of the regular person in regard to backing up their devices. The survey, which covered almost 3,000 people, looked at people around the world. What it shows is that 91 percent of people back up their devices and their data. But, 68 percent of people still lost data because of a different reason. These include accidentally deleting the data, software or hardware failure, or even because they hadn’t backed up their data recently. The truth is, only 41% of companies and people back up each day, which leaves most of us…and most businesses…vulnerable to data loss.

surveyThe data from this survey stress how important it is to implement some type of cyber protection strategy for a business, which includes backing up data several times a day, and using the 3-2-1 backup rule. This is creating three copies of your data (a single primary copy and two backups), storing your copied on two different types of storage option, and then storing one of the copies in the cloud or remotely.

Change the Game with Cyber Protection

With more cyberattacks happening all of the time, the traditional methods of backing up our data is no longer working. We simply cannot rely on only backing up our information. It is way too dangerous.

Cybercriminals will target backup software with their own ransomware, and then try to modify the files, which makes it even more important to protect your information.

Recommendations for Cyber Protection

There are a number of different ways you can protect your personal or company’s information. Here are just five things you can do to ensure that your data is relatively safe:

  • Create a backup of your most important data…always – Keep a number of different copies of your backup locally and in the cloud. You want to do it locally so you can access it quickly and frequently, and you want to save it in the cloud to make sure that even if there is a fire, flood, or other disaster, your data is safe.
  • Ensure your OS and applications are all the current versions – If you are not updating your OS or apps, it means that they are much more vulnerable to getting hacked. These updates often contain patches and fixes that can keep cybercriminals out.
  • Beware of any suspicious links, emails, or attachments – Most ransomware and virus infections are created by using social engineering, and they trick unsuspecting people into opening these infected attachments or clicking on a link that installs malware to the device or network.
  • Install anti-virus, anti-ransomware, and anti-malware software – While you are doing your automated updates for your apps and OS, you should also be using all of these different software options, too.
  • Consider using an integrated cyber protection solution – You want to choose an option that combines anti-ransomware, anti-virus, backup, patch management, and a vulnerability assessment all in a single solution. This type of solution increases efficiency, ease of use, and the reliability of your protection.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

 

8 Scams That go Beyond Pandemics

As you might know, scammers often take advantage of people during times of trouble, such as in the current atmosphere of the COVID-19 pandemic. Here are some of the scams that you should be on the lookout for:

pandemicAccount Takeovers

This is a scam where the cybercriminals take credentials obtained from data breaches to take over accounts. They are also trying to reach out to kids to give up their account credentials, as they know most of them are out of school.

Phishing

There are a lot of phishing scams out there that are taking advantage of peoples’ fears about COVID-19 pandemic. Right now, the most prolific are coming out about the World Health Organization, WHO. Preying on fears is a common tactic that people use, and when people click on links in emails that look like they come from WHO, they can get access to your devices, collect private information, and even steal address books.

Vishing

This is a tactic that scammers use to get access to people’s back account information. The scammer informs people that there is something wrong with their bank account, and that they should call a number. When they do, it is a VoIP number, and the victim can unknowingly give up their personal information, including their banking information.

Smishing

A smishing attack is similar to a vishing account, except it uses SMS instead of emails or phone calls to lure in their victims. Most of these smishing attacks are focused on the coronavirus and have a sense of urgency to them.

Social Media Attacks

Social media attacks are looking pretty legit these days, and that’s why it’s easy to fall for them. Essentially, they look like a social media post from a real retailer who is giving something away.

Fake e-Commerce Sites

There are also a ton of new fake e-commerce sites popping up, most of them claiming to sell things like masks, gloves, and other COVID-19 related products.

Rogue Mobile Apps

Fake mobile apps are also on the rise, and when downloaded, these apps can install things like spyware, malware, and ransomware on the person’s device.

Work at Home Scams

Finally, we have work at home scams, which are becoming very popular due to so many people being out of work. Often, these scams make people lose more money than they could make.

Don’t be a Victim

Here are some tips that you can use to stop yourself from becoming a victim of these scams:

  • Don’t respond to any texts or calls from numbers you don’t know or that seem suspicious
  • Don’t share any financial or personal information via text, email, or on the phone.
  • Be careful if you are asked to share information or make an immediate payment.
  • Scammers might try to spoof numbers to trick people into answering. Remember, there are no government agencies that will ask you for money or personal info.
  • Don’t click on links that you get in text messages. If you get one from a friend, make sure it is legitimate before clicking on it.
  • Always check that a charity is real before making any type of donation.

These cybercriminals are poised to profit from this pandemic, and they are doing all they can to take advantage of people. So, it’s important that you use caution.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Working from Home Due to COVID-19? Protect Yourself from Cyberattacks

As we start to get used to living in a world where COVID-19 is changing everything, one of the differences that many have people are doing is working from home. With so many people now working on their home networks, cybercriminals are stepping up, and they are hoping to take advantage of people making security mistakes and doing more searches, specifically on COVID-19. This is a great opportunity for these thieves to target their victims.

COVID-19

Keep in mind that most people who are working from home are not working on a very secure network. Cyber attackers know this, and its important that both individuals and companies take the steps to protect themselves from COVID-19 and their information.

What Can Companies Do?

During this time, managers, owners, and supervisors should be setting clear expectations about how their businesses are going to work in these new environments. When these changes come down, they should come from the top. Here are some things to keep in mind:

  • You Must Understand the Threats – Business leaders should understand what threats are likely and prioritize protection methods based on that.
  • You Must Release Clear Guidance – It is also important that your organization’s at-home policies are easy to understand for all employees. This should include informing staff to communicate with security teams in the case of suspicious activity.
  • You Must Offer the Right Security – All business leaders should ensure that any company-owned devices are equipped with the best security capabilities. This includes the following:
    • The ability to connect securely to a business-owned cloud, and access to video teleconferencing apps that are important for remote workers.
    • Endpoint protection for all mobile devices and laptops including VPN tools and encryption.
    • Enforce the use of multi-factor authentication.
    • The ability to put a block on malware, exploits, and other threats using the best types of software and hardware.
    • A plan to filter any malicious domain URLS and stop any phishing attacks.

What Can Individuals Do?

People working from home should also take steps to ensure that they are remaining safe when working remotely.  Here are some things to do:

  • Create Strong Passwords – You should always create strong passwords and consider a password manager to facilitate multiple passwords opposed to the same passwords across multiple accounts.
  • Update Software and Systems – Install any system updates or patches as soon as you see them.
  • Make Sure Your Wi-Fi Access Point is Secure – Look at your Wi-Fi access point and make sure to change the passwords and default settings.
  • Use a VPN (Virtual Private Network) – A VPN is a good way to create a safe connection between a home computer and the worker’s organization.
  • Be Smart About COVID – 19 Scams – There are a ton of scams out there, including fake apps, so be smart.
  • Don’t Mix Work and Personal Tasks – Use your work device for your work and your personal device for personal tasks.

By taking these steps into consideration, either as a business leader or an employee, you can help to address some of the most common risks that you might face when working from home. Keep all of these tips in mind, and if something seems a little weird or strange, it’s probably best to report it to your company’s IT professional.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Cybercriminals are Stealing from you by Using these COVID-19 Scams

It is estimated that COVID-19 fraud has cost Americans more than $13 million, and it is rising. This comes from the US government.

The US Federal Trade Commission has added up the costs of all of these scams. They are looking from those that started from the 1st of January to the current week. What are these numbers made of? Mostly vacation and travel scams, as these have added up to $4.7 million lost. Online shopping scams are also out there, but they have only added up to $1.4 million.

The global spread of coronavirus has forced people to change the way they live, work, and even socialize. This is going to be the case for some time to come, and because of this, the cybercriminals have jumped onto the bandwagon, and they know…if they are lucky…this could be a lucrative thing for them.

These COVID-19 scams are definitely playing on the fears of the general public, and the goal of these cyber criminals is to get their targets to give them their personal information. Then, the bad guys use this information to commit fraud. In other words, they take money directly out of the hands of the people who need it the most.

What are the Tactics that People are Using to Hack Their Victims

There are a number of COVID-19 tactics that are being used to trick people into giving away their personal information, and in some cases, their hard-earned money.

Most of the tactics are combining phishing texts and emails with fake sites. Here are some of the things that are commonly found in a number of different languages:

  • Malware that is sent by “official” feeds, which are not really official. These include things like real time COVID-19 maps, which are actually meant to spread malware.
  • Messages that are offering an iPhone 11…for free…to help pass the time at home.
  • Messages offering payday loans to help people who are having problems with money.
  • Scams advertising products that are supposedly “cures” for COVID-19.
  • Coronavirus-themed domain names that seem to offer official information about the virus, but instead, simply spread viruses.
  • Emails from sources that show they are from WHO, the CDC, or even local governments.
  • Emails that ask for donations for COVID-19 research
  • Emails that look like they are coming from the government that have fake links allowing you to claim a tax refund.
  • People from the UK have reported getting fake emails saying they are from the BBC and the person’s TV license is expired. Then, they are asked to go to a website and update their details.
  • Phone calls are coming that are recorded and telling people that their broadband access will be cut off within 24 hours thanks to “illegal activity,” and the user must “press 1” to speak with a person to fix it. Once you are connected, they do all they can to get personal information from you.
  • Emails from people claiming to be “company officials,” that contain and attachment with the names of people within the organization that have tested positive for COVID-19.

No person nor industry is immune to this, so keep your eyes open and stay safe.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program and the home security expert for Porch.com

Deepfakes and the Impact on Cybersecurity Now and in the Future

Can you believe what you see in a video? Most people say ‘yes,’ but the truth is, you no longer can. We all know that photos can be altered, but videos? Thanks to artificial intelligence, these, too, are being altered at a very quick rate.

These videos, known as “deepfakes,” are out there, and they are doing a number on cybersecurity. In fact, leaders in the cybersecurity sector are warning consumers that high tech video alteration is here, and it is very difficult to tell with the naked eye whether or not a video is real or fake.

Leaders in cybersecurity shared an example of how this works. Basically, they created a video of a man, Steve Grobman, an executive from McAfee, speaking. However, the words he was speaking were not his own; they were the words of Celeste Fralick, a female data scientist, who had created this deepfake video to make a point. This might seem like a fun trick to play on your friends, but in reality, it could have a huge impact on cybersecurity, as things like phishing and social engineering will become easier than ever for hackers.

Deepfakes and artificial intelligence can also be used for audio too. Meaning a person’s words can be spliced together seamlessly to create full sentences. Joe Rogan the comedian and podcaster who has 1300+ podcasts was used as a demo. But even more disturbing is Joe Rogans voice with Taylor Swifts face.

What could this mean for you? Well, since it’s so relatively easy to make a video like this, it could cause some real issues for the public. One way that it could be used is to start with a photo, and then change a very small part of it. This change would be unable to be noticed by a human, but the change would be enough for AI to see the photo as something else. So, if you can confuse something like artificial intelligence, you could certainly confuse the systems that are built to stop cybersecurity.

This could have a lot of negative impact on all of us, and it could really give a boost to those who make a living in taking advantage of others via cybercrimes.

The good news is that though this type of technology could be used for bad, artificial intelligence could also be used for good things. For example, the technology could be used to create a crime map of where crimes have happened and where arrests could be made, which would make our streets, safer. At the same time, it could also be used by criminals to know where they could commit a crime without being arrested. You could also look at it like this. During World War II, more than two million people were killed by bombs that were dropped from airplanes. Based on that information, Orville Wright, the inventor of the airplane, was asked if he regretted this invention. He said ‘no.’ Why? Because he looked at the airplane as similar as to fire; it could cause terrible destruction, but at the same time, it is so very useful. This new technology is the same, and it will be interesting to see how it comes to truly be used in the future.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.