Posts

Cybersecurity Awareness Month: 5 Simple Ways to Boost Your Security

October 2023 marks the 20th annual observation of Cybersecurity Awareness Month, an annual declaration from the U.S. Congress and the White House intended to remind individuals and business owners of the importance of cyber security. The month exists to acknowledge that all of us can, and should, do more to stay safe online and to protect our businesses and communities from cyber attacks.

cyber securityThere are two sad but true realities about Cybersecurity Awareness Month. First, if you worry about cyber security, your are not alone. Second, if you take some time to protect yourself, you are in the minority. Norton reported in 2021 that 53% of the people it surveyed did not know how to protect themselves from cyber crime, even though 58% were worried about becoming a victim.

Thinking about cyber security is good, but doing something about it is even better. To help you get Cyber Security Awareness Month started in the right direction, here are 5 very simple things you can do right now, if you have not already, to improve your cyber security.

#1 Enable two-factor authentication on a single account. Despite its incredible effectiveness in blocking attacks and preventing phishing attacks, two-factor or multi-factor authentication use remains spotty, with only 13% of employees at small businesses required to use it, according to Zippia.

If you are among the 1.8 billion Gmail users, you know that two-factor authentication is mandatory, and that is generally unobtrusive and simple to use. Nearly every online service offers some form of two-factor authentication. Pledge to activate at least one of them before the end of October. If you have two-factor authentication on some logins, such as banking apps, but not others, pledge to turn on at least one more during the month. You will gain a very significant boost in your cyber security in exchange for a few seconds of your time. Ultimately, any time you spend responding to two-factor requests will be far less than the time you could spend worrying about your online safety.

#2 Cancel one service you no longer use. Did you sign up for a newsletter you no longer read, or subscribe to a game you no longer play? Most people have a few recurring subscriptions nibbling at their bank account balances each month, even though they never use the service. Is it really worth ending that $1 monthly charge that gives access to the gym?

The answer is yes. Not only do those charges siphon money you could put to better use, they also expose you  to cyber risks. Cyber security professionals often discuss the “threat surface,” which is the number of possible routes an attacker can take to gain access to data or passwords. Good cyber security practices limit the threat surface by eliminating any unnecessary logins or access points to accounts.

Older, forgotten subscriptions and logins are ripe for attack because you may not notice activity coming from them or perceive it as a threat. It only takes a few minutes to cancel a subscription and reduce the size of your threat surface.

#3 Change one password. Your password has been stolen. This is not a hypothetical statement. Nearly every password has been stolen and now circulates on the Dark Web. This is another reason to strongly consider two-factor authentication.

You might think that a criminal gets your password, tries to log in once with it, then throws it away if it does not work. In some cases this is true, but in others, that password gets attached to a profile of you that criminals build from information stolen or scraped from a variety of sources. This is the same kind of profile that companies like Alphabet and Meta build from the data you share with them, but without your authorization and with criminal activity in mind.

There are two types of people who tend to attract this kind of criminal attention. The first group knows that they are targets, because they have access to significant online systems or large amounts of money or data. The second group has no idea that they are vulnerable, because they are soft targets.

Soft targets never change passwords, use the same password in multiple places and rarely activate security features like two-factor authentication. It is very easy for criminals to find soft targets. When they harvest a database of new information, they compare logins and passwords to what they already have. If they see the same passwords again and again associated with the same email address, they know they have a soft target.

Changing a password makes you a harder target. For many people, that can be enough to reduce criminal interest and attention.

#4 Uninstall one app. Is your phone clogged with icons from apps you no longer use? Uninstall one and reduce a bit of digital clutter. For added security, delete your account from that unused app before you uninstall it, which will help to reduce your threat surface.

As a cyber security awareness bonus, think of this when you uninstall that app: Every time you open an account or download an app, you are trusting the cyber security of the company that provides that app or service. Ask yourself if they appear to take security seriously. Ask yourself what happens to your security, and your data, if that company stops supporting the app or goes out of business. If  you think about these things while you delete an unwanted app, there is a good chance you will think about them the next time you download an app.

#5 Update one piece of software. Whether its your browser, your smart phone’s operating system or a plugin on your website, make a point to check for updates and update one thing. If it’s been some time since you updated, you may notice two things: First, you have a lot of updates pending. Second, updates happen in seconds with almost no fuss.

A common theme runs across these five Cyber Security Awareness Month tips: Each is a simple step that will take no more than a few minutes of time and make you more secure online. The hope is that if you do this once, you will see how easy it is and repeat the process until everything is secured, updated or deleted. Remember that every small step you take contributes to stronger overall security.

If you think your personal cyber security awareness needs a boost, consider our Online CSI Protection Certification program. Through a series of videos presented by our Head Trainer Robert Siciliano, you will learn how to recognize and stop cyber attacks, as well as how to approach online interactions with security in mind. You can complete the course at your own pace, and you will retain access to the videos for review whenever you need it, and gain access to additional cyber security support resources. Try our free course on email safety to experience the program for yourself.

When and How to Report a Cyber Attack Attempt

Should you report a cyber attack attempt? Even a small, seemingly insignificant one? The answer is almost always yes.

There are two reasons to report a cyber attack. The first is to show cyber criminals that you take security seriously. The second is to gain safety in numbers. The more people who are aware of current attacks and techniques, the harder it is for criminals to operate. Remember that hackers and fraudsters depend on their victims knowing little no nothing about their scams. Spread the word, and you help others defend themselves. When enough people fight back or ignore scam and hacking attempts, criminals move on to easier targets.

When Should I Report a Cyber Attack Attempt?

You should immediately report any cyber attack that occurs at the workplace, targeting your office phone, personal phone, email, text messages or web browsers. You should consider reporting attacks that target your personal email or phone as well, if you believe the attacker obtained information about you online. Senior executives and those who have access to financial or information-management systems should report every attack on any business or personal device.

What looks like a common malware email, such as “Your package could not be delivered,” or “Your account has been suspended,” takes on an added significance if you are a high-value target. Low-level employees may not need to report mass-email phishing and malware attacks, but should report any attack using a business or personal phone number, particularly if the attacker claims to be a co-worker.

Where Should I Report an Attempted Cyber Attack?

The size of your business will determine how you should report the attack.

For mid-size and large companies: You likely have an internal or external specialist who handles your cyber security. Report all attacks to this individual, no matter how small or obvious they may seem. Do not worry about being a nuisance. It is the cyber specialist’s job to determine how significant or widespread an attack may be, and they can only do their job if they have a complete picture of the threats a business faces. Provide as much detail as possible, including screenshots of emails and text messages, if any.

If someone calls or texts you claiming to be a coworker, report this activity immediately. Targeted pretexting attacks are on the rise, with some criminals using sophisticated software to impersonate the voices of business leaders and public figures. These attacks are resource-intensive and require planning. which makes it more likely that a criminal will target multiple individuals within an organization.

For small businesses: If you work in a small business without an in-house cyber security or IT specialist, you have two options:

  1. If you have an external IT specialist, report the attack to them and ask them to monitor your systems for any signs of unusual behavior.
  2. If you do not have an external IT specialist, send an email to all coworkers advising them of the attack. Send a screenshot of the text, email or website and ask if anyone else has received similar messages. If multiple people in a small business report the same attack, it may be a sign that you have been targeted. Strongly consider professional IT support to identify any possible system breaches or data loss if this occurs.

Reporting Attempted Attacks to Law Enforcement

Every successful cyber attack should be reported to local police. Your cyber insurance policy likely requires this. If customer data are stolen, you must report the attack to police and check reporting requirements under the FTC Safeguards Rule, if you qualify as a Financial Institution, and the SEC Disclosure Rule, if you work for or partner with a publicly traded company. Any significant data breach should be reported immediately to your state Attorney General’s office. In the case of a significant data breach or an attack that compromises critical public systems, you should contact the local Federal Bureau of Investigation field office and your state Attorney General, who will provide support and additional guidance on disclosure. Note that in some cases, cyber attacks and data breaches should not be disclosed to the public without first contacting Federal or state officials.

Whether you should report an attempted cyber attack is murkier and depends on the nature of the attack. If you have publicly traded companies among your clients, or clients covered by the FTC Safeguards Rule, you should report targeted pretexting attacks to their IT or cyber security specialists. Criminals may be attempting to harm your partners by attacking their vendors, clients or associates. Law enforcement agencies generally will not handle this reporting for you. You must do it yourself, and you should do it as quickly as possible, as you may have some obligations to report under the Safeguards Rule or SEC Disclosure Rule. When in doubt, reach out.

Where Else Should Attempted Cyber Attacks Be Reported?

If you work for a franchise business, report any cyber attack attempt to your franchisor’s head office immediately. This is especially critical if the attacker attempts to impersonate a senior employer of the business. Criminals may be launching simultaneous attacks against franchisees. Your quick response could prevent significant damage to the business and your fellow franchisees.

If you are part of a trade association, such as a Bar Association or the National Association of REALTORS®, for example, or if you are a member of a state association or Chamber of Commerce, report any cyber attack that targets your business or employees to the senior officials in your area, and to your local and national headquarters. In recent years, there have been surges of criminal cyber activity targeting specific sectors, such as health care or public schools, or specific regions, such as the recent spate of Vacant Land Scam attempts in the Southwest United States. There is no way to know if an attack on your business is isolated or part of a bigger trend. Spreading the word to professional associates may give them the opportunity to stop similar criminal attacks.

 

Would you know what to do during a cyber attack? Download our free Cyber Crime Response Kit, which includes detailed, step-by-step instructions that will help you prevent an attack from spreading, quarantine infected devices and rebuild systems safely. For more detailed guidance on preventing and responding to cyber attacks, please contact us online or call us at 1-800-659-8311.

DOJ Alleges $8 Million Familiar Fraud at Transit Authority

Would Your Employees Notice Millions in Fraud?

The United States Department of Justice (DOJ) announced indictments against two individuals suspected of familiar fraud schemes that led to $8 million in losses for Massachusetts Bay Transit Authority commuter rail operator Keolis between July 2014 and November 2021. Both the scope and the longevity of these schemes are exceptional, although the methods used to steal the money are very common, raising questions about why the individual charged was able to commit this fraud for so long.

What Happened in the Keolis Familiar Fraud Case?

John P. Pigsley of Beverly, Massachusetts, a former Assistant Chief Engineer of Facilities for Keolis Commuter Services, has been accused of running two schemes that netted $8 million. In the first scheme, Pigsley is accused of conspiring with John Rafferty of Hale’s Location, New Hampshire, the former General Manager of LJ Electric, to create fraudulent invoices for vehicles and equipment, leading to more than $4 million in losses.

In the second scheme, Pigsley is accused of ordering copper wire for Keolis projects, picking it up himself or delivering it to his home address, then selling it to scrap yards. Over the course of several years, Pigsley is alleged to have made more than $4.5 million from the scheme. The actual value of the stolen material was not disclosed.

In a statement, Keolis Commuter Services said, “In late 2021, our enhanced financial controls and project management oversight identified project anomalies linked with the practices of an employee.” According to the DOJ indictment, this was 7 years after the fraud began.

Employees Must Be Empowered to Recognize Risks

Cyber threats are not the only challenges that businesses face. Familiar fraud, committed by an employee, family member or trusted business partner, can be more devastating and more difficult to detect. As with cyber security, employee training is essential to prevent losses. Employees must know how to recognize fraud and trust their instincts. They must also feel empowered to call out anything suspicious.

In the DOJ indictment against Pigsley, three common familiar fraud techniques that should have been caught stand out:

  1. Phony invoices: This is one of the most common types of familiar fraud. An employee with purchasing authority may conspire with a third party to create fake invoices and split the proceeds, or set up shell companies to invoice for goods and services that do not exist. This type of fraud can be difficult to detect in large, complex organizations, such as a railway operations company, or in businesses that frequently order large volumes of material from multiple vendors. Strong vendor approval and verification processes must be in place to detect this type of fraud; all new vendors should be verified by someone other than the person placing the orders. Shipments should be tracked and matched against invoices for at least the first 90 days of any new relationship. Any changes in volume or frequency in orders with a particular vendor should be flagged for follow up.
  2. Home deliveries. There are very few circumstances where an employee should receive materials shipments at home. Home addresses for all employees with purchasing authority should be kept on file by accounting staff. Any deliveries that match against a home address should be flagged for review. Any changes in regular delivery addresses, even if they only account for a portion of a shipment, should also be flagged for review.
  3. Personal pickup. Some employees may pick up and deliver materials as a regular part of their job. In an ideal world, purchasing and pickup are separate, so that no single employee has the ability to order and collect goods. When this is not practical, regular audits must be conducted of employees who can both order and deliver supplies, services and materials. Employees should be able to provide invoices for what was ordered, receipts for what was received and documentation for what was delivered.

Familiar fraud is one of the most difficult challenges that businesses face, because it comes not from external actors, but from trusted co-workers, friends and family. Proper business controls can prevent it, but only if employees understand what to look for and how to respond. Protect Now’s CSI Protection Certification training focuses on cyber crime but enables employees to spot any kind of suspicious behavior by teaching them to trust and act on their instincts. To learn more about our training programs, contact us online or call us at 1-800-658-8311.

The Tricks Behind the Clicks: Cyber Scams and Psychology

What is it that makes people fall for scams? Cybercrime is as hot as ever, with new and more creative scams popping up all the time. There is plenty of focus on spotting scams, but less so on what makes people miss the signs.

The Tricks Behind the Clicks: Cyber Scams and PsychologyMartina Dove, Ph.D., is a senior UX researcher at Tripwire and an expert in fraud psychology. Her research into the brain’s reaction to cyber scams and how the human mind operates when presented with a scam makes for an interesting read. On top of this, it also takes a look at fraud, and how susceptible we are to it, and it does this by using Dove’s own model.

Cybercrime from a Psychological Standpoint 

Discussions around cyber security often center on the technical aspects of security and data protection for businesses and people’s personal lives. New gadgets, devices, controls, and defenses are constantly circulating- which helps the fight to fortify our information and secure the confusing and tricky online environment.

Trust is a fundamental human trait. Humans trust by default. Scammers capitalize on this knowing that people look at life and scams and trust first, and scrutinize later. The hard part is how we can best keep ourselves, and our minds, safe against scams and where the holes might lie. The fundamental psychology behind the cybercrime mentality is underexplored, and so far, discussions often go no further than scratching the surface.

This is surprising, considering that it has such huge impact on what motivates people on either side of a scam. According to the latest Verizon Data Breach Investigations Report (DBIR)social engineering is the most common type of attack in regard to cybercrimes.

The psychological elements of how phishing emails are presented, the power of persuasion, and what makes people fall for scams are all important to really understand how things work and ultimately how to avoid becoming a victim.

Martina Dove’s Research into Fraud Psychology and Scams 

Few people have provided quite as much insight into this topic as Dove. Having specialized in fraud psychology, Dove became particularly interested in the concept of gullibility when pursuing her master’s degree and ultimately decided to carry it through into her Ph.D.

In an interview with Tim Erlin of Tripwire, Dove said that she had always been interested in the idea of gullibility, which is what makes a person gullible- and what it really means to be a gullible person. After reading an article published by two psychology researchers who were exploring the tricks and techniques used by scammers (particularly in phishing emails), Dove decided to drive her own studies down a similar route, diving deeper into the human psyche and scam vulnerability.

The main point of this research is a fraud susceptibility model that looks at the ins and outs of what puts a person at risk on a psychological level of falling victim to spam, scams, and phishing.

According to Dove, it was not her intention to create a model when she first started- the research naturally took her in that direction as she uncovered more fascinating theories about persuasive techniques, thought processing, and personalities that may influence how people react to these attacks.

Martina Dove’s Ph.D. research has also been turned into a book called The Psychology of Fraud, Persuasion, and Scam Techniques, which is available on Amazon.

The Fraud Susceptibility Model 

The research that ultimately led to the model in Dove’s book started as a questionnaire designed to build a “measurable scale of fraud vulnerability.” It was scorable, with the answers determining what areas of a person’s personality put them at risk.

After a series of tests and experimental studies, along with expert analysis and validation, the model just created itself. Dove explained that some factors that influence susceptibility could actually be mapped and used to predict a person’s natural reaction when faced with a fraudulent situation. The fraud psychology expert also went on to describe how the model is used to determine compliance and the reasons behind it, as well as how people strategize after they realize they have been victimized.

It looks into the characteristics that leave a person most susceptible at each stage of a scam.

1.   Precursors

How do personal circumstances- emotional, social, financial, etc. – influence how we react to fraud? Does our demographic play a role? Our family situations? Essentially, how great an impact do our social surroundings and everything that comes with them have on our ability to identify and avoid scams?

2.   Engagement with scammers

Once a person is on the hook, what techniques does the scammer use, and how do personal character traits change how we respond? What types of persuasion works best on different personalities, and how do scammers identify and exploit these vulnerabilities?

3.   Dealing with victimization

Dove’s model explores the conscious versus unconscious decision-making processes that occur when people deal with phishing emails and other fraudulent communications- and after they realize they have been fooled. How do people accept what happened, and how does it impact their behaviors?

Throughout her research, Dove shares examples of circumstances and characteristics that can make people more or less susceptible.

  • Group mentality: Someone who is highly concerned with being part of a group and uncomfortable going against the status quo may ignore signals of uncertainty and doubt if others disagree.
  • Compliance: Naturally compliant individuals are hardwired to follow instructions. Scams prey on this, hoping that the ‘no questions asked’ mentality is enough to make a person adhere to requests.
  • Impulse: Impulsive people are less likely to take time to assess a situation and take the necessary steps to confirm a source or authenticity. Those who tend to favor fast decision-making over meticulous processes are more likely to become fraud victims.
  • Belief in justice: It may sound strange, but people who believe criminals will get caught and that bad things don’t happen to good people are vulnerable. Because they don’t see these things as pressing threats, they may overlook obvious signs. The naivety that says, “this won’t happen to me- I am a good person,” is potentially dangerous.
  • Background knowledge and self-evaluation: How much a person knows- or thinks they know- about cyber security can be a hindrance. People assume that their understanding of how scams work and what to look out for will protect them from becoming victims. This is, to a point, true, but it can also make people complacent. Being an expert in a field doesn’t disqualify a person from falling victim to targeted fraudulent communication.
  • Reliance on authority and social confirmation: If someone is particularly concerned with what others think, they may be at more risk. Authority-driven individuals may make decisions based on the belief it is a request from a superior, and socially-driven people may go along with something because of influence from friends or family.
  • A general predisposition to scams: According to a study published via ScienceDirect, some people are just prone to fraud because of their engagement levels. Everything about them may suggest otherwise, but they have something in them that makes them more likely to go along with a scam.

Examples of Scams and Victim Profiles 

Here are two examples of scams and the types of psychological profiles they are likely to target. 

  • Business Email Compromise Scam: The basis of this type of scam is a boss or member of management emailing an employee asking for urgent funds. It preys on qualities such as compliance, obedience, respect for authority, and hierarchical values. People who have a strong belief in the pecking order are less likely to question a demand made by a superior and are therefore more likely to comply without hesitation.
  • Sexploitation Scams: These scams use fear as the driving force to get people to comply with demands. A scammer working in this field uses language to evoke a person’s most primal drives- hoping their influence takes over the more practical aspects of human thinking. Anyone can struggle to make intelligent decisions when they are especially scared or excited, but someone prone to fast emotions is more likely to be a prime target.

It is interesting to see how different these two examples are, which shows how much a person’s emotional makeup and core values can impact their likelihood to become a victim of fraud.

The Challenges Facing Scam Awareness 

As Tim Erlin rightfully pointed out during his interview with Martina Dove– a significant challenge that stalls the progress of beating cyber criminals is the underlying sense of shame and embarrassment many scam victims feel. He stated that people don’t want to admit they fell for it and may not even report that it ever happened. This, sadly, is true and only adds to the stigma of fraud victimization- making it harder to build a substantial defense against these crimes.

Furthermore, there is a dangerous habit out there of immediately labeling scam victims as stupid, making them feel guilty for being the target of what is, at the end of the day, a crime. Fraud is as real as robbery, yet the victims are treated very differently.

Increasing the awareness and understanding of why these things happen and changing the narrative of how victims are perceived could help bring a more accepting mainstream view.

How Can Martina Dove’s Research Help with Fraud Awareness Training? 

Modern businesses are acutely aware of the very real risk of cyber scams and take steps to protect and educate their staff, but is there enough focus on vulnerability rather than vigilance? The idea that anyone can fall for a scam needs to be more publicized, and people made aware of what exactly is it about a person’s personality and psychology that makes them vulnerable.

As cyber security professionals can confirm- the human aspect is and always has been the weak link in the defense chain because people can make mistakes, and the brain is open to mind games. If scammers are getting better at playing on the mind, then security experts need to get better at educating people on how this exploitation works.

Using Dove’s research to make anti-fraud training more human-focused and interactive could be the difference between a person falling victim and feeling ashamed and being aware of emotions used against them- and being able to stop an attack in its tracks.  

Practical Advice for People at Risk

As part of Dove’s research, she complied a checklist of actions to take towards proactively identifying potential scams and avoiding being drawn into the deception. Here is a brief summary of the key points for consideration. 

  • Question how it makes you feel: Scams play on emotion and aim to evoke a strong reaction, so how you feel when you read something could be an instant warning sign.
  • Look for further language clues: Is there any wording that seems overly strong or makes you feel bad in a way that seems unnatural?
  • Beware of links: A quick and convenient ‘click here to solve your problems’ may not be what it seems. Only access trusted links and log into any secure accounts via the official portals and never through an email.
  • Make space for rationality amongst emotion: Understand that what you feel in the moment could have been engineered through clever psychological tricks and attacks. Take a step back, wait to make a decision, and ask for opinions from family and friends if you are not sure about how to proceed.
  • Scrutinize the details: Look into correspondence for any sign of falsification or something that just doesn’t feel right. Emotional people may be quick to act, but they can also have strong senses of instinct.
  • Don’t rush to action, no matter the request: Sometimes, a pause is all it takes. Stopping and thinking is never bad practice in any walk of life or decision to be made.  

Final Thoughts 

Everyone was not created equally when it comes to emotions and how they drive our thoughts. Moderating how they impact decisions and how vulnerable they make us to gullibility is not easy, and greater awareness is needed.

The ties drawn between psychology and cybercrime are truly fascinating and open up an interesting and far overdue conversation about the correlations.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

What the Equifax Data Breach Can Teach Us About Security Fatigue

If you buy anything, anywhere, you are at risk of a cyber threat. Though you probably know that cyber threats exist, if you are like most of us, you don’t’ know what to do when it comes to being safe online, and if you become a victim, you really don’t know what to do. This is all important as we prepare for the next big breach like the one that happened with Equifax. If you use credit, you are a potential victim here.

According to Equifax, more than 147 million people were affected by the breach, and most of us had or have no idea what we can do about it, or how it might affect us in the future. On top of this, when we look at statistics, we can see that almost 27 billion…not million, but billion…additional records were exposed due to data breaches in 2020, and things are only going to get worse.

The issue is that people are frustrated, scared, and confused, and because these cyber-attacks are so common now, people are just getting apathetic about it. Of course, this is very dangerous. Additionally, there are other issues, too, specifically “security fatigue.”

What does this mean? It means that people just want nothing to do with worrying about computer security at all, and they get annoyed when they hear all of the rhetoric that comes from security experts like “keep an eye out for blah, blah, blah.”

Cyber Attacks are More Common Now Than Ever in the Past

It should be no surprise that cyber attacks are more common today than they were in the past. That also means that the chances of becoming a victim of identity theft are higher. Internet fraud is playing a big role in this, but it’s not just human error and bad passwords that are causing this. Instead, it’s the lack of people doing anything to stop it. And here’s the thing…if you think it can’t happen to you, you are wrong.

Tips for Protecting Yourself Online

It is not difficult to protect yourself online. Here are seven tips to keep yourself safe:

  • Download a program for your browser that tells you if a site you are going to go to is dangerous. These can be seen right from your browser, and if a site is safe, you will immediately know. A full suite of antivirus should include a browser plug-in to serve this purpose.
  • Keep your passwords safe with a password manager. It is very important to use a different password for every account.
  • Get some type of ID theft coverage through your employer, your bank, or other business. It’s not easy to 100% fully protect your identity, but using something like this can make things much, much easier.
  • Set up two-factor authentication and text alerts for sensitive accounts like bank accounts, email, and social media.
  • Freeze your credit. This way, a scammer can’t open any new accounts in your name.
  • Learn more about common internet scams. You should understand what ransomware is, phishing, scareware, and more.

One of the biggest things you should take away from this is to understand that if you become a victim of something like this, it doesn’t just affect you; it also can affect your family, friends, co-workers, and more. Yes, it might be annoying to some to have to take these steps, but it could be the difference between staying safe and becoming a victim.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

8 Cyber Security Tips You Can Start Today to Keep Yourself Safe

These days, it seems like there is one data breach after another, and each time, they are being done by those who want to steal your identity. Thankfully, it is much easier than you probably think to keep your info safe. Here are some tips that you can start doing right now to put yourself in a position to fight this:
Cyber Security Tips
Take a Look at Your Accounts

Almost any account allows you to check the recent activity. Even Facebook, Google, and Twitter have this available. When you take a look at this, you can see every log in and authorization. If something looks strange, such as a log in from Nigeria, odds are good that you have been compromised. Most of these sites allow you to log out of every location, so you should definitely do that.

Take a Look at Your Computer

 You may not realize it, but at any time, there are a number of programs running on your computer. However, some of these might not be safe. So, it is always a smart idea to check to see what is running in the background. To do this, you can check Activity Monitor for Mac or Task Manager for Windows. If you don’t know what a program is, look on Google. It will tell you if it is good or bad. If it is not good, figure out how to uninstall or remove it.

Take a Look at Your Passwords

 Also, take a close look at your passwords. Do you think they are really safe? Every account should have its own password, and if you use the same passwords for more than one account, your chances of getting hacked rise exponentially. You also need to make sure you are changing your account passwords on a regular basis. You can use our FREE Email Checker and check your email address and passwords.

When you do this, you can check to see if your account has been compromised. If so, change your password immediately. You should also consider using a password manager.

Take a Look at Your Wi-Fi Connection

Are you paying attention to your Wi-Fi connection? Do you have a password protecting it? Do you have a WPA encryption? Do you have anyone piggybacking on your connection? You can install a program like Wireless Network Watcher. It is also very important that you are cautious when on public Wi-Fi. Only use a VPN, virtual private network, when connecting to public Wi-Fi.

Take a Look at Connected Apps

You also may not realize that you have given your social media accounts permission to connect to other apps. Though this isn’t extremely dangerous, they can result in account takeovers and data leaks. So, if you don’t use a specific app or service any longer, you should sever the connection.

Take a Look at Installed Apps

When you look at those connected apps, also take a look at what apps you have installed on your computer and your mobile device. You may have downloaded some type of malicious program that looks like a tool or game, but it could end up wrecking your system. If you have any weird apps, check Google to see if there were any vulnerabilities or flaws.

Update Everything

You also want to make sure you are updating your apps and OS regularly. These updates often contain security improvements in order to keep your devices safe. The newer the update, the safer your device. Also, don’t forget to check for updates on your browsers, routers, and even printers, as these can be manipulated, too.

Protect Your Identity

Finally, do everything you can to protect your identity. There are two ways to do this, especially when it comes to stopping someone from opening new lines of credit in your name. You should set up a credit freeze through every credit bureau. You should additionally set up an account that offers identity theft protection. This helps to watch your data, and it monitors your credit reports. If something goes wrong, when you have this type of protection, there are people standing by to fix things, and by doing this, you can minimize the damage that could occur.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

A Look Ahead: What Challenges Might We Face with Cyber Security in the Next Year?

I was recently talking to a friend. She called me because there was a big issue at work: a ransomware attack. Basically, a hacker installed software that locked down the entire network, and then demanded that her boss pay $8500. Ultimately, against my recommendations, the only choice they determined they had was to pay the money, and in the process, they learned a very valuable lesson about the importance of backing up company data.

This is only one of the things that we are going to be facing in the upcoming year. Here are some more that everyone should be aware of:

More Ransomware

We are definitely going to be seeing more ransomware attacks. These cyber criminals are getting even more greedy and they know that the data they are holding for ransom is very valuable. So, expect even higher priced demands.

More Built-In Security

For those in the security industry, there is going to be a lot of work ahead. There are new challenges coming up all of the time, and there are still the old issues that haven’t been solved. People in the industry will have to go way beyond home computers and cell phones. With so many products connecting to the internet, there are millions of ways for cyber criminals to launch an attack.

Intelligence-Based Security

We also can expect to see more artificial intelligence-based security approaches, since the technology we have now just isn’t doing the job. There needs to be more advanced analytics and monitoring, and this will help to prevent more identity theft incidents than ever before. Artificial intelligence just keeps on getting more prominent, and we are seeing computers actually learning without any help from humans. If these computers start to learn enough, they can start helping criminal hackers too.

A More Vulnerable Internet of Things

It’s also a huge possibility that there are going to be big issues in regard to the Internet of Things. Often called “end points” more devices than ever before are connecting to the internet, and more people are using them. This makes us more vulnerable to attacks, so we need to lock this down. Before you buy anything that connects to the internet, you must do your research.

More Phishing, Too

We can also expect more phishing attacks. Hackers are certainly planning more of this, and honestly, these attacks are easy to pull off. Why would they stop?

Credential Theft is Here to Stay

Attacks that occur for the purpose of stealing banking credentials and payment cards will also continue. Don’t ever click on a link in emails, and don’t open any attachment before you open them.

Credential Stuffing

There are billions of stolen credentials floating around the Internet ready for the taking and hackers are plugging this data into well-known websites and gaining access to email, ecommerce, banking, financial, you name it. Change up your passwords.

Security with Smartwear

We are also seeing new threats in regard to wearable devices. These can be bad news for consumers and businesses because they can easily be portals for infecting a home network. Keep these devices updated and change the passwords from the default if you can.

Governments Could be Targets

Cyber-attacks on governments will surely continue, too. These might be inside jobs, or they could be from foreign sources. Even if you think your devices and data is secure, the government might not be. This is another reason you need to have ID theft protection.

Smarter Cars

We also are going to see smarter cars; cars that are more connected than we have ever seen. There are close to 100 ECUs, electronic control units, in cars these days. Some of these are connected to the internet, too, so think of what this might mean. Technically, a hacker could do things like control the car’s brakes. Thankfully, manufacturers are adding more security, but consumers really have to do their homework, too, and understand their cars’ capabilities.

DDoS Attacks

Distributed denial of service attacks, or DDoS attacks, is when manipulation occurs to make something unavailable to people, like a website. We will certainly see more of this.

Disinformation Proliferation

There has never been a time when dis-information was so easily spread by so many, for so many reasons. When government officials at the very top become the primary spreaders of this information, such as dictators in Banana Republic’s and even those in the USA, you know we have a significant problem. Get your facts straight, publications like the New York Times or the Wall Street Journal have no reason to lie. Fact check before you share and spread misinformation.

Conclusion

Here’s the situation; we cannot fully protect ourselves from all of the fraud and scams that are out there, no matter how hard we try. With so many devices that are connecting to the internet, hackers have a ton of opportunity to take advantage of their victims. We need better security and more awareness, so as we move into the new year, keep all of this in mind.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Survey Shows Most People Back Up…But Not as Often as They Should

According to a new survey, we now have a good idea of the habits of the regular person in regard to backing up their devices. The survey, which covered almost 3,000 people, looked at people around the world. What it shows is that 91 percent of people back up their devices and their data. But, 68 percent of people still lost data because of a different reason. These include accidentally deleting the data, software or hardware failure, or even because they hadn’t backed up their data recently. The truth is, only 41% of companies and people back up each day, which leaves most of us…and most businesses…vulnerable to data loss.

surveyThe data from this survey stress how important it is to implement some type of cyber protection strategy for a business, which includes backing up data several times a day, and using the 3-2-1 backup rule. This is creating three copies of your data (a single primary copy and two backups), storing your copied on two different types of storage option, and then storing one of the copies in the cloud or remotely.

Change the Game with Cyber Protection

With more cyberattacks happening all of the time, the traditional methods of backing up our data is no longer working. We simply cannot rely on only backing up our information. It is way too dangerous.

Cybercriminals will target backup software with their own ransomware, and then try to modify the files, which makes it even more important to protect your information.

Recommendations for Cyber Protection

There are a number of different ways you can protect your personal or company’s information. Here are just five things you can do to ensure that your data is relatively safe:

  • Create a backup of your most important data…always – Keep a number of different copies of your backup locally and in the cloud. You want to do it locally so you can access it quickly and frequently, and you want to save it in the cloud to make sure that even if there is a fire, flood, or other disaster, your data is safe.
  • Ensure your OS and applications are all the current versions – If you are not updating your OS or apps, it means that they are much more vulnerable to getting hacked. These updates often contain patches and fixes that can keep cybercriminals out.
  • Beware of any suspicious links, emails, or attachments – Most ransomware and virus infections are created by using social engineering, and they trick unsuspecting people into opening these infected attachments or clicking on a link that installs malware to the device or network.
  • Install anti-virus, anti-ransomware, and anti-malware software – While you are doing your automated updates for your apps and OS, you should also be using all of these different software options, too.
  • Consider using an integrated cyber protection solution – You want to choose an option that combines anti-ransomware, anti-virus, backup, patch management, and a vulnerability assessment all in a single solution. This type of solution increases efficiency, ease of use, and the reliability of your protection.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

 

Cybercriminals are Stealing from you by Using these COVID-19 Scams

It is estimated that COVID-19 fraud has cost Americans more than $13 million, and it is rising. This comes from the US government.

The US Federal Trade Commission has added up the costs of all of these scams. They are looking from those that started from the 1st of January to the current week. What are these numbers made of? Mostly vacation and travel scams, as these have added up to $4.7 million lost. Online shopping scams are also out there, but they have only added up to $1.4 million.

The global spread of coronavirus has forced people to change the way they live, work, and even socialize. This is going to be the case for some time to come, and because of this, the cybercriminals have jumped onto the bandwagon, and they know…if they are lucky…this could be a lucrative thing for them.

These COVID-19 scams are definitely playing on the fears of the general public, and the goal of these cyber criminals is to get their targets to give them their personal information. Then, the bad guys use this information to commit fraud. In other words, they take money directly out of the hands of the people who need it the most.

What are the Tactics that People are Using to Hack Their Victims

There are a number of COVID-19 tactics that are being used to trick people into giving away their personal information, and in some cases, their hard-earned money.

Most of the tactics are combining phishing texts and emails with fake sites. Here are some of the things that are commonly found in a number of different languages:

  • Malware that is sent by “official” feeds, which are not really official. These include things like real time COVID-19 maps, which are actually meant to spread malware.
  • Messages that are offering an iPhone 11…for free…to help pass the time at home.
  • Messages offering payday loans to help people who are having problems with money.
  • Scams advertising products that are supposedly “cures” for COVID-19.
  • Coronavirus-themed domain names that seem to offer official information about the virus, but instead, simply spread viruses.
  • Emails from sources that show they are from WHO, the CDC, or even local governments.
  • Emails that ask for donations for COVID-19 research
  • Emails that look like they are coming from the government that have fake links allowing you to claim a tax refund.
  • People from the UK have reported getting fake emails saying they are from the BBC and the person’s TV license is expired. Then, they are asked to go to a website and update their details.
  • Phone calls are coming that are recorded and telling people that their broadband access will be cut off within 24 hours thanks to “illegal activity,” and the user must “press 1” to speak with a person to fix it. Once you are connected, they do all they can to get personal information from you.
  • Emails from people claiming to be “company officials,” that contain and attachment with the names of people within the organization that have tested positive for COVID-19.

No person nor industry is immune to this, so keep your eyes open and stay safe.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program and the home security expert for Porch.com

Beware of IRS Stimulus Check Scams

The IRS has been urging taxpayers to be aware of calls and emails that might lead victims to give up their personal information to cyberthieves.

IRS Commissioner, Chuck Rettig, has been urging people to take more care during this time. He reminds taxpayers that the IRS won’t ever call to verify or collect financial information in order for you to get your refund faster. The IRS will also never email taxpayers asking for this information. Fraudulent text messages are also on the rise.

Cybercriminals have always taken advantage of times of trouble, and now that we are in the throes of coronavirus, they are continuing this. While people are waiting to get their stimulus payments and tax refunds, it is extremely important to remain vigilant.

Don’t Fall for These Scams

The IRS has definitely seen many more phishing schemes. In most cases, the IRS deposits these payments directly into the bank accounts of the taxpayer. Those who have previously filed, but have not provided direct deposit information, must provide this on the IRS.gov website. If they don’t do that, the IRS will mail a paper check to the taxpayer.

It is also important to mention that the IRS has reminded those who have retired and don’t have to file a tax return that they don’t have to do anything in order to receive their stimulus check. Cybercriminals tend to focus on seniors, and they may try to reach out by mail, phone, or email and ask for information such as Social Security numbers, bank account numbers or other identifying info. The IRS will not contact these people, so don’t give any info if you are in this group.

Other Information from the IRS

The IRS is also reminding taxpayers that there are signs that something is a scam. Here are some of them:

  • The official term of the payment is “economic impact payment.” If you see terms like “Stimulus Payment” or “Stimulus Check, it’s probably a scam.
  • It is a scam if someone asks you to sign over your check to them.
  • It’s a scam if they ask you to verify your personal or financial information via phone, text, social media, mail, or email.
  • If they suggest that you can get your money faster by supplying information, it is a scam.
  • If you get a check in the mail that seems a bit off, and then you are asked to verify information online, it is a scam.

Reporting These Scams

If you believe that you might be a target or victim of a scam like this, you should do your best to report it. If you get an email, for instance, you should forward it to phishing@irs.gov.

It is also recommended that you do not engage with potential scammers on the phone or internet. There are guidelines on how to deal with this on the IRS.gov website.

Official information about the IRS and how it is dealing with the COVID-19 pandemic is also available online at the Coronavirus Tax Relief page online.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program and the home security expert for Porch.com