Posts

Cybersecurity Awareness Month: 5 Simple Ways to Boost Your Security

/in /by

October 2023 marks the 20th annual observation of Cybersecurity Awareness Month, an annual declaration from the U.S. Congress and the White House intended to remind individuals and business owners of the importance of cyber security. The month exists to acknowledge that all of us can, and should, do more to stay safe online and to protect our businesses and communities from cyber attacks.

cyber securityThere are two sad but true realities about Cybersecurity Awareness Month. First, if you worry about cyber security, your are not alone. Second, if you take some time to protect yourself, you are in the minority. Norton reported in 2021 that 53% of the people it surveyed did not know how to protect themselves from cyber crime, even though 58% were worried about becoming a victim.

Thinking about cyber security is good, but doing something about it is even better. To help you get Cyber Security Awareness Month started in the right direction, here are 5 very simple things you can do right now, if you have not already, to improve your cyber security.

#1 Enable two-factor authentication on a single account. Despite its incredible effectiveness in blocking attacks and preventing phishing attacks, two-factor or multi-factor authentication use remains spotty, with only 13% of employees at small businesses required to use it, according to Zippia.

If you are among the 1.8 billion Gmail users, you know that two-factor authentication is mandatory, and that is generally unobtrusive and simple to use. Nearly every online service offers some form of two-factor authentication. Pledge to activate at least one of them before the end of October. If you have two-factor authentication on some logins, such as banking apps, but not others, pledge to turn on at least one more during the month. You will gain a very significant boost in your cyber security in exchange for a few seconds of your time. Ultimately, any time you spend responding to two-factor requests will be far less than the time you could spend worrying about your online safety.

#2 Cancel one service you no longer use. Did you sign up for a newsletter you no longer read, or subscribe to a game you no longer play? Most people have a few recurring subscriptions nibbling at their bank account balances each month, even though they never use the service. Is it really worth ending that $1 monthly charge that gives access to the gym?

The answer is yes. Not only do those charges siphon money you could put to better use, they also expose you  to cyber risks. Cyber security professionals often discuss the “threat surface,” which is the number of possible routes an attacker can take to gain access to data or passwords. Good cyber security practices limit the threat surface by eliminating any unnecessary logins or access points to accounts.

Older, forgotten subscriptions and logins are ripe for attack because you may not notice activity coming from them or perceive it as a threat. It only takes a few minutes to cancel a subscription and reduce the size of your threat surface.

#3 Change one password. Your password has been stolen. This is not a hypothetical statement. Nearly every password has been stolen and now circulates on the Dark Web. This is another reason to strongly consider two-factor authentication.

You might think that a criminal gets your password, tries to log in once with it, then throws it away if it does not work. In some cases this is true, but in others, that password gets attached to a profile of you that criminals build from information stolen or scraped from a variety of sources. This is the same kind of profile that companies like Alphabet and Meta build from the data you share with them, but without your authorization and with criminal activity in mind.

There are two types of people who tend to attract this kind of criminal attention. The first group knows that they are targets, because they have access to significant online systems or large amounts of money or data. The second group has no idea that they are vulnerable, because they are soft targets.

Soft targets never change passwords, use the same password in multiple places and rarely activate security features like two-factor authentication. It is very easy for criminals to find soft targets. When they harvest a database of new information, they compare logins and passwords to what they already have. If they see the same passwords again and again associated with the same email address, they know they have a soft target.

Changing a password makes you a harder target. For many people, that can be enough to reduce criminal interest and attention.

#4 Uninstall one app. Is your phone clogged with icons from apps you no longer use? Uninstall one and reduce a bit of digital clutter. For added security, delete your account from that unused app before you uninstall it, which will help to reduce your threat surface.

As a cyber security awareness bonus, think of this when you uninstall that app: Every time you open an account or download an app, you are trusting the cyber security of the company that provides that app or service. Ask yourself if they appear to take security seriously. Ask yourself what happens to your security, and your data, if that company stops supporting the app or goes out of business. If  you think about these things while you delete an unwanted app, there is a good chance you will think about them the next time you download an app.

#5 Update one piece of software. Whether its your browser, your smart phone’s operating system or a plugin on your website, make a point to check for updates and update one thing. If it’s been some time since you updated, you may notice two things: First, you have a lot of updates pending. Second, updates happen in seconds with almost no fuss.

A common theme runs across these five Cyber Security Awareness Month tips: Each is a simple step that will take no more than a few minutes of time and make you more secure online. The hope is that if you do this once, you will see how easy it is and repeat the process until everything is secured, updated or deleted. Remember that every small step you take contributes to stronger overall security.

If you think your personal cyber security awareness needs a boost, consider our Online CSI Protection Certification program. Through a series of videos presented by our Head Trainer Robert Siciliano, you will learn how to recognize and stop cyber attacks, as well as how to approach online interactions with security in mind. You can complete the course at your own pace, and you will retain access to the videos for review whenever you need it, and gain access to additional cyber security support resources. Try our free course on email safety to experience the program for yourself.

The Tricks Behind the Clicks: Cyber Scams and Psychology

/0 Comments/in , , , /by

What is it that makes people fall for scams? Cybercrime is as hot as ever, with new and more creative scams popping up all the time. There is plenty of focus on spotting scams, but less so on what makes people miss the signs.

The Tricks Behind the Clicks: Cyber Scams and PsychologyMartina Dove, Ph.D., is a senior UX researcher at Tripwire and an expert in fraud psychology. Her research into the brain’s reaction to cyber scams and how the human mind operates when presented with a scam makes for an interesting read. On top of this, it also takes a look at fraud, and how susceptible we are to it, and it does this by using Dove’s own model.

Cybercrime from a Psychological Standpoint 

Discussions around cyber security often center on the technical aspects of security and data protection for businesses and people’s personal lives. New gadgets, devices, controls, and defenses are constantly circulating- which helps the fight to fortify our information and secure the confusing and tricky online environment.

Trust is a fundamental human trait. Humans trust by default. Scammers capitalize on this knowing that people look at life and scams and trust first, and scrutinize later. The hard part is how we can best keep ourselves, and our minds, safe against scams and where the holes might lie. The fundamental psychology behind the cybercrime mentality is underexplored, and so far, discussions often go no further than scratching the surface.

This is surprising, considering that it has such huge impact on what motivates people on either side of a scam. According to the latest Verizon Data Breach Investigations Report (DBIR)social engineering is the most common type of attack in regard to cybercrimes.

The psychological elements of how phishing emails are presented, the power of persuasion, and what makes people fall for scams are all important to really understand how things work and ultimately how to avoid becoming a victim.

Martina Dove’s Research into Fraud Psychology and Scams 

Few people have provided quite as much insight into this topic as Dove. Having specialized in fraud psychology, Dove became particularly interested in the concept of gullibility when pursuing her master’s degree and ultimately decided to carry it through into her Ph.D.

In an interview with Tim Erlin of Tripwire, Dove said that she had always been interested in the idea of gullibility, which is what makes a person gullible- and what it really means to be a gullible person. After reading an article published by two psychology researchers who were exploring the tricks and techniques used by scammers (particularly in phishing emails), Dove decided to drive her own studies down a similar route, diving deeper into the human psyche and scam vulnerability.

The main point of this research is a fraud susceptibility model that looks at the ins and outs of what puts a person at risk on a psychological level of falling victim to spam, scams, and phishing.

According to Dove, it was not her intention to create a model when she first started- the research naturally took her in that direction as she uncovered more fascinating theories about persuasive techniques, thought processing, and personalities that may influence how people react to these attacks.

Martina Dove’s Ph.D. research has also been turned into a book called The Psychology of Fraud, Persuasion, and Scam Techniques, which is available on Amazon.

The Fraud Susceptibility Model 

The research that ultimately led to the model in Dove’s book started as a questionnaire designed to build a “measurable scale of fraud vulnerability.” It was scorable, with the answers determining what areas of a person’s personality put them at risk.

After a series of tests and experimental studies, along with expert analysis and validation, the model just created itself. Dove explained that some factors that influence susceptibility could actually be mapped and used to predict a person’s natural reaction when faced with a fraudulent situation. The fraud psychology expert also went on to describe how the model is used to determine compliance and the reasons behind it, as well as how people strategize after they realize they have been victimized.

It looks into the characteristics that leave a person most susceptible at each stage of a scam.

1.   Precursors

How do personal circumstances- emotional, social, financial, etc. – influence how we react to fraud? Does our demographic play a role? Our family situations? Essentially, how great an impact do our social surroundings and everything that comes with them have on our ability to identify and avoid scams?

2.   Engagement with scammers

Once a person is on the hook, what techniques does the scammer use, and how do personal character traits change how we respond? What types of persuasion works best on different personalities, and how do scammers identify and exploit these vulnerabilities?

3.   Dealing with victimization

Dove’s model explores the conscious versus unconscious decision-making processes that occur when people deal with phishing emails and other fraudulent communications- and after they realize they have been fooled. How do people accept what happened, and how does it impact their behaviors?

Throughout her research, Dove shares examples of circumstances and characteristics that can make people more or less susceptible.

  • Group mentality: Someone who is highly concerned with being part of a group and uncomfortable going against the status quo may ignore signals of uncertainty and doubt if others disagree.
  • Compliance: Naturally compliant individuals are hardwired to follow instructions. Scams prey on this, hoping that the ‘no questions asked’ mentality is enough to make a person adhere to requests.
  • Impulse: Impulsive people are less likely to take time to assess a situation and take the necessary steps to confirm a source or authenticity. Those who tend to favor fast decision-making over meticulous processes are more likely to become fraud victims.
  • Belief in justice: It may sound strange, but people who believe criminals will get caught and that bad things don’t happen to good people are vulnerable. Because they don’t see these things as pressing threats, they may overlook obvious signs. The naivety that says, “this won’t happen to me- I am a good person,” is potentially dangerous.
  • Background knowledge and self-evaluation: How much a person knows- or thinks they know- about cyber security can be a hindrance. People assume that their understanding of how scams work and what to look out for will protect them from becoming victims. This is, to a point, true, but it can also make people complacent. Being an expert in a field doesn’t disqualify a person from falling victim to targeted fraudulent communication.
  • Reliance on authority and social confirmation: If someone is particularly concerned with what others think, they may be at more risk. Authority-driven individuals may make decisions based on the belief it is a request from a superior, and socially-driven people may go along with something because of influence from friends or family.
  • A general predisposition to scams: According to a study published via ScienceDirect, some people are just prone to fraud because of their engagement levels. Everything about them may suggest otherwise, but they have something in them that makes them more likely to go along with a scam.

Examples of Scams and Victim Profiles 

Here are two examples of scams and the types of psychological profiles they are likely to target. 

  • Business Email Compromise Scam: The basis of this type of scam is a boss or member of management emailing an employee asking for urgent funds. It preys on qualities such as compliance, obedience, respect for authority, and hierarchical values. People who have a strong belief in the pecking order are less likely to question a demand made by a superior and are therefore more likely to comply without hesitation.
  • Sexploitation Scams: These scams use fear as the driving force to get people to comply with demands. A scammer working in this field uses language to evoke a person’s most primal drives- hoping their influence takes over the more practical aspects of human thinking. Anyone can struggle to make intelligent decisions when they are especially scared or excited, but someone prone to fast emotions is more likely to be a prime target.

It is interesting to see how different these two examples are, which shows how much a person’s emotional makeup and core values can impact their likelihood to become a victim of fraud.

The Challenges Facing Scam Awareness 

As Tim Erlin rightfully pointed out during his interview with Martina Dove– a significant challenge that stalls the progress of beating cyber criminals is the underlying sense of shame and embarrassment many scam victims feel. He stated that people don’t want to admit they fell for it and may not even report that it ever happened. This, sadly, is true and only adds to the stigma of fraud victimization- making it harder to build a substantial defense against these crimes.

Furthermore, there is a dangerous habit out there of immediately labeling scam victims as stupid, making them feel guilty for being the target of what is, at the end of the day, a crime. Fraud is as real as robbery, yet the victims are treated very differently.

Increasing the awareness and understanding of why these things happen and changing the narrative of how victims are perceived could help bring a more accepting mainstream view.

How Can Martina Dove’s Research Help with Fraud Awareness Training? 

Modern businesses are acutely aware of the very real risk of cyber scams and take steps to protect and educate their staff, but is there enough focus on vulnerability rather than vigilance? The idea that anyone can fall for a scam needs to be more publicized, and people made aware of what exactly is it about a person’s personality and psychology that makes them vulnerable.

As cyber security professionals can confirm- the human aspect is and always has been the weak link in the defense chain because people can make mistakes, and the brain is open to mind games. If scammers are getting better at playing on the mind, then security experts need to get better at educating people on how this exploitation works.

Using Dove’s research to make anti-fraud training more human-focused and interactive could be the difference between a person falling victim and feeling ashamed and being aware of emotions used against them- and being able to stop an attack in its tracks.  

Practical Advice for People at Risk

As part of Dove’s research, she complied a checklist of actions to take towards proactively identifying potential scams and avoiding being drawn into the deception. Here is a brief summary of the key points for consideration. 

  • Question how it makes you feel: Scams play on emotion and aim to evoke a strong reaction, so how you feel when you read something could be an instant warning sign.
  • Look for further language clues: Is there any wording that seems overly strong or makes you feel bad in a way that seems unnatural?
  • Beware of links: A quick and convenient ‘click here to solve your problems’ may not be what it seems. Only access trusted links and log into any secure accounts via the official portals and never through an email.
  • Make space for rationality amongst emotion: Understand that what you feel in the moment could have been engineered through clever psychological tricks and attacks. Take a step back, wait to make a decision, and ask for opinions from family and friends if you are not sure about how to proceed.
  • Scrutinize the details: Look into correspondence for any sign of falsification or something that just doesn’t feel right. Emotional people may be quick to act, but they can also have strong senses of instinct.
  • Don’t rush to action, no matter the request: Sometimes, a pause is all it takes. Stopping and thinking is never bad practice in any walk of life or decision to be made.  

Final Thoughts 

Everyone was not created equally when it comes to emotions and how they drive our thoughts. Moderating how they impact decisions and how vulnerable they make us to gullibility is not easy, and greater awareness is needed.

The ties drawn between psychology and cybercrime are truly fascinating and open up an interesting and far overdue conversation about the correlations.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Security Appreciation: Cyber Security

/0 Comments/in /by

Awareness; knowledge or perception of a situation or fact.

Appreciation; a full understanding of a situation.

Cyber Security Appreciation

“My business has been hacked. Now what?” Here are the steps you should employ immediately.

Hire a Professional – When a business is hacked, it is entirely possible they were compromised because they did not employ technicians to prevent it in the first place. Therefore 3rd parties that specialize is security and breach mitigation should be contacted immediately. These IT security professionals specialize in prevention and containment. Their role proactively is to seek out vulnerabilities by utilizing vulnerability scanning software to seek out points of entry and patch those vulnerabilities prior to an intrusion.

Change and Reset Passwords – Many hacks begin with compromised passwords. Easy to guess/easy to hack/easy to crack passwords make the hackers job, well, EASY. Never using the same password twice, and utilizing upper case, lowercase and characters along with using a password manager ensures password security.

Update All Software – Begin by scanning all hardware and software with anti-virus programs and removing viruses. Vulnerabilities are often due to outdated software or operating systems riddled with flaws. Updating with critical patches eliminates these threats. Maintain redundant networked hardware systems in place, backed up data, contingency plans to put duplicate systems online immediately following a breach.

Update Your Companies Hardware – Old outdated hardware simply can’t keep up with the requirements of newer robust software or the security software required to keep networks secure.

Back Up All of Your Data – You have to make sure that you are regularly backing up data to a secure location. This data should also be encrypted.

Manage All Identities – Make sure that you are managing identities and access to accounts. You must do this across the board, as just one account being accessed could make you or your network extremely vulnerable.

Utilize Multi-Factor Authentication – You can use multi-factor authentication to keep accounts protected, too. This means every time a device or an online account is accessed, an additional text message must be sent with a one-time pass code or a one-time pass code sent to a key fob. There are hardware devices available that are also forms of second factor or multi factor authentication.

Security Awareness Training – Assuming employees know what to do and more importantly, what not do, is risky. Providing effecting ongoing security awareness, and in the authors opinion “security appreciation training” is partnering with employees to protect the network.

Patching – Set up a system so that you can always ensure that your hardware and software is always patched and updated on a regular basis. This helps to keep your data safe.

Align Your IT Security with Other Business Security – Those who are in the IT industry often feel as if they are struggling to keep up with changing technology, including security tech. The success of a business is based on keeping it secure, and keeping all types of security in mind including IT security, has a direct impact on revenue.

Recognize Social Engineering Scams – Every time the phone rings, every time an email comes in, every time an employee opens up a US postal letter, be suspect. Criminals contacting you or employees will try to bamboozle them with gift card scams, utility bills scams, invoices for products and services, you name it. There are thousands of scams designed to fleece consumers and small businesses.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Tips to Protect Your Identity from Cyber Thieves

/0 Comments/in , /by

There are several tried and true ways that you can use to protect yourself from ID theft, and some of them you might have never even considered:
Check Your Passwords – Every online account you have should have a different password. Never use the same password for more than one account. You can easily fix this issue by using a password manager. Also, don’t use specific words/phrases or keyboard sequences when creating passwords. A password manager can even generate passwords for you.

Don’t Post Personal Information on Social Media – This including things like your kid’s school or teacher, the town your parents live in, your pet’s name, or even where and when you are going on vacation. Cyber thieves can use this information to guess passwords.

Ignore Any Email from People You Don’t Know – If you get emails from people you don’t know that have a link or attachment, never, ever click or open them.

Put a Password on Your Phone – This way, if your phone is lost or stolen, you don’t have to worry.

Shred Important Documents – Anything that comes in that has personal information, that would go in the rubbish, should be shredded. This includes credit cards bills and medical records.

Never Give Your Social Security Number Out – Unless you absolutely have to, you should not give up your Social Security number. Just because someone asks for it, that doesn’t mean they actually need it, or you should hand it over. That said, I give up my social all the time. But only on documents or applications that absolutely require it.

Check Out Your Credit Report Each Year – Every year, or every quarter, you can get access to your credit report for free. Check it out when you can to make sure it’s accurate.

Inspect Your Statements – Look for anomalies or unauthorized transactions. This includes any banking and credit card statements, and you should do this each month.

Get a Locking Mailbox – A locking mailbox is available at most big box hardware stores or online.  Or pay for a PO Box.

Stop Your Mail When You Travel – You should also stop your mail delivery when you take a long trip.

Freeze Your Credit – Consider freezing your credit. This will stop an ID thief from opening new accounts in your name.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

8 Cyber Security Tips You Can Start Today to Keep Yourself Safe

/0 Comments/in , /by

These days, it seems like there is one data breach after another, and each time, they are being done by those who want to steal your identity. Thankfully, it is much easier than you probably think to keep your info safe. Here are some tips that you can start doing right now to put yourself in a position to fight this:
Cyber Security Tips
Take a Look at Your Accounts

Almost any account allows you to check the recent activity. Even Facebook, Google, and Twitter have this available. When you take a look at this, you can see every log in and authorization. If something looks strange, such as a log in from Nigeria, odds are good that you have been compromised. Most of these sites allow you to log out of every location, so you should definitely do that.

Take a Look at Your Computer

 You may not realize it, but at any time, there are a number of programs running on your computer. However, some of these might not be safe. So, it is always a smart idea to check to see what is running in the background. To do this, you can check Activity Monitor for Mac or Task Manager for Windows. If you don’t know what a program is, look on Google. It will tell you if it is good or bad. If it is not good, figure out how to uninstall or remove it.

Take a Look at Your Passwords

 Also, take a close look at your passwords. Do you think they are really safe? Every account should have its own password, and if you use the same passwords for more than one account, your chances of getting hacked rise exponentially. You also need to make sure you are changing your account passwords on a regular basis. You can use our FREE Email Checker and check your email address and passwords.

When you do this, you can check to see if your account has been compromised. If so, change your password immediately. You should also consider using a password manager.

Take a Look at Your Wi-Fi Connection

Are you paying attention to your Wi-Fi connection? Do you have a password protecting it? Do you have a WPA encryption? Do you have anyone piggybacking on your connection? You can install a program like Wireless Network Watcher. It is also very important that you are cautious when on public Wi-Fi. Only use a VPN, virtual private network, when connecting to public Wi-Fi.

Take a Look at Connected Apps

You also may not realize that you have given your social media accounts permission to connect to other apps. Though this isn’t extremely dangerous, they can result in account takeovers and data leaks. So, if you don’t use a specific app or service any longer, you should sever the connection.

Take a Look at Installed Apps

When you look at those connected apps, also take a look at what apps you have installed on your computer and your mobile device. You may have downloaded some type of malicious program that looks like a tool or game, but it could end up wrecking your system. If you have any weird apps, check Google to see if there were any vulnerabilities or flaws.

Update Everything

You also want to make sure you are updating your apps and OS regularly. These updates often contain security improvements in order to keep your devices safe. The newer the update, the safer your device. Also, don’t forget to check for updates on your browsers, routers, and even printers, as these can be manipulated, too.

Protect Your Identity

Finally, do everything you can to protect your identity. There are two ways to do this, especially when it comes to stopping someone from opening new lines of credit in your name. You should set up a credit freeze through every credit bureau. You should additionally set up an account that offers identity theft protection. This helps to watch your data, and it monitors your credit reports. If something goes wrong, when you have this type of protection, there are people standing by to fix things, and by doing this, you can minimize the damage that could occur.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

SMBs Including Real Estate, Watch Out for these Cyber Security Threats!

/0 Comments/in /by

There used to be a time when hackers only targeted retailers, but these days, they can target almost any business in any industry, especially those that are not aware of the best cyber security practices.

cyberattack

One of these groups is the real estate industry, and according to a recent survey, approximately half of all businesses in real estate are not prepared to handle any type of cyberattack. Though Federal law requires specific industries, like banks and hospitals, to have security in place, the real estate industry is not one of them. If you work in real estate, here are some common cyber security threats to keep an eye out for.

Business Email Compromise – BEC

A BEC, or business email compromise, is a type of cyberattack that tricks a company into wiring cash into the bank account of a criminal. Hackers do this by “spoofing” email addresses, and then then sending messages to recipients that look like they are coming from someone they trust, such as the CEO or the head of accounting.

This happens a lot; the FBI has found that billions of dollars have been lost due to BEC scams. Yes, this is pretty scary, but there is more. The FBI has also said that those in the real estate industry are targeted, and anyone who participates in a real estate transaction is a possible victim.

Wire Scams During Mortgage Closings

There are also scams during closings. Here’s how it works. Before the sale of a home is complete, the buyer gets an email from their Realtor, a title attorney, or another trusted person in the industry with the details of the date, time, and locations where the closing will take place. Scammers know this, so they create a different email that tells the buyer where to wire the money. But it’s right to the bank account of the scammer. Within minutes of the transfer, the money is pulled out of the account, and the scammer is gone.

The Internet Crime Complaint Center, part of the FBI, shared statistics that from 2015 to 2017 there were more than 10,000 victims of these scams, and the losses here totaled more than $56 million…and it’s growing all of the time.

Ransomware

Another thing that those in the real estate industry need to be aware of is ransomware. This is a type of malware that shuts down a network or a device so that you can’t get into it until you pay up. This is a very profitable scam for hackers, and it is becoming very popular year over year. All it takes is one person on your team to click on a link, and the entire network could be compromised.

Keep in mind that ransomware attacks don’t just target computers. These attacks can target any devices that connects to the internet, including smart thermostats, smart lights, and smart homes. When a digital device gets a ransomware infection, they stop working.

Malware

Though most people have heard about ransomware, there are other forms of malware, too. For example, you have likely heard of spyware or Trojans, which are still out there. Specifically, these are used for cybercriminals to spy on those they are targeting. They can get access to a victim’s bank account, or even steal their email inbox. Hackers also use malware to steal personal info or employee information, and they can get things like personal client information Social Security numbers, credit card numbers, and more. Just knowing this, you can understand why those in the real estate industry are targets.

Cloud Computing Providers

If you work in the real estate industry, your livelihood is at risk thanks to cloud computing. This, you might know, is a more economical way to backup information, so while it is necessary, there are risks. However, hackers can get into these “clouds,” and if they do, they can get access to all of the data in there.

It may seem that by using a cloud computing company that you are actually lowering your risk of becoming a target, but the truth is this: there is still a risk because your devices are likely not as secure as you think, and your passwords are probably not as strong as you think. This means making sure you’re not using the same passcode for any other accounts and enabling two factor authentication for everything.

Don’t Let Your Real Estate Company Become a Victim of a Cyberattack

Now that you know your real estate company can be a target of a scammer, you may wonder how you can lower your risks. Here are some great tips:

  • Write New Policies – One thing you can do is to write new policies to keep things safe. For instance, when you think of BEC scams, if you have a policy in place where you ban wiring money to someone based only on information from an email, you won’t have to worry about BEC scams any longer. Instead, make it a rule that you must talk to the person sending the email, and you must be the one to make the call to confirm. Don’t call the number that is in the email, though. Confirm that it is correct. It could be the number of the scammer.
  • Teach Your Staff – You also want to make sure to have better training for your staff. Most of the attempts at hacking come from email, so when you train your staff to stop blindly opening attachments nor click on links in emails, you can protect yourself from these scams. You also should look into a Cyber, Social & Identity Protection Certification This is where you can learn more about the methods and strategies that you can employ to cut down on any incidents. You can also learn about developing procedures that help keep your clients safer.
  • Teach Your Clients – Speaking of clients, you want to help them, too. All wire scams having to do with closings can be prevented in most cases. Make sure your clients know that in the process of selling or buying a home, there are going to be a lot of emails floating around, including those from Realtors, mortgage companies, insurance companies, home inspectors, real estate attorneys, and more. Make sure they know that before clicking on anything or wiring money that they should first call their Realtor. They should never, ever send money unless they get the go-ahead to do it, and then they still need to make sure to confirm that the transfer is going to the right place.
  • Back Up Your Devices and System – Always make sure that everything is backed up, including your devices and your network. This way, if you do get hacked, you won’t have to pay a ransom, and the information is easy to get back.
  • Check on Cloud Computing Contracts – It is also a good idea to look into what you are getting from your cloud computing provider. They don’t like to take responsibility for a cyberattack, and there might even be something in your contract with them that says they won’t. So, you should start your own negotiations with the company in question about what you can do about something like this.
  • Buy Cyber-Liability Insurance – Finally, you should consider getting cyber-liability insurance. This could definitely help make things less risky for your real estate business. There are all types of different policies out there, so do some research or speak to a professional.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

A Look Ahead: What Challenges Might We Face with Cyber Security in the Next Year?

/0 Comments/in , /by

I was recently talking to a friend. She called me because there was a big issue at work: a ransomware attack. Basically, a hacker installed software that locked down the entire network, and then demanded that her boss pay $8500. Ultimately, against my recommendations, the only choice they determined they had was to pay the money, and in the process, they learned a very valuable lesson about the importance of backing up company data.

This is only one of the things that we are going to be facing in the upcoming year. Here are some more that everyone should be aware of:

More Ransomware

We are definitely going to be seeing more ransomware attacks. These cyber criminals are getting even more greedy and they know that the data they are holding for ransom is very valuable. So, expect even higher priced demands.

More Built-In Security

For those in the security industry, there is going to be a lot of work ahead. There are new challenges coming up all of the time, and there are still the old issues that haven’t been solved. People in the industry will have to go way beyond home computers and cell phones. With so many products connecting to the internet, there are millions of ways for cyber criminals to launch an attack.

Intelligence-Based Security

We also can expect to see more artificial intelligence-based security approaches, since the technology we have now just isn’t doing the job. There needs to be more advanced analytics and monitoring, and this will help to prevent more identity theft incidents than ever before. Artificial intelligence just keeps on getting more prominent, and we are seeing computers actually learning without any help from humans. If these computers start to learn enough, they can start helping criminal hackers too.

A More Vulnerable Internet of Things

It’s also a huge possibility that there are going to be big issues in regard to the Internet of Things. Often called “end points” more devices than ever before are connecting to the internet, and more people are using them. This makes us more vulnerable to attacks, so we need to lock this down. Before you buy anything that connects to the internet, you must do your research.

More Phishing, Too

We can also expect more phishing attacks. Hackers are certainly planning more of this, and honestly, these attacks are easy to pull off. Why would they stop?

Credential Theft is Here to Stay

Attacks that occur for the purpose of stealing banking credentials and payment cards will also continue. Don’t ever click on a link in emails, and don’t open any attachment before you open them.

Credential Stuffing

There are billions of stolen credentials floating around the Internet ready for the taking and hackers are plugging this data into well-known websites and gaining access to email, ecommerce, banking, financial, you name it. Change up your passwords.

Security with Smartwear

We are also seeing new threats in regard to wearable devices. These can be bad news for consumers and businesses because they can easily be portals for infecting a home network. Keep these devices updated and change the passwords from the default if you can.

Governments Could be Targets

Cyber-attacks on governments will surely continue, too. These might be inside jobs, or they could be from foreign sources. Even if you think your devices and data is secure, the government might not be. This is another reason you need to have ID theft protection.

Smarter Cars

We also are going to see smarter cars; cars that are more connected than we have ever seen. There are close to 100 ECUs, electronic control units, in cars these days. Some of these are connected to the internet, too, so think of what this might mean. Technically, a hacker could do things like control the car’s brakes. Thankfully, manufacturers are adding more security, but consumers really have to do their homework, too, and understand their cars’ capabilities.

DDoS Attacks

Distributed denial of service attacks, or DDoS attacks, is when manipulation occurs to make something unavailable to people, like a website. We will certainly see more of this.

Disinformation Proliferation

There has never been a time when dis-information was so easily spread by so many, for so many reasons. When government officials at the very top become the primary spreaders of this information, such as dictators in Banana Republic’s and even those in the USA, you know we have a significant problem. Get your facts straight, publications like the New York Times or the Wall Street Journal have no reason to lie. Fact check before you share and spread misinformation.

Conclusion

Here’s the situation; we cannot fully protect ourselves from all of the fraud and scams that are out there, no matter how hard we try. With so many devices that are connecting to the internet, hackers have a ton of opportunity to take advantage of their victims. We need better security and more awareness, so as we move into the new year, keep all of this in mind.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

This is What a Scary Psycho Cyber Stalker Looks Like

/0 Comments/in , /by

Ryan is a stalker. Ryan was arrested on charges of cyberstalking in October 2017 after it was discovered that he was cyberstalking his former roommate, a 24-year old woman, along with her friends, family, and other acquaintances.

cyberstalkingThe victim claims that Ryan was involved in hacking and cyberstalking since April 2016. She says that he began hacking into her accounts and stole her photographs, personal diary entries, and personal information. Once Ryan had this information, she says that he sent it to her friends, family, and acquaintances.

On top of this, the female victim also says that Ryan created online profiles using her name and photos, and then used those accounts, pretending he was her, to find sexual partners. She claims that because of Ryan’s actions, strange men began showing up at her home, as Ryan would give them her address. Ryan also did things like use the victim’s photos and information to threaten others, and even went as far as claiming that she was going “shoot up” a school.

Many people like Ryan believe that they can use the internet anonymously to terrorize others. They also often believe that they are smarter than law enforcement and will get away with these crimes. The Department of Justice has announced that it is focused on not only identifying and arresting stalkers but prosecuting and punishing them for these actions.

Ryan created a huge cyber stalking campaign where he hacked and harassed his victim. This, of course, was terrible for her to go through, but it also used up law enforcement resources, which was totally unnecessary. Too many people see hacking and cyber stalking as a prank or even as harmless, but it is far from it. It is very scary, and it causes the victims to become very frightened. No one should feel unsafe in their school, home, or workplace, yet Ryan made sure that people did, especially his victim. It is the hope of law enforcement that Ryan’s arrest will stop others from doing similar things. But it won’t.

Protect Yourself:

  • Do background checks on roommates. Although this may not find anything
  • Get references. Just like shopping on eBay or Amazon, check the “reviews”
  • Cover your tracks online by using various privacy and security software
  • Password protect all your devices
  • Install a Home Security system
  • Take self defense
  • Consider firearm training if you face a significant threat
  • Get a protection dog
  • If you can afford it get a body guard
  • Freeze your credit and get identity theft protection. Even though this doesn’t stop a stalker, it makes the victim and less appealing target.

Though Ryan was arrested in the state of Massachusetts, cybercrimes like hacking and cyber stalking fall under the jurisdiction of the federal government. All sentences are giving by a federal district court judge, and the sentences are based on both federal sentencing guidelines and other important factors.

Ryan is in jail. He was sentenced to 210 months, over 17 years in prison and five years of supervised release, after pleading guilty in April 2018 to seven counts of cyberstalking, five counts of distribution of child pornography, nine counts of making hoax bomb threats, three counts of computer fraud and abuse and one count of aggravated identity theft.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Protecting Your Company and Yourself from COVID-19 Hackers

/0 Comments/in , /by

Many people are asking how they can not only protect themselves, but also their organizations, from all of these COVID-19 hacks that are currently popping up.

As with any other phishing scam, vigilance is extremely important. We are certainly going to have to keep on our toes for months, or even years, as this fallout from the pandemic could be around for a long time.

You have to be suspicious of each and every unsolicited email, phone call, or text, especially if someone is looking for account or contact details, or they ask to share personal information. If you feel like information seekers are asking for too much, you should vet the email, dig deeper, do some web searches, and make sure its legitimate.

Don’t use any links or phone numbers within the email of based on the call until you do this. If you get a recorded message, make sure you don’t press any button when asked. If you do, you may be giving them some type of approval and you end up being a victim.

  • In response to ransomware, you should make sure that you are totally backing up your data on all of your devices.
  • For any online account you have, set up or turn on two-factor or multi-factor authentication when you can. This, at least, makes those accounts less likely to be breached, even if someone does get ahold of some of your information.

You might think this is a pain right now, but it definitely won’t be a pain if your information is breached and you start to lose money.

There are many organizations that are being forced to give their employees access to their networks from home…and in most cases, they never planned for that. This working from home increases the criminals attack surface. So, the network is probably more vulnerable, and in some cases, security policies and processes are even being bypassed to ensure all employees have access to it. This comes at a big risk, and with every employee who has access to the company network, there is an opportunity for a hacker to get inside.

Most cybercriminals who go for this type of hack want to get access to this so they can get sensitive information and turn it into cash. Other hackers want to go big time, and they will use the credentials that they are hacking to use in attacks like “password stuffing/spraying,” to access multiple critical user accounts. With a larger “attack surface”, these companies are definitely at risk and because of staff working from all over the place, any attempt to break into the network could go unnoticed until it is too late.

Corporate cybersecurity and IT teams are working hard, but they, too, are generally working from home. With even more workload and more remote information to go over, this also means that they don’t have the time to pay as close attention as they should. This makes things even more dangerous, so keep your eyes open.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Deepfakes and the Impact on Cybersecurity Now and in the Future

/0 Comments/in , /by

Can you believe what you see in a video? Most people say ‘yes,’ but the truth is, you no longer can. We all know that photos can be altered, but videos? Thanks to artificial intelligence, these, too, are being altered at a very quick rate.

These videos, known as “deepfakes,” are out there, and they are doing a number on cybersecurity. In fact, leaders in the cybersecurity sector are warning consumers that high tech video alteration is here, and it is very difficult to tell with the naked eye whether or not a video is real or fake.

Leaders in cybersecurity shared an example of how this works. Basically, they created a video of a man, Steve Grobman, an executive from McAfee, speaking. However, the words he was speaking were not his own; they were the words of Celeste Fralick, a female data scientist, who had created this deepfake video to make a point. This might seem like a fun trick to play on your friends, but in reality, it could have a huge impact on cybersecurity, as things like phishing and social engineering will become easier than ever for hackers.

Deepfakes and artificial intelligence can also be used for audio too. Meaning a person’s words can be spliced together seamlessly to create full sentences. Joe Rogan the comedian and podcaster who has 1300+ podcasts was used as a demo. But even more disturbing is Joe Rogans voice with Taylor Swifts face.

What could this mean for you? Well, since it’s so relatively easy to make a video like this, it could cause some real issues for the public. One way that it could be used is to start with a photo, and then change a very small part of it. This change would be unable to be noticed by a human, but the change would be enough for AI to see the photo as something else. So, if you can confuse something like artificial intelligence, you could certainly confuse the systems that are built to stop cybersecurity.

This could have a lot of negative impact on all of us, and it could really give a boost to those who make a living in taking advantage of others via cybercrimes.

The good news is that though this type of technology could be used for bad, artificial intelligence could also be used for good things. For example, the technology could be used to create a crime map of where crimes have happened and where arrests could be made, which would make our streets, safer. At the same time, it could also be used by criminals to know where they could commit a crime without being arrested. You could also look at it like this. During World War II, more than two million people were killed by bombs that were dropped from airplanes. Based on that information, Orville Wright, the inventor of the airplane, was asked if he regretted this invention. He said ‘no.’ Why? Because he looked at the airplane as similar as to fire; it could cause terrible destruction, but at the same time, it is so very useful. This new technology is the same, and it will be interesting to see how it comes to truly be used in the future.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.