Posts

Are you a Target of a List Scam? WARNING: You Probably Are

You might not realize it, but there are scammers out there that are focused on conference attendees and exhibitors. What do they want? They want money wires, credit card numbers, and any personal information that they can use to steal a person’s identity. One way that a scammer can get this info is by using an invitation scam or a list scam.

scamBasically, if you are a person who is registered for a conference, if you are a conference vendor, or if you are speaking at a conference, you might receive an email…or a number of emails…that invite you to attend a conference. They might also offer to sell you a list of people who will attend the conference, and their contact information. This, of course, could be beneficial for you, but it is too good to be true? It certainly is.

Lists Like These are Lies

With these scams, many people are targets, as well as associations. If you do an internet search for “Attendee List Sales Scam“, you will find a number of associations that have members and those interested in marketing to members, which are targeted by a criminal or criminals to purchase lists that don’t exist.

It may sound great to get a list like this, which will give you access to this information, including contact information for attendees. But they are all lies. On top of this, getting this info might even be illegal.

Consider this for a moment…when you sign up for a conference, did you opt-in to have your personal info shared with other people? Likely not, and that may also mean that other attendees didn’t do this, either.

To find out if a list might be legitimate, look at the policies for the conference. Do they give info to third parties? Do they sell or rent these lists? Is the company name that contacted you on the list of third-party vendors? If all of this seems legitimate, the list is probably fine…but if not, it’s a total lie.

If you believe that you are dealing with a liar, the first thing you should do is contact the Better Business Bureau online and find out if the company is legitimate, or not. If it is a scam, you can read information and reports from other people. If it is not a scam, but you are not interested in anything from them, simply mark the email as spam. If you believe you are dealing with a scammer, considering letting the association or meeting planner aware of the scam, or, don’t do anything. Instead, delete the email. In most cases, these scammers are just looking for an active email address, and if you reply or unsubscribe, they will know your email is active.

Other Conference Invitation Scams

Another type of conference scam is when attendees are told about exhibitors that don’t exist. This might push people to sign up for a conference, when in reality, those exhibitors won’t be there. In some cases, you might even find that the conference itself won’t be there! Instead, they are just fishing for your information by telling you a great exhibitor will be there.

So, if you are in this situation, the first thing to do is to start researching. First, look up the name of the person who contacted you online. See if they say who they are. Look for their LinkedIn profile, or look for reviews on them. You can also contact the venue where the conference is set to be held. Ask if the conference will be there. Before you send your fee, look to see if there is any cancellation or refund policy in place. You also should do some research about the company’s reputation. Finally, make sure that you only pay for a conference with your credit card. This way, you won’t be held liable for the fee if this is a scam. You can get your money back, and all legitimate conference companies will be very happy to take your credit card and all credit card companies will refund your money as long as you detect the fraud in short order.

Even More Scams

There are even more scams to be aware of, too. One of these is when a scammer begins to contact attendees about hotel reservations. However, once you pay, you find out it’s a scam. Typically, a scammer who does this scam contacts the attendees and explains that they are a representative for the hotel hosting the conference. They then tell you that their rates are rising quickly, or that rooms are close to selling out, so you must act quickly if you want a room. Of course, they can take all of your information over the phone, including your credit card number. Once you do this, you have just given a scammer all of the information they need to start spending.

If you are in doubt, you can contact the organizers of the trade show directly, and then ask who is booking it. If things don’t sound legitimate, you should give them the name of the company you believe is scamming you so they can pass off the information to others.

Understand Your Options

  • It is imperative that when you sign up to attend or present a conference that you only interact with the company that is running the conference.
  • If you have any doubts you can confirm with the company that the offers you are getting from the third-party are correct.
  • You also can get an official list of official vendors from the meeting planner.
  • Keep in mind that any legitimate company might have your personal info, but they won’t release that information to third parties without your permission.
  • Sometimes an exhibitor might get the mailing address of an attendee. You can opt out of this, though. It might be harmless, but that doesn’t mean all of them are.

Wi-Fi Hacking

Finally, you want to keep an eye out for Wi-Fi hacking. This common scam targets conference goers, too. When you go to a conference or a trade show, you can connect to the free Wi-Fi, right? This allows you to stay connected, and also ensures everything runs smoothly if you are running a booth. Hackers, of course, know this, so they create and set up fake networks. Once these are set up, you can connect to them without even knowing…and then they have

access to your device. They can then take your info and watch what you are doing online. Utilize a VPN to prevent any Wi-Fi intrusions.

Remember, these fake networks look very similar to real networks that might be set up by the conference. So, you always want to double check before you connect, and if you are in doubt, ask one of the organizers which one is legitimate. They can confirm the network for you.

There are always scammers out there, especially when you are going to a conference. There are simply too many opportunities for scams for them to pass this up. Fortunately, you can follow the advice above and make sure that you report any suspicious activity. Not only can this protect others, but it can stop scammers in their tracks.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Protecting Yourself from Gift Card Scams

It doesn’t matter what the occasion is, gift cards are a popular gift. However, if you are giving them, or getting them, you could be part of a scam. There are more gift card scams out there than you might think, and it includes both digital and physical cards.

gift cardIt doesn’t matter where you get the card, here are two ways that scammers use them to make money:

The “Assistant Gift Card Scam”

Small businesses are often the target of the assistant gift card scam. We see this a lot in the financial services industry, or really any other industry where you have a service professional who has assistant that manages administrative tasks.

The scam works like this: the scammer scopes out the service professionals website, he might make a phone call or send an email seeking out a secretary or assistant, and then reaches out to that assistant usually via email or even text, spoofing the communication medium and posing as the service professional.

In that communication, the criminal posing as the service professional requests the administrator go out and buy five gift cards for clients and to send pictures of the gift cards with the activation codes on the back scratched off.

Once the criminal receives the photos with the codes, he immediately cashes them in.

The best way to prevent this, is always by getting on the telephone and calling your boss to make sure that the request for gift cards is a legitimate one.

Using a Gift Card to Transform it to Cash

If you get a $200 gift card to a store, and then it’s stolen, it’s like you have lost money. It’s essentially the same as if someone stole $200 from your pocket. You might be wondering how a scammer can turn a gift card into cash. Here’s how it works:

  • The thief takes a gift card out of your gym locker.
  • Instead of using it it at the store, he puts an ad online offering it at a $50 discount saying he’s in a rough spot and needs cash.
  • Someone takes him up on the offer and sends him $150 via Venmo.
  • The thief then goes and uses the gift card at the store. He takes the item he bought and sells it on eBay….and never ships the card to the person who bought it.
  • So now, he has the $150 plus the cash he got from selling the item he bought.

Infiltrating Gift Card Accounts Online

Another way that a thief can scam people by using gift cards is by taking advantage of software. They use a botnet which is also a robot network of computers design to hack, to gain access to an online gift card account. Here’s how it works:

  • You log into your gift card account.
  • The botnet also tries to log into your account. They randomly keep trying until they guess the password/code.
  • Though it’s not guaranteed, the botnet could guess the password/code for your gift card, and if it does, you can say goodbye to the balance.

Protecting Yourself from Gift Card Scams

  • Don’t believe everything you read online. If a deal is too good to be true, it probably is.
  • Anytime a service professional requests a straighter buy a bunch of gift cards, get on the phone and talk to that person directly to confirm the legitimacy of the request.
  • Buy a gift card straight from the source, not from a random Facebook ad.
  • Don’t buy any gift cards at a high traffic location as it’s easy for scammers to hide their scam.
  • Change the security code of the card if you can.
  • If you have access to an online account, change your password and username.
  • As soon as you suspect something fraudulent is going on, report it.
  • Spend the money on the card as quickly as possible.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Gift Card Scams: What You Need to Know

You might not realize it, but hackers are making a ton of money thanks to phishing attacks, and now they have started to focus on gift cards. Scarlet Widow, which is a notorious scam group out of Nigeria, has really been boosting its efforts to romance scam people and using gift cards. The group is typically focused on people in the US and UK, and is also well known for tax scams, and rental scams.

Gift Card ScamsAre you a person who is at risk of being scammed by a group like Scarlet Widow? The group generally focuses on large or medium sized businesses including non-profits, such as the Boy Scouts of America, the United Way, and the YMCA. The scammers work by sending staff members emails, and though most people notice immediately that these emails are actually scams, it only takes one email to put a company at risk.

Common Targets

From around November of 2017 to today, Scarlet Widow has been targeting thousands of people and non-profits. It is also targeting the tax and education industries. Remember, the group only wins if they get access to email addresses from these organization, and they might put malware into the systems or use phishing links. Honestly, it doesn’t matter what method the hackers use, once they are in, the scam begins.

What is the Scam? 

So, what is the scam? Scarlet Widow tends to use traditional scams, but these days, the group has started using gift card scams. When we look at data from late 2018, we see that more than 25% of people who were scammed during that year said that they were victims of gift card scams.

The thing is, scammers really love this type of scam because they have fast access to cash, they can do it all anonymously, and once the scam is done, it is very hard to fix. Basically, all the scammer has to do is sweet talk their way into having someone buy a gift car, taking a photo of it, and they now have the money that was on it.

Typically, Scarlet Widow asked for iTunes or Google Play cards, but they have also been known to ask for gift cards from place like Walgreens, Target, or CVS. You might think it’s a bit strange that these people could actually con others to pay for services like cell phone service with a Visa gift card but remember…these are experts at manipulating people.

They often come up with a story about a sense of urgency, like this amazing deal will expire in three hours, and people actually fall for it. One example of this is an administrator from a financial advisory company I’ve worked with actually sent a scammer $1500 in iTunes gift cards. Why did she do it? She was duped into thinking the email was coming from the head of the finance department in the company she worked for.

One way to get a hold on this is to set up some type of security awareness training, but I even know someone in the industry who fell for it. It was an assistant of a security awareness trainer. She got an email that she believed was from her boss. It asked for five $500 Apple gift cards, which were going to be sent to their top five clients. So, the assistant went to Walgreens, bought five cards, and then, just as the email said, she scratched them to reveal the codes, took photos, and sent them back to her boss.  Except, it wasn’t her boss…it was a scammer who was now $2500 richer.

There are some limits to what scammers can do with gift cards, but they will do anything they can to get more money coming into their pockets. So, if you ever get a request for a gift card, be smart and use a ton of caution.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Working from Home Due to COVID-19? Protect Yourself from Cyberattacks

As we start to get used to living in a world where COVID-19 is changing everything, one of the differences that many have people are doing is working from home. With so many people now working on their home networks, cybercriminals are stepping up, and they are hoping to take advantage of people making security mistakes and doing more searches, specifically on COVID-19. This is a great opportunity for these thieves to target their victims.

COVID-19

Keep in mind that most people who are working from home are not working on a very secure network. Cyber attackers know this, and its important that both individuals and companies take the steps to protect themselves from COVID-19 and their information.

What Can Companies Do?

During this time, managers, owners, and supervisors should be setting clear expectations about how their businesses are going to work in these new environments. When these changes come down, they should come from the top. Here are some things to keep in mind:

  • You Must Understand the Threats – Business leaders should understand what threats are likely and prioritize protection methods based on that.
  • You Must Release Clear Guidance – It is also important that your organization’s at-home policies are easy to understand for all employees. This should include informing staff to communicate with security teams in the case of suspicious activity.
  • You Must Offer the Right Security – All business leaders should ensure that any company-owned devices are equipped with the best security capabilities. This includes the following:
    • The ability to connect securely to a business-owned cloud, and access to video teleconferencing apps that are important for remote workers.
    • Endpoint protection for all mobile devices and laptops including VPN tools and encryption.
    • Enforce the use of multi-factor authentication.
    • The ability to put a block on malware, exploits, and other threats using the best types of software and hardware.
    • A plan to filter any malicious domain URLS and stop any phishing attacks.

What Can Individuals Do?

People working from home should also take steps to ensure that they are remaining safe when working remotely.  Here are some things to do:

  • Create Strong Passwords – You should always create strong passwords and consider a password manager to facilitate multiple passwords opposed to the same passwords across multiple accounts.
  • Update Software and Systems – Install any system updates or patches as soon as you see them.
  • Make Sure Your Wi-Fi Access Point is Secure – Look at your Wi-Fi access point and make sure to change the passwords and default settings.
  • Use a VPN (Virtual Private Network) – A VPN is a good way to create a safe connection between a home computer and the worker’s organization.
  • Be Smart About COVID – 19 Scams – There are a ton of scams out there, including fake apps, so be smart.
  • Don’t Mix Work and Personal Tasks – Use your work device for your work and your personal device for personal tasks.

By taking these steps into consideration, either as a business leader or an employee, you can help to address some of the most common risks that you might face when working from home. Keep all of these tips in mind, and if something seems a little weird or strange, it’s probably best to report it to your company’s IT professional.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Two Common Government Employee Impersonation Scams: What to Watch For

One of the biggest threats that taxpayers are facing these days is an aggressive scam where criminals call victims and pretend to be IRS agents. The goal? To steal money.

All year but especially during tax filing season, the IRS will see a big surge in the number of scam calls, which tell victims that they will be arrested, deported, or have their driver’s license revoked if they don’t pay a fake tax bill.

How the Scams Work

These scammers make calls to people and claim to be from the IRS. They inform the victim that they have an unpaid tax bill, that must be paid immediately, either through a prepaid debit card or wire transfer. To make this sound even more legitimate, the scammers might also send a phishing email or make robo-calls to the victims.

To get the victims to pay, and to pay quickly, they make threats, as mentioned above. On top of this, they also can alter the number they are calling from through caller ID spoofing services to make it look like the IRS is actually calling. The scammers also will use badge number and IRS titles to make themselves sound more official.

The IRS is onto these scams, of course, and it has released information to remind taxpayers to be aware of them. For instance, a report from the Treasury Inspector General for Tax Administration, TIGTA, states that there are more than 12,000 people who have paid more than $63 million due to these phone scams over the past few years.

Recognizing an IRS Scam

There are certain things that the IRS will never do, so if you see any of these things, or you are asked to them, you can be sure that it’s a scam.

The IRS will NEVER:

  • Threaten to bring in local police for not paying your tax bill
  • Ask you to pay via a gift card or wire transfer
  • Demand that taxes are paid without question or the opportunity to appeal
  • Ask for debit or credit card numbers over the phone
  • Call about an unexpected refund
  • Call to collect money without first sending a tax bill

If you get a call from the “IRS” asking for any of this, hang up.

There are Social Security Administration Scams Out There, Too

The IRS is not the only government agency plagued by scams. People are also getting scammed by people claiming to be from the Social Security Administration, or SSA. The goal here is to try to get your Social Security number.

Basically, someone will call you and claim to be from the SSA in an attempt to collect your personal information, including your Social Security number. If you get a call like this, you should definitely not engage with the caller, nor should you give them any money or personal information.

One of the ways that scammers are so good at getting this information is that they try to trick their victims by saying their Social Security number has been suspended due to suspicious activity, or that it has been connected to a crime. They will ask the victim to confirm their SSN in order to reactivate it.

Sometimes, they might even go further with this and tell the victim that their bank account is about to be seized, but they can keep the money safe…by putting it on a gift card, and then sending the code to the scammer.

You might wonder why people fall for this, but it really is easy for these scammers to change their phone number to show the same number as the SSA on caller ID. But this is a fake number…it’s not really the Social Security Administration.

There is also the fact that the scammers will say that someone has used your personal Social Security number to apply for a credit card, and because of this, you could lose your Social Security benefits. They also might say that your bank account is close to being seized, and you must withdraw your money or wire it to a “safe account,” which is, of course, the account of the scammer.

Here’s some of the details about these scams that you need to know:

  • Your Social Security number won’t be suspended. You never have to verify your number to the SSA, either and the agency can’t just seize your bank account.
  • The SSA will never call you about taking your benefits or tell you that you must wire money to them. If you are asked for money from the SSA, it is a scam.
  • The SSA’s number is 1-800-772-1213, but scammers are using this to appear on caller ID. So, it looks legitimate. So, if you get a call from this number, hang up and call it back. This way, you can be sure you are talking about the SSA and get the information you need…or find out that someone was trying to scam you.

Do not give your Social Security number to anyone over the phone or via email…also, don’t give your credit card number or bank account number to anyone over the phone or via email.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Florida City Pays Hackers $600,000 after Scam

Riviera Beach, a city in Florida, has agreed to pay a $600,000 ransom to hackers who attacked its network.

This week, the City Council voted to pay the demands after coming up with no other option to meet the demands of the hackers. It seems that the hackers got access to the system when a staff member clicked on a link in an email, which uploaded malware to the network. The malware disabled the city’s email system, direct deposit payroll system and 911 dispatch system.

According to Rose Anne Brown, the city’s spokesperson, they had been working with independent security consultants who recommended that they pay the ransom. The payment is being covered by the city’s insurance. Brown said that they are relying on the advice of the consultants, even though the stance of the FBI is to not pay off the hackers.

There are many businesses and government agencies that have been hit in the US and across the world in recent years. The city of Baltimore, for instance, was asked to pay $76,000 in ransom just last month, but that city refused to pay. Atlanta and Newark were also hit with demands.

Just last year, the US government accused a programmer from North Korea of creating and attacking banks, governments, hospitals, and factories with a malware attack known as “WannaCry.” This malware affected entities in over 150 countries and the loses totaled more than $81 million.

The FBI hasn’t commented on the attack in Riviera Beach, but it did say that almost 1,500 ransomware attacks were reported in 2018, and the victims paid about $3.6 million to the hackers.

Hackers often target areas of computer systems that are vulnerable, and any organization should consistently check its systems for flaws. Additionally, it’s important to train staff about how hackers lure victims by using emails. You must teach them, for instance, not to click on any email links or open emails that look suspicious. It is also imperative that the system and its data, and even individual computers, are backed up regularly.

Most of these attacks come from foreign entities, which make them difficult to track and prosecute. Many victims just end up paying the hacker because the data is precious to them. They also might work with some type of negotiator to bring the ransom down. In almost all cases, the attackers will do what they say and allow the victims to access their data, but not all of them do. So, realize that if you are going to pay that you still might not get access to the data. Ransomware simply should not happen to your network. If all your hardware and software is up to date and you have all the necessary components and software that your specific network requires based on its size and the data you house then your defenses become a tougher target. Additionally, proper security awareness training will prevent the criminals from bypassing all those security controls and keep your network secure as it needs to be.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Scammers are Targeting Your Venmo and P2P Accounts

Do you use Venmo or other P2P accounts? If so, you definitely could be a target of scammers. Across the county, people are losing their cash, and it often happens so quickly that they don’t even know what’s happening.

You might think that you couldn’t be a victim, but scammers are often smarter and trickier, and they won’t hesitate to take advantage of you.

Here’s how they are doing it:

A stranger approaches you to use your phone. They have a sob story to make this scam more credible. You hand your phone over, they make it look like they are dialing, but instead, they are doing something else: swiping and searching your phone for “Venmo” and easily getting into your Venmo account and transferring money to themselves. People are losing thousands of dollars simply for being kind to a stranger.

Tips to Keep Yourself Safe

When using a P2P payment system, you should know that they all require access to your financial info. So, when you use them, make sure that your account settings are set in a way to ensure all of the security measures that you can set. In order to keep yourself safe from scams like this, there are some tips that can keep you safe.

  • Two step authentication. Access the menu, turn it on. This might include using PIN, a biometric log in, like a fingerprint.
  • Get the money out of your account. In most P2P apps, when you get a payment, the money is generally added to the balance held in the app. It doesn’t appear in your bank account until you transfer it or use it in another way. If you want to transfer money to your bank account, you should definitely make sure that the deposit went through. Just keep in mind that it could take a couple of days to transfer.
  • Pay only those you know well. Scammers know a lot of tricks, and they will find methods to trick you into paying them in ways you would never expect. So, if you are sending money from one of these apps or sites, make sure that you know the person you are sending money to. If you are using the app or site to get money from someone else, transfer the payment into your bank account and make sure it transfers before you send any goods.
  • Disconnect from Social Media: Finally, keep in mind that there are apps or sites might share your transaction information on social media. Check your social media settings because some of these settings might be set to share this info. Just make sure you are comfortable with what is going out on social media.

Bitcoin Scams Up the Ying Yang

If you are thinking of jumping onto the Bitcoin bandwagon, or any type of cryptocurrency, you have to make sure that you are watching out for scams. There are a ton of them out there, including the following:

Fake Bitcoin Exchanges

You have to use a Bitcoin exchange if you want to buy or sell Bitcoins, but not all of them are legitimate. Instead, many of them are created for the sole purpose of taking people’s money. Only use well-known exchanges.

Ponzi Schemes

Bitcoins are not exempt from Ponzi schemes, and you have to look out for these. These are like pyramid schemes, and you definitely don’t want to get caught up with this, as you will certainly lose your money.

Fake Currency

You have certainly heard of Bitcoin, but there are other cryptocurrencies on the market, too, as alternatives to Bitcoin. However, there are also fake ones. For instance, one of these, My Big Coin, was fake, yet the people behind it managed to take more than $6 million from customers.

Well-Known Scams

Bitcoin scammers also rely on old school, well-known scams to trick people. They might, for instance, send emails pretending to be the IRS or even having some type of Bitcoin sale. People fall for these scams every day. If it seems weird, like the IRS emailing about Bitcoin, it is most definitely a scam.

Malware

Malware is another associated scam with Bitcoin. Most, or all wallets are connected online, scammers can use malware to access the account and take your money. Malware can get on your computer in a number of ways, including from websites, social media sites, and even through email.

Fake News

We live in an era where online news is the most popular method to get news, but it’s also very easy to create news stories that seem totally legitimate, yet they are absolutely fake. Basically, scammers create these stories to bait victims, so always think before you start clicking.

Phishing

These Bitcoin scammers also use phishing scams to try to get money from people who are trying to buy and sell Bitcoin. These scams are often done by clicking malicious links.

It doesn’t matter if you join the Bitcoin craze or not, you can also use these tips to keep yourself safe from other scams. Here’s some final tips:

  • Always do a security scan on your laptops, computers, phones, and tablets on a regular basis.
  • Do your research before investing in any cryptocurrency website. Make sure it is trustworthy and secure.
  • Store all of your cryptocurrency in a wallet offline, which keeps it protected from scammers.
  • Always monitor all of your banking, credit card, and cryptocurrency accounts.
  • Always insist the crypto site has two step or two factor authentication.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Top 10 Tips for Securing Your Mobile Devices and Sensitive Client Data

Do you have employees who bring mobile phones to work and use those devices on the corporate network? Do they store company data on these “Bring Your Own Devices (BYOD)”?? Does your company have a policy in place for this?

First, the moment a person brings in their personal phone to work, there is a fusion of personal and business tasks that occur. And, equally as bad, company issued devices are used for personal use as much, if not more than the employees own devices. Not sure you believe this? Here are some stats:

A recent survey asked 2,000 office workers about their habit of using their personal mobile devices at work. Here’s what it found:

  • 73% of people admit to downloading personal apps to tablets they got from their company.
  • 62% of people admit to downloading personal apps to mobile phones they got from their company.
  • 45% of people admit to downloading personal apps to notebooks they got from their company.
  • The people who were most likely to do this were in the 25 to 38-year-old age group.
  • 90% of people use their personal mobile devices to conduct business for work.

As you can see, a lot of people are using their mobile devices on the job, and this could not only put your company data at risk, but also the data associated with your clients. Do you have a plan to minimize or even totally prevent how much sensitive company data is wide open to hackers?

Solutions to Keep Sensitive Business Information Safe

Decision makers and business owners should always consider their personal devices as equal to any business device. You definitely don’t want your sensitive company information out there, and this information is often contained on your personal mobile or laptop device. Here are some things that you can do to keep this information safe:

Give Your Staff Information About Phishing Scams

Phishing is a method that cybercriminals use to steal data from companies. Studies show that it is extremely easy for even the smartest employees to fall for these tricks. Here’s how they work: a staff member gets an email with a sense of urgency. Inside the email is a link. The body of the email encourages the reader to click the link. When they do, they are taken to a website that either installs a virus onto the network or tricks the employee into giving out important company information.

Inform Your Staff that the Bad Guys Might Pose as Someone They Know

Even if you tell your staff about phishing, they can still get tricked into clicking an email link. How? Because the bad guys make these emails really convincing. Hackers do their research, and they are often skilled in the principles of influence and the psychology of persuasion. So, they can easily create fake emails that look like they come from your CEO or a vendor, someone your staff trusts. With this in mind, it might be best to create a policy where employees are no longer allowed to click email links. Pick up the phone to confirm that whatever an email is requesting, that the person who sent it is legitimate.

Teach Employees that Freebies aren’t Always Goodies

A lot of hackers use the promise of something free to get clicks. Make sure your staff knows to never click on an email link promising a freebie of any kind.

Don’t Buy Apps from Third-Party Sources

Apps are quite popular, and there are many that can help to boost productivity in a business setting. However, Apple devices that are “jailbroken” or Android devices that are “rooted” are outside of the walled garden of their respective stores and susceptible to malicious viruses. Make sure your employees know that they should never buy an app from a third-party source. Only use the official Apple App Store or the Google Play Store.

Always Protect Devices

It’s also important that you advise your employees to keep their devices protected with a password. These devices are easy to steal since they are so small. If there is no password, there is nothing stopping a bad guy from getting into them and accessing all of the accounts that are currently logged into the device.

Install a Wipe Function on All Mobile Devices Used for Business

You should also require all employees to have a “wipe” function on their phones. Even if they are only doing something simple, like checking their work email on their personal mobile device, it could get into the wrong hands. With the “wipe” function, the entire phone can be cleared remotely. You should also require employees to use the setting that erases the phone after a set number of password attempts.

Require that All Mobile Devices on the Company Network Use Anti-Virus Software

It’s also important, especially in the case of Android devices, that all mobile devices on the network have some type of anti-virus software.

Do Not Allow Any Jailbroken Devices on Your Company’s Network

Jailbroken devices are much more vulnerable to viruses and other malware. So, never allow an employee with a jailbroken phone to connect to your network.

All Employees Should Activate Update Alerts

One of the easiest ways to keep mobile devices safe is to keep them updated. So, make sure that all employees have update alerts enabled, and make sure that they are updating their devices when prompted or automatically.

Teach Employees About the Dangers of Public Wi-Fi

Finally, make sure your staff knows the dangers of using public Wi-Fi. Public Wi-Fi connections are not secure, so when connected, your devices are pretty open. That means, if you are doing things that are sensitive, such as logging into company accounting records, a hacker can easily follow. Instead, urge employees to use a VPN. These services are inexpensive and they encrypt data so hackers can’t access it.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Are you Scam Aware or a Sitting Duck?

You might have heard about all of the scams out there, and think that you are pretty scam savvy. But, the truth is, most of us aren’t, and even a simple phone call could get you caught up in a big scam.

One such scam occurs when criminals call random phone numbers and ask questions, such as “Can you hear me?” When you say “yes,” they record it. They then bill you for a service or product, and when you try to fight it, they say…but you said ‘Yes.’ Not only does this happen with private numbers, it also happens with businesses. So, you have to ask…are you aware of the possibility of scams, or are you a sitting duck just waiting to be targeted? HOWEVER, this scam is unproven. Meaning I don’t think it’s a scam at all. And the scam is that this is not a scam!

Do You and Your Staff Know What To Avoid?

Do you think your staff, or even yourself, knows what to avoid when it comes to scams?

  • It’s always a good idea to have some type of awareness program in place to teach your staff what they should avoid to avoid becoming a statistic. Phishing training and social engineering information should be a part of this.
  • Do you think you or your staff would know if they fell for a scam? To teach them, make sure to give them a general, broad view of various scams and avoid being too specific. Instead, broaden the perception they have of various attacks.
  • If someone on your team was the victim of an attack, would they even know what to do in that instance? It is important to have a “scam response plan” in place.

Reporting Scam Attacks

It is essential that your team understands how to report a scam. Whether that scam is a physical security scam, such as someone wearing a fake badge and gaining access to the facility or a cybersecurity incident.

It’s also important for you to realize that some people might not even want to report these incidents. They might not feel as if it’s a legitimate concern, or they might even feel stupid that they fell for it, so they hold the information back. Others might feel as if they are being paranoid, or feel as if it’s not a valid concern. Make sure your team realizes that we all make mistakes and you want to hear about it, no matter what.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.