Cyber Security Tips

You are a target!

Cybercriminals are quite effective at getting what they want. They’ve learned that the easiest way around your organization’s defenses isn’t hacking and cracking, it’s tricking you into letting them in.

Digital Attacks

Phishing: Email-based social engineering targeting an organization.

Spear Phishing: Email-based social engineering targeting a specific person or role.

Stop, look, and think before you click that link or open that attachment.


In-Person Attacks

USB Attacks: An attack that uses a thumb drive to install malware on your computer.

Tailgating: When a hacker bypasses physical access controls by following an authorized person inside.

Stop, look, and think before allowing someone in that you don’t recognize or plugging any external media into your computer.


Phone Attacks

Smishing: Text-based social engineering.

Vishing: Over-the-phone-based social engineering.

Stop, look, and think before you surrender confidential information or take action on an urgent request.

Social Engineering

Social engineering is the art of manipulating, influencing, or deceiving you into taking some action that isn’t in your own best interest or in the best interest of your organization.

The goal of social engineers is to obtain your trust, then exploit that relationship to coax you into either divulging sensitive information about yourself or your organization or giving them access to your network.

Red Flags

Red flags are a sign of danger or a problem. They can be as subtle as an uneasy feeling or as obvious as an email about “suspicious charges” from a bank that you don’t even have an account with. Pay attention to these warning signs as they can alert you to a social engineering attack!

Printable PDF
Credit: KnowBe4.com



Enjoy Save QR Scanning

Do not let cybercriminals rob you of the convenience of using QR codes.  Keep yourself secure by following these tips:

Use the built-in QR code scanner in your device’s app.

If your device does not have a built-in scanner, only download a trusted third-party scanning app from your device’s official app store.

Check for physical tampering before you scan.

Cybercriminals can generate malicious QR codes and print them as stickers to cover up legitimate ones.

Review the link displayed on your device’s scanning app before you click.

Look for spelling errors, misplaced characters, and shortened web addresses, which are signs of a malicious website.

Never enter sensitive information into a website where you are directed by a QR code unless you are certain the site is legitimate.

Always ask an employee to verify any QR codes posted in or around a business, and never scan QR codes placed in random locations.

Stay alert and think before scan to avoid falling victim to a cybercriminal’s attack.

Printable PDF
Credit: KnowBe4.com

 

The Dangers of AI and Deepfakes

What are AI Art and Deepfakes?

AI art is generated using billions of images and examples of art. When you enter a prompt, the AI art generator builds an image for you by combining many of these examples into a single image. Deepfake technology is similar, but it involves manipulating real photographs and videos of people and places. This technology can make it look like a person did or said something that they never did. Both of these technologies can be used in a harmless way, but cybercriminals have learned to use them maliciously.

Deepfake Scams

Scammers can use deepfake technology to impersonate celebrities or other public figures. This type of scam can make it seem like a celebrity has endorsed a product even though they have not. Scammers use this technique to trick people into purchasing a fake product, and they will steal consumers’ personal or financial information. Deepfakes can be used for political figures as well. A deepfake video can make it appear that a government official said or did something that they didn’t say or do. These types of videos can be used to lure people into visiting fake websites or clicking on fake news articles.

AI-Generated Art and Photograph Scams

Cybercriminals commonly use AI in online romance scams. They can generate fake photographs to use in dating profiles to try and steal money or information from their victims. The cybercriminals will also use current events as the subject of their scams. They use AI to create realistic photographs of tragedies and other events. They post the photographs on fake websites to coerce people into donating money to a charity organization. The organization is fake, of course, and the cybercriminals will keep any donated money.

What Can I Do to Stay Safe?

Follow the tips below to keep yourself safe from AI art scams:

  • AI-generated images often have subtle differences or mistakes. Keep an eye out for anything in the photograph that appears to be unusual. A hand with more than five fingers or a photograph with strange lighting or shadows are common signs that an image was created with AI.
  • Always stop and think before clicking or taking action. If a photograph or image seems bizarre or too good to be true, it could be a scam.
  • When possible, verify the claim in a different location. For example, if you see a video with a celebrity endorsement, check that person’s official website for proof that they are actually involved with the product.

Printable PDF

credit: KnowBe4.com

 

Get Out and Vote Phishing Scam

Multiple reports this week are warning Americans about a new phishing scam.

  • It arrives via text message, informing recipients that they are not registered to vote.
  • This fake website votewin[.]org asks visitors to supply their personal information for pre-checking prior to sign-up.
  • Officials have stated that this scam violates one of the tenants of election outreach, which is to never tell the recipient what their voter status may be.
Never click on links received by text or provide personal information via text unless you are expecting the message and are sure it's from a legitimate source.

credit: krebsonsecurity.com
 
 

Multi-Stage Vishing

Look Out for this Two-Step Cyberattack!

Vishing or “voice phishing” is when a cybercriminal tries to convince you to give sensitive information over the phone. Typical vishing involves only a phone call. But scammers are now combining emails and phone calls to better trick their targets.

Here is how it works:

  1. The Setup
    You receive an email claiming that you’ve purchased an item or authorized a payment. You’re encouraged to call a phone number if you did not initiate the transaction.

  2. The Takedown
    You call the provided number, and a helpful agent agrees to provide a refund or cancel the transaction. They just need your credit card information or banking details. After you supply the information, your bank account is emptied, or your credit card is used for fraudulent purchases.

What can you do?

Look for these red flags. If you see any, it’s probably a scam!

  • Generic email address
  • You didn’t make the transaction
  • You’re asked to do something you’ve never been asked before
  • Pressure to respond

Never call the number in a suspicious email, even if you do business with the referenced organization! Call the Customer Service number on the organization’s website and ask about the transaction described in the email.

Printable PDF

credit: KnowBe4.com

How Secure is Your Mobile Device?

Most of us have a smartphone, but how many of us really think about the security threats faced by these mobile devices? Mobile devices are vulnerable to many different types of threats. Scammers are increasing their attacks on mobile devices and targeting your phone using malicious applications. Using these methods, they can steal personal and business information without you having any idea what’s going on.

Even if you’ve downloaded a security or antivirus application, securing your smartphone goes beyond these services. Improving your mobile security practices is your best defense against the privacy and security issues associated with your mobile device.

How can I improve my mobile security practices?

Always remember these best practices to minimize the risk of exploits to your mobile devices:

  1. Ensure your phone’s operating system is always up to date. Operating systems are often updated in order to fix security flaws. Security flaws that remain unfixed due to an out-of-date operating system cause many malicious threats.

  2. Watch out for malicious apps in your app store. Official app stores regularly remove applications containing malware, but sometimes these dangerous apps slip past and can be downloaded by unsuspecting users. Do your research, read reviews and pay attention to the number of downloads it has. Never download applications from sources other than official app stores.

  3. Ensure applications are not asking for access to things on your phone that are irrelevant to their function. Applications usually ask for a List of permissions to files, folders, other applications, and data before they're downloaded. Do not blindly approve these permissions. If the permission requests seem unnecessary, look for an alternative application in your app store.

  4. No password or weak password protection. Many people still don't use a password to lock their phone. If your device is lost or stolen, thieves will have easy access to all of the information stored on your phone.

  5. Be careful with public Wi-Fi. Scammers use technology that lets them see what you're doing. Avoid logging in to your online services or performing any sensitive transactions (such as banking) over public Wi-Fi.

credit: KnowBe4.com

Cyber Security Tips