Cyber Security Awareness Month Includes a Major Internet of Things Breach
Vice President and ID Theft Practice Leader
National Cyber Security Awareness Month (NCSAM) experienced an unexpected reality check when numerous internet companies including Twitter, PayPal, Netflix, Airbnb and Reddit were negatively impacted by a distributed denial of service attack - commonly known as a DDoS - against a service provider that temporarily blocked access to website-based companies on October 21.
While the National Cyber Security Division (NCSD) within the Department of Homeland Security (please see here https://www.dhs.gov/national-cyber-security-awareness-month) encourages "vigilance and protection" by all computer users - cyber threats continue to be a safety and security issue for both consumers and businesses.
During the month of October, Homeland Security and the National Cyber Security Alliance (NSCA) reached out to all Americans, public and private sector partners and the international community about cyber threats and offered tips and best practices concerning how to stay safe online.
Businesses face significant financial loss when a cyber attack occurs. Cybercriminals often rely on human error - from employees failing to install software patches to clicking on malicious links - to gain access to systems. From the top leadership to the newest employee, cybersecurity requires the vigilance of every employee to keep data, customers, and capital safe and secure.
Homeland Security and its partners offered these "simple tips" from their Stop.Think.Connect.™ Campaign to help foster a culture of cybersecurity in your organization:
- When in doubt, throw it out. Stop and think before you open attachments or click links in emails. Links in email, instant message, and online posts are often the way cybercriminals compromise your computer. If it looks suspicious, it's best to delete it.
- Back it up. Make electronic and physical back-ups or copies of all your important work. Data can be lost in many ways including computer malfunctions, malware, theft, viruses, and accidental deletion.
- Guard your devices. In order to prevent theft and unauthorized access, never leave your laptop or mobile device unattended in a public place and lock your devices when they are not in use.
- Secure your accounts. Use passwords that are at least eight characters long and a mix of letters, numbers, and characters. Do not share any of your usernames or passwords with anyone. When available, turn on stronger authentication for an added layer of security, beyond the password.
- Report anything suspicious. If you experience any unusual problems with your computer or device, report it to your IT Department.
In addition, these "five everyday steps towards online safety" were also provided by Stop.Think.Connect.™ Campaign:
- Enable stronger authentication. Always enable stronger authentication for an extra layer of security beyond the password that is available on most major email, social media and financial accounts. Stronger authentication (e.g., multi-factor authentication that can use a one-time code texted to a mobile device) helps verify that a user has authorized access to an online account. For more information about authentication, visit the new Lock Down Your Login Campaign at www.lockdownyourlogin.com.
- Make your passwords long & strong. Use complex passwords with a combination of numbers, symbols, and letters. Use unique passwords for different accounts. Change your passwords regularly, especially if you believe they have been compromised.
- Keep a clean machine. Update the security software, operating system, and web browser on all of your Internet-connected devices. Keeping your security software up to date will prevent attackers from taking advantage of known vulnerabilities.
- When in doubt, throw it out. Links in email and online posts are often the way cyber criminals compromise your computer. If it looks suspicious (even if you know the source), delete it.
- Share with care. Limit the amount of personal information you share online and use privacy settings to avoid sharing information widely.
To conclude and returning to the October 21 DDoS attack, businesses and consumers should use current best practices when connecting Internet of Things (IoT) devices to their home or business networks and when connecting remotely to any IoT device including:
- Ensure all default passwords are changed to strong passwords. Do not use the default password determined by the device manufacturer.
- Be aware that while the IoT offers convenience and efficiency, the IoT will always be targeted by ID-theft criminals and hackers.
To learn more about these threats and how to protect yourself and your family from Identity Theft, you can read my past newsletters at the Merchants Identity Theft Educational Website at www.idtheftedu.com.
Scammers Get Political with Survey Phishing Con
Steer clear of political polling calls that promise gifts in exchange for taking a voter survey.
September 29, 2016
Steer clear of political polling calls that promise gift cards in exchange for taking a voter survey. Survey cons are common but the US presidential campaign gives scammers a timely elections twist.
How the Scam Works:
You get a call from someone claiming to be conducting a political survey. The pollster wants to ask you questions about the upcoming presidential election. In exchange for a few minutes of your time and your opinions, you will get a gift card or other reward.
It sounds easy... but don't do it! After answering several legitimate-sounding survey questions, the caller typically asks you to provide your credit card number. Allegedly, you need to pay for the shipping and taxes of the "prize" you've won.
Providing your credit card number and personal information to scammers opens you up to the risk of additional fraudulent charges and identity theft. Legitimate polling companies rarely offer prizes for participating in a survey, and none would ask for a credit card number.
How to Avoid a Campaign Con:
This campaign season, cons abound. Watch out for scammers' most popular tricks:
- Donate directly to the campaign office: Donations made over the phone can be valid, but wary donors should give to a campaign either through the candidate's official website or at a campaign office.
- Watched for spoofed calls: Your Caller ID may say that someone from Washington DC is contacting you, but scammers can fake this using phone number spoofing technology.
- Polling companies don't offer prizes: Just hang up on any political pollster who claims that you can win a prize for participating in a survey.
- Polls won't ask for personal or banking information: Political pollsters may ask for information about your vote or political affiliation, but they don't need your Social Security number or credit card info.
- Research fundraising organizations before donating: Be especially cautious of links that come to you through email or social media, and don't click through. Instead, go directly to an organization's website by typing the URL in your browser or using a search engine.
For More Information
Read about other versions of survey scams here and here on BBB.org. Learn more about election cons in this alert from the BBB serving Detroit and Eastern Michigan.
Courtesy of the Better Business Bureau - for more information visit http://www.bbb.org/phoenix/news-events/
If you believe your identity has been stolen, call 866.SMART68 today.