RSS Feed
Latest Updates
Oct
16
Tips from Virsage: CEO Fraud - October 2019
Posted by Andrea Montgomery on 16 October 2019 10:20 AM

Tips from Virsage: CEO Fraud

 

October 2019

CEO Fraud/BEC

What is CEO Fraud/BEC?

Cyber attackers continue to evolve an email attack called CEO Fraud, or Business Email Compromise (BEC). These are targeted email attacks that trick their victim into taking an action they should not take. In most cases, the bad guys are after money. What makes these attacks so dangerous is cyber attackers research their victims before launching their attack. It is also very hard for security technologies to stop these attacks because there are no infected email attachments or malicious links to detect. Here is how the attack works.

The cyber attacker uses the Internet to research their intended victim and people their victim interacts with. For example, if they target you, they would research who your boss is at work or perhaps a real estate agent you are working with from home. The cyber attacker then crafts an email pretending to be one of these people and sends it to you. The email is urgent, requiring you to take an action right away, such as processing an invoice, changing who you make a payment to, or convincing you to reply with sensitive documents. The email works by pressuring you into doing what they want. Here are two examples of how just such an attack could work:

Wire Transfer: A cyber criminal is after money. They research the company you work for, such as identifying who works in accounts payable or anyone responsible for transferring funds. The criminals then craft and send an email to these individuals pretending to be their boss or a senior executive. The email tells them there is an emergency and money needs to be transferred right away to a new bank account. The email pressures them into making a mistake, and in reality, they are sending money to the cyber criminal.

Tax Fraud: Cyber criminals are after people’s personal information to use for tax fraud. One of the fastest ways to get this is to steal the information of all the employees at a company. The cyber criminals research and identify who works in Human Resources. They then send fake emails to these individuals, pretending to be a senior executive or someone from legal. The emails create an urgent story, that the tax information on all the employees has to be submitted right away. The people in Human Resources think they are sending the sensitive documents to the senior executive, when they are really sending them to a cyber criminal.

Protecting Yourself

So, what can you do to protect yourself? Common sense is your best defense. Here are the most common clues to look for:

  • The email is very short (often only a couple of sentences), urgent, and the signature says the email was sent from a mobile device.
  • There’s a strong sense of urgency, pressuring you to ignore or bypass your employer’s policies. Always follow work-related policies and procedures, even if the email appears to come from your boss or the CEO.
  • The email is work related but uses a personal email address, such as @gmail.com or @hotmail.com.
  • The email appears to come from a senior leader, coworker, or vendor you know or work with, but the tone of the message does not sound like them.
  • Payment instructions are provided, but these instructions differ from ones you already received, such as requesting immediate payment to a different bank account.

If you suspect you have been targeted at work, stop all interaction with the attacker and report it to your supervisor [and create a new email to send to Virsage at support@virsage.com then attach the suspicious email so that Virsage can review it for validity] . If you have been targeted at home or you have fallen victim and a wire transfer was made, immediately report it to your bank, then to law enforcement.

Subscribe to OUCH! and receive the latest security tips in your email every month - www.sans.org/security-awareness/ouch-newsletter.

OUCH! is published by SANS Security Awareness and is distributed under the Creative Commons BY-NC-ND 4.0 license. You are free to share or distribute this newsletter as long as you do not sell or modify it. Editorial Board: Walt Scrivens, Phil Hoffman, Cathy Click, Cheryl Conley.

 

This Newsletter can be found online at:  https://www.sans.org/security-awareness-training/resources/ceo-fraudbec

 

Resources

Social Engineering

Stop That Phish

Stop That Malware

Lock Down Your Login

OUCH! is published by SANS Security Awareness and is distributed under the Creative Commons BY-NC-ND 4.0 license. You are free to share or distribute this newsletter as long as you do not sell or modify it. Editorial Board: Walt Scrivens, Phil Hoffman, Cathy Click, Cheryl Conley.

 


Read more »



Sep
5
Tips from Virsage: Stop that Phish - September 2019
Posted by Andrea Montgomery on 05 September 2019 08:24 PM

 Tips from Virsage: Stop that Phish

September 2019

Stop That Phish

Overview

Email and messaging services (such as Skype, Twitter, or Snapchat) are one of the primary ways we communicate. We not only use these technologies every day for work, but also to stay in touch with friends and family. Since so many people around the world depend on these technologies, they have become one of the primary attack methods used by cyber attackers. This attack method is called phishing. Learn what phishing is and how you can spot and stop these attacks, regardless if you are at work or at home.

What Is Phishing

Phishing is a type of attack that uses email or a messaging service to fool you into taking an action you should not take, such as clicking on a malicious link, sharing your password, or opening an infected email attachment. Attackers work hard to make these messages convincing and tap your emotional triggers, such as urgency or curiosity. They can make them look like they came from someone or something you know, such as a friend or a trusted company you frequently use. They could even add logos of your bank or forge the email address so the message appears more legitimate. Attackers then send these messages to millions of people. They do not know who will take the bait, all they know is the more they send, the more people will fall victim.

Protecting Yourself

In almost all cases, opening and reading an email or message is fine. For a phishing attack to work, the bad guys need to trick you into doing something. Fortunately, there are clues that a message is an attack. Here are the most common ones:

  • A tremendous sense of urgency that demands “immediate action” before something bad happens, like threatening to close an account or send you to jail. The attacker wants to rush you into making a mistake.
     
  • Pressuring you to bypass or ignore your policies or procedures at work.
     
  • A strong sense of curiosity or something that is too good to be true. (No, you did not win the lottery.) 
     
  • A generic salutation like “Dear Customer.” Most companies or friends contacting you know your name. 
     
  • Requesting highly sensitive information, such as your credit card number, password, or any other information that a legitimate sender should already know. 
     
  • The message says it comes from an official organization, but has poor grammar or spelling or uses a personal email address like @gmail.com. 
     
  • The message comes from an official email (such as your boss) but has a Reply-To address going to someone’s personal email account. 
     
  • You receive a message from someone you know, but the tone or wording just does not sound like him or her. If you are suspicious, call the sender to verify they sent it. It is easy for a cyber attacker to create a message that appears to be from a friend or coworker.

Ultimately, common sense is your best defense. If an email or message seems odd, suspicious, or too good to be true, it may be a phishing attack. Subscribe to OUCH! and receive the latest security tips in your email every month!

Resources

Social Engineering
Helping Others Secure Themselves
Email Do’s and Don’ts
CEO Fraud
OUCH! Translations and Archives

License

OUCH! newsletter is under the Creative Commons license.  You are free to share / distribute it but may not sell or modify it. 

Find this article online:  https://www.sans.org/security-awareness-training/resources/stop-phish



Read more »



Mar
12
Tips from Virsage: Stop that Malware - March 2019
Posted by Andrea Montgomery on 12 March 2019 01:01 PM

Tips from Virsage: Stop that Malware

 

March 2019

Stop That Malware

Overview

You probably have heard of terms such as virus, Trojan, ransomware, or rootkit when people talk about cyber security. These are different types of malicious programs, called malware, that cyber criminals use to infect computers and devices. Once installed, they can do whatever they want. Learn what malware is, what danger it poses, and most importantly, what you can do to protect yourself from it.

 

What Is Malware?

Simply put, malware is software--a computer program--used to perform malicious actions. This term is a combination of the words malicious and software. Cyber criminals install malware on your computers or devices to gain control over them. Once installed, malware can enable criminals to spy on your online activities, steal your passwords or files, or use your system to attack others. Malware can even take control of your own files, demanding that you pay a ransom to get them back. Many people believe that malware is a problem only for Windows computers. Unfortunately, malware can infect any device, from Mac computers and smartphones to DVRs and security cameras. The more computers and devices cyber criminals infect, the more money they can make. Therefore, everyone is a target, including you.

Protect Yourself - Stop Malware

You may think that all you have to do is install a security program like anti-virus software and you are safe from getting infected. Unfortunately, anti-virus cannot stop all malware. Cyber criminals are constantly developing new and more sophisticated malware that can evade detection. In turn, anti-virus vendors are constantly updating their products with new capabilities to detect malware. In many ways it has become an arms race, and the bad guys are usually one step ahead. Since you cannot rely on anti-virus alone, here are additional steps you should take to protect yourself:

  • Cyber criminals often infect computers or devices by exploiting vulnerabilities in your software. The more current your software is, the fewer vulnerabilities your systems have and the harder it is for cyber criminals to infect them. Make sure your operating systems, applications, browser and browser plugins, and devices are always updated and current. The easiest way to ensure this is to enable automatic updating whenever possible.
  • A common way cyber criminals infect computers or mobile devices is by creating fake computer programs or mobile apps, posting them on the Internet, and then tricking you into downloading and installing one. Only download and install programs or apps from trusted online stores. Also, stay away from mobile apps that are brand new, have few positive reviews, are rarely updated, or have been downloaded by a small number of people. No longer using a computer program or mobile app? Delete it.
  • Cyber criminals often trick people into installing malware for them. For instance, they might send you an email that looks legitimate and contains an attachment or a link. Perhaps the email appears to come from your bank or a friend. However, if you were to open the attached file or click on the link, you would activate malicious code that installs malware on your system. If a message creates a strong sense of urgency or seems too good to be true, it could be an attack. Be suspicious, common sense is often your best defense.
  • Regularly back up your system and files to Cloud-based services, or store your backups offline, such as on disconnected external drives. This protects your backups in case malware attempts to encrypt or erase them. Backups are critical. They are often the only way you can recover from a malware infection.

Ultimately, the best way to defend against malware is to keep all your software and devices up-to-date, install trusted anti- virus software when possible, and be alert for anyone attempting to trick you into infecting your own system. When all else fails, regular backups are often the only way you can recover.

Subscribe to OUCH! and receive the latest security tips in your email every month - www.sans.org/security-awareness/ouch-newsletter.

Resources

Ransomware          
Backups                  
Stop That Phish      

License

OUCH! is published by SANS Security Awareness and is distributed under the Creative Commons BY-NC-ND 4.0 license. You are free to share or distribute this newsletter as long as you do not sell or modify it. Editorial Board: Walt Scrivens, Phil Hoffman, Cathy Click, Cheryl Conley

 

Find this article online:   https://www.sans.org/security-awareness-training/resources/stop-malware


Read more »



Feb
12
Tips from Virsage: Am I Hacked? - February 2019
Posted by Andrea Montgomery on 12 February 2019 01:25 PM

Tips from Virsage: Am I Hacked?

February 2018




Am I Hacked?

Just like driving a car, sooner or later you may have an accident no matter how secure you are. Below are clues to help figure out if you have been hacked and, if so, what to do. The sooner you identify something bad has happened, the more likely you can fix the problem.

Clues You Have Been Hacked

  • Your anti-virus program generates an alert that your system is infected. Make sure it is your anti-virus software generating the alert, and not a pop-up window from a website trying to fool you into calling a number or installing something else. Not sure? Open your anti-virus program.
  • You get a pop-up window saying your computer has been encrypted and you have to pay a ransom to get your files back.
  • Your browser is taking you to all sorts of websites that you did not want to go to.
  • Your computer or applications are constantly crashing or there are icons for unknown apps or strange windows popping up.
  • Your password no longer works even though you know it is correct.
  • Friends ask you why you are spamming them with emails that you know you never sent.
  • There are charges to your credit card or withdrawals from your bank account you never made.

How to Respond

If you suspect you have been hacked, the sooner you act the better. If the hack is work related, do not try to fix the problem yourself; instead, report it immediately. If it is a personal system or account that has been hacked, here are some steps you can take:

  • ***NOTIFY your IT Provider Virsage at support@virsage.com ***
  • Change Your Passwords: This includes not only changing the passwords on your computers and mobile devices, but for your online accounts. Do not use the hacked computer to change your passwords; use a different system that you know is secure. If you have a lot of accounts, start with the most important ones first. Can’t keep track of all your passwords? Use a password manager.
  • Financial: For issues with your credit card or any financial accounts, call your bank or credit card company right away. Use a trusted phone number to call them, such as from the back of your bank card, your financial statements, or visit their website from a trusted computer. In addition, consider putting a credit freeze on your credit files.
  • Anti-virus: If your anti-virus software informs you of an infected file, follow the actions it recommends. Most anti-virus software will have links you can follow to learn more about the specific infection.
  • Reinstalling: If you are unable to fix an infected computer or you want to be surer your system is safe, reinstall the operating system. Do not reinstall from backups; instead, backups should only be used for recovering your personal files. If you feel uncomfortable rebuilding, consider using a professional service to help you. Or, if your computer or device is old, it may be easier to purchase a new one. Finally, once you have rebuilt your system or purchased a new one, make sure it is updated and enable automatic updating whenever possible.
  • Backups: A key step to protecting yourself is to prepare ahead of time with regular backups. Many solutions will automatically back up your files daily or hourly. Regardless of which solution you use, periodically check that you are able to restore those files. Quite often, recovering your data backups is the only way you can recover from being hacked.
  • Law Enforcement: If you feel in any way threatened, report the incident to local law enforcement. If you are the victim of identity theft and are based in the United States, then visit https://www.identitytheft.gov.

Subscribe to OUCH! and receive the latest security tips in your email every month.

Resources

Backups

Passphrases 

Password Managers 

What Is Malware

Credit Freeze

OUCH! is published by SANS Security Awareness and is distributed under the Creative Commons BY-NC-ND 4.0 license. You are free to share or distribute this newsletter as long as you do not sell or modify it. Editorial Board: Walt Scrivens, Phil Hoffman, Alan Waggoner, Cheryl Conley

Find this article online:   https://www.sans.org/security-awareness-training/resources/am-i-hacked




Read more »



Jan
8
Tips from Virsage: Yes, You Are a Target - January 2019
Posted by Andrea Montgomery on 08 January 2019 10:21 AM

Tips from Virsage: Yes, You Are a Target

 January 2019 

 

Yes, You Are a Target 

Overview

Many people mistakenly believe they are not a target for cyber attackers: that they, their systems, or accounts do not have any value. This could not be further from the truth. If you use technology in anyway, at work or at home, trust us - you have value to the bad guys. But, you are in luck. You already have the best defense there is against these cyber attacks - you.

Why You Are a Target

There are lots of different cyber attackers on the Internet today, and they all have different motivations. So why would any of them want to attack you? Because by hacking you they help achieve their goal. Here are two common examples of cyber attackers and why they would target you.

Cyber Criminals: These guys are out to make as much money as possible. What makes the Internet so valuable to them is they can now easily target everyone in the world with just the push of a button. And there are A LOT of ways they can make money from you. Examples include stealing money from your bank or retirement accounts, creating a credit card in your name and sending you the bill, using your computer to hack other people, or hacking your social media or gaming accounts and selling them to other criminals. The list is almost endless how bad guys can make money off you. There are hundreds of thousands of these bad guys who wake up each morning with the goal of hacking as many people as possible every single day, including you.

Targeted Attackers: These are highly trained cyber attackers, often working for governments, criminal syndicates, or competitors targeting you at work. You may feel your job would not attract much attention, but you would be very surprised.

  • The information you handle at work has tremendous value to different companies or governments.
  • Targeted attackers may target you at work not because they want to hack you, but to use you to hack one of
  • your co-workers or other systems.
  • These types of attackers may target you at work because of what other companies you work or partner with.

I Have Anti-Virus, I’m Safe

Okay, so I’m a target, not a problem. I’ll just install anti-virus and a firewall on my computer and I’m protected, right? Well unfortunately, no. Many people feel if they install some security tools then they are secure. Unfortunately, that is not entirely true. Cyber attackers continue to get better and better, and many of their attack methods now easily bypass security technologies. For example, they often create special malware that your antivirus cannot detect. They bypass your email filters with a customized phishing attack or call you on the phone and trick or scam you out of your credit card, money, or password. Technology plays an important role in protecting you, but ultimately you are the best defense.

Fortunately, being secure is not that hard; ultimately common sense and some basic behaviors are your best defense. If you get an email, message, or phone call that is extremely urgent, odd, or suspicious, it may be an attack. To ensure your computers and devices are secure, keep them current and enable automatic updating. Finally, use a strong, unique passphrase for each of your accounts. Staying cyber-aware is ultimately your best defense. Not sure where to start? Consider subscribing to the monthly OUCH! newsletter at sans.org/ouch.

Subscribe to OUCH! and receive the latest security tips in your email every month.

Resources

Stop That Malware
Social Engineering
Phone Call Scams
Passphrases
Poster - You Are a Target

OUCH! is published by SANS Security Awareness and is distributed under the Creative Commons BY-NC-ND 4.0 license. You are free to share or distribute this newsletter as long as you do not sell or modify it. Editorial Board: Walt Scrivens, Phil Hoffman, Alan Waggoner, Cheryl Conley

 

Find this article online:  https://www.sans.org/security-awareness-training/resources/yes-you-are-target


Read more »