RSS Feed
News
Nov
13
Tips from Virsage: Phone Call Attacks and Scams - November 2018
Posted by Andrea Montgomery on 13 November 2018 10:21 AM

Tips from Virsage: Phone call Attacks and Scams

 

November 2018

Phone Call Attacks & Scams

Overview

When you think of cyber criminals, you probably think of an evil mastermind sitting behind a computer launching sophisticated attacks over the Internet. While many of today’s cyber criminals do use technologies like email or instant messaging, bad guys are also using the phone to trick their victims. There are two big advantages to using a phone. First, unlike email, there are fewer security technologies that monitor phone calls and can detect and stop an attack. Second, it is much easier for bad guys to convey emotion over the phone, which makes it more likely they can trick their victims. Let’s learn how to spot and stop these attacks.

How do Phone Call Attacks Work?

First, you have to understand what these attackers are after. They usually want your money, information, or access to your computer (or all three). They do this by tricking you into doing what they want. The bad guys call people around the world, creating situations that seem very urgent. They want to get you off-balance by scaring you, so you won’t think clearly, and then rush you into making a mistake. Some of the most common examples include:

  • The caller pretends that they are from a government tax department or a tax collection service and that you have unpaid taxes. They explain that if you don’t pay your taxes right away you will go to jail. They then pressure you to pay your taxes with your credit card over the phone. This is a scam. Many tax departments, including the IRS, never call or email people. All official tax notifications are sent by regular mail.
  • The caller pretends they are Microsoft Tech Support and explain that your computer is infected. Once they convince you that you are infected, they pressure you into buying their software or giving them remote access to your computer. Microsoft will not call you at home.
  • You get an automated voicemail message that your bank account has been canceled, and that you have to call a number to reactivate it. When you call, you get an automated system that asks you to confirm your identity and asks you all sorts of private questions. This is really not your bank, they are simply recording all your information for identity fraud.

Protecting Yourself

The greatest defense you have against phone call attacks is yourself. Keep these things in mind:

  • Anytime anyone calls you and creates a tremendous sense of urgency, pressuring you to do something, be extremely suspicious. Even if the phone call seems OK at first, but then starts to feel strange, you can stop and say no at any time.
  • If you believe a phone call is an attack, simply hang up. If you want to confirm if the phone call was legitimate, go to the organization’s website (such as your bank) and get the customer support phone number and call them directly yourself. That way, you really know you are talking to the real organization.
  • Never trust Caller ID. Bad guys will often spoof the caller number so it looks like it is coming from a legitimate organization or has the same area code as your phone number.
  • Never allow a caller to take temporary control of your computer or trick you into downloading software. This is how bad guys can infect your computer.
  • If a phone call is coming from someone you do not personally know, let the call go directly to voicemail. This way, you can review unknown calls on your own time. Even better, you can enable this by default on many phones with the “Do Not Disturb” feature.

Scams and attacks over the phone are on the rise. You are the best defense you have at detecting and stopping them.

Subscribe to OUCH! and receive the latest security tips in your email every month - www.sans.org/security-awareness/ouch-newsletter.

Guest Editor

Jen Fox provides security awareness, social engineering, and risk assessment services as a Sr. Security Consultant at All Covered. Find Jen on Twitter as @j_fox.

Resources

Consumer Information about Identity, Privacy, & Online Security: https://www.consumer.ftc.gov/topics/privacy-identity-online-security
Report a Phone Scam (in the US):      https://www.ftccomplaintassistant.gov/#crnt
Social Engineering:                              https://www.sans.org/u/Fi5

License

OUCH! is published by SANS Security Awareness and is distributed under the Creative Commons BY-NC-ND 4.0 license. You are free to share or distribute this newsletter as long as you do not sell or modify it. Editorial Board: Walt Scrivens, Phil Hoffman, Cathy Click, Cheryl Conley

 

This Newsletter can be found online at:  https://www.sans.org/security-awareness-training/resources/phone-call-attacks-scams


Read more »



Oct
16
Tips from Virsage: CEO Fraud - October 2018
Posted by Andrea Montgomery on 16 October 2018 12:00 PM

Tips from Virsage: CEO Fraud

 

October 2018

CEO Fraud – What to Watch Out For

What is CEO Fraud/BEC?

Cyber attackers continue to evolve an email attack called CEO Fraud, or Business Email Compromise (BEC). These are targeted email attacks that trick their victim into taking an action they should not take. In most cases, the bad guys are after money. What makes these attacks so dangerous is cyber attackers research their victims before launching their attack. It is also very hard for security technologies to stop these attacks because there are no infected email attachments or malicious links to detect. Here is how the attack works.

The cyber attacker uses the Internet to research their intended victim and people their victim interacts with. For example, if they target you, they would research who your boss is at work or perhaps a real estate agent you are working with from home. The cyber attacker then crafts an email pretending to be one of these people and sends it to you. The email is urgent, requiring you to take an action right away, such as processing an invoice, changing who you make a payment to, or convincing you to reply with sensitive documents. The email works by pressuring you into doing what they want. Here are two examples of how just such an attack could work:

 

Wire Transfer: A cyber criminal is after money. They research the company you work for, such as identifying who works in accounts payable or anyone responsible for transferring funds. The criminals then craft and send an email to these individuals pretending to be their boss or a senior executive. The email tells them there is an emergency and money needs to be transferred right away to a new bank account. The email pressures them into making a mistake, and in reality, they are sending money to the cyber criminal.

Tax Fraud: Cyber criminals are after people’s personal information to use for tax fraud. One of the fastest ways to get this is to steal the information of all the employees at a company. The cyber criminals research and identify who works in Human Resources. They then send fake emails to these individuals, pretending to be a senior executive or someone from legal. The emails create an urgent story, that the tax information on all the employees has to be submitted right away. The people in Human Resources think they are sending the sensitive documents to the senior executive, when they are really sending them to a cyber criminal.

Protecting Yourself

So, what can you do to protect yourself? Common sense is your best defense. Here are the most common clues to look for:

  • The email is very short (often only a couple of sentences), urgent, and the signature says the email was sent from a mobile device.
  • There’s a strong sense of urgency, pressuring you to ignore or bypass your employer’s policies. Always follow work-related policies and procedures, even if the email appears to come from your boss or the CEO.
  • The email is work related but uses a personal email address, such as @gmail.com or @hotmail.com.
  • The email appears to come from a senior leader, coworker, or vendor you know or work with, but the tone of the message does not sound like them.
  • Payment instructions are provided, but these instructions differ from ones you already received, such as requesting immediate payment to a different bank account.

If you suspect you have been targeted at work, stop all interaction with the attacker and report it to your supervisor [and create a new email to send to Virsage at support@virsage.com then attach the suspicious email so that Virsage can review it for validity] . If you have been targeted at home or you have fallen victim and a wire transfer was made, immediately report it to your bank, then to law enforcement.

Subscribe to OUCH! and receive the latest security tips in your email every month - www.sans.org/security-awareness/ouch-newsletter.

OUCH! is published by SANS Security Awareness and is distributed under the Creative Commons BY-NC-ND 4.0 license. You are free to share or distribute this newsletter as long as you do not sell or modify it. Editorial Board: Walt Scrivens, Phil Hoffman, Cathy Click, Cheryl Conley.

 

This Newsletter can be found online at:  https://www.sans.org/security-awareness-training/resources/ceo-fraudbec

 

Resources

Social Engineering

Stop That Phish

Stop That Malware

Lock Down Your Login

OUCH! is published by SANS Security Awareness and is distributed under the Creative Commons BY-NC-ND 4.0 license. You are free to share or distribute this newsletter as long as you do not sell or modify it. Editorial Board: Walt Scrivens, Phil Hoffman, Cathy Click, Cheryl Conley.


Read more »



Sep
12
Tips from Virsage: Lock Down Your Login - September 2018
Posted by Andrea Montgomery on 12 September 2018 01:23 PM

Tips from Virsage: Lock Down Your Login

  

September 2018

 

Lock Down Your Login

The process of authentication, or proving who you are, is key to protecting your information, such as your email, social media, or online banking accounts. You may not realize it, but there are three different ways to prove who you are: what you know, such as a password, what you have, such as your driver’s license, and some part of you, such as your fingerprint. Each one of these methods has advantages and disadvantages. The most common authentication method is passwords, which are something you know. Unfortunately, using passwords just by themselves is proving to be more and more insecure. In this newsletter, we teach you how to protect yourself and lock down your login with something far better than just passwords. It’s called two-factor authentication.

Passwords Are No Longer Enough

Passwords prove who you are based on something you know. But if someone can guess or gain access to your password, they can then pretend to be you and access all of your information. Compromised passwords have become one of the leading causes for hacked accounts. This is why you are taught to use passphrases that are hard for others to guess, a different one for every account, and to never share your passwords with others. While this advice remains valid, passwords are no longer as effective. Luckily, there’s a simple and quick way to put you in control and keep your personal information safe. It’s called two-factor authentication.

What Is Two-Factor Authentication?

Two-factor authentication (also called two-step verification, multi-factor authentication, or 2FA) is far stronger than just using passwords by themselves. It works by requiring not one, but two different methods to prove you are who you say you are. A good example is your ATM card. When you withdraw money from an ATM machine, you are actually using two-factor authentication. To access your cash, you need two things: your ATM card (something you have) and your PIN number (something you know). If your ATM card is lost or stolen, others cannot with draw your money without also knowing your PIN. A thief must have both your ATM card and pin to make a withdrawal. Two-factor authentication uses the same concept.


How It Works

Lock down your login by using two-factor authentication whenever possible. It is one of the strongest steps you can take.

Two-factor authentication is widely available on most major banking, email, social networking, and other sites. In addition, most of these sites offer simple step-by-step instructions how to turn on two-factor authentication. (For more information, see the Resources section at the end of this newsletter.) Once you enable two-factor authentication, you can expect it to work like this. First, you log in to your account using your username and password, just as you always have. This is the first of the two factors--something you know. Then you will receive a unique code, often by text to your smartphone. You then enter that code into the login screen. This is the second of the two factors--you must have your phone to receive that code. Now your account is truly locked down. Even if a cybercriminal steals your password, they cannot access your account unless they also have your phone.

Instead of receiving the unique code via text messaging, you can install a special authentication app on your smartphone. This mobile app generates a unique code for you every time you want to log in. The advantage of using a mobile app is it is even more secure, since the code is generated through the app and not sent via text messaging.  In addition, it is more convenient, since you do not need to be connected to a phone service to receive your unique code. The app is constantly generating new codes you can use to log in to your account.

While two-factor authentication may seem like more work at first, your personal information will be substantially more secure. Don’t wait until your accounts have been hacked; lock down your login by enabling two-factor authentication on your key accounts, such as email, banking, or social media, and enjoy a greater peace of mind knowing you are far more secure.

License

OUCH! newsletter is under the Creative Commons license.  You are free to share / distribute it but may not sell or modify it.

https://www.sans.org/security-awareness-training/ouch-newsletter/2017/lock-down-your-login

  

**Virsage offers multi-factor authentication services.  Let us know if you would like more information by submitting a ticket to support@virsage.com **



Read more »



Aug
13
Tips from Virsage: Backup and Recovery - August 2018
Posted by Andrea Montgomery on 13 August 2018 10:20 AM

Tips from Virsage: Backup and Recovery

August 2018

[**This article is intended for informational purposes and is especially helpful for your personal data and personal devices that are not business related.  Your company data is backed up as required by your company as long as it is saved according to your company policies.  If you have questions about your company’s back up policies feel free to ask Virsage at support@virsage.com **]


Backup & Recovery

If you use a computer or mobile device long enough, sooner or later something will go wrong, resulting in you losing your personal files, documents, or photos. For example, you may accidentally delete the wrong files, have a hardware failure, lose a device, or become infected with malware, such as ransomware. At times like these, backups are often the only way you can rebuild your digital life. In this newsletter, we explain what backups are, how to back up your data, and how to develop a simple strategy that’s right for you.

Backups: What, When, and How

Automated, reliable backups are often your last line of defense in protecting your data.

Backups are copies of your information stored somewhere other than on your computer or mobile device. When you lose valuable data, you can recover that data from your backups. Unfortunately, too many people fail to perform regular backups, even though they are simple and inexpensive. The first step is deciding what you want to back up. There are two approaches: (1) backing up specific data that is important to you; or (2) backing up everything, including your entire operating system. Many backup solutions are configured by default to use the first approach. They back up data from the most commonly used folders. In many cases, this is all you need. However, if you are not sure what to back up or want to be extra careful, back up everything.

Second, you must decide how frequently to back up. Built-in backup programs, such as Apple’s Time Machine or Microsoft Windows Backup and Restore, allow you to create an automatic, “set it and forget it” backup schedule. Common options include hourly, daily, weekly, etc. Other solutions offer “continuous protection,” in which new or altered files back up immediately each time you save a document. At a minimum, we recommend automated daily backups.

Finally, you need to decide how you are going to back up. There are two ways to back up your data: physical media or Cloud-based storage. Each approach has advantages and disadvantages. If you are not sure which approach to use, you can use both at the same time. Physical media are devices you control, such as external USB drives or Wi-Fi accessible network devices. The advantage of using your own physical media is it enables you to back up and recover large amounts of data very quickly. The disadvantage of such an approach is if you become infected with malware, such as ransomware, it is possible for the infection to spread to your backups. Also, if you have a disaster, such as fire or theft, it can result in you losing not only your computer, but the backups as well. As such, if you use external devices for backups, you should store a copy of your backup off-site in a secure location. Make sure backups you store off-site are properly labeled.

Cloud-based solutions are online services that store your files on the Internet. Typically, you install an application on your computer. The application then automatically backs your files, either on a schedule or as you modify them. An advantage of Cloud solutions is their simplicity--backups are often automatic and you can usually access your files from anywhere. Also, since your data resides in the Cloud, home disasters, such as fire or theft, will not affect your backup.  Finally, Cloud backups can help you recover from malware infections, such as ransomware, as many Cloud solutions allow you to recover from pre-infected versions. The disadvantages are it can take a long time to back up or recover very large amounts of data. Also, privacy and security is important. Does the backup service provide strong security controls, such as encrypting your data and two-step verification?

Finally, don’t forget your mobile devices. With mobile devices, most of your data, such as email, calendar events, and contacts, is already stored in the Cloud. However, your mobile app configurations, recent photos, and system preferences may not be stored in the Cloud. By backing up your mobile device, not only do you preserve this information, but it is easier to transfer your data when you upgrade to a new device. An iPhone/iPad can back up automatically to Apple’s iCloud. Android, or other mobile devices depend on the manufacturer or servicer provider. In some cases, you may have to purchase a mobile app designed specifically for backups.

Recovery

Backing up your data is only half the battle; you must be sure that you can recover it. Check periodically that your backups are working by retrieving a file and making sure it is the same as the original. Also, be sure to make a full system  backup before a major upgrade (such as moving to a new computer or mobile device) or a major repair (like  replacing a hard drive) and verify that it is restorable.

Key Points

Regardless of what solution you use to back up your data, make sure you automate your backups and check them periodically.

When rebuilding a system from backup, be sure you reapply the latest security patches and updates before using it again.

Outdated backups that are no longer needed are a liability; destroy them to prevent access by unauthorized individuals.

If you are using a Cloud solution, research the policies and reputation of the provider and make sure they meet your requirements. For example, do they encrypt your data? Do they support strong authentication, such as two-step verification?

License

OUCH! newsletter is under the Creative Commons license.  You are free to share / distribute it but may not sell or modify it.

Find this article online:  https://www.sans.org/security-awareness-training/ouch-newsletter/2017/backup-recovery


Read more »



Jul
16
Tips from Virsage: Stop that Phish - July 2018
Posted by Andrea Montgomery on 16 July 2018 12:56 PM

Tips from Virsage: Stop that Phish

July 2018

 

Stop That Phish

Overview

Email and messaging services (such as Skype, Twitter, or Snapchat) are one of the primary ways we communicate. We not only use these technologies every day for work, but also to stay in touch with friends and family. Since so many people around the world depend on these technologies, they have become one of the primary attack methods used by cyber attackers. This attack method is called phishing. Learn what phishing is and how you can spot and stop these attacks, regardless if you are at work or at home.

What Is Phishing

Phishing is a type of attack that uses email or a messaging service to fool you into taking an action you should not take, such as clicking on a malicious link, sharing your password, or opening an infected email attachment. Attackers work hard to make these messages convincing and tap your emotional triggers, such as urgency or curiosity. They can make them look like they came from someone or something you know, such as a friend or a trusted company you frequently use. They could even add logos of your bank or forge the email address so the message appears more legitimate. Attackers then send these messages to millions of people. They do not know who will take the bait, all they know is the more they send, the more people will fall victim.

Protecting Yourself

In almost all cases, opening and reading an email or message is fine. For a phishing attack to work, the bad guys need to trick you into doing something. Fortunately, there are clues that a message is an attack. Here are the most common ones:

  • A tremendous sense of urgency that demands “immediate action” before something bad happens, like threatening to close an account or send you to jail. The attacker wants to rush you into making a mistake.
     
  • Pressuring you to bypass or ignore your policies or procedures at work.
     
  • A strong sense of curiosity or something that is too good to be true. (No, you did not win the lottery.) 
     
  • A generic salutation like “Dear Customer.” Most companies or friends contacting you know your name. 
     
  • Requesting highly sensitive information, such as your credit card number, password, or any other information that a legitimate sender should already know. 
     
  • The message says it comes from an official organization, but has poor grammar or spelling or uses a personal email address like @gmail.com. 
     
  • The message comes from an official email (such as your boss) but has a Reply-To address going to someone’s personal email account. 
     
  • You receive a message from someone you know, but the tone or wording just does not sound like him or her. If you are suspicious, call the sender to verify they sent it. It is easy for a cyber attacker to create a message that appears to be from a friend or coworker.

Ultimately, common sense is your best defense. If an email or message seems odd, suspicious, or too good to be true, it may be a phishing attack. Subscribe to OUCH! and receive the latest security tips in your email every month!

Resources

Social Engineering
Helping Others Secure Themselves
Email Do’s and Don’ts
CEO Fraud
OUCH! Translations and Archives

License

OUCH! newsletter is under the Creative Commons license.  You are free to share / distribute it but may not sell or modify it.

 

Find this article online:  https://www.sans.org/security-awareness-training/resources/stop-phish


Read more »



Jun
12
Tips from Virsage: Stop That Malware- June 2018 Newsletter
Posted by Andrea Montgomery on 12 June 2018 11:23 AM

Tips from Virsage: Stop that Malware

 

June 2018

Stop That Malware

Overview

You probably have heard of terms such as virus, Trojan, ransomware, or rootkit when people talk about cyber security. These are different types of malicious programs, called malware, that cyber criminals use to infect computers and devices. Once installed, they can do whatever they want. Learn what malware is, what danger it poses, and most importantly, what you can do to protect yourself from it.

What Is Malware?

Simply put, malware is software--a computer program--used to perform malicious actions. This term is a combination of the words malicious and software. Cyber criminals install malware on your computers or devices to gain control over them. Once installed, malware can enable criminals to spy on your online activities, steal your passwords or files, or use your system to attack others. Malware can even take control of your own files, demanding that you pay a ransom to get them back. Many people believe that malware is a problem only for Windows computers. Unfortunately, malware can infect any device, from Mac computers and smartphones to DVRs and security cameras. The more computers and devices cyber criminals infect, the more money they can make. Therefore, everyone is a target, including you.

Protect Yourself - Stop Malware

You may think that all you have to do is install a security program like anti-virus software and you are safe from getting infected. Unfortunately, anti-virus cannot stop all malware. Cyber criminals are constantly developing new and more sophisticated malware that can evade detection. In turn, anti-virus vendors are constantly updating their products with new capabilities to detect malware. In many ways it has become an arms race, and the bad guys are usually one step ahead. Since you cannot rely on anti-virus alone, here are additional steps you should take to protect yourself:

  • Cyber criminals often infect computers or devices by exploiting vulnerabilities in your software. The more current your software is, the fewer vulnerabilities your systems have and the harder it is for cyber criminals to infect them. Make sure your operating systems, applications, browser and browser plugins, and devices are always updated and current. The easiest way to ensure this is to enable automatic updating whenever possible.
  • A common way cyber criminals infect computers or mobile devices is by creating fake computer programs or mobile apps, posting them on the Internet, and then tricking you into downloading and installing one. Only download and install programs or apps from trusted online stores. Also, stay away from mobile apps that are brand new, have few positive reviews, are rarely updated, or have been downloaded by a small number of people. No longer using a computer program or mobile app? Delete it.
  • Cyber criminals often trick people into installing malware for them. For instance, they might send you an email that looks legitimate and contains an attachment or a link. Perhaps the email appears to come from your bank or a friend. However, if you were to open the attached file or click on the link, you would activate malicious code that installs malware on your system. If a message creates a strong sense of urgency or seems too good to be true, it could be an attack. Be suspicious, common sense is often your best defense.
  • Regularly back up your system and files to Cloud-based services, or store your backups offline, such as on disconnected external drives. This protects your backups in case malware attempts to encrypt or erase them. Backups are critical. They are often the only way you can recover from a malware infection.

Ultimately, the best way to defend against malware is to keep all your software and devices up-to-date, install trusted anti- virus software when possible, and be alert for anyone attempting to trick you into infecting your own system. When all else fails, regular backups are often the only way you can recover.

Subscribe to OUCH! and receive the latest security tips in your email every month - www.sans.org/security-awareness/ouch-newsletter.

Online Article:  https://www.sans.org/security-awareness-training/resources/stop-malware

Resources:

Ransomware          
Backups                  
Stop That Phish      

License

OUCH! is published by SANS Security Awareness and is distributed under the Creative Commons BY-NC-ND 4.0 license. You are free to share or distribute this newsletter as long as you do not sell or modify it. Editorial Board: Walt Scrivens, Phil Hoffman, Cathy Click, Cheryl Conley

 


Read more »