Cyber Security Tip #31

Cyber Security Tip #31 October is not only National Cyber Security Awareness Month; it’s also the time to celebrate Halloween, bringing to mind scary things that are merely figments of our imagination. In the digital world, however, there are many scary things that are not figments of our imagination that we should in fact be worried about. Here are some examples: • In the cyber world we have Gh0st, an infamous piece of malware that is commonly used by threat actors to remotely access a target and assume complete control. • Unlike the make-believe zombies you see in the movies, cyber zombies are real. In the online world, a zombie is a machine compromised with malware and controlled by a hacker. Zombies can send spam, launch denial-of-service attacks and infect other machines. • The Frankenstein malware takes small pieces of software from trusted programs and stitches them together, making the resulting malware undetectable. ‪#‎NCSAM‬

Cyber Security Tip #30

Cyber Security Tip #30: How to Avoid Work From Home Scams The ad says you can make lots of money working from the comfort of your home. But if this were true, wouldn’t we all be working at home? According to a report done by CBS, for every one legitimate work-at-home job posted online, there are about 70 scams. If you’ve spent any time trawling online jobs boards and classifieds looking for remote work from home opportunities then this statistic might not come as a surprise. To help you avoid being one of the many people that falls prey to their tricks, here are my top 8 tips for avoiding work from home scams: • Don’t pay money upfront – Any work from home opportunity that asks for money upfront could well be a scam, whether the money is for registration, training, supplies or processing fees. No ethical employer would expect you to pay them before they pay you. • Speak with someone – A legit employer of remote workers will happily discuss the work from home opportunity with you over the phone. Scammers won’t. • Conduct background checks – Google the company’s name with the word ‘scam’ next to it to see whether anybody that’s been tricked into a non-legit work from home job has an axe to grind. • Check references – If your search on Google doesn’t reveal anything but you’re still suspicious, ask to speak to another internet employee of the company. • Find out exactly what you’ll be paid – Beware of high hourly rates with minimal skills or experience required. There’s no shortage of work from home opportunities promising you’ll earn $100s for a few hours of work. Rather than trust these vague figures, ask them to explain exactly how much you will be paid and how your pay is calculated. • Jobs to avoid – Work from home jobs to avoid or be suspicious of are assembly jobs, data entry (when you have to pay for a starter kit), processing claims or emails and, of course, stuffing envelopes (businesses have postage machines these days!). ‪#‎NCSAM‬

Cyber Security Tip #29

Cyber Security Tip #29: What to do if you’re a victim of cyber crime • File a report with your local law enforcement agency. Even if your local police department or sheriff’s office doesn’t have jurisdiction over the crime (a common occurrence for online crime which may originate in another jurisdiction or even another country), you will need to provide a copy of the law enforcement report to your banks, creditors, other businesses, credit bureaus, and debt collectors. • Even though you may not be asked to provide evidence when you first report the cybercrime, it is very important to keep any evidence you may have related to your complaint. Keep items in a safe location in the event you are requested to provide them for investigative or prosecutive evidence • Make sure you change your passwords for all online accounts. When changing your password, make it long, strong and unique, with a mix of upper and lowercase letters, numbers and symbols. You also may need to contact your bank and other financial institutions to freeze your accounts so that the offender is not able to access your financial resources. • In cases where the offender is known, send the stalker a clear written warning saying the contact is unwanted and asking that the perpetrator cease sending communications of any kind. Do this only once and do not communicate with the stalker again (Ongoing contact usually only encourages the stalker to continue the behavior). • If you believe someone is using your social security number for employment purposes or to fraudulently receive Social Security benefits, contact the Social Security Administration’s fraud hotline at 1-800-269-0271. Request a copy of your social security statement to verify its accuracy. ‪#‎NCSAM‬

Cyber Security Tip #28

Cyber Security Tip #28: Protect Your Identity From Cyber Thieves 1. Don’t carry your Social Security card in your wallet. If your health plan (other than Medicare) or another card uses your Social Security number, ask the company for a different number. 2. Identity thieves love passwords because they open doors to our personal information. Get tough and organized now. Use different passwords for all your accounts. Make those passwords strong with at least eight characters, including a mix of letters, numbers, and symbols ($+r0^gh@h@). 3. Stop most pre-approved credit card offers. They make a tempting target for identity thieves who steal your mail. Have your name removed from credit bureau marketing lists. Call toll-free 1-888-5OPTOUT (888-567-8688). Or opt out online at 4. Open your credit card bills and bank statements right away. Check carefully for any unauthorized charges or withdrawals and report them immediately. 5. When shopping online, check out a Web site before entering your credit card number or other personal information. Read the privacy policy and look for opportunities to opt out of information sharing. Only enter personal information on secure Web pages with “https” in the address bar and a padlock symbol at the bottom of the browser window. ‪#‎NCSAM‬

Cyber Security Tip #27

Cyber Security Tip of the Day #27: Be careful when you install apps on your mobile device Many apps want more permissions than actually needed for their function. For example, some flashlight apps want access to your contacts. Why? Usually for marketing purposes to build a better profile on you and your friends. Don’t install apps that require excessive permissions. Always install apps from a trusted source. This helps ensure the app isn’t fake or malicious. Some examples of unnecessary permissions that apps may ask for include: Storage: modify/delete USB storage contents — apps that store anything (like pictures and video) will require this. Device calls: read device state/identity — some apps require this to be able to do something like “pause” when you get a phone call. Network communication: full Internet access — this often relates to ads too; the app needs to access the Internet to download the ads. Your location: coarse (network-based) location — many games with ads require this so it can deliver targeted ads. System tools: prevent device from sleeping — usually means that when you’re using the app, it will keep your phone from going to sleep or in a power save mode. Your personal information: read contact data — any social media or messaging app needs to access your contact information so you can use them with your friends. ‪#‎NCSAM‬

Cyber Security Tip #26

Cyber Security Tip 26: Avoid Fraudulent Phone Scams Cybercriminals don’t just send fraudulent email messages and set up fake websites. They might also call you on the telephone and claim to be from companies such as Microsoft. They might offer to help solve your computer problems or sell you a software license. Once they have access to your computer, they can do the following: Trick you into installing malicious software that could capture sensitive data, such as online banking user names and passwords. They might also then charge you to remove this software. Convince you to visit legitimate websites (like to download software that will allow them to take control of your computer remotely and adjust settings to leave your computer vulnerable. Request credit card information so they can bill you for phony services. Direct you to fraudulent websites and ask you to enter credit card and other personal or financial information there. Neither Microsoft nor legit computer software companies will make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes. ‪#‎NCSAM‬

Cyber Security Tip #25

Cyber Security Tip #25: Managing Your Digital Footprint Once information is online, sometimes it can be impossible to remove. Therefore you should be conscientious of your visible online presence known as your digital footprint, as criminals and fraudsters may utilize this information against you in various ways. Here are some recommendation for “mapping your digital footprint.” Look at all the social networking sites and forums that you belong to and search what information about you is available. Clean up your digital footprint. Remove any photos, content and links that may be inappropriate or reveal too much information. Be selective about who you authorize to access your information. Use the privacy features of your browser and of the various websites you frequent to reduce the visibility of your information. Since many comments on public websites can be publicly seen, monitor and moderate comments associated with you to maintain a positive digital footprint. Consider using the “block comments” features or setting your social networking profile to “private” so only designated individuals can view it. Always think before you post. ‪#‎NCSAM‬

Cyber Security Tip #24

Cyber Security Tip #24: Safeguard Your Data Safeguarding your business and personal data has never been more difficult or important. How do you safeguard sensitive/confidential data? The manner of protection often depends on what kind of data you are safeguarding, how important or sensitive it is to you, to your organization or your customers. The following tips will help you become aware of how to protect data both at work and at home: • Password-protect your access. Use a strong password or pass-phrase to protect access to your data. • Identify where the data is stored. Have specific places within your network or computer where you store sensitive/confidential data. Those network shares, hard drives, servers, or system folders can then have specific protection methods used to keep them more secure. • Encrypt stored sensitive/confidential data. Whenever possible, encrypt stored sensitive/confidential data, whether it is being permanently or temporarily stored. This can help prevent unintended disclosure even if your system has been compromised. ‪#‎NCSAM‬

Cyber Security Tip #23

Hackers are taking advantage of people’s fears regarding the latest Ebola outbreak. If you get an email from a seemingly trustworthy organization about the Ebola virus in the coming days, beware. It could very well be a scam to obtain your personal info. The emails look like they’re from organizations like the World Health Organization. But when you click on its attachments, they install a DarkComet Remote Access Trojan (RAT) onto your computer, giving hackers access to your computer and the files on it. Be sure to avoid emails with subject lines similar to the following: • RE: Ebola Survival Guide • What you need to know about the deadly Ebola outbreak • So Really, How Do You Get Ebola? • Ebola virus outbreak: Curing Breakthrough Revealed? • SHOCKING Health Alert: Secret Cure for Ebola? • HEALTH NEWS: Secret Cure for Ebola? • Is there ANY way to cure Ebola? ‪#‎NCSAM‬

Cyber Security Tip #22

Cyber Security Tip #22: Treat your personal information like cash Your Social Security number, credit card numbers, and bank account numbers can be used to steal your money or open new accounts in your name. So every time you are asked for your personal information — whether in a web form, an email, a text, or a phone message — think about whether you can really trust the request. Always ensure that the website requesting the information is encrypted. Some websites use encryption only on the sign-in page, but if any part of your session isn’t encrypted, the entire account could be vulnerable. Look for https on every page of the site you’re on, not just where you sign in. ‪#‎NCSAM‬