Earlier this month, a hacker posted a massive list of stolen usernames and passwords on the dark web.
What happens when a password is posted for sale online?
According to the cybersecurity company Agari, crooks act quickly to use stolen passwords, particularly when stolen passwords are for an employee's Office365, Dropbox or Docusign account.
To listen, click on the arrows below.
Sr Director of Threat Research
1: How quickly do crooks begin using a stolen password after it's posted for sale online? Fast!
2: Cybercrooks frequently use one method to trick unsuspecting employees.
3: Examples of the most common types of fake phishing emails that arise from stolen passwords.
1: Think first: do you really need to set up an account that requires personal information or a password? For example, when you're making an online purchase, check out as a guest rather than signing up for an account.
2: Visit the website haveibeenpwned.com to see if your username, email address or one of your passwords has been stolen. Then, change your password for any online accounts that show up on the list. The FBI is now cooperating with this website to help keep it current.
3: Consider purchasing password management software for your personal devices. This will handle the chore of creating and maintaining passwords for you. PC Magazine says reliable brands of password management software available to buy online and install on your computer, tablet and phone include Keeper, LastPass, Dashlane, and 1Password.
In July we will begin our new desktop / laptop security patching program. This program will run continuously, pausing for month-end activities. For now, we will be focused on the most critical/high-security patches for Windows, Mac, and 3rd party applications. The process will run in the background and does not require you to do anything.
Please do make sure and continue to restart your computer weekly at a minimum to help make sure the security patches will apply correctly. If you would like to restart your device more frequently, please do! Please contact the IT Service Desk if you experience any issues at: email@example.com or (903) 677-9309.
Reminders & Updates
What can you do to help?
Continue to restart your computer weekly, thank you for your help with this!
Make sure you have registered for multi-factor authentication.
Please connect to the VPN once a week for at least 15 minutes if you are remote.
Continue to speak up and contact the IT Service Desk if something looks suspicious.
Recent Argon cybersecurity improvements!
Installed new security tools on 200 more desktops and laptops, with more to come.
Completed rollout of Multi-factor authentication to EMEA and began rollout in US and China.
Kicked off DMARC email security project, scheduled to complete in early to mid-2022.
What is DMARC? - Domain-based Message Authentication Reporting and Conformance (DMARC) is a free and open technical specification that is used to authenticate an email. With DMARC in place, it gives another tool for Argon to fight email compromise, phishing, and spoofing.
Did you know in May 2021?
25,689 email attachments were checked to ensure they were safe.
2,163 emails were sent on average each weekday.
8,972 emails were received on average each weekday.
Reminder: Security Patching for IT server resources patching windows.
Please expect server outages and reboots during the following timeframes:
After 10:00pm ET / 9:00pm CT / 5:00 am CET (for US-based server resources)
After 6:00pm ET/ 5:00pm CT / 12:00am CET (for EMEA/UK/China-based server resources)
*The IT team is aware that some servers have a very limited timeframe for security patching, and we are working within those guidelines and will continue to do so.
Thank you for registering for MFA, shortly we will be activating it on all employee accounts, more information to come in July 2021!
We are thinking about how we can improve your login experience with single sign-on. More details in the near future!
> If you have an Amazon Echo, Ring doorbell, or Alexa device, you are likely sharing a small slice of your internet connection with your neighbors. Amazon's new system called “Sidewalk” is designed to keep those devices functioning even if a home’s Wi-Fi network goes down by connecting to your neighbors'. Amazon promises Sidewalk does not put any users at risk. But ArsTechnica says users must change the “preferences” settings on the apps of their Amazon devices to opt-out of Sidewalk.
> Hackers got access to computers at Bose Electronics and stole employee compensation information and home addresses. While little has been disclosed about this breach, ZDNet reminds us that employees should never post backup copies of work-related spreadsheets to their personal online accounts.
> The most widely used parking app in North America, ParkMobile, has been breached, exposing email addresses, phone numbers, and license plate numbers of potentially 13 million users, according to security expert Brian Krebs.
> Dangerous software even makes it into official app stores. The Washington Post says 2% of the 1,000 best-selling titles on Apple’s App Store are scams. Before downloading an app that is not well-known, check user feedback and look for a pattern of negative reviews.
Consumers are increasingly concerned about how personal information they unwittingly provide online is being used, so Google, Facebook, and Apple are beginning to change their privacy policies.
But you still need to take an active role in protecting your personal information. Here are some steps you can take.
Click on the image to download and view this document.
From time to time you may see corporate invitations from evite that originate with our CEO. Be careful and double-check when interacting with them, but know that they are most likely safe to open.
The Argon Cybersecurity Team is dedicated to keeping you and your family safe online. If you think you've clicked on a phishing email, an urgent text message, or received a suspicious voice mail, email us at firstname.lastname@example.org right away so we can check it out.
My elderly mother-in-law is constantly a target for hackers. We live over 200 miles away and want to help! Is there any software available that will allow us to access her computer to prevent her from being scammed?
Yes, but you'll need to set aside time (probably an entire afternoon) and summon up your patience! It's hard enough doing this kind of work in person.
First, understand what you're trying to accomplish. Do you need to rid her machine of bad software? Block spam emails? Install anti-virus software? Do a web search for advice before you begin working on her machine.
Next, make sure you know the kind of computer and operating system you both use. That will determine how you access her machine from afar. (This process is much easier if you both use the same operating system.) Windows 10 has built in software you can use to access her PC called "Quick Assist." Earlier versions of Windows use "Windows Remote Assistance." FaceTime allows a Mac user to access another's Mac. For Chrome, it's "Chrome Remote Desktop." You can also purchase software designed for this purpose such as GoToMyPC, TeamViewer, SplashTop, and ZoHo Assist. Some offer free or trial versions.
The most important step is education. Your mother-in-law should feel comfortable contacting you before responding to urgent emails, texts or phone calls, no matter how credible the messages seem to be.
A caller who was very convincing told me I was being offered a high-paying job based on my experience. He required me to email him a copy of my driver's license (front and back) and include my social security number. There was no job. I feel stupid, but I did it. Now, what do I do?
Scammers often get information about your work history from LinkedIn. Then they entice you with a job offer, when all they really want is your personal information. You are one of many who fall for this trick. Your next step: visit all three credit bureaus online and freeze your credit. It's free and won't affect your credit score. That move will prevent crooks from opening accounts in your name.
Equifax | www.equifax.com
Experian | www.experian.com
TransUnion | www.transunion.com
Aware Force Cybersecurity News • June 2021 b • Edition #122
Cyber cartoon © 2021 cartooncollections.com
Original content © 2021 Aware Force LLC
Aware Force is a registered trademark