from the Georgia-Pacific Cybersecurity Team
Keeping you safer as you work online
With the cyberattack against Colonial Pipeline disrupting fuel supplies on the east coast, millions of Americans are experiencing ransomware for the first time. But ransomware attacks are not new or uncommon. In fact, ransomware is the fastest-growing kind of cybercrime because it can be so profitable for criminals.
In a ransomware attack, hackers gain access to an organization’s computer network, encrypt files on its computers, and demand payment to unscramble the files. Sometimes hackers also threaten to publicly disclose confidential information about organizations and individuals. The FBI warns that paying the ransom is usually futile.
Employees can be unwitting accomplices to these hackers. Click on the button below to watch a video about how that happens.
> Credit scores and financial “risk factors” of millions of Americans have been exposed to fraudsters because of a glitch at the credit reporting giant Experian. Security expert Brian Krebs says freezing a person’s credit reports at Experian will prevent improper disclosure of their creditworthiness moving forward.
> Only 4% of iPhone users are giving permission for Facebook, Google, and other platforms to track what they do on the web. Consumers got the option to opt-out of behavior tracking in Apple's latest software. Facebook implies that if too many consumers choose greater privacy, the company may have to charge users for its service.
> Fake package delivery emails and texts are still on the rise because so many of us fall for them. Examples include:
“We have (1) package pending for your name. Schedule delivery now.”
“Order 4160894 is scheduled for delivery today. Track the package here.”
“Your misguided package is scheduled for delivery today. Click here for an ETA”.
The cyber firm Proofpoint says these emails contain links that require users to enter personal information to access phony delivery instructions.
You're the most important part of keeping our company and your colleagues cyber safe. If you receive a suspicious email or phone call — even if it appears to be from inside the company — trust your instinct.
Slow down and double-check the sender's address. If it's an urgent message asking for personal information, company documents, or payments to vendors, don't respond or unsubscribe.
Check with a supervisor. Be cyber aware, every day, everywhere.
"I received email alerts saying each of the accounts at my credit union went below the minimum balance that I had set. If I log into the credit union, will that expose other accounts I have to hackers?"
If you think something is amiss, move fast. Log in, check your accounts, change your password, and call your financial institution if something is wrong. You’re smart to receive text alerts about the activity in your accounts. Now take it a step further. Set up two-stage authentication so, in addition to logging in with your password, you receive a one-time access code on your phone that must also be entered to gain access.
"If your e-mail, phone number, and password are on the dark web, what exactly does that mean? What are the consequences?"
Just assume your personal information is for sale on the dark web, the vast area of the internet not easily accessible with a web browser. There’s no way to undo that. Protect yourself by putting a freeze on your credit files at all three major bureaus (Equifax, TransUnion, and Experian), check the website haveibeenpwned.com to see if any of your accounts have been hacked, and create a new unique, long passphrase for each one.
"I fell for a phishing email because the "sender" email address was exactly that of a friend's. After I replied, the phishing email reply did NOT contain the previous "correct" email address, so I knew it was fraudulent. How does a person spoof the "sender" address when the email does not really come from that sender?"
Most of us don’t realize that our personal email is not very secure. Sometimes it can be intercepted. As you've learned, crooks can spoof an email address to make it appear to come from someone you trust. To check if an email has been spoofed, look at the address that appears between the < and >. (See the graphic below.) Whenever possible, consider sending important personal information via text message instead of email, or do a web search to learn how to encrypt emails in your home email program.
Aware Force Cybersecurity News • May 2021 b • Edition #120
Cyber cartoon © 2021 cartooncollections.com
Original content © 2021 Aware Force LLC
Aware Force is a registered trademark