303-694-6464      
TOP THREE SOCIAL MEDIA SCAMS

TOP THREE SOCIAL MEDIA SCAMS

by | Apr 4, 2022 | Cyber Security News, News

FROM: SANS Security Awareness

While social media is a fantastic way to communicate, share, and have fun with others, it is also a low-cost way for cyber criminals to trick and take advantage of millions of people. Don’t fall victim to the three most common scams on social media.

Investment Scams

Have you ever seen a post about an investment opportunity that promises a huge return on investment in an extremely quick amount of time with allegedly little to no risk? The reality is, these guarantees are really investment scams. Fraudsters simply steal your money after you pay them. These scams often include ads or success stories from past customers to promote the investments, but those are just fake testimonials to increase your trust. Often these investment scams are about investing in crypto-currencies or real estate, and payment is often made in crypto-currencies or other non-standard payment methods. If an investment seems too good to be true, it most likely is. Remember, there is no such thing as guaranteed, high-return investments. Only invest your money in trusted, well-known resources, not strangers you meet online pushing a get-rich-quick scheme.

Romance Scams

When criminals develop an online relationship with someone they’ve identified as lonely or vulnerable to trick them out of money, this is known as a romance scam. The criminal will use whatever tactics they can to build trust, including exchanging fake photos or sending gifts, then share a tragic story about needing money to pay for expenses such as hospital bills or for travel costs to visit the victim in person. To avoid actually meeting in person, these criminals may say they work in an industry that prevents them from doing so, such as construction, international medicine, or the military. They often request money as a wire transfer or gift cards to get cash quickly and remain anonymous. These types of scams are not only common on social media but with online dating apps. Be careful with people you meet online, take things slowly, and never send money to someone you have only communicated with online.

Additionally, if you believe someone you know may be vulnerable to such an attack or is in an online relationship that raises these flags, offer to help them. Sometimes it can be very difficult for someone engrossed in an emotional connection to see just how dangerous the situation has become.

Online Shopping Scams

Online shopping scams happen when you purchase items online at extremely low or unbelievable prices but never receive them. Tempting ads on social media will promote incredible prices and have links that take you to sites that appear to be legitimate and sell well-known brands, but these sites are often fake. Be wary of websites that have no contact information, broken contact forms, or use personal email addresses. Type the name of the online store or its web address into a search engine to see what others have said about it. Look for terms like “fraud,” “scam,” “never again,” and “fake.” Be very cautious of online promotions or deals that appear too good to be true. It’s far safer to purchase items that may cost slightly more, but from trusted sites that you or your friends have used before.

The good news is: You are your own best defense. You are in control. Just be on alert for scams like these and you will be able to make the most of social media safely and securely.

Learn To Spot “DeepFakes”

Learn To Spot “DeepFakes”

by | Mar 1, 2022 | Cyber Security News, News

LEARN TO SPOT DEEPFAKES

From: SANS Security Awareness

What Are Deepfakes?

The word “deepfake” is a combination of “deep learning” and “fake.” Deepfakes are falsified pictures, videos, or audio recordings. Sometimes the people in them are computer-generated, fake identities that look and sound like they could be real people. Sometimes the people are real, but their images and voices are manipulated into doing and saying things they didn’t do or say. For example, a deepfake video could be used to recreate a celebrity or politician saying something they never said. Using these very lifelike fakes, attackers can spin up an alternate reality where you can’t always trust your eyes and ears.

Some deepfakes have legitimate purposes, like movies bringing deceased actors back to life to recreate a famous character. But cyber attackers are starting to leverage the potential of deepfakes. They deploy them to fool your senses, so they can steal your money, harass people, manipulate voters or political views, or create fake news. In some cases, they have even created sham companies made up of deepfake employees. You must become even more careful of what you believe when reading news or social media in light of these attacks.

The FBI warns that in the future deepfakes will have “more severe and widespread impact due to the sophistication level of the synthetic media used.” Learn to spot the signs of a deepfake to protect yourself from these highly believable simulations. Each form of deepfake — still image, video, and audio — has its own set of flaws that can give it away.

Still Images

The deepfake you may see most often is the phony social media profile picture. The image below is an example of a deepfake from the website thispersondoesnotexist.com. Below the image are five different clues that this could be a deepfake. You will notice that these clues are not easy to spot and can be hard to identify:

OUCH_March_2022_still_image.png

  1. Background: The background is often blurry or crooked, and may have inconsistent lighting such as pronounced shadows pointing in different directions.
  2. Glasses: Look closely at the connection between the frames and the arms near the temple. Deepfakes often have mismatching connections with slightly different sizes or shapes.
  3. Eyes: Deepfake photos currently used for fake profile pictures appear to have their eyes in the same spot in the frame, resulting in what some call the “deepfake stare.”
  4. Jewelry: Earrings may be amorphous or strangely attached. Necklaces may be embedded into the skin.
  5. Collars and shoulders: Shoulders may be misshapen or unmatching. Collars may be different on each side.

Video

Researchers at the Massachusetts Institute of Technology, MIT, developed a question list to help you figure out if a video is real, noting that deepfakes often can’t “fully represent the natural physics” of a scene or lighting.

  1. Cheeks and forehead: Does the skin appear too smooth or too wrinkly? Is the age of the skin similar to the age of the hair and eyes?
  2. Eyes and eyebrows: Do shadows appear in places that you would expect?
  3. Glasses: Is there any glare? Too much glare? Does the angle of the glare change when the person moves?
  4. Facial hair: Does the facial hair look real? Deepfakes might add or remove a mustache, sideburns, or beard.
  5. Facial moles: Does the mole look real?
  6. Blinking: Does the person blink enough or too much?
  7. Lip size and color: Do the size and color match the rest of the person’s face?

Audio/Voice

Researchers say technologies like spectrograms can show when voice recordings are fake. But most of us do not have the luxury of a voice analyzer when an attacker calls. Listen for a monotone delivery, odd pitch or emotion, and lack of background noise. Voice fakes can be hard to detect. If you receive an odd call from a legitimate organization, you can verify if the call is real by first hanging up then calling the organization back. Be sure to use a trusted phone number, such as a phone number you already have in your contact list, a phone number printed on a bill or statement from the organization, or the phone number on the organization’s official website.

Conclusion

Be aware that attackers are actively using deepfakes. They can make fake accounts on social media to connect with or create fake videos to influence public opinion. Some are even selling their services on the dark web so other attackers can do the same. We don’t expect you to become a deepfake expert, but if you arm yourself with the basics of identifying the fakes, you’ll be far better at defending yourself. If you suspect you have detected a deepfake, report it to the website or source that is hosting the content.

Cyber Security Dos & Don’ts for Remote Working

Cyber Security Dos & Don’ts for Remote Working

by | Feb 17, 2022 | Cyber Security News, News

CYBER SECURITY DOS & DON’TS FOR REMOTE WORKING

During the past 2 years we’ve seen a huge shift to remote working due to the global health crisis, and despite some cyber security concerns, this may be a trend that will continue even once the pandemic passes. In fact, 74% of companies worldwide plan to encourage the trend of employees working remotely.

While this flexible working arrangement is definitely more convenient, it doesn’t come without its own set of risks — particularly in the realm of cyber security. In order to reduce the chances of your company becoming a target of a security risk or data breach due to people working from their home offices, it is important you reinforce some sound cybersecurity strategies.

Here, then, are some basic dos and don’ts to keep in mind if you are working from home, manage a remote team or full company of remote employees.

DON’T: Use public networks

Some public Wi-Fi networks need a password to log in, but that doesn’t automatically make them safe. Public networks are not secure, meaning other people can have easy access to it and there’s no firewall keeping you safe from malicious entities. One danger is you might end up logging on to a rogue network. This is essentially when a cybercriminal’s rogue hotspot pretends to be a public network, acting as a ‘middleman’ between you and the real network. This allows them to see all online traffic and even credentials you use.

DO: Ask employees to use a VPN

VPNs are a popular cybersecurity tool. While employees may use their own VPNs, some might skimp on it and go for the cheaper or even free ones. There are even fake VPNs out there that might end up stealing your data. Instead, opt for a business VPN, such as the Perimeter 81, which has a server designed for business users. They protect data and business security, not just the employees’. Confidential data and important files can be sent and accessed safely. Aside from security encryption, VPNs act as a proxy to the internet.

DON’T: Rely on just the home office router’s firewall

Home office routers already have default firewalls that keep intruders and third parties from infiltrating your personal gadgets. However, attackers have figured out how to hack them. Consider supplementing your home router firewall with a hardware firewall. It uses PCBs that are designed and manufactured using materials like solder mask, silk screen, and copper all on one board. The small board can accommodate elaborate security functions to ensure your network is safeguarded against external threats.

DO: Update your company’s software

Computer updates aren’t just there to add features and improve existing ones or to give you more speed. Software updates also patch security flaws. After all, cyber criminals are always coming up with new malware and trying to look for security lapses in your organizational IT infrastructure. So before you shrug off that software update notification, think twice as you might be putting your device and your business’s sensitive information at risk.

DON’T: Assume that your business is safe

This is the most important thing you should avoid. As previously mentioned, cybercriminals are always looking for ways to attack businesses and individuals. According to 2021 cybercrime predictions, there is a cyber attack every 11 seconds and it will cost the global economy at least $5.7 billion a year. Truth be told, the perfect security strategy doesn’t exist. However, having enough measures in place can significantly lower your chances of being targeted. It is also important for employees and employers, both, to have some basic level of cyber security training so that they understand what repercussions their actions can have.

DO: Learn about phishing attacks

Executives and cybersecurity professionals aren’t the only ones who need to know how to handle cyber attacks. Unfortunately, even the best VPNs and anti-virus software won’t be able to do anything if employees fall prey to phishing attacks. You can train them by conducting phishing simulation tests, which can help them recognize phishing attacks. On top of this, you can also consider holding internal training or providing them with high quality literature so they can educate themselves on the common cyber threats and attacks mechanisms.

First American State Bank offers a variety of personal banking and lending products to existing and new customers. We value personal banking relationships with our customers and strive to accommodate all your banking needs.

Spot & Stop Messaging Attacks

Spot & Stop Messaging Attacks

by | Jan 5, 2022 | Cyber Security News, News

WHAT ARE MESSAGING (SMS) ATTACKS?

From: SANS Security Awareness – JANUARY 2022

Smishing (a portmanteau word combining SMS and phishing) are attacks that occur when cyber attackers use SMS, texting, or similar messaging technologies to trick you into taking an action you should not take. Perhaps they fool you into providing your credit card details, get you to call a phone number to get your banking information, or convince you to fill out an online survey to harvest your personal information. Just like in email phishing attacks, cyber criminals often play on your emotions to get you to act by creating a sense of urgency or curiosity, for example. However, what makes messaging attacks so dangerous is there is far less information and fewer clues in a text than there is in an email, making it much harder for you to detect that something is wrong.

A common scam is a message telling you that you won an iPhone, and you only need to click on a link and fill out a survey to claim it. In reality, there is no phone and the survey is designed to harvest your personal information. Another example would be a message stating that a package could not be delivered with a link to a website where you are asked to provide information needed to complete delivery, including your credit card details to cover “service charges.” In some cases, these sites may even ask you to install an unauthorized mobile app that infects and takes over your device.

Sometimes cyber criminals will even combine phone and messaging attacks. For example, you may get an urgent text message from your bank asking if you authorized an odd payment. The message asks you to reply YES or NO to confirm the payment. If you respond, the cybercriminal now knows you are willing to engage and will call you pretending to be the bank’s fraud department. They will then try to talk you out of your financial and credit card information, or even your bank account’s login and password.

SPOTTING AND STOPPING MESSAGING ATTACKS

Here are some questions to ask yourself to spot the most common clues of a messaging attack:

  • Does the message create a tremendous sense of urgency attempting to rush or pressure you into taking an action?
  • Is the message taking you to websites that ask for your personal information, credit card, passwords, or other sensitive information they should not have access to?
  • Does the message sound too good to be true? No, you did not really win a new iPhone for free.
  • Does the linked website or service force you to pay using non-standard methods such as Bitcoin, gift cards or Western Union transfers?
  • Does the message ask you for the multi-factor authentication code that was sent to your phone or generated by your banking app?
  • Does the message look like the equivalent of a “wrong number?” If so, do not respond to it or attempt to contact the sender; just delete it.

If you get a message from an official organization that alarms you, call the organization back directly. Don’t use the phone number included in the message, use a trusted phone number instead. For example, if you get a text message from your bank saying there is a problem with your account or credit card, get a trusted phone number on your bank’s website, a billing statement, or from the back of your bank or credit card. Also remember that most government agencies, such as tax or law enforcement agencies, will never contact you via text message, they will only contact you by old fashioned mail.

When it comes to messaging attacks, you are your own best defense.

Village Toy Drive 2021

Village Toy Drive 2021

by | Dec 21, 2021 | News, The Villager

VILLAGE TOY DRIVE 2021

The Village Toy Drive was a huge success with just under 900 gifts donated and $6,000 raised that went towards buying gift cards for the teenagers. This 8th Annual event is presented by First American State Bank, Volunteers of America, Cherry Village Living and Gruber Commercial Real Estate, Inc. The final wrapping party was held on Thursday, December 17 at First American State Bank with Vice President, Michelle Gruber at the helm busily wrapping and responsible for coordinating this amazing toy drive. Every employee along with Volunteers of America staff, West Middle School student Council, friends of friends and even local radio personality Kim Monson of The Kim Monson Show was there to help with the final “wrap up” so that less fortunate families the Denver Metro area will have a glorious Christmas.

Toys are being delivered by Volunteers of America this week along with 1,500 Christmas baskets to families in need. There was a raffle drawing held for anyone whom donated cash and or gift items and the lucky winners were Jim Cull, the recipient of two club level tickets for Broncos vs Cincinnati Bengals game on 12/19/2021 with a valet pass and Charlie McNeil won the bottle of Elway’s Reserve Cabernet Sauvignon wine signed by the man himself, John Elway.

Click Here To Download Article