303-694-6464      
How Cyber Attackers Trick You

How Cyber Attackers Trick You

by | Nov 9, 2022 | Cyber Security News

CYBER ATTACKERS – HOW THEY TRICK YOU

From: SANS Security Awareness

Cyber attackers are constantly innovating ways to trick us into doing things we should not do, like clicking on malicious links, opening infected email attachments, purchasing gift cards or giving up our passwords. In addition, they often use different technologies or platforms to try to trick us, such as email, phone calls, text messaging, or social media. While all of this may seem overwhelming, most of these attacks share the same thing: emotion. By knowing the emotional triggers that cyber attackers use, you can often spot their attacks no matter what method they are using.

It’s all About Emotions

It all starts with emotions. We, as humans, far too often make decisions based on emotions instead of facts. There is, in fact, an entire field of study on this concept called “behavioral economics,” led by researchers such as Daniel Khaneman, Richard Thaler, and Cass Sunstein. Fortunately for us, if we know the emotional triggers to look for, we can successfully spot and stop most attacks. Listed below are the most common emotional triggers for which to watch. Sometimes cyber attackers will use a combination of these different emotions in the same email, text message, social media post, or phone call – making it that much more effective.

Urgency: Urgency is one of the most common emotional triggers, as it’s so effective. Cyber attackers will often use fear, anxiety, scarcity, or intimidation to rush you into making a mistake. Take, for example, an urgent email from your boss demanding sensitive documents to be sent to her right away, when in reality it is a cyber attacker pretending to be your boss. Or perhaps you get a text message from a cyber attacker pretending to be the government informing you that your taxes are overdue and you have to pay now or you will go to jail.

Anger: You get a message about a political, environmental, or social issue that you are very passionate about — something like “you won’t believe what this political group or corporate company is doing!”

Surprise / Curiosity: Sometimes the attacks that are the most successful say the least. Curiosity is evoked with surprise; we want to learn more. It is a response to something unexpected. For example, a cyber attacker sends you a message that a package is undelivered and to click on a link to learn more, even though you did not order anything online. We are enticed to learn more! Unfortunately, there’s no package, just malicious intent on the other side of that link.

Trust: Attackers use a name or brand you trust to convince you into taking an action. For example, a message pretending to be from your bank, a well-known charity, a trusted government organization, or even a person you know. Just because an email or text message uses a name of an organization you know and their logo, does not mean the message actually came from them.

Excitement: You get a text message from your bank or service provider thanking you for making your payments on time. The text message then provides a link where you can claim a reward–a new iPad, how exciting! The link takes you to a website that looks official, but asks for all of your personal information, or says that you need to provide credit card information to cover small shipping/handling costs. This is a cyber attacker who is simply stealing your money or your identity.

Empathy / Compassion: Cyber attackers take advantage of your good will. For example, after a disaster appears on the news, they will send out millions of fake emails pretending to be a charity serving the victims and asking you for money.

By better understanding these emotional triggers, you will be far better prepared to spot and stop cyber attackers, regardless of the lure, technology, or platform they use.

Simple Passwords

Simple Passwords

by | Oct 1, 2022 | Cyber Security News, News

MAKING PASSWORDS SIMPLE

From: SANS Security Awareness

You are often told your passwords are key to protecting your accounts (which is true!), but rarely are you given a simple way to securely create and manage all your passwords. Below we cover three simple steps to simplify your passwords, lock down your accounts, and protect your future.

-Read More-

Got Backups?

Got Backups?

by | Sep 10, 2022 | Cyber Security News

BACKUP YOUR COMPUTER. EXPERT TIPS.

If you use a computer or mobile device long enough, sooner or later something will go wrong. You may accidentally delete the wrong files, have a hardware failure, or lose a device. Even worse, malware may infect and wipe or encrypt your files. At times like these, backups are often the only way you can rebuild your digital life.

Backups are copies of your information stored somewhere other than on your computer or mobile device. When you lose, or cannot access, valuable data on your device, you can recover your data from backups.

Many of the files we create today are already automatically stored and backed-up in the cloud, such as Microsoft Word documents stored in Microsoft OneDrive, Dropbox, or Google Drive, or personal photos stored in Apple iCloud. But there may be files you create that are not automatically stored in the cloud; or perhaps you want additional backups for personal use.

What, When, and How

The first step is deciding what you want to back up: (1) specific data that is important to you; or (2) everything, perhaps including your entire operating system. Many backup solutions are configured by default to use the first approach and only back up the most commonly used folders. If you are not sure what to back up or want to be extra careful, consider backing up everything.

Second, decide how frequently to back up the data. Built-in backup programs such as Apple’s Time Machine or Windows Backup and Restore allow you to create an automatic “set it and forget it” schedule. Common scheduling options include hourly, daily, and weekly. Other solutions may offer “continuous protection” in which files are immediately backed up as they are edited or saved. At a minimum, we recommend automated daily backups of critical files.

Finally, decide how you are going to back up. There are two ways: local or cloud-based backups. Local backups rely upon devices you physically control such as external USB drives or network accessible devices. The advantage of local backups is that they enable you to back up and recover large amounts of data quickly. The disadvantage is that if you become infected with malware, it is possible for the infection to spread to your backups. Also, if you have a disaster, such as fire or theft, you could lose your backups as well as your computer. If you use external devices for backups, store a copy offsite in a secure location and make sure your backups are properly labeled. For additional security, consider encrypting your backups.

Cloud-based solutions are online services that back up and store your files on the internet. Typically, you install an application on your computer. The application then automatically backs up your files either on a defined schedule or as you modify or save them. Some advantages of Cloud Solutions are their simplicity, automation of backups, and the access to files from almost anywhere. Also, since your data resides in the cloud, home disasters such as fire or theft will not affect your backup. The main disadvantage is the bandwidth it consumes. Your ability to backup and restore depends on how much data you are backing up and the speed of your network. Not sure if you want to use local or cloud-based backups? Be extra safe and use both.

With mobile devices, most of your data such as emails, text messages, or photos you take are automatically stored in the cloud. However, your mobile app configurations, system preferences, and other files may not be stored in the cloud. By automatically backing up your mobile device, not only do you preserve this information, but it is easier to transfer your data when you upgrade to a new device.

Additional Key Points

  • Regularly test that your backups are working by retrieving and opening a file.
  • If you rebuild a system from backup including the operating system, be sure you reapply the latest security patches and updates before using it again.
  • If you are using a cloud solution, select one that is easy for you to use and research the security options. For example, does your cloud backup vendor support two-step verification to secure your online account?

Backups are a simple and low-cost way to protect your digital life.

Charity and Disaster Scams

Charity and Disaster Scams

by | Aug 17, 2022 | Cyber Security News, News

Cyber criminals know that one of the best ways to rush people into making a mistake is by creating a heightened sense of urgency. And one of the easiest ways to create a sense of urgency is to take advantage of a crisis. This is why cyber criminals love it whenever there is a traumatic event with global impact.

What most of us regard as a tragedy, cyber criminals view as an opportunity, such as the breakout of a war, a major natural disaster such as a volcanic explosion, and of course infectious disease breakouts like COVID- 19.

When there is an immense amount of social media and news coverage about a certain event, cyber criminals know that is the time to strike.

They use this opportunity to create timely phishing emails or scams about the event, and then send that phishing email or launch the scam to millions of people around the world. For example, during a natural disaster, they may pretend to be a charity asking for donations to save children in need. Cyber criminals can often act within hours of a crisis or disaster, as they have all the technical infrastructure prepared and are ready ahead of time. How can we protect ourselves the next time there is a big crisis or disaster, and cyber criminals seek to exploit it?

How to Detect and Defend Against These Scams

The key to avoiding these scams is to be suspicious of anyone who reaches out to you. For example, do not trust an urgent email claiming to be from a charity that desperately needs donations, even if the email appears to be from a brand that you know and trust. Do not trust a phone call claiming to be a local food bank pressuring you to donate. The greater the sense of urgency, the more likely the request is an attack. Here are some of the most common indicators of a charity scam:

  • Be very suspicious of any charity that requires that you donate via cryptocurrency, Western Union, wiring money, or gift cards.
  • Cyber criminals can change their caller ID phone number to make their phone call look like it’s from your local area code or from a trusted name. Caller ID cannot be relied upon these days.
  • Some cyber criminals will use names and logos that sound or look like a real charity. This is one reason it pays to do some research before giving.
  • Cyber criminals will often make lots of vague and sentimental claims about what they will do with your money but give no specifics about how your donation will be used.
  • Some cyber criminals may try to trick you into donating to them by thanking you for a donation you made in the past when, in reality, you never donated to them.
  • Do not assume pleas for help on crowdfunding sites such as GoFundMe or social media sites such as TikTok are legitimate, especially in the wake of a crisis or tragedy.
  • Do not give out personal or financial information in response to any unsolicited request.

How to Make a Difference Safely

To donate in times of need or to help those impacted by a disaster, donate only to well-known, trusted organizations. You initiate the connections and decide who to reach out to, such as what websites to visit or what organizations to call. When you consider giving to a charity, search its name plus words like “complaint,” “review,” “rating,” or “scam.” Not sure which charities to trust? Start by researching on government websites you trust, or perhaps links provided by a well-known and highly trusted news organization. Donating in times of need is a fantastic way to make a difference, just be sure you are giving to legitimate organizations.

Phishing Attackers Getting Trickier

Phishing Attackers Getting Trickier

by | Jul 6, 2022 | Cyber Security News, News

PHISHING ATTACKERS GETTING TRICKIER

Phishing attacks have become the most common method cyber attackers use to target people at work and at home. Phishing attacks have traditionally been emails sent by cyber attackers to trick you into doing something you should not do, such as opening an infected email attachment, clicking on a malicious link, or sharing your password.

While traditional phishing attacks continue today, many cyber attackers are creating advanced phishing emails that are more customized and harder to detect. They are also using technologies such as text messaging, social media, or even telephone calls to engage and fool you. Here are their latest tricks and how you can spot them.

Cyber Attackers Are Doing Their Research

Phishing emails used to be easier to detect because they were generic messages sent out to millions of random people. Cyber attackers had no idea who would fall victim; they just knew the more emails they sent, the more people they could trick. We could often detect these simpler attacks by looking for odd emails with “Dear Customer” in the beginning, misspellings, or messages that were too good to be true, such as Nigerian princes offering you millions of dollars

Today’s cyber attackers are far more sophisticated. They now research their intended victims to create a more customized attack. Instead of sending out a phishing email to five million people, or appearing to be generic emails sent by corporations, they may send it to just five people and tailor the attack to appear to be sent from someone we know. Cyber attackers do this by:

  • researching our LinkedIn profiles, what we post on social media, or by using information that is publicly available or found on the Dark Web.
  • crafting messages that appear to come from management, coworkers, or vendors you know and work with.
  • learning what your hobbies are and sending a message to you pretending to be someone who shares a mutual interest.
  • determining you have been to a recent conference or just returned from a trip and then crafting an email referencing your travels.

Cyber attackers are actively using other methods to send the same messages, such as texting you or even calling you directly by phone.

How to Detect These More Advanced Phishing Attacks

Because cyber attackers are taking their time and researching their intended victims, it can be more difficult to spot these attacks. The good news is you can still spot them if you know what you are looking for. Ask yourself the following questions before taking action on a suspicious message:

  1. Does the message create a heightened sense of urgency? Are you being pressured to bypass your organization’s security policies? Are you being rushed into making a mistake? The greater the pressure or sense of urgency, the more likely this is an attack.
  2. Does the email or message make sense? Would the CEO of your company urgently text you asking for help? Does your supervisor really need you to rush out and buy gift cards? Why would your bank or credit card company be asking for personal information they should already have about you? If the message seems odd or out of place, it may be an attack.
  3. Are you receiving a work-related email from a trusted coworker or perhaps your supervisor, but the email is using a personal email address such as @gmail.com?
  4. Did you receive an email or message from someone you know, but the wording, tone of voice or signature in the message is wrong and unusual?

If a message seems odd or suspicious, it may be an attack. If you want to confirm if an email or message is legitimate, one option is to call the individual or organization sending you the message with a trusted phone number.

You are by far the best defense. Use common sense.