2021 October Cyber Bytes

Trending Cyber News

October is National Cybersecurity Awareness Month!  

Every year since 2003, October has been recognized as National Cyber Security Awareness Month (NCSAM). This effort was brought to life through a collaboration between the U.S. Department of Homeland Security and the National Cyber Security Alliance. NCSAM was created to ensure that every individual stay safe and secure online. Much of your personal information is stored either on your computer, smartphone, tablet or possibly on someone else’s system. Knowing how to protect the information that you have stored is of high importance not just for an individual but for our organization and those in it.

Since the combined efforts of the National Cyber Security Alliance and DHS have been taking place, the month has grown in reach and participation. Operated in many respects as a grassroots campaign, the month’s effort has grown to include the participation of a multitude of industry participants that engage their customers, employees, and the general public in awareness, as well as college campuses, nonprofits, and other groups. 

Between 2009 and 2018, the month’s theme was “Our Shared Responsibility.” The theme reflected the role that we all – from large enterprises to individual computer users – have in securing the digital assets in their control. 

In 2009, DHS Secretary Janet Napolitano launched Cybersecurity Awareness Month at an event in Washington, D.C., becoming the highest-ranking government official to participate in the month’s activities. In subsequent years, leading administration officials from DHS, the White House and other agencies have regularly participated in events across the United States. 

In 2010, the kickoff of Cybersecurity Awareness Month also included the launch of the STOP. THINK. CONNECT. campaign. President Obama’s proclamation for the month includes STOP. THINK. CONNECT. as the national cybersecurity education and awareness message. 

Also in 2010, the National Cyber Security Alliance began moving the launch of the month to sites around the country. The month has been launched in Seattle and Bellevue, WA, Ypsilanti, MI, Omaha, NE, Boston, MA, Nashville, TN, and Washington, D.C. 

Starting in 2011, the National Cyber Security Alliance and DHS developed the concept of weekly themes during the month. This idea was based on feedback from stakeholders that the many aspects of cybersecurity should be better articulated, making it easier for other groups to align with specific themes. Themes have included education, cybercrime, law enforcement, mobility, critical infrastructure and small and medium-sized businesses. 

The collaboration of NCSA and DHS on Cybersecurity Awareness Month is one of the many successful public-private partnerships that are so critical to cybersecurity.

Did You Know?

  • As of 2021, there is a ransomware attack every 11 seconds, down from 39 seconds in 2019
  • 43% of cyber-attacks target small businesses, and they have grown 400 percent since the outbreak began
  • 169 million personal records exposed from financial, business, education, healthcare, and public sectors?
  • 66% of small businesses rely on the internet but only 23% have an internet security policy?
  • 594 million people are affected globally by cybercrime each year?
  • 24 billion or more internet-connected devices have been installed?

Spam and Phishing

Cybercriminals have become quite savvy in their attempts to lure people in and get you to click on a link or open an attachment. A malicious email can look just like it comes from a financial institution, an e-commerce site, a government agency or any other service or business. 

It often urges you to act quickly, because your account has been compromised, your order cannot be fulfilled or there is another urgent matter to address. 

If you are unsure whether an email request is legitimate, try to verify it with these steps: 

  • Contact the company directly – using information provided on an account statement, on the company’s official website or on the back of a credit card.
  • Search for the company online – but not with information provided in the email. 

TIPS FOR AVOIDING BEING A VICTIM

  • Don’t reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent in an email.
  • Before sending or entering sensitive information online, check the security of the website.
  • Pay attention to the website’s URL. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net).
  • If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Contact the company using information provided on an account statement, not information provided in an email.
  • Keep a clean machine. Keep all software on internet-connected devices – including PCs, smartphones and tablets – up to date to reduce risk of infection from malware. 

WHAT TO DO IF YOU ARE A VICTIM

  • Report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
  • If you believe your financial accounts may be compromised, contact your financial institution immediately and close the account(s).
  • Watch for any unauthorized charges to your account.
  • Consider reporting the attack to your local police department, and file a report with the Federal Trade Commission or the Internet Crime Complaint Center.

Spot the Phish

Here's a small sample of popular phishing emails seen over the years. As you can see there are many different approaches cybercriminals will take and they are always evolving. 

While it would be virtually impossible to keep a current and fully comprehensive archive of these examples, it's a really good idea to keep updated on what's out there to make phishing attacks less likely.

CLASSIC PHISHING EMAILS

TECH SUPPORT SCAMS

Over the past few years online service providers have been stepping up their security game by messaging customers when they detect unusual or worrisome activity on their users' accounts. Not surprisingly, the bad guys are using this to their advantage. Many are designed poorly with bad grammar, etc. but others look legitimate enough for someone to click if they weren't paying close attention:

Consider this fake PayPal security notice warning potential marks of "unusual log in activity" on their accounts:

image of a fake paypal security notice

 

Hovering over the links would be enough to stop you from ending up on a credentials stealing web site.

And here's a fake Microsoft notice, almost identical in appearance to an actual notice from Microsoft concerning "Unusual sign-in activity":

image of a fake Microsoft notice of unusual sign in activity

 

This email points users to a phony 1-800 number instead of kicking users to a credentials phish. 

Online Shopping

It’s important to take steps to protect yourself when shopping online. 

From the convenience of making purchases at your fingertips and next-day delivery to getting great deals and the endless catalogue of purchasable items, online shopping has only grown in popularity. While the increased availability of online shopping is convenient, it also makes it more lucrative for scammers to trick buyers into paying for goods they won’t receive or obtain their personal information for financial gain. So, what can you do about it? 

Take security precautions, think about the consequences of your actions online and enjoy the conveniences of technology with peace of mind while you shop online. 

ONLINE SHOPPING TIPS

  • Think before you click: Beware of ads encouraging users to click on links. If you receive an enticing offer, do not click on the link. Instead, go directly to the company’s website to verify the offer is legitimate.
  • Do your homework: Fraudsters are fond of setting up fake e-commerce sites. Prior to making a purchase, read reviews to hear what others say about the merchant. In addition, look for a physical location and any customer service information. It’s also a good idea to call the merchant to confirm that they are legitimate.
  • Consider your payment options: Using a credit card is much better than using a debit card; there are more consumer protections for credit cards if something goes awry. Or you can use a third-party payment service instead of your credit card. There are many services you can use to pay for purchases – like Google Pay — without giving the merchant your credit card information directly.
  • Watch what you give away: Be alert to the kinds of information being collected to complete your transaction. If the merchant is requesting more data than you feel comfortable sharing, cancel the transaction. You only need to fill out required fields at checkout and you should not save your payment information in your profile. If the account autosaves it, after the purchase go in and delete the stored payment details.
  • Keep tabs on your bank and credit card statements: Be sure to continuously check your accounts for any unauthorized activity. Good recordkeeping goes together with managing your cybersecurity. Another tip for monitoring activity is to set up alerts so that if your credit card is used, you will receive an email or text message with the transaction details.