There's a constant deluge of cyber security tips and cyber threats to be aware of. As a Managed IT Service company, we work to keep our customers aware and ahead of the latest threats. Here are 7 cybersecurity concepts, tips, and threats to keep in mind as you go through your day.
How to spot a phishing landing page
Phishing landing pages are similar to phishing emails in that they are impersonating someone or some entity and are hoping to get some personal information from you.
You usually find a phishing landing page after clicking a phishing link in a message or clicking an advertisement in a web browser.
Like phishing emails, the landing page tries to look as legitimate as possible, but there are typically some signs that this is not a real website. Here are 5 things to look for that might indicate it is a phishing page. But be aware, that the best phishing pages look virtually identical to the page they are cloning.
Look for spelling errors.
Check the URL. Make sure it matches exactly the site you intended to go to.
Is the form asking for too much sensitive information such as:
government ID numbers
dates of birth
address information (especially previous address info)
Does the URL start with "HTTPS://" that "S" is important! If there is no "S" that means it is not a secure site.
If you enter your information into the landing page, your information will probably end up in the hand of a cybercriminal! The best thing to do is go to that company's real page and change your credentials immediately.
Kosh provides access to ongoing trackable cybersecurity training for our customers. Click here for a list of Free Cybersecurity Resources (small & medium businesses)
How to identify a phone scam
Your car's warranty insurance is probably just fine, but if you accidentally answered one of these scam calls, you may want to take note of how to interact or not interact with them.
Don't answer questions or press numbers answering questions. It may not seem like a big deal but some scammers may record your voice and/or actions to use as evidence that you agreed to purchases.
Listen for common scam tactics like threats and prize offers requiring immediate attention.
If you receive a voicemail asking you to call back, don't just call the number back. Go to the website and call the official number instead.
Consider setting up call blocking on your phone. I love the spam blocking feature on my phone. It's actually quite rare that one of these scam calls gets through anymore.
If you did give out sensitive information to a phone scammer, make sure to get in touch with your financial institutions and other services to let them know your account may be compromised.
Social media scam to be aware of
There are examples where a person builds up a following and seems like a normal likable person. But at some point, their feed starts to fill with posts about hardships, medical and/or employment related. They then reach out asking for donations to help them pay rent or help them pay medical bills. There have been cases where a single person is running many of these scams across different accounts. Always be very aware of who you're interacting with online and be hyper-aware if they start asking for money.
What is the dark web?
This is the place where most stolen data goes to be sold. Hacked credentials are sold alongside drugs, counterfeit bills, weapons, credit card numbers, hacked social media accounts, and anything in between!
The dark web is really just a place online that is not accessible through normal web browsers and internet searches. Anyone can access the dark web through a web browser called Tor.
When a cybercriminal hacks a database and then places that data for sale on the dark web, it is not just sold to one other criminal. The breached data is most likely sold to hundreds or thousands of cyber criminals all using that data to run attacks.
You can't stop all data breaches, but one way to help limit the impact if your data is part of a breach is to not reuse passwords.
Kosh provides dark web monitoring that will alert us if your information is found on the dark web. Fill out your info on the secure landing page to get started.
Dark Web Form for FREE scan and report.
Romance phishing scams
We're hard-wired to react to the promises of love. Our sometimes irrational reaction to flirting and love is a chink in our armor that cybercriminal "love" to exploit. Our impaired ability to spot something fishy leaves us open to fraud, extortion, theft, or loss of personally identifiable information.
One of the most common scenarios is when the criminal connects with the victim on a social media or dating site and claims to be a service member (in the military) on an overseas deployment. The relationship escalates and at some point, the criminal feels the connection is strong enough to move the victim to the next stage. The "service member" will eventually claim to be in a travel, health, or legal situation for which they need the victim to send them money.
Beyond "small-dollar crime", these romance scams have been known to lead to widespread malware and virus infections. What the scammer does is lead the victim to a phishing landing page or sends a malicious email that then infects the victim. But on top of that, the newly infected device can spread the virus to other connected devices and networks - especially business networks. This now allows the cybercriminals to extort not only the victim but the victim's business or employer.
Tips to protect yourself from these romance scams
don't accept friend requests from people you don't know. Similarly on dating sites, regard matches or connections with healthy skepticism - I'm sure you already do but not for reasons of cybercrime!
Never click on links sent by dating app messengers or in their profile bios.
Never download attachments sent by dating app messengers or in their profile bios.
Keep your conversations within the app. Criminals will typically want to move the conversation away from the dating site since most dating apps have built-in controls to restrict links and attachments.
Cryptocurrency investment phishing
One common scenario is where cybercriminals will impersonate a representative from a name-brand crypto exchange by using a spoofed (fake) website and/or email. What makes these scams particularly effective is that it plays on the excitement and disappointment around crypto. It's an emotional topic because some people are making money and some are losing it and that is right where these cybercriminals want you! They want you to make a gut decision fast to limit losses and increase gains - who doesn't want to make more money?
The scam is to get you to enter credentials or give out sensitive info before you realize they are fake. Be extra guarded when it comes to messages, phone calls, and emails asking you to enter your info fast.
Never give an account password, login information, or any personally identifying information over the phone or email. Instead, use the secure login page for the website, app, or platform you are using.
Tips to protect against inside threats
There are intentional and unintentional insider threats to any business. Here are 5 tips that can help protect your business.
Watch out for disgruntled employees - this is where many threats come from.
Keep training. Many unintentional threats come from employees not being aware of cybercriminal tactics that are out there.
Review company policies and procedures. Make sure IT policies and procedures are up to date.
Keep tabs on third-party partners and vendors. The people working within these organizations could also cause an accident that impacts your business. Make sure you know your points-of-contact and who has or does not have access to certain areas or sensitive information.
Don't share access. Keep your access credentials private. Don't login for someone else if they forgot their username and password.
The information contained in this communication is intended for limited use for informational purposes only. It is not considered professional advice, and instead, is general information that may or may not apply to specific situations. Each case is unique and should be evaluated on its own by a professional qualified to provide advice specifically intended to protect your individual situation. Kosh is not liable for improper use of this information.