Issue link:

Contents of this Issue


Page 3 of 3

SPRING 2019 SECURITY SMART 4 Security Smart is published by CSO, the leader in news, analysis and research on security and risk management. © 2019 IDG To purchase an individual subscription, email or for more information. Protect Your ID When Shopping Online Skipping the mall in favor of the internet has become the norm for many of us, but online shopping can be a gateway for identity theft if you aren't careful. When you feel the urge to browse and spend, keep in mind these tips from the Internet Crime Complaint Cen- ter (IC3), a partnership between the FBI and the National White Collar Crime Center: ■ Ensure websites are secure prior to sub- mitting your credit card number. Look for the padlock icon in the URL. ■ Make sure the business you're dealing with has a physical address, not just a P.O. box. ■ Never purchase anything advertised through an unsolicited email. Contact the business that purportedly sent it to verify if it's a real deal. ■ Log on to a vendor's official website in- stead of clicking on a link to it in an email. ■ Be cautious of any website or email message that asks you to provide P HISHING IS WHEN scammers attempt to gather people's per- sonal information. Gary Hayslip, chief information security officer at cybersecurity and threat intelligence services firm Webroot, has noticed that criminals' phishing campaigns are get- ting more sophisticated. "They are tar- geting specific groups where they know everybody in the group, or they are targeting specific people and the email is written towards them," he says. That makes the phishing attempts a lot more destructive if successful. Below are examples of five types of phishing tactics. Hayslip weighs in on why they are or are not effective, and what gives each one away as a scam. 1 Your account has been hacked. The person sending this message found a group email list that was publicly avail- able on a company website. Using that list to target the message was smart. Not so smart was the content of the message, with lines like "It's useless to change the password, my malware inter- cepts it every time." Professional cybercriminals don't talk that way, says Hayslip. "They are very professional about their tools and the way they discuss things." 2 Charity donation for you. "I've seen several versions of this. 'We're giving it away! Just contact us and we'll make sure you're on the list,'" says Hay- slip. Here, the scammer is counting on the greed (and gullibility) of the recipi- ent. The link, of course, will send the victim to a malware site. 3 You added a new email address to your PayPal account. This email tends to pop up from Novem- ber to January, when people are shop- ping for the holidays. It also appears in March and April during tax season. "The reason [this campaign works] is that people are doing online shopping, and if they're not thinking correctly, they think, 'That's right, I was shopping for my wife on Amazon last night and that one vendor wanted me to use PayPal. I want to check that," says Hayslip. If they took the time to look at the email, though, the signs that it is not actually from PayPal would be obvious. "I've got real alerts from PayPal, and they will not have links, but phone num- bers to contact them," says Hayslip. 4 Voicemail message saying Microsoft is investigating you. About 400 of a company's employees received this voicemail message. The number of recipients and the fact that it used a voice synthesizer were dead give- aways that the messages were fraudu- lent. "If Microsoft is coming after your company because of licensing issues, they aren't going to leave a voicemail like that," says Hayslip. "They'll have their lawyers show up." 5 Pay your Amazon seller account balance. Hayslip's coworker got an email about this, but he is not an Amazon seller, and it didn't look like a formal Amazon pay- ment communication. "I've seen what the Amazon seller process looks like, and it's a lot more than getting a small email saying 'hey, you owe us some money,'" says Hayslip. An actual Amazon message would be more formal and include its logo."Typically, they would not give you anything with links. Instead they tell you, 'Here are our dates and times when we're open. Here are our phone numbers. Here's where you can contact us.' Then you are supposed to contact them," says Hayslip. "These types of emails raise alarm bells, because they're not following the methodology the ven- dors typically use." 5 Phishing Tricks You Should Recognize personal information. ■ Never give your credit card number over the phone unless you are the one who made the call. ■ Monitor your credit statements monthly to see if there's been any fraudulent activity. ■ Report any unauthorized transactions to your bank or credit card company as soon as possible. ■ Review a copy of your credit report at least once a year. For more information on staying safe online here at BSU or at home, contact

Articles in this issue

Links on this page

Archives of this issue

view archives of BSU - Security_Smart_Spring2019_Bridgewater