Category: Cyber-Security

Staying Safe Online – September 5, 2018

What are smart home devices?
Traditionally, only a few of your devices at home could connect to the Internet, such as your laptop, smartphone, or gaming console. However, today there are more and more devices connecting to the Internet, from your lightbulbs and speakers to your lV, door locks, and even your car. Soon, almost every device in your house could be connected to the Internet. These connected devices are often called the Internet of Things (IoT) or smart home devices. While these connected devices bring a great deal of convenience, they also bring unique dangers.
What’s the Problem? The more devices that are connected to your home’s network, the more that can go wrong. Hackers can program your devices to attack others, vendors can collect extensive information on your activities, or your devices could become infected and lock you out. Many of the companies making these devices have no experience with cyber security and see security as a cost. As a result, many of the devices you purchase have little or no security built into them. For example, some devices have default passwords that are well known or you cannot update or configure them.
How can I protect myself? So what can you do? We definitely want you to safely and securely leverage connected devices. These devices can provide wonderful features that make your life simpler. In addition, as the technology grows, you may have no choice but to use smart devices. Here are key steps you can take to protect yourself.
Connect Only What You Need: The simplest way to secure a device is to not connect it to the Internet. If you don’t need your device to be online, don’t connect it to your WI-Fl network. Do you really need your toaster sending notifications to your phone?
Know What You Have Connected: What devices do you have connected to your home network? Not sure or can’t remember? Turn off your wireless network and see what is no longer working. It may not catch everything, but you’ll be surprised at how many devices you forgot.
Keep Updated: Just like your computer and mobile devices, it’s critical to keep any and all of your devices up-to-date. If your device has the option to automatically update, enable that.
Passwords: Change the passwords on your devices to unique, strong passphrases only you know. You will most likely only have to enter them once. Can’t remember all your passphrases? Don’t worry, neither can we. Consider using a password manager to securely store them all.
Privacy Options: If your device allows you to configure privacy options, limit the amount of information it collects or shares. One option is to simply disable any information sharing capabilities.
Vendors: Buy your devices from a company that you know and trust. Look for products that support security, such as allowing you to enable automatic updating, change the default password and modify privacy settings.
Always listening: If a device can take your voice commands, it is constantly listening. For example, your Alexa and Google Home devices can record sensitive conversations. Consider that when you determine where to place the devices in your home and review the privacy options.
Guest Network: Consider putting your home devices on a separate “Guest” Wi-Fi network rather than the primary Wi-Fi network you use for your computers and mobile devices. This way, if any smart device is infected, your computers or mobile devices on your main network remain safe.
There is no reason to be afraid of new technologies, but do understand the risk they pose. By taking these few, simple steps you can help create a far more secure smart home.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust

Staying Safe Online – August 1, 2018

Phone call attacks and scams
When you think of cyber criminals, you probably think of an evil mastennind sitting behind a computer launching sophisticated attacks over the Internet. While many of today’s cyber criminals do use technologies like email or instant messaging, bad guys are also using the phone to trick their victims. There are two big advantages to using a phone. First, unlike email, there are fewer security technologies that monitor phone calls and can detect and stop an attack. Second, it is much easier for bad guys to convey emotion over the phone, which makes it more likely they can ttick their victims. Let’s learn how to spot and stop these attacks.
How do Phone Call Attacks Work?
First, you have to understand what these attackers are after. They usually want your money, infonnation, or access to your computer (or all three). They do this by tricking you into doing what they want. The bad guys call people around the world, creating situations that seem very urgent. They want to get you off-balance by scaring you so you won’t think clearly, and then
rush you into making a mistake. Some of the most common examples include:
The caller pretends that they are from a government tax department or a tax collection service and that you have unpaid taxes. They explain that if you don’t pay your taxes right away you will go to jail. They then pressure you to pay your taxes with your credit card over the phone.
This is a scam. Many tax departments, including the IRS, never call or email people. All official tax notifications are sent by regular mail.
The caller pretends they are Microsoft Tech Support and explain that your computer is infected. Once they convince you that you are infected, they pressure you into buying their software or giving them remote access to your computer. Microsoft will not call you at home.
You get an automated voicemail message that your bank account has been canceled, and that you have to call a number to reactivate it. When you call, you get an automated system that asks you to confitm your identity and asks you all sorts of private questions. This is really not your bank, they are simply recording all your information for identity fraud.
Protecting Yourself
The greatest defense you have against phone call attacks is yourself. Keep these things in mind:
Anytime anyone calls you and creates a tremendous sense of urgency, pressuring you to do something, be extremely suspicious. Even if the phone call seems OK at first, but then starts to feel strange, you can stop and say no at any time.
If you believe a phone call is an attack, simply hang up. If you want to confirm if the phone call was legitimate, go to the organization’s website (such as your bank) and get the customer support phone number and call them directly yourself. That way, you really know you are talking to the real organization.
Never trust Caller ID. Bad guys will often spoof the caller number so it looks like it is coming from a legitimate organization or has the same area code as your phone number.
Never allow a caller to take temporary control of your computer or trick you into downloading
software. This is how bad guys can infect your computer.
If a phone call is coming from someone you do not personally know, let the call go directly to voicemail. This way, you can review unknown calls on your own time. Even better, you can enable this by default on many phones with the “Do Not Disturb” feature.
Scams and attacks over the phone are on the rise. You are the best defense you have at detecting and stopping them.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust

Staying Safe Online – July 4, 2018

Stop that malware
You probably have heard of terms such as virus, Trojan, ransomware, or rootkit when people talk about cyber security. These are different types of malicious programs, called malware, that cyber criminals use to infect computers and devices. Once installed, they can do whatever they want. Learn what malware is, what danger it poses, and most importantly, what you can do to protect yourself from it.
Simply put, malware is software, a computer program, used to perform malicious actions. This term is a combination of the words malicious and software. Cyber criminals install malware on your computers or devices to gain control over them. Once installed, malware can enable criminals to spy on your online activities, steal your passwords or files, or use your system to attack others. Malware can even take control of your own files, demanding that you pay a ransom to get them back. Many people believe that malware is a problem only for Windows computers. Unfortunately, malware can infect any device, from Mac computers and smartphones to DVRs and security cameras. The more computers and devices cyber criminals infect, the more money they can make. Therefore, everyone is a target, including you.
How to Protect Yourself – You may think that all you have to do is install a security program like anti-virus software and you are safe from getting infected. Unfortunately, anti-virus cannot stop all malware. Cyber criminals are constantly developing new and more sophisticated malware that can evade detection. In turn, anti-virus vendors are constantly updating their products with new capabilities to detect malware. In many ways it has become an arms race, and the bad guys are usually one step ahead. Since you cannot rely on anti-virus alone, there are additional steps you should take to protect yourself.
Cyber criminals often infect computers or devices by exploiting vulnerabilities in your software. The more current your software is, the fewer vulnerabilities your systems have and the harder it is for cyber criminals to infect them. Make sure your operating systems, applications, browser and browser plugins, and devices are always updated and current. The easiest way to ensure this is to enable automatic updating whenever possible.
A common way cyber criminals infect computers or mobile devices is by creating fake computer programs or mobile apps, posting them on the Internet, and then tricking you into downloading and installing one. Only download and install programs or apps from trusted online stores. Also, stay away from mobile apps that are brand new, have few positive reviews, are rarely updated, or have been downloaded by a small number of people.
No longer using a computer program or mobile app? Delete it.
A Cyber criminals often trick people into installing malware for them. For instance, they might send you an email that looks legitimate and contains an attachment or a link. Perhaps the email appears to come from your bank or a friend. However, if you were to open the attached file or click on the link, you would activate malicious code that installs malware on your system. If a message creates a strong sense of urgency or seems too good to be true, it could be an attack. Be suspicious, common sense is often your best defense.
Regularly back up your system and files to Cloud-based services, or store your backups offline, such as on disconnected external drives. This protects your backups in case malware attempts to encrypt or erase them.
Backups are critical. They are often the only way you can recover from a malware infection.
Ultimately, the best way to defend against malware is to keep all your software and devices up-to-date, install trusted antivirus software when possible, and be alert for anyone attempting to trick you into infecting your own system. When all else fails, regular backups are often the only way you can recover.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust

Staying Safe Online – June 6, 2018

A Public Service Announcement courtesy of Cedar Valley Bank & Trust
Indicators of Elder Financial Exploitation
Older Americans hold a high concentration of wealth as compared to the general population. In the instances where elderly individuals experience declining cognitive or physical abilities, they may find themselves more reliant on specific individuals for their physical well-being, financial management, and social interaction. While anyone can be a victim of a financial crime such as identity theft, embezzlement, and fraudulent schemes, certain elderly individuals may be particularly vulnerable.
The following red flags could indicate the existence of elder financial exploitation. This list of red flags identifies only possible signs of illicit activity:
Erratic or unusual banking transactions or changes in banking patterns: Frequent large cash withdrawals, including daily maximum currency withdrawals from an ATM
Sudden non-sufficient fund activity
Uncharacteristic nonpayment for services, which may indicate a loss of funds or access to funds;
Debit transactions that are inconsistent for the elder;
Uncharacteristic attempts to wire large sums of money;
Closing of CDs or accounts without regard to penalties.
Interactions with customers or caregivers:
A caregiver or other individual shows excessive interest in the elder’s finances or assets, does not allow the elder to speak for himself, or is reluctant to leave the elder’s side during conversations;
The elder shows an unusual degree of fear or submissiveness toward a caregiver, or expresses fear of eviction or nursing home placement if money is not given to a caretaker;
The financial institution is unable to speak directly with the elder, despite repeated attempts to contact him or her;
A new caretaker, relative, or friend suddenly begins conducting financial transactions on behalf of the elder without proper documentation.
The elder moves away from existing relationships and toward new associations with other “friends” or strangers;
The elderly individual’s financial management changes suddenly, such as through a change of power of attorney to a different family member or a new individual;
The elderly customer lacks knowledge about his or her financial status, or shows a sudden reluctance to discuss financial matters.
The Facts of Elder Abuse
Elder abuse, the mistreatment or harming of an older person is an injustice that we all need to prevent and address. Here are some facts that everyone should know.

About 1 in 10 Americans age 60+ have experienced abuse.
Elder abouse is underreported
The New York State Elder Abuse Prevalence Study found that for every elder abuse case known to programs and agencies, 23.5 were unknown. ln the same study, they examined different types of abuse and found for each case of financial exploitation that reached authorities,44 cases went unreported, The national elder abuse incidence study estimated that only 1 in 14 cases of elder abuse ever comes to the attention of authorities.
Without accessible, quality health and public services, our population becomes more at risk for abuse as we age.
The impact of elder abuse is felt by people of all ages.
The costs of elder abuse are high for the affected individuals and society alike. Elder abuse reduces older people’s participation in the life of our communities. ltalso creates health care and legalcosts,which are often shouldered by public programs like Medicare and Medicaid, and reduces older people’s participation in the life of the community.
Elder abuse costs victims billions of dollar each year.
The annual financial loss by victims of elder financial exploitation was estimated to be $2,9 billion in 2009, a 12% increase from 2008.
Elder abuse is associated with increased rates of hospitalization in the community population.
Older adults who experienced abuse or neglect were twice as likely to be hospitalized than other older people.
~National Center om Elder Abuse

Staying Safe Online – April 4, 2018

Staying safe from tax scams
Though Benjamin Franklin is often quoted as saying “in this world, nothing can be said to be certain, except death and taxes,” an updated version for the current day would need to include tax scams. As people nationwide seek to file their tax returns, cybercriminals attempt to take advantage of this with a variety of scams. Hundreds of thousands of U.S. citizens are targeted by tax scams each year, often only learning of the crime after having their legitimate returns rejected by the Internal Revenue Service (IRS) because scammers have already fraudulently filed taxes in their name. The IRS reported a 400% rise in phishing scams from the 2015 to the 2016 tax season. In the state, local, tribal, and territorial government sector during 2017, approximately 30% of all reported data breach incidents were related to the theft of W-2 information, which was likely used for tax fraud.
How is Tax Fraud Perpetrated?
Unfortunately, much of your personal information can be gathered from multiple locations online with almost no verification that the right person is receiving the information. Criminals know this, so they use this trick to get your personal information from a variety of websites and use the information to file a fake tax refund request! If a criminal files a tax return in your name before you do, they will file it with false information to get a large refund, forcing you to go through the arduous process of proving that you did not file the return and subsequently correcting the return. Once they have your personal information, criminals can continue to commit identity theft well beyond the tax season.
Another favorite technique used by criminals during the tax season is sending phishing messages indicating that a new copy of your tax form(s) is available. These emails often impersonate state, local, tribal, and territorial government comptroller and/or IT departments. They might include a link to a phishing website that uses your organization’s logo and the email might even have the right signature line. If you fill out or attempt to login into the phishing website, the criminals will be able to see your login name and password, which they can then use to try and compromise your other accounts. The more information they gather from you, the easier it is for them to use the information to file a fake tax return in your name.
Tax fraudsters also impersonate the IRS and other tax officials to threaten taxpayers with penalties if they do not make an immediate payment. This contact may occur through websites, emails, or threatening calls and text messages that look official but are not. Sometimes, criminals request their victims pay the “penalties” via strange methods like gift cards or prepaid credit cards. It is important to remember:
The IRS will not initiate contact about payment with taxpayers by phone, email, text messages, or social media without sending an official letter in the mail first.
The IRS will not call to demand immediate payment over the phone using a specific payment method such as a debit/credit card, a prepaid card, a gift card, or a wire transfer.
The IRS will not threaten to immediately notify local police or other law-enforcement agencies to have you arrested for not paying .
The IRS will not demand that you pay taxes without giving you the opportunity to question or appeal the amount you owe.
What Can You Do?
Here are some basic tips to help you minimize the chances of becoming a victim of a tax scam:
If you haven’t already, file your taxes as soon as you can … before the scammers do it!
Be aware of phone calls, emails, and websites that try to get your information, or pressure you to make a payment. If something seems suspicious, contact the organization through a known method, like their publicly posted customer service line.
Ignore emails and texts asking for personal or tax information. Be cautious as to whom you provide your information, including your Social Security Number and date of birth.
Don’t click on unknown links or links from unsolicited messages. Type the verified, real organizational website into your web browser.
Don’t open attachments from unsolicited messages, as they may contain malware.
Only conduct financial business over trusted websites. Don’t use public, guest, free, or insecure Wi-Fi networks.
Remember, the “HTTPS” does not mean a site is legitimate.
Shred all unneeded or old documents containing confidential and financial information.
Check your credit report regularly for unauthorized activity. Consider putting a security freeze on your credit file with the major credit bureaus if you suspect you have been targeted for identity theft.
If you receive a tax-related phishing or suspicious email at work, report it according to your cybersecurity policy. The IRS encourages taxpayers to send suspicious emails related to tax fraud to its phish ing@irs.gov email account or to call the IRS at 800-908-4490. More information about tax scams is available on the IRS website and in the IRS Dirty Dozen list of tax scams.
If you suspect you have become a victim of tax fraud or identity theft, the Federal Trade Commission (FTC) Identity Theft website will provide a step-by-step recovery plan. It also allows you to report if someone has filed a tax return fraudulently in your name, if your information was exposed in a major data breach, and many other types of fraud.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust

Loading
X

Forgot Password?

Join Us

Password Reset
Please enter your e-mail address. You will receive a new password via e-mail.