Category: Cyber-Security

Staying Safe Online – July 3, 2019

Using Social Networking Sites: Be Careful What You Share
By Lisa Lake, FTC Consumer Education Specialist
Online games and websites for kids are everywhere these days – to the point where it’s commonplace to see toddlers playing with them, too. And while the internet often offers a positive way for children to explore and learn, privacy concerns are lurking. To help protect children’s privacy, the FTC enforces the Children’s Online Privacy Protection Act (COPPA), which requires websites and online services to obtain consent from parents before collecting personal information from kids younger than 13.
According to the FTC, i-Dressup, a website allowing users to play dress-up games, and its owners violated COPPA by collecting personal information from kids including names, email addresses, and user names – without obtaining parental consent and failing to take reasonable steps to protect this information. This led to a breach of i-Dressup’s network in August 2016. As a result of the breach, a hacker accessed the personal information and account passwords of over two million i-Dressup users, including at least 245,000 children under 13.
So how can you protect your child online? Here are some tips:
• Talk to your kids about what they’re doing online. Find out which games, social networking sites, and other online activities your kids are into and make sure you are comfortable with them.
• Talk to your children about the implications of providing personal information.
• Help your kids understand what information should stay private. Tell your kids why it’s important to keep information like Social Security numbers, street addresses, phone numbers, and financial information private.
• Learn more about how to protect your child when he’s online.
• File a complaint with the FTC if you think a site has put your child’s privacy at risk.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust
 

Staying Safe Online – June 5, 2019

A few tips to keep your child safe online
By Lisa Lake, FTC Consumer Education Specialist
Online games and websites for kids are everywhere these days – to the point where it’s commonplace to see toddlers playing with them, too. And while the internet often offers a positive way for children to explore and learn, privacy concerns are lurking. To help protect children’s privacy, the FTC enforces the Children’s Online Privacy Protection Act (COPPA), which requires websites and online services to obtain consent from parents before collecting personal information from kids younger than 13.
According to the FTC, i-Dressup, a website allowing users to play dress-up games, and its owners violated COPPA by collecting personal information from kids including names, email addresses, and user names – without obtaining parental consent and failing to take reasonable steps to protect this information. This led to a breach of i-Dressup’s network in August 2016. As a result of the breach, a hacker accessed the personal information and account passwords of over two million i-Dressup users, including at least 245,000 children under 13.
So how can you protect your child online? Here are some tips:
• Talk to your kids about what they’re doing online. Find out which games, social networking sites, and other online activities your kids are into and make sure you are comfortable with them.
• Talk to your children about the implications of providing personal information.
• Help your kids understand what information should stay private. Tell your kids why it’s important to keep information like Social Security numbers, street addresses, phone numbers, and financial information private.
• Learn more about how to protect your child when he’s online.
• File a complaint with the FTC if you think a site has put your child’s privacy at risk.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust

Staying Safe Online – May 1, 2019

Making passwords simple
You are often told your passwords are key to protecting your accounts (which is true!), but rarely are you given a simple way to securely create and manage all your passwords. Below we cover three simple steps to simplify your passwords, lock down your accounts, and protect your future.
Passphrases – The days of crazy, complex passwords are over. Those passwords are hard to remember, difficult to type, and with today’s super-fast computers can be easy for a cyber attacker to crack. The key to passwords is to make them long; the more characters you have the better. These are called passphrases: a type of strong password that uses a short sentence or random words. Here are two examples:
Time for strong coffee!
lost-snail-crawl-beach
Both of these are strong, with over twenty characters, easy to remember, and simple to type but difficult to crack. You will run into websites or situations requiring you to add symbols, numbers, or uppercase letters to your password, which is fine. Remember though, it’s length that is most important.
Password Managers – You need a unique password for every account. If you reuse the same password for multiple accounts, you are putting yourself in great danger. All a cyber attacker needs to do is hack a website you use, steal all the passwords including yours, then use your password to log in to all your other accounts as you. It happens far more often than you realize. Don’t believe it? Check out the website www.haveibeenpwned.com to see what sites you use that have been hacked and your passwords potentially compromised. So what should you do? Use a password manager.
These are special computer programs that securely store all your passwords in an encrypted vault. You only need to remember one password: the one for your password manager. The password manager then automatically retrieves your passwords whenever you need them and logs you in to websites for you. They also have other features such as storing your answers to secret questions, warning you when you reuse passwords, a password generator that ensures you use strong passwords, and many other features. Most password managers also securely sync across almost any computer or device, so regardless of what system you are using you have easy, secure access to all your passwords.
Finally, be sure to write down the password to your password manager and store that in a secure location at home. Some password managers even let you print out a password manager recovery kit. That way, if you forget the password to your password manager you have a backup. Or, if you get sick or find yourself in an emergency, your spouse or trusted family member can retrieve the information on your behalf.
Two-Step Verification -Two-step verification (often called two-factor authentication or multi -factor authentication) adds an additional layer of security. It requires you to have two things when you log in to your accounts: your password and a numerical code which is generated by your smartphone or sent to your phone. This process ensures that even if a cyber attacker gets your password, they still can’t get into your accounts. Two-step verification is simple to set up and you usually only need to use it once when you log in from a new computer or device. Enable this whenever possible, especially for your most important accounts such as your bank or retirement accounts, or access to your email. If you are using a password manager, we highly recommend you protect it with a strong passphrase AND two-step verification.
It may sound silly, but these three simple steps go a long way in protecting your job, your reputation, and your financial future.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust

Staying Safe Online – April 3, 2019

Cyber criminals continue to come up with new and creative ways to fool people. A new type of scam is gaining popularity, personalized scams. Cyber criminals find or purchase information about millions of people, then use that information to personalize their attacks.
How Does it Work? Email or phone call scams are not new, cyber criminals have been attempting to fool people for years. Examples include the “You Won the Lottery” or the infamous Nigerian Prince scams. However, in these traditional scams cyber criminals do not know whom they are targeting. They simply create a generic message and send it out to millions of people. Because these scams are so generic, they are usually easy to spot. A personalized scam is different; the cyber criminals do research first and create a customized message for each intended victim. They do this by finding or purchasing a database of people’s names, passwords, phone numbers, or other details. This type of information is easily available due to all the websites that have been hacked. It is also commonly available on social media sites and in publicly available government records. The criminals then target everyone they have information on.
One common trick cyber criminals use is fear or extortion to force you into paying them money. The attack works like this; they find or purchase information on people’s logins and passwords obtained from hacked websites. They find your account information included in such a database and send you (and everyone else in the database) an email with some personal details about you, including the original password you used on the hacked website. The criminal refers to your password as “proof” of having hacked your own computer or device, which is of course not true. The criminal then claims that while they hacked your computer they also caught you viewing pornography online. The email then threatens that if you do not pay their extortion fee, they will share with your family and friends evidence of embarrassing online activities.
The catch is, in almost every situation like this the cyber criminal never hacked your system. They don’t even know who you are or which websites you’ve visited. The scammer is simply attempting to use the few personal details they have about you to scare you into believing they hacked your computer or device, and to trick you into paying them money. Remember, bad guys can use the same techniques for a phone call scam also.
What Should I Do? Recognize that emails or phone calls like these are a scam. It’s natural to feel scared when someone has personal information about you. However, remember the sender is lying. The attack is a part of an automated mass-scale campaign, not an attempt to directly target you. It is becoming much easier for cyber criminals today to find or purchase personal information, so expect more personalized scams like these in the future.
Some clues to look for:
• Whenever you receive a highly urgent email, message, or phone call be very suspicious. If someone is using emotions like fear or urgency, they are trying to rush you into making a mistake.
• When someone is demanding payment in Bitcoin, gift cards, or other untraceable methods.
• When you get a suspicious email, search on Google to see if other people have reported similar attacks.
Ultimately, common sense is your best defense. However, we also recommend you always use a unique, long password for each of your online accounts. Can’t remember all your passwords? Use a password manager. In addition, enable two-step verification whenever possible.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust

Staying Safe Online – March 13, 2019

Search yourself online
You most likely have heard how important it is to protect your privacy and the information you share online. To demonstrate this, we are going to try something new; we are going to show you how to research yourself and discover what information is publicly known about you. The process is called OSINT, a fancy way of saying Open Source Intelligence. This means researching public resources online to see how much information you can learn about a computer IP address, a company, or even a person like yourself. Keep in mind, cyber attackers are using these very same tools and techniques. The more attackers can learn about you, the better they can create a targeted attack. This concept has existed for years, but the latest online tools make it so much simpler to accomplish.
You will not find all the information on a single website. Instead you start with one website, learn some details, then use those details to search on and learn from other sites. Then you combine and compare results to create a profile or dossier of your subject. A good place to start is with search engines such as Google, Bing, or DuckDuckGo. Each of these have indexed different information about you, so start your search with more than one search engine. Start by typing your name in quotes, but after that expand your search based on what are called operators. Operators are special symbols or text you add to your search that better define what you are looking for. This is especially important if you have a common name; you may have to add more information such as your email address or the town you live in.
Examples include:
“FirstName LastName” > What information can I find online about this person
“Firstname Lastname@” > Find possible email addresses associated with this person
“Firstname lastname” filetype:doc >Any word documents that contain this person’s name
There are also sites dedicated to learning about people. Try one of these sites to see what is publicly known about you. Keep in mind these sites are not always accurate or may be country specific. You may have to search several sites to verify the information you find.
https://pipl.com
https://cubib.com
https://familytreenow.com
For an interactive list of all the different websites you can use to learn about yourself, we recommend the OSINT Framework at https://osintframework.com.
Learn what other people or organizations have collected, posted, or shared about you online (churches, schools, sports clubs, or other local community sites).
Understand that these same resources are available to anyone else, including cyber criminals who can use that information to target you. Be suspicious. For example, if you get an urgent phone call from someone claiming to be your bank, just because they know some basic information about you does not prove it is your bank. Instead, politely hang up, then call your bank back on a known, trusted number to confirm it is them. It is the same with email, just because an email has some known facts about you does not mean it is legitimate.
Consider what you share publicly and the impact that information could have on you, your family, or your employer.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust

Loading
X

Forgot Password?

Join Us