Category: Cyber-Security

Staying Safe Online – January 2, 2019

A Public Service Announcement Courtesy of Cedar Valley Bank & Trust
In 2018, the Consumer Sentinel Network has seen a striking increase in the median dollar amount that people 70 and over are saying they lost to fraud. Digging into the data, we found some common stories with an unusual twist: people 70 and older report mailing huge amounts of cash to people who pretended to be their grandchildren.
People 70 and over rarely report to the FTC that they paid a scammer with cash. But for one particular type of fraud, family and friend imposters, fully 25% of people 70 and over who reported to the FTC how they paid money told us they sent cash.
We call these family and friend imposter scams, but you may know them as the “grandparent scam” and with good reason. People 70 and over report that the scammer posed as a grandchild, usually a grandson, about 70% of the time.
People from all age groups reported median individual losses of about $2,000 to family and friend imposters, far higher than the median loss of $462 reported for all fraud types. But the story is much worse to for people 70 and over who sent cash – they reported median individual losses of $9,000.
Like many scams, these start with a phone call using some common ploys. In about half of the reports of cash payments, people said the caller claimed to be in jail or other legal trouble. About a third of these reports mentioned a so-called car accident. In both cases, the callers play on people’s emotions and sense of loyalty; they may be told they’re the only person trusted enough to call for help, and they’re often told not to tell anyone.
These scammers are experts at impersonating people they’ve never even met. Car accident injuries, often broken noses or uncontrolled sobbing explain away a voice that might not sound quite right. Scammers use personal details from social media sites to make their stories more believable. Or they may simply wait for their target to use a name. “Steve, is that you?”- and take the cue.
According to reports, callers often give very specific instructions about how to send cash. Many people said they were told to divide the bills into envelopes and place them between the pages of a magazine. Then, according to reports, they were told to send them using various carriers, including UPS, FedEx, and the U.S. Postal Service.
What can you do about these scams? Talk about them. Many people have gotten these calls, so help others know what to do to spot and avoid the scam:• Don’t act right away, no matter how dramatic the story is.• Call that family member or friend, and make sure you use a phone number that you know is right. Or check it out with someone else in your circle, even if the caller told you to keep it a secret.• Be careful about what you post on social media. If your personal details are public, someone can use them to defraud you and people who care about you.
If you’ve mailed cash, report it right away to the Postal Service or whichever shipping company you used. Some people have been able to stop delivery by acting quickly and giving a tracking number. Also tell the FTC at FTC.gov/complaint.

Staying Safe Online – December 5, 2018

By Dr. Johannes Ulrich
Just like driving a car, sooner or later you may have an accident no matter how secure you are. Below are clues to help figure out if you have been hacked and, if so, what to do. The sooner you identify something bad has happened, the more likely you can fix the problem.
Clues You Have Been Hacked
Your anti-virus program generates an alert that your system is infected. Make sure it is your anti-virus software generating the alert, and not a pop-up window from a website trying to fool you into calling a number or installing something else. Not sure? Open your anti-virus program.
You get a pop-up window saying your computer has been encrypted and you have to pay a ransom to get your files back.
Your browser is taking you to all sorts of websites that you did not want to go to.
Your computer or applications are constantly crashing or there are icons for unknown apps or strange windows popping up.
Your password no longer works even though you know it is correct.
Friends ask you why you are spamming them with emails that you know you never sent.
There are charges to your credit card or withdrawals from your bank account you never made.
How to Respond
If you suspect you have been hacked, the sooner you act the better. If the hack is work related, do not try to fix the problem yourself; instead, report it immediately. If it is a personal system or account that has been hacked, here are some steps you can take:
Change Your Passwords: This includes not only changing the passwords on your computers and mobile devices, but for your online accounts. Do not use the hacked computer to change your passwords; use a different system that you know is secure. If you have a lot of accounts, start with the most important ones first. Can’t keep track of all your passwords? Use a password manager.
Financial: For issues with your credit card or any financial accounts, call your bank or credit card company right away. Use a trusted phone number to call them, such as from the back of your bank card, your financial statements, or visit their website from a trusted computer. In addition, consider putting a credit freeze on your credit files.
Anti-virus: If your anti-virus software informs you of an infected file, follow the actions it recommends. Most anti-virus software will have links you can follow to learn more about the specific infection.
Reinstalling: If you are unable to fix an infected computer or you want to be surer your system is safe, reinstall the operating system. Do not reinstall from backups; instead, backups should only be used for recovering your personal files. If you feel uncomfortable rebuilding, consider using a professional service to help you. Or, if your computer or device is old, it may be easier to purchase a new one. Finally, once you have rebuilt your system or purchased a new one, make sure it is updated and enable automatic updating whenever possible.
Backups: A key step to protecting yourself is to prepare ahead of time with regular backups. Many solutions will automatically back up your files daily or hourly. Regardless of which solution you use, periodically check that you are able to restore those files. Quite often, recovering your data backups is the only way you can recover from being hacked.
Law Enforcement: If you feel in any way threatened, report the incident to local law enforcement. If you are the victim of identity theft and are based in the United States, then visit https://www.identitytheft.gov.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust

Staying Safe Online – November 7, 2018

Communicate with caution in the digital space
In today’s digitally driven world, it has never been easier to shop, apply for loans, transfer money or even set up doctor appointments. We transmit all sorts of financial and personal information across the internet – and this information needs to be protected as it zigzags across cyberspace. Most of us use the web browsers on our phone or computer to interact with the internet. The easiest way to make sure the website you are using is secure is to look for the padlock icon next to the address bar. This icon may differ slightly depending on your browser, but if you see a closed lock with no red flags or warning, then the site is secure.
The padlock indicates that the website is using SSL/TLS, which just means that it is encrypted. If you don’t see the padlock, that means the website is not secure, and you’re putting your data at risk by visiting it.
Email is another major communication tool many of us use every day. For the most part, we send email in clear text (i.e. , information is sent as-is, rendering it readable without a keyword of some sort), store it on a server and then send it when the recipient is next available. Some security features are available for many web mail clients, but none are guaranteed to be secure because there is nothing forcing the recipient to abide by the request to send or receive the information securely. To make a long story short, it is definitely not a good idea to send sensitive data through your Gmail (or any other) email account.
Text messaging and phone calls are usually protected by the communication network protocol and providers themselves. The prevalent cell network protocols- GSM (Global System for Mobile Communications) and COMA (Code-Division Multiple Access) -have been cracked in recent years, so you shouldn’t assume they’re secure.
The past couple of years have seen a surge in the use of third-party secure chat programs. Be wary of these apps because while many of them claim to be secure, some do not follow good practices. Do your research before using these apps for your sensitive communications.
How Can You Protect Yourself?
Check your web browser for a padlock icon next to the URL in the browser. Most modern browsers provide a padlock icon when there is a valid certificate and a website is using an encrypted protocol. Before you enter personal information – even a password to log in – look for the confirmation that encryption is in use. If you do not see the padlock on a site you’re visiting, or there are errors in the address bar where you would normally see the padlock, DO NOT enter any sensitive information into it.
DO NOT send or store sensitive information via email unless you know it is secure. If you need to send emails or files securely over the internet, you should use a secure encrypted file-sharing tool or an email service such as Sharefile or Zixmail.
Use an app, such as Signal for Android or Signal for iOS, for secure chat and phone calls.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust

Staying Safe Online – October 3, 2018

Tips for using public Wi-Fi networks
Wi-Fi hotspots in coffee shops, libraries, airports, hotels, universities, and other public places are convenient, but often they’re not secure. If you connect to a Wi-Fi network, and send information through websites or mobile apps, it might be accessed by someone else.
How Encryption Works – Encryption is the key to keeping your personal information secure online. Encryption scrambles the information you send over the internet into a code so it’s not accessible to others. When you’re using wireless networks, it’s best to send personal information only if it’s encrypted – either by an encrypted website or a secure Wi-Fi network. An encrypted website protects only the information you send to and from that site. A secure wireless network encrypts all the information you send using that network.
How to Tell If a Website is Encrypted – If you send email, share digital photos and videos, use social networks, or bank online, you’re sending personal information over the internet. The information you share is stored on a server- a powerful computer that collects and delivers content. Many websites, like banking sites, use encryption to protect your information as it travels from your computer to their server.
To determine if a website is encrypted, look for https at the start of the web address (the “s” is for secure). Some websites use encryption only on the sign-in page, but if any part of your session isn’t encrypted, your entire account could be vulnerable. Look for https on every page you visit, not just when you sign in.
What About Mobile Apps? – Unlike websites, mobile apps don’t have a visible indicator like https. Researchers have found that many mobile apps don’t encrypt information properly, so it’s a bad idea to use certain types of mobile apps on unsecured Wi-Fi. If you plan to use a mobile app to conduct sensitive transactions – like filing your taxes, shopping with a credit card, or accessing your bank account- use a secure wireless network or your phone’s data network (often referred to as 3G or 4G). If you must use an unsecured wireless network for transactions, use the company’s mobile website, where you can check for the https at the start of the web address, rather than the company’s mobile app.
Don’t Assume a Wi-Fi Hotspot is Secure – Most Wi-Fi hotspots don’t encrypt the information you send over the internet and aren’t secure. In fact, if a network doesn’t require a WPA or WPA2 password, it’s probably not secure. If you use an unsecured network to log in to an unencrypted site, or a site that uses encryption only on the sign-in page, other users on the network can see what you see and what you send. They could hijack your session and log in as you. New hacking tools – available for free online – make this easy, even for users with limited technical know-how. Your personal information, private documents, contacts, family photos, and even your login credentials could be up for grabs.
An imposter could use your account to impersonate you and scam people in your contact lists. In addition, a hacker could test your username and password to try to gain access to other websites- including sites that store your financial information.
Here’s how you can protect your information when using Wi-Fi:
When using a hotspot, log in or send personal information only to websites you know are fully encrypted. To be secure, your entire visit to each site should be encrypted from the time you log in to the site until you log out. If you think you’re logged in to an encrypted site but find yourself on an unencrypted page, log out right away.
Don’t stay permanently signed in to accounts. When you’ve finished using an account, log out.
Do not use the same password on different websites. It could give someone who gains access to one of your accounts access to many of your accounts.
Many web browsers alert users who try to visit fraudulent websites or download malicious programs. Pay attention to these warnings, and keep your browser and security software up-to-date.
Consider changing the settings on your mobile device so it doesn’t automatically connect to nearby Wi-Fi. That way, you have more control over when and how your device uses public Wi-Fi.
If you regularly access online accounts through Wi-Fi hotspots, use a virtual private network (VPN). VPNs encrypt traffic between your computer and the internet, even on unsecured networks. You can get a personal VPN account from a VPN service provider.
In addition, some organizations create VPNs to provide secure, remote access for their employees. What’s more, VPN options are available for mobile devices; they can encrypt information you send through mobile apps.
Some Wi-Fi networks use encryption: WEP and WPA are common; WPA2 is the strongest.
Installing browser add-ons or plug-ins can help. For example, Force-TLS and HTTPSEverywhere are free Firefox add-ons that force the browser to use encryption on popular websites that usually aren’t encrypted. They don’t protect you on all websites – look for https in the URL to know a site is secure.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust

Staying Safe Online – September 5, 2018

What are smart home devices?
Traditionally, only a few of your devices at home could connect to the Internet, such as your laptop, smartphone, or gaming console. However, today there are more and more devices connecting to the Internet, from your lightbulbs and speakers to your lV, door locks, and even your car. Soon, almost every device in your house could be connected to the Internet. These connected devices are often called the Internet of Things (IoT) or smart home devices. While these connected devices bring a great deal of convenience, they also bring unique dangers.
What’s the Problem? The more devices that are connected to your home’s network, the more that can go wrong. Hackers can program your devices to attack others, vendors can collect extensive information on your activities, or your devices could become infected and lock you out. Many of the companies making these devices have no experience with cyber security and see security as a cost. As a result, many of the devices you purchase have little or no security built into them. For example, some devices have default passwords that are well known or you cannot update or configure them.
How can I protect myself? So what can you do? We definitely want you to safely and securely leverage connected devices. These devices can provide wonderful features that make your life simpler. In addition, as the technology grows, you may have no choice but to use smart devices. Here are key steps you can take to protect yourself.
Connect Only What You Need: The simplest way to secure a device is to not connect it to the Internet. If you don’t need your device to be online, don’t connect it to your WI-Fl network. Do you really need your toaster sending notifications to your phone?
Know What You Have Connected: What devices do you have connected to your home network? Not sure or can’t remember? Turn off your wireless network and see what is no longer working. It may not catch everything, but you’ll be surprised at how many devices you forgot.
Keep Updated: Just like your computer and mobile devices, it’s critical to keep any and all of your devices up-to-date. If your device has the option to automatically update, enable that.
Passwords: Change the passwords on your devices to unique, strong passphrases only you know. You will most likely only have to enter them once. Can’t remember all your passphrases? Don’t worry, neither can we. Consider using a password manager to securely store them all.
Privacy Options: If your device allows you to configure privacy options, limit the amount of information it collects or shares. One option is to simply disable any information sharing capabilities.
Vendors: Buy your devices from a company that you know and trust. Look for products that support security, such as allowing you to enable automatic updating, change the default password and modify privacy settings.
Always listening: If a device can take your voice commands, it is constantly listening. For example, your Alexa and Google Home devices can record sensitive conversations. Consider that when you determine where to place the devices in your home and review the privacy options.
Guest Network: Consider putting your home devices on a separate “Guest” Wi-Fi network rather than the primary Wi-Fi network you use for your computers and mobile devices. This way, if any smart device is infected, your computers or mobile devices on your main network remain safe.
There is no reason to be afraid of new technologies, but do understand the risk they pose. By taking these few, simple steps you can help create a far more secure smart home.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust

Loading
X

Forgot Password?

Join Us