Category: Cyber-Security

Staying Safe Online – May 1, 2019

Making passwords simple
You are often told your passwords are key to protecting your accounts (which is true!), but rarely are you given a simple way to securely create and manage all your passwords. Below we cover three simple steps to simplify your passwords, lock down your accounts, and protect your future.
Passphrases – The days of crazy, complex passwords are over. Those passwords are hard to remember, difficult to type, and with today’s super-fast computers can be easy for a cyber attacker to crack. The key to passwords is to make them long; the more characters you have the better. These are called passphrases: a type of strong password that uses a short sentence or random words. Here are two examples:
Time for strong coffee!
lost-snail-crawl-beach
Both of these are strong, with over twenty characters, easy to remember, and simple to type but difficult to crack. You will run into websites or situations requiring you to add symbols, numbers, or uppercase letters to your password, which is fine. Remember though, it’s length that is most important.
Password Managers – You need a unique password for every account. If you reuse the same password for multiple accounts, you are putting yourself in great danger. All a cyber attacker needs to do is hack a website you use, steal all the passwords including yours, then use your password to log in to all your other accounts as you. It happens far more often than you realize. Don’t believe it? Check out the website www.haveibeenpwned.com to see what sites you use that have been hacked and your passwords potentially compromised. So what should you do? Use a password manager.
These are special computer programs that securely store all your passwords in an encrypted vault. You only need to remember one password: the one for your password manager. The password manager then automatically retrieves your passwords whenever you need them and logs you in to websites for you. They also have other features such as storing your answers to secret questions, warning you when you reuse passwords, a password generator that ensures you use strong passwords, and many other features. Most password managers also securely sync across almost any computer or device, so regardless of what system you are using you have easy, secure access to all your passwords.
Finally, be sure to write down the password to your password manager and store that in a secure location at home. Some password managers even let you print out a password manager recovery kit. That way, if you forget the password to your password manager you have a backup. Or, if you get sick or find yourself in an emergency, your spouse or trusted family member can retrieve the information on your behalf.
Two-Step Verification -Two-step verification (often called two-factor authentication or multi -factor authentication) adds an additional layer of security. It requires you to have two things when you log in to your accounts: your password and a numerical code which is generated by your smartphone or sent to your phone. This process ensures that even if a cyber attacker gets your password, they still can’t get into your accounts. Two-step verification is simple to set up and you usually only need to use it once when you log in from a new computer or device. Enable this whenever possible, especially for your most important accounts such as your bank or retirement accounts, or access to your email. If you are using a password manager, we highly recommend you protect it with a strong passphrase AND two-step verification.
It may sound silly, but these three simple steps go a long way in protecting your job, your reputation, and your financial future.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust

Staying Safe Online – April 3, 2019

Cyber criminals continue to come up with new and creative ways to fool people. A new type of scam is gaining popularity, personalized scams. Cyber criminals find or purchase information about millions of people, then use that information to personalize their attacks.
How Does it Work? Email or phone call scams are not new, cyber criminals have been attempting to fool people for years. Examples include the “You Won the Lottery” or the infamous Nigerian Prince scams. However, in these traditional scams cyber criminals do not know whom they are targeting. They simply create a generic message and send it out to millions of people. Because these scams are so generic, they are usually easy to spot. A personalized scam is different; the cyber criminals do research first and create a customized message for each intended victim. They do this by finding or purchasing a database of people’s names, passwords, phone numbers, or other details. This type of information is easily available due to all the websites that have been hacked. It is also commonly available on social media sites and in publicly available government records. The criminals then target everyone they have information on.
One common trick cyber criminals use is fear or extortion to force you into paying them money. The attack works like this; they find or purchase information on people’s logins and passwords obtained from hacked websites. They find your account information included in such a database and send you (and everyone else in the database) an email with some personal details about you, including the original password you used on the hacked website. The criminal refers to your password as “proof” of having hacked your own computer or device, which is of course not true. The criminal then claims that while they hacked your computer they also caught you viewing pornography online. The email then threatens that if you do not pay their extortion fee, they will share with your family and friends evidence of embarrassing online activities.
The catch is, in almost every situation like this the cyber criminal never hacked your system. They don’t even know who you are or which websites you’ve visited. The scammer is simply attempting to use the few personal details they have about you to scare you into believing they hacked your computer or device, and to trick you into paying them money. Remember, bad guys can use the same techniques for a phone call scam also.
What Should I Do? Recognize that emails or phone calls like these are a scam. It’s natural to feel scared when someone has personal information about you. However, remember the sender is lying. The attack is a part of an automated mass-scale campaign, not an attempt to directly target you. It is becoming much easier for cyber criminals today to find or purchase personal information, so expect more personalized scams like these in the future.
Some clues to look for:
• Whenever you receive a highly urgent email, message, or phone call be very suspicious. If someone is using emotions like fear or urgency, they are trying to rush you into making a mistake.
• When someone is demanding payment in Bitcoin, gift cards, or other untraceable methods.
• When you get a suspicious email, search on Google to see if other people have reported similar attacks.
Ultimately, common sense is your best defense. However, we also recommend you always use a unique, long password for each of your online accounts. Can’t remember all your passwords? Use a password manager. In addition, enable two-step verification whenever possible.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust

Staying Safe Online – March 13, 2019

Search yourself online
You most likely have heard how important it is to protect your privacy and the information you share online. To demonstrate this, we are going to try something new; we are going to show you how to research yourself and discover what information is publicly known about you. The process is called OSINT, a fancy way of saying Open Source Intelligence. This means researching public resources online to see how much information you can learn about a computer IP address, a company, or even a person like yourself. Keep in mind, cyber attackers are using these very same tools and techniques. The more attackers can learn about you, the better they can create a targeted attack. This concept has existed for years, but the latest online tools make it so much simpler to accomplish.
You will not find all the information on a single website. Instead you start with one website, learn some details, then use those details to search on and learn from other sites. Then you combine and compare results to create a profile or dossier of your subject. A good place to start is with search engines such as Google, Bing, or DuckDuckGo. Each of these have indexed different information about you, so start your search with more than one search engine. Start by typing your name in quotes, but after that expand your search based on what are called operators. Operators are special symbols or text you add to your search that better define what you are looking for. This is especially important if you have a common name; you may have to add more information such as your email address or the town you live in.
Examples include:
“FirstName LastName” > What information can I find online about this person
“Firstname Lastname@” > Find possible email addresses associated with this person
“Firstname lastname” filetype:doc >Any word documents that contain this person’s name
There are also sites dedicated to learning about people. Try one of these sites to see what is publicly known about you. Keep in mind these sites are not always accurate or may be country specific. You may have to search several sites to verify the information you find.
https://pipl.com
https://cubib.com
https://familytreenow.com
For an interactive list of all the different websites you can use to learn about yourself, we recommend the OSINT Framework at https://osintframework.com.
Learn what other people or organizations have collected, posted, or shared about you online (churches, schools, sports clubs, or other local community sites).
Understand that these same resources are available to anyone else, including cyber criminals who can use that information to target you. Be suspicious. For example, if you get an urgent phone call from someone claiming to be your bank, just because they know some basic information about you does not prove it is your bank. Instead, politely hang up, then call your bank back on a known, trusted number to confirm it is them. It is the same with email, just because an email has some known facts about you does not mean it is legitimate.
Consider what you share publicly and the impact that information could have on you, your family, or your employer.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust

Staying Safe Online – February 13, 2019

Time to Take a Look at Your Money Habits
The New Year holiday creates a feeling of starting fresh and encourages us to set new goals. While diets come to mind, setting new financial goals should be on the top of our lists. As you reflect on the past year, focus on your experiences, build on what worked and what didn’t, to shape this year’s money habits. Here are some ideas to consider as you set your financial goals for the New Year.
New Year, New Savings AccountThink about what you want to save for the coming year and commit to opening a savings account to reach that goal, whether it’s creating an emergency fund or setting money aside for your kids’ future college tuition. There are many types of savings accounts available to save for both short term and long term goals.
Small Step: Decide on the type of savings account that will meet your goal and commit to depositing a set amount 011 a regular basis to get into the habit of saving. For example, if you open a basic savings account, deposit $25 every month and sign up for direct deposit or automatic withdrawals from your checking account to ensure that amount is saved. Once you’re comfortable with saving a small amount consistently, you can increase it.
For information about the various savings accounts available, visit: https://www.investor.gov/introduction-investing/basics/save-investhttps://www.irs.gov/newsroom/529-plans-questions-and-answers
Pay Down That Old Debt in the New YearConfronting your debt and thinking about how to pay it off can be scary and overwhelming. Use the New Year to face your fears. Make a list of your debts, noting the monthly payment, current balance, and interest rate, and make a plan to start paying down the debts.Many experts recommend focusing on either debts with the highest interest rates or debts with the lowest balances to pay off. While you will likely save more money paying off debts with the highest interest rates, it may be faster to pay off the smallest balances first, and seeing this progress may help keep you motivated.
Small Step: Whichever method you choose for paying down debt, start by adding a small amount to one of your current payments. For instance, if you are focusing on paying off a credit card with a minimum monthly payment of $100, add $25 to that amount to start (for a total monthly payment of $125). Once you are comfortable with that new amount, add more when you’re able and stay focused on the goal.
For more information about paying off debts, visit: https://www.consumer.gov/debt#!what-to-know
Get OrganizedKeeping your finances organized will help you control your money and achieve your financial goals. Some basic tasks to help you get organized include making a budget, tracking your spending, and putting a system in place to ensure you pay your bills on time every month. Be sure to monitor your credit card and bank statements for any unexpected fees or unusual activity too. The sooner you find mistakes or unauthorized transactions, the easier it is to correct those issues.
Small Step: Like dealing with debt, organizing your finances can be daunting, so start small by picking one organizational task and focus on that task for one month before adding another. For example, you might start by making sure your bills are paid on time by setting up automatic bill pay from your bank account, giving yourself one month to learn about it, set it up, and get comfortable using it. Next month, focus on creating a budget, which gives you several weeks to learn about budgeting and working on it.For more information on organizing your financial life, visit: https://www.consumer.gov/section/managing-your-moneyhttps://www.consumer.ftc.gov/articles/pdf-0054-focus-on-finances.pdf
Protect Your Money All Year, Every YearWith so many financial transactions occurring electronically, it’s important to proactively protect your personal information, including your credit card and bank account numbers. Use the New Year to take charge of protecting your money. Never provide your personal information in response to an unsolicited request, whether it is over the phone or over the Internet. Always track your bank and credit card statements and your credit reports for unusual activity.Catching abnormal transactions early will allow you to take steps to prevent more harm if your information has been stolen.Small Step: One important step to protect yourself from online scams and theft is to change your passwords regularly. If you have been using the same passwords for awhile, create new, difficult-to-guess passwords and change them often to keep your money safe.
For more help or information, go to www.fdic.gov or call the FDIC toll-free at 1-877-ASK-FDIC (1-877-275-3342).
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust

Staying Safe Online – January 2, 2019

A Public Service Announcement Courtesy of Cedar Valley Bank & Trust
In 2018, the Consumer Sentinel Network has seen a striking increase in the median dollar amount that people 70 and over are saying they lost to fraud. Digging into the data, we found some common stories with an unusual twist: people 70 and older report mailing huge amounts of cash to people who pretended to be their grandchildren.
People 70 and over rarely report to the FTC that they paid a scammer with cash. But for one particular type of fraud, family and friend imposters, fully 25% of people 70 and over who reported to the FTC how they paid money told us they sent cash.
We call these family and friend imposter scams, but you may know them as the “grandparent scam” and with good reason. People 70 and over report that the scammer posed as a grandchild, usually a grandson, about 70% of the time.
People from all age groups reported median individual losses of about $2,000 to family and friend imposters, far higher than the median loss of $462 reported for all fraud types. But the story is much worse to for people 70 and over who sent cash – they reported median individual losses of $9,000.
Like many scams, these start with a phone call using some common ploys. In about half of the reports of cash payments, people said the caller claimed to be in jail or other legal trouble. About a third of these reports mentioned a so-called car accident. In both cases, the callers play on people’s emotions and sense of loyalty; they may be told they’re the only person trusted enough to call for help, and they’re often told not to tell anyone.
These scammers are experts at impersonating people they’ve never even met. Car accident injuries, often broken noses or uncontrolled sobbing explain away a voice that might not sound quite right. Scammers use personal details from social media sites to make their stories more believable. Or they may simply wait for their target to use a name. “Steve, is that you?”- and take the cue.
According to reports, callers often give very specific instructions about how to send cash. Many people said they were told to divide the bills into envelopes and place them between the pages of a magazine. Then, according to reports, they were told to send them using various carriers, including UPS, FedEx, and the U.S. Postal Service.
What can you do about these scams? Talk about them. Many people have gotten these calls, so help others know what to do to spot and avoid the scam:• Don’t act right away, no matter how dramatic the story is.• Call that family member or friend, and make sure you use a phone number that you know is right. Or check it out with someone else in your circle, even if the caller told you to keep it a secret.• Be careful about what you post on social media. If your personal details are public, someone can use them to defraud you and people who care about you.
If you’ve mailed cash, report it right away to the Postal Service or whichever shipping company you used. Some people have been able to stop delivery by acting quickly and giving a tracking number. Also tell the FTC at FTC.gov/complaint.

Loading
X

Forgot Password?

Join Us