Tips for Spotting a Fraudulent Email
Personal Information Request
Provident will never ask you to respond to an email with any personal information. This includes your Social Security number (SSN) or your ATM or 24 Hour Access Plus Direct Talk Personal Identification Number (PIN) numbers
Threat of closing an account if information is not provided
This type of email informs you that your account will be closed if you fail to "authenticate" or verify your personal information. Provident will never ask you to confirm information in this manner.
Security or system emails.
This type of email indicates that the bank needs you to confirm important information. The email will ask you to update your information online. Provident will never ask you to confirm information in this manner.
An offer that sounds "too good to be true."
This email may ask that you complete a short survey in order to receive money credited to your account. It will ask for your account(s) and bank routing number(s) in order to complete the deposit to your account. Provident will never ask for your information in this manner.
Misspellings and/or grammatical errors.
Emails containing these issues are often an indicator of attempted fraud. Watch for typos, grammatical errors, awkward wording, and poor design.
Unusual URLs.
Many web pages and emails will display the destination URL of the link when you hover over the link with your cursor. (Please do not click the link) A URL formatted provident.suspicious.com will take you to a site that is not a part of the Provident web site even though Provident is contained within the URL.
Please, do not reply to any of these types of emails!
Tips for Secure Passwords
It is critical to use a highly secure password for all of your financial accounts. Never use passwords like your child's name, your pet's name, your Social Security number, your account or PIN number, or anything else that a person with the intention of performing fraud could easily discover. Passwords that are the most secure use combinations of letters, numbers, and special characters. Do not just use an address, phone number, birthdate, or worst of all, simple passwords such as 1111 or 1234. For additional security, please change your password on a regular basis and do not use the same password for multiple accounts.
If you feel you have given out any personal information in regard to your Provident account(s) (such as your account number, password, or PIN), or typed it into a website that may not be legitimate, please contact us immediately. We will take the necessary steps to help you secure your account.
Common Sense Tips
Don't give out financial information such as account numbers, credit card numbers, ATM PIN number, and especially your Social Security number over the phone unless you have initiated the call and know the person/organization you are transacting business with. Please do not give this information to a stranger even if they claim to be representing Provident.
Report lost or stolen checks, credit cards, or ATM cards immediately.
Don't preprint your driver's license, telephone, or Social Security numbers on your checks.
Please notify Provident of any suspicious telephone inquiries that might ask for account information.
Don't write your (PIN) on or with your ATM or credit cards.
Remember that protecting your financial information is often asking the question: How can I protect myself?
Online Banking Account Protection That Works 24/7... Just Like You Do
Provident Bank's Online Banking Identity Verification feature
What is the security feature?
In order to make your online banking experience as secure as possible we have introduced a security feature that watches for uncharacteristic or unusual behavior involving your internet banking access. If anything out of the ordinary is detected, we will ask you to verify your identity.
How does it work?
In the rare case we detect any unusual or uncharacteristic activity, we will ask you to answer security questions or if there are problems with answering the questions, allow us to phone you to make sure that it is really you trying to sign on. Most of the time you will not notice that the security feature is even there, but it will still be protecting you 24 hours a day and 7 days a week.
Do I need to sign up for the security system?
The security system is automatically available to all of our customers. Expect to be prompted at some point while banking online to enter additional information. This may include choosing some security questions that only you know the answers to as well as supplying phone numbers where you can be reached while banking online. Once this occurs, you have added a layer of protection to your Online Banking access and best of all, it's free!
Frequently Asked Questions for our Identity Verification Feature
What is this security system?
As our customer, we know how you typically behave. For example, when and from where you normally access internet banking. If we detect any activities that do not seem like your typical behavior, we will prompt you to further verify your identity. This process will ensure us it is you and not someone else trying to access your information. This will only happen on rare occasions. Normally you will not be asked for any additional information. For example, if someone tries to sign in with your user name and password from a computer in a foreign country shortly after you have logged off from your normal computer at home, we may decide to verify that it is really you trying to access your account.
How do I sign up for the security system?
There is no need to sign up. The security is there right from the start! Expect to be prompted at some point while banking online to enter additional information. This may include choosing several security questions that only you know the answers to, as well as supplying phone numbers where you can be reached while banking online. Once this occurs you have added a layer of protection to your internet banking access!
How much will it cost?
There is absolutely no cost associated with the new security system.
When will I be asked for more information?
You will only be prompted to enter additional information when a particular activity or transaction appears to be unusual or uncharacteristic of your typical behavior. You will also be prompted to enter your information when you are first prompted to set up your security information.
What additional information will I be asked?
If any unusual or uncharacteristic behavior is detected, you will be asked to answer several of the security questions you chose. You may also be asked to answer an automated phone call.
What is unusual or uncharacteristic behavior?
Uncharacteristic or unusual behavior is anything that appears out-of-the-ordinary compared to how you normally would bank online and where you normally bank online. If the action being requested does not appear to be something you would normally do, we will ask you for more information to make sure it is really you and not an unauthorized user.
Will I be asked for more information all the time now?
No, you will only be asked for more information when unusual or uncharacteristic behavior is detected. This will most likely be a very rare occurrence.
How are you able to detect unusual or uncharacteristic behavior?
The security system takes into account factors such as the computers you typically use to access your account, or the typical security settings for your computer. Hundreds of factors, such as these, create a profile that is unique to you that allows us to make decisions about whether the person conducting a given activity appears to be really you.
How do I know it is working?
You only need to complete the set-up process once; afterwards the new security system will work automatically. That means you are being protected every moment; when you are online and more importantly when you are not.
How will my phone numbers be used?
If any unusual or uncharacteristic behavior is detected, you may be asked to answer an automated phone call. Once you answer the phone call, you will be prompted to enter the code that will appear on your computer screen at that time in order to verify your identity. Your phone numbers will not be sold to a third party, nor will they be used to contact you about marketing offers and promotions.
How many phone numbers should I provide?
You must provide at least one phone number but are encouraged to provide up to three. In case we need to verify your identity, you may receive an automated phone call at one of the numbers you have provided. It is important to provide numbers where you can be reached when you are banking online. For instance, if you bank online at work you should provide your work or cell phone number so you can be reached there. This will ensure you can continue your online banking session without any inconvenience.
What if I need to change my phone number?
If you need to change your phone number, please contact customer service at (800) 442-5201 Monday through Friday 8AM to 6PM and on Saturday 9AM to 2PM. You may also be occasionally asked to verify that your information is up to date during your Online Banking session.
What if I cannot be contacted at any of the phone numbers listed?
If you cannot be contacted at any of the phone numbers listed, please contact customer service at (800) 442-5201 Monday through Friday 8AM to 6PM and on Saturday 9AM to 2PM.
Is my personal information still safe?
Yes. In fact, your personal information is safer than ever before because we are making sure it is really you and not an unauthorized user trying to access your information.
I have already set up my contact numbers, why am I being asked for them again?
Occasionally we may prompt you to make sure that the information we have on file is up to date.
How will this help prevent online fraud?
If your user name and password are stolen, the fraudster would have to be able to answer your security questions correctly or answer a call at one of the numbers you provided before being able to access your information. If the user is not able to provide this information or be reached on the phone, the activity would be blocked. This added layer of security helps us protect your information.
I check my account very often, wouldn't I know if something unusual showed up on my account?
It is great you check your account! It is always a good idea to regularly monitor your account for any unusual activities (like payments you didn't make). This security service helps prevent those incidences from ever occurring, so when you check your account everything is exactly how it should be.
I share my computer with someone who has their own account. Can both of us still log in from this machine?
Yes, you can both use the same computer to log on to your individual accounts. There is no limit on how many people can log on the website from the same computer.
I already have anti-virus and a personal firewall. Why do I need this?
We are glad to hear you use anti-virus and a personal firewall. Be sure that you keep both software programs up to date for the best possible protection against viruses, Trojans, and hackers. This new security feature protects against other types of threats such as a stolen user name and password. It works with your other personal security programs, but it does not replace them.
Is Your Computer Secure?
If the computer you are currently using is not protected, identity thieves and other fraudsters may be able to get access and steal your personal information.
If you are using safety measures and good practices to protect your home computer, you can protect your privacy and your family. Here are some tips Provident would like to suggest to help you lower your risk while you're online.
Suggestions from Provident Bank
Install and use a firewall
Definition: A firewall is a software program or piece of hardware that blocks hackers from entering and using your computer. Hackers search the Internet in a similar manner as telemarketers automatically dial random phone numbers. They send out a ping (call) to thousands of computers and wait for a response. Firewalls prevent your computer from responding to these unsolicited calls. A firewall blocks communications to and from sources you don't permit. This is especially important if you have a high-speed Internet connection, like DSL or cable. Some computer operating systems have built-in firewalls that may be shipped in the "off" mode. Ensure that your firewall is on. To always be effective, your firewall must be set up correctly and updated regularly. You can check your online "Help" feature for specific instructions.
Install and use anti-virus software
Anti-virus software helps to protect your computer from viruses that can destroy your data, slow down/ crash your computer, or allow spammers to send email from your account. Anti-virus protection scans your computer and your incoming email for viruses, and then removes them. Anti-virus software must be updated regularly to cope with the latest "bugs" (viruses) circulating on the Internet. Most anti-virus software includes a feature to download updates automatically while you are online. Always make sure that the software is continually running and checking your system for viruses, especially if you download files from the Web or are checking your email. Set your anti-virus software to check for viruses when you first turn on your computer. You should also set the anti-virus software to scan your complete system at least twice a month.
Install and use anti-spyware software
Spyware is software installed without your consent or knowledge that has the ability to monitor your online activities and collect your personal information while you are surfing the Web. Certain types of spyware, called keyloggers, record everything you type in - including your passwords, credit card numbers, and financial information. Signs that your computer may be infected with spyware include a sudden influx of pop-up ads, being taken to websites you don't want to go to, and slower performance.
Spyware protection is included in some anti-virus software products. Review your anti-virus software documentation for information on how to activate the spyware protection options. You also purchase separate anti-spyware software programs. Keep your anti-spyware software up to date and run it regularly.
To avoid spyware in the first place, download software only from sites you know and trust. Piggybacking spyware is often an unseen cost of many "free" programs. Do not click on links in pop-up windows or in spam email.
Update and maintain your system and browser to protect your privacy
Hackers are continually searching and trying to find flaws and holes in operating systems and browsers. In order to protect your computer and all of your information on it, set the security settings in your system and browser at medium or higher. Review the Tools or Options menus for how to do this. Install updates to your system and browser regularly. You should consider taking advantage of automatic updating if it is available. Windows Update is a service offered by Microsoft. It will automatically download and install software updates to the Microsoft Windows Operating System, Internet Explorer, Outlook Express, and will also deliver security updates to you. Software patching can also be run automatically for other systems, including the Macintosh Operating System.
Secure your home wireless network
If you have a wireless network in your home, make sure you take precautions to secure it against hacking. Encrypt your home wireless communications. Select a wireless router that has an encryption feature and turn it on. WPA encryption is considered stronger than WEP. Your computer, router, and other equipment must use the same encryption type. If your router enables identifier broadcasting, be sure to disable it. Note the SSID name so you can connect your computers to the network manually. Hackers know the pre-set passwords of this kind of equipment. Be sure to change the default identifier on your router and the default administrative password. You may want to turn off your wireless network when you are not using it.
Remember that public "hot spots" found in many stores, restaurants and hotels may not be secure. It's safest to avoid accessing or sending sensitive personal or financial information over a public wireless network.
Is your company taking the steps necessary to safeguard information?
Most companies keep sensitive information in their files, whether it's names, Social Security numbers (SSN), credit cards, or other account data that identifies customers or employees. Businesses often need this information to fill orders, meet payroll, or perform other business functions. But if the information falls into the wrong hands, it can lead to fraud or identity theft. The cost of a security breach can be measured in the loss of your customers' trust and perhaps even a lawsuit, which makes safeguarding personal information just plain good business.
A sound data security plan is built on five key principles:
Take stock. Know what personal information you have in your files and on your computers.
Inventory all file storage and electronic equipment. Where does your company store sensitive data?
Talk with your employees and outside service providers to determine who sends personal information to your business, and how it is sent.
Consider all the ways you collect personal information from customers, and what kind of information you collect.
Review where you keep the information you collect, and who has access to it.
Scale down. Keep only what you need for your business.
Use Social Security numbers only for required and lawful purposes. Don't use SSNs as employee identifiers or customer locators.
Keep customer credit card information only if you have a business need for it. Change the default settings on your software that reads customers' credit cards.
Don't keep information you don't need. Review the forms you use to gather data - like credit applications and fill-in-the blank web screens for potential customers - and revise them to eliminate requests for information you don-t need.
Truncate the account information on electronically printed credit and debit card receipts you give your customers. You may include no more than the last five digits of the credit card number, and you must delete the card's expiration date.
Develop a written records retention policy, especially if you must keep information for business reasons or to comply with the law.
Lock it. Protect the information that you keep.
Put documents and other materials containing personally identifiable information in a locked room or file cabinet.
Remind employees to put files away, log off their computers, and lock their file cabinets and office doors at the end of the day.
Implement appropriate access controls for your building.
Encrypt sensitive information if you must send it over public networks.
Regularly run up-to-date anti-virus and anti-spyware programs on individual computers.
Require employees to use strong passwords.
Caution employees against transmitting personal information via email.
Create a laptop security policy, for within your office and when your employees are traveling.
Use a firewall to protect your computers and your network.
Set "access controls" to allow only trusted employees with a legitimate business need to access the network.
Monitor incoming Internet traffic for signs of security breaches.
Check references and do background checks before hiring employees who will have access to sensitive data.
Create a procedure to make sure that workers who leave your organization or transfer to another part of the company no longer have access to sensitive information.
Educate employees about how to avoid phishing and phone pretexting scams.
Visit OnGuardOnline.gov for computer security tips, tutorials, and quizzes.
Pitch it. Properly dispose of what you no longer need.
Create and implement information disposal practices.
Dispose of paper records by shredding, burning, or pulverizing them.
Defeat dumpster divers by encouraging your staff to separate the stuff that's safe to trash from sensitive data that needs to be discarded with care.
Make shredders available throughout the workplace, including next to the photocopier.
Use wipe utility programs when disposing of old computers and portable storage devices.
Give business travelers and employees who work from home a list of procedures for disposing of sensitive documents, old computers, and portable devices.
Plan ahead. Create a plan for responding to security incidents.
Designate a response team led by a senior staff person.
Draft contingency plans for how your business will respond to different kinds of security incidents. Some threats may come out of left field; others - a lost laptop or a hack attack, to name just two - are unfortunate, but foreseeable.
Investigate security incidents immediately.
Create a list of who to notify - inside or outside your organization - in the event of a security breach.
Immediately disconnect a compromised computer from the Internet.
Identity Theft
Identity theft happens when a person uses your name, Social Security number (SSN), or some other personal, financial, or medical information without your permission to commit fraud and/or other crimes. Online threats like phishing, malware, or hacking may also lead to identity theft.
If your personal information is lost, stolen, or compromised, you can reduce the potential damage from identity theft.
View Our Identity Theft Flyer
Protect Your Identity
Do not give out personal or account information over the phone, by mail, emails or through the Internet unless you initiated the contact or you are sure you know who you are dealing with.
Never respond to unsolicited requests for your SSN, or requests to verify your financial information.
Secure your personal information in your home, especially if you have roommates, employ outside help or are having service work done in your home.
Guard your mail and trash from theft. Before discarding, shred all documents containing personal information. (Receipts, statements, etc.)
Check all credit card and bank statements monthly for accuracy.
Never open an email or click on the link provided in an email if you think it is fraudulent or is a request for personal information. Internet pages and email links may look like the official site. Call the institution or type in the site address you are familiar with instead of using the link provided in the email.
Obtain a copy of your credit report yearly and check it for accuracy. You can obtain a free copy of your credit report annually from the three major credit bureaus.
Report suspicious emails or calls to the Federal Trade Commission at:(877) IDTHEFT (438-4338)
If you Become a Victim
Put a Fraud Alert on Your Credit Reports
Contact one of the three nationwide credit reporting companies, so they can put a fraud alert on your credit report:
Equifax: (800) 525-6285 / Experian: (888) 397-3742 / TransUnion: (800) 680-7289
The one company you call is required to contact the others to place fraud alerts on your file.
A fraud alert may make it more difficult for an identity thief to open any accounts in your name. The alert is maintained on your credit report for at least 90 days. After you create an Identity Theft Report, you may request an extended alert on your file.
Review Your Credit Reports
After you place a fraud alert on your credit reports, you are entitled to one free copy of your credit report from each of the three credit reporting companies. Read and review the reports; verify that your name, address, SSN, accounts, and other information are correct.
If the report reflects accounts that you did not open or debts that are not yours, contact the credit reporting companies to report the fraud and have them corrected. You should also contact the security or fraud department of each company where an account was misused or opened without your consent. Ask the company to send you proof that the problem accounts have been corrected or closed.
Create an Identity Theft Report
An Identity Theft Report will help resolve issues with the credit reporting companies, debt collectors, and businesses that allowed the identity thief to open new accounts in your name. The Report can help you:
- Have fraudulent information permanently removed from your credit report
- Prevent a company from collecting debts that result from identity theft or selling the debts to other companies for collection
- Get an extended fraud alert placed on your credit report
Three steps are required to create an Identity Theft Report:
- File an identity theft complaint with the FTC. - Online: http://ftc.gov/idtheft / Phone: (877) 438-4338
- When you file your complaint with the FTC, obtain a copy of the FTC affidavit that shows the details of your complaint. The online complaint site describes how you can print your completed affidavit. If your complaint is filed by phone, ask the counselor how to get a copy of your affidavit.
- Take your completed FTC identity theft affidavit to your local police, or to the police where the theft occurred, and file a police report. Obtain a copy of the police report or the report number.
Your FTC identity theft affidavit plus your police report create an Identity Theft Report. Send a copy of the Identity Theft Report to each company where you report fraud. Request that they remove or correct fraudulent information on your accounts.
To learn more about how to protect your personal information and respond to identity theft go to https://identitytheft.gov
Privacy
Provident Bank values your trust and respects your expectation of privacy. As such, we are committed to maintaining the confidentiality of your personal financial information. This document outlines our privacy policy for visitors to our web site.
In addition to the protections you enjoy through our Online Privacy Policy, your online activities may also be covered by our Online Privacy Policy for consumers. This policy explains our collection, use, retention, and security of consumer information and applies to customers who obtain financial products and services primarily for personal, family, or household purposes.
At Provident Bank, protecting the privacy and security of your personal information is important to us. We collect, retain, and use information about you in order to administer our business and to provide quality products and services that may be of benefit to you. We consider safeguarding your financial information a fundamental part of our business philosophy.
Information We Collect
When you visit our website, we may collect the following information in order to service your accounts:
Information we receive from you on applications or other forms (such as your name, address, Social Security number, assets and income)
Information about your online transactions with us, as well as information about our online communications with you. Examples include your online bill payments and your activity on the website, such as collecting information on product information reviewed.
Visitors to Our Website
Visitors to our website remain anonymous, unless they register for a service or otherwise elect to disclose their identity to us. Although we do not collect personally identifying information about persons who simply visit our site, we do collect certain limited information about visitors, such as their IP address (a numeric address assigned automatically to computers when they access the Internet).
We also may place "cookies" on a computer to track a visitor's use of our website. A cookie is a piece of data that is stored on your hard drive. It takes up very little room on your system and helps us to customize our site and make its navigation easier for you. We sometimes use cookies to help estimate the number of visitors to our site and to determine which areas are the most popular. Unless you register with us for a service (such as our Online Banking service), the cookie does not provide us with any personally identifying information about you, such as your name or address.
Web Browser Settings and Control of Personally Identifiable Information Collection
You may have the ability to activate web browser tracking settings or other mechanisms that give you the option to control the collection of personally identifiable information about your online activities over time and across third-party websites or online services. Our response to these settings and mechanisms will depend on the setting and mechanism and the impact on our collection and tracking practices. At this time, our website only tracks your activities while on our website and, unless you register with us for a service, we do not collect any personally identifiable information about you. The tracking is facilitated using 'cookies' that we place on your computer. If you choose not to accept cookies or remove locally stored cookies, we will not track your activity on our website; however, some features and services on our website may not be available to you. For more information regarding cookies, refer to 'Visitors to Our Website' in this policy.
Third Parties
When you use our website or online service, third parties acting on our behalf may collect the personally identifiable information and website activity identified above. This may include the personally identifiable information collected when you register with us for a service. Depending on the third party websites you visit, as well as any preferences and authorizations you have provided to others, your activity on our website and across other websites, including personally information you provide, may be tracked and collected by third parties. Also, third parties may offer services on our website from time to time. If you access their websites or provide them with information, these third parties may track your activity across websites and collect your personally identifiable information, all subject to the third party's privacy and security practices.
For further details, refer to 'Links to Other Web Sites' and 'Services and Advertisements by Third Parties' in this policy.
Disclosure Of Non-Public Personal Information
We do not disclose non-public personal information about our customers to non-affiliated third parties, except as permitted by law. You do not have to take any action or instruct us to keep your information confidential. We will protect your privacy automatically. If you end your relationship with the Bank, we will continue to adhere to the information policies and practices described in this policy.
There are instances when information about you may be provided to others. For example, we are permitted by law to share information:
- Within the Bank in order to service your accounts or to market other products or services we may offer.
- With non-financial companies that perform services on our behalf, such as check printers, data processing companies, companies that prepare or mail account statements, or companies that perform marketing services on our behalf.
- With credit bureaus about loans we make, whether or not they are handled properly, and about deposit accounts that are not handled properly.
- In order to comply with a number of laws and regulations we are required to furnish various reports to federal, state, and/or local government officials regarding certain transactions or accounts.
- To comply with subpoenas and other legal processes that require us to provide information about your accounts or other business with the Bank.
- If we suspect that a crime involving you or your loan or deposit account may have been committed.
- With our regulatory agencies and agents of the Bank or its affiliated companies, such as our independent auditors, consultants or attorneys, all of who will be bound to protect the information as we do.
- With others that you, or any other person with signing authority over your account, have given us oral or written permission to do so.
Maintaining accurate Information
We have procedures in place that help us to maintain the accuracy of the personally identifiable information that we collect. Please contact us at the number or address set forth below if you believe that our information about you is incomplete, out-of-date, or incorrect. If you are an online banking customer, sign-on to Online Banking to review and correct information about yourself, such as a change in your address or email address.
Links to Other Web Sites
Our web site may feature links to third party web sites that offer goods, services or information. Some of these sites may appear as windows-within-windows at this site. When you click on one of these links, you will be leaving our site and will no longer be subject to this policy. We are not responsible for the information collection practices of the other web sites that you visit and urge you to review their privacy policies before you provide them with any personally identifiable information. Third party sites may collect and use information about you in a way that is different from this policy.
Services and Advertisements by Third Parties
Third parties may offer services from time to time at our web site. If you provide them with information, their use of that information will be subject to their privacy policy, if any, and will not be subject to this policy. If you accept third party goods or services advertised at our web site, the third party may be able to identify that you have a relationship with us (e.g., if the offer was only made through our site).
Minors
We feel strongly about protecting the privacy of children and teenagers. As such, we do not knowingly collect personally identifiable information from such individuals through our web site.
Changes to This Policy
We may add to, delete from, or otherwise change the terms of this Online Privacy Policy from time to time by posting a notice of the change (or an amended Online Privacy Policy) at this website. If required by law, we will send you a notice of the change. Your continued use of our web site or any on-line service following notification will constitute your agreement to the revised Policy.
Questions
If you have any questions or concerns about the integrity of your account information, or any other aspect of our business operations, please do not hesitate to telephone or come in to talk to our staff. You may also write to:
Provident Bank
Attention: Compliance Officer
3756 Central Ave.
Riverside, CA 92506
(800) 442-5201
We value your business and hope you will continue banking with us for many years to come.
At Provident Bank, protecting the privacy and security of your personal information is important to us. In order to proactively combat cybersecurity and decrease the likelihood of you, our customers, being compromised, we have implemented this CyberSecurity Tips Monthly Newsletter. It should help you grow to be security-conscious both at home and at work by providing helpful tips to consider in your everyday activities. A list of our current and previous issues of our newsletter have been provided below.
Disclaimer for links provided in this newsletter: If you click on a link within the following newsletters, you will be linking to another website not owned or operated by Provident Bank. Provident Bank is not responsible for the availability or content of this website and does not represent either the linked website or you should you enter into a transaction. We encourage you to review their privacy and security policies which may differ from Provident Bank.
Cyber Security Tips Monthly Newsletters
2021-11 Stress Less This Holiday Season With These 10 Shopping Tips
|
Nov 2021
Stress Less This Holiday Season With These 10 Shopping Tips
|
Monthly Security - Tips Newsletter
|
|
It is that time of year again, festivities, family gatherings and holiday shopping! Many consumers will avoid brick and mortar stores and choose to shop online instead. As such, it is important to remain vigilant and be aware of the cyber risks while online shopping. While legitimate businesses are after your money, so are cybercriminals. When it comes to holiday shopping, you should be wary of online criminals. The following 10 cybersecurity tips will make your online shopping experience less risky, not to mention keep you in the spirit of the season and safer from those on the “naughty list”.
1. Do Not use Public Wi-Fi for Shopping Activity
Public Wi-Fi networks can be very dangerous. While they may be convenient to use, they are not usually secure and can potentially grant hackers access to your personal information. Never log in to banking/financial sites or any site where the transaction involves sensitive personal data while logged into a public Wi-Fi network. If you do use public Wi-Fi networks, make sure that you are using a trusted network, that you do not allow it to connect automatically, and that you are completely logged out of it before logging into any site for transactions involving sensitive personal data. Please consider that it may be in your best interests to avoid public Wi-Fi networks altogether.
2. Make Sure eCommerce Shopping Sites are Legitimate and Secure
Shop at well-known retailers that you trust and where you have previously done business. Before entering your personal or financial information into an online commerce site, you must ensure that the site you are on is legitimate and can be trusted. Verify the site is the one you intended to visit by checking the URL. Also, look for the “lock” symbol in the URL bar and make sure “https” is in the beginning; indicating that encryption is used to protect your data.
3. Know What the Product Should Cost
Deal with legitimate vendors. The adage goes, “if it is too good to be true, then it probably is.” ‘Bait and switch’ or ‘teaser’ scams run rampant during the holiday season! Use a service like ResellerRatings.com; allowing users to review online companies and to share their experiences purchasing from those companies as part of your diligence in protecting your interests.
4. Do Not Use Debit Cards for Payment
When you are shopping online remember that it is best to use credit cards or payment services such as PayPal. Credit cards offer more consumer protections and less liability if your information were to be compromised. Alternatively, because debit cards are linked directly to a bank account, you are at a much greater risk if a criminal were to obtain this information. In a dispute regarding a purchase made with a debit card, you’ll be in a weaker position because the merchant will already have your money and it may take weeks to get it back. With a credit card you’ll have time to dispute a charge before any money is actually paid out.
5. Keep Systems Up-to-Date
Be sure to keep all of your internet accessible devices up-to-date. Most software updates improve security by patching vulnerabilities and preventing new exploitation attempts. This includes updates to your device operating system (OS), installed applications, and to your anti-virus software. This is one of the most important and easiest things you can do to help prevent criminals from exploiting vulnerabilities enabling them to access your information.
6. Think Before You Click
Scammers take advantage of the surge in holiday deals and communication to send out their own viruses and malware. Scams have significantly evolved in quality and can appear as legitimate discounts or reputable special offers. Be careful with messages regarding shipping confirmations and changes. Phishing scams include cleverly crafted messages that look like official shipping notifications. Always use official channels to stay updated. As always, NEVER open an email from someone you do not know, did not expect to receive, or from a site you have not visited.
7. Use Strong and Unique Passwords
Creating strong and unique passwords is still the best security practice for protecting your personal and financial information. Make sure your passwords are sufficiently long and complex utilizing a combination of upper- and lower-case letters, numbers, and special characters. Consider creating a cryptic passphrase that is longer than the typical password, but easy for you to remember and difficult to crack. MOST IMPORTANTLY, do not reuse passwords across multiple sites; especially between work and personal resources.
8. Avoid Saving Your Information While Shopping
Never save usernames, passwords or credit card information in your browser and periodically clear your offline content, cookies, and history. Avoid saving your payment information in your account profile when completing an online transaction. If the site autosaves your payment information, go in after the purchase and delete the stored payment details. Better yet, if the site has the option, check out as “guest” to avoid giving personal/payment information online.
9. Don’t Share More Than is Needed
Be alert to the kinds of information being collected to complete your transaction. If the site is requesting more data than you feel comfortable sharing then cancel the transaction and purchase elsewhere. You should only need to fill out required fields at checkout.
10. Monitor Your Financial Accounts
Even with good cyber hygiene and best practices, you may still find yourself a victim of a cyber scam. Pay close attention to bank and credit card accounts and be sure to monitor your credit report to ensure that there is nothing out of the ordinary.
For more information on holiday shopping safety, visit the following resources.
|
|
|
|
|
|
The information provided in the MS-ISAC Monthly Security Tips Newsletter is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.
Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.
|
2021-10 This October: Commit to Being Cyber-Aware
|
Oct 2021
This October: Commit to Being Cyber-Aware
|
Monthly Security - Tips Newsletter
|
|
In its most recent annual Cost of a Data Breach report, the Ponemon Institute reviewed more than 500 incidents around the world. The results were sobering: the average data breach costs an organization $4.24 million, and takes 287 days to identify and contain.
That’s why Cybersecurity Awareness Month – designated every October for the last 18 years – is an important reminder of just how critical cybersecurity awareness is at all levels of government and across every industry.
The best way to protect your organization and yourself is by being able to recognize potential cyber threats, understand their significance, and sharing that knowledge with others. The weakest link in many cybersecurity programs is people. They make mistakes, it’s bound to happen. But if you can raise your end users’ awareness about cybersecurity across all of the platforms and devices they use, it can drastically reduce the likelihood of a mistake happening. Even more important – when a mistake does happen and you have a strong cybersecurity posture, people recognize it and know how to respond.
This October, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA) are emphasizing the overarching theme of “Do your part. #BeCyberSmart.” Additionally, four weekly messages, have been established for Cybersecurity Awareness Month 2021.
Week 1: Be Cyber Smart
Knowing and sharing the cybersecurity basics is the foundation for any good awareness program. Knowledge is power, and that power should be shared. To be cyber smart you should assess your posture, implement a defense in depth strategy, ensure strong password and access management practices, patch regularly, and continually educate yourself and others in your organization.
Week 2: Fight the Phish!
Phishing is one of the most common ways that bad actors attack organizations, because it’s an easy and simple way to get in front of users. Fight back by implementing solutions that block phishing emails and educating users to identify those that would otherwise get through your defenses. Users who can quickly identify and report phishing emails can help tip the scales in your favor. The more people you have fighting phishing attacks, the stronger your organization’s cybersecurity posture will be. Learn more about how to prevent email compromise here.
Week 3: Explore. Experience. Share
The third week of October is Cybersecurity Career Awareness Week! The world of cybersecurity and the threat landscape is ever-changing, and that presents outstanding career opportunities for people who want to apply their skills and passion to this growing area. Week 3 is all about inspiring and promoting awareness and encouraging people to explore careers in cybersecurity by calling attention to the contributions they can make to our society and our economy in doing so.
The National Initiative for Cybersecurity Education (NICE) has put together some resources to help you learn more about career paths in cybersecurity.
Week 4: Cybersecurity First
Being online and connected is part of our everyday lives – from work, to shopping, to entertainment. So we also need to make sure cybersecurity is at the forefront of our minds every day. If you’re sharing information online, you should take a couple of seconds to validate that the receiver is a trusted source and is applying cyber best practices. Likewise, if you’re receiving information, you should make sure you’re doing everything possible to protect it from bad actors. Cybersecurity should be the first and last thing we consider when interacting with the digital environment.
These messages should be shared at all levels. We encourage you to take these Cybersecurity Awareness Month themes and develop short, but impactful weekly communications to everyone in your organization. Then post them on social media and other platforms to play your part in spreading the word. The more people we can encourage to be #BeCyberSmart, the more connected, informed, and protected our communities will be.
If you or your organization is interested in taking an active role in Cybersecurity Awareness Month, download CISA’s Cybersecurity Awareness Month 2021 Toolkit. It provides valuable messaging, articles, social media graphics, and other resources for promoting and modeling this important initiative. We at the MS-ISAC have developed social media templates that we encourage you to share to help promote the campaign and our goal to create an elevated level of cybersecurity posture across the United States.
|
|
|
|
|
|
The information provided in the MS-ISAC Monthly Security Tips Newsletter is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.
Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.
|
2021-09 Hack the Human: End-User Training and Tips to Combat Social Engineering
|
Sept 2021
Hack the Human: End-User Training and Tips to Combat Social Engineering
|
Monthly Security - Tips Newsletter
|
|
We like to think we can trust our co-workers to do the right thing. Unfortunately, this is not always the case. Some people become insider threats; that is, they use their authorized access to systems to harm their organization. For example, someone may sell information from a database to a third party.
There are three types of insider threats:
- Unintentional –This person does not intend to cause a threat, but they do so through carelessness. They may misplace their laptop or flash drive, fail to update software, or ignore instructions when setting up software or cloud storage. Their attention to detail may be poor and they can make mistakes that damage the organization, such as causing a breach by emailing data to the wrong person.
- Intentional –This person intends to harm their organization and is often called a “malicious insider.” They may be in it for financial gain, to get revenge for some perceived slight, or for some other motivation. They may leak information to third parties for money or political beliefs, steal information to advance a side business, or destroy data to sabotage the organization.
- Collusive or Third-party – Collusive threats occur when an insider collaborates with an outsider to compromise an organization. The outsider may recruit an insider to obtain information to commit fraud, intellectual property theft, espionage, or some other crime. Some insiders may be manipulated into becoming a threat and may not recognize that what they are doing is harmful. Third-party threats occur when the insider works for a contractor or vendor who has access to the organization’s network or facilities.
Some of the indicators of an intentional insider threat include:
- Life changes, such as financial, relationship, family, or work problems.
- Behavioral changes, such as signs of depression, anger, or possible drug or alcohol addiction. However, a colleague who seeks help is showing good judgment.
- Changes in work habits such as working through lunch, accessing or asking questions about information or systems not part of the scope of the colleague’s employment, or a disregard for security policies and practices.
Many unintentional insiders are:
- Poorly trained in cyber hygiene, either because the organization does not train staff or because they do not pay attention.
- Disorganized; loses laptops or flash drives.
- Unfamiliar with technology or thinks they know more than they do and do not follow instructions when installing new software or setting up cloud storage.
We all make mistakes, but many unintentional insiders simply do not pay attention to what they are doing. The lack of attention to detail puts their organization at risk for breaches and malware.
To reduce the likelihood of an insider threat, organizations should develop a comprehensive program that includes knowing the people within the organization, identifying the assets and prioritizing the risks, and establishing the proven operational approach of detect and identify – assess – manage. Organizations should take extra steps to vet third party service providers to ensure they can access only necessary systems and areas of the building.
The Cybersecurity and Infrastructure Security Agency (CISA) has more information about insider threat mitigation at https://www.cisa.gov/insider-threat-mitigation.
|
|
|
|
|
|
The information provided in the MS-ISAC Monthly Security Tips Newsletter is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.
Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.
|
2021-08 Cybersecurity for Families: Cyberbullying and Information Sharing
|
Aug 2021
Cybersecurity for Families: Cyberbullying & Information Sharing
|
Monthly Security - Tips Newsletter
|
|
As technology continues to evolve, the tools and toys available to your children increase in number and evolve in capabilities. Technology can be used to educate and inspire creativity in kids, but it also exposes them to a risky landscape most of us didn’t have to worry about during childhood. Adults can discuss with children how the digital world is a great resource, but we must remain cyber aware. We all should be responsible with the information we share, and the ways we explore.
Here are a few things we should all do to protect our kids and our home networks.
Keep Software Updated
Think of all the devices in your household that connect to the internet - phones, tablets, computers, gaming systems, smart appliances, even lightbulbs! One of the most important things you can do to keep your devices safe is to ensure your devices are up to date and using the latest software. When your devices notify you about a software update, install the update right away, or set them to automatically update. Those updates contain security patches that close loopholes that hackers can use to gain entry and access your data like your passwords, payment information, photos, and more.
Always make sure you know what apps are on your children’s devices, know what those apps do, and what type of information they monitor or collect. This can be done easily by checking the app settings and privacy disclosures.
If you have children prone to installing anything that looks new and flashy, consider requiring a PIN or password you only know before allowing installation of new applications.
Implement Domain Name System (DNS) Filtering
As we all know, surfing the web can be a risky business. While we can usually identify scams and malicious links, children may not catch on so quickly and see that the link their friend’s hacked account just sent them for a free game is a malicious website in disguise.
Implementing DNS filtering, which prevents devices on your network from connecting to known bad websites, is a free and easy way to help prevent everything from phishing and ransomware, to spyware and viruses. It is so useful, some of largest IT companies in the world have joined forces to provide it for DNS filtering can even be set up on your home router with very little effort, which will help protect anyone or device on your entire network. DNS filtering services can also be used to implement parental controls to deter kids to going to unwanted or inappropriate websites. You can additionally limit kids’ screen time and monitor their online surfing activity if you choose to do so. By doing this, you can create a family-friendly online space in your home while also protecting your identity and blocking cyber-villains.
Free DNS filtering options for families
- Quad 9: When your computer performs any Internet transaction that uses the DNS (and most transactions do), Quad9 blocks lookups of malicious hostnames from an up-to-the-minute list of threats.
- Cleanbrowsing: A free DNS system that focuses on privacy for households with children. It provides 3 free filter options and blocks most adult sites.
- OpenDNS: Owned by Cisco, OpenDNShas two free options: Family Shield and Home. These are incredibly useful for monitoring and preventing adult site access as well as general internet safety and performance.
Talk to Your Kids
Finally, make sure you talk to your kids about cybersecurity. Just like other issues that have the potential to harm our children, keeping an open line of communication regarding cybersecurity is vital to keeping them safe.
Outside of adjusting privacy settings and parental controls on devices your kids use, make sure they learn how to spot unusual behavior and encourage them to tell you about it. Teach your kids about proper online etiquette and encourage appropriate interactions.
Supervise their screen time and make sure you are in the know about who they talk to and interact with online. Talk to them about the importance of keeping some information private – such as your name, home address, and phone number.
Check their apps and devices frequently to make sure your kids haven’t turned on location sharing or made their social media accounts public to anyone and everyone. As they get older, remind them that once information is online it can’t be taken back – it’s online forever.
Cybersecurity was not something past generations of parents had to worry about when raising their children but is a big part of all our lives now. And even though we may not like all that comes with these technologies, they’re here to stay and it is imperative that we teach our children how to responsibly and safely use them. Let’s give our children the foundation they need to be able to safely and securely engage in today’s connected world.
|
|
|
|
|
|
The information provided in the MS-ISAC Monthly Security Tips Newsletter is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.
Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.
|
2021-07 2021 Cyber Hot Topics - Ransomware
|
July 2021
2021 Cyber Hot Topics – Ransomware
|
Monthly Security - Tips Newsletter
|
|
In response to the pandemic, many end-users are now working from home instead of commuting to their business locations. Homes are being used as business offices, and computers and networks are being shared by family members. Families are taking classes, doing homework, and surfing the web in addition to performing business functions.
The data created may be stored locally or in the cloud. Backups may not happen until the device is returned to the office or the end-user manually backs it up. This new environment is ripe for cyber-attacks.
The Perils of Ransomware
Ransomware is one of those cyber-attacks that are on the rise. Ransomware is a type of malware that is normally delivered through a phishing message. The phishing message entices the reader to click on a link or open an attachment. When the recipient falls for the phish, the process of infecting the device is started. It initiates a connection back to the attacker’s device to receive instructions for encrypting the device.
Once the encryption is completed, the user is locked out of their data and the device. At this point, a ransomware note is displayed and a ransom is demanded in cryptocurrency (i.e. Bitcoin) to regain access to their data and their system.
Protect Your Family, Data, and Devices
So, what does this mean to you? How can you protect your family, data and devices from these cyber attackers? Here are some best practices for cyber hygiene that can help protect you from becoming a victim of ransomware:
- Don’t open any emails from someone you don’t know or that you aren’t expecting to receive.
- Don’t click on links in messages.
- Avoid opening attachments in messages. Download the attachments and scan them for malware before opening.
- If it sounds too good to be true, it probably is. Don’t give away any personal information that could allow an attacker to compromise your devices or steal your identity.
- Install anti-virus/anti-malware software on your device and keep it up to date.
- Apply patches to all applications and the operating system as they become available.
- Don’t browse suspicious sites. Cybercriminals count on users mistyping the name of a legitimate site. These sites are made to look like the legitimate site but are used to deliver malware to the device.
- Don’t respond to pop-up windows instructing you to call a number for support. Attackers use this method to steal your personal and credit card information. Once you allow them to remotely access your device, they will install additional malware on your device instead of removing it.
What to Do if You Get Infected with Ransomware
- Don’t respond to a ransom note on the screen. Paying the ransom does not guarantee that you will gain access to your data and/or your system. The attackers will normally request payment in a form of cryptocurrency, like Bitcoin, that can’t be traced. Once the ransom is paid, your money is gone.
- Seek professional assistance. Contact your employer’s IT security department and/or law enforcement to allow them to trace the source of the infection.
- Using a separate non-infected device, change passwords on all accounts that were accessed from that device.
- If you provided the attacker with personal and/or credit card information, put a fraud alert on your account at the three major credit reporting bureaus (Experian, TransUnion, and Equifax). This should prevent the cybercriminal from using your information to open new accounts in your name. If credit card information was provided, contact your credit card company to report it to their fraud department. They will normally issue you a new credit card number and shut down the old account to prevent it from being used fraudulently.
|
|
|
|
|
|
The information provided in the MS-ISAC Monthly Security Tips Newsletter is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.
Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.
|
2021-06 How to Protect Seniors Against Cybercrimes and Scams
|
June 2021
How to Protect Seniors Against Cybercrimes and Scams
|
Monthly Security - Tips Newsletter
|
|
Many of the crimes that occur in real life happen on the internet too. Credit card fraud, identity theft, embezzlement, and more, all can be and are being done online.
Seniors and the elderly are often targeted for these cybercrimes. They tend to be more trusting than younger people and usually have better credit, and more wealth. This makes them more attractive to scammers.
Seniors are considered easy targets by criminals because they might not know how to report cybercrimes against them. In some cases, seniors can experience shame and guilt over the scam. They may also fear that their families will lose trust in their ability to continue to manage their own finances.
Cybercrimes Targeting Seniors
Here are some common cyber scams used against senior citizens and how to avoid them:
- Tech support scam: Criminals pose as technology support representatives and offer to fix non-existent computer issues. The scammers can gain remote access to victims’ devices and their stored sensitive information.
- Government impersonation scam: Criminals pose as government employees and threaten to arrest or prosecute victims unless they agree to provide payments.
- Financial scam: Criminals target potential victims using illegitimate credentials from legitimate services, such as reverse mortgages or credit repair.
- Romance scam: Criminals pose as interested romantic partners on social media or dating websites, particularly targeting women and those who are recently widowed.
A new twist is to use the romance scam to recruit victims for other illegal activity. This could include using the victim’s bank account to launder illegally obtained money or apply for benefits in another person’s name. Institutions may become suspicious, especially if these transactions are out of character. They may close the victim's account, or even refer the account for prosecution, putting the senior citizen at risk for legal action.
Tips to Protect Seniors Against Cybercrimes
Here are some tips on how to protect yourself or someone you love from cybercrimes:
- If you use social media, limit the amount of personal information you post and only add people that you know.
- Resist the scammer’s urge for you to act quickly. Scammers are very skilled at manipulating emotions and will fabricate an emergency to persuade a victim to act without thinking.
- Search for information about the proposed offer and any contact information given by the scammer. There are people and agencies online or in your community who can tell you if an individual or business is a scam. Never be afraid to ask other people for help.
- Never send money or personally identifiable information to unverified people or businesses. Be suspicious about anyone who demands gift cards as payment.
- Use reputable antivirus software and firewalls and make sure you regularly update them. If possible, configure your device to automatically download and install updates.
- Disconnect from the internet and shut down your device if you see unusual pop-ups or get a locked screen. Pop-ups are often used by criminals to spread malicious software.
- Be cautious what you download. Never open email attachments from someone you don’t know.
What to Do if You're Targeted by a Scammer
If you think you are being targeted by a scammer:
- Never share financial account information, and do not allow anyone access to your accounts.
- Monitor your accounts and credit for unusual activity, such as large sums of money that you did not deposit or loans that you did not apply for.
- Contact your local law enforcement agency to file a report and notify your financial institutions.
Sources:
|
|
|
|
|
|
The information provided in the MS-ISAC Monthly Security Tips Newsletter is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.
Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.
|
2021-05 Compromised Email Account? Here Is What To Do
|
May 2021
Compromised Email Account? Here’s What To Do
|
Monthly Security - Tips Newsletter
|
|
An email account can be compromised in a number of different ways. In some cases, your password may be weak and easily guessed or obtained through a public breach. In other cases, you may have clicked on a malicious link in an email, social networking site, or webpage. Or, you may have downloaded an app or file that contained malicious scripts.
In this edition of the security newsletter, we’ll look at potential warning signs that your email account may have been compromised, what you can do to recover, and steps you can take to help prevent it from happening again.
How to Tell if Your Email Account is Compromised
Here are some red flags that may indicate your account has been compromised:
- You are unable to access your e-mail account. If an attacker gained access to your email address and password, they may have logged in and changed the password to lock you out of the account.
- Your family, friends, and coworkers receive emails from you that you didn’t write. Once your email account is compromised, the attacker can use your email address to send spam or phishing emails to the contacts in your address book.
- You see activity on your social media accounts that you didn’t post. Some social media sites use single sign-on (SSO) with credentials from other accounts (e.g. Google, Yahoo) so you can login to social media without having to create a separate username and password. If your email account is linked to your social media accounts or if you use the same username and password for all your accounts, the attacker can gain access to everything with a single username and password.
- You notice your Sent messages folder is empty or includes messages that you did not send.
What to Do if Your Email Account is Compromised
Here are some steps you can take if your account has been compromised. If you think your account has been compromised but you are not sure, it is better to err on the side of caution and follow these steps:
- Login to your email account and reset your password using a strong password.
a. Use long passphrases to make passwords easier to remember and more secure.
b. Do not use information about yourself, the city where you were born, your age, or the names of relatives, friends, or pets.
c. Do not use common words such as the name of favorite sports team.
d. If you are unable to login, contact your email provider to find out how you can regain access.
- End / sign out of all sessions on all devices. Even after you change your password, if the attacker has an active session, they may be able to continue to send emails from your account.
- Reset any additional accounts that the attacker may have gained access to. These may include financial institutions, shopping sites, and social media sites. There may be references to these accounts in your email. Remember to use unique passwords for each and every account. If not, if one account gets compromised, they all become compromised.
- Enable Multi-Factor Authentication (MFA) on your e-mail account. This provides an additional layer of protection to login to your email account. It requires a code from a text message, phone call, or authenticator app to further verify access. Visit STOP.THINK.CONNECT to learn how to activate MFA.
- Review and change your security questions. If your email account was compromised from a device or location not matching your normal usage, it’s possible a malicious individual was able to answer your security questions.
- Review your mailbox for any rules that you have not previously created. These rules can include message forwarding, deletion, or running unwanted applications.
- Review outgoing messages and retract any malicious outgoing messages. In most cases, the attacker will not leave traces of any outgoing messages, but this should still be checked.
- Contact the people in your email address book and let them know that your email was compromised. Remind them to delete any emails from you during the time your account was compromised to prevent them from becoming the next victim.
- Verify if there is private or personally identifiable information in your e-mail that could be used maliciously.
- Establish a routine where you change your password periodically. Consider changing your password on at least an annual basis (unless a breach requires it sooner).
- Scan your computer for viruses and malware. This is especially important if you are experiencing problematic signs like unfamiliar applications loaded on your device, your computer operating slowly, or problems shutting down.
What Can I Do to Prevent an Email Account Compromise?
Good security best practices and safe browsing habits can help prevent your email account from being compromised in the future:
- Make sure your devices are patched with the latest updates, including antivirus.
- Set your security software, internet browser, and operating system to update automatically. Or, establish a routine to do this manually on a frequent basis.
- Use unique strong passwords for account access.
- Be wary of unexpected emails, especially when they contain links and/or attachments.
- Verify the sender’s address. If you don’t recognize the address, don’t reply.
- If an email request from a known contact seems out of place, verify the request by calling the sender on the phone.
- Think twice before clicking a link. Always hover before clicking to see the address of the web site you are attempting to visit.
- Never click text links like “Click Here” or “Unsubscribe,” or any other links in suspect emails.
- Never input a password or your email address on an unknown site, and never provide your passwords to anyone.
- Be vigilant when reviewing emails, as you may receive an email from a legitimate contact who has been compromised.
- Don’t access your email account on a public computer or from a device using public Wi-Fi.
Additional Information
|
|
|
|
|
|
The information provided in the MS-ISAC Monthly Security Tips Newsletter is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.
Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.
|
2021-04 Don't Be Frivolous With Your Stimulus
|
April 2021
Don’t Be Frivolous With Your Stimulus
|
Monthly Security - Tips Newsletter
|
|
It seems like it’s been much longer than one year ago since we last did our taxes, but somehow, it’s here again; Tax season. Let’s start out by acknowledging that this past year, fiscally, is fundamentally different from other tax years before it. The introduction of Stimulus payments from the government in the past year has added a new dimension to our taxes, and a potential increase of vulnerability to hackers and cyber criminals alike.
This is a period of time where extra vigilance and caution is needed while online and conducting business, especially avoiding any kind of online activity that could jeopardize your identity and finances. There are some important best practices and red flags to keep in mind while navigating through this season, and hopefully you’ll feel a little bit more secure with the knowledge that you haven’t fallen victim to a cyber scheme!
Scams to look out for
- An email, link, or phone call requesting personal and/or financial information, such as your name, social security number, bank or credit card account numbers, or any security-related information.
- Receipt of a notice that states your IRS account has been accessed or disabled when you haven’t accessed the account.
- Emails advertising bigger tax refunds, or that have incorrect spelling, grammar, or odd phrasing throughout.
- Emails that tell a story and entice you to open a link or attachment. Sometimes they will say they’ve noticed suspicious activity, claim there is a problem with your account, or want you to click on a link to make a payment. These links often contain malware that is used to infect your computer and retrieve your personal information.
Stimulus-specific scams
- Scammers have been mailing out fraudulent checks that appear to be sent from the government, and will request that money be sent back due to an “over-payment.” Always call your bank to verify a check is legitimate, and if you receive a request to return a portion of a check, report this immediately to your bank.
- Robo-call check scams are commonly reported. The caller will be asking for personal and/or financial information and try to convince you that this information is necessary in order for the check to be deposited. In reality, the government already has your information on file from when you completed your taxes. You will either get your stimulus check and tax refund in the mail or they will be directly deposited to your account.
- Carefully Select the Sites You Visit: Do not visit a site that doesn’t end in “.gov”. No non-governmental website is distributing stimulus checks.
How to avoid being a victim
- Never Send Sensitive Information in an Email: If there is any doubt that communication is coming from a suspicious source, don’t reply to any email requesting personal information.
- Keep Up your Cyber Hygiene: Keep up to date with recent data breaches. Ensure your computer has the latest security updates installed. Check that your anti-virus and anti-spyware software are running properly and receiving automatic updates from the vendor. If you haven't already done so, install and enable a firewall. Change your passwords frequently.
- Carefully Select the Sites You Visit: Do not click on links sent to you via email from a site claiming to give tax preparation advice or tax forms as there are many fake forms on scam sites that look authentic.
- Never Use Public Wi-Fi to File Your Taxes!
- Only Use a Bona-fide Preparer: If you choose to use a preparer to do your taxes, make sure they can provide their Tax Preparer Identification Number – you can use this number to look them up on the IRS website to confirm they are legitimate, as only professionals can hold this identification.
- Be Aware of IRS Typical Practices: The IRS will not contact you via email, text messaging, or your social network, nor does it advertise on websites. Starting in 2021, the IRS has created IP PINS available for all taxpayers. These PINS provide the IRS additional verification and security at the time of filing. You can log on to get an IP PIN tool offered by the IRS at https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin/.
- If you receive a tax-related phishing or suspicious email at work, report it according to your organization’s cybersecurity policy. If you receive a similar email on your personal account, the IRS encourages you to forward the original suspicious email (with headers or as an attachment) to its phishing@irs.gov email account, or to call the IRS at (800) 908-4490. More information about tax scams is available on the IRS website and in the IRS Dirty Dozen list.
For more information
|
|
|
|
|
|
The information provided in the MS-ISAC Monthly Security Tips Newsletter is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.
Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.
|
2021-03 2021 Cybersecurity Spring Cleaning Checklist
|
March 2021
2021 Cybersecurity Spring Cleaning Checklist
|
Monthly Security - Tips Newsletter
|
|
Spring is not just a good time for cleaning your house or apartment, it’s also a good time to clean up your technology and cyber footprint.
Throughout the year, especially around the holidays and during tax season, you extend your cyber footprint by paying bills, shopping, using social media, and many other digital activities whether for business or pleasure. Spring cleaning your space is meant to improve the air quality after having it closed up all winter, and cleaning can improve your mood and remove a year’s worth of clutter. Cleaning your technology and cyber footprint can do the same thing; it removes clutter from your life while at the same time protecting you and your loved ones.
While spring cleaning, you often make a list to ensure you don’t forget to clean the spots you don’t normally think about, like behind the sofa or on top of the fridge. To help you spring clean your technology and cyber footprint, we have developed a checklist to help you through the process. And just like spring cleaning your house, you can assign these tasks to your family.
Passwords
- Review your passwords, updating them as needed, and ensuring they are strong.
- Establish a unique password for each account.
- Consider using a password manager if you haven’t in the past.
- Remember to use Multi-Factor Authentication (MFA) on accounts wherever it is available, especially on accounts that have financial information such as online banking, credit card, and retirement accounts.
Email
- Review all your email accounts.
- Organize folders of emails that you want to keep, delete and purge emails that you no longer need.
- Be sure that there is no personally identifiable information stored in your mailbox.
- Review and update your contacts. Delete contacts that are no longer necessary or current.
- Review and update email filters to send spam and unwanted e-marketing messages directly to trash or another folder.
- Enable MFA whenever possible.
Stale Applications
- Review your applications and remove those you no longer use.
Social Media
- Review social media accounts and associated privacy settings.
- Review any photos or videos and delete those that you no longer need or want to make viewable.
- Search yourself online to see what comes up.
- Don’t just delete a social media app that you’re no longer using, delete your entire profile.
- Be sure you are familiar with the privacy settings in your social media accounts.
- CISA Social Media Cybersecurity Tips
Closing Accounts
- Close out old application or system accounts that you are no longer using.
Clean Desk
- Shred old and unnecessary paperwork.
- Ensure paper documents that contain personally identifiable information, financial information, or other sensitive information is properly stored and locked up.
- Don’t write down passwords or security answers on paper and leave them out.
Backups
- Review your backup routines.
- Review your backup schedule, and what you’re backing up.
- Test your backups and validate they are being successfully completed.
- Make sure you can restore from a backup.
- Review your backup location and media.
Update Devices
- Make sure all applications, operating systems, and devices (computers, phones, tablets, smart devices, TVs, etc.) are updated, and are set to update on a regular basis.
Disposal
- Properly shred or destroy all unnecessary paper documents or files.
- Dispose of old electronic equipment (laptops, monitors, phones, tablet, smart devices, etc.)
- NIST 800-88
- Leverage e-recycling programs in your area.
Cleaning can be a very satisfying process. If cleaning is not normally your idea of a good time, we hope that you’ll find this technology and cyber spring-cleaning checklist a way to speed up the process. Have fun getting rid of some clutter, and don’t forget to have your kids clean under their beds!
|
|
|
|
|
|
The information provided in the MS-ISAC Monthly Security Tips Newsletter is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.
Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.
|
2021-02 Top 4 COVID-19 Scams to Watch Out For
|
Feb 2021
Top 4 COVID-19 Scams to Watch Out For
|
Monthly Security - Tips Newsletter
|
|
The ability to leverage current events is a dream scenario for modern-day cybercriminals. These criminals use events, such as the COVID-19 pandemic, to fuel their malicious intent.
With the global pandemic comes the desire to stay updated with the most current information. However, it can be difficult for internet users to navigate this information and separate fact from fiction. It is also difficult to ensure that links and resources are reliable. The reality is that malicious activity comes through just about every communication channel: email, social media, text and phone messages, and of course, misleading and malicious websites.
Here are some common examples of what you need to be on the lookout for in the months to come:
1. Malicious Websites
Throughout the COVID-19 pandemic, cyber threat actors have consistently capitalized on global interest surrounding the latest information on the virus. These threat actors take advantage of internet users by registering website domains related to COVID-19. Fake websites and applications typically claim to share news, testing results, or other resources, however, they ONLY want your credentials, bank account information, or to infect your devices with malware.
With many organizations and employees continuing to work from home, users may let their guard down and be more susceptible to emails from unverified senders. NEVER give out your personal information, including banking information, Social Security Number, or other personally identifiable information (PII) over the phone or email.
2. Phishing Emails
Expect phishing emails to be on the rise Cyber threat actors will utilize COVID-19 phishing emails in an attempt to convince the recipient to either reveal sensitive information (i.e. bank account information), or simply try to convince the recipient to open a malicious link or attachment, allowing them to potentially access your system.
COVID-19 vaccine-themed phishing emails may include subject lines such as the following:
- Vaccine registration
- Information about your vaccine coverage
- Locations you can receive the vaccine
- Ways you can reserve a vaccine
- Vaccine requirements
While some phishing emails might be easy for you to detect, never get complacent when reviewing your emails. Expect to receive well-composed phishing attempts that are impersonating well-known and trusted entities, such as government agencies, healthcare providers, or pharmaceutical companies. NEVER open any link or attachment from a source that you cannot clearly identify as being legitimate!
For instance, email phishing campaigns in the past have targeted state-level agencies impersonating the Centers for Disease Control and Prevention (CDC). These emails have requested recipients to click on links in order to view a secured message pertaining to COVID-19 vaccine information. Links such as these could easily direct the user to a webpage that attempts to collect PII, including name, address, date of birth, driver’s license number, phone number, and email address.
Here are some notable indications an email, text, or phone call may be a phishing attempt:
- Inspiring a sense of urgency to click a link or provide information
- Is overly formal or written in an overly complicated manner
- Requests sensitive information or that you review a link or attachment
- Asks users to follow a non-standard process, or a process you might find odd!
3. Fraudulent Charities
For as long as the pandemic is around there will always be consistent attempts by threat actors to create fraudulent charities seeking donations for illegitimate or non-existent organizations. Fake charity and donation websites will try to take advantage of one’s good will, especially during such hard times. Always do your research before donating and providing any information.
4. Unemployment Scams
As tax season is quickly approaching, be wary of identity theft scams involving fraudulent claims, especially surrounding unemployment benefits. This scam has especially skyrocketed during the COVID-19 pandemic as unemployment claims in general have been on the rise. The most typical scams to be on the lookout for (but are not limited to) include telling recipients that they’ve won contests, a cash prize, or are eligible for an award for applying for unemployment.
Recommendations
Phishing remains a prominent attack vector for almost all cyber threat actors. Your cybersecurity best practices will always be your first line of defense against phishing. Here are some recommendations you can take to shield yourself from these threats:
- Establish a properly-configured firewall
- Ensure your internet-connected devices are not connected to any public internet
- Report any suspicious emails to your organization’s IT department
- Enable strong authentication tools, such as Multi-Factor Authentication (MFA).
- Continuously update your passwords and update any default unsecure settings Ensure backup protocols are in place with your devices
- NEVER give out your personal information, including banking information, Social Security Number, or PII over the phone or email
- Always verify a charity’s authenticity before making donations. For assistance with verification, utilize the Federal Trade Commission’s (FTC) page on Charity Scams. This information can be found here: https://www.consumer.ftc.gov/articles/0074-giving-charity
If you suspect you've been impacted by a scam or attempted fraud involving COVID-19, you can file a report with the Cybercrime Support Network. More information can be found here: https://cybercrimesupport.org/covid-19-scam-alerts/
Additional Resources
|
|
|
|
|
|
The information provided in the MS-ISAC Monthly Security Tips Newsletter is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.
Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.
|
2021-01 Securing New Devices / Data Privacy Day
|
Jan 2021
Securing New Devices / Data Privacy Day
|
Monthly Security - Tips Newsletter
|
|
The holiday season has sadly come to an end, but hopefully you were able to treat yourself to some of the latest gadgets! Just remember that, however impressive the latest iPhone or gaming computer might be, the ability and knowledge to properly secure these devices is more important than ever, as any device that connects to the internet is potentially vulnerable and could become compromised. In honor of Data Privacy Day (January 28), here are five great tips to keep in mind that can help you securely configure your new devices!
1. Multi-factor authentication
If presented the opportunity, always enable multi-factor authentication (MFA) on your devices. This will ensure that only the person who has access to your account is you! If MFA is an option, enable it by using a trusted mobile device such as your smartphone, an authenticator app, or a secure token. For instance, with an iPhone you can utilize your screen lock feature with a PIN or password. MFA can prevent hackers from accessing your accounts, computer, and mobile devices. The availability of MFA is becoming more and more widespread, and for good reason!
2. Disable your location and safeguard yourself from monitoring devices
Location services might allow someone to see where you are located, so make sure you consider disabling this feature when you aren’t utilizing your device. Additionally, consider disabling your Bluetooth feature when not in use as well. Bluetooth can be used to connect to other devices or computers, and disabling this feature when not using your device can help to further secure your private information.
Another form of device to always be cognizant of is your digital assistant. If you use an Amazon Alexa, baby monitor, audio recordable device, or anything of that nature, always be sure to limit your conversations when they are on, and cover any cameras on toys, laptops, and monitoring devices when they are not in use.
3. Consider installing firewalls and antivirus software
Installing a firewall on your home network can help defend it against outside threats. For instance, a firewall can block malicious traffic from entering your network, while also alerting you to potentially dangerous activity. Please note that some firewall features, including the firewall itself, may be turned off by default, so ensure that your firewall is on and all the settings are properly configured, as this will greatly strengthen your security!
In addition to a network firewall, antivirus software can be a very protective measure against malicious activity. This type of software possesses the ability to detect, quarantine, and remove malware. Fortunately, this software is typically very easy to install and adds another protective shield to your security arsenal.
4. Patch & Update!
Quite often, technology has settings that allow for automatic updates to occur, and this is very important! Updates to your devices aren’t always about creating a smoother and slicker interface. Manufacturers will typically issue updates when vulnerabilities in their products are discovered. A perfect example of this would be the update notifications you receive on your iPhone! Whether you have an iPhone or not, make sure that your device is configured to receive automatic updates. If updating your device is something that you need to do yourself manually, it is important that you ensure you are making updates directly from the manufacturer (i.e. Apple), as third-party applications could very well compromise your device.
5. Secure your Wi-Fi Network
The good news is that it isn’t too difficult to make your wireless network and your devices more secure, and this can be completed in a few simple steps:
- The first thing you should do to secure your network is change your router’s default password to something more secure. Using a password manager is a great idea, as it will ensure you are only using strong passwords, such as those with special characters, numbers, upper- and lower-case letters, etc. This will prevent others from accessing the router and allow you to maintain the security settings you desire.
- In addition to changing your password, it is also worth changing your SSID (Service Set Identifier), otherwise known as your wireless network name. Although changing this name won’t necessarily enhance your network security, it will make it clear which network you are connecting to. Make sure you do not use your name, home address or other personal information in your new SSID name.
- To further improve your defenses, you should also use Wi-Fi Protected Access 3 (WPA3). WPA3 is currently the strongest form of encryption for Wi-Fi. Other methods are outdated and thus, more vulnerable to exploitation.
Conclusion
In today's world we are more connected than ever — not only to each other, but to our devices. In the same manner in which you protect your physical assets, such as your bike with a padlock, you need to similarly protect your internet-connected devices! This is how Data Privacy Day came to fruition. This international event occurs every year on January 28, with the purpose of raising security awareness as well as highlighting data protection best practices.
In addition to its educational initiative, Data Privacy Day also promotes events and activities that aim to enhance the development of technology devices which promote individual control over personal information. For further information on Data Privacy Day and how you can get involved, please copy and paste the following link into your browser: https://staysafeonline.org/data-privacy-day/
Here is to a very cyber-safe New Year!
|
|
|
|
|
|
The information provided in the MS-ISAC Monthly Security Tips Newsletter is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.
Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.
|
2020-12 Ten Cybersecurity Shopping Tips for the Holiday Season
|
Dec 2020
Ten Cybersecurity Shopping Tips for the Holiday Season
|
Monthly Security - Tips Newsletter
|
|
It’s that time of year again -- holiday shopping is in full swing! Even though the shopping insanity of Black Friday, Small Business Saturday, and Cyber Monday have come and gone, holiday shopping is still at the forefront of many consumers’ minds. Due to the fact that many consumers are avoiding stores and buying more online, e-commerce sales are rapidly on the rise, with no sign of consumers reverting to their old ways anytime soon.
Thankfully, online shopping gets more intuitive and simplistic by the day, allowing you to get that perfect gift with ease. However, while embarking on your online shopping conquest, make sure you’re not leaving yourself at risk. It’s clear that businesses are after your dollars during the holidays, but cybercriminals are on the lookout as well, now more than ever.
While you may not have to worry about being pickpocketed in the cyber world, you still need to be careful that you don’t fall prey to criminals. Here are 10 online shopping tips that can help you keep your information out of the hands of those who are most certainly on the naughty list:
1. Do not use public Wi-Fi for any shopping activity
Public Wi-Fi networks can be very dangerous, especially during the holiday season. While they are very convenient, they are not secure, and can potentially grant hackers access to your usernames, passwords, texts, and emails. For instance, before you join a public Wi-Fi titled "Apple_Store," make sure you first look around to see if there's actually an Apple Store in your vicinity, and thus, confirm that it is a legitimate network.
While it is best to avoid public Wi-Fi altogether, if you need to utilize a public network ensure that you never establish an autoconnection, and that you are logged out of all personal accounts, such as your banking sites. Though it is perfectly acceptable to auto-connect to a trusted source such as your home, when out in public, consider shutting off the Wi-Fi option on your phone and use your data plan. Yes, it’s slower, but if you can wait for Santa’s elves at UPS to deliver your presents from Amazon, you can certainly wait the few extra seconds it takes to use the internet, especially if it means your information is not at risk.
2. Make sure the site is secure
Before entering your personal or financial information, you need to ensure that the site you are on is legitimate and can be trusted. When visiting a website look for the “lock” symbol; this might appear in the URL bar, or elsewhere in your browser. Additionally, check that the URL for the website has “HTTPS” in the beginning. These both indicate that the site uses encryption to protect your data.
3. Know what the product should cost
If the deal is too good to be true, then it may be a scam. Check out the company on ResellerRatings.com. This site allows users to review online companies to share their experiences purchasing from those companies. This will give you an indication of what to expect when purchasing from them.
4. Give your debit card a holiday break
When you are shopping online always remember that it is best to rely on your credit cards or payment services such as PayPal. Credit cards offer much more protection and less liability if your information were to be compromised. On the contrary, debit cards are linked directly to your bank account, thus, you’re at a much greater risk if a criminal were to obtain this information. Additionally, in the event of a fraudulent transaction were to occur, credit card companies possess the ability to reverse the charge and hopefully, investigate the issue further.
5. Stay updated
Updating your operating system and software (including anti-virus software) is one of the most important and easiest things you can do to prevent criminals from accessing your information, and needs to be taken very seriously. Most software updates are released to improve your security by patching vulnerabilities and preventing new exploitation attempts by criminal hackers. While waiting for your computer or mobile device to update might seem tedious, the benefits it can provide could be a blessing in disguise. If you see that your device needs to be updated, do it!
6. Outsmart the scammers
During the holiday season we often see an influx of emails with discounts. While many of these discounts and special offers might very well be legitimate, email scammers take advantage of this surge to send out their own viruses and malware, hoping it might get lost in the mix. These scams have evolved over time, to the point that they are depicted as a legitimate discount or special offer. Be wary when opening an email from someone you don’t know or a site you have not visited.
7. Make sure your passwords are complex
Updating and enhancing your passwords is a cybersecurity best practice as old as time itself, and creating unique passwords is arguably still the best security when it comes to protecting your personal and financial information. If you utilize the same password for multiple sites, you are setting yourself up for disaster. If you have difficulty creating a large number of unique passwords for all of your information, be sure to take advantage of password generators and managers to not only develop more complex passwords, but allow you to store them securely as well.
8. Understand your shopping applications
Apps have a way of making everything more convenient for your shopping experience, but certain apps could also make it convenient for criminals to take your information. Make sure you are only installing and utilizing trusted applications from reliable cyber markets, such as the Apple App Store or Google Play Store. Additionally, if you find yourself questioning certain applications, be sure to check out the reviews by legitimate user accounts, as this can help you identify if there is anything suspicious surrounding them.
9. Never save your information
Never save usernames, passwords, or credit card information in your browser, and periodically clear your offline content, cookies, and history. Always utilize strong passwords and consider setting up Multi-factor Authentication (MFA). This is as simple as receiving a text or code that you need to type in while signing on to a system. Oftentimes within the account preferences of your device, you can set up an Authentication Application.
Additionally, when online shopping, consider checking out as a guest user rather than creating an account, as well as utilizing your private browsing feature. For instance, Google Chrome’s Incognito Mode won’t save any of your browsing history, cookies, site data, or information you enter on forms. While the convenience of online shopping is unparalleled, never let this convenience override your security best practices.
10. Keep an eye on your credit
As cyber-safe and secure as you think you might be, we all make mistakes. During this time, pay close attention to your credit report to ensure that nothing out of the ordinary is taking place. The world of online shopping can bring lots of new products to your doorstep and can prove to be a lot of fun when finding that special gift. Just remember to be careful so you don’t make your data a special gift to cybercriminals. Always trust your instincts and make sure you stick to these cybersecurity best practices! ~ Happy Holidays and safe shopping!
|
|
|
|
|
|
The information provided in the MS-ISAC Monthly Security Tips Newsletter is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.
Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.
|
Identifying and Preventing Elder Abuse
- What is Elder Abuse?
Elder abuse is a willful act or a failure to act that creates or causes a risk of harm to an older adult. An older adult is considered to be someone age 60 or older. The abuse occurs at the hands of a family member, a caregiver, or a person the elder trusts. Common types of elder abuse include:
- Physical abuse occurs when an elderly person encounters illness, pain, injury, functional impairment, distress, or death as a result of the willful use of physical force and may include actions such as kicking, hitting, pushing, slapping, or burning.
- Sexual abuse is the unwanted or forced sexual interaction of any kind with an older adult. This could include unwanted sexual contact or non-contact actions such as sexual harassment.
- Psychological or Emotional abuse refers to verbal or nonverbal behaviors that inflict anguish, mental pain, fear, or distress on an older adult. Examples may include humiliation and/or disrespect, verbal and non-verbal threats, harassment, and isolation (geographic or interpersonal).
- Neglect is a failure to meet an older adult’s basic needs. These needs may include food, water, clothing, shelter, hygiene, and essential medical care.
- Financial Abuse is the unauthorized, improper, or illegal use of an older adult’s money, assets, benefits, property, or belongings for the explicit benefit of someone other than
the elderly adult. Common financial abuse scenarios include:
- Misappropriation of income or assets
- Improper or fraudulent use of the power of attorney or fiduciary authority
- Obtain money or property by undue influence
- Scams
- How big is the problem?
Elder abuse is a serious problem in the United States. The number of cases is underestimated as the number of nonfatal injuries is limited to older adults who
are treated in emergency departments. The information doesn’t include those treated by other providers or those that do not need or do not seek treatment. Additionally, because elders are afraid or
unable to tell police, friends, or family about the violence, many cases aren't reported. Victims need to decide whether to tell someone they are being hurt or continue to be abused by someone they depend upon
or care for deeply.
Elder abuse is common. Approximately 1 in 10 people aged 60 and over who live at home experienced abuse, including exploitation and neglect. In the years 2002 through 2016,
more than 643,000 older adults were treated in the emergency department for nonfatal assaults and over 19,000 homicides occurred.
Financial abuse is hard-to-detect and is becoming a widespread issue. Financial neglect occurs when an older adult’s financial responsibilities such as paying rent or mortgage, medical expenses or
insurance, utility bills, or property taxes, are ignored, and the person’s bills are not paid. Even strangers can steal financial information using the telephone, internet, or email. Be careful about sharing any financial information
over the phone or online.
- How can elder abuse be prevented?
There are many factors that may increase or decrease the risk of inflicting and/or experiencing elder abuse. To prevent elder abuse, we must observe and correct the factors that put people at risk for or protect them from violence.
- Observe signs of insufficient care or unpaid bills despite adequate financial resources.
- Learn how signs of elder abuse are different from the normal aging process.
- Listen to older adults and their caregivers to understand challenges and provide support.
- Learn how to recognize and report elder abuse
- Provide stressed caregivers with support from family and friends, day care programs, and counseling.
- How can you avoid becoming a victim of financial abuse?
- Use direct deposit for all checks. Sign your own checks and do not sign a "blank check" for anyone.
- Have a trusted third person review your bank statement if someone helps you manage your finances. Put all financial instructions in writing and be specific.
- Establish a banking relationship with the staff at your bank.
- Execute a power of attorney with a trusted friend, relative, or attorney. The definition of this may be as limited or as broad as you wish.
- Do not sign over money or property to anyone in return for care, including family and friends.
- Keep all important documents together. This includes wills/trusts, insurance policies, and bank account information. Be sure to let someone know where these documents are kept.
- Never give out credit card numbers over the phone unless you placed the call. Never give out your Social Security Number or bank account number over the phone.
- If something seems "to good to be true," it is probably a scam. This includes being told you won a prize for a drawing you did not enter or that someone will get you 100 percent return on an investment.
- How can elder abuse be reported?
To report elder abuse and to learn more, please follow the links below.
Security Basics
Online Security
Computer Safety
Business Protection
Identity Theft
Privacy Policy
Cyber Tips Newsletters