Keep you Kids Cyber Safe

It is important to start your kid’s cybersecurity hygiene early. Your kid’s passwords matter just as much as yours do, so remind them of good passwords habits. Do not share passwords and use standard password guidelines. Additionally, remind them to not share information online for example, last name, address, phone number, name of schools, and photos of any kind.

Fake COVID-19 Credit Union Profiles

Scammers are impersonating credit unions on Instagram. These bad actors are creating fake profiles on Instagram that contain financial institutions’ names, logos and links to their websites along with mentions of COVID-19. They send direct messages (DM) to followers to inform them that they have been selected for a cash prize. Source: Phish Labs team revealed to Security Boulevard

Payroll Fraud Email Scheme

Scammers are impersonating an HR and payroll services company informing employees of a change to payroll policy due to COVID-19. In an attempt to steal credentials, scammers send a convincing email with a sense of urgency to complete information in order to not cause interruption to payroll processing. Included is a link to a fake HR and payroll services website with a landing page replicating the company’s payroll landing page. Falling victim to this attack results in compromised sensitive employee information.

Exploitation of Remote Work Tools and Software

Scammers are taking advantage of the increase in people working from home and the use of video conferencing tools such as Zoom, Microsoft Team and Blue Jeans. The NCSC and CISA have reported phishing emails with attachments using these remote work platform names to trick users into downloading malicious files. Some examples of reported phishing emails include ‘microsoft-teams_V#mu#D_##########.exe’ and ‘zoom-us-zoom_##########.exe’. It is important to remain vigilant when clicking  links and downloading files. Be wary of file names that include strange character stings and investigate the legitimacy of a link by hovering your cursor over it to reveal the URL destination without clicking on it.

COVID-19 Scam Text Messages

Many have reported receiving text messages related to being exposed to COVID-19. The messages have been reported to say:  “Someone who came in contact with you has tested positive or has shown symptoms for COVID-19.” They then recommend you get tested for COVID 19. The link is not from an official organization and is a phishing attempt to get your personal information.

The Federal Trade Commission says they have received more than 25,000 complaints about COVID-19 fraud since the beginning of this year. Remember to always go to a trusted source for information about COVID 19.

Ensure Your VPN is Secure With the Latest Software Patches and Cybersecurity Configurations

Companies commonly use an enterprise virtual private network (VPN) solution to connect remote employees to their organization’s IT network. An increase in vulnerabilities are being found and targeted by malicious cyber actors during the current Coronavirus situation. It is vital to keep VPNs, network infrastructure devices, and devices being used to connect into work environments up-to-date with the latest software patches and cybersecurity configurations.

Ensure you have good VPN security hygiene with these helpful articles from Cybersecurity and Infrastructure Security Agency (CISA):  Understanding Patches and Securing Network Infrastructure Devices.

Be on the lookout for anyone selling products that claim to prevent, treat, or cure COVID-19

In this special edition of Tom’s Tek Tips, we will focus on risk. With the current situation related to COVID-19 there are a host of scammers trying to take advantage of people and the situation. Some old tricks, some new. My hope is that these tips will keep you cyber safe during these unprecedented times.  

Be on the lookout for anyone selling products that claim to prevent, treat, or cure COVID-19. Counterfeit products such as sanitizing products and Personal Protective Equipment (PPE), including N95 respirator masks, goggles, full face shields, protective gowns, and gloves. You can get more information on unapproved or counterfeit PPE at www.cdc.gov/niosh or on the U.S. Food and Drug Administration website, www.fda.gov . If you need PPE try to source it from reputable companies or someone you have done business within the past.  

Beware of fake Centers for Disease Control and Prevention (CDC) emails

In this special edition of Tom’s Tek Tips, we will focus on risk. With the current situation related to COVID-19 there are a host of scammers trying to take advantage of people and the situation. Some old tricks, some new. My hope is that these tips will keep you cyber safe during these unprecedented times.  

Beware of fake Centers for Disease Control and Prevention (CDC) emails. Scammers and criminals have been sending out fake CDC emails and other organizations claiming to offer information on the virus. Do not click links or open attachments if you do not recognize the senderScammers and Fraudsters can use links in emails to deliver malware to your computer to steal personal information or to lock your computer (Ransomware) and demand payment. If you need information from the CDC the best thing to do is go to https://www.cdc.gov/ directly.  

Report Spam Emails to Your Company’s IT Department

If you receive an email that seems suspicious, like an email phishing attempt asking for login credentials, in your work email inbox, you should report this email to your IT department using your company’s protocol. If you are receiving spam or phishing emails like this, it is likely other employees at your company might be as well. Reporting these emails to your IT department is the best way to keep everyone informed of potential scams and to protect the company from malware.

Regularly Review Your Credit Card Statement and Credit Report

Monitoring your credit card activity is the best way for you to catch potential fraud as early as possible, which can make it easier for you to report and resolve the issue. I recommend reviewing your credit card activity once a week to verify your transactions and checking your credit score once a month to monitor any suspicious changes in your score. Most banks offer a FICO score update on their online banking platform, and you can get free credit score updates from Credit Karma. If you do see any suspicious activity, freezing your credit is the most effective way to protect your personal credit information from cybercriminals.