BreachExchange mailing list archives
UVa Today: Cybersecurity
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 6 Oct 2015 18:31:29 -0600
http://www.newsplex.com/home/headlines/UVa-Today-Cybersecurity-330783272.html October is National Cybersecurity Awareness Month, a good time to review steps to protect data and identities, of which we should be aware all the time, because hackers are busy year-round, 24-hours a day, seven days a week. Security has been breached at such companies as Target, Home Depot, Anthem, eBay, JPMorgan, Sony Pictures, the US Government Office of Personnel Management, the Pentagon, and many others. These occur almost weekly and with increasing frequency. And that doesn’t even count the number of breaches of individuals. Approximately 90 percent of these incursions occur when someone, usually an innocent victim, responds to a phishing email message hackers sent precisely in order to gain access. Phishing, or spear phishing, as it is often known, is email that appears to come from a familiar individual or business. But it’s a trick, a fraud, a scam that is targeting the individual or organization, seeking unauthorized access to confidential data. Spear phishers are criminal hackers who want company information or an individual’s credit card and bank account numbers, passwords, and the financial information stored on a personal computer. Spear phishers are not “random hackers.” They purposely seek financial gain, intellectual property or trade secrets, research or military information. Spear phishing is big business. But an alert user can thwart these attacks. Spear phishing emails usually, but not always, have four identifying marks. 1) They are unsolicited. 2) They prompt the reader to take an action, such as providing a login name and password, or to open an attachment, or click on a link, or call a phone number. 3) They have a tone of urgency or contain a warning, urging the reader to respond right away, or within a certain short period of time, to avoid a dire consequence, such as losing access to email, or having an account cancelled. 4) They have mis-spelled words or use English in an odd way; though recently phishers have hired grammarians to spell and grammar check their messages. They also arrive at times when they are least expected, such as late Sunday night, very early Monday morning, or very late Friday afternoon when people are busy trying to leave the office. Vishing (V is for voice), is closely related to phishing, and occurs on a landline or mobile telephone, and Smishing (S is for SMS texting) is a fraudulent text on your mobile phone. Vishers and smishers (though smishing occurs less often) purport to be from the IRS, the local power company, the local police, an authority, or even a non-profit or charity. Sometimes vishers pretend to be Microsoft technicians and say your computer is infected, not to worry because they will fix it for you. How do they know you? They actually don’t, but they are very diligent and conscientiously research and gather information from social media sites, public-facing webpages, from previous database hacks, and by infecting computers when a user accidentally clicks on an infected advertisement or downloads an infected attachment. What’s the best protection? Don’t respond. Delete the email or text message, don’t answer or hang up the phone, keep your computer updated, and limit the amount of personal information you share online. You can also perform a web search on yourself and see what information is readily available. Finally, always backup computers, especially ones with financial documents and photos, for there are hackers who steal this data for ransom.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- UVa Today: Cybersecurity Audrey McNeil (Oct 07)