UVa Today: Cybersecurity

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.newsplex.com/home/headlines/UVa-Today-Cybersecurity-330783272.html

October is National Cybersecurity Awareness Month, a good time to review
steps to protect data and identities, of which we should be aware all the
time, because hackers are busy year-round, 24-hours a day, seven days a
week. Security has been breached at such companies as Target, Home Depot,
Anthem, eBay, JPMorgan, Sony Pictures, the US Government Office of
Personnel Management, the Pentagon, and many others.

These occur almost weekly and with increasing frequency. And that doesn’t
even count the number of breaches of individuals.

Approximately 90 percent of these incursions occur when someone, usually an
innocent victim, responds to a phishing email message hackers sent
precisely in order to gain access. Phishing, or spear phishing, as it is
often known, is email that appears to come from a familiar individual or
business.

But it’s a trick, a fraud, a scam that is targeting the individual or
organization, seeking unauthorized access to confidential data.

Spear phishers are criminal hackers who want company information or an
individual’s credit card and bank account numbers, passwords, and the
financial information stored on a personal computer.

Spear phishers are not “random hackers.” They purposely seek financial
gain, intellectual property or trade secrets, research or military
information. Spear phishing is big business.

But an alert user can thwart these attacks. Spear phishing emails usually,
but not always, have four identifying marks.
1) They are unsolicited.
2) They prompt the reader to take an action, such as providing a login name
and password, or to open an attachment, or click on a link, or call a phone
number.
3) They have a tone of urgency or contain a warning, urging the reader to
respond right away, or within a certain short period of time, to avoid a
dire consequence, such as losing access to email, or having an account
cancelled.
4) They have mis-spelled words or use English in an odd way; though
recently phishers have hired grammarians to spell and grammar check their
messages.

They also arrive at times when they are least expected, such as late Sunday
night, very early Monday morning, or very late Friday afternoon when people
are busy trying to leave the office.

Vishing (V is for voice), is closely related to phishing, and occurs on a
landline or mobile telephone, and Smishing (S is for SMS texting) is a
fraudulent text on your mobile phone. Vishers and smishers (though smishing
occurs less often) purport to be from the IRS, the local power company, the
local police, an authority, or even a non-profit or charity.

Sometimes vishers pretend to be Microsoft technicians and say your computer
is infected, not to worry because they will fix it for you.

How do they know you? They actually don’t, but they are very diligent and
conscientiously research and gather information from social media sites,
public-facing webpages, from previous database hacks, and by infecting
computers when a user accidentally clicks on an infected advertisement or
downloads an infected attachment.

What’s the best protection? Don’t respond.

Delete the email or text message, don’t answer or hang up the phone, keep
your computer updated, and limit the amount of personal information you
share online. You can also perform a web search on yourself and see what
information is readily available.

Finally, always backup computers, especially ones with financial documents
and photos, for there are hackers who steal this data for ransom.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!