Embed Size (px)
Citation preview
Thursday, March 14, 2019
In This Issue
IRS 2019 Tax SeasonWarningDon't Reuse Passwords!Safe Internet Browsing atWorkThe Evolution of the Phish
Key Security Tips To avoid becoming the victim of a"phishing expedition," call yourfriend or colleague if an emaillooks suspicious.
Ask your tech-savvy children to"teach you" about using computersto help you learn what they aredoing online.
Set your home computer to receiveautomatic OS and applicationupdates.
Don't give out information aboutfellow employees, remote networkaccess, or organizational practicesand strategies to people outsidethe organization.
IRS 2019 Tax Season Warning
It's income tax season again, and as we getcloser to the April 15th deadline, we canexpect to see an increase in phishingattempts from scammers. In November 2018,the IRS posted a warning on their websiteabout a surge of fraudulent emailsimpersonating the IRS and using taxtranscripts as bait to entice users to open documents containing malwarecalled Emotet.
This malware has been posing as the IRS and sending scam emails withan attachment labeled "Tax Account Transcript" or something similar, andthe subject line uses some variation of the phrase "tax transcript."
The IRS reminds taxpayers it does not send unsolicited emails to thepublic, nor would it email a sensitive document such as a tax transcript,which is a summary of a tax return. The IRS urges taxpayers not to openthe email or the attachment. If using a personal computer, delete orforward the scam email to [email protected].
Don't Reuse Passwords!
When one of your online services getshacked, you change your password andfigure you might be safe. Unless, of course,you've used the same password acrossmultiple accounts, in which hackers coulduse your stolen password to access yourother accounts. This famously happened withFacebook's Mark Zuckerberg, whose Twitter and Instagram accountswere hacked using stolen passwords from the 2012 LinkedIn hack.
According to a recent 2018 study, The Next Domino to Fall: EmpiricalAnalysis of User Passwords across Online Services, of the 28.8 millionusers they surveyed:
38% reused the same password for two different online services. 21% slightly changed an old password to sign up for a new service.Online shopping and email accounts are the most common services
with reused or modified passwords.Email accounts are shopping sites are known to store addressesand credit card information, so hackers could hit a goldmine if youhave reused a stolen password for one of these accounts.
This means that should your favorite shopping brand or email serviceprovider get hacked, changing your password on that site alone won't fixthe problem.
Password managers help make remembering and creating strong, unique,passwords extremely easy and some will even tell you if you have reusedpasswords across multiple services.
If possible, enable two-factor authentication so that in the event you haveused the same password on multiple sites and one of them gets hacked, itwill be a little more difficult for hackers access other accounts.
Safe Internet Browsing at Work
There certainly hasn't been a shortage ofsecurity breaches lately. And as companiesbecome more data-driven, these breachesbecome more costly.
Part of improving your organization's defenseagainst these types of threats starts witheducating your employees on cybersecurity best practices.
Here's a quick guide to making sure you're safely browsing the internetwhile at work:
Keep your web browser updated – Outdated browsers are moresusceptible to being compromised by bad actors. Keeping yourbrowser up-to-date is a simple way for employees to keepthemselves safe from cyberattacks. Make the most of your browser's features – Making sure youreview your browser's settings and configure them with security inmind can help you browse safely at work.Only browse SFW sites – The best rule of thumb is to only browsethe websites that are relevant to your work.Install security-aware apps and plugins – There are manybrowser apps that act as an extra layer of protection to help yousafely browse the internet at work. Ad blockers, for example, canhelp eliminate sites that display compromised web advertisements.Visit your browser's app store to see what's available to you.
When it comes to preventing online threats from lurking into yourorganization's network, your employees are your first line of defense.Practicing these safe browsing techniques will help to keep your companyprotected.
The Evolution of the Phish
When you think of phishing, you most likelythink about email phishing, as 91 percent ofphishing attacks start with this method ofcommunication. However, phishing attacksare evolving every day, becoming moresophisticated in both type and frequency. Inthis article we will outline some of the waysphishing has evolved from emails.
Social Media Phishing
More than two-thirds of adults use social media these days, and thatnumber is even higher among young adults. Cyber-criminals are takingadvantage of popular social platforms in hopes of hacking accounts ortricking people into giving them personal information. One way they dothis is by creating fake accounts. These accounts can mimic people you'reclose with or businesses that offer promotions. Cyber-criminals will thenpost malicious links and steal login information.
Vishing and SMiShing
SMiShing is a form of phishing where cyber-criminals send text or SMSmessages to another individual requesting their personal information.These texts often contain malicious links. If you receive a text from anunknown number that contains a link or is requesting personalinformation, think twice, and research the business or phone number.
Another way cyber-criminals attempt to steal personal information usingyour phone number is vishing. Vishing is the fraudulent practice ofextracting sensitive information over the phone. Vishers often impersonateyour bank by calling and leaving fake voicemails, or even emailing you animposter phone number to call to provide your banking details. Alwaysremember to double research the phone number provided to you. Ifsomething seems phishy, call your bank directly and ask if the request islegitimate.
USB Baiting
External storage devices, like USB flash drives, can be used to injectmalicious code into your network, redirect you to phishing websites, orgive a hacker access to your network. If you find an external storagedevice, never plug it in toy our computer. Turn it in to your IT administrator.
While social phishing, vishing, SMiShing, and USB baiting are some verytricky forms of phishing, you should always be on alert for any type ofphishy situation. Always think twice before clicking a link or providing anysensitive information to anyone over the phone or digitally. It's alwaysbetter to be safe than sorry!
Inspired eLearning | 4630 N Loop 1604 W | Suite 401 | San Antonio, TX 78249
Forward this email to a friend.
© 2019 Inspired eLearning, LLC. All Rights Reserved. All organizations with an active Security Awareness license are granted permission to republish any or all of the content in our Security
Awareness Newsletter, as long as distribution of that content is limited to employees within the organization.
