3 Internet Safety Mistakes That Get You Hacked

3 Internet Safety Mistakes That Get You Hacked

In 2005, the U.S. Senate designated June as National Internet Safety Month, as “an opportunity to educate the people of the United States on the dangers of the Internet and the importance of being safe and responsible online.”  While the resolution was born from the recognition that children were increasingly online, the need to understand internet safety extends to all of us – and it’s even more important today than 15 years ago. Just as personal hygiene can protect you from disease (wash your hands), practicing good cyber hygiene can help protect you from internet nasties.  Here are 3 common mistakes that compromise your internet safety, along with advice on what you can do to protect yourself.

Internet Safety Mistake 1 – Reusing Passwords

A 2018 study by researchers at Virginia Tech University revealed that an alarming 52% of users reuse passwords on different services – and the MOST reused passwords were for sensitive sites, like email or shopping sites.  Not only that, many people were still reusing the same passwords even after the credentials had been leaked in a data breach. Wonder if your password has been exposed?  Check Have I Been Pwned? to see if your account has been involved in any of the numerous data breaches reported over the last several years.

Why it’s a problem:

Suppose you’ve set up a really strong password – no dictionary words, you’ve used a passphrase to establish an 18 character password with various alphanumeric characters and even a special character or two. That’s great. But if you use your special strong password for your bank, and your email, and your social media account, and one of those is hacked, all the other services where you use that password are at risk.

What you should do:

Using a strong password is great, and still important.  But the best password in the world is of no use if it’s been exposed in a data breach.  Use a password manager to help you create and manage strong, unique passwords for the many systems you use.  And use two-factor authentication as an extra layer of protection for your most sensitive accounts, like banking or email.

Internet Safety Mistake 2 – Not Updating

You probably get update notifications on your computer or your phone.  Maybe you have them set to auto-update, or maybe you prefer to have control over when an update is done, since you’ve heard of problems happening with updates.  But do you always make sure the updates are done in a timely manner?  You probably have other software on your computer, not just the operating system.  Those programs often get updates as well, but they may require you to log in to apply the update. What about the other internet-connected items in your home?  When is the last time you updated the firmware on your wireless router?  Many smart devices get updates as well, usually automatically, but sometimes an update is interrupted – you should check to be sure all updates are applied.

Why it’s a problem:

Software updates are done either to add new features or to plug security holes.  Technology is constantly changing, and new vulnerabilities are discovered all the time; reputable companies do their best to stay on top of this and issue updates or “patches” to fix security issues. Failure to do updates and apply patches is one of the top reasons for data breaches, and this applies to your home systems as well as to big companies.  In 2018, a major cyberattack was launched targeting small office and home routers; it allowed bad actors to steal website credentials, extract information, and block network traffic.  Most vendors created patches, but routers usually require you to do a manual update.

What you should do:

Be aware of all the connected devices you have – definitely your smart phone and computer, but also think about your router, your smart TV, streaming devices, smart speakers, home control hubs, even your smart watch.  If you have a small business, don’t forget about your connected printer, your website, and your file servers. Establish a process to regularly check for updates on all your devices and for the software running on those devices, especially if you don’t have auto-updates.

Remember to check for updates on all the software running on your computer.  CCleaner Pro is one program that can help you with this; it can check for outdated software on your computer and in many cases update it for you.

Internet Safety Mistake 3 – Using Public WiFi

Have you ever connected to the “free WiFi” offered at your favorite coffeeshop?  Or perhaps you travel for business, or vacation, and use the airport or hotel WiFi.  Careless use of public WiFi is one of the biggest mistakes people make when on the go.  While having access to WiFi can be very convenient, it comes with a significant security risk.

Why it’s a problem:

Very often, free WiFi offered in public spaces is completely open, with no password or protection at all.  A hacker can set up a wireless “sniffer”, which can read all the data you send over that network, such as user names and passwords.

Also, it’s easy for a hacker to set up an inexpensive device and pretend to be a legitimate wireless access point.  When you log in to that “FreeAndOpenWiFi” network at the hotel or airport, are you sure it’s really the right network?  It could be a bad guy out in the parking lot, who can now view everything you are doing on your laptop or phone.

What you should do:

SurfShark has a great resource explaining the risk of public wifi and what you can do to protect yourself.  A couple of quick things to remember:

When using public WiFi, always check with the venue to make sure you’re logging in to the REAL network – and make sure it has at least basic encryption and requires a password.

Even when you’re sure it’s the right network, take precautions to protect the information you’re sending over the WiFi network.  It’s best not to do any sensitive business while using public WiFi – for example, don’t log in to your bank using the airport WiFi.  If you must use public WiFi, use a VPN service on your laptop or mobile device to encrypt the data you send and keep it safe from cyber thieves.

Don’t make these internet mistakes!

Protect your passwords, update regularly, and be extra careful if you use public WiFi.  Keep yourself safe by staying aware of risks and practicing good cyber hygiene!

Don’t Trust, But Verify – Protect Yourself From Internet Crime

Don’t Trust, But Verify – Protect Yourself From Internet Crime

You may have heard the quote, “Trust, but verify,” (made famous by Ronald Reagan), but based on the information in the FBI Internet Crime Complaint Center’s 2019 Internet Crime Report, you’d do better to verify first. According to the FBI, 2019 had both the highest number of complaints and the highest financial losses since the IC3’s beginning in 2000 – 467,361 reported complaints and over $3.5 billion lost.

Internet Crime – Where The Money Is

With financial losses due to internet crime at the highest levels ever, what are the areas where fraudsters are causing the most damage?

Email Compromise

Nearly half the losses reported were due to Business Email Compromise (BEC) or Email Account Compromise (EAC).  This is a scam in which a cyber criminal hacks or spoofs a legitimate email account and convinces the recipient of the email to transfer funds to a fraudulent location.

For example, consider this BEC fraud attempt, in which First Business Bank received an email from the business email address of the CEO of a business client, requesting a $15,850.00 wire transfer.  The bank employee emailed a blank wire request form, and received a return email with the completed form, including the CEO’s matching signature.  The fraud was discovered when the wire desk did additional authentication by calling the client’s phone number of record.

Unfortunately, a woman in Spokane was not so lucky when she fell victim to EAC during the process of buying her dream home.  A 75 year old woman lost her life savings of almost $100,000 when she followed emailed wire transfer instructions that appeared to be from her escrow officer.  Sandra Lee lost her money and her home, and her only consolation is that the FBI was able to track down one perpetrator with the report and evidence she provided.

Elder Fraud

Sadly, Lee was also in the age group that loses the most to fraudsters – those over 60.  These internet criminals prey on those over 60, since they are believed to have financial resources, as well as being more trusting and less tech savvy.

Elder Fraud, defined as a financial fraud which targets or disproportionately affects people over the age of 60, is a growing problem.  According to the statistics in the report, this age group is the most targeted and the group which loses the most to internet crime.

chart showing internet crime victims by age group

IMAGE: FBI’s 2019 Internet Crime Report

Those over 60 are also the most victimized by another growing problem, Tech Support Fraud.  This is a scam in which a criminal pretends to be a customer service or support technician in order to defraud a victim.  The infamous computer pop-up claiming “your computer is infected by a virus” is one example, as are calls, texts, or emails purporting to be from a well-known company such as Apple or Microsoft, claiming to have discovered a problem with your system or account and offering to “help” you resolve it.  While not the most lucrative or most prevalent scheme, losses due to Tech Support Fraud increased 40 percent in 2019, and the majority of victims were in the over 60 age group.

Phishing/Vishing/Smishing/Pharming

While BEC/EAC accounts for the majority of financial losses, it’s not the most prevalent scheme.  The most common internet crime type by far, with 114,702 reported victims, is Phishing/Vishing/Smishing/Pharming.

chart showing internet crimes by type

IMAGE: FBI’s 2019 Internet Crime Report

Phishing, vishing, and smishing involve unsolicited emails, phone calls, or text messages from criminals pretending to be a legitimate company or even a friend, and asking for login credentials or personal information.  Pharming is a tactic which uses a fake website pretending to be a legitimate company’s website, set up for the purpose of obtaining personal or financial information.

For example, you may get an email, phone call, or text purporting to be from your bank, telling you that your account has been compromised and asking you for personal information to confirm your identity.  Or you may search for something online and find yourself on a fraudulent site which collects your credit card information.

How Can You Protect Yourself From Internet Crime?

With both victims and losses from internet crime at an all-time high, what can you do to protect yourself?

Verify

We can no longer “trust, but verify” – the best preventive measure is to verify first.  The Chief of IC3, Donna Gregory, cautions that internet crime is becoming increasingly sophisticated, and she recommends we make a practice of double-checking everything.

Gregory advises, “In the same way your bank and online accounts have started to require two-factor authentication, apply that to your life. Verify requests in person or by phone, double-check web and email addresses, and don’t follow the links provided in any messages.”

Report Internet Crime

The IC3 report includes some appalling numbers on victims and losses due to internet crime, but it’s likely this is only the tip of the iceberg.  Many victims don’t report these crimes, either because they are embarrassed or they aren’t aware of how to do so.

If you’re a victim of internet crime, report the crime to the IC3.  With timely reporting, the FBI has a chance of stopping a fraudulent transaction and recovering the money.  And the more information you can provide, the better it helps the FBI combat the criminals.  Matt Gorham, assistant director of the FBI’s Cyber Division, encourages everyone to report internet crime, as “It is through these efforts we hope to build a safer and more secure cyber landscape.”

National Cybersecurity Month Wrap-Up

National Cybersecurity Month Wrap-Up

It’s the last day of October, which means this year’s National Cybersecurity Month is officially ending.  But that doesn’t mean you should stop taking measures to #StayCyberSafe!  This year, the NCSAM theme was “Own IT, Secure IT, Protect IT” – let’s take a look at some of the tips that were presented this month.
 

Own IT

We’re almost constantly connected, whether at home, at work, at school, or even on vacation.  With mobile phones and Internet of Things devices, there are more ways to be connected than ever before.  Not only that, we also have many accounts which collect our information.

  • Don’t overshare on social media.  #BeCyberSmart about where you share your information and who you share it with.  Connect only with people you know and trust.
  • Set privacy and security settings to limit what your devices and social media accounts share about you.
  • Keep tabs on your apps; only download from legitimate, trusted sources.  Review the permissions those apps are asking for, and deny any that don’t make sense.

 

Secure IT

Security breaches seem to be happening more and more often; they’re hardly front page news any more.  Your personal information is valuable, so do what you can to keep it out of the hands of cyber criminals.

  • Use strong passwords, and don’t use the same password on multiple accounts.  A password manager can help you keep track of all those strong, unique passwords for your accounts.  Some can even help you share access with trusted partners or family members, without requiring you to give them the password.
  • No matter how strong your password is, if a breach occurs, your account may be vulnerable.  Enable multi-factor authentication to add another layer of security and help ensure the only person who can access your account is you.
  • Don’t get hooked by a phishing scam!  Be very cautious when opening emails, and never click on links or attachments sent by people you don’t know.  Even if the email looks like it’s from a friend, coworker, or your boss, be wary of clicking on links.  Scammers can spoof email addresses, so it’s best to check the legitimacy of the email, especially if it’s urging you to click or open something right away.

 

Protect IT

While today’s technology allows us to shop, bank, communicate, and entertain ourselves anywhere, this convenience comes with an increased risk.  Smart home devices, such as thermostats, door locks, and cameras can make our lives easier and save time and money, but be aware of the additional security risk that comes with these smart devices.

  • Your wireless router is the main entryway to all your connected devices, so be sure to change the default user name and password, keep the firmware up to date, and set a password on your Wi-Fi network.  Also, change the default credentials on all your smart devices, and make sure you understand the permissions and access they have to your network, your information, and your personal space.  Assume a smart speaker is always listening, and a smart camera is always watching.
  • Keep software and firmware on all your devices up to date.  Your computer, smart phone, router, and many smart home devices get updates to help keep them protected from ever-changing threats.  If you have an older device, make sure it’s still being supported; sometimes, it’s just time to get rid of that old streaming device to help protect the rest of your home.
  • Public Wi-Fi is not safe or secure.  Even a public Wi-Fi network with a password could be compromised.  If you must use public Wi-Fi, be sure it’s the actual network provided by the location.  Use a VPN service to protect the privacy of the information you’re sending, and avoid accessing sensitive accounts such as financial and banking accounts while on public Wi-Fi.

As we move into the holiday season and the new year, keep these cyber security tips in mind.  OWN IT, Secure IT, and Protect IT to keep yourself and your family #CyberSafe.

Don’t Worry, Be (Safely!) Appy

There’s an app for that! Nowadays, it seems like there really is an app for everything — games, shopping, fitness, hobbies, and more. No wonder almost 50% of all smartphone users download at least one new app a month.

But it’s important to choose and use your apps carefully. Some apps may be scams or contain viruses. What can you do to keep yourself safe?

Beware Permissions

Any time you install an app, it’ll ask you to allow it permission to access functions of your device — stuff like the camera, location data, and contacts list. But should a fitness app need to use your camera, or a game need to know who you call? Click “Deny” to keep an app from getting certain permissions.

Source Smart

Stick to the official sources for your apps. Research before you buy or download, and only install apps from a reputable developer. The Apple App Store and Google Play have standards for what apps they include, and something from the official store is less likely to cause problems for you – but still be cautious!

Spot The Scam

Check out the reviews and information about the app. If there are a lot of high ratings, but no actual reviews, or if the reviews appear suspiciously similar or low quality, it could be a scam. Also, look for information on the developer – if there’s little information, no responses, and no indication that the developer is supporting the app, think twice (or three times) about installing it.

Vaccinate Your Device

Make sure all your devices have antivirus and/or antimalware software installed. That way, even if you download a malicious app, or an app you’ve bee using for a while becomes a problem, you have another layer of defense to help secure your device.

Follow the app safety advice in this infographic from INFOSEC – stay safe and “appy”!

Phishing – Don’t Take The Bait

Phishing – Don’t Take The Bait

Can You Spot The Phish?

One of the main ways cybercriminals steal information or spread ransomware is by gathering information through phishing emails.

Not all phishing emails are full of spelling errors and sent from people purporting to be Nigerian princes. Some are quite sophisticated, and emulate known and trusted brands.

Try this phishing quiz from Google to see if you can spot the phish.

Taken The Bait?

If you think you’ve been a victim of phishing, take action as soon as you realize the problem.  Change your account login credentials, scan your system for malware, and report the phishing attack to the company that was impersonated. You may also want to notify your bank and credit card companies, and be sure to closely monitor your statements for unusual activity.

Also, consider reporting the phishing attempt to the Anti-Phishing Working Group (APWG), an international coalition working to coordinate responses to cybercrime. You can forward the suspicious email to [email protected]; if your email client allows, forward the email as an attachment, as this will provide more details to help APWG tracking and analysis.

Milepost 42 Will Promote Online Safety As A National Cybersecurity Awareness Month Champion

Milepost 42 Will Promote Online Safety As A National Cybersecurity Awareness Month Champion

Milepost 42 is honored to join an initiative to promote awareness of online safety and privacy, by signing up as a Champion of National Cybersecurity Awareness Month (NCSAM) 2019.

NCSAM is a collaborative effort among businesses, government agencies, colleges and universities, associations, nonprofit organizations and individuals committed to this year’s NCSAM theme of “Own IT. Secure IT. Protect IT”, and this year’s initiative will encourage everyone to #BeCyberSmart through cybersecurity best practices.

30 years ago, the world wide web was just getting started. Today, we can access information almost instantly, from a device that fits in a pocket. We have technology in almost every aspect of our lives. And just like in all the other parts of our lives, we need to protect and secure the things we own.

~ Stacy Clements, Owner of Milepost 42

Now in its 16th year, NCSAM continues to build momentum and impact with the ultimate goal of providing all Americans with the information they need to stay safer and more secure online. [Organization name] is proud to support this far-reaching online safety awareness and education initiative which is co-led by the National Cyber Security Alliance (NCSA) and the Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security.

“Cybersecurity is important to the success of all businesses and organizations. NCSA is proud to have such a strong and active community helping to encourage proactive behavior and prioritize cybersecurity in their organizations,” said Kelvin Coleman, executive director, NCSA.

For more information about NCSAM 2019 and how to participate in a wide variety of activities, visit staysafeonline.org/ncsam. You can also follow and use the official NCSAM hashtag #BeCyberSmart on social media throughout the month.

About Milepost 42

Milepost 42 is a technology partner for small business owners who want to focus on their passion and not the “techie stuff” needed to support it.  Small businesses need technology –websites, email, automation – to run and grow, and they also need to be aware of the need for cybersecurity to ensure business continuity.  Milepost 42 provides those services and planning assistance for small business owners who are ready to have someone else handle the “web stuff”. 

About National Cybersecurity Awareness Month

NCSAM is designed to engage and educate public- and private-sector partners through events and initiatives with the goal of raising awareness about cybersecurity to increase the resiliency of the nation in the event of a cyber incident. Since the Presidential proclamation establishing NCSAM in 2004, the initiative has been formally recognized by Congress, federal, state and local governments and leaders from industry and academia. This united effort is necessary to maintain a cyberspace that is safer and more resilient and remains a source of tremendous opportunity and growth for years to come. For more information, visit staysafeonline.org/ncsam or niccs.us-cert.gov/national-cybersecurity-awareness-month-2019.

About NCSA

NCSA is the nation’s leading nonprofit, public-private partnership promoting cybersecurity and privacy education and awareness. NCSA works with a broad array of stakeholders in government, industry and civil society. NCSA’s primary partners are the Cybersecurity and Infrastructure Security Agency and NCSA’s Board of Directors, which includes representatives from ADP; American Express; Bank of America; CDK Global, LLC; CertNexus; Cisco; Cofense; Comcast Corporation; Eli Lilly and Company; ESET North America; Facebook; Google; Infosec; Intel Corporation; Marriott International; Mastercard; Microsoft Corporation; Mimecast; NXP Semiconductors; Proofpoint; Raytheon; Symantec Corporation; Trend Micro, Inc.; Uber: U.S. Bank; Visa and Wells Fargo. NCSA’s core efforts include National Cybersecurity Awareness Month (October); Data Privacy Day (Jan. 28); STOP. THINK. CONNECT.™, the global online safety awareness and education campaign co-founded by NCSA and the Anti-Phishing Working Group with federal government leadership from the Department of Homeland Security; and CyberSecure My Business™, which offers webinars, web resources and workshops to help businesses be resistant to and resilient from cyberattacks. For more information on NCSA, please visit https://staysafeonline.org/about/.