Cybersecurity Awareness Week 4: Putting It All Together

 October is Cyber Security Awareness Month (CSAM). The goal of CSAM is to help Canadians stay cyber-safe by equipping them with knowledge through the following four themes:

• Week 1:  You Got Phished
• Week 2:  Where, Why and How It Happens
• Week 3:  Prevention
• Week 4: Putting It All Together

For the final week of CSAM we're focusing on the theme, “Putting It All Together”. This week, we're discussing how to spot the 7 red flags of phishing, cybersecurity tips for older adults and children, and how to equip colleagues with knowledge of phishing.

The 7 Red Flags of Phishing

Phishing is a common method that hackers will use to steal valuable information from individuals and organizations. Phishing scams are often disguised as messages from people and organizations that you trust, making them easier to fall victim to.

The most important way to avoid a phishing scam is to learn how to recognize one. Here are seven red flags to look out for:

1. Urgent or threatening language: Look out for threats of closing your account or taking legal action, and pressure to respond or act on something quickly.
2. Requests for sensitive information: Be on alert for links directing you to login pages, requests to update your credentials, and demands for your or your company’s financial information.
3. Anything too good to be true: Avoid actions on messages that claim winnings from contests you’ve never entered, prizes you must pay to receive, and inheritance from long-lost relatives.
4. Unexpected emails: Disregard emails such as receipts for items you’ve never purchased and updates on deliveries for things you didn’t order.
5. Information mismatches: Look out for incorrect (but maybe similar) sender email addresses, links that don’t go to official websites, and errors in spelling or grammar that a legitimate organization wouldn’t miss.
6. Suspicious attachments: Avoid attachments that you didn’t ask for that have weird file names or uncommon file types.
7. Unprofessional design: Be on alert for incorrect or blurry company logos, image-only emails, and company emails with little, poor, or no formatting.

If you encounter any of these red flags in an email or message, do not interact with it. Rather, delete the email or message. If you are unsure, ask the sender about the message through a different channel.

Cybersecurity Tips for Older Adults and Children

https://www.youtube.com/watch?v=WQ9ZNShXbC0

Learning how to be cyber safe can seem like an overwhelming task. For older adults and children, there is a lot to learn about practicing safe online behaviour, as well as ensuring your devices are protected from cyber threats. The best way to prevent falling victim to a cyber-attack, such as phishing, is to know how to recognize and prevent yourself from becoming a victim.

Our devices do a great job of making our lives more convenient! For example, older adults can turn to their computers and tablets to chat with their family and friends, and kids can turn to their smart speaker and ask for homework help (“Hey Google, what is 2 x 2?”), learn about any topic of their choosing, play music, and more! But, just like other internet-connected devices, smart devices can give potential cybercriminals access to our information.

If you encounter any of the seven red flags of phishing in an email, phone call, or text message (aka smishing), do not interact with it. Delete the email or text, do not answer the call (or hang up), and if relevant report it.  Phishing attempts are becoming more sophisticated, so if you are unsure ask the “sender” about the message through a different channel.

For example, if your child receives an email from their teacher asking them to send them personal information- it is likely a phishing attempt as teachers, or the school would reach out to the parent. In this case, you or your child can ask their teacher directly in their next online or in-person class to confirm if the request was legitimate or not.

Older adults must also be on the lookout for the red flags of phishing as they can become a target of cybercrime such as romance scams, tech support scams and grandchild scams.  Some actionable steps that both older adults and parents of young children can take to practice cyber safety include:

• Teach children about cyber safety
• Think twice before you share any personal information online
• Always verify requests with a trusted source
• Use anti-virus and malware protection
• Backup your data
• Only visit trusted websites and do not click on unknown links or attachments
• Protect your accounts with MFA
• Use complex passphrases and passwords

How To Equip Colleagues with Knowledge Of Phishing

Whether you’re working at the office or remotely, cyber security practices should be taken seriously. Businesses of every size can be a target of cyber crimes such as ransomware, phishing, and malware. While not completely unavoidable, proactive measures should be taken to avoid cybercrime and protect your business networks.

Cyber security is a team effort that requires action from both management and employees. The best way to equip your team to prevent becoming a victim of cybercrime is to learn how to recognize and prevent it! Here is what you can do to ensure your team is prepared to avoid common cyber crimes, such as phishing:

• Implement Email Best Practices: Combat the inevitability of cybersecurity breach attempts through email by communicating best practices with your employees. Practices such as: separating internal and external emails, prohibition of all unknown email link clicks and keeping an updated SPAM filter.
• Educate Your Team: Ensure that your team understands what is at stake with a business’s cybersecurity. Highlight case studies to show your team how poor cyber habits cost other businesses and share examples of what an attempted cyberattack looks like. Learn the seven red flags of phishing, and always be on alert.
• Implement Information Regulations: Create strict rules on when it is appropriate for an employee to give out personal, sensitive or business-related information through any form of electronic communication or online medium.
• Implement Browser Best Practices: Combat the inevitability of cybersecurity breach attempts through online websites by communicating browser best practices with your employees. Practices such as firewall implementation, browser monitoring/usage limitations and education on online safety features (such as SSL).
• Implement Personal Account Regulations: Create regulations surrounding what personal accounts employees can and cannot access on the business network (such as personal banking and email accounts).

Your colleagues are your first line of defense against common cyber attacks, including phishing and ransomware. Did you know that AlphaKOR offers Cyber and Phishing User Training services? These services include dedicated training and educational materials to educate your employees about cybersecurity risks. 

Your Cyber Security Partner

As Cyber Security Awareness Month comes to an end, be sure to extend what you have learned this past month into your everyday cyber habits! 

Cybersecurity Awareness Week 3: Prevention

 October is Cyber Security Awareness Month (CSAM). The goal of CSAM is to help Canadians stay cyber-safe by equipping them with knowledge through the following four themes:

• Week 1:  You Got Phished
• Week 2:  Where, Why and How It Happens
• Week 3:  Prevention
• Week 4:  Putting It All Together

This week’s theme, “Prevention” focuses on 5 actionable steps to prevent becoming a victim of cybercrime.

Tip #1: Use Strong and Unique Passphrases and Passwords

Did you know that at least 65%  use the same password across multiple sites? Although this makes remembering your credentials easier to do, this also makes your accounts vulnerable to cyberattacks.

By creating complex passphrases and unique passwords for each site you use, you instantly tighten up your security, making your accounts less attractive to hackers. Some best practices for creating complex passphrases include:

• Avoiding family, pet, company, and familiar names that can be easily guessed by others
• Using unique combinations of letters, numbers, symbols, and cases for each site you use
• Creating passwords with at least 4 words and 15 characters long

Tip #2: Use A Password Manager

Our passwords protect the things that are important to us, such as our financial information, our social media accounts, and more. But with all the platforms and websites we actively use, it can be difficult to keep track of unique and complex passwords for each platform.

Password managers such as Google Password Manager help you create complex passphrases and store them so that you never forget a password again.

Tip #3: Enable Multi-Factor Authentication (MFA)

Multi-factor authentication (MFA) is an added layer of security that is catered to you so that only you can access your accounts and private information. This dual layer of security is simple to implement and consists of two or more independent credentials to verify you are who you claim to be. Three of the most common credentials consist of what the user knows (password), what the user has (security token) and what the user is (biometric verification).

Some common forms of MFA include:

• Fingerprint scanners
• Voice verification
• Facial recognition
• Security questions
• PIN numbers
• SMS authentication
• App-based authenticators
• Hardware tokens

Implementing MFA is an excellent way to add an extra security layer to your system. Did you know that by adding something as simple as MFA to your accounts, you can protect yourself from automated bots, phishing attacks and targeted attacks?

In short, MFA works to prevent malicious activity on your network, keeping your sensitive data safe and secure. We suggest you allow MFA everywhere it can be used and if you don’t have the capabilities perhaps it’s time to invest in a little extra digital security.

Tip #4: Regularly Backing Up Your Important Data

Your important data is important! Be sure to keep it safe on your devices so that it does not get lost, corrupted, or fall into the wrong hands. One of the best ways to keep your data safe is to regularly back up your important data.

There are many benefits to taking the time to back up your data, including:

• Ensuring you always have a backup in case of a disaster such as a cyberattack or breaking your device
• Freeing up storage space on your device
• Protecting your special moments from accidental corruption

Backing up files is easy to do! You can back up your data physically and/or digitally. To back up your files physically, you’ll need an external device such as a USB stick or an external hard drive. Once your files are backed up physically, you’ll want to ensure that you keep your external device stored in a safe location.

To back up your data digitally, you can use a reputable online cloud server. There are many great options to choose from! Some online cloud servers offer free storage up until a certain amount, while others have subscription fees.

Whether you decide to back up physically or digitally, choose what works best for you.

Tip #5: Protecting Your Small Business Against Phishing Attacks

No business is too small to become a victim of a phishing attack. More than half of email scams and phishing attempts target small businesses.

Phishing is a common method that hackers will use to steal valuable information from both individuals and organizations. Phishing scams are often disguised as messages from people and organizations that you trust, making them easier to fall victim to.

It’s important for small businesses to take steps to protect their private and important information. The following are simple tips for small businesses to follow:

• Only visit legitimate and trusted websites while working from a business computer or device used for business operations
• Verify that you are only providing personal and business information to trusted sources
• Always question why your personal information is required when asked for it
• Do not remove or disable any security safeguards on your business network and devices such as anti-virus software

Always

Stay Cyber Safe

Whether it’s Cyber Security Awareness Month or any other day, always keep cybersecurity practices in mind to keep your cyber safe. 

Cybersecurity Awareness Week 2: Phishing - Where, Why and How It Happens

October is Cyber Security Awareness Month (CSAM). The goal of CSAM is to help Canadians stay cyber-safe by equipping them with knowledge through the following four themes

• Week 1:  You Got Phished
• Week 2: Where, Why and How It Happens
• Week 3: Prevention
• Week 4: Putting It All Together

This week’s theme, “Where, Why and How It Happens”, focuses on what phishing is, where it happens, the motivation behind cyber threats and how it works.

What is Phishing?

Phishing is a common method that hackers will use to steal valuable information from individuals and organizations. Phishing scams are often disguised as messages from people and organizations that you trust, making them easier to fall victim to.

What are the different types of phishing?

Phishing can take on many different forms, as well as come from a variety of mediums including email, phone, online shopping, gaming, social media, and direct messages. The following is a quick overview of the most common types of phishing campaigns that cybercriminals use to steal your information.

Smishing

Smishing is a phishing attempt that occurs through text message (SMS) and involves a cybercriminal impersonating someone to steal information from you. In many cases, smishing messages contain a link they are trying to get you to click on.

To protect yourself against smishing attacks, always be cautious about the messages you receive from people you do not recognize. If you are unsure, try to verify the information and confirm if the identity they are taking on is legitimate. For example, if you receive a message claiming to be your school, call your school using the contact information available on their official website and verify whether the request is real or smishing.

Spear Phishing

Spear phishing is a message that is tailored to the target's potential line of work, interests, and/or personal characteristics. To do this, cybercriminals conduct research about their victims and use their findings to make their messages seem authentic. They then send these spear phishing attempts disguised as a credible source, with the subject being something relevant to their victims in hopes to increase the success rate of their attempts. When successful, victims hand over their personal information, such as a credit card number, to the cybercriminal.

Whaling

Whaling attacks are sophisticated messages that target high-profile victims who have the authority to issue large payments. Whaling attempts are designed to trick these victims into thinking they must make a payment to another organization, but in reality, the payment is directed to the pockets of the cybercriminal.

Phishing Trends

Now that you know the various types of phishing, it’s important to be aware of phishing trends so that you can spot any potential attempts.

Banking Scams

Cybercriminals will pose as your financial institution and send urgent, or too good to be true messages in hopes of their victims taking action. If you receive a phone call, email, or message that asks you to claim the money in exchange for verifying your credit card number or asking you to pay for outstanding banking fees, be wary and do not give over your information. Always verify with your banking institution by visiting in person, or calling the phone number listed on their official website to verify if the request is legitimate.

Romance Scams

There is plenty of phish in the sea! Looking for companionship online has been made easy with the help of dating websites and apps, but sometimes profiles are too good to be true. Romance scams happen often when a cybercriminal creates a fake profile with the goal of taking advantage of someone looking for romance.

To avoid becoming a victim of a romance scam, always be cautious about what information you share on dating websites and apps. Never give your personal information such as your SIN number, banking information, or even the answers to security questions such as your mother’s maiden name.

Event-Based Scams

Event-based scams happen when cyber criminals take advantage of events, such as a concert or sports games, to steal information and money from their victims. When it comes to phishing, cyber criminals will typically send out messages posing as event organizers and include a link. When the link is clicked, you are likely to be prompted to enter sensitive data such as a credit card number or credentials to your financial institution.

Spoofing is a tactic that is often used with event-based scams, which is when a cybercriminal will create a fake look-alike website or app to trick users into making fake purchases. Be sure to guard your personal information and always verify that the websites you are using to purchase event tickets are legitimate.

Malware and Ransomware

Malware is one of the most common ways people experience a cyber attack. Malware is software  specifically designed to interfere with, damage, or gain unauthorized access to a computer system. If your device is infected, it can cause freezing and crashing, poor performance, unwanted pop-ups, and toolbars, and even send out unwanted emails.

Malware presents itself in many forms, including viruses, worms, trojan horses, spyware and adware, and ransomware.

With a ransomware attack, access to your computer or electronic device is blocked until a ransom is paid to the cybercriminal. These common forms of malware are sometimes difficult to recognize. The following best practices can help you protect your computer system against malware:

• Install and use anti-virus software
• Avoid suspicious links and email attachments
• Download only from trusted sources
• Use a VPN on unsecured networks like public Wi-Fi

Beware of Social Engineering

A social engineering attack is a web user is tricked into doing something dangerous online. There are various types of social engineering attacks, with a prominent form of it being phishing.  Always think twice before you share your information online and take actionable steps to protect your devices against phishing, malware, and ransomware.

Stay Cyber Safe

Whether it’s Cyber Security Awareness Month or any other day, always keep cybersecurity practices in mind to keep your cyber safe. 

October is Cyber Security Awareness Month

 October is Cyber Security Awareness Month (CSAM). The goal of CSAM is to help Canadians stay cyber safe by equipping them with knowledge through the following four themes:  

• Week 1:  You Got Phished
• Week 2: Where, Why and How It Happens
• Week 3: Prevention
• Week 4: Putting It All Together

This week’s theme, “You Got Phished”, focuses on actionable steps to take to recover from a phishing attack.

Before we get started, it’s important to understand what Phishing is. Phishing is a common method that hackers will use to steal valuable information from individuals and organizations. Phishing scams are often disguised as messages from people and organizations that you trust, making them easier to fall victim to.

How to tell if you have been phished or hacked

The most evident sign that you have been phished or hacked is when you notice changes to your accounts. This might look like not being able to access your email accounts, noticing suspicious charges to your bank or credit card accounts, or even receiving notifications on social media from friends alerting you that your accounts have been compromised.

Before you notice these clear signs of unusual behaviour, there may also be notifications from your accounts alerting you of changes. For example, if a malicious actor is attempting to sign into your email account, you may receive notifications asking you to confirm that “you” are trying to sign in from a certain location. In some cases, these alerts may also come after a successful sign-in attempt from a malicious actor. Banks may also block purchases from being made on your card until you confirm whether the transaction is coming from you.

To help keep you safe from phishing, we’re sharing 4 easy tips, as well as what to do if you have been phished.

Tip #1: Change passwords and upgrade passwords to passphrases

Did you know that at least 65% of people reuse the same passwords across multiple sites? Although this makes remembering your credentials easier to do, this also makes your accounts vulnerable to cyberattacks.

By creating complex passphrases and unique passwords for each site you use, you instantly tighten up your security, making your accounts less attractive to hackers. Password managers such as Google Password Manager and LastPass can easily help you create complex passphrases and store them so that you never forget a password again.

Some best practices for creating complex passphrases include:

• Avoiding family, pet, company, and familiar names that can be easily guessed by others
• Using unique combinations of letters, numbers, symbols, and cases for each site you use
• Creating passwords with at least 4 words and 15 characters long

Tip #2: Enable anti-Malware and anti-virus software

Malware is one of the most common ways people experience a cyberattack. Did you know the majority of Canadians have had malware on their computer?  Malware is software specifically designed to interfere with, damage, or gain unauthorized access to a computer system. If your device is infected, it can cause freezing and crashing, poor performance, unwanted pop-ups, and toolbars, and even send out unwanted emails.

Malware presents itself in many forms, including viruses, worms, trojan horses, spyware and adware, and ransomware. These common forms of malware are sometimes difficult to recognize. The following best practices can help you protect your computer system against malware:

• Install and use anti-virus software
• Avoid suspicious links and email attachments
• Download only from trusted sources
• Use a VPN on unsecured networks like public Wi-Fi

Tip #3: Enable automatic software updates

Updating your programs and operating systems regularly ensures that you are benefiting from the latest security patches and bug fixes, making it harder for cybercriminals to exploit your data with malware. Keep your systems, programs, and applications updated. Most programs and operating systems do a great job at reminding their users when an update is available. Enabling automatic updates on your devices will help ensure that you don’t miss an update!

Tip #4: Back up your data

Backing up files is easy to do! You can back up your data physically and/or digitally. To back up your files physically, you’ll need an external device such as a USB stick or an external hard drive. Once your files are backed up physically, you’ll want to ensure that you keep your external device stored in a safe location.

To back up your data digitally, you can use a reputable online cloud server. There are many great options to choose from! Some online cloud servers offer free storage up to a certain amount, while others have subscription fees.

Whether you decide to back up physically or digitally, choose what works best for you.

Keep Others Safe and Report The Scam

If you have been targeted by a phishing scam in Canada, you can help keep others safe by reporting the scam. You can report the scam by contacting:

• Your local police: file a report about the phishing scam or fraud. Remember to get a report number for your reference.
• Regulatory bodies: if the scam involves someone from a regulated profession, regulatory bodies may have the ability to take disciplinary action to prevent further incidents.

Stay Cyber Safe

Whether it’s Cyber Security Awareness Month or any other day, always keep cybersecurity practices in mind to keep your cyber safe.