Share these 5 cybersecurity awareness tips
Valentine’s Day isn’t just a day for romance. It’s a time of year that cyber criminals and scammers launch attacks using everything from phishing, vishing, SMiShing to fake websites and social engineering or impersonations.
For example, last year’s Valentine scam was driven by the Necurs botnet that sent millions of spam emails as part of a plan to defraud vulnerable recipients. And with all the last-minute gift purchases there’s no better time for fake websites to surface and hook people using phishing scams or online ads and steal their identities.
While there are many exceptions, collectively the younger generation and senior citizens are highly vulnerable group. Younger generations can suffer from “technology as a habit.” That human condition where individuals respond to today’s world of immediacy by being on auto-pilot in their technology engagement. People click on links in emails and texts – never pausing to think about the communication and whether it makes sense and is legitimate. Today’s youth are typically very tech savvy and know their way around a computer and mobile device. But remember – just because someone is tech savvy, that doesn’t mean he or she is security savvy.
Senior citizens have been slower to adopt technology and are likely to have weaker passwords and not engage two-factor authentication. They also may not pay as much attention to alerts and warnings with the technology sector. And depending on their personal situation, they may suffer from loneliness, making them a prime target during the holidays.
You can help your loved ones protect themselves and their personal information from social engineering attacks and other cyber scams by sharing your security awareness knowledge with them. Here are five best practices to start with, whether you’re a senior citizen, child or an experienced technologist (since we all need a periodic reminder).
1. Beware of phishing attempts
Valentine’s Day, and other holidays, are perfect opportunities for bad actors to deploy new and highly convincing phishing campaigns. The goal is to trick email recipients into any number of actions, ranging from the traditional phishing action of “click this link,” which results in a malware installation on your machine, to asking you to share more personal information for the purpose of extortion.
Remind your loved ones of these email best practices:
- If you don’t know who sent you the email, don’t open it. If you do know where the email came from, but it seems a little strange, exercise caution. Ask yourself a few questions: do I typically communicate with this person via email? If so, would he email me at this time of day? And if you’re still in doubt – call him!
- Don’t click on links in unsolicited emails. Period.
- Never reveal confidential information in an email.
- If a deal sounds too good to be true, it probably is.
2. Don’t be duped by phishing’s cousins, vishing and SMiShing
Other social engineering methods to get you to give up personal information, call or contact an organization or person via phone, or install malware by clicking a link or opening a file come at you via text message (SMiShing), phone (vishing), or social media platforms that have been compromised. These fraudulent communications can appear to be coming from the government (IRS, Census Bureau or law enforcement), or from someone you know whose account has been compromised. A successful vishing campaign that senior citizens should be aware of is a phone call from a grandchild asking for money.
The guidance above holds true if you receive unusual communications via text, phone or social media.
3. Remember the National Cyber Security Alliance tag line: STOP, THINK, CONNECT™
Slow down. Don’t get caught in the immediacy of technology. Break the technology habit and stop blindly trusting everything. Stop and think about what you’re about to click on. Ask yourself if it’s legitimate and expected. Check to make sure it’s secured.
4. If you’re shopping online for a last-minute gift here are a few key things to remember
- Validate the site is legitimate. If you’re shopping at a new site you’ve never been on before, it’s worth checking its legitimacy. You can do this using a few methods:
- Check the URL paying close attention to domains and subdomains and ensuring it begins with “https://.” The “s” indicates an encrypted communication between you (your browser) and the website. A closed padlock also indicates a secure transaction.
- Dig in and find the details of the certificate.
- Watch for seals of approval from third parties such as security vendors.
- Identity fraud is growing. According to a study released last year from Javelin Strategy and Research, identity thieves stole $16.8 billion from U.S. consumers during 2017. The study also showed online shopping fraud (card not present fraud) is 81 percent more likely than point of sale fraud as the use of chip cards and EMV® (Europay, Mastercard and Visa) payment grew in the U.S.
- Use multi-factor authentication wherever you can when shopping online. Many online stores will ask you to create an account with them as you check out. If you do (rather than check out as a guest), make sure the password you create is strong. Better still, use multi-factor authentication if it’s offered. And even though you’re encouraged to save your payment information on the site, the convenience of doing so may not be worth the risk if you’re not a frequent shopper of the site.
5. Don’t use public Wi-Fi
You may be tempted to use open Wi-Fi networks to shop online. Whether it’s online impulse shopping or simply using in-store Wi-Fi to save time, don’t trust your address, credit card information and anything else personal to public Wi-Fi.
Whether you’re responsible for protecting your business or your loved ones, security awareness training can reduce the risk of a cyber attack.
You can learn more about setting up a security awareness program and educate your staff and loved ones on cyber security best practices. Download this infographic about the Security Awareness 5 Steps Framework.