N/A

Protect Yourself 

From Cyber Crooks

Who Want to Steal Your Data

Despite firewalls and other security gizmos that protect our networks and devices, we are still very exposed.

Crooks and other bad guys know that the easiest way to break in to your system is to trick people into ‘opening the door.’

 

Cyber phishing doesn’t rely on security flaws in your operating systems or exploiting weaknesses in digital infrastructure. A phishing scam targets the most unstable and unpredictable elements in the layers of defenses -- people.The Hacker wants to trick the Target into doing what the Hacker wants:

  • Click a link
  • Log into a website
  • Open an Attachment
  • Grant access to your social media account
  • Grant access to your email or other dat

The Hacker’s technique may be sophisticated or laughable. But the goal is the same. To steal valuable information on you and others.

 

 Here are 8 Tips to protect your data and your identity.

 

Tip #1: Beware of Links, Attachments, and Suspicious Emails

 

email phishing iStock-468701250.jpg

By now, you have probably heard many warnings to be wary of suspicious e-mails. But what specifically should you look for?

One of the most common methods of spreading malicious software (aka, malware) is through e-mail attachments.


Before opening an e-mail attachment, you should always pause and scrutinize the attachment. Questions to ask yourself include:•    Do I know the person who sent the attachment?

  • Am I expecting this attachment?
  • Does the body text of the e-mail appear legitimate?
  • Are there typos, grammatical errors, vague or suspicious wording?

Tip #2: Un-hide File Extensions and Inspect File Extensions

 

Often you can spot malicious email from the file extensions. 

File extensions are the right-most segment of the file name (.exe, .pdf, .docx, .xlsx, .exe, .txt), etc.

If your system is set to hide file extensions, you may see an attachment that looks safe, such as helpfultip.pdf

However, when you un-hide the file extension, you will see that the actual file name is helpfultip.pdf.exe

Ouch! If you click on that .exe attachment, you just opened the door to the Hacker.

First step, un-hide file extensions. File extensions are hidden by default.

For instructions to un-hide, see

https://support.microsoft.com/en-us/kb/865219

Second Step, inspect the file extension.

.exe, .com, .zip file extensions

These are the most dangerous file extensions are .exe, .com, .zip

These are programs, ready to run upon clicking. Before opening files with these extensions be very, very certain that the attachment is a file you expect and is legit.

.pdf file extensions (Adobe PDF)

 

Historically, PDF files were usually safe. This is no longer the case. When in doubt, do not open a PDF unless you know and trust the sender and have verified the e-mail source.

Reminder: Bad guys can spoof the name of a trusted sender. To verify the sender, see the ‘Hover and Observe’ tip below or verify the e-mail with your IT department.)

 

.xls, .xlsx (Excel), .doc, .docx (Word) file extensions.

It is common to share Excel and Word files. However, these  too may contain macros (programs) that do damage. If in doubt, do not open these types of documents unless you have verified with your IT department or the sender. 

In summary, before you click on an e-mail or a link, stop and take precautions to verify its authenticity and safety. When in doubt, delete the e-mail message without opening the attachment.


Tip #3: Beware of Look-Alike Logos and Website Names

PaeyPal and Levis.jpg

Attachments aren’t the only dangers lurking in your Inbox. A cleverly disguised e-mail may contain links to malicious websites. Hackers can take advantage of a company’s or brand’s good reputation to direct you to malicious websites. The goal is to trick you into divulging information such as your username, password, or account details. The malicious web site could also request access to your contacts, local resources, or social media accounts.Some of the warning signs of a spoofed e-mail are incorrect grammar in the body text of a message. Such as

We need to hav yur username and password.”

The message may not always be as obvious as the example above.However, you often can determine if the sender is fluent in your language.

A call to action that is overly aggressive or designed to induce knee-jerk reaction, such as

“Your password has been compromised. Click here to change your password immediately.”

If you believe there is good reason to change your password or take another action that the e-mail recommends, log onto the site directly, not from the link in the e-mail.
 
Style or branding that is not consistent with a company’s official website. A quick check of the format and wording of the message you received against the home page of the “sender” could reveal your hacker as a phony.

 

Tip #4: Hover and Observe

 

One relatively simple way to protect yourself against spoofed e-mails is to hover over any links or logos to see the underlying web address.
 
Hovering will reveal the actual web address you will be sent to if you click on the link. Hackers have gotten very creative in coming up with addresses that appear legitimate, but there will usually be something that is slightly off.
Watch out for these red flags in web addresses:

Beware of look-alikes such as www.verizon.co or www.unitedairlines.ru in an e-mail that is supposedly coming from a U.S. sender.

Beware if the company name in the wrong part of a web address.

Bogus:  paypal.support.com  
 
Legit:    support.paypal.com 
             paypal.com/support

In a legit email, the company name apears to the left of the first slash; or, if no slashes,  in the rightmost characters before suffix. The bogus email above has 'paypal' on the far left.


For more details on how to read and detect suspicious links, here is an excellent resource.

http://www.bustspammers.com/phishing_links.html

 

Tip #5: Beware the Offer You Can’t Refuse

 

Everything we do online—our Google searches, the posts we like, the items we look at on Amazon and then don’t buy—leaves digital breadcrumbs. These breadcrumbs can be used to tailor messages that are reasonably likely to appeal to specific individuals.


In a Hacker’s hands, this information is like kryptonite. Your pattern is your weakness. The goal of a Hackers is to offer rewards that are so appealing to their targets that they distract you from the risks.

When faced with an e-mail offer that appears too good to be true, ask yourself these questions.

  • Did I solicit the email?
  • Do I know the sender?
  • Does the email of the sender contain meaningless numbers and letters?
  • What does Google say? Copy and paste a portion of the suspicious message into the Google search bar. If the a hacker is targetting you, there is a good probability they are targetting others too. While a negative search result doesn’t rule out the possibility of it being malicious, a positive result will alert you.

Tip #6: Install Email Filtering Software


Email filtering software can remove 95% or more of bogus emails before they reach your inbox. The filtering software uses many techniques to scan and detect suspicious email. However, even if filtering software removes 95% of 10,000 bogus emails a day. That means 500 pass through to unwary users.

MBSG IT experts recommend email filtering at all of our clients.

 

Tip #7: Reduce your rights to your local machine. Take away Administrator rights.

 

For some of the malicious links that Crooks tempt you to click on, you need administrative rights to actually run the programs that do damage.

If you have removed your administrative rights, you limit certain types of damages.

In our IT consulting practice, we routinely recommend removing local admin rights for most users, for daily operations.

Even if you are the owner or the boss, it is good practice to use a login ID without administrator rights, for day-to-day use.

For more information including how to remove local admin rights, visit http://www.mbsg.net/blog/220-take-away-your-own-rights

 

SUMMARY

 

Cyber phishing is part of modern life. The reason for this digital pandemic is simple. Phishing scams work.

IT departments can provide some layers of electronic protection. However, people are still the weakest link. To stay secure, each of us must maintain our defenses by being cautious and aware.