Threats are ever evolving, and keeping up with current threats can be difficult. Use caution for anything out of the ordinary and never provide confidential information via text, email, incoming call (by a person or automated call), or pop-up ad on your computer. If you receive a call or message from your bank that seems suspicious or unusual, hang up and call the phone number from your most recent bill or the back of your card.
With our increased dependence on electronic devices and the internet, below are just a few examples of threats criminals may attempt:
A new threat has emerged in the form of "ransomware". Malware is downloaded through email attachments that then encrypts the entire system (including any attached storage - this particular ransomware is CryptoLocker). The only way to decrypt the device is to pay a fee to the malware owner. Preventing the malware from loading is the key. Don't open any email with a .zip file as an attachment - even if you are familiar with the sender (the exception is if you confirm the sender actually sent the email!).
Cyber-criminals are putting a new twist on an old Phishing method. Beware of email alerts which advise you that a package is being shipped to you, especially when the email contains a link to a tracking number. Clicking through a link in a Phishing email can result in malware being downloaded to your PC which may then put your business at risk. Never click on links or open attachments from email senders that you are not familiar with or expecting an email from. If the email is from a known sender but appears unusual or is unexpected, call the sender to verify the validity of the email before you open it or click on any links.
A recent survey indicated that a large percentage of PCs with Java are not current with Java security patches or not running the most current version of Java. Java runs on millions of PCs and is often exploited by cyber criminals to infiltrate or attack your PC. To combat this vulnerability, as part of your overall security best practices, keep Java up to date and secure.
This is a common form of identity theft for personal and business customers. An account takeover occurs when a fraudster has an individual's information such as social security number, User ID and password, account number, and/or access to email accounts. Once the fraudster has access to this information, they can use it to pose as the customer and conduct unauthorized transactions.
There are many ways a criminal can obtain confidential information. Social Engineering is a contributing factor to these and many more scams and malicious exploitations. Fraudsters are using every avenue of communication in an attempt to have you divulge sensitive account information.
- Phishing uses fraudulent emails or pop-up messages to attempt to collect personal or account information.
These messages often have a sense of urgency that suggests dire consequences, such as an email from your 'bank' stating your account has been or will be frozen.
- Smishing is a variation of Phishing that uses a text message from an unknown number asking you to click a link to another site or call a phone number. They attempt to entice you into providing personal or account information. They also may attempt to infect your mobile device with malware.
- Vishing is another Phishing variation that uses the telephone in an attempt to get the user to provide personal or account information, often presenting themselves as legitimate businesses offering assistance to the user.