Tag: ransomware

bots, cybersecurity, Malware, Phishing, ransomware, Technology

Don’t Click The Link!

Doris_O_Wong_Associates_Professional_Court_Reporters

by Linda Fifield

STARtech21 opened with “The Basics of Cybercrime and Cybersecurity” by Shoba Pillay, Partner, Jenner & Block. I was riveted the moment Attorney Pillay started speaking. The bad guys are out there. We need to know what to look out for and what tools we need to protect ourselves from becoming a victim.

We’ve all read about the security breaches with Equifax, Yahoo, Marriott, healthcare systems, schools, federal agencies, and the like. What are these cybercriminals looking for? How does this impact the individual, companies, or government agencies? By what means are these companies getting hacked?

The Equifax breach occurred between May through July 2017.  They discovered the breach and reported it in September 2017. Roughly 143 million people were affected.  The hackers grabbed credit information that consisted of names, addresses, DOB, social security numbers, driver’s license numbers, and credit card information. How could this possibly happen? The hackers knew of a vulnerability in the software that Equifax and other companies were using.  Equifax’s delay in updating the software allowed the hackers in.

We, ourselves, are open to phishing, malware, and bots every day we open our email or surf the net.  Phishing emails are sent from “trusted” companies hoping we’ll react to a link. A common hack is an email from a trusted vendor like Amazon thanking you for purchasing an item for $50 or UPS asking you to track a package. When you didn’t order anything or if you did, their hope is that you’ll click on a link to investigate the purchase.  Best case scenario, DON’T click on the provided link. Go straight to the vendor website and check your information from there.

Malware is a file that is downloaded onto your computer or smart device via a link or opening of an attachment. It can take over and infect your computer and network. A type of malware we’re all too familiar with is Ransomware.  Hackers are relying on one employee within a business to click on a bad link that puts a company network up for ransom.  You pay them back in untraceable Bitcoin, and they release your data.  Hospitals, schools, and government agencies are often victims of this type of malware. What precautions should you take? Have offsite redundant backups of your server. If you get hacked, chances are that you can restore an old backup. You might have lost some current data, but you aren’t victim to being locked out of your computer and/or paying the ransom.

Bots a/k/a web robots are considered the most dangerous threat on the Internet. Bots take over multiple computers and smart devices, often without your knowledge, to create a large network of computers to deliver spam, steal passwords, bring down networks, etc. Oftentimes you don’t even know that you’re infected. They use the network of computers to carry out distributed denial of service (DDoS) attacks. The worst can actually take down websites. One of the most notable cases involved Elon Musk’s Tesla. Make sure you only go to trusted sites and always keep your antivirus software updated.

The deep web is an “invisible” web that people who don’t want their activities tracked by traditional search engines visit.  One small part of deep web is the dark web. The dark web is primarily used for illegal activities:  illegal drug sales, murder and maiming for hire, hacking software for sale, sale of stolen credit cards and passports, child pornography, and peddlers. These sites are often monitored by federal agencies, but it’s still scary knowing that something so sinister is out there. Pretty disturbing.

Technology and the WWW is a wonderful thing.  Without it, we wouldn’t be able to provide the services as a court reporter to the legal community. It allows us to provide realtime, conduct depositions over Zoom, and create backups in the Cloud.  Unfortunately, there are those individuals who abuse the technology for financial gains, the stealing of intellectual property, and black market sales.

Best advice of the day:  Keep your software updated, keep regular backups, install good antivirus/malware software, don’t share personal information, don’t search nefarious sites, and Don’t Click the Link!!

Published in the STARdotSTAR Summer edition.

Malware, Technology, Uncategorized

Phishing, Smishing and Vishing – Hackers are lurking

Doris_O_Wong_Associates_Professional_Court_Reporters

If you work online, you can get hacked.  No doubt about it.  If you’re not concerned, you should be.

Dan Bistany of BreezeIT is an IT guru who understands data security and working online and in the cloud.  With major data breaches at Yahoo and Equifax in 2017, with over 145.5 million customers affected, it was time to learn about how we can protect ourselves from ourselves and hackers.

First of all, how many email accounts do you have?  How many of you don’t delete unread emails?  Do you bank online? If so, how many bank accounts do you access?  How many of you shop online and use your credit card?  How many of you store your credit card with services like Netflix and Amazon? These are all opportunities for hackers to get your information.  With each email address, each login, each stored credit card site, you have increased your exposure exponentially.

So what is Phishing? Phishing is a suspicious email purporting to be sent by a reputable company requesting action.  Oftentimes, they’ll attach a link asking you to reveal or verify your personal information, credit card number, password, etc.

There are ways to verify a trusted vs. an untrusted email.

  1. Look at the email address of the sender to see if it’s legit
  2. Generic greeting instead of your name is key
  3. It’s asking to verify an account you might not even have
  4. Grammatical errors
  5. The email asking you to verify your email address
  6. Hover over the hyperlink in the email. Don’t click on it.  The hyperlink is very telling.  A bad link can redirect you to an untrustworthy site.
  7. If you question the email, call the source. Don’t call the number on the email.

Smishing, a/k/a SMS phishing, is conducted over your smart devices via short messaging service (SMS); i.e., texting and emails.  Click on the wrong link or attachment, and you can easily download a Trojan horse, malware, or virus.Smishing

How can you protect yourself?

  1. Don’t buy into urgent offers that need you to act immediately
  2. The IRS, credit card, or financial institution will never contact you via texting or emails.
  3. Check to see who is actually sending you info.
  4. Never store credit card or banking information on your smartphone.

The scary part about smishing is that we all use our devices to conduct business.  It’s unusual for us to have a work phone and a personal phone.  That being said, it’s much easier for hackers to infiltrate you and your company’s information.

Ever get a phone call from the IRS saying you owe $1,000 and if you don’t pay up you’ll be arrested? This is Vishing, scams over the phone.  Never give out any personal information over the phone. If they ask you to verify your email address, make them state your email address first.  Then verify.

Vishing

Being proactive and downloading virus protection and malware software is a great way to start.  However, it may not be enough.  Some things that Dan recommended are:

  • Multi-factor authentication
  • Encrypt your hard drive. Windows 10 has Bitlocker which is free to use and helps protect information if stolen.  Locking your device with a password isn’t enough.  NOTE:  You cannot encrypt your HD and do realtime.
  • Security and awareness training

He also said:  Make a Plan.  If you ever get hacked, your first call should be to your lawyer.  There might be regulatory or security issues with the data breach. Call your IT administrator.  They would understand the forensics of the data breach.  Notify all affected parties of the breach.

Lastly, you might want to get cyber liability insurance.

Ransomware is a growing concern.  It’s a virus that blocks access to your computer and/or threatens to publish your personal data until a ransom is paid.  To pay off the hacker, Bitcoin is the currency to get you out of the jam because it can’t be traced. Hackers are getting very sophisticated.

Lastly, let’s talk about passwords.  How do you remember them?  Are they written on a slip of paper?  Excel spreadsheet?  In your contacts folder?  Again, this is another opportunity for hackers to get your information.  Dan suggested you find a good password manager like Dashlane or  1Password.  Let the App generate and store the passwords for you. Make sure you have a strong password to open the App, and just don’t forget it.  Next, sign up for two-factor authentication.  It’s a two-step verification tool that makes it more difficult for hackers to get into your accounts.  Apple and Google are two vendors of many who have this feature.  It may be a pain for you, but at the same time you’re limiting your exposure.  A little inconvenience can go a long way.

Being connected gives you access to a world of information.  It also gives hackers access to you.  Embrace the good and the bad that this digital age has to offer.  Be proactive and diligent in keeping your personal information safe.