We at Level 2 Designs would like to help keep you safe when handling communications in your business. To give you a heads-up, we are sending out this information security advisory to help you understand how to secure your information assets and practice safe security behavior. The last thing you want to do this year is use unsafe I.S. practices and leave your business vulnerable.
Here are some attacks to be aware of:
A. Identity Theft
A. Identity Theft:
Identity theft occurs when someone takes another individual’s personal information and uses it to commit fraud or other wrongful actions. Often, the victim’s accounts are used for monetary reasons such as taking out loans under his/her name.
How to Protect Yourself from Identity Theft
1. Use a cross cut shredder to shred your receipts, expired credit cards, and other items that may contain your personal information.
2. Do NOT share personal information about yourself with strangers or organizations that you are not familiar with. Even if you recognize the organization, pause and check to make sure that the organization is indeed who it says it is.
3. Avoid sharing too much personal information such as your driver’s license on social media.
4. Whenever you change your address, email address, or other contact information, make sure to update the corresponding information on your bank records.
5. Check your credit score and account information regularly.
6. Verify that your home wireless network is safe and secure.
7. When downloading software, make sure that the software is legitimate and comes from a reputable and authorized source.
8. Properly enable and use the security features that are installed on your mobile devices.
9. Whenever you are using a public Wi-fi connection, review the‘sharing and firewall settings’ and update it as needed.
Chances are that you’ve heard of phishing before, perhaps in a company email warning you to be careful about your personal information. Well, here’s another reminder. Phishing is a type of scam where the attacker poses as a reputable person or group in the attempt to obtain confidential personal information about you, such as photos, emails, medical details, customer ID, MPIN, credit/card debit card number, and more. Be careful not to interact with emails that you find suspicious or have not heard from previously.
a. Spear Phishing:
A more specific type of phishing attack is called spear fishing, in which the attacker focuses on a specific user or department in the target company. The attacker sends the message acting as a trusted professional from the target company or from a known service provider. Using the established trust, the scammer asks for usernames and other information in order to access secured networks. The scammer often parades as someone from the target company’s human resources team or information technology team. That is why it is important for companies to distribute information about information security practices. Another common form of spear phishing is where the message will ask the target to click on a link, enabling a spyware that can steal information. The subject line of the email can be customized or personalized to make the message seem more credible.
How to Protect Yourself from Phishing
1. Do NOT click on any links from emails you find suspicious or untrustworthy. You can hover your mouse over a link to check if the domain is valid. If you find unexpected attachments or instant message download links in the email, refrain from opening them.
2. Always check that the web address you are using is authentic and correct before logging in or doing further actions.Again, you can hover your mouse over the link to check if the domain is valid.
3. Do NOT send out confidential information through email, even if the request comes from a reputable source such as Visa or a tax firm.
4. Make sure that your computer and mobile phones are protected with the latest anti-virus and OS security patches.
5. Verify the identity of the website by checking that the url address starts with “https://” and contains the Padlock icon at the top or bottom right corner of the webpage. It should say that it is ‘On’.
6. Do NOT access your banking accounts via the Internet or make payments using your credit/debit card from computers in public places. Also avoid accessing your accounts through unprotected mobile phones, free/open hotspots, insecure wireless networks, and at airports.
Another location where you have to be careful with your personal information is at ATMs. Thieves can try to steal your information by what is called a skimming attack. In some ways, this attack is similar to identity theft but for debit and credit cards. The scammers use special technology to secretly steal the information you have stored on your card. They can record your pin number and use it access the money in your account.
How to Protect Yourself from Skimming
1. Memorize your PIN. Do not write it down somewhere or store it with your card(s).
2. Do NOT tell other people your PIN; keep it a secret.
3. Stand close to the ATM or card processor when entering your pin. Shield the key pad with your other hand as you input your numbers.
4. Check that the other people in line are not too close to where you are standing.
5. If you notice anything that doesn’t look right with the ATM or see that the key pad is not securely attached, do not use the machine and instead notify someone working at the bank.
6. Do NOT use the machine if there is something suspicious attached to the key pad or on the card slot. If you were in the middle of a transaction, cancel it and let the bank know. Do not try to remove any devices that seem out of place.
7. Be cautious if strangers offer to help you with any issues while using the ATM. If your card is stuck or you’re having problems, contact the bank.
8. Do NOT let anyone distract you while you use the ATM.
9. Check your bank account and statements regularly to see if anything doesn’t seem right. If you notice any problem, contact your bank as soon as possible.
Smishing works pretty much the same as phishing. It is short for SMS phishing, and describes a security attack where Short Message Service (SMS) systems are used to trick people to reveal personal information about themselves. It can lead the victim into downloading malicious content via mobile devices or visiting fraudulent websites.
How to Protect Yourself from Smishing
1. Do NOT reply to text messages that request you to give out personal financial information.
2. If the content of the message seems credible and you have associated with the company before, call the company from a number you trust to verify that the request is legitimate.
3. If the number is unknown and it demands a quick reply, do not answer the message.
4. Do NOT call back an unknown phone number that was associated with a text message asking for information.
5. If the unknown message contains links, do not click on the links or respond to the text message.
6. Look into the phone number before deciding to respond to a mess There are various websites out there that can allow people to do searches on a phone number. Check if there is any reliable information about the legitimacy of the number.
7. Be careful of phone numbers that contain the number “5000” or any number that is not a phone number. Scammers can use this method to hide their identities to make it difficult to track them.
8. If the message states that you won an award such as saying “Dear user, congratulations, you have won…,” then do not respond. This is an obvious attempt at smishing.
9. Be aware of your bank’s security policies so that you properly understand how they protect your personal information and the money associated with your bank account.
Another common scam is called voice fishing, or “vishing”. With this method, the attacker calls your phone in an attempt to trick you into giving your personal information such as an ATM pin or cvv number. They may tell you that your bank account is compromised, so you need to reset your password. Do not respond to such a call.
How to Protect Yourself from Vishing
1. Never share any personal information such as your ID number over the phone.
2. If a phone call, voicemail, email, or text message asks you to make a payment, log in to an online account, or offers you a deal, exercise caution. Credible banks do not email clients asking for their passwords or any other personal information by requesting they click a link or visit a website.
3. Do NOT assume that whoever is sending you an unknown message is who they say they are.
4. If an email appears suspicious, find the official website or customer support number for the company in question by using a separate browser and search engine. Do not follow links provided in suspicious emails nor call the numbers provided.
5. Check that you have your spam filters enabled for your emails. If you receive a suspicious email, mark it as spam and delete it. This will keep similar emails from appearing in your inbox.
As we move further into the year, you can continue taking steps to protect your business and yourself from malicious attacks. Information security doesn’t have to be complicated.
Level 2 Designs
Taking your business to the next level.