In support of National Cybersecurity Awareness Month, ILTA is sharing new and repurposed content to raise awareness about the importance of cybersecurity throughout October. With the holiday season approaching, we thought the following piece, written by ILTA Member Mike Ulrich, Director of Information Security, Fisher Phillips, was appropriate.
The Holidays are quickly approaching and with them, unfortunately, come increased attempts to steal your personal data. Experts have observed that fraud incidents rise by 50% during the months of October, November, and December. Fraudsters know that the general public will be inundated with emails from Amazon, FedEx, UPS, and other online stores confirming orders and shipments. Armed with this knowledge, attackers utilize multiple methods to trick you into providing your user credentials, credit card data, and other personal information. To help prevent you from falling victim to these attacks and avoid turning you into a Grinch this Holiday season, I’ve compiled the following Holiday Cyber Security Checklist to ensure that you’re prepared and aware.
1. Verify Your EmailsThe Problem:
Phishing emails are the primary, and most effective, method fraudsters use to steal your information. Attackers construct fake emails that look like they’re being sent from Amazon, FedEx, or other well-known companies to try to lure you into clicking on the link and entering your login information and/or credit card information.The Solution:
Verify the legitimacy of ALL the emails you receive. Phishing emails can be VERY convincing. Let’s take a look at an actual Amazon phishing email and identify all of the red flags.
Red Flag #1
– The sender’s email address is email@example.com. A real email from Amazon will come from “amazon.com”.Red Flag #2
– “Dear Client” - A legitimate email will reference you by name.Red Flag #3
– The easiest way to identify a phishing email is to hover over the link contained in the email. The link in this email looks like it will send you to Amazon but will actually send you to a fake Web site that looks like Amazon in order to trick you into entering your username and password.Additional Red Flags
– The email contains grammatical errors or misspellings, the email invokes a sense of urgency, or if the email contains a Word or PDF attachments.
Cyber Pro Tip: Go directly to the site you receive the email from instead of clicking on any links. For example, if you receive an email from Amazon or UPS that requires an action from you, go to amazon.com or ups.com.
2. Stay Off Public Wireless Networks The Problem:
Using public Wi-Fi is inherently less secure because you don’t know who set it up or who else is connecting to it. Additionally, attackers can set up their own wireless networks in public places to trick you into connecting your mobile device to them. Once connected, anything you send over the Internet such as login credentials and credit card data can be easily stolen.The Solution:
The best way to avoid security issues that arise from using public Wi-Fi is not to use it at all. However, if you do use it, limit the amount of private information you provide. Avoid online purchasing or logging into bank or credit card accounts while on public wireless networks.
Cyber Pro Tip: Use a personal VPN client such as IPVanish or NordVPN on your mobile device to encrypt and secure your data online. A Virtual Private Network (VPN) encrypts all data sent over the Internet from a mobile device making it near impossible to read. VPN products are typically monthly subscriptions and require client software to be installed on your personal mobile device.
3. Shop Only Known Web Sites
Unknown sites can be extremely risky and while some may be legitimate online stores they may have weak security controls in place to protect your data.The Solution:
As was the case with public Wi-Fi networks, the best way to avoid security issues that arise from using unknown sites is not to visit them at all. However, if you do use them, ensure that the Web browser software you use is updated to the latest version. Chrome, FireFox, and Internet Explore/Edge, will alert you if the site you’re visiting is not secure.
Cyber Pro Tip: Fraudsters can easily set up Web sites that look like legitimate online stores with the sole purpose of stealing your information. Additionally, attackers can insert and hide malicious content into seemingly benign Web sites for the purpose of distributing malware. Check the safety of any site by using Trend Micro’s Site Safety Center. Simply input the Web address of the site you want to visit and it will be analyzed and ranked based on several security parameters.
4. Monitor Your Bank and Credit Card Accounts The Problem:
Your credit card and/or banking information may already be compromised and being used by fraudsters. The Solution:
Monitor, monitor, monitor! Frequently check your accounts for any abnormal purchases. Additionally, ensure that you’re frequently changing your login credentials to online banking and credit card Web sites. It is best practice to change these passwords every 90 days.
Cyber Pro Tip: In addition to monitoring your bank and credit card accounts, verify the security of your identity. Due to the sheer number of Cyber breaches that have occurred in the past 10 years, it’s safe to assume that everyone’s personal information including date of birth and social security number has been compromised. To ensure that your information will not be used to steal your identity, it is strongly encouraged to freeze your lines of credit through Experian, Transunion, and Equifax. Implementing credit freezes will prevent fraudsters from using your information to open new lines of credit in your name.