Versions Compared

Old Version 25

changes.mady.by.user Paul Guarino

Saved on

compared with

New Version Current

changes.mady.by.user Paul Guarino

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Observed every October, the annual Cybersecurity Awareness Month is committed to encouraging personal accountability, secure behaviors, and maintaining digital privacy in the cybersecurity landscape. This initiative was created as a joint effort between government and industry, providing resources to stay safe and secure online. 

This October we are focusing on good security habits.


Thank you. We hope you had some fun while learning something new about cybersecurity and ways to stay secure.

Some parting tips on being safe online, pausing before clicking, and being thoughtful about cybersecurity.


...

Human Error vs Sound Judgment? 

...


Slow down and pause before you act. Human Error has been identified as the leading reason for most security incidents. Watch this Mimecast sketch and see where Human Error should be replaced with Sound Judgment. After watching, see if you can reduce Human Error in your day-to-day activities. 


Image Added



A last lesson from the 1950s about being "thoughtful". What does that mean? Well, watch this video and find out why from “Billy” (StaySafeOnline.org


Image Added
 









Some key points to remember:


Use sound judgment and avoid human errors. Slow down and pause before clicking. Updating to the latest security software, web browser, and operating systems. Understand at least the basic security settings for all your apps and devices. (Mimecast Human Error vs Sound Judgment)


Be aware of Deepfakes and always verify using separate channels, such as using known contact information or official websites. (Deepfake AI)


Create strong, unique passphrases, and do not Re-Use those passwords. Change default passwords for all your devices. (Magic passwords - The Secret)


Be aware and on the lookout for phishy things. (Phishing It Wasn't Me)


DO Know your data. Use added caution to protect data that is sensitive, whether it on paper or digital.

  • Pay attention to opening email links or attachments. Make sure it was something you expected, and you know who sent it. 
  • Be careful not to provide/give away sensitive data. Don't be fooled. Always confirm who you are sending the data to, and it is someone who should be receiving the sensitive data.

  • Avoid using weak passwords or storing passwords in unreliable places; Such as plain text (word, excel, email, phone, google) or even on sticky notes on the office desk or around the house. 

  • Use Multifactor for all services that you have access to. (i.e. bank login, personal email, social media, personal cloud storage, etc.)
  • Encrypt sensitive data whenever possible. Understand how to encrypt or protect sensitive data.
  • Back up and secure important data.


Want to see if you can spot a phish?

Visit the google phishing quiz site.
https://phishingquiz.withgoogle.com/

   



...

Phishing - From AI Deepfakes to Social Media to QR Code

...

We saw last week that evolving AI has made scams even harder to detect and scammers are always looking for new ways to get your personal information, access to your online accounts, and money

Phishing - It Wasn't Me? 

Even when it is not October (Halloween) buy guys try to get you to fall for their tricks. They may not be wearing a costume but they are pretending to be something they aren't. Sometimes they pretend to be your bank or even a member of Suffolk. Sending you a request through email, social media, or even text message. This week we are sticking with Phishing since it is always prevalent and will take another look a AI scams called deepfakes and then a look a some other common phishing attempts such as QR codes and how to report them when they come through email.


Image Added

(WISH-TV plays on YouTube may have Ads)


Deepfake TIP on how to detect this type of scam

Deepfake scams use artificial intelligence (AI) to create hyper-realistic fake videos, images, and audio that can convincingly impersonate a person.

To spot a deepfake, 

  • look for visual and audio inconsistencies,
  • common scam tactics,
  • and always verify unexpected requests through a separate channel. 


Below are some great older Check out this video with a twist on Shaggy's song "It wasn't me"  


If you don't take the time to confirm a request is legitimate you could be giving away your information or money to a scammer.


Image Added

(Emirates NBD 2019)

View file
namePhishing -It Wasnt Me .mp4
height250

The bad guys, scammers, use a variety of ever-changing stories to lure you in:

Promise free prizes, gift cards, or coupons
Promise to help you pay off your student loans
Send fake messages that say they have some information about your account or a transaction. 
Say they’ve noticed some suspicious activity on your account
Claim there’s a problem with your payment information
Send a fake invoice and tell you to contact them if you didn’t authorize the purchase
Send a fake package delivery notification

They may even be so bold as to ask you to give some personal information — like how much money you make, how much you owe, or your bank account, credit card, or Social Security number — to claim your gift or pursue the offer.

Some phishing attempts send links that may take you to a spoofed website that looks real but isn’t. If you log in, the scammers can then steal your user name and password.

Some recent examples have been seen here at the University. 

A phishing message that appears to be from someone you know (email or text): "I am on vacation and need your help", "I am out of the office and need your help"

Then they follow-up saying it is urgent:  "Are you available?", "Text/Call this number", "Click this link". 

What comes next is a call to action: "Can you purchase gift cards, I will pay you back", "I will send you a check, you send me the difference and keep the rest", "log in to this site to restore your access"

This is when you will have to decide if you are going to just do what they ask or take a CLOSER LOOK. Will you give away your personal information? Will you purchase a gift card? What should you do... Pause and if it appears phishy it probably is. Just delete the message. If in doubt forward to the Service Desk.  If it is someone from Suffolk or another business that you know and you think it is real. Use their official contact information to reach back to them. If the message came in through text, send them an email or pick up the phone and call their official number from their official website. 

Want to see if you can spot a phish?

Visit the google phishing quiz site.
https://phishingquiz.withgoogle.com/

Human Error vs. Sound Judgment 

The leading security issue, Human Error. Cybercriminals rely on human error and are always looking at new and creative ways to leverage it to make money.  From using social media posts, text messages, emails to phone calls.

Watch this Mimecast sketch and see where Human Error should be replaced with Sound Judgment. After watching see if you can reduce Human Error with your day-to-day online activities.

View file
nameMimecast-Human-Error-vs-Sound-Judgment.mp4
height250

Some SIMPLE TIPS to prevent Human Error.

  • Strong Unique Passwords. Most people use weak passwords and then re-use passwords for multiple accounts. The bad guys know this. Create a strong memorable password unique for each account and protect yourself. Visit  Strong Password to learn more about how to create a strong memorable password hard for others to guess. Then make sure to NEVER share your password.
  • Think before you act. Be wary of communications that implore you to act immediately. Many phishing emails attempt to create a sense of urgency, causing the recipient to fear their account or information is in jeopardy. If you receive a suspicious email that appears to be from someone you know, reach out to that person directly on a separate secure platform. If the email comes from an organization but still looks “phishy,” reach out to them via customer service to verify the communication. If in doubt don't click just delete the message.
  • Make sure you update your software and apps. On your smartphone and computers make sure you keep the Operating System (OS) up-to-date and keep your phone apps and/or computer applications up-to-date. Remove apps you no longer use. Additionally, your computers, always make sure you have Antivirus software running and up-to-date.

Want to see if you can spot a phish?

 


Scammers also use are public places to take your personal information and money such as using Fake QR Codes.

Why? Most people are not aware of the risk in QR codes in public places and trust it is associated with that public service. Places like parking meters, parking garages, and even restaurants.

Always verify a QR code before providing any sensitive information when using one. Watch this video from ABC7 Chicago on Fake QR Code TIPS,


Image Added

(ABC7Chicago plays directly on ABC7 Chicago - may have Ad)


Bottom line for any request is to verify,

 If you don't recognize the sender or the message,

  • QR - Don't scan the code. 
  • SMS/Text Message - Don't open the link
  • Phone Call - Hang up

Confirm The Source

If you receive a Text Message, Phone Call or QR code from a company you know and trust you should contact them directly to confirm its legitimacy before scanning. For physical QR codes you should check for stickers pasted over a public display.

Spot the phish.

Just like email phishing attempts with be wary of any request via phone, text or QR codes that create a sense of urgency, appeal to your emotions, or have poor grammar.  

Review QR code URLs carefully Make sure the URL matches the website you expect to visit before scanning. 

Watch out for personal info requests

Don't give out sensitive information, such as login credentials or credit card numbers, to a website you reached through a Email, Text Message or QR code without verify it is legitimate. 


Want to see if you can spot a phish?

Visit the google phishing quiz site.
https://phishingquiz.withgoogle.com/

Before you Delete a Phishing Email Message, please Report it using the Report Phishing button in Outlook

How to Report Phishing 

Suffolk email filters remove most malicious emails but some get through. This is where we need your help to spot phishing and report it.

What you can do when you know or think an email is phishing is to please report the message in Outlook. Reporting a message as phishing updates our filtering and can potentially protect other users' inboxes from the same or similar message.

To report phishing in Outlook online and desktop Outlook on Windows and Mac. 


Image Added

Select the email you want to report as phishing,
then click the Report button in your toolbar,
then select Report phishing.
(You can find the toolbar directly above your inbox which includes commonly used actions like deleting or marking items as read. See the image below)


Can’t find the report button? Depending on your toolbar’s layout, Report may be hidden under a three-dots menu or dropdown menu. Also note you can customize your toolbar to rearrange your toolbar buttons to make it easier in the future to find.

If you are using Outlook mobile app, tap the three-dots menu at the top of the message. In the dropdown menu, tap “Report” then select “Report Phishing"

What’s the difference between junk and phishing and what happens when I report it?

If you have this question, you’re not alone.

“Junk” is another email word for spam or unsolicited unwanted email. Phishing, on the other hand, is a malicious email meant to steal or trick you into sharing credentials, personal information, installing malicious software, or taking your money.

 When you “Report Junk” the message is moved to your Junk Email folder. You still have access to the email and future similar emails are routed to your Junk Email folder.

 When you “Report Phishing” Outlook deletes the message from your inbox and it is reported to our Office 365 environment for tuning our filtering potentially new similar bad messages.




...

Phishing and Scams Using AI (Artificial Intelligence)

...


This week we look at how AI is being used to scam you. Phishing doesn't just happen through email, it can be over Text, Phone and even social media. With the evolving AI scammers are making it harder for you to detect these scams. Watch this NBC news video (2022) and see how easy it is to clone someone's voice of a family member, a friend, a co-worker, or even your boss. Pay attention to the things that you can do before you get scammed out of your money or personal information.

   

Image Added

(NBC News AI Voice Clone Scam - plays on YouTube may have Ad)


Tips to prevent being scammed by AI phishing:  


DO

  • Pay attention - Be skeptical of any request for money or personal information. With AI anyone's voice can be mimicked easily. 
  • Confirm. Do not be fooled. Stop and Verify. Always confirm by calling the person back on a known number. 
  • Safe word - Pause for a second and ask a personal question that person would know. What did you have for dinner? Or something that happened the last time you saw them. For family members it could be setting up a secret word or phrase they can use when in distress.

Now for the DON'Ts

  • Do not trust caller id number it can be spoofed. This is true for Text messages, Phone calls. 
  • Do not trust any request for money, gift cards or personal information.
  • Do not be rushed or feel pressured. If you do it is likely a scam.


Phishing Scams that come over text can look like this using AI to create better sounding text messages. Do not be fooled.


Image Added


Some tips on AI Text Scams

Urgent or Threatening Requests: Be skeptical, scammers use urgency to pressure you into giving personal information, buying gift cards, or even sending money.
Unsolicited Requests: Legitimate organizations do not request sensitive information via text messages. Such as unexpected job offers, internships, fines to be paid, or requesting credentials for user accounts.
Suspicious Links: Just as we saw with QR codes, refrain from clicking on links within text messages unless you have confirmed the link is legitimate. Instead, visit the website directly and log in from there.

Don't Respond: Unsure, Do not reply to the message or engage with the sender in any way. If you think the message is legitimate, always confirm by calling the person directly on a known number. For links go directly to their official web site and do not use the link in the text message.


...

Magic Words and Passwords

...


We start the month with a look at how Passwords are similar to Magic Words (by Wizer), and having a single Magic Word/Password to open everything is not a good idea. 


Image Added

(this video plays directly on the wizer website)


Now that you have seen what having one "Magic Word" for all your accounts can do. Choosing and not sharing your "Magic Word" or Password is just as important. 

Hope you have enjoyed the short video and learned that Passwords are like a "Magic Word" and you should make sure that is Strong, Unique, and never share it.


Here are some tips on how to have a strong, unique "Magic Word" and its use.

Having a unique, long, and strong Magic Word (Password) is important. Did you know that a computer can crack an 8-character password in seconds, whereas a 14-character password with complexity (upper and lowercase letters,a number, and a special character) takes centuries to crack? You ask, how can anyone remember a long, complex Magic Word (Password)? Use a Passphrase. A Passphrase is a string of words; it can be as simple as four random words combined to create a memorable Magic Word (Password).  Below are tips on how to make it memorable, unique, and strong.


Image Added


How to create a strong, memorable Magic Word (Password)


Make your passphrase funny so it will be easier to remember (do not use this example as your password)

dogridingsmallbicycle

Now add in complexity (upper and lower case,  a number, and a special character)

dog RIDING 24 small bicycles

Great. Now you have a strong, memorable Magic Word (Password). 


Keep in mind the following things when creating a Magic Word (Password).

Don't use personal information like your name, birthday, or pet name.

Don't use known phrases from a song, a common saying, or a book. You would need to change part of it to make it unique.

Do use a unique Magic Word (Password) for every login. Have trouble with all those unique Magic Words (Passwords)? Use a password manager to remember all of your Magic Words (Passwords). 

If you are reusing Magic Words (Passwords) it is time to stop and update the most sensitive ones first. Like your bank, Suffolk credentials, email, and social media accounts.

Lastly, regardless of how strong your Magic Words (Passwords) are, you should enable Multifactor Authentication (two-factor or 2-step authentication) wherever it is available, so if anyone steals your Magic Word (Password) it will not be enough to log in to your account.Visit the google phishing quiz site.
https://phishingquiz.withgoogle.com/






Observed every October, the annual Cyber Security Awareness Month is committed to encouraging personal accountability, securing secure behaviors, and maintaining digital privacy in the cybersecurity landscape. This initiative was created as a joint effort between government and industry, providing resources to stay safe and secure online.

...