Observed every October, the annual Cybersecurity Awareness Month is committed to encouraging personal accountability, secure behaviors, and maintaining digital privacy in the cybersecurity landscape. This initiative was created as a joint effort between government and industry, providing resources to stay safe and secure online.
This October we are focusing on good security habits.
Phishing and Scams Using AI (Artificial Intelligence)
This week we look at how AI is being used to scam you. Phishing doesn't just happen through email, it can be over Text, Phone and even social media. With the evolving AI scammers are making it harder for you to detect these scams. Watch this NBC news video (2022) and see how easy it is to clone someone's voice of a family member, a friend, a co-worker, even your boss. Pay attention to the things that you can do before you get scammed out of your money or personal information.
Tips to prevent being scammed by AI phishing:
DO
- Pay attention - Be skeptical of any request for money or personal information. With AI anyone's voice can be mimicked easily.
- Confirm. Do not be fooled. Stop and Verify. Always confirm by calling the person back on a known number.
- Safe word - Pause for a second and ask a personal question that person would know. What did you have for dinner? Or something that happened the last time you saw them. For family members it could be setting up a secret word or phrase they can use when in distress.
Now for the DON'Ts
- Do not trust caller id number it can be spoofed. This is true for Text messages, Phone calls.
- Do not trust any request for money, gift cards or personal information.
- Do not be rushed or feel pressured. If you do it is likely a scam.
Phishing Scams that come over text can look like this using AI to create better sounding text messages. Do not be fooled.
Some tips on AI Text Scams
Urgent or Threatening Requests: Be skeptical, scammers use urgency to pressure you into giving personal information, buying gift cards, or even sending money.
Unsolicited Requests: Legitimate organizations do not request sensitive information via text messages. Such as unexpected job offers, internships, fines to be paid, or requesting credentials for user accounts.
Suspicious Links: Just as we saw with QR codes, refrain from clicking on links within text messages unless you have confirmed the link is legitimate. Instead, visit the website directly and log in from there.
Don't Respond: Unsure, Do not reply to the message or engage with the sender in any way. If you think the message is legitimate, always confirm by calling the person directly on a known number. For links go directly to their official web site and do not use the link in the text message.
Magic Words and Passwords
We start the month with a look at how Passwords are similar to Magic Words (by Wizer), and having a single Magic Word/Password to open everything is not a good idea.
(this video plays directly on the wizer website)
Now that you have seen what having one "Magic Word" for all your accounts can do. Choosing and not sharing your "Magic Word" or Password is just as important.
Hope you have enjoyed the short video and learned that Passwords are like a "Magic Word" and you should make sure that is Strong, Unique, and never share it.
Here are some tips on how to have a strong, unique "Magic Word" and its use.
Having a unique, long, and strong Magic Word (Password) is important. Did you know that a computer can crack an 8-character password in seconds, whereas a 14-character password with complexity (upper and lowercase letters, a number, and a special character) takes centuries to crack? You ask, how can anyone remember a long, complex Magic Word (Password)? Use a Passphrase. A Passphrase is a string of words; it can be as simple as four random words combined to create a memorable Magic Word (Password). Below are tips on how to make it memorable, unique, and strong.
How to create a strong, memorable Magic Word (Password)
Make your passphrase funny so it will be easier to remember (do not use this example as your password)
dogridingsmallbicycle
Now add in complexity (upper and lower case, a number, and a special character)
dog RIDING 24 small bicycles
Great. Now you have a strong, memorable Magic Word (Password).
Keep in mind the following things when creating a Magic Word (Password).
Don't use personal information like your name, birthday, or pet name.
Don't use known phrases from a song, a common saying, or a book. You would need to change part of it to make it unique.
Do use a unique Magic Word (Password) for every login. Have trouble with all those unique Magic Words (Passwords)? Use a password manager to remember all of your Magic Words (Passwords).
If you are reusing Magic Words (Passwords) it is time to stop and update the most sensitive ones first. Like your bank, Suffolk credentials, email, and social media accounts.
Lastly, regardless of how strong your Magic Words (Passwords) are, you should enable Multifactor Authentication (two-factor or 2-step authentication) wherever it is available, so if anyone steals your Magic Word (Password) it will not be enough to log in to your account.
Observed every October, the annual Cyber Security Awareness Month is committed to encouraging personal accountability, secure behaviors, and maintaining digital privacy in the cybersecurity landscape. This initiative was created as a joint effort between government and industry, providing resources to stay safe and secure online.