Social Media

Social media sties are a great way to interact with other users over the internet.  Unfortunately, a large number of social media users don't understand the importance of limiting what's posted on these sites.  Attackers regularly use social media sites as reconnaissance tools,  It's no longer surprising to hear about people falling victim to identity theft or networks being infiltrated because of information gathered from social media sites.

What can you do?

• Assume that anything you post online is public and permanent.
• Don't post information that may damage you or your company's reputation.
• Be cautious of what you post because any information can be used to carry out additional attacks
• Go through all your privacy settings and restrict who is able to view your profiles.
• Connect with people you know.

Add On to Prior Pot

Recognizing phishing attempts:

Check that the e-mail message is well composed with the grammar and spelling you would expect from the sender, whether it's your boss, your brother or your bank.

Does the e-mail ask you for personal information?  Most organizations would never ask for personal information in an e-mail or ask you to "reconfirm" your password and account information.

Trust your gut!  If something doesn't seem right, it probably isn't.  If you are not sure and are worried that there is something urgent that needs your attention, then contact that company/organization as you normally would.  Never use the e-mail links or any information from a suspected phishing e-mail (including the phone number!). 

Understand that e-mail phishing works on unsuspecting people every day.  Even e-mails that seem farfetched ("Send me $100,000 so I can give you my inheritance") work all the time, but those aren't the only e-mails that get sent.  There are often crafty and well-constructed e-mails that require a close look to notice they are malicious.  So take that second lok and check before you click, download, or enter your information.

Phishing E-mails

So what can you do to prevent malicious viruses via e-mails?  First look at the "from" address.  Be sure you recognize it.  Than take a second look at the domain name (that's the name after the "@" symbol).  Make sure it's spelled correctly.  At the office, an internal e-mail from your coworker would display only his or her name.  If it also shows the full e-mail address, it came from the outside.

Look for a "reply" address that matches the "from" address.

More soon..........

Spam & Junk

Understand that "spam" and "junk" filters do not catch all malicious e-mails.  Second, know what signs to look for in a phishing e-mail.  The vast majority of phishing attempts are fairly easy to recognize and avoid.  My next blog will give some aspects of phishing e-mails that can help you recognize their true nature.

Tired of Cybersecurity Yet?

Phishing is one of the most commonly used attacks against users.  By way of e-mail, those with malicious intent will contact unsuspecting persons, asking them to click a link or download a file.  Generally, the end goal is to infect the user's computer with malware or get them to submit important personal information.  Next blog will deal with what you can do to avoid malicious attempts. 

Passwords

Never write down your password, and never store it in your browser.  If you have many user names and passwords (as we all do), it's impossible to remember them all.  Some form of storage is needed.  Utilize a password manager application.  A password manager automates the random generation of all passwords for each of your accounts, allowing you to remember only one strong passphrase (see prior blog posting.)  Password managers have strong encryption and can pseudo-randomly generate strong passwords for each unique account you log in to.

Here is a non-extensive list of password managers, as of September 10, 2015, from Wikipedia.  https://en.wikipedia.org/wiki/List_of_password_managers