Cybersecurity Tips to Put into Practice During Remote Work

As the situation with Coronavirus COVID-19 advances, many state governments are now issuing orders to work from home for the purposes of slowing down the spread of the virus through “social distancing”. While this period of uncertainty and fear grows, so do the phishing attempts of cybercriminals who seek to take advantage of potential victims.  

European cybersecurity agency ENISA has been warning users to stay vigilant for any suspicious looking emails that arrive in users’ inboxes – especially those that mention the Coronavirus – urging people to avoid clicking links or downloading files that may otherwise include malware and infect devices. Instead, it is recommended to check the legitimacy of the email through methods such as checking the direct website or calling a company’s direct phone line if the email and sender looks suspicious. Any unusual requests through an email should be handled with skepticism and caution.

Aside from being careful of such emails, ENISA also recommends employees to follow these security measures to stay safe while working from home:

  1. Maintaining a secure WiFi connection and having WiFi password protected so as to keep others away from accessing your web traffic. Employees should also make certain their connection on WiFi is secure rather than using an untrusted network through public WiFi.
  2. Having an antivirus software downloaded on your device as you work on sensitive material
  3. Making sure your computer software is up-to-date with the latest security updates
  4. Locking your desktop screen when it is not in use 
  5. Making sure all files are being backed up in case of an emergency (e.g. a ransomware attack)

During this time with remote work, employers should also take responsibility in making sure all employees are well equipped with tools necessary to ensure business security. For example, having an emergency cybersecurity plan or support available for workers when facing technical issues, or having a protocol to follow when working from home in the case of accessing sensitive files.

4 Tips to Keep in Mind to Avoid SMS Scams

From time to time, we receive strange texts from numbers we don’t recognize telling us that our Amazon account has or needs a delivery update or that there is unusual activity detected in our bank account. Texts like these are accompanied with a suspicious looking link that asks you to click to log in. The issue with these messages is that sometimes it could be difficult to tell if it’s a scam when it mentions a company, bank, or other entity we typically interact with. While this may be so, we’ve outlined a few tips for you to keep in mind when you get that suspicious SMS message:

Tip #1: Don’t Click on Links from a Text You Don’t Recognize

It’s important to look out for one of the bigger signs that the text you received could be a scam: if it asks you to click on a link. Usually, you can tell when a link is fraudulent through the domain name. Other times it may be a bit more difficult to assess the link, especially if the company name is used within the link. In whichever case, it’s best practice to just avoid clicking on any such links sent to your phone. If you receive a delivery notification that asks you to check its status through a link, go to your web browser or application instead and log into your account to do so. 

Tip #2: Don’t Reply to Suspicious SMS Messages

Messages that you don’t recognize could ask you to reply “YES” or “NO” or to give them a call about your bank account that was experiencing suspicious activity. In any case, avoid replying back to such messages and note that call to action texts that you don’t recognize could very well be an SMS scam. 

Tip #3: Be Mindful of the Message Content

It’s important to look out for a few tell-tale signs within message content that may reveal the malicious nature of a text. Several things to spot include the greeting message, spelling, grammar, and the link provided. If anything seems out of character through the message, then you’re probably right to think it may be fraudulent. Again, it’s always best to sign into your account through the official website than clicking on a link you’re unsure of – especially if the domain doesn’t appear to be an official company website link. 

Tip #4: Use Your Phone’s Block Feature

To help you avoid receiving any further messages from a sender, iPhones come equipped with the ability to “Report Junk” for texts you don’t recognize. The option appears when your phone recognizes that the number is not part of your contacts list. You can also block a number that sends you malicious messages by pressing on the contact info button at the top of your iMessage, press on the number once more at the top, then scroll to the bottom to press “Block this Caller”.

Email Productivity Applications Collect Users’ Personal Information to Sell to Third Parties

There are many email productivity applications that help manage and organize your inbox. While useful, they come at a costly price for your privacy. According to Motherboard’s Joseph Cox, many of these apps can scan through people’s emails and sell their data for profit. Some worth mentioning include Cleanfox, Slice, and Edison. On Edison’s website, the company states that it “accesses and processes” users’ emails, this similar statement used for the apps Cleanfox and Slice.

These types of applications scan people’s personal inboxes for emails that contain information such as package tracking notifications and receipts to record how much people spend as well as what they are purchasing. Once this data is collected, these application companies sell this information to e-commerce and finance companies that have an interest in such trends. However, they sell an anonymous version of the information. 

A spokesperson from Edison told Business Insider that their software “automatically recognizes commercial emails and extracts purchase information,” while disregarding any emails that include personal or work related matters. Slice’s parent company, Rakuten, stated that the reason as to why they collect people’s data is for market research purposes and – contrary to what we may believe – that they do value protecting their users’ privacy. 

Foxintelligence’s CEO Edouard Nattée stated in an email to Business Insider that new users are notified when their data is pulled from “transactional emails”, further stating that the information collected remains anonymous. While anonymized data may seem secure, data breaches that give access to the exact data can help cybercriminals trace information back to its original source. 

5 Cybersecurity Threats That You Should Look Out for

Ransomware attacks, cyber attacks, data breaches – these are just a few cybersecurity threats that catches one’s attention. However, here are some other types of threats you may not have expected:

Malicious USBs That Could Carry Viruses 

Some USB Sticks could be very dangerous if initially tampered with and – once plugged in – can install a backdoor on PCs. You should be very cautious of plugging in a USB drive to your PC if you are unsure of where it’s from. Other USB sticks may not start causing immediate damage once inserted. Instead, such USBs could carry viruses that could wreak havoc on your computer after initial download. Always make sure you know where the USB comes from, keep your computer’s operating system up-to-date, and have the proper security tools installed.  

Browser Extensions That May Do More Harm Than Good

Browser extensions have everyday useful features, but some extensions need close evaluation from its users. Extension developers could use these programs to collect data on what you search online. If you happen to choose the wrong extension, it could end up annoying you with pop-ups, installing unneeded software, and could also sell your browser data. To help prevent this, minimize your extension downloads, do your research on the developers behind each extension, and just stick to the ones you know of. 

Charging Cables That Could Give Hackers Access To Your Device

The purpose of a charging cable is to give power to your device and help sync information. However, there are some charging cables out there that look very similar to your everyday charger, but they could give hackers access to your device’s information. All you would have to do is click “trust this computer” when a malicious cable is plugged in, and the hacker would have access to your device. To help prevent this issue, be mindful of the charging cables you purchase or only use the charging cables that come with your device.

Photo Uploads That Give More Information Away Than Wanted

There’s nothing wrong with posting photos on social media. However, you should be careful with putting your pictures on “public”, as uploaded photos can carry your location data. Apps like Facebook and Instagram remove this information, but apps like Google Photos track the location of where the photo has been taken. Posting the photo online with a location tag can add the location back to a photo even if you remove the location data. This photo data can put you at risk of identity theft or online stalking if a cybercriminal were to use your pictures for these malicious purposes. To prevent this, keep your social profiles on “private” mode.

Smart Home Devices That Could Be Hacked

As homes get smarter, hackers have the chance to target them. If hackers are able to access homes, they could make sure doors remain unlocked or check your security cameras. To combat this, buy devices that are well-known and make certain that all your devices – including your router – are always up-to-date with the latest software. Also, do not keep default passwords for your smart home device accounts. Make sure your passwords are hard to guess and are not used elsewhere. For more protection, turn on two-factor authentication for your device accounts.

Instagram is Testing New Feature That Can Help Users Combat Hackers Stealing Accounts

Image Source: iStock.com/bigtunaonline

Instagram is working on putting user account security at a high priority by making it more difficult for hackers to steal accounts to hold them hostage for ransom or sell for high profit.  

Hackers are after big influencer accounts in a scheme reported by Motherboard which involves cybercriminals targeting big name Instagrammers. The attack works through an email link that – once clicked – directs users towards a fake Instagram login page. Once a hacker steals the login credentials and has access to the account, victims are unable to sign-back in or regain access to their own profiles, as hackers change both the recovery email address and phone numbers associated with the account.

Instagram had previously acknowledged the problem of users having difficulty in accessing their accounts, to which the company had advised in setting up two-factor authentication as well as implementation of stronger passwords, but adding these extra steps of security doesn’t exactly help when a cybercriminal has already accessed an account. Phishing links have been used as a primary means of tricking influencers into signing into bogus login pages made to look authentic. Furthermore, if an influencer has used the same account credentials that were previously involved in a data breach elsewhere, cybercriminals can use this information to their advantage to gain access to an account

After users have long complained about Instagram’s lack of responsibility and initiative in taking care of the hacker issue, the company recently announced new ways of combating this ransom tactic.

If a user can’t log in to his/her page, Instagram gives one the option of sending a six-digit authentication code to the account’s original phone number or email address that was used when the account was first created. Any other devices used by hackers that are logged in will be logged out, allowing a user to recover their page by resetting their email and password. This feature is currently under testing. 

Image Source: Instagram

 

Instagram has also promised to bring another feature – one already available for Android users – to iOS. The feature allows a user to change their Instagram handle while also allowing one to maintain their previous handle for 14 days. This upcoming update is meant to deter any hackers from taking popular usernames to sell for profit. After the 14 day period is over, the username becomes available for anyone to use.

Cybercrime Groups Still Operate Over Facebook Platform

Cisco’s Talos threat intelligence researchers have identified an ongoing cybersecurity problem that looms within Facebook: dozens of groups created to trade and purchase spamming and phishing services.

The groups have been noted as partaking in “shady (at best) and illegal (at worst) activities,” using easily identifiable and locatable names such as “Spammer & Hacker Professional” or “Facebook hack (Phishing)” and yet remained up and active without intervention from Facebook itself.

Researchers at Cisco have found approximately 74 groups that partook in cybercriminal activities such as selling stolen login and account credentials and banking information. Others would sell tools for email spamming. The groups had amassed around 385,000 members in total and were easy to search for through simple keyword phrases like “spam” and “carding” when one looked into Facebook group search.

Cisco’s Talos team had notified Facebook about the hacker groups through abuse reporting, to which Facebook had responded by removing a few of the groups while keeping others up and only removing some posts deemed as a violation of policy. After the Talos researchers spoke directly with Facebook’s security team, the groups were taken down, but the issue of cybercrime on the social media site still remains a prevalent problem as new groups always seem to emerge.

Such activity isn’t new to the Facebook community. Groups like these have been operating for years on the social media platform. Brian Krebs from KrebsonSecurity had found 120 cybercrime groups back in 2018, for example, notifying Facebook in order to have the groups removed.

A spokesperson told The Verge that “[Facebook] know[s] [it] needs to be more vigilant and [they’re] investing heavily to fight this type of activity.”

Beware: TrickBot Malware Is on the Rise for Tax Day

Tax Day is coming up on April 15th, and cyber criminals are out to seek profit at many victims’ expense. A tax theme malware called TrickBot is being sent to inboxes, the hackers impersonating payroll providers like Paychex and ADP and sending malware infected Excel documents to their recipients.

TrickBot works by exploiting network vulnerabilities to essentially enter and steal sensitive information such as passwords and bank account details in order to file fraudulent Tax forms to receive returns. Scams caused by TrickBot have cost the IRS over a million in losses back in 2016.

Researchers from IBM X-Force noted how cyber criminals are using domains that look highly similar to actual payroll providers in order to deceive recipients into thinking the email is from a legitimate source.

IBM global executive security advisor Limor Kessem stated how “this campaign [is] highly targeted in its efforts to infiltrate US organizations,” and the threat from TrickBot doesn’t look like it’ll cease. Kessem continues on by explaining that “TrickBot [is] one of the most prominent organized crime gangs in the bank fraud arena, [so] we…expect to see it maintain its position on the global malware chart, unless it is interrupted by law enforcement in 2019.”

Before clicking on any email link, it is highly advised to double check the legitimacy of the email by looking closely at the sender information. Hovering over an email link also allows you to check on where the URL leads before you actually click on it; just check the small window that pops up above the link to make sure the site is safe.

58,000 Android Users Were Subjected to Stalkerware on Their Phones in 2018

Kaspersky Lab researchers have found that over 58,000 Android users were victim to “stalkerware” on their phones in 2018.

After using an antivirus software provided by Kaspersky Lab, 35,000 users were surprised to find their phones had the stalkerware installed in the first place.

Stalkerware is a surveillance spyware that essentially spies on a user’s device, allowing a malicious actor to look into photo libraries, email and SMS messaging, intercept live calls, etc. It is termed “legal spyware” as legally-registered companies distribute the software for others to track their children’s activities on mobile devices, for example, or even offer employers employee tracking on such devices.

In the case of legitimate applications with the software, users are aware they are being monitored, receiving notification that the application is running in the background. In other cases, illegal spyware can wreak havoc on one’s personal privacy, as some users may fall victim to a hacker’s attempt of installing such spyware onto their device if a user clicks on a malicious link in an email, for example.

Following a blog post on the immorality of “legally” distributed spyware, Kaspersky lab had made it public through its reporting that their Android antivirus software will assist in stalkerware awareness and quarantine for users unknowing of the spyware’s dangers to their privacy. An alert is sent directly to users’ devices notifying them that an application is compromising their sensitive information.

Image Source: Kaspersky Lab

540 Million Facebook User Records Found On Public Amazon Storage Server

UpGuard security firm researchers have discovered an unpleasant surprise: millions of Facebook user records were found exposed publicly on an Amazon S3 storage server without a password to protect the data.

Two third-party companies – a Mexico based media company called Cultura Colectiva and an app developer At The Pool – had left user records available for public access. User record data such as comments, likes, reactions, and account names were all stored onto the servers. At The Pool stored sensitive information from approximately 22,000 users and included data such as photos, check-ins, and friends lists.  

UpGuard had not received a reply from Cultura Colectiva after warning them about the public server data back in January. After reaching out to Amazon as well, the security firm was yet again met with indifference as no one had taken action to resolve the issue. After Bloomberg’s reporting on April 3rd, the database was then secured.

A Facebook representative commented on the matter, explaining how “Facebook’s policies prohibit storing Facebook information in a public database. Once alerted to the issue, we worked with Amazon to take down the databases.” Spokespeople from the company also commented on how Facebook was not aware of the issue until the UpGuard team had brought it to their attention.

Both third-party companies had collected and stored the data in the past when Facebook was more lenient on data gathered by outside applications. However, after the Cambridge Analytica scandal, Facebook set tighter restrictions on what developers may access in regards to user data.

As of now, it is unclear on whether the data on the open storage servers were accessed by malicious actors who could potentially use it to their advantage in marketing or fraudulent schemes.

WebAuthn May Be the Solution for a Passwordless Future

On Monday, The World Wide Web Consortium – or the W3C – announced their approval of a new means of account security: through use of WebAuthn (a.k.a. Web Authentication). With WebAuthn, users can use other ways of logging into their accounts without the need for a password. Browsers such as Chrome, Firefox, and Safari already support the new authentication system. As now a new standard for authentication, WebAuth may be a tool individual sites can start implementing.

WebAuthn works as an API that essentially acts as the liaison between websites and users logging into their account, as sites “communicate” with security tools such as security keys on a USB to allow a user to access his/her account; this ultimately provides an extra form of protection.

The beneficial side to websites using WebAuthn includes less possibilities for hackers to cause destruction through site data breaches. This authentication system would work as a safer alternative than using passwords that may end up stolen during the instance of a data breach. It would even save many the trouble of having to remember and use weak passwords in the first place.

As the W3C has approved this new standard, websites can now adopt it into their own login methods, much like Dropbox and Microsoft did.