Advice to businesses and consumers for Fraud Prevention Month, ransomware hits Oslo-based international aluminum producer and ways to protect against spear phishing
Welcome to Cyber Security Today. It’s Wednesday March 20th. I’m Howard Solomon, contributing report on cyber security and privacy for ITWorldCanda.com. To hear the podcast click on the arrow below:
This being fraud awareness month someone decided I was worth attacking. So this week I got a recorded phone call that started like this: “Attention customer. Your credit card has two suspicious transactions. An expense on eBay and one on PayPal. If these were charges you did not make, press 1.” You can detect this is a scam for one good reason: No credit card company will send out a warning with a recorded call. Probably what the attacker wants to you do after pressing 1 is to enter your credit card on your phone keypad. Or, you’d be transferred to an agent who would ask for your credit card number and the secret number on the back for verification. If you are worried about a suspicious charge, call the phone number on the back of your credit or debit card.
Canadian online bank Tangerine notes there are a wide range of phone, email and social media scams going around. Common ones are messages that you’ve won a large lottery or sweepstake, but you have to pay a fee to cover taxes or legal fees; someone pretending to be from head office asking you to send cash or a money order to pay for office supplies; a message saying you have been selected to be a mystery shopper; and a message claimed to be from Netflix asking you to update your payment details by clicking on a link.
Security vendor Eset also offers this advice: Be smart when using your smart phone or tablet for online shopping. Limit the number of sites that automatically store your credit card and personal information. Consider checking out as a guest whenever possible or using Apple Pay, Android Pay and PayPal – which prevent your card details from being transmitted – when on sites not frequently used.
Be careful with apps and websites that want your personal data. You don’t always have to use your real name or your birthday or your hobbies. Give away too much and hackers can then call you posing a legitimate company that sounds like it knows a lot about you. Finally, make sure you safely get rid of old computers, phones and tablets by completely wiping them of personal data.
For more on fraud prevention, see this Government of Canada web site.
Some companies still haven’t figured out how to secure their computers. Yesterday Norwegian metals and energy giant Norsk Hydro, one of the world’s biggest aluminum producers, admitted the company had been hit by an extensive ransomware attack. As a result some operations are running manually. The company said it has recent backups that should help it restore encrypted files without the need to pay the ransom demanded by the attackers. Typically ransomware infections start with someone clicking on an infected email message. That can be slowed by teaching staff to always be careful with email, and making sure systems have the latest security patches. Another tactic of attackers is getting hold of an administrator’s login credentials and planting the ransomware on a server. That can be stopped with tight controls over server access, including two-factor login authentication.
Targeted email attacks called spear phishing help spread malware and ransomware. Security vendor Barracuda Networks this week offered a number of tips to companies to help avoid being victimized. These include making staff use multi-factor authentication for logging into systems and applications, implementing the DMARC authentication protocol to prevent your company’s email from being impersonated, training staff to recognize and report attacks, and use technology that recognizes phishing attacks.
Read the full report here. Registration required.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon