More advice for safe online holiday shopping, new ransomware tactics and crackdown on awareness training.
Welcome to Cyber Security Today. It’s Monday November 23rd. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To hear the podcast click on the arrow below:
Black Friday sales officially start at the end of this week but some retailers are getting a jump right now. So here’s more best practices for online shopping. These are suggested by an email protection firm called INKY.
–Be careful of email, text or social media messages touting sales. Check the sender’s address. Does it really come from the company? Remember brand names and logos can be forged;
–Does the link in a message go to the real company website? Put your mouse under the link to see where it really goes. That will be shown in the bottom left of your browser. Be suspicious of an overly long web address. To be safe, use a search engine to go to a site rather than clicking on a link. If the sale of a product is legit it will be there. It won’t be only available by clicking on a link;
–Be wary of messages that ask you to ‘Click here to log into your account’;
–Be cautious of messages that are supposedly from delivery services asking you to log in to see a package delivery status, particularly if you haven’t ordered anything.
Not all crooks are thinking of Christmas scams. According to a report from the Bleeping Computer news service, one strain of ransomware is now looking to scramble files saved using the Turbo Tax tax preparation software. To make sure you don’t lose any important files make sure you backup data on a separate storage device from your main computer. Don’t keep this backup device permanently connected or if your computer becomes infected it will, too.
Speaking of ransomware, developers of a new strain have found a different way to publicly squeeze corporate victims: Making company printers repeatedly print out the extortion note. In the case of a South American retailer, that meant the note was churned out on receipts at store checkouts. Customers seeing that might lose confidence in the security of a company. It’s another reason why corporate security has got to be tightened against these kinds of attacks.
Security awareness training is vital for every organization. But some employees appear to be hard of hearing. Security researcher Xavier Mertens recently found that out. In a blog for the SANS Institute he writes of discovering a staffer at one company had uploaded a big file to a cloud server and then emailed another person the password to access the file. Passwords should never be sent by regular email or text message. Obviously the staffer trusted the other person, but that’s not the point. The point is anyone who hacks an email account will go through the sent and received messages looking for nuggets like this. The safest way to send someone a password is phone them — and don’t leave it on their voicemail. Or use an encrypted email.
Finally, Apple iPhone and iPad users should note there’s a security update available. You should be on version 14.2 of the operating system.
That’s it for Cyber Security Today. Links to details about these stories are in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals.
Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.