What do you know about cyber security, a new sophisticated phishing attack and more security updates available.
Welcome to Cyber Security Today. It’s Friday October 12th. To hear the podcast click on the arrow below:
As part of Cyber Security Awareness Month, RBC Bank surveyed 2,000 Canadians on their understanding of how to be secure. Many of you would fail if the survey is accurate. While 77 per cent of those questioned believe they are knowledgeable about cyber security, only 16 per cent could identify the majority of six cyber terms correctly. Nearly two-thirds could not identify the term “phishing”, which is an email designed to trick a person into clicking a link or opening an attachment in order to steal information or install malicious software. Similarly, two-thirds couldn’t identify the term “pharming,” the fraudulent practice of directing you to a bogus website that looks like a real one.
OK, knowing the slang name of a con may not be important, but knowing the signs of fraud is. Here are tips from the bank:
- Know your contacts: Remember that the government, your bank, or other businesses will never ask you for your password or PIN. And your uncle, co-worker or best friend likely isn’t asking for confidential details from you either.
- Look closely: Are there spelling and formatting errors in the email? When you hover your mouse over the link that’s included in the email, does it look valid? Are they addressing you by name, or simply “Dear Customer?” These are some tell-tale signs an email is fake.
- When in doubt, phone: If you’re not sure if an email, text or phone call is legit, call the company directly – using a number you trust — and ask if they’ve been trying to reach you.
Speaking of phishing, Trend Micro issued a warning this week about a sophisticated two-step campaign it’s seen in Canada: After hijacking an email account, the attacker looks for a conversation between the victim and another person. Then the attacker sends an email looking like it came from the second person with a malicious link as part of that message stream. In other words, the email with the malicious link doesn’t come out of the blue. Rather, it looks like its coming from the person in the message thread. That way the victim may be more likely to click on the link. This is why it’s so important to do everything slowly when you’re online, including reading every email, text message and social media post you get carefully.
Watch for little things like spelling mistakes, differences in the signatures, differences in email addresses. Why should one email from your friend or cousin come from “oxnard.com” and another a few minutes later from “ladyfinger.org?” In the Canadian attack, one message mixed French and English. Attackers are also getting smarter. It used to be a suspicious attachment file name was a garbled mix of letters or nonsense name like “ladyfinger.doc”. That’s a giveaway. But in this campaign the attachment file name may include your company’s name, to look authentic. Don’t be fooled.
Finally, this week Microsoft issued its monthly patches for Windows. Make sure you’ve got the latest updates. And, if you use What’sApp on a smartphone, make sure it’s the latest version. A vulnerability in older versions of the app could be used by an attacker to hijack the app by getting the user to answer a video call. This bug has been fixed in the latest Android and iOS versions.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Podcasts, or add us to your Alexa Flash Briefing. Thanks for listening. I’m Howard Solomon.