DON’T CLICK THAT! Cyber Security in a Modern Age Prepared by Michael Fielden for J. Rockcliff Realtors
What’s the real risk of hacking? Some recent (and less recent) headlines that you may have read about or seen on the news are still impacting users and general security: • 2015 Ashley Madison HACKED – information subsequently ”released” on the dark web. Criminals quickly identified that most people use the same username, email and password, which allowed criminals to spear-phish (target) and blackmail users. • Twitter: 32 million hacked users • Yahoo: 500 million hacked accounts which then provided access to services like LinkedIn, Amazon, Facebook and through email access credit card accounts. This crime was unique because it allowed hackers access to user email and multiple services. • Malware has been identified on all systems, including Windows, Macintosh, Android and iPhone. • 2+ Million new signatures for Malware identified in 2017. • September 2018 Facebook HACKED or exposed or caught with their guard down. You decide.
Why are we talking about this today? What does Cyber Crime look like today? Before we can begin to mount a defense, it’s important to understand the threats that exist today. Can you identify the possible risks associated with the icons to the right?
Harassment and Workplace Bullying – The Changing Rules Harassment • Cyber Bullying is generally between minors. • Cyber Harassment is between adults. • Cyber Stalking is generally more serious and consists of a pattern of harassment with a credible threat of harm.
DON’T CLICK THAT LINK – Cyber Criminals are Getting Smarter and You’re Not Phishing
• Email Messages, Facebook Messages, Text Messages • Appear to be from someone with whom you do business • Designed to trick you into providing usernames and passwords
Pharming
• Redirects you to a phony website that may be the real URL, a close URL, or something that just looks like the real site
Social Attacks and How They Can Get You • Adware and Other Malware • Suspicious Emails and Notifications • Appear to be from an important person or administrator • Asking for your password • Threatening exposure or to suspend your account • Phishing and “Please Send Money” scams
Bad Virus and Outdated Software Expose You To • Clickjacking – clicking on a link that adds malware to post unwanted links on your social media profiles and web sites. • Malicious spam Scripts • Triggered when you copy and paste information into the web address bar on your computer
Free Wifi May Not Really Be Free Free Wifi: Device called wifi pineapple mimics popular banking websites. • Pass through pineapple to whatever sites they want and capture user names and passwords. Slowly add botnets, malware and virus. • USB drives “dropped” 30 drives, 67 different networks including corporate networks • Waterhole attacks: redirect to compromised websites • Spear Phishing: Cost one firm $47 million (CEO email wire transfer) •
Your Want to Help Works Against You – The Fake Helene Social engineering is using deception, manipulation and influence to convince a human who has access to a computer to do something, like click on an attachment in an email. • Be wary of someone you know sending you a Facebook message, text message or email asking you to send money or gift cards. • Don’t get caught helping someone increase the price of a product or service by bidding on eBay or buying on Amazon.
Identity Theft is Real – The Dark Side of the Internet Identity Theft is the use of you name, credit history, social security number, bank card, or credit card for financial gain. • 2.7 Million Reports of Fraud or Identity Theft in 2017 • Nearly 158 Million Social Security Numbers Exposed in 2017 • $907 Million in Reported Fraud Losses in 2017
Do people really HACK individual users? “In every cyber crime case I’ve dealt with, I’ve never found a master criminal sitting somewhere in Russia or Hong Kong or Beijing. It always ends up that somebody did something they weren’t supposed to do. They read an email and clicked on a link or went to a website they weren’t supposed to. Every single case.” - Kevin Mitnick
MALWARE
Pick Your Poison
Malware includes different types of programs that are designed to be harmful or malicious and comes in many different forms: • Spam • Adware and Malware • Viruses • Worms • Trojan Horses • Rootkits
PROTECT YOUR COMPUTER – Protect Yourself
• Install Antivirus Software and Keep it Current • Microsoft Security Essentials • AVG • Norton, McAfee • Install Anti - Malware Software and Keep it Current • Malware Bytes
You Have a Choice Keep Your Computer Up To Date
Do you use the same password on multiple sites?
STOP This is where hacking starts.
Password Security and Management
The best thing you can do to protect your online identity is to use a different password on every single site. The reason hacking is possible is because nobody can do this. Or can they? • 1Password • Last Pass
YOU ARE YOUR PROTECTION