InfoSecBuzz asked a number of security experts for their advice on the top security threats and how to avoid them. These are specialists from Alienvault, Cylance, Cybereason, F5 Networks, Kaspersky, Tripwire, and more.
Quite a few warned against the same things, so here is a quick summary of the Top 10 security threats for users and Top 5 for IT pros, with a link to the full article at the end.
I would copy and paste the section for your users, and email it to them as a reminder early in the day!
TOP 10 SECURITY THREATS FOR USERS:
- Today, phishing scams are skyrocketing, especially driven by deals and rebate offers. Don’t open any attachments or click on links appearing to be from trusted vendors you shop with. Go directly to the website of the vendor looking for the sales and deals.
- Do not use ATM/debit cards online, only use credit cards and think about a voluntary limit, or at least a text when a purchase gets made.
- Delivery- and non-delivery scams. Watch out for emails that confirm shipments or that try to scam you with shipment problems.
- Don't fall for deals that are too good to be true on Black Friday weekend and Cyber Monday. Increase your security awareness levels, and maintain a healthy skepticism when you see special offers in email or social media.
- Watch out for fake discount coupons, and fake "game codes", that are nothing but a nonsense string of letters and numbers.
- Keep an eye out for online credit card collection imposters. You might stress out because of your high credit card bills, and bad guys are sending emails that claim to be from the credit card company claiming your account is overdue and is subject to being shut down unless you make a payment immediately. You may be tricked in giving away your credit card information.
- Holiday Ransomware: You should understand that information—e.g. order confirmation emails— on your computers increase in value over the holiday season, and that means that you are more likely panic and pay ransom if ransomware strikes.
- Be very wary when you get an inbound phone call, never give out any personal information if you did not initiate the call yourself.
- Avoid downloading anything from questionable websites. Disable popups on your devices by using trusted, reliable popup blockers.
- If you suspect that you may have entered your credit card data into a fake website after all, immediately call your credit card company and cancel your card. Then change your passwords and pin-codes for your online banking sites. Use strong passwords and never use the same password for several websites or services, because if one is stolen, all of your accounts will be put at risk. To create strong passwords without having to remember them, use a password manager.
TOP 5 SECURITY THREATS FOR IT PROS
- Make sure your e-commerce website is not infected with a digital credit card skimmer. The Magecart malware is causing massive damage at the moment.
- Make sure your certs (or domain) have not expired, and that encryption is turned on by default. More importantly, check if there are any "evil twin" look-alike domains that the bad guys use to spoof your domain. Do that here.
- Monitor regular customers and the devices they normally use for purchases. If an alternative device is used, you can challenge the transaction with additional checks.
- Gather enough transactional data, and therefore evidence, to prove the fraudulent nature of a transaction, or its validity in the case of ‘friendly fraud’. Tactics such as using e-signatures or voice verification can help keep high-value transactions secure.
- It’s vital to be able to detect new accounts that have been opened on an online retail store that may be used for fraud purposes. This information can be hooked into shared real-time fraud databases to cross-reference known fraud data such as flagged delivery addresses and mobile numbers, as well as highlighting inconsistencies in sales transactions.
Here is the link to the full article Let's stay safe out there!
Founder and CEO, KnowBe4. Inc.
Find out if your own domain has an evil twin with the brand-new Domain Doppelgänger tool
Phishing is still the most widely used cyber attack vector, and criminal attack campaigns often use spoofed websites to deceive your users so they simply allow the bad guys to take over your network.
Since look-alike domains are a dangerous vector for phishing and other social engineering attacks, it’s a top priority that you monitor for potentially harmful domains that can spoof your domain.
Better yet, with these results you can now generate an online assessment test to see what your users are able to recognize as “safe” domains for your organization. You then receive a summary of the test results to understand how security-aware your users are when it comes to identifying potentially fraudulent or phishy domains.
With Domain Doppelgänger, you can:
Search for existing and potential look-alike domains
- Get a report with aggregated results that includes risk indicators, and
- Generate an online “domain safety” quiz based on the results to administer to your end users
This is a complimentary tool and will take only a few minutes. Domain Doppelgänger helps you find the threat before it is used against you.
Find your look-alike domains here:
Don't like to click on redirected buttons? Copy & paste this link into your browser: