What is Ransomware? | World Economic Forum

Ransomware is a very real threat. Its rapid growth is being driven by the low risk to attackers and good financial returns. We all need to stay ahead of the game. Let’s start now and be safe not sorry!

How to protect yourself

Recovering files from ransomware is impossible without the attacker’s approval, so you need to avoid data loss in the first place. The best thing you can do is practice good “digital hygiene”:

  • Don’t fall prey to social engineering or phishing, which is where an attacker attempts to have you reveal sensitive information to them. If you receive a suspicious email from your grandma or work colleagues, ask yourself whether it’s unusual before you click. If you’re not sure, contact the sender via a different medium, such as giving them a phone call, to cross-check
  • Don’t install any software, plugins or extensions unless you know they’re from a reputable source. If in doubt, ask and only rely on trusted download sources. And certainly don’t be tempted to pick up USB sticks found on your pathway
  • Update your software (comprising your operating system, web browser and other installed software) regularly to ensure you are always running the latest versions
  • Backup! Important documents need to be treated like valued possessions. Grab a hand full of USB keys and rotate your backups daily or weekly, and don’t leave USB keys plugged in (current malware strains can scan removable USB disks). Having multiple copies means the adversarial effort on holding you for ransom is pretty much worthless.

Link: WEF

Top Ten Cybersecurity Tips | The U.S. Small Business Administration


Please read this advisory from sba.gov in order to protect your small business from ransomware. The following tips will also help secure your small business:

  1. Protect against viruses, spyware, and other malicious code
    Make sure each of your business’s computers are equipped with antivirus software and antispyware and update regularly. Such software is readily available online from a variety of vendors. All software vendors regularly provide patches and updates to their products to correct security problems and improve functionality. Configure all software to install updates automatically.
  2. Secure your networks
    Safeguard your Internet connection by using a firewall and encrypting information.  If you have a Wi-Fi network, make sure it is secure and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router.
  3. Establish security practices and policies to protect sensitive information
    Establish policies on how employees should handle and protect personally identifiable information and other sensitive data.  Clearly outline the consequences of violating your business’s cybersecurity policies.
  4. Educate employees about cyberthreats and hold them accountable
    Educate your employees about online threats and how to protect your business’s data, including safe use of social networking sites.  Depending on the nature of your business, employees might be introducing competitors to sensitive details about your firm’s internal business. Employees should be informed about how to post online in a way that does not reveal any trade secrets to the public or competing businesses.  Hold employees accountable to the business’s Internet security policies and procedures.
  5. Require employees to use strong passwords and to change them often
    Consider implementing multifactor authentication that requires additional information beyond a password to gain entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multifactor authentication for your account.
  6. Employ best practices on payment cards
    Work with your banks or card processors to ensure the most trusted and validated tools and anti-fraud services are being used. You may also have additional security obligations related to agreements with your bank or processor. Isolate payment systems from other, less secure programs and do not use the same computer to process payments and surf the Internet.

    Are you ready for the shift from magnetic-strip payment cards to safer, more secure chip card technology, also known as “EMV”? October 1st is the deadline set by major U.S. credit card issuers to be in compliance.

  7. Make backup copies of important business data and information
    Regularly backup the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically if possible, or at least weekly, and store the copies either offsite or on the cloud.
  8. Control physical access to computers and network components
    Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel.
  9. Create a mobile device action plan
    Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network.. Require users to password protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Be sure to set reporting procedures for lost or stolen equipment.
  10. Protect all pages on your public-facing websites, not just the checkout and sign-up pages

Student loan scam

The costs of student loans and fees can be overwhelming. You might see online ads that promise to help lower your payments or get your loans forgiven. But be wary of companies that make those promises, and never pay an upfront fee. Today, the FTC announced it had filed charges against Strategic Student Solutions, Student Relief Center, and related companies for lying to consumers about providing student loan debt relief and charging illegal upfront fees.

According to the FTC’s complaint, Strategic Student Solutions promised consumers loan forgiveness or payment reduction and credit repair services, but they didn’t deliver. They told consumers that their monthly fees would be put toward their student loans. They also charged consumers illegal upfront fees of up to $1,200.

Consumers found out later that they had not been enrolled in forgiveness or repayment programs, that none of their payments had been put towards their student loans, and their credit had not been repaired. In fact, consumers often ended up farther behind on their payments than when they first signed up for the companies’ services.

If you have paid money to Strategic Student Solutions or Student Relief Center, contact your loan servicer immediately. Depending on the type of loans you have, you may want to discuss a repayment plan or other options for your situation.

Remember, you do not have to pay for help with your student loans. Never pay an upfront fee for the promise of debt relief. Learn how to spot a debt relief scheme.

To report a student loan debt relief scam, file a complaint with:

·       the FTC at ftc.gov/complaint

·       the CFPB at consumerfinance.gov/complaint

Check your email’s activity log

Do you have a Google account?
Did you know that you can check a recent activity log for your account?

It will show you from what browsers and devices you’ve accessed it, when and from what IP. If there’s something that you don’t recognize there or an old session from a friend’s computer, you can choose to terminate it.

Same option is available for many other online accounts, such as Facebook, Yahoo or Dropbox. Access it to monitor where your accounts have been used and end any sessions that you don’t recognize.

If you also activate two-factor authentication, your accounts will be more secure against intruders.

Types of malware

You probably wondered at least once how many types of malware (malicious software) are there and how they differ from one another.

Here’s a super quick overview:

Adware – delivers bad ads and can infect your computer with additional malware.

Bots – malicious code engineered to perform specific tasks. They can be both harmless and malicious. More on bad bots in Daily Security Tip #97 (coming your way soon).

Bug – cyber security bugs (flaw in software) open up security holes in computer systems that cyber criminals can take advantage of. In this context, bugs can allow attackers to gain access to a system and do irreparable damage.

Ransomware – a type of malware that encrypts the victim’s data and demands a ransom in order to provide the decryption key. More info on how to protect yourself against it here.

Rootkit –  a type of malicious software (but not always) which gives the attackers privileged access to a computer. A rootkit is activated before the operating system boots up, so antivirus can’t detect it.

Spyware – a type of malware that will spy on your activity (browsing habits, keystrokes, financial data, etc.) and send the information to servers controlled by cyber criminals.

Trojan Horse – malware that’s able to disguise itself as a normal file, to trick victims into downloading and installing more malware on their devices.

Virus – a form of malware that can copy itself so it can spread to other computers. Viruses attach themselves to other computer programs and execute malicious commands when the victim uses those compromised programs.  Thus, viruses rely on the victim’s activity to spread.

Worm – a type of malware that exploits security holes in operating systems. Worms use the infected system’s resources and self-replicate. They spread independently, without requiring the victim to do anything.

Rounding up foreign lottery scammers

Attorney, Division of Marketing Practices, FTC

 

In the past, we’ve told you about a group of Jamaican scammers who called people in the US with phony prize, sweepstakes and lottery offers. Just last week, the US Department of Justice (DOJ) announced that eight Jamaicans were extradited to the US and now are in custody in North Dakota. These eight people were charged with using a lottery scam to trick at least 90 people out of more than $5.7 million dollars.This case is part of a law enforcement operation that has taken years of work by the FBI’s Bismarck office, the US Postal Inspection Service, the US Attorney’s Office, DOJ, and the government of Jamaica – which arrested this group last year. Here at the FTC, we want to make sure you know how to spot these scams – and tell us when you spot them.Why do foreign lottery scams work? Because these scammers play on our hopes for good fortune. After all, who doesn’t want to win the lottery? But, if you get a call or letter offering a chance to play – or saying you’ve already won a foreign lottery, know this:

  • Playing a foreign lottery is illegal. Both by phone and by mail.
  • Never pay for a prize. And never wire money (or give the numbers from a prepaid card or gift card) to anyone who asks you to. These are sure signs of lottery scams.
  • Buying even one foreign lottery ticket means your name gets added to lists that scammy telemarketers buy and sell to each other. You’ll get lots more calls and letters with scam offers.

Link: https://www.consumer.ftc.gov/blog/rounding-foreign-lottery-scammers?utm_source=govdelivery

Common scams evolved into cyber scams

Benjamin Franklin used to say that in this world nothing is certain, except death and taxes. If he were alive today, he would most likely add social scams to the list.

Three common tricks you may come across in the digital world:

– Shocking news or fake celebrity news – Remember the saying “Curiosity killed the cat”? Cyber criminals will use anything that’s hot right then in the media, in order to capture your attention.

– Free stuff. Free mobile phones, free trips, free flight tickets, free beauty products. Always works!

– Urgency. Click here now, the discount is only available today, download this now or never, etc.

Do a security risk assessment checklist

In “The Art of War”, Sun Tzu said that you should fully know your enemy and know yourself.

Translating this into secureteeh world plan of attack:

  • Do an information assessment list. What type of data do you have stored on your devices? (It can be photos, work documents, but also passwords or account login credentials).
  • What online accounts do you have? Which do you use more often?
  • After you made the list, evaluate how valuable is the data that you keep on them. What would happen if you wouldn’t have access to them anymore or that information was lost, deleted or leaked online?
  • How do you keep the most sensitive information safe? What security measures did you take in order to prevent something to happen to your data?
  • What about shared files and devices? Who else has access to that data?
  • What backup solutions do you have in place?

Security like an onion

You can run, you can hide, but you’ll never be 100% protected against cyber attacks.

Don’t fall for marketing tricks. No matter how much a security product will claim to make your system bulletproof, be warned: that there’s always a fine print written at the bottom. No system is impenetrable.

Of course, this doesn’t mean you shouldn’t take all the necessary measures against cyber criminals. It’s just that you shouldn’t rely completely on them.

Try a multi-layered security approach, onion-style.

If one layer falls, you’ll always have another one set up in place, that will protect you.

Some online deals charge but don’t deliver

by Rosario Méndez

Lots of people like to shop online. It’s easy and sometimes faster than finding what you want at the local mall. With just a few clicks, your order is processed and your purchase could be on your doorstep the next day. That is, unless you clicked on an ad that was really a scam.

Online ads that offer deals on luxury items at low prices can be part of a scheme to take your money and give you nothing in return. Scammers falsely use well-known name brands in their ads for clothing, shoes, online games, and other expensive items to entice you. Scammers know that people looking for a good deal may be tempted to click on their links. But if you know how to spot online shopping scams, you can avoid losing your money — and more.

If you like to shop online, keep these tip-offs to rip-offs in mind:

  • Anyone can set up an online shop. So before you place an order online, confirm that the shop has a physical address and a phone number where you can reach someone if you have problems with your order.
  • Scammers often offer luxury brands at ridiculously low prices to trick you.
  • Clicking on pop-up ads can download viruses, spyware, malware, and other unwanted software to your computer. It’s best to avoid them.
  • If the seller requires payment through a wire transfer or by you giving them numbers off a gift card or prepaid card, that’s a scam. Legitimate sellers won’t restrict payment to those methods.

For more tips, visit our Shopping & Saving page. While you’re at it, sign up for our scam alerts to help you recognize and report scams and frauds.

Link: consumer.ftc.gov