Security Awareness Blog
KnowBe4 is your platform for new-school security awareness training. We help you keep your users on their toes with security top of mind. It provides on-demand, interactive, engaging training through the browser combined with unlimited simulated social engineering attacks through email, phone and text.

Below are the most recent bulletins with great tips and information on keeping yourselves safe online, at work and at home:

Recent Posts
USB Sticks (User Snare Bait) 
Have you ever found a USB Stick/Thumb Drive, or a CD on the ground or in a parking lot? Hopefully you did not put this into your computer.  While you may be tempted by curiosity to see what data is on there, or perhaps to identify the owner, DO NOT insert any of these found objects into your computer.

You may think that it is your lucky day... 'Hey, Free USB Stick!', but in fact it could turn out to put you in a hot seat with your IT department.

This is a common tactic used by bad guys to infiltrate your network and steal information and to gain unauthorized access.
Code can be executed simply by inserting these devices into your computer. By the time you can see what files are on it, the damage may have already been done.

The average cost of a cyber attack such as this one on a small company is $200,000.
The cost to a large public corporation can cost over $6,000,000 per day of downtime.
Posted by rco  On Jun 21, 2019 at 10:54 AM
  
Unexpected Emails 
When you receive an email from an online service or business partner that you are not expecting, proceed with caution.

For example, if you receive an email from eBay stating that you have just won an online auction, there are a couple of questions you should ask yourself:
  • Am I a member of eBay? (This goes for online banking as well. If you receive an email from a bank you do not have an account with, do not click any links)
  • Did I bid on any auctions recently? (If you did not bid, you cannot have won)
This does not apply to eBay alone. The bad guys can use any online service such as banking, shopping and social networking to try and trick you.

Remember to Stop, Look, and Think before clicking on any email links.

When in doubt, open a web browser and visit the company website of the person who sent you the email. From there you can log in to your account to verify any activity that has taken place.

Do not click a link in the email to visit the site... Open a browser and type in the address of the company.
Posted by rco  On Jun 11, 2019 at 6:07 PM
  
The Shock Factor: Don’t Take the Bait! 
One of the most common and successful tricks cyber criminals use to trigger you into falling for their scams is fake “stressor events”. In this context, “stressor events”, are shocking or compromising situations that inflict fear or provoke other emotions, for the purpose of causing an impulsive reaction.

How it works:
When the bad guys present a shocking claim to an unknowing victim, they often add a sense of urgency to drive home the “importance” of the scenario. In reality, this sense of urgency is another factor increasing the chances that you’ll react impulsively and click on their malicious links or download their dangerous attachments. Attackers explain their fake scenarios in the body of their phishing emails, but they’re also known for using shocking subject lines such as, “Act Now: Fraudulent activity on your checking account”. Though these tactics certainly aren’t limited to phishing emails, scammers also use these techniques in Smishing (SMS, or text phishing) and Vishing (voice phishing) attempts.

How to avoid falling victim to pressure:
The reason these attackers are often successful is because they‘re convincing the target to either avoid a negative consequence or gain something of value. Stop and think about the likelihood of the scenario before making the wrong move.

  • Never open an attachment you weren’t expecting. Even if it appears to be from someone you know, pick up the phone to verify it’s legitimate.
  • If the sender of the email is difficult to get in touch with or unwilling to speak on the phone, it’s likely a scam.
  • If the sender requests that you send or receive money in unusual ways it’s probably a scam. For example, if they’re requesting a payment in the form of gift cards, don’t fall for it!
Posted by rco  On Jun 05, 2019 at 4:46 PM
  
Post Categories
Content Alert Subscription
    RSSSpaceBlog Feeds
    RSSSpacePodcast Feeds