“Phishing is the simplest kind of cyberattack and, at the same time, the most dangerous and effective. That is because it attacks the most vulnerable and powerful computer on the planet: the human mind.” ~Adam Kujawa
Welcome to November! The holidays are officially starting. I know Christmas decorations have been quietly appearing in the stores for the last four or more weeks, but those were just the trailers / previews for the season. With the turn to a new calendar page, we are in full holiday season. National Retail Federation says holiday sales represent approximately 20% of annual sales. Not to miss out on a good thing, cyber criminals also amp up their presence. Vadesecure.com says we can expect a 43% increase in online fraud attempts. And up to 80% of people will fall for a holiday scam. (https://www.vadesecure.com/en/phishing-attacks-holiday-edition/ )
How do you guard against the onslaught? Recognize how the evil finds you. The two main avenues are through Phishing and Malvertising.
Phishing emails trick victims into giving up sensitive information, such as login credentials and credit card info, by way of social engineering and email spoofing. Spoofed emails mimic an email from a legitimate sender. Well executed spoofs will contain familiar branding and content, making them look and feel legitimate, and sound urgent—even threatening. Common phishing ploys include:
- A request for payment of an outstanding invoice.
- A request to reset your password or verify your account.
- Verification of purchases you never made.
- A request for updated billing information.
By tricking you into giving up valuable information, cyber criminals are able to hack the online services you use every day without any real technological savvy. To put it another way, why pick the lock when you can steal the key?
Malvertising, (Malicious Advertising) is the term for criminally controlled advertisements, typically within web browsers, which intentionally harm via malware, unwanted programs, and assorted scams. Malvertising can appear on any advertisement on any site, even the ones you visit as part of your everyday Internet browsing. Typically, malvertising installs a tiny piece of code, which sends your computer to criminal command and control servers. The server scans your computer for its location and what software is installed, and then chooses the most effective malware to send you.
To Protect Yourself: Think before you Click. Be skeptical about alarming notices, as well as any too-good-to-be-true pop-up offers you receive.
Enable click-to-play plugins on your web browser. Click-to-play plugins keep Flash or Java from running unless you specifically tell them to (by clicking on the ad). A large percentage of malvertising relies on exploiting these plugins, so enabling this feature in your browser will offer excellent protection. Step-by-Step instructions are available at: https://www.howtogeek.com/188059/how-to-enable-click-to-play-plugins-in-every-web-browser/.
Use ad blockers. By blocking all advertisements, you remove any chance of viewing and clicking on an ad that is potentially harmful. I use Ad Block Plus from https://adblockplus.org.
Last, but not least, keep your computer software patched, including all plug-ins like Java and Flash.
And one last thing, November 13th is World Kindness Day. Founded in 1998 by an organization called the World Kindness Movement, this international holiday encourages everyone to look deep into their hearts past religion, race, and other differences to do something nice for their neighbors and/or humankind.
If you found this information helpful, please practice World Kindness Day and share this newsletter with your loved ones. If you need computer assistance, please give me a call.