What It is and How to Avoid It?

Account takeover fraud (ATO) is an increasingly common type of identity theft where a criminal uses a person’s login and password to take over the account. The fraudster can then change the access information, steal funds, and gather information used to access the person’s other accounts. This cybercrime has happened to about one in five adults, according to Security.org, with bank accounts and social media accounts being the most frequent targets.

ATO a multi-step process that can start with malicious software (malware) designed to give criminals access to passwords and other private information. Whether through malware or using stolen login credentials, the thief may sell the login credentials or keep them to use. From there, they access the account and monitor it to gather information so they can access other accounts belonging to the same person and commit additional fraud.

An ATO attack may involve changing the account’s:

• Name
• Contact information
• Shipping address
• Multi-factor authentication (when the account sends a text or email to confirm login)
• Security questions

If account access information is changed, the account’s owner won’t be able to log in or prove it’s their account. For shopping sites, the shipping address can be changed and a shopping spree begins. For financial accounts, a fraudster can log in, change the account credentials – locking out the true owner – and drain the funds through wire transfers or other means.

How ATO Attacks Begin

Fraudsters can initiate ATO fraud in a number of ways, many of them beginning with login credentials stolen in massive data breaches like the ones that hit UScellular, T-Mobile, and Microsoft recently. Any information gathered in those breaches may grant access to the affected accounts and others using the methods below.

Phishing

You may have heard of phishing attempts where a would-be thief sends an email that looks like it’s from a bank or other official source in order to trick the recipient into revealing account numbers and other personal information. Other variations include a phone call version called vishing, where the attacker calls a person and pretends to ask about suspicious account activity only to trick the person into giving out account information. Smishing is the same scam via text or SMS message.

Credential Stuffing

When fraudsters use bots, or automated programs, and huge purchased lists of stolen credentials to log into (stuff) many websites at once, hoping to find a match it’s called credential stuffing. When people reuse passwords for different websites, this becomes a highly successful technique. A similar type of attack, called brute force or credential cracking, occurs when a bot uses passwords and security question answers stolen during a data breach to try and guess passwords for other accounts.

Man-in-the-Middle

Man-in-the-middle attacks occur when hackers take over unsecured public Wi-Fi and use it to spy on the digital activity of anyone using the network. These attacks capture information going from phones and laptops to e-commerce sites and financial institutions. Another version involves the scammer setting up their own Wi-Fi that looks like it’s the official network for the coffee shop, restaurant, movie theater, etc. and using it to collect private information when patrons log on to it and shop or bank.

Malware

Malware often gains access to someone’s machine through a phishing attack. But it can also sneak into a phone or computer via apps or plug-ins downloaded over compromised Wi-Fi networks or from dubious websites. Once it self-installs, malware can steal information, rewrite programs, corrupt or delete information, or render the device unusable. Malware for ATO fraud, however, is more likely to operate undetected in the background, gathering security information and funneling it to the attacker.

Overlay Attacks

Malware can also launch overlay attacks by creating a fake login screen for banking or shopping sites. It can steal credentials as well as intercepting and redirecting funds.

How to Detect ATO Fraud

Because an ATO is designed to quietly change account details or monitor account activity without detection, it can be hard to spot. There are signs, if you know what to look for.

Some ways you might notice that your account has been taken over are:

• New information in your account like a new contact email, shipping address, or phone number
• Transactions you don’t recognize in your bank account or shopping accounts
• Password reset notifications when you didn’t request the change
• Loyalty points missing when you didn’t use them

Make sure you keep your contact information current and take advantage of settings that notify you when account details change.

Targets of ATO Fraud

ATO fraud primarily targets individuals but it damages businesses as well. You may be locked out of your accounts and have to go through the aggravation of closing or regaining access to accounts. A thief may make thousands of dollars of unauthorized purchases on your e-commerce accounts. Any fraudulent purchases should be credited by the merchant, which is one of the ways ATO fraud hurts businesses. It’s also possible that your financial accounts could be drained after the thief gains control of your accounts.

Don’t make the mistake of thinking only wealthy individuals are targets of ATO attacks. While fraudsters may start there when utilizing stolen data, they eventually try to access accounts linked to all the credentials in the file. People from households with incomes between $25,000 and $49,999 are most likely to be victims of account takeover. Other groups that are statistically more likely to be targeted include Android phone users, people more than 45 years old, and residents of New England.

These types of accounts are the most common targets for takeover, according to Security.org:

• Social media
• Financial
• Shopping
• Email
• Loyalty cards
• Streaming services
• Government benefits
• Cell phone
• Travel

The most common consequences of ATO are identity theft, financial losses (about $12,000 per person on average), and takeovers of other accounts. However, more than 80% of those affected were able to recover the affected account.

How to Avoid ATO Fraud

Since the pandemic forced so many people to conduct more activities online, ATO has risen significantly – about 250% from 2019 to 2020. Given how many much the average person does online, and how insidious ATO is, it’s very difficult to completely avoid it. But there are steps you can take to make your accounts as secure as possible. Using as many of these techniques as possible provides the greatest digital security.

Use the following to reduce the chance of ATO:

• Link skepticism – don’t click links in emails or texts, even from a trusted source, before going to the site directly or contacting the sender
• Enhanced authentication – apply two-factor or multi-factor authentication when possible
• Password hygiene – use strong, complicated passwords that are unique for each account
• Security questions – choose answers that aren’t obvious or easily discovered from your social media posts
• Virtual privacy network (VPN) – set up to hide your online activity from fraudsters
• Identity theft protection – often available for free from credit card companies or companies that lost your data in a breach, this service monitors your credit, the dark web, and other areas looking for signs of attempted fraud
• Antivirus programs – regularly scans your computer and/or phone for signs of hacking, malware, and other scam attempts

How To Respond to ATO Fraud

Even the best avoidance attempts can sometimes fail to prevent ATO fraud. In that case, it’s important to act fast so you can retake your account and minimize the damage.

If you have been a victim, take the following steps:

1. Alert the company – preferably by phone
2. Tell your contacts – warn the people on your contact list so they don’t click on something that looks like it came from you
3. Install antivirus software – if you weren’t using one before, an antivirus program may be able to isolate malicious code or programs and prevent further damage
4. Check all accounts – look for signs of a problem, especially on social media
5. Change all passwords – update PINs and security questions as well
6. Use all available tools – if there are any methods to avoid ATO that you weren’t already using, now is the time to put them in place

Learning about a threat like ATO fraud can be alarming. But awareness can also lead to preventative measures. Something as simple as not using the same password for multiple accounts will make you more secure since 56% of compromised accounts had the same password as the victim’s other accounts, according to Security.org. Good password hygiene and the rest of the steps outlined above will reduce the odds that you’ll have to learn about account takeover fraud firsthand.

Quiz: Account Takeover Fraud

Test your knowledge by answering the following questions!

Question: 1. What are some common methods for taking over an account?
Phishing and man-in-the-middle
Malware and credential stuffing
Overlay attacks
 All of the above

Question: 2. How can you detect ATO fraud?
 Password reset notifications when you didn’t request the change
 Missing mail
Your debit card doesn’t work
Spam phone calls

Question: 3. Only high-net worth individuals are targets of ATO, true or false?
True
 False

Question: 4. What’s a possible consequence of ATO?
Home Wi-Fi goes out
Increased insurance rates
 Identity theft and financial losses
 Being locked out of your home

Question: 5. iPhone users are more likely to be victims of ATO, true or false?
True
 False

Question: 6. What’s the simplest way to guard against ATO?
Stay off the internet
 Use good password hygiene
 Never talk to strangers
Close all your credit card accounts

Question: 7. What does a virtual privacy network do?
Protects your home from burglars
Keeps your neighbors from seeing in your windows
Alerts you when your name is mentioned online
 Hides your online activity from fraudsters

Question: 8. What should you do first when you learn one of your accounts has been taken over?
Call the FBI
Post about it on Facebook
 Alert the company
 Change all your passwords to 'password123'

Question: 9. How many accounts should have the same password?
 None
 No more than 3
As many as you’d like
Up to 25

ATM and Debit Card Misuse

Unless you are built like Hulk Hogan or can fight like Chuck Norris, you should probably avoid getting large sums of cash from the ATM machine after dark, especially when the machine is located in a dark alley. We all understand that the bad guys are lurking in the shadows, waiting to take our money and valuables, if not our life. What we may not realize is that some of the bad guys are out during the day, and they have easier ways to obtain your personal information than strong arm robbery.

Many ATM machines are owned and operated by financial institutions, but others come under private ownership and merely access the ATM data network to receive authorization for transactions. If you use one of these machines, or a machine that belongs to a financial institution other than your own, you may not be familiar with the operation of that machine. For instance, your financial institution may only allow one transaction per swipe of the ATM card. You become accustomed to getting your money, taking the receipt, and walking away. However, many ATM machines will allow multiple transactions. It is possible that unless you tell the machine that you do not want any additional transactions, and verify that the machine returns to the welcome screen, the person approaching the ATM immediately after you can simply press the "YES" button for more transactions and then withdraw money from your account.

Other Considerations

It is always a good idea to keep any receipt offered by ATM machines or merchants. If you plan to throw the receipt away, do so at home by shredding it in a crosscut shredder. Do not throw the receipt away near the ATM machine, as it is simple for someone watching the machine to simply pick up the receipt and use the information. Occasionally, ATM receipts may show your name, account number, and account balance. This information should be protected for obvious reasons.

Be wary about leaving a debit/credit card receipt on the table in the restaurants. It is very easy for another patron or the restaurant staff to note the private information on the receipt (cell phone cameras are VERY handy for this), and later misuse or sell that information. Additionally, it is not a bad idea to turn your card face down on the check while waiting for your server to close out your bill. Cell phone cameras can easily snap a picture of your card for later use in making fraudulent purchases.

You should never write your ATM or debit card PIN numbers down, especially on the envelope with which many are issued. This makes it very easy for a thief to gain access to your account. Likewise, try not to use the same number for every card. If a thief guesses (or locates) the number used for one card, they can access all of your cards.

Also, do not use an easily guessable number from the information in your wallet or purse, such as your telephone number, street address number, zip code, last four digits of your Social Security number, driver's license number, etc. It is a bad idea to use any number that represents anything about you, your family, or your work as a PIN for an ATM card. Instead, use random, non-sequential numbers.

The Bottom Line

For many criminals, it is easier to steal information from places where you leave it unattended than it is to hit you over the head at the ATM machine. While you should always be fully alert to those around you when using an ATM machine, you should not let down your guard after you have completed your transaction.

Quiz: ATM and Debit Card Misuse

Test your knowledge by answering the following questions!

Question: 1. True or False. Only Chuck Norris and Hulk Hogan are safe using ATM machines.
True
 False

Question: 2. True or False. Nobody knows my REAL birth date so that will make a good PIN for my ATM card.
True
 False

Question: 3. True or False. I should not worry about leaving my card face up on the bill tray.
True
 False

Question: 4. True or False. All receipts should be shredded in crosscut shredder.
 True
 False

Franklin D. Roosevelt stated, "The only thing we have to fear is fear itself." Of course, FDR did not have to worry about Internet banking. For many users, accessing account information via the Internet is a daily occurrence. The convenience of 24/7/365 accessibility to financial information overshadows any fear information could be compromised. These users come from a diverse background, but for the most part, they make use of the Internet on a frequent, and even daily, basis.

For others, the thought of sitting at a computer and moving their money without a teller being involved to keep it straight and secure is both daunting and frightening. For some, fears are founded in the belief that should accounts be accessed from the Internet, "THEY" will get the password. Of course, "THEY" are the bad guys and gals who are trying to gain access to your money.

The most common myth about Internet banking is that simply accessing online accounts is a surefire way to get your money stolen. While there are no guarantees that criminal activity against your account will not occur in the electronic world, the same applies to armed robbery of your local brick and mortar financial institution in the real world. Both types of crimes affect your financial institution and your money.

There are safeguards in place at financial institutions that should help to alleviate any concerns. First, the NCUA (National Credit Union Administration) and the FDIC (Federal Deposit Insurance Corporation) insure deposits at most credit unions and banks. These agencies are responsible for ensuring that financial institutions operate in a safe manner and are protecting the personal information of their clients. In addition, some institutions might contract with private insurance companies that provide even higher limits.

Second, financial institutions use secure, encrypted communications to protect the contents of their client's transactions when performing business over the Internet. The likelihood of a client having their login credentials stolen over the network during the login process is extremely remote, especially with the use of encryption. It would be more likely that a malicious program in the form of a virus or Trojan installed on the client's computer would capture the keystrokes during the login, but one should apply that concern to all personal information typed into a computer and not just to Internet banking.

Is there any hope?

So what can you do to make yourself safe while you are using the Internet for financial transactions?

First, avoid clicking web page links in emails and other online media that appear to come from your financial institution. Your financial institution will provide you with their website address, and you should manually type that address into the browser when you wish to connect. It can be stored on your personal machine as a bookmark, but it is important that every time you connect, you visually verify that the address in the browser toolbar matches the one given to you by the financial institution.

Second, before you enter your user ID and password as a login, make sure that the connection is encrypted. You can verify the connection by ensuring that the website address begins with https:// and not http:// (the "s" indicates a secure connection) and that the "lock" appears in the browser next to the URL. On all common browsers, such as Internet Explorer or Edge, Chrome, and Firefox, a padlock will appear next to the URL when the connection has been encrypted. If that lock does not appear, but the address appears correct, contact your financial institution for assistance.

Third, do not access a financial institution's website from computers that you do not control. Since you are not the owner of the computer, you may not know how current the anti-virus software is, if the computer has a Trojan backdoor or key logger program installed, or if other problems exist. Also, remember that browsers may keep a cached copy of web transactions. As such, it may be possible that you are inadvertently leaving a copy of your sensitive information on the computer you are using.

Lastly, if anything seems wrong, it most likely is. If you are seeing different web pages or significant spelling and grammar problems with the web site that you think is owned by your financial institution, stop using it by closing your browser and call the institution. If you are getting email that appears to come from your financial institution asking you to login and verify information, DO NOT login or click the provided link. Forward a copy of the entire email to your financial institution for verification.

The good news!

Keep in mind that nothing in life is without risk, but Internet banking has evolved into a viable, secure means of performing routine business transactions. With proper care on the part of both the institution and the client, it can be a safe and rewarding experience.

Quiz: Online Banking Myths

Test your knowledge by answering the following questions!

Question: 1. True or False. All Internet banking transactions use encryption.
 True
False

Question: 2. True or False. Using Internet banking is a sure fire way of having your money stolen.
True
 False

Question: 3. True or False. If I see differences in the web site, I should ignore them, as it is probably the financial institution doing an upgrade.
True
 False

Question: 4. True or False. Using a kiosk Internet connection at the airport or the mall is perfectly safe for Internet banking.
True
 False

What Are Botnets?

Botnet is a slang designation for a group of computers, (software robots, or bots) all connected to the Internet, which run automatically and interact to accomplish a distributed task, usually illegal or nefarious in nature. The reason you should know about botnets is because they operate without the computer owner's awareness. You should protect your computer from becoming part of a botnet.

A botnet herder (owner) typically compromises, infects, and subsequently assimilates these computers into the botnet from a remote location without the owner's knowledge. The computers themselves are known as drones. The more drones contained within the botnet, the more damage the botnet can wreak on the Internet as a whole. The malicious software running on the drones is a "bot".

The difference between a botnet and a conventional worm is the presence of a unifying control system.

How Do Botnets Work?

The primary goal for a botnet herder is to gather as many drones as possible into the botnet. The bot software usually contains a functionality automating the task of scanning a computer's IP address for vulnerable software holes. The bot then propagates itself using these vulnerabilities and weak passwords.

Bots become more valuable if they are able to scan and propagate through a greater number of vulnerabilities. This allows them to recruit more bots into the botnet and make the collective more powerful through the greater number of drones.

Botnet Concerns

The collective nature of botnets provides criminals with power over those who use the Internet. Herders with control over a large number of systems can engage in more damaging activities and wreak substantial havoc on the Internet.

The following types of attacks are caused by botnets:

• Keylogging (for additional information, see the Keylogging course within this Training, Education, and Awareness Module)
  • Bots listen for keyboard activity and report the keystrokes to the herder
  • Some bots have triggers to look for visits to websites where passwords or bank account information is entered
  • Keylogging bots are most threatening to an individual's privacy
  • Many bots also grant the herder access to the drones file system, so the criminal can read anything stored on the computer
• Click Fraud
  • Bot software is used to visit web pages and automatically click on ad banners without the user's awareness
  • A bot with thousands of drones can bring large financial returns to the herder
  • The traffic to the advertiser looks legitimate because the clicks come from different machines from all over the world
• Denial of Service
  • Numerous machines access a single Internet system and saturate its bandwidth and other resources
  • The access appears to be legitimate, but the load causes the system to act slowly or in a non-responsive manner, and site access can be hampered
  • A business could lose money if customers cannot reach them
• Spam
  • Compromised systems can forward spam or phishing scams to users throughout the Internet
  • Messaging applications can be used to forward malicious ads or links to all contacts in a victim's address book
  • A herder can minimize the threat of getting caught, as thousands of systems are doing the dirty work
• Warez
  • Illegally obtained or pirated software
  • Botnets can steal, store, or propagate warez by searching hard drives for software licenses installed on a victim's machine
  • The collective botnet has a very large amount of storage capacity
• Cryptocurrency Mining
  • Processing power, electricity, and Internet used to mine for cryptocurrency
  • Use collective processing power to generate large profits

How Do I Protect Myself?

Prudent security practices and user awareness are key in avoiding infection and exploitation by Botnets. We can all mitigate Botnets by preventing their formation in the first place.

• Each individual computer owner or user must ensure their system is protected and patched, and their software is upgraded (see the course on Home Computer Tips within this Training, Education, and Awareness Module for more information on how to do this)
• Set your operating system to automatically download and install security patches
• Investigate email scanners, firewalls, and spam blockers
• Never click on web sites you do not trust
• Use anti-virus and anti-spyware software and keep them updated
• Be cautious about opening email attachments
• Monitor your "Sent Items" and your "Outgoing" mailboxes for messages you did not send
• Disconnect from the Internet when you are not actively using your computer

What to Do If You Are a Victim of a Botnet

• If your computer starts operating slowly or abnormally, you should be suspicious
• If you have reason to believe you have been hacked or infected, disconnect from the Internet immediately
• Perform a full scan of your computer with your updated anti-virus and anti-spyware applications
• If you suspect any of your passwords have been compromised, call the applicable companies immediately to change the passwords, freeze the accounts or change the account numbers
• File a complaint with the Internet Crime Complaint Center (IC3) at https://www.ic3.gov/complaint/default.aspx. The IC3 serves as a vehicle to receive, develop, and refer criminal complaints regarding the rapidly expanding arena of cyber crime.

Quiz: Botnets

Test your knowledge by answering the following questions!

Question: 1. Botnet herders are easily found and prosecuted because they do all the hard work themselves.
True
 False

Question: 2. Drones are computers that have been compromised and infected by a bot and then assimilated into the botnet.
 True
 False

Question: 3. There are many ways to ensure that you do not become a victim of a botnet.
 True
 False

Question: 4. Herders are happy with just a few drones.
True
 False

It is difficult for parents to ensure their children can safely engage in online activity. The daily news is rife with reports of internet predators and underage Internet users are often unaware of the malicious intent of online acquaintances or sites with which they interact.

The Internet is an excellent source of 24/7 information, providing young people the opportunity to socialize, pursue their interests, and seek validation, but the Internet can also increase children's exposure to identity theft, hacking, and online stalkers.

How can parents help protect their children?

Home Computer Safeguards

Parents can ensure that the home computer provides safeguards.

• Keep computers in the family room rather than the child's bedroom. It is more difficult for offenders to communicate with a child when the computer screen is visible to other family members.
• Research filtering, blocking or website rating applications to provide adequate content control.
• Monitor your child's interaction with online friends, just as you would their real time friends. Anonymous Internet contacts may not always be accurate. A twelve-year-old female's Internet identity may actually belong to a fifty-year-old man.
• Talk to your children with cellular phones about acceptable usage.

Away from Home

Parents should also be aware that the home computer is not the only way for their children to access the Internet. They can use the unmonitored computer at a friend's house, their school, the public library, a club or even a coffee house. In addition, game consoles, tablets, and mobile phones have the ability to connect to the Internet. For these reasons, it is important to openly communicate with your child to form healthy Internet habits.

• Talk to your child about potential online dangers and sexual victimization.
• Teach your children about responsible use of online resources.
• Talk to your child's school, friends, and public library about putting safeguards in place regarding unmonitored Internet access.
• Teach your children the following:
  • Never arrange a face-to-face meeting with anyone they meet online unless a parent is present.
  • Never provide any personal information such as real name, phone number, address, social security number, school name, etc.
  • Make sure their screen name does not reveal too much about themselves (do not use, name, age, hometown, etc.)
  • Downloaded pictures can include unwanted programs, viruses, or sexually explicit images.
  • Never respond to any messages or postings that are obscene, suggestive, harassing, or make you feel uncomfortable.
  • Not everything they see or read online is true.
  • Never post information they would not want others to see. They need to realize that once they post it, they cannot take it back. Even if they try to delete it, older versions often exist in cyberspace.
  • Flirting with strangers online can have very serious consequences. Many people lie about who they are. You may never really know with whom you are interacting.
  • Trust your gut feelings and report any suspicions. Immediately notify a parent, another adult, someone they trust, or even let the police know if they feel threatened or uncomfortable about any online activity. Prompt notification could prevent someone else from becoming a victim.

Additional Resources

Visit Child Safety on the Information Highway at http://www.safekids.com/child-safety-on-the-information-highway/. This site is sponsored by the National Center for Missing & Exploited Children (www.missingkids.com; https://www.netsmartzkids.org/). They also have a CyberTipline at https://missingkids.org/gethelpnow/cybertipline.

The Federal Trade Commission recommends the following sites (listed in alphabetical order) for tips and information from the federal government and the technology industry:

GetNetWise — https://www.getnetwise.org

GetNetWise is a non-profit organization supported by public interest groups, corporations, and associations representative of the diversity of the Internet community.

Keep Safe Coalition — https://www.iKeepSafe.org

iKeepSafe.org, The iKeepSafe mission is to provide a safe digital landscape for children, schools, and families by supporting the protection of student privacy, while advancing learning in a digital culture. To support this mission, we provide data privacy certifications to technology companies, educational resources to schools, and information to the community.

National Crime Prevention Council — https://www.ncpc.org; https://www.mcgruff-safe-kids.com/

The National Crime Prevention Council (NCPC) is a private, nonprofit organization whose primary mission is to enable people to create safer and more caring communities by addressing the causes of crime and violence and reducing the opportunities for crime to occur. NCPC addresses Internet Safety with kids and parents through www.mcgruff-safe-kids.com and public service advertising under the National Citizens' Crime Prevention Campaign — symbolized by McGruff the Crime Dog and his "Take A Bite Out Of Crime."

National Cyber Security Alliance — https://staysafeonline.org

NCSA builds strong public/private partnerships to create and implement broad-reaching education and awareness efforts. This empowers users at home, work, and school with the information they need to keep themselves, their organizations, their systems, and their sensitive information safe and secure online, while encouraging a culture of cybersecurity.

Wired Safety — https://www.wiredsafety.org

WiredSafety is the first online safety, education, and help group in the world. Originating in 1995 as a group of volunteers rating websites and helping victims of cyber-harassment, it now provides one-to-one help, resources, extensive information, and education to cyberspace users of all ages on a myriad of Internet and interactive technology safety, privacy, and security issues.

Quiz: Child Safety Online

Test your knowledge by answering the following questions!

Question: 1. Parents and children can believe everything they read on the Internet.
True
False

Question: 2. The Internet is a good place to learn and perform research.
 True
False

Question: 3. Because your child is a good kid, you can trust that they are safe online.
True
 False

Question: 4. Everything is exactly as it seems or is represented on the Internet.
True
 False

Unfortunately, we’ve all seen examples of clickbait, those sensationalized or enticing "headlines" that appear on some websites:

• 7 Steps to Insane Wealth
• What Your Doctor Isn’t Telling You
• The Truth Behind Laser and Radar Detectors!

While some clickbait is just annoying, other types can be misleading and harmful.
Knowing how to avoid clickbait starts with understanding it.

What is Clickbait?

Merriam-Webster defines clickbait as "something (such as a headline) designed to make readers want to click on a hyperlink, especially when the link leads to content of dubious value or interest." According to Google, clickbait is "Ads that claim to reveal secrets, scandals or other sensationalist information about the product or service being advertised…"

While definitions vary a bit, clickbait is basically a manipulation created by advertisers to get you to click on a link. Clicks matter because companies pay for advertising based on the number of clicks an ad receives. Those clicks drive viewers to their websites. More clicks mean more money for advertisers and marketers.

When you click on a clickbait link, sometimes the promised information is there but often it’s not or not in the sensationalized way you were led to expect. For example, The Truth Behind Lasers and Radar Detectors link mentioned earlier could lead to information about these devices. Or, it could just be an ad for radar detectors poorly disguised as a news article. Frequently, clickbait is used by advertisers to track you as a user and serve up ads that appeal to you based on your browsing behavior. More on that below.

Where you might find Clickbait

If your online ventures are limited to reading The New York Times or Wall Street Journal and checking the weather, you might not encounter clickbait. But stray over to social media, various local news sites, magazines or blogs, and you will see it. It may appear in the form of links at the bottom of your screen or you might even receive pop-up ads featuring click bait.

If you click on links in the example photo above, you may learn what the 20 most expensive dog breeds are or which actors didn’t want to kiss onscreen. However, just be aware that related ads will stalk you all over the internet for months or even years to come. In an effort to show you ads that are relevant to you, advertisers use tracking technology to follow your browsing and see what ads you click on. They store that information and sell it to other advertisers. So you may see ads or even receive email with related content. This can be annoying, but not physically harmful.

Unfortunately, the picture showing a boy pouring hand sanitizer in his ear along with the headline about tinnitus (ringing in the ear) is an example of clickbait that can be more dangerous. Many health-related clickbait links are worrisome because they encourage people to self-medicate or treat conditions with unproven remedies rather than seeking medical attention. This is especially concerning during a global pandemic when people have been known to share stories about unproven transmission routes or false cures.

How to Avoid Clickbait

While clickbait began as a way to generate more page views and revenue for advertisers, it’s now falling out of favor. Facebook uses an algorithm to find clickbait and bury it, and the sites that promote it. Google has demoted clickbait in search results for years and in 2020 banned it completely under the search engine’s Misrepresentation policy.

While those measures are helpful, clickbait has certainly not disappeared. The junk mail of the internet is still around and it’s still something best avoided. Here are some tips for doing that:

Use an ad blocker. Adblock Plus, uBlock Origin, and Poper Blocker are three popular software tools that block these ads. Not only will they block pop-up ads but also most of the kind of clickbait discussed above.

Check the sources. If you find yourself facing a bank of links like the one above and wondering if it’s clickbait, check the sources, which are listed between the image and the headline.

Look them up on Google to learn more. Using this example, you might find that Ranker is a website devoted to lists, Wikibuy is a coupon app, and Investing.com sells investments and investment advice.

Pay attention. Slow down and ask yourself if what’s being touted really seems plausible or true. In the end, the simplest way to avoid clickbait is to look for the words "sponsored content," "from our advertisers," or something similar. The Federal Trade Commission requires advertisers to include that label so consumers can tell news from advertising.

Why Clickbait Persists

There is actually a bit of science behind why clickbait is so compelling. For one, our brains are hardwired to avoid ambiguity. When links plant a question such as "Secrets Your Doctor isn’t Telling You" your brain automatically wants to know this unknown information.

Additionally there’s the fear of missing out or FOMO. Studies have shown that humans experience a spike of dopamine, the feel-good hormone, when checking social media. Conversely, we feel worry and dread when we think we might miss out on the latest information. So, we take the bait. However, once we understand what click bait is and how to avoid it, we can break the cycle.

In summary, clickbait is:

• Sensationalist, overhyped, and otherwise manipulative
• Often found under "sponsored links" or "sponsored stories" at the bottom of a web page
• Sometimes dangerous or debunked information
• Required by the Federal Trade Commission to be labeled as advertising

Quiz: Understanding and Avoiding Clickbait

Test your knowledge by answering the following questions!

Question: 1. What is clickbait?
 A. A headline or phrase, often sensationalized, designed to make readers want to click
 B. A bold headline
C. A news story you don’t like
D. Any online advertising

Question: 2. Why do people respond to clickbait?
A. Someone told them to
 B. Their brains are wired to want answers, finish tasks, and not miss out
 C. The headlines are boring
D. A computer virus

Question: 3. Where is clickbait usually found?
A. In the newspaper
 B. Social media, magazine sites, and ad-supported blogs
 C. On TV
D. On reputable news sites

Question: 4. Why does clickbait matter?
A. It's boring
B. It steals your credit card information
 C. It can contain false or misleading information
 D. It's expensive

Question: 5. How can you avoid clickbait?
A. Use an ad blocker
B. Check the sources
C. Pay attention
 D. All of the above

What is "The Cloud"?

People likely refer to 'the cloud' regularly in your world. But what does 'The Cloud' really mean, and how does it affect you and keeping your personal data secure?

It seems like only a short time ago when we always saved things directly to our desktop, a USB drive or even a hard or floppy disk (if you go further back to the inception of the personal computer, that is). In those days people worried about someone stealing their machine or having the computer crash. However, as time went on, data got 'heavier' and took up more room on these limited, physical spaces. The answer? The Cloud.

What is The Cloud?

The cloud should not be confused with the Internet or even the World Wide Web. The Internet is the electronic connection of all the computers joined together across the world, while the web is the software that runs on the Internet as a way of sharing information. In the simplest terms, the cloud offers a way to store and access data and programs over the Internet instead of on your computer's hard drive.

How do people use The Cloud?

Some examples of possible cloud-based software are things you may leverage in your daily life:

• Streaming sites like Netflix or Hulu
• Online banking Applications
• Music streaming software or service such as iTunes
• Podcasts
• Audio Books such as Audible
• Online Storage Drives like Goodle Drive or Dropbox
• Social Media Applications such as Facebook and Twitter
• And more!

Advantages of The Cloud

There are many benefits of the cloud, as it has the potential to broaden horizons for businesses and for individuals. Being able to access important things on-the-go is very convenient in our modern world and it can be applied to a multitude of situations such as banking, healthcare, education, etc.

The cloud has already changed the educational world. Many higher education institutions realized long ago that leveraging cloud computing could offer students from around the globe the opportunity to take classes and even earn degrees online. For example, this type of convenient learning option could offer a working mother time to better her education but still have time to devote to her job and family.

Developing countries have been able to leverage cloud computing by bypassing the traditional, expensive technology infrastructure and using smart device technology. The healthcare industry has begun to adopt cloud technology to reduce operational costs with automation, while also creating a more secure environment for healthcare information to be stored.

These days, there is a doctor for everything: primary care, podiatrist, ENT, specialist, etc. Using the cloud, physicians have the ability to connect to shared networks with other physicians. Being able to share your healthcare history with each other quickly, with a click of the mouse, could be key to getting you the precise treatment you need in an emergency. Patient portals also allow you to keep track of all your healthcare information, from your lab work results to scheduling your appointments.

The possibilities are endless.

Common concerns about using cloud storage

There is a downside to the cloud too. You have to let go a little, and change isn't always easy. You are not in physical control of your files for file storage so you are trusting that the cloud provider will keep your data safe. There also can be some frustrating usage challenges sometimes, as with all technology. For example, if your Internet connection is poor or your cloud provider has a technical issue, you may not be able to access your information.

While all of these types of modern technological marvels can enrich our lives or create convenience, there are safety measures that should be practiced when using cloud solutions. When using cloud-based applications, your files are 'online', and therefore at risk for a breach. The data within those files can be very telling about who you are as an individual. In the wrong hands, it can be dangerous.

Safety measures to use when accessing cloud solutions:

Enable strong passwords

Don't use the same password for multiple accounts. If a hacker gets one password, they can access all of your accounts if you are using the same one. Refrain from using passwords that are common knowledge to someone trolling your social media account such as the name of your children or pets. Instead of a word, use phrases with a mix of characters and numbers. Change your passwords often.

Use two-factor authentication

Two-factor authentication is using two different methods of confirming your identity when trying to login to your account. Some cloud solutions will require this automatically, while others you have to set up within your settings.

You may have seen this security method used more often lately by several companies who are taking extra security measures. For example, if you do your taxes online, the IRS website sends you a text when you try to login, even if you have correctly entered your username and password. Set up security questions that add an additional layer to securing your account from those that might be trying to steal your credentials to access private data.

Back everything up

This is simple to say and do, but it does take that extra effort to go the extra mile in our already busy lives, which is why so many people lose data when a computer crashes. In other words, don;t put all your eggs in one basket. Use more than one cloud platform or leverage physical backup to a USB or second hard drive.

Take nothing for granted — always

No security is foolproof, and that rings true for the cloud too. Yes, there is a risk saving files to the cloud so you should consider which ones might be better saved locally to your drive. That said, with viruses and malware your entire personal computer is always at risk too. Cloud service organizations leverage heavy security and encryption to protect your data, but there is always a hacker that thinks they are up to the task of quite literally cracking the code.

Quiz: Cloud Computing

Test your knowledge by answering the following questions!

Question: 1. Cloud based applications are 100% secure from data breaches.
True
 False

Question: 2. What is an example of a possible cloud application?
Digital streaming services
Online storage
Social Media
 All of the above

Question: 3. What is two-factor authentication?
Double checking your IP address
 An extra security step to verify you are the correct user
 Part of the world wide web

Question: 4. Encryption techniques are used by cloud service providers to protect data.
 True
 False

Question: 5. Though the Cloud is most often convenient and safe, what extra precautions should you take to protect your data?
Back important files up somewhere else like a USB drive
Have a complex password
Change your password regularly
Use two-factor authentication
 All of the above

Does all of the hype surrounding cryptocurrency confuse you? If so, you are not alone. You may be wondering what exactly cryptocurrency is, why it is utilized and the potential security risks associated with conducting transactions via cryptocurrency.

To help orient you, let us look at the concept, types of cryptocurrency, usage and security risks and best practices associated with using this form of currency.

What is Cryptocurrency?

Cryptocurrency is a digital coinage, which utilizes encryption techniques to regulate the generation of units of currency and verify the transfer of funds, operating independently of a central bank. Simply put, cryptocurrency is unlike cash in that it is not physically accessible. Cryptocurrency holdings are electronic and do not have oversight by the government but rather through the shared community of internet users as a whole. Crypotocurrency transactions are recorded on a public ledger referred to as the Blockchain, a mechanism that validates and records cryptocurrency transactions.

The most popular type of cryptocurrency is Bitcoin, introduced in 2009. Other cryptocurrencies include Ethereum, Tether, Litecoin, Zcash, Ripple, Monero and other lesser-known brands.

Why Cryptocurrency instead of traditional currency?

There are various reasons why individuals are utilizing cryptocurrency, including:

• Privacy associated with transactions (i.e. no name associated with credit card)
• Low cost processing fees
• Accepted globally, eliminating the need to exchange currency
• Expedited process for investments

What are the security risks and concerns of using Cryptocurrency?

While cryptocurrency may be an appealing form of currency for some individuals, there are risks associated with transactions.

• Vulnerabilities within cryptocurrency platforms can open the door for hacker exploitation and result in a cyber breach. If your "wallet" is exposed, the potential result is theft of your cryptocurrency account.
• Cryptocurrency providers are becoming frequent targets of Distributed Denial of Service (DDoS) attacks, which means consumers of a cryptocurrency provider impacted by a DDoS attack may be unable to access their currency.
• The anonymous nature of transactions opens the door for fraud. Cybercriminals find cryptocurrency an attractive method of laundering funds and committing fraud as they often work through the "dark web", the part of the World Wide Web that is only accessible by means of special software, allowing users and website operators to remain anonymous or untraceable. Cybercriminals are able to conduct nefarious activities through this black market exchange.

Best Practices for utilizing Cryptocurrency

So now that you know the security risks associated with cryptocurrency, what practices can be used to ensure you do not fall victim to theft or fraud?

• When accessing your account with a cryptocurrency provider, ensure you have two methods to verify your identity. This will prevent theft of your currency in the event your password is stolen.
• Do not share the private keys associated with your cryptocurrency with anyone. Follow the same protocol you utilize for protecting your passwords.
• Do not store your private keys on an internet-connected device. This widens the opportunity for hackers to access your cryptocurrency wallet.
• Regularly back-up your cryptocurrency wallet. Unlike credit or cash, a technical malfunction of your computer or hard-drive could result in loss of your currency if you do not have a backed-up copy.

With the explosion of technologies, applications and confidence in online transactions, we continue to see the emergence of alternative methods for communication and business transactions. We hope the information has been informative and will assist in your evaluation of cryptocurrency.

Quiz: Cryptocurrency

Test your knowledge by answering the following questions!

Question: 1. Which of the following best describes Cryptocurrency?
Credit Cards
Cash
 Digital Coinage
 Wire Transfers

Question: 2. Cryptocurrency is regulated by government agencies.
True
 False

Question: 3. Which of the following are security risks associated with utilizing cryptocurrency?
Cryptocurrency applications may be vulnerable to exploitation by hackers
Cryptocurrency providers are frequent targets of hackers
Cybercriminals are using cryptocurrency to trade on the 'dark web'
 All of the above

Question: 4. When using cryptocurrency, you should share your private keys with family members?
True
 False

Question: 5. Using two forms of identity verification help protect you against theft of cryptocurrency.
 True
 False

A Guide to Successful Cyber Hygiene

Admittedly, when you hear the term cyber hygiene for the first time you probably have one of two reactions: 1) You have a sudden urge to disinfect your keyboard and mouse or 2) personal hygiene habits come to mind.

In truth, it's closer to the latter. Cyber hygiene generally refers to the steps that computer/device users take to maintain system health and data security. The word hygiene infers the need for habits or a routine to help prevent infection and maintain wellness. Much like your personal hygiene regime serves to keep your body healthy over time, a cyber hygiene routine is designed to preserve the health of your technology systems through repeated security best practices.

Why Cyber Hygiene is Important

Unfortunately, the criminals who want to hack your devices or steal your data can be pretty clever and quite relentless. They will come at you and your devices in a variety of ways and on many occasions. It's not enough to perform one-off security measures as they will only prevent breaches for so long. It's best to form secure habits that you live by so that your data protection measures become a way of life. That's where a solid cyber hygiene routine comes in.

Vigilance is Key

The expression "An ounce of prevention is worth a pound of cure" applies mightily when it comes to cyber security. For example, just taking a few extra minutes to observe a safe-browsing best practice can be the difference between securing your data or being a victim of identity theft. Did you know that 40% of consumers worldwide have been targets of ID theft at least once? That's nearly half of all the world's consumers. The odds are you or someone in your family has been a target as well.

Fortunately, there are many cybercrime prevention methods available to help protect you and yours from malicious actors. You just have to be willing to form the right habits. Below we list a few recommendations for your cyber hygiene regimen.

SAFE BROWSING

The internet is such an embedded part of our lives now that it's easy to get complacent about basic security measures. There are important safety practices you need to remember even when doing something as simple as browsing the internet.

Check site security - When visiting a website, check the URL to ensure it begins with HTTPS instead of HTTP. The 'S' in HTTPS stands for 'secure'. It means that settings are in place to help ensure the communications between your browser and the web page are encrypted. Additionally, there are icons that display to the left of the URL in your browser. If you see a padlock, that indicates the site is secure. If you see an information mark, a red exclamation point, or a crossed-out padlock, then the site isn't secure. Use caution when navigating or providing any personal data on the site.

Use the right browser and security settings - These days most people use one of the mainstream browsers, including Microsoft Edge, Google Chrome, Safari, or Firefox. These browsers are designed with antimalware protection. Be sure the security settings are configured to provide safe browsing as well. You can find your security options under Settings> Advanced>Privacy and security in Chrome and most browsers. We recommend you enable the following:

• "Ask when site tries to download files" in the Automatic downloads settings
• "Ask before accessing" feature in the Camera settings
• "Ask before accessing" feature in the Microphone settings
• "Ask before accessing" feature in the Location settings
• "Ask before sending" feature in the Notifications settings

These selections will help you have more control and decrease the amount of automatic actions that occur when accessing certain sites.

Protect your IP Address

Your Internet Protocol (IP) address is the unique numerical label that identifies your online activity and device. It plays an important role in how your computer/phone/tablet connects with the internet. Because it is a crucial part of your connectivity, it is also a target for malicious actors. They can use your IP address to access your data or to infect your device with malware.

Additionally, IP addresses make it possible for Internet Service Providers (ISPs) to track your browsing activities. They use this information to tailor search results to your profile and to create targeted ads. If you don't want this kind of tracking and targeting, it's best to protect your IP address by connecting to the internet safely.

Attackers often use free, public WIFI to grab IP addresses. Therefore, if you are going to use public WIFI, you need to take extra precautions. A Virtual Private Network (VPN) can help protect your device when using unsecured internet access. A VPN not only hides your personal IP address, it encrypts your data, protecting your information and all of your online activities.

Device Protection

Install and maintain antivirus and antimalware software -- Antivirus and antimalware software protect your computer from viruses and other malicious programs. Prevention software can be quite effective, if kept up to date. The challenge is that attackers continue to develop new and different methods. Therefore, antivirus/antimalware programs need regular updates to ensure they are operating with the latest information about known threats. It is recommended to set your antivirus and antimalware programs to automatically check for updates at least once a day. This can be automated via the software's settings so that you don't have to manually check. However, a reboot is often required to set the update in motion, so it's good to shut your system down at the end of each day and allow updates to run upon restart.

SOCIAL MEDIA

Use limited personal information - Be conscious of the amount of information you share when setting up an online account, especially for social media. Often you can start a social media account with the minimum amount of information such as your name and email. You can usually leave your birthday and other personal information blank. Additionally, be mindful of what you post. Cybercriminals can learn a lot from what you share. This includes the names of your pets and children and other personal data that many people often used in passwords. It's also best not to broadcast your comings and goings, such as announcing you are leaving for vacation. Be wise and wait to post those photos until you get back.

Social logins - Social logins give you the option of logging into a new online account without creating new credentials. They often appear in the form of "log in using Facebook" or similar.

While the convenience can be tempting, it is really not worth the risk. Social logins are just a form of password reuse, which is poor security practice. Having the same password for multiple sites just extends a cybercriminal's hacking potential.

PASSWORDS

And speaking of passwords...You've heard it before that proper password protocol is essential when it comes to safeguarding your devices and information. There are a few rules to live by if you want to ensure your passwords are effective.

Do not reuse passwords - It's the same principal as not putting all of your eggs in one basket. If one of your passwords is successfully hacked, the attackers will try to use that password on all of your systems to try to infiltrate as many areas as possible. If you use the same password in multiple places, then you are expanding the potential breadth of an attack.

Do not use personal information - We get it. There are so many passwords used these days that you just want something easy to remember. Unfortunately, if it's easy for you, it's probably simple for malicious actors to figure out. Attackers can mine your social media presence, or even publicly available files to uncover the names of your family and friends. Using your kid's names, favorite pet's name, or other favorite defaults makes it easy for attackers to guess your password simply with a little research and by process of elimination.

Do not share passwords - Contrary to the popular adage, sharing is not caring when it comes to passwords. Any system can be hacked, even those you keep within the family. Of course, you might be more apt to do this in a corporate setting, but that is equally frowned upon and can bring harm to you and your organization.

Embrace password tech - Your password woes are not unique. Fortunately some of the world's technical minds have developed solutions that can help users manage. There are many password managers available that will not only help you keep track of and remember your passwords, but many will help you craft secure passwords as well.

HOUSEKEEPING

One of the best ways to ensure good cyber hygiene is by keeping your device backed up and up to date. Below are a few more security habits to include in your cyber hygiene routine.

• Perform regular data backups - Be sure you store backups in separate locations from your original.
• Use data wiping software - When disposing of a device, be sure you have cleaned all personal data from the hard drive.
• Shutdown and restart your device regularly - This will trigger automatic patches and updates.
• Set updates to occur automatically - Ensure that when your device is due for an update that it will be performed automatically. You can do this in the settings of your computer or mobile device.

Cyber Hygiene Tips Summary

•  Ensure proper security settings within your browser(s)
•  Check website security before you click
•  Protect your IP address with a VPN
•  Install antivirus and antimalware and update them regularly
•  Don't overshare information on social media
•  Don't use social login shortcuts ("login with Facebook")
•  Practice proper password protocol
•  Back up your data
•  Wipe devices you are no longer using
•  Set updates to run automatically
•  Restart regularly

Quiz: Cyber Hygiene

Test your knowledge by answering the following questions!

Question: 1. What is cyber hygiene?
A one-time security assessment of your computer
A routine of best practices designed to keeping your keyboard and mouse clean
 A routine of best practices designed to prevent breaches and cyber attacks
 A one-time anti-virus installment for your computer

Question: 2. Why is cyber hygiene important?
It reduces the number of staff sick days and boosts productivity
It assesses your vulnerabilities so you can shore up weaknesses
It promotes a one-time security assessment that helps prevent successful cyberattacks
 It promotes security habits that help prevent successful cyber attacks

Question: 3. Which of the below is a sign that a website is secure?
 A padlock appears next to the URL
 The URL begins with HTTP, not HTTPS
An exclamation point appears before the URL
An information sign appears before the URL

Question: 4. How often should you update your antivirus/antimalware software?
Once a year
 Once a day
 Once every two years
Once a month

Question: 5. Which of the following is a poor cyber hygiene practice?
Using social logins
Personalizing your passwords with the name of a child or pet
Setting software updates to be performed annually
 All of the above

This holiday season will certainly look different than in years past. While the changes will vary from person to person and family to family, the need for staying safe online is a constant. In fact, this season may bring even greater risks as more celebrating, socializing, and shopping moves into the zero-touch virtual world. Understanding the potential risks can go a long way toward avoiding them.

Video Conferencing

As the pandemic required remote communication options in 2020, it became important to find new ways to stay in contact. Many people have turned to video conferencing to maintain a connection with others and that trend continues during the holidays.

Unfortunately, the surge in popularity for these applications has also made them target-rich environments for malicious hackers and virtual party crashers. To keep your socially distant holiday festivities free from unwanted guests, keep these tips in mind:

• Choose a safe, secure video conferencing tool. Wirecutter recommends Zoom, Google Meet, and Jitsi.
• Read and follow any security tips provided with the platform.
• Keep the meeting invite private. Remind invitees not to post the meeting link on social media.
• Protect all meetings with a password. Use the waiting room feature, if available, for an added layer of security.
• Disable screen sharing for all but the host. This will prevent unknown users from commandeering the screen.
• Remind all users to allow automatic app updates. This way security updates will be installed as they are available.

QR Codes

Whether you attend virtual gatherings or in-person events, chances are you will encounter QR, or Quick Response, codes. These are often found in restaurants, theaters, and bars offering the opportunity to pay quickly, sign up for discounts, view menus, or have upcoming events automatically loaded to a personal calendar.

While providing some contact-free convenience, the odd-looking little squares also offer the opportunity for scammers to infect a smart phone and use it to harvest personal and financial data, track the phone’s (and user’s) movements, and even authorize payments from a linked bank account or credit card.

It’s relatively easy for cyber criminals to embed malicious software into their QR code and then cover a legitimate QR code with the fake one. Since the codes are designed to be read by machines and the human eye can’t see the difference in safe codes and malicious ones, it’s best to practice basic QR-code hygiene to keep your holidays happy:

• Pay attention. This is good security advice in general but in the case of QR codes, it’s two-fold. First, if you must scan a printed code in a public place, look closely to be sure the original (safe) code hasn’t had another (dangerous) code pasted on top of it. Second, if the code gives you a preview of the website it’s taking you to, look closely to be sure the site address matches what you were expecting.
• Beware of bit.ly. Bit.ly URLs are web addresses that have been shortened to look more appealing to the user or to fit available space. Web addresses that use bit.ly are not malicious themselves, but can be hacked. If the link that appears after a QR code scan has “bit.ly” in it, it’s best to double check its legitimacy. Simply add a “+” to the end and hit ‘enter’ to see a preview of the linked site. Be sure it’s one you trust before clicking through.
• Use a previewer app. Google Play and the Apple App Store both offer apps for pre-scanning QR codes and revealing the content behind them. Use one from a security company like Norton or Kaspersky to stay safe.
• Know the source. If the utility company regularly includes a QR code on its bill, chances are it’s legit. A postcard from a new shop you’ve never heard of may not be. The same goes for physical locations. If a restaurant has a QR code inside near the cash register, it’s likely safer than any code on a wall or railing in a public place.

There are many opportunities for fraudsters, hackers, and thieves to wreak havoc, especially during the holidays. But it’s also possible to have a safe, secure, peaceful holiday season by knowing the dangers and taking a few simple steps to cyber-secure your festivities this season.

Quiz: Cyber Secure Holidays

Test your knowledge by answering the following questions!

Question: 1. What are QR codes used for?
A. Adding venue events to a smart phone’s calendar
B. Paying the bill at a venue
C. Signing up for discounts
 D. All of the above

Question: 2. What’s a simple way to check a QR code’s legitimacy?
A. Scratch it
B. Shine UV light on it
 C. Examine it to make sure nothing has been pasted over it
 D. Sniff it

Question: 3. What might make an online meeting less secure?
A. Sharing the password with attendees only
B. Creating a long password
 C. Posting the password on social media
 D. Changing the password for each meeting

Question: 4. What’s one way to prevent virtual party crashers from sharing inappropriate onscreen content during a video conference?
 A. Disable screen sharing for all but the host
 B. Cover your camera with a piece of tape
C. Don’t invite Uncle Fred
D. Use a bouncer

In a world fully engulfed by the Internet, data is everywhere. The data could be as widely distributed as your phone number or as restricted as your social security number or personal health information. Regardless, the data belongs to the individual and every person is entitled to know how it is being used. In the wrong hands, data can do significant damage.

What is Privacy?

In the headlines, we see data breaches involving personally identifiable information (PII) and electronic protected health information (ePHI). However, what happens when these breaches occur, and what kind of damage can be done if the data falls into the wrong hands?

For some background, prior to the rise of the public Internet, people used extra locks on doors or safe deposit boxes to ensure their privacy and security. While the need for physical security still exists, digital security has become imperative to ensuring the privacy of personal data. Unfortunately, with the increase in digitalization, privacy has become more complicated to define. True privacy has become problematic to achieve as we continue to adopt new technologies to enrich our lives with entertainment or to make our daily tasks easier to finish.

Data privacy is the relationship between the collection and distribution of data, technology, the public expectation of privacy, and the legal and political issues around them. Personal data is any information that can be used to distinguish or trace an individual's identity, such as:

• Medical records that include details such as diagnosis, treatment, medications, etc.
• Financial data such as credit card or bank account information
• Identification indicators such as social security numbers, passport or driver's license number, tax payer IDs, etc.

Though this data may reside in various locations with some of it publicly available, it is the combination of this data that can provide hackers with information that may be leveraged to commit fraud or identity theft.

Why is Private Data so Valuable?

Hackers often exploit security vulnerabilities within an organization's technology infrastructure to obtain valuable, private data. The data is valuable because cybercriminals can sell the data on the dark web for varying amounts of money. Certain types of data are worth more than others. For example, credit card data is valued at about fifty cents per record, while health information can sell for around seven dollars per record on the digital black market. After all, it is relatively simple to cancel your credit card but leaked healthcare information is hard to recover.

Furthermore, it does not stop with hackers. Private data tells a story about someone. Businesses also leverage data for marketing activities. Those "terms and conditions" found in certain digital agreements are often not fully read (but quickly agreed to) so users can move onto using their favorite online application. These terms and conditions often have clauses saying the authors of the application can collect, store, and share your data.

In addition, organizations often share data with third parties so they can market highly targeted products to possible buyers. Though some people may see this as an optimized way to get what they need, others consider it gross misconduct and an excessive misuse of their private data. For example, someone's search history or social media posts might indicate they enjoy classic cars. They start noticing advertisements for highly specific items such as self-help books to assist in restoring a classic car or even ads for classic cars that have been restored, though the person never expressed an interest in a book or buying a car at all.

What are Organizations Doing to Enforce Data Protection?

In the United States, many different federal and state laws or regulations require organizations to comply with various data privacy requirements. Often these compliance mandates come with hefty fines for organizations that do not adhere to them. Additionally, businesses that do not comply with these regulations and then experience a security breach resulting in the theft of sensitive data often suffer severe brand damage due to the violation of the public's trust.

The United Kingdom has established a strong stance forcing businesses to put stringent data privacy processes in place. The General Data Protection Regulation (GDPR) went into effect May of 2018. It is a global regulation that places the personal data of European Union (EU) citizens back under their control. One of the primary objectives of the GDPR is to ensure EU citizens know exactly who has their data and what organizations are doing with it, but it also empowers the citizen with the "right to be forgotten." Please note that California has recently begun to adopt a GDPR-like regulation.

Industries such has finance and banking are highly regulated, but regulations cannot always stay ahead of emerging threats. The hackers innovate quickly so organizations need security frameworks and best practices in place in order to shut down threats to data compromises quickly.

What are Best Practices for Securing Your Data?

Your data could be in many places from your bank account to your email. How secure those applications are depends on both the user of the application as well as the business that built or supports the application. Below are five security best practices to help you safeguard your data.

1. Passwords: Create strong passwords and change them every three months. A strong password will have a mix of numbers, lower and uppercase letters and special characters. Consider using a passphrase instead of a password and include characters to replace certain letters such as "@" for the letter "a". Make sure you have a variety of passwords and are not using the same password for every site where you have a profile. If a hacker can get one password right, they can try different variations of it to access all of your accounts and sell the credentials on the dark web. If you have a smart phone or tablet, make sure to password secure the device and change it regularly.

   This might be a tedious task, but weak passwords are one of the top ways hackers compromise the systems and applications you use to steal your private data. Also, try to use multi-factor authentication applications such as Google Authenticator if the application you are securing will allow it. This ensures that it takes more than just your password to unlock your account.

2. Email safety: A good rule of thumb is to trust your gut instincts. Does it look 'fishy'? Hackers use email 'phishing' techniques to lure you to download malware viruses so they can access the data on your computer or device. If you do not know the person sending you the email, don't open it. If you are not expecting an email with an attachment, don't open it. Even if the email is from someone you do know but the wording looks 'off', take the safe road and don't open it until you verify the email with that person over the phone or via text message.
3. Privacy settings: Check the privacy settings on your mobile apps and even on your social media sites. For example, some applications can automatically track your GPS location if you do not turn it off in the privacy settings. Don't rely on the application to prompt you to review and change it. Take control and do it yourself.
4. Terms and conditions: Read them very carefully for each application you use before allowing one application to access another. For example, if you use your email to auto log you in to your favorite social media site, make sure you know how each site is using your data and what data they can access. A breach can have a snowball effect and put all of your accounts in jeopardy.
5. Update your Computer Operating System: You need to keep your operating system up-to-date for many reasons. Sometimes it needs to be updated to give you a cool new feature or ability, but it almost always needs to be updated to patch any new vulnerabilities that may put your data at risk. When you are notified there's an update, take it seriously and make it a priority to get it updated as soon as you can.

Quiz: Data Privacy

Test your knowledge by answering the following questions!

Question: 1. Which of the following best describes PII?
Credit Cards
Social Security Numbers
Bank Accounts
 All of the above

Question: 2. Data privacy is regulated in the United States.
 True
 False

Question: 3. Which of the following are good password practices?
Change your passwords annually
Mix one or two strong passwords you can remember on all of your accounts
 Utilize multi-factor authentication for passwords
 All of the above

Question: 4. Choose which is an example of a strong password?
Password1
 W1z@rd0fOz
 abc123
Your birthday

Question: 5. When should you review your privacy settings for your mobile applications?
 Regularly
 Only when prompted by the application

What is a Digital Footprint?

Your digital footprint is a little like the online version of your actual footprint and fingerprint. It shows where you’ve been, like a footprint, and identifies you to others, like a fingerprint. Basically, it’s the sum total of all your online activity, from blog posts and “likes” or comments on social media to online purchases and email activity. It also includes anything posted about you and anything gathered by “cookies” websites place on your phone or computer when you visit them. All of these things make up the digital trail that you leave when you go online. It includes your IP address (Internet Protocol address, used to facilitate communication between devices connected to the internet), login information, and anything you reveal online like your birthday, address, or hobbies.

Because your online trail includes a vast amount of information, it may help to break it down into the categories active and passive. Your active digital footprint includes anything you actively choose to do, like signing up for discounts, posting on social media, or joining a group. The passive side of digital footprints is everything you didn’t choose and may not even be aware has been recorded-- those cookies placed on your device by a web site, information about you gathered by advertisers, geolocation data collected when you use maps and location-powered apps, and your IP and email addresses logged when you do pretty much anything online. (If you consent to cookies, which many websites now ask you to do, that may make them more active than passive. Regardless, they are part of the digital footprint conversation.) Both the active and passive components make up your digital footprint and help others – prospective employers, in-laws, volunteer opportunities, marketers, fraudsters, and scammers -- form an impression of you. Since your digital footprint tells the world a lot about you, it makes sense to understand what it is and how your online reputation can affect you, in good and bad ways.

Why Your Digital Footprint Matters

The internet is riddled with tales of people whose reputations were shattered over a post or picture, sometimes decades old, that seemed innocuous at the time. Aside from embarrassment, there is a host of reasons to be aware of and do your best to manage your online trail. Here are some of the types of information in your digital footprint and ways it might be used.

Type of information found in digital footprints:

• Personal details like religion, political affiliation, hobbies, and interests
• Online shopping cart items and store preferences
• Follows, likes, comments, and posts on articles, blogs, and social media
• Searches, especially for items of interest to advertisers
• Anything you put in an online form – name, address, date of birth, phone number, etc.
• Content of emails and text messages
• Websites you visit
• Your location, if your phone’s location function is enabled

How digital footprint information might be used:

• Targeted ads, online and even offline
• Background checks for jobs, volunteer positions, group membership.
• Robbery – If criminals know where you are, where you’ll be, and where you bank that could be enough information to rob you.
• Fraud – If there’s enough information about you online, criminals can pose as you to trick friends and family into falling for phishing scams or other types of fraud.
• Identity theft – With enough sensitive and personal details about you, a criminal can steal your identity and wreak havoc on your credit score, drain your bank accounts, ruin your reputation, and interfere with your tax return.

While it’s next to impossible to completely control the trail you leave online, being mindful of your digital footprint by thinking of it as an extension of your reputation can help. Words and photos can be misinterpreted, especially years later by people who don’t know you. Something you post to a private group can easily escape the bounds and damage your relationships. One of the best ways to manage your digital footprint is to be a good digital citizen. Stop and think before posting, commenting, liking, or entering your personal information. Read on for more ways to minimize the trail you might leave.

Five Ways to Manage Your Digital Footprint

There are companies that specialize in cleaning up people’s online presence, for a fee. However, unless you plan to run for office, or there’s something really embarrassing about you out there, digital footprint management is probably something you can tackle yourself using the following list.

1. Find out what's there. The first step to controlling, or attempting to control, what’s online about you is to find out what it is. It’s important to browse privately or in incognito mode so you see what a stranger would see if they searched for you. Once you’ve opened a private browsing tab, type in your name and scroll through the results. If there’s something you don’t like, delete it, if it’s something you posted. Otherwise, contact the site or blog owner and ask them to remove it. Finally, set up Google Alerts on yourself so you’ll be notified about new posts or stories with your name.
2. Practice good digital hygiene. This idea covers a lot of ground, from using good, strong passwords to keeping all your software up to date. It’s also wise to regularly go through your phone and delete any apps you no longer use. Not only do they take up valuable space but apps are like sponges gathering up all kinds of info about your non-app-related activities. For apps you keep, double check the privacy settings and adjust them if needed. Consider making your social media accounts private, too. Turn off your phone’s location function unless you or your family need it. Finally, check and delete cookies regularly and, of course, keep login and password information private and secure.
3. Split your footprint. Email addresses are free so set up one for personal use and one that you use when signing up for shopping accounts, social media, etc. You may even want to add a third for work-related matters or for mailing lists you want to join.
4. Use a VPN. One great way to protect yourself from prying eyes is to use a virtual private network or VPN. It can be extremely useful when connecting to public Wi-Fi, like in a coffee shop or airport, but it also stops your home internet service provider (ISP) from harvesting and selling your (anonymized) data. VPNs fully encrypt all web traffic on their network so your identity, location, shopping habits, and other private info stays private. VPNs are not free but some anti-virus software providers include them.
5. Opt out. Opt out. Think twice before signing up for that mailing list, creating a shopping account instead of checking out as a guest, downloading another app, or other activities that expose your information to the world. When possible, choose not to accept cookies on websites. You can also tell Google to stop personalizing your ads, unless you prefer them.

Quiz: How to manage Digital Footprint

Test your knowledge by answering the following questions!

Question: 1. What is a digital footprint?
A tool that helps you buy shoes online
A form of anti-virus software
 The sum total of all your online activity
 A new social media platform

Question: 2. What are the types of digital footprints?
Active
Narrow
Passive
 A & C

Question: 3. What type of information might be found in your digital footprint?
 Your online purchases
 Your pre-internet vacation photos
What kind of car your neighbor drives
Your coworker’s home address

Question: 4. How might your digital footprint information be used?
To sell you goods and services
To break into your home
To commit fraud
 All of the above

Question: 5. Which of the following are ways to manage your digital footprint?
 Practice good digital hygiene
 Wipe your feet before walking inside
Use a special computer mouse
Never go online

It is a new year with opportunities for new resolutions, but the sad truth is that there will always be scammers and spammers looking to take advantage of vulnerabilities. Some things never change in the world of security — they merely evolve into something bigger and worse.

Scams are nothing new, but they are more dangerous than ever now that everything is digital and highly accessible. Even before the Internet, con artists were always trying to find a new angle to take advantage of unsuspecting, trusting individuals — sadly, those tricks have stood the test of time. In 2018 we saw the same ol', same ol' online fraud strategies, but we also saw new tactics that tried to slip under the radar. In this article, we will discuss digital scams and cons to be leery of this year, and tips n' tricks on how to avoid falling victim to them.

Tricky Tricks of the Scammer Trade

Social Media Scams

The goal of many individuals utilizing Social Media is finding a balance between sharing your lives online with friends and family, while staying mindful of the potential security issues. Hackers are scam artists that target people who have a habit of 'oversharing' in order to access their sensitive data or the data of someone they are connected to.

One such scam is focused on creating and pushing out popular quizzes on social media that have been widely shared on various social channels. These quizzes that mine your information can be leveraged to make you susceptible to an attack. They are imploring users to take a few minutes for what seems like harmless fun. This deceitful method of attack has become very popular on social media and therefore very dangerous because these platforms are ingrained deeply in the personal and professional lives of people.

Profile Hacking Scams

Facebook, LinkedIn, online grocery shopping, online banking, etc. all rely on profile data and that data is very rich and telling about who someone is. Cybercriminals use real photos and characteristics of actual people to create a profile and entice users to connect with them, all the while planning to steal from the individual or someone in the individual's network. This type of scam usually fools people into giving them money with a wire transfer or even another social application such as a GoFundMe campaign.

Profiles are usually tied to an email address, and hackers leverage email addresses of consumers to file fraudulent tax returns, obtain social security benefits, conduct change of address filings at the U.S. postal service, apply for unemployment benefits, submit applications for disaster assistance, apply for lines of credit, set up trial accounts (such as for streaming services), etc. It is a common assumption to think in the digital age cleaning up your credit or identity theft is easier and won't take long because you get alerts. The truth is people often don't get alerts until it's too late, and it does take a tremendous amount of time to determine the extent of the compromise and the steps needed to rectify the breach.

Elicitation

We used to call this "chatting" when chatrooms and personal messengers first launched on the internet. Today, this is a strategic use of written conversation to extract information from people without giving them the feeling they are being interrogated. This could happen via any platform that has a private messaging (PM) feature. A perfect example would be chatting over Facebook Messenger or even Skype. During the conversation, the other person may ask questions that seem harmless at the time, but actually are helping them build a profile of you that they could potentially formulate into some type of attack such as ID theft or credit card fraud.

Phishing

This scam tactic isn't going anywhere, mostly because it works so well. Traditionally, this type of trick was limited to the telephone and email, but recently it has also branched out to social media platforms. It occurs when a user receives a fake message via social channel or email from a hacker or social engineer posing as a trusted colleague or the colleague of a person you may know well and trust. The message may contain a nefarious link leading to an unsecure page that could put your security and privacy at risk. As it pertains to email, these attacks can also come by way of email attachments containing malware that infects your machine to wreak havoc.

URL-Shortening Cons

Marketing teams often use URL shorteners, and though very helpful in sharing a long website link within a tight character limit on social media platforms such as Twitter, many of your favorite companies likely use this technique when marketing to you. It could be anything from sharing a coupon to a funny video. Unfortunately, hackers use this tactic to entice unsuspecting victims to click a link that masks malicious malware.

In this type of digital con, hackers pretend to be the business you are loyal to, but they in fact own these sites where they place malware for you to click on and then infect your computer. Another common practice in this type of scam is providing the shortened link that leads you into another trick, such as stealing your login credentials or credit card info.

Tips and Tricks to stay safer this year

Detecting these digital scams this year is doable. We have all had suspect milk in the fridge and check to see if it passes the 'sniff test'. Believe it or not, the same logic can be applied to avoid being tricked by these bad actors. With these digital tricks, it is often instinct and gut feelings that can keep you from being taken advantage of.

• Do not share sensitive, personal information about yourself, family or friends online. It is the key hackers need to unlock the door to everything.
• Activate Privacy Settings. Look at the privacy settings for the social media services that you utilize, and make certain that you are only sharing information with people you know.
• Don't provide information about yourself that will allow others to answer your security questions (I forgot my password key questions).
• Use URL extenders to see where the shortened link is going to take you. For example, you can see if the short link really goes to Macy's or a Macy's 'lookalike' site that wants you to enter your username and password so that they can commit fraud with your account.
• When typing a URL in, look to make sure that everything seems kosher before you hit enter, e.g. check to see if Macy's spelled odd like Mac4's or the like.
• Beware of digital impersonators. Do they pass the sniff test? Trust your gut. Validate it's an actual person and not a bad actor trying to take advantage of you.
• If a friend sends you a message that makes you feel suspicious asking you to take an action, that doesn’t seem quite right, consider picking up the phone to call or text to verify the request is legitimate.
• Take annual security awareness training to stay in the know on the latest threats to avoid them.
• Avoid accessing profile accounts from public computers or through public Wi-Fi spots.
• Avoid sharing sensational 'news' posts before verifying their validity.
• Don't click on a link or open an attachment in an email unless you have verified with the user it is from them. Hackers often use the email accounts of others to share malware with trusting friends.

Quiz: Digital Scams

Test your knowledge by answering the following questions!

Question: 1. Which of the following are commonly utilized methods that hackers use to access your personal data?
Social Media Scams
Fraudulent Go Fund Campaigns
Fake Emails
 All of the above

Question: 2. It is safe to share your location on Social Media sites with your connections.
True
 False

Question: 3. When should you use URL extenders?
When you aren't sure if a shortened URL is safe to click on
When your friend shares a link on social media that is short and unclear as to where it leads
When a marketing campaign provides a shortened link to a promotion via email
 All of the above

Question: 4. Which of the following is a best practice for defending against Digital scams?
Use Public Wi-Fi
 Activate Privacy Settings
 Share your personal information online

Question: 5. It is always safe to open up an attachment if it comes from an email of someone that you know.
True
 False

Using Digital Wallets Safely

If you’ve seen someone wave their phone at a gas pump or tap their smart watch on the credit card terminal to buy a latte, you’ve seen a mobile wallet in action. You may have even used PayPal to buy something online or Zelle to send money to a friend without realizing you were using a digital wallet.

What is a Digital Wallet?

Like a regular wallet, a digital wallet holds multiple means of paying for goods and services. A physical wallet may hold credit cards, debit or check cards, cash, store or brand loyalty cards, gift cards, public transportation passes, and coupons. Digital wallets hold digital versions of all those things and offer benefits like the convenience of having everything payment-related in one place, often on a smartphone. Since they are software based, hence the digital part of the name, digital wallets are very secure.

A quick note about terms – digital wallet and mobile wallet are often used interchangeably, and they are similar. But digital wallets can be used on a desktop or laptop computer as well as a mobile phone, whereas a mobile wallet, also called an e-wallet or smart wallet, is accessed via a smartphone app only.

Online payment platforms such as PayPal and Venmo as well as major banks and credit card companies offer digital wallets. Digital wallets from consumer electronics companies like Apple and Samsung allow customers to pay using smartphones, smartwatches, tablets, and other connected devices. It may be helpful to think of a digital wallet as one umbrella account that can store funds, points, coupons, and more while allowing account holders to conduct transactions and keep track of payment histories online and on the go. In the same way that many banks and financial institutions offer budgeting and money-management tools, digital wallets can track spending and activity but across all payment methods, not just in one account or entity. While digital wallet usage is still relatively limited in the US, in some countries it’s the primary method of paying for goods and services and soon may even store identification documents like passports, health records, and driver’s licenses.

Where is a Digital Wallet Used?

Digital and mobile wallets work with compatible merchant payment systems. Often that’s at the cashier or check-out counter of restaurants and retailers. It can also be on apps such as Uber, Airbnb, and Grubhub as well as various shopping sites. Digital wallets from some banks allow users to access ATMs by using a smartphone just like a debit or credit card.

While a lot of the marketing around digital wallets touts them as easy ways to pay on the go, they are also popular for shopping and paying online. PayPal, the original digital payment platform, is the fifth most-used payment method across all online retailers. It trails only the four major credit cards – Visa, MasterCard, American Express, and Discover, according to financial information firm Investopedia. One reason is the added security.

Are Digital Wallets Secure?

Card numbers and sensitive data are stored in the digital wallet software on your device in order to facilitate transactions. Just like a regular wallet, everything is in one place and you need to be as careful with your device as you are with a physical wallet. Digital wallet applications do require authentication like a password or fingerprint for every transaction which is a helpful added touch of security that traditional wallets don’t have. Using an online digital wallet works the same as using microchip-enabled credit cards. Regardless of the setting, digital wallets work by creating a unique number instead of sharing your actual card number with a merchant, which some also consider an added security factor.

How Do I Protect Myself When Using a Digital Wallet?

Digital wallets do add an extra layer of protection between the world and your money. But you can, and should, take additional steps to fortify your defenses. As mentioned, once you’ve added cards and other information to your digital wallet, guard it like you would a traditional wallet. You wouldn’t leave your wallet out on the table in a restaurant while you went to the restroom so don’t do it with your device. Take advantage of the security features your device offers, especially any biometrics including fingerprint or iris scanners. If your device doesn’t have these features, use a good password, and change it often.

Additionally, it’s important to choose the right digital wallet. You can gauge security and safety to a certain extent by the reputation and renown of the digital wallet vendor. One way to protect yourself when choosing a digital wallet platform is to go with what you know – your bank. Many banks and credit unions offer their own digital wallets and using their products makes it easy to load cards from that institution. Other well-known, popular non-bank digital wallets include Google Pay, Cash App, Android Pay, Samsung Pay, PayPal, and Venmo.

If you’re nervous about using a digital or mobile wallet, start small by using your bank or credit card’s version at an online merchant you trust to see how it goes. Whatever protections your credit or bank card offer with other purchases are also valid with virtual wallet transactions. You can also try one of the mobile wallet apps with one card for a small purchase.

Quiz: Using Digital Wallets Safely

Test your knowledge by answering the following questions!

Question: 1. What is a digital wallet?
A. A wallet made from high-tech material
 B. An application that holds digital versions of credit, debit, and loyalty cards as well as transportation passes and coupons
 C. A place to store computer equipment
D. A Silicon Valley bank

Question: 2. Where is a digital wallet used?
A. In train stations and airports only
B. In coffee shops and restaurants only
 C. Online, at ATMs, and any place with a mobile payment system
 D. At cash-only establishments

Question: 3. True or False: Digital Wallets work similarly to micro-chipped credit cards
 True
 False

Question: 4. What are some types of authentication used by Digital Wallets?
A. Fingerprint
B. Password
C. Pin number
 D. All of the above

Question: 5. How can you protect yourself when using a digital wallet?
A. Guard it like a regular wallet
B. Use biometric protection
C. Choose a well-known, reputable provider
 D. All of the above

Good Practices for a Secure Home Computer

At work, many of us have an Information Technology colleague to make sure our computers are kept up to date and safe from malicious attackers. Unless you are fortunate enough to know an IT person outside of your workplace, you may not know what to do to keep your home computer secure.

Most home computer users are left to their own devices when it comes to trying to make sure their computer system is safe. After you have read through this course, you will have picked up a few helpful hints to help make your home computer safer.

Who are the bad guys?

Wouldn't it be great if all of the bad guys had the words, "BAD GUY!" tattooed on their forehead? The same can be said about bad computer software. However, just as in real life, you cannot always tell the good from the bad from the outside. Bad software comes in many forms, but the most common form is a computer virus. These are small computer programs that either by themselves, or in concert with other viruses, do bad things to computers. Sometimes, they only slow down the computer by making copies of themselves. Similar to a benign tumor, it gets bigger over time, but does not really hurt the person.

Other viruses may copy themselves and send those copies to other computers. Like the common cold, they spread through contact. While usually not lethal, they do make you feel bad for a while. When these viruses invade your computer, they may not destroy data, but often slow it down so much that you have to reload the software to alleviate the problem.

There are also malignant viruses. These are the Ebola of the computer virus realm. While the rarest form, they are also the most destructive. Not only do they spread from computer to computer, but they also destroy files and can damage hardware.

In the world of computers, viruses are not the only thing to worry about. Worms, Trojans, and spyware are additional malicious programs. They may spread via different methods and can be used to spy on the user's information or habits.

Other bad guys!

The other bad guys are the hackers. These are individuals who either want access to the information on your computer, or who want to use your computer's processing power for their own purposes. The first group is known as information thieves, and the latter group is commonly called hackers. Both of these groups use specially crafted programs to trick your computer into letting them have the information they desire.

So how do they trick the computer?

That is another, more advanced lesson, but they essentially lie to your computer, making it think that they are a trusted person. They then convince your computer to run their programs instead of yours.

How do I protect myself?

Well, the easiest way is to follow these basic steps:

• Update all of the software on your computer on a regular basis. Windows has an automatic update feature that should be turned on. This will automatically load and install any new updates to Microsoft software.
• Install a good antivirus and anti-spyware program, and regularly update them. Just as some people have to get a flu shot each year to keep up with the latest version of the flu, your computer needs periodic updates to keep up with the latest viruses. It is highly recommend that software be set to check for new updates daily!
• Install and use firewalls on your computer and your communications equipment. If you are using Microsoft's Windows 10, it comes with a built-in Windows Defender Firewall. If you are not sure how to enable your firewall, consult the user manual, and see the complementary courseware within this Training, Education and Awareness Module related to home firewalls.
• Do not download programs from the Internet without being certain you really want the program, and that you trust the company or person from which it originates. Always ensure that your antivirus program is working and up-to-date before downloading any files. Parents should pay special attention to what kids download since many of the games and files available for kids contain spyware that should be avoided.
• Stay away from websites that seem suspicious. Just as there are parts of town that you do not go near after dark, there are parts of the Internet to be avoided. If you must visit one of these sites, disable both JavaScript and Java in your web browser before doing so. If you do not know how to disable these, you may want to avoid visiting dangerous parts of the Internet.
• Always be aware of changes in your computer. If it suddenly slows down for more than a few seconds, there may be something running in the background. If it happens more than once or twice and does not seem to be related to that new printer you installed, turn it off and take it to a professional for examination.
• Lastly, when you are not using your computer, turn it off or disconnect it from the network. Unlike the first computers that had sensitive power supplies, today's modern computers are not negatively affected by turning the power off and on. In today's broadband world, many computers stay turned on and connected 24/7. Remember, when you are not using your computer, others from the Internet may be using it. Many malicious programs wait until the keyboard has been silent for ten or more minutes before the program starts running at full speed. The hackers depend on you leaving your computer turned on to be available to them.

Taking these simple steps can help ensure that your computer is safe and healthy.

Quiz: Good Practices for a Secure Home Computer

Test your knowledge by answering the following questions!

Question: 1. True or False. Turning your computer off when you are not home is a good way to break it.
True
 False

Question: 2. True or False. Antivirus programs should be updated daily.
 True
False

Question: 3. True or False. All that spyware stuff is just a hoax.
True
False

Question: 4. True or False. If you suspect your computer has been infected or compromised, you should ignore it and just get on with life.
True
 False

Your Computer's Locked Front Door

Firewalls originated in the construction industry. Their purpose was to isolate one part of a building from another during a fire, thus limiting the damage. Automobiles also had firewalls installed between the engine and the occupants to reduce the potential impact of fires and heat, and added the advantage of reducing noise.

In the same manner, firewalls for computers were developed to isolate one group of computers from another. Originally, all computers were simply interconnected and each computer could talk to all of the others connected on a common network. This was fine until a computer virus was formed and spread from one computer to all of the computers on the network.

The result was that most of the computers shut down or became so clogged with virus generated traffic that they could not function. It was quickly decided that a device needed to be developed to isolate computers from each other. This led to the development of the computer firewall. While some argued that firewalls were not necessary, others knew that as the network grew, the lack of firewalls could have a strong negative impact on the network.

Today's computer firewalls have not changed much since they were first developed. They have a few more bells and whistles, but they still perform the same basic function: to keep computers apart.

They do this by limiting what connections can be made from the external side of the firewall (usually the internet side) to the inside of the firewall (the protected side). They operate in a manner similar to the receptionist who directs telephone calls to the designated party if the call is expected or to voicemail if the party is busy. Just as a boss gives a receptionist directions on which calls to allow and which ones to drop, computer firewalls have rule sets that define which connections are allowed and which ones are not.

Typically, a home router and/or Wi-Fi Access Point that comes from your service provider will have a firewall built in that segments your home network from the Internet. Additionally, modern operating systems will have software based firewalls built-in on the host. Always ensure that your host firewall is enabled to maximize your computer's security.

Start at the network connection

Before your Internet installation technician leaves, be sure to collect as much documentation as possible regarding the router's features. Ensure that you have Administrative access, and ensure that the firewall be configured correctly before he/she leaves.

Moving to the home computer

Most of this tutorial is directed at home users with Windows 10. If you are running an older version of Windows such as Windows 8, Windows 7, or below, you should upgrade your operating system. The newer operating systems offer better security support. If you are using MacOS, then you can enable the built in firewall from Security & Privacy in System Settings. MacOS's firewall is disabled by default and should be turned on.

For Windows 10, select the "Windows" button, open the "Settings", and type "Firewall" into the search bar at the top. Click on the "Windows Defender Firewall" icon. If the firewall is designated as off, click the "on" button. In order to allow an app or feature through the firewall, you may click on "Allow an app or feature through Windows Defender Firewall", however, for each opening you make in the firewall, you are allowing that service to be accessed from an outside computer. Should there be a weakness in that service, it could lead to a compromise.

If you are connecting to an unsecured, high speed wired or wireless network, such as one in Starbucks or a hotel room, then make sure you are using the Firewall profile associated with "Guest or public networks". This will provide the highest level of protection available but may impact certain network functions such as sharing files and printers.

If you still have questions, try using Microsoft's help at www.microsoft.com. It can quite often answer many questions. Additionally, your internet service provider can also help you to address many concerns.

Quiz: Home Firewalls — Your Computer's Locked Front Door

Test your knowledge by answering the following questions!

Question: 1. True or False. Firewalls get in the way of doing fun things. They should all be turned off.
True
 False

Question: 2. True or False. MacOS computers do not have a firewall.
True
 False

Question: 3. True or False. When I use my laptop at Starbuck's, I should make sure that the "Firewall" is turned on.
 True
 False

Question: 4. True or False. The purpose of a firewall is to isolate computers from each other for the purposes of protection and security.
 True
 False

Steps to take and things to consider to minimize the risk of ID theft

Unfortunately, there is no SURE prevention, but there are actions to take that limit the damage someone who abuses your name and credit can do.

1. Order a copy of your credit report. An amendment to the federal Fair Credit Reporting Act requires each of the major nationwide consumer reporting companies to provide you with a free copy of your credit reports, at your request, once every 12 months.

To order your free annual report from one or all the national consumer reporting companies, go to www.annualcreditreport.com or you can call the toll-free number 877.322.8228.

1. Limit your credit cards. Periodically go through your cards and cancel those you do not absolutely need or use on a regular basis. Sign the back of cards you do keep with permanent ink.
2. Do not use your mother's maiden name as a "personal password" on your credit cards. With today's ease of access to records, your mother's maiden name can be retrieved within a few key strokes of a computer keyboard — use some other name such as your first dog or some other item known only to you.
3. Write down all your credit card numbers and the phone number to contact in case of loss or theft and store in a safe place where you can get to the list.
4. Make a copy of your driver's license and your Social Security Card and store them with the credit card list. Better yet, place the contents of your wallet on a photocopy machine. Copy both sides of each license, credit card, etc. You will know what you had in your wallet and all of the account numbers and phone numbers to call and cancel. Keep the photocopy in a safe place.
5. Contact Experian or one of the other two credit report companies. Ask them to put a statement on your credit report that says, "Do not issue credit to anyone without contacting me personally". You will need to supply a list of items to get this service including a phone bill with your name, address and phone number on it and a copy of your driver's license and a copy of your Social Security Card.
6. Do not give out personal information on the phone, through the mail, or on the Internet, unless you initiate the contact or are sure you know with whom you are dealing. Identity thieves are clever. They have pose as bank representatives, Internet service providers (ISPs), and even government agencies to get people to reveal their Social Security number, mother's maiden name, account numbers, and other identifying information. Before you share any personal information, confirm you are dealing with a legitimate organization. Check an organization's website by typing its URL in the address line, rather than cutting and pasting it. Many companies post fraud alerts when their name is used improperly. Alternatively, call customer service using the number listed on your account statement or in the telephone book.
7. Do not carry your Social Security number card; leave it in a secure place. Give your Social Security number only when necessary, and ask to use other types of identifiers. If your state uses your Social Security number as your driver's license number, ask to substitute another number. This applies if your health insurance company uses your Social Security number as your policy number.
8. Pay cash whenever possible. Never give your credit card number to anyone over the phone, if you do pay with credit card, mark out your card number on the receipt that contains your name, card, card number and signature on it — it is too easy for a thief to take advantage of it if they get a hold of it. SHRED everything that contains personal information.
9. Consider your checks. The next time you order checks, have only your initials (instead of first name) and last name put on them. If someone takes your checkbook, the person will not know if you sign your checks with just your initials or your first name, but your bank will know how you sign your checks. Put your work phone number on your checks instead of your home phone. If you have a Post Office Box use that instead of your home address. If you do not have a P.O. Box, use your work address. Never have your Social Security number printed on your checks. You can write it in if necessary. If you have it printed, anyone can get it. When ordering new checks, pick them up from the bank instead of having them mailed to your home mailbox.
10. Opt out of pre-screening of your credit reports. The number to call is 1.888.567.8688 (1.888.5OPTOUT). It requires one single call for all three credit bureaus. This will stop the arrival of pre-approved credit card offers in your mailbox. Those pre-approved offers are dangerous. It is easy for someone to steal your mail or simply submit a change of address to divert your pre-approved offers to a mailbox accessible by a thief.
11. Be cautious when responding to promotions. Identity thieves may create phony promotional offers to get you to give them your personal information.
12. Be on guard in your home. Secure personal information in your home, especially if you have roommates, employ outside help, or are having work done in your home.
13. Treat your mail carefully. Deposit your outgoing mail in post office collection boxes or at your local post office, rather than in an unsecured mailbox. Promptly remove mail from your mailbox. If you are planning to be away from home and cannot pick up your mail, call the U.S. Postal Service at 1.800.275.8777 to request a vacation hold. The Postal Service will hold your mail at your local post office until you can pick it up or are home to receive it.
14. Treat your trash carefully. To thwart an identity thief who may pick through your trash or recycling bins to capture your personal information, tear or shred your charge receipts, copies of credit applications, insurance forms, physician statements, checks and bank statements, expired charge cards that you're discarding, and credit offers you get in the mail.
15. Ask about information security procedures in your workplace or at businesses, doctor's offices, or other institutions that collect your personally identifying information. Find out who has access to your personal information and verify that they handle it in a secure manner. Ask about the disposal procedures for those records as well. Find out if they share your information with anyone else. If so, ask how they will keep your information confidential.
16. More organizations are offering consumers choices about how their personal information is used. For example, many let you "opt out" of having your information shared with others or used for marketing purposes.
17. Some companies offer insurance or similar products that claim to provide protection against the costs associated with resolving an identity theft case. Be aware that most creditors will only deal with you to resolve problems, so the insurance company in most cases will not be able to reduce that burden. As with any product or service, make sure you understand what you are getting before you buy. If you decide to buy an identity theft insurance product, check out the company with your local Better Business Bureau, consumer protection agency and state Attorney General to see if they have any complaints on file.
18. Finally, below are some helpful points related to your computer:
    • Update virus protection software regularly. Install patches for your operating system and other software programs to protect against intrusions and infections that can lead to the compromise of your computer files or passwords. Set virus protection software to update automatically each week. The Windows operating system can be set to automatically check for patches and download them to your computer.
    • Do not open files or click on hyperlinks sent to you by strangers or download programs from people you do not know. Be careful about using file-sharing programs. Opening a file could expose your system to a computer virus or a program known as "spyware," which could capture your passwords or any other information as you type it into your keyboard.
    • Use a firewall program, especially if you use a high-speed Internet connection like cable, DSL or T-1 that leaves your computer connected to the Internet 24 hours a day. The firewall program will allow you to stop uninvited access to your computer. Without it, hackers can take over your computer, access the personal information stored on it, or use it to commit other crimes.
    • Use a secure browser — software that encrypts or scrambles information you send over the Internet — to guard your online transactions. Be sure your browser has the most up-to-date encryption capabilities by using the latest version available from the manufacturer. You also can download some browsers at no cost over the Internet. When submitting information, look for the "lock" icon on the browser's status bar to be sure your information is secure during transmission.
    • Try not to store financial information on your laptop unless absolutely necessary. If you do, use a strong password with a combination of letters (upper and lower case), numbers and symbols. A good way to create a strong password is to think of a memorable phrase and use the first letter of each word as your password, converting some letters into numbers that resemble letters. For example, "I love Felix; he's a good cat," would become 1LFHA6c. Do not use an automatic log in feature that saves your user name and password, and always log off when you are finished. In the event that someone steals your laptop, it is harder for the thief to access your personal information.
    • Before you dispose of a computer, delete all the personal information it stored. Deleting files using the keyboard or mouse commands or reformatting your hard drive may not be enough because the files may stay on the computer's hard drive, where a thief can easily retrieve them. Use a "wipe" utility program to overwrite the entire hard drive.
    • Look for website privacy policies. They should answer questions about maintaining accuracy, access, security, and control of personal information collected by the site. They should also state how they will use the information, and whether they provide it to third parties. If you do not see a privacy policy or if you cannot understand it, take your business elsewhere.

If you believe you are a victim of identity theft, the Federal Trade Commission recommends you take the following four steps as soon as possible.

1. Place a fraud alert on your credit report by contacting the fraud departments of any one of the three consumer reporting bureaus listed below. The fraud alert directs creditors to contact you before opening any new accounts or making any changes to your existing accounts. You only need to contact one of the three companies to place an alert. The company you call is required to contact the other two, which will also place an alert on their versions of your report. Once you place the fraud alert in your file, you are entitled to order free copies of your credit reports, and request that the bureaus display only the last four digits of your Social Security number on your credit reports. The alert means any company that checks your credit knows your information was stolen, and they are required to contact you by phone to authorize new credit.

Contact information for the three consumer reporting companies:

Equifax: 1.800.216.1035; P.O. Box 740256, Atlanta, GA 30374-0256

Experian: 1.800.422.4879; P.O. Box 2106, Allen, TX 75013

TransUnion: 1.800.916.8800; P.O. Box 34012, Fullerton, CA 92634

1. Close the accounts that you know or believe have been tampered with or opened fraudulently.
2. File a report with your local police or the police in the community where the identity theft took place. Get a copy of the report or at the very least, the number of the report, to submit to your creditors and others that may require proof of the crime.
3. File your complaint with the FTC. The FTC maintains a database of identity theft cases used by law enforcement agencies for investigations. Filing a complaint also helps them learn more about identity theft and the problems victims are having so that they can better assist you and other victims.

You should also maintain a record with the details of your conversations and keep copies of all correspondence.

In addition to the steps listed above, you may also want to consider the following, if applicable:

• Report the loss of your Driver's License to the issuing agency and get a replacement with a new number (if possible)
• Report the loss of your Passport to the State Department 24-hr hotline at 202.955.0430
• Cancel your credit cards immediately. The key is having the toll free numbers and your card numbers handy so you know whom to call. Keep those where you can find them.

Increased Internet usage? The dangers posed by malicious hackers and how they work.

Hackers with malicious intent – also called ‘black hat’ hackers - know more people are online working, gaming, streaming, shopping, even seeing the doctor, and they are using this rise in Internet use to their advantage. Now that so many people are connecting to the Internet we are seeing a new wave of cybercrime.

A black hat hacker is any skilled computer expert who uses their technical knowledge and skills to search the Internet for unprotected computers and systems to gain unauthorized access with the end goal of stealing your information or maliciously disrupting your system. The term ‘hacker’ can refer to any skilled computer expert - some working for good. Therefore, we’ll use terms like black hat hacker, attacker, or malicious actor in this article to refer to the online criminals who use ransomware, viruses, and other malware to break into computer systems.

Why do malicious hackers exist?

Black hat hackers take advantage of your internet access to break into your computer, mobile device, or other connected devices in order to steal, change, or destroy information, often by installing viruses and malware without your knowledge or consent. They use clever tactics and detailed technical knowledge to help them access information that they can turn around and sell to other criminals.

Perhaps you have wondered why hackers with malicious intent break into computers, mobile devices, and your home internet system (also known as a network). Many are motivated by money, though not all.

Three reasons malicious hackers hack:

• Money. There is financial gain to be had when hacking home or business networks. Credit card numbers and banking information are stolen from hacked systems and posted for sale on the dark web, which is a network of internet sites that criminals can access anonymously. Their activity isn’t tracked, which is especially attractive to those conducting criminal business.
• Identity Theft. Some seek out social security numbers, identity card information like drivers licenses, and private health information. They either use or sell the information to steal a person’s identity to take out a credit card, buy homes, and generally pose as the victim for personal financial gain.
• Status. Many black hat hackers want to build their reputation within their criminal subculture. Some leave their handle – a nickname - on websites they damage. Others like to leave behind proof that they were involved in a specific exploit or criminal act.

How can malicious hackers find me?

Anyone who uses a computer or mobile device connected to the Internet is susceptible to the threats that criminal hackers and predators pose. They typically gain access to your device through phishing scams, where they trick the victim into clicking on a link in an email that releases a virus or other malware onto the device. They also send infected links through text messages, instant messages, fake websites, and apps you load onto your mobile or computer.

What kind of damage can a malicious hacker do?

While your computer is connected to the Internet, the malware an attacker has installed on your computer or mobile device quietly steals personal and financial information without your knowledge or consent.

Here is a list of ways black hat hackers can cause damage:

• Hijacking your usernames and passwords to important or sensitive accounts.
• Steal your money and open credit card and bank accounts in your name.
• Ruin your credit.
• Request new account Personal Identification Numbers (PINs) or additional credit cards.
• Make purchases.
• Add themselves as an authorized user to your accounts so it’s easier to use your credit.
• Get cash advances.
• Use and abuse your Social Security number.
• Listen in on conversations while your kids are gaming or you are conducting a virtual health session with a doctor.

What are some indications that I may have been hacked?

1. Your device (computer, mobile) suddenly slows down. The side-effects of malware can be a slowing of your device, it constantly freezes, or crashes (suddenly shuts down).
2. You are using way more data than usual. Look at your data usage in your internet account. Compare the amount of data used from prior months, and if you notice sudden spikes in your data activity even though you haven't changed your patterns, then chances are you are infected.
3. Videos and web pages take forever to load. Malware slows down your internet activity, gaming, video, and music streaming by redirecting your Internet traffic to unsafe locations. This slows down your browsing experience, which could be a sign of a security risk.
4. Programs and apps start crashing. This is also pretty good sign that your system has been infected. If your antivirus software and internet are crashing or disabled, a virus may have taken hold of your system files. You may not be able to click on and open once-reliable apps.
5. You start seeing pop-up ads. Malware can also add bookmarks that you don't want, website shortcuts to your home screen that you didn't create, and spam messages that entice you to click through. Apart from slowing down your computer and eating away at your data, these intrusive notifications can also install more malware on your system.
6. Your computer suddenly restarts. Some forms of malware cause computers to shut down, restart, or crash. Computer shut-downs combined with other common malware symptoms are a red flag that you shouldn't ignore.
7. Unexplained online activity. Black hat hackers are looking for your usernames and passwords. Once they have them, they will access accounts, spend your money, change your password, and lock you out of your accounts. Fortunately, many online businesses have built-in protections to confirm any account changes with you, but not always.

How do I protect my devices from attack?

When you arm yourself with information and resources, you are wiser about online security threats and less vulnerable to threat tactics.

• Use a firwall - A firewall is a barrier built in to operating systems like Mac and Windows that filter and block outsiders from gaining accesses to your computer, and includes added protection when enabled. Firewall software can also be purchased separately from your local electronics store, a reputable online vendor, or your internet provider.
• Update your operating system and software apps regularly - Whenever you are notified of new updates to software and apps on your devices, be sure to install them. They often contain security patches to known weaknesses in the software that black hat hackers can use to their advantage.
• Increase your browser security settings - Most internet browsers (Google Chrome, Firefox, Microsoft, etc.) have security settings to prevent the download of malicious files. You can set and adjust them for safe browsing.
• Avoid questionable websites - If you receive a warning that a site isn’t secure, pay attention. Unless you are comfortable with the website owner or business, don’t enter the site.
• Only download software from sites you trust - Carefully evaluate free software before downloading. A good rule of thumb is to download directly from the vendor’s website, not a third-party website.
• Don't use the same password for every site or app - Black hat hackers are known to post stolen passwords for sale or just to be malicious. If you use a single password for all your logins, that password could be posted somewhere and bad actors can use it to access your financial and personal information.

Practice safe email and virus/malware measures.

• Don't open messages from unknown senders - Never provide your user name and password that is requested by an email sender. If you feel that you must, go directly to the website by typing in the web address to double check that the website really needs your credentials.
• Immediately delete messages you suspect to be spam - Don’t click on any links in an email if you don’t know the sender.
• Install antivirus or anti-malware - You can purchase them or use the free versions available from reputable vendors online.

Guard Against Online Threats.

An unprotected computer is like an open door for malicious hackers. There are criminals looking for an easy way to make money, steal your identity, and gain notoriety. These recommendations may seem like a lot of work but are worth the peace of mind when browsing the Internet or joining a virtual classroom or health appointment. If you build them into your routine and tell your friends and family about safe browsing and email habits, you will go a long way to prevent the losses that come from malicious activity.

Quiz: Increased Internet Usage and the Dangers of Hackers

Test your knowledge by answering the following questions!

Question: 1. What is a malicious or black hat hacker?
 A. Someone who uses their technical knowledge to gain unauthorized access to information.
 B. Someone who chops wood.
C. Someone who wastes time and has no direction.
D. Someone who defaces forests in the middle of the night.

Question: 2. How do black hat hackers find potential targets?
A. They ask their victims for permission.
 B. They search for devices connected to the internet.
 C. They break into their victim's house.
D. They ask your friends about you.

Question: 3. Which of the below are good computer security practices?
A. Use a firewall.
B. Update your operating system and software apps regularly.
C. Only download software from sites you trust.
D. Don't use the same password for every site or app.
 E. All of the above.

Question: 4. What motivates malicious or black hat hackers to steal information?
A. Money
B. Love
C. Identity Theft
 D. A and C
 E. A and B

Question: 5. Which are signs your computer may be infected with malware or a virus?
A. Your programs and apps suddenly crash.
B. Bells start ringing.
C. A sign pops up that says: "You've been hacked!"
D. Videos and web pages take forever to load.
 E. A and D
F. All of the above.

What is keylogging and why should you even be concerned about it?

In its simplest form, keylogging (also known as key logging or key stroke logging) is the use of a device (hardware) or program (software) to record each key stoke made on a computer. It records everything, such as emails, instant messages, documents, spreadsheet entries and most importantly, account numbers, PINs, login names and passwords. After gathering the information, the keylogger creates a log file and sends it to a specified recipient, if it is a software program. In the case of hardware, the person who installed the keylogger must retrieve the device in order to access the log file.

Types of Keyloggers

As a commercially available device, the keylogger comes in several forms. It can be connector between the computer and the end of the keyboard plug that looks to most users like it is supposed to be there (if they happen to notice). Some can be easily installed inside a standard keyboard. There are also replacement keyboards available with a built-in keylogger.

Keylogger software can be purposefully downloaded or installed unbeknowns to the user via a virus or spyware, which is then executed using a Trojan or rootkit. This will usually install two files in the same directory. One is a DLL (dynamic link library) file to perform the keystroke recording. The other is an .EXE (executable) file, which installs and activates the DLL. Such software programs are simple for a hacker to write and insert into an email directing the user to respond, or click on an attachment. Keyloggers also reside on various websites waiting to install themselves on unpatched or unsecured machines which visit their site.

Keylogging also has constructive purposes including software development. The examination of keystrokes will indicate any errors, which developers can easily correct. Some employers use keylogging to determine the productivity of employees, or to ensure work computers are used for business purposes. Law enforcement officials may use keyloggers to circumvent applied security measures and obtain passwords or encryption keys. Concerned parents might use them to monitor their children's online activity.

Keylogging Concerns

There are also nefarious reasons behind the practice of keylogging. The paramount purpose is money. Malicious keyloggers want to obtain usernames, passwords, PINs or other information necessary to access bank accounts. This is why keylogging is a legitimate concern. Keylogging is not limited to everyday hackers or 15 year-olds testing their hacking skills. Organized crime is also using coordinated keylogging strategies to obtain sensitive financial information. A common practice is for criminals to plant a keylogger or skimmer over the top of a gas pump to collect the data off of the debit or credit card inserted into the skimmer. These can be 3D printed to fit perfectly over the legitimate slot. Also, small cameras are usually planted to capture the debit card's pin.

What Can I Do To Protect Myself?

It is difficult to totally prevent keylogging at this time. Commonsense measures are the best defense, many of which are described in other courses within this Training, Education, and Awareness Module. Things to consider so you may forestall keyloggers include the following:

1. Take note of all programs running on the computer. Microsoft Windows users can open Task Manager by pressing "Ctrl+Alt+Delete" and selecting Task Manager. If you do not recognize a program, get advice immediately to determine if it should be uninstalled.
2. Do not respond to fraudulent emails. Be wary of emails from banking or financial institutions (whether it is one you use or not), and Pay Pal.
3. Ensure the computer is patched and up-to-date. Windows users can run a program from the Microsoft site to scan the machine, check for updates, and download patches. This service can be set to run automatically when Microsoft releases new patches.
4. Keep the antivirus program up-to-date. Most antivirus programs now update and scan automatically, but check to make sure it is functioning properly.
5. Install a personal firewall. Many firewalls are also inexpensive or free of charge. These firewalls stop incoming programs from the Internet, and outgoing information sent by programs on the computer.
6. Visually inspect the back of the computer. Look specifically for a small connector device between the keyboard wire and the computer.

Quiz: Keylogging

Test your knowledge by answering the following questions!

Question: 1. A keylogger is only a hardware device that can be easily spotted.
True
 False

Question: 2. Keyloggers can be helpful and used for good reasons.
 True
 False

Question: 3. Keyloggers can obtain your personal login information and provide someone else with access to your financial accounts.
 True
 False

Question: 4. There is nothing you can do to prevent a keylogger from getting on your computer.
True
 False

Everywhere you look you see people of all ages utilng smart phones, tablets, laptops and other devices to thrive in an online, connected world. Utilizing these devices for work and for pleasure can be extremely convenient and entertaining, but these benefits can come at a very high price if leveraged by a cyber-criminal to gain access to your financial accounts and other sensitive data.

Many people go to great lengths to protect their device, purchasing insurance in the event of breakage and high performance cases to defend against scratches, dents and dings. While protecting the device is important, the data held within the device is worth far more but is often not protected accordingly.

There are a number of best practices that you can follow to protect the data stored on the device and to improve mobile security to defend against a cyber-attack.

Know Your Risk

Let's start by considering the worst case scenario.

Imagine if your phone or device was stolen. What type of information could the criminal potentially have access to? Would the costs of having information stolen be worth the convenience of having certain items at your fingertips?

Would certain data on your phone make you vulnerable to cyber criminals looking to sell your data to the highest bidder, threatening your financial stability or possibly your reputation? If this is the case, evaluate these areas of security and be more mindful of how you are storing and sharing information on your device.

Did you know...

• One laptop is stolen every 53 seconds.
• 70 million smartphones are lost each year, with only 7 percent recovered.
• 4.3 percent of company-issued smartphones are lost or stolen every year.
• 80 percent of the cost of a lost laptop is from data breach.
• 52 percent of devices are stolen from the office/workplace, and 24 percent from conferences.ⁱ

Most mobile device users have either lost a device or had it stolen or know someone who has. To reduce the risk of becoming another statistic, care and attention should be taken when using mobile devices in public places. Do not let your device out of your sight. If you have to leave it unattended try to keep it physically locked away or otherwise secured. When traveling be sure to transport your device as carry-on luggage when possible. Further, if you must leave it in a vehicle make sure that you place it in the trunk or other secured area BEFORE you arrive at your destination.

Know Your Security Settings

Most devices today have security settings. The easiest and most effective way to safeguard your data is to set a password as soon as you get the new device. Using a six-character password or a passphrase can reduce the risk of data being accessed by a tech-savvy criminal.

When you have your password set, do not share it with anyone else. If you must make an exception for someone you trust, be sure to change the password after they have finished using it.

Many phones come with voicemail password preprogramed. If your device has this feature, change it immediately to a private password that is difficult to guess. Additionally, a number of smart phones allow a user to access voicemail from any phone. This feature makes voicemail vulnerable to hacking. Follow the prompts that require a password to retrieve voicemail from the device or remotely by activating password settings.

If your device offers a remote find capability, please consider using it. Once enabled, your device can be remotely locked or wiped, while displaying a message so that an honest finder of the phone may return it. If the person is not honest, the phone can be remotely wiped. This is a good safeguard in case your phone ends up in the wrong hands.ⁱⁱ

Yes, There's an App for That, But is it Safe?

Who doesn't love an app? For work or play, apps have made us more efficient and placed entertainment at our fingertips. However, some of these apps have known "malware" that try to steal information from your phone. To offset the risk, there are mobile security apps that will check your phone for malware and notify you if any are found.

Even these protections are not fool proof, so be cautious and only download apps from a reputable seller or site.

Look for an app that lets you control your phone remotely in the event that it is stolen. Some apps can give you full control of your phone should it be stolen, allowing you to track its location or even to completely wipe all personal data stored on the phone.

Many apps require permission to access contacts, calendar, and photos, which means that it can access and copy your information anytime and as often as the application wants. Be mindful of how much access you are granting apps. To reduce your risk of a malware infection, be cautious of malware apps that are bundled with popular games being offered for free through a third party store. Those offers that sound too good to be true should raise a red flag.

Private Eyes are Watching You

According to www.itbusinessedge.com, third-party analytics companies are gathering your physical movements to determine what stores you enter, for how long, and which stores you bypass, and then selling that data to retailers.  They are able to do this by tracking the unique MAC address included in broadcasts your device sends out when updating the list of available Wi-Fi networks, even when you don't connect to these networks or take any action.

If your device is Bluetooth capable, make sure 'Discoverable' mode is disabled. This prevents your phone from being detected by others scanning for Bluetooth devices in the area. This is the default setting on nearly all newer phones.

Backup Your Data

Use backup services that you trust or that sync well with your devices to ensure that, should your phone get stolen, you have important data safely stored for easy access.

To Recap

Taking the following actions will help you protect your information stored on mobile devices such as smart phones and tablets:

• Set a strong password of at least six characters on your device
• Set a password for your voicemail account
• Store your device securely when not in use
• Be careful of the apps that you download and install on your devices
• Follow best practices for securing your particular device such as turning off Wi-Fi and Bluetooth
• Try to back up your data at least once a week to ensure that if your device is lost or stolen that your data can be recovered

ⁱ http://www.channelpronetwork.com/article/mobile-device-security-startling-statistics-data-loss-and-data-breaches

Quiz: Mobile Device Security

Test your knowledge by answering the following questions!

Question: 1. A strong password, passphrase or pattern security should be enabled if available on your device.
 True
 False

Question: 2. Backing up your data once a month is a best practice to ensure that if your device is lost or stolen that your data can be recovered.
True
 False

Question: 3. You should always store your device securely when not in use.
 True
 False

Question: 4. If your device is Bluetooth capable, you should make sure "Discoverable" mode is disabled.
 True
 False

Question: 5. Free apps and games are always safe to download and use.
True
 False

Trashing Your Computer Is More Than Tossing It

Why Should You Care?

When you have a computer no longer serving your needs or ready for retirement, can't you just throw it out with the trash? Definitely not! There are environmental and security issues to consider. Computers contain heavy metals which pose environmental hazards when disposed of improperly. Likewise, you also should not sell your computer on eBay, Facebook Market, Craigslist, at a flea market, or donate it to charity without taking some basic precautions.

Your computer contains personal and private information you would not want to fall into the wrong hands. Important information is contained not only in the files on your computer, but also in the registration keys of installed programs, and cached credit card numbers and login information retained in your web browser. It is imperative to be mindful of security risks when disposing of an old computer.

What Should You Do First?

The first course of action is to copy all the data from your old computer onto a USB drive, DVD, CD, or external hard drive. Copy everything, as it is better to have too much data than to wish you had copied something you will no longer have access to later. Old files can then be transferred to a new computer as needed.

How can you protect yourself?

It is important to be aware that simply deleting old files and emptying the recycle bin does not keep someone from gaining access to personal information. Although you may not be able to see the files, they still reside on your hard drive, and the information can easily be accessed.

The most common way to ensure your old computer really is clean is to erase or "wipe" the hard drive with a software program specifically designed to destroy all the information resident on the drive. Perform an online search for secure file or disk deletion tools, hard drive erasure utilities, secure erase applications, or programs that ensure the blocking you need. Many of these options are free, but some may have a nominal cost.

Options You Should Consider For Disposal

There are things you can do easily to avoid merely throwing your wiped computer away, such as reselling it, recycling it, donating it, or giving it away:

• Resell - Craigslist or eBay are good online options for reselling a computer. If the computer is very old, potential customers might consider it "vintage" and be willing to pay a good price. You can also search for organizations or individuals looking to buy old computers.
• Recycle - Search for local for-profit and nonprofit recycling companies that will pick up the computer and dispose of it properly for you. If you are buying a new computer, the company you purchase from will often recycle the computer for free. You may also check with the Environmental Protection Agency (EPA) for more information on computer recycling at http://www.epa.gov/smm-electronics.
• Donate - Look for local associations accepting donations for schools, nonprofit organizations, or individuals with disabilities. Otherwise, check with those businesses directly regarding donations.
• Give it away - Give it to your parents or grandparents and teach them how to use e-mail and navigate the web. Older computers are great for these basic tasks, and it will empower and provide confidence for those not as familiar with online communication. Spread the word to see if any friends are looking for a computer. Some people may even want to use extra computers for print servers or email stations.

In Conclusion

The bottom line? Never toss a computer out with the trash. Given the numerous alternatives, there is certainly an option that will work for your situation. Regardless, be sure to back up then wipe the computer completely using one of the free or low cost options available.

Quiz: Trashing Your Computer Is More Than Tossing It

Test your knowledge by answering the following questions!

Question: 1. It is acceptable to dispose of a computer in the garbage or trash.
True
 False

Question: 2. Others cannot access anything on your computer without your username and password.
True
 False

Question: 3. It is very expensive to purge your computer of credit card and social security numbers.
True
 False

Question: 4. Options for disposing a computer include donating, recycling, reselling, or giving it away.
 True
 False

Avoiding Online Thieves

• Did you know? Thieves are using e-mail to attempt to steal customer's account information!
• Did you know? With just a bit of knowledge, you can be safe.
• Did you know? It's up to YOU to protect yourself and help your financial institution fight back!

Tell me more!

As you may have heard in the news, the scam is called "phishing". A thief sends out an e-mail which looks just like it came from your company or an enterprise with which you are familiar. It may include your company's name, logo, and even wording from your company's website. It also includes a convincing message explaining why you need to log in and verify your account information. Don't do it!

This e-mail is a fake, meant to lure you to a website that doesn't belong to your company at all. It is simply a vehicle used by the thief to steal personal identifying information about you. Identifying information is any information that can be used to identify you, including your user name, password, debit and credit card numbers, and account number.

If you fall into the trap and enter your login name and password on this fake webpage, the thief will be able to use your login information and make transactions on your account! If you know how to identify a phishing attack e-mail, you won't fall into the trap and your money will stay safe. The attacker can't get your identifying information through a phishing e-mail unless you give it to them.

What do I look for?

Be aware of any e-mail that asks you to log in to your account, verify your account, or provide any other identity information. Be wary no matter what reason is given, and no matter how convincing the e-mail may be.

Follow these simple rules and you should be safe:

• Don't click on any links within an e-mail asking you to access your account or to verify PIN numbers, passwords, or other sensitive information.
• If you get an e-mail that appears to be from your financial institution asking you to log in or for other information, immediately contact your member services group and report the incident. Be prepared to forward a copy of the message to them for review if requested to do so.
• If you or someone in your family mistakenly follows a link and provides sensitive information, immediately call your financial institution so they can monitor your account or change your account number.
• Remember, the thief copies text and images from banking websites to make the e-mails look authentic and fool people into divulging sensitive information.
• Never give out your personal or account login information after following a link from an e-mail, even as "identity verification" for a contest. Attackers frequently use such tactics to lure you into giving up identifying information.

Your financial institution has taken strong measures to ensure the security and safety of your account and its overall online banking system. By staying alert to potential security threats and keeping in mind the suggestions listed above, you can help us keep online banking extremely safe and secure. Follow the good practices and use the knowledge we've provided here, and you will be much more prepared to enjoy the conveniences of online services with peace of mind!

Quiz: E-mail Safety Training

Test your knowledge by answering the following questions!

Question: 1. You get an e-mail that looks like its from your credit union telling you of a new security system the credit union has installed. The e-mail says that because of the new security system, you need to log in to your account and verify your identity. There is a link to the website. What should you do?
A. Follow the link and log-in to your account to verify your security information
B. Forward the e-mail to everyone you know who also has an account at the company
 C. Call the company on the telephone to verify the e-mail came from them and report it
D. Reply to the e-mail and ask them to remove you from their list

Question: 2. A phishing e-mail can have which of these elements taken from your company?
A. Credit Union's name
B. Credit Union's logo
C. Text from the credit union's website
 D. All of the above

Question: 3. Identifying information is:
A. Information which identifies kinds of fish
B. Any information used to identify a person
C. Name, social security number, account numbers, ID numbers
 D. Both B and C

Question: 4. Phishing is?
A. Touring the country with a rock band
 B. A scam which attempts to steal identifying information
 C. Baiting a hook, tossing the line, and reeling in the fish
D. A new line of aquatic cars

In today's electronic world, it is extremely easy to shop and purchase goods or services on your computer, without ever leaving your home. Certainly, there are many benefits — cyber storefronts are always open and bargains are abundant. It is simple to comparison shop with the click of your mouse, and sellers can offer lower prices because they do not have to pay premium overhead costs for rent or sales clerks.

But, is it safe to shop online? The NCL (National Consumer League) National Fraud Information Center (http://www.fraud.org/) has gathered statistics related to complaints related to the Top Ten Internet Scams that indicate Fraud Trends. In 2018, the most common place to be scammed is through interaction over the internet. And, of the top 10 scams, the most prevalent by far at 43.47% is through purchase of general merchandise online.

The upside is that there are steps you can take to protect yourself and enjoy the benefits of shopping online.

What can you do?

You can take numerous security precautions while shopping online. The following tips provide excellent points from which to start:

• Know who you are buying from - Get the phone number and physical address of the seller. Check with the Better Business Bureau or other consumer protection agency to see if there are complaints lodged against the merchant. Check their website to see if they support or belong to programs that encourage good business practices.
• Pay with a credit card - Paying with a credit card is safer than using a debit card, check, or cash. A credit card gives you the ability to legally dispute charges for goods that you never received, ordered, or were misrepresented to you. If there are unauthorized charges on a credit card, your liability is limited to $50, under federal law.
• Look into single-use credit cards from your card issuer - Credit card issuers are adopting a new technology that allows you to make charges to your credit card account without using your real credit card number. This protects you from additional bogus charges by the seller or an unscrupulous employee of the seller.
• Know exactly what you are buying and how much it will cost - Understand the seller's description of the product and read all the fine print. If it sounds too good to be true, it probably is! Factor in all charges, including shipping and handling. Be sure to comparison shop other sites to validate the cost.
• Print and save records of all online transactions - Make copies of the product description, price, receipt and even the main web page of the seller with contact information. File this paper trail in the event you might need it later.
• Verify the privacy policy of the seller - Consider what information the merchant is collecting, why it is being collected and how it will be used or disseminated. If there is no privacy policy, expect that all your information will have no safeguard, and consider going to another seller.
• Check out warranty and service information - Determine if the product comes with a warranty and if the seller provides service should you need it.
• Confirm that the seller has a return policy - Find out if the seller will allow you to return the item if you are not satisfied. Also determine if you are responsible for shipping and handling for the return, and if there are restock fees.
• Validate the security of your transaction - Legitimate merchants will utilize Secure Socket Layer (SSL) or HTTPS, which encrypts information you send over the Internet. Look for one of these signs that your transaction is secure:
  • The web address changes from "http" to "https". The "s" indicates that the site is now secure.
  • Your browser shows a closed lock icon next to the URL or website you are broswing to. Unencrypted web pages may display an open lock or give a warning that the site is insecure.
  • Consider what the website says about how the seller safeguards your information during transmission and storage. Understand that criminals can say the same thing, but are likely lying.

Never provide sensitive information in an email to the seller, or anybody else!

What about Internet auctions?

The same rules mentioned above apply to online auctions. In addition, it is advisable to become familiar with the site before bidding. This includes ascertaining what protections are available to auction buyers, and gleaning as much information as possible about the seller.

What can I do if I need help?

If you have problems with an online shopping transaction, try to reconcile directly with the product seller or auction site director. If you cannot resolve the issue, contact and file a complaint with one or more of the following:

• The Better Business Bureau at https://www.bbb.org/consumer-complaints/file-a-complaint/get-started.
• The National Association of Attorneys General at https://www.naag.org/ or the attorney general's office in your state.
• The Federal Trade Commission's Consumer Complaint Form at https://www.ftccomplaintassistant.gov/#crnt&panel1-1. or your county or state consumer protection agency, which varies by region and can be found online.
• If the merchant is located in a foreign country, go to https://www.econsumer.gov/.

The bottom line!

You can take advantage of the Internet's great shopping opportunities and still have peace of mind.

Quiz: Online Shopping Safety

Test your knowledge by answering the following questions!

Question: 1. True or False. It is safe to shop online at any site without fear.
True
 False

Question: 2. True or False. The National Consumer League reported that 72% of all complaints they received were related to online shopping fraud.
 True
 False

Question: 3. True or False. A web address that starts with https is a secure site through which to transmit information.
 True
 False

Question: 4. True or False. There is no recourse if you are dissatisfied with an online purchase.
True
 False

• Did you know? Your password is the key to your accounts!

With your password, someone could gain access to your accounts, transfer funds, and steal your money. Knowing how to make a strong and secure password can keep strangers out of your accounts! This short tutorial can teach you how to create a password that is easy to remember, yet complicated enough to foil most security attacks.

• Did you know? The most common way your password is compromised is by someone simply guessing what it is, based on some simple rules?

Common Password Guessing Rules:

1. Try "password"
   • The word "password" is a common password
2. Try Personal Information
   • Passwords often contain the name of a spouse, child, relative, pet or alma mater
   • Telephone numbers and social security numbers are common
   • Cities and States, especially home towns
   • Home addresses
   • Work Addresses
   • Vehicle License Plates
3. Try some variation of the person's username or email account
   • Username spelled backwards
   • Email address used for password
   • A number before or after the username
4. Try common and easy to type keyboard sequences
   • qwerty
   • 123456
   • asdfg
5. Any word that can be found in a dictionary
   • Password guessing programs use 30,000+ word dictionary lists as their first attempt

If someone wants into your account and you have a common password, thieves can quickly guess your password.

So, how do you make a strong, secure password?

• Mix in numbers and punctuation
• Intersperse capitals with lower case letters
• Use at least twelve characters if allowed
• Change your password at least every 90 days
• Make sure you can remember it somehow!

The following five steps can help you to make and remember a strong password!

1. Choose a phrase. It can be your favorite quote or reference, but don't make it the quote on the calendar next to your desk.
   • "Security is a process, not a product"
2. Use the first letter of each word. Using the phrase above to generate an acronym creates an easy to remember sequence of fairly random letters.
   • "siapnap"
3. Substitute numbers for letters. You can do some or all, but the following are the easiest to remember.

1. • "s14pn4p"
2. Capitalize all the nouns and reinsert punctuation.
   • "S14P,n4P"
3. Make sure at least one symbol character is used. If no punctuation was inserted in step 4, add some symbol characters to your password.
   • "S14P,n4P!"

Considering just how important the "key" to your accounts is, we would like to encourage you to make a strong password!

Your financial institution has taken strong measures to ensure the security and safety of your account and its overall online banking system. By staying alert to potential security threats and keeping in mind the suggestions listed above, you can help us keep online banking extremely safe and secure. Follow the good practices and use the knowledge we've provided here, and you will be much more prepared to enjoy the conveniences of online services with peace of mind!

Quiz: Password Security Training

Test your knowledge by answering the following questions!

Question: 1. What are some examples of weak, easily guessed passwords?
A. Alice
B. 'password'
C. New York
 D. All of the above

Question: 2. Why are passwords important?
A. They can get you into the magic cave
B. If you get a password in the game, you get to pass
 C. They are the key which allows access to your account
 D. They are your pet's names

Question: 3. A good password includes:
 A. Capital letters, lower-case letters, numbers, and symbols
 B. All capital letters
C. A name from the dictionary
D. three characters

Question: 4. Of the following, which is one of the five steps to making strong passwords:
A. Picking random letters from the alphabet
B. Spelling password backwards
C. a complex math equation
 D. Using the first letter of each word in an easy to remember phrase

What Is Ransomware??

Did you know? Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid.

First, let's talk about Malware: The term malware is a contraction of malicious software. Put simply, malware is any piece of software that was written with the intent of doing harm to data, devices, or to people. Viruses, trojans, spyware, and other similar software are different kinds of malware.

Okay, so now, WHAT IS RANSOMWARE?

Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by encrypting the users' files unless a ransom is paid. More modern ransomware encrypt certain file types on infected systems and force users to pay the ransom through certain online payment methods to get a decryption key.

At its heart, ransomware mimics the age old crime of kidnapping: someone takes something you value, and in order to try to get it back, you have to pay up.

FACT: May 12^th saw the biggest ever cyber attack in Internet history. A ransomware named WannaCry stormed through the web. In the first few hours, 200,000 machines were infected. When it was all over, approximately 400,000 machines were infected.

But why target the average user?

• Because you don't back up your data;
• Because you have little or no cyber security education, which means you'll click on almost anything;
• Because you may not have baseline cyber protection in place;
• Because you don't keep your software up to date;
• Because you often rely on luck to keep yourself safe online ("It won't happen to me" mentality);
• Because you still rely exclusively on antivirus to protect your computer from all threats, which is frequently ineffective in spotting and stopping ransomware;
• Because of the sheer volume of Internet users that can become potential victims (more infected PCS = more money).

Ransomware can be downloaded onto systems when visiting malicious or compromised websites. Some ransomware are known to be delivered as attachments from spammed email or downloaded from malicious pages through malvertisements (malicious advertisements).

Once executed in the computer, ransomware can either (1) lock the computer screen, or (2) encrypt predetermined files. If the ransomware locks the computer screen, a full-screen image or notification is displayed on the infected system's screen, which prevents victims from using their system. This also shows the instructions on how users can pay for the ransom. The second type of ransomware prevents access to files like documents and spreadsheets.

Some key characteristics of Ransomware include:

• It features unbreakable encryption, which means that you can't decrypt or unlock the files on your own.
• It has the ability to encrypt all kinds of files, from documents to pictures, videos, audio files and other things you may have on your PC;
• It can scramble your file names, so you don't know which data was affected.
• It will display an image or a message that lets you know your data has been encrypted and that you have to pay a specific sum of money to get it back;
• It requests payment in Bitcoins, a virtual crypto-currency that is difficult to track by cyber security researchers or law enforcements agencies. More recently, the "bad guys" have listed alternative payment options such as iTunes and Amazon gift cards.
• Usually, the ransom payments have a time-limit, to add another level of psychological constraint to this extortion scheme. Going over the deadline typically means that the ransom will increase, but it can also mean that the data will be destroyed and lost forever.
• It uses a complex set of evasion techniques to go undetected by traditional antivirus;
• It can spread to other PCs connected to a local network, creating further damage;

Know that paying the ransom does not guarantee that you will get the decryption key or unlock tool required to regain access to the infected files.

How can I prevent an attack?

1. Back up your data on an offline hard drive.
2. Install all Windows updates timely.
3. Use a reputable security software to prevent attacks in the future.
4. Use safe browsing techniques; don't visit sites you're not familiar with.

Quiz: Ransomware

Test your knowledge by answering the following questions!

Question: 1. Why is the average home user targeted?
A. Because they have just the right malware detector
B. Because they keep their software updated
C. Because they have secure passwords
 D. Because they don't back up their data

Question: 2. We can prevent ourselves from being a victim of a Ransomware attack by:
A. Installing Windows updates when they come out
B. Installing reputable security software, which will detect and prevent attacks
C. Back up data to an offline hard drive
 D. All of the above

Question: 3. The worst Ransomware attack (in 2017) was named:
A. #ShowMetheMoney
B. MakeMeCry
 C. WannaCry
 D. Hand0ver$

Question: 4. Characteristics of Ransomware include:
A. You can decrypt or unlock the files
B. You can pay in pesos
 C. The ransom payments have a time-limit
 D. It cannot be spread to other PCs on the network

Making Secure Transactions Away from Home

In today's increasingly connected world, we may need or want to use a computer away from our home. As any traveler can attest, computer kiosks are in every airport and in many coffee shops. Wireless networks are also everywhere, many of them free or available for a small fee. This proliferation of computers and networks makes it very easy to check your email, chat with friends, or even balance your checkbook from just about anywhere.

That being said, a fundamental question should be lurking in the back of your mind as you reach for the mouse on one of these machines. "Can someone steal my information if I use this computer?"

The answer is "YES!"

Since you cannot know what software or hardware has been installed on these computers, it is impossible to be 100% sure that someone has not installed something that will capture your username and password or your account information. Any computer that you do not own or control should be treated as if it is infected with viruses and other malicious programs and should never be trusted. Only use a computer other than your own in the direst of circumstances.

But I really need to check my email! What do I do?

If you need to check your email on a routine basis when away from home, it is recommended you use a smart phone or tablet device with cellular network access. Because you have control over the software installed on the device, you can have a greater level of assurance that someone is not stealing your information. If cellular access is not an option, you could use Wi-Fi, but if it is not a trusted network, look into using a virtual private network (VPN) connection for added security.

If you find yourself in a bind and really have to check your email, take these precautions:

• If possible, use a friend's or relative's computer. While there is still a risk of compromise, it is much less than using a strange public computer. Just ensure they have followed the same guidelines (see the "Home Computer Tips" course) on protecting their home computer.
• If you must use a kiosk, use a secure login to your email accounts. This is any login that creates the small lock icon on the corner of the screen when you login. The lock indicates that you have obtained Secure Socket Layer (SSL) encryption. While this should stop someone from reading your username and password from over the network, it will not stop key loggers. Collectively, key loggers are special hardware and software designed to record every keystroke and copy your passwords as you type them. Be sure to log out of your e-mail session as soon as you are finished.
• As soon as possible, use a trusted device to change the password on any accounts that you accessed away from home. Even if you think you can trust the computer you used, it is always a good idea to change your passwords (see the "Passwords" course), just to be safe.
• Lastly, monitor those accounts for unauthorized access over the next few weeks. You can do this by checking the daily transactions to ensure that only legitimate activity has occurred.

You should NOT check any financial accounts from an unknown computer. You should also avoid accessing any system that contains sensitive personal information. The threat here is not only someone stealing the information via software or hardware, but someone may also be able to see over your shoulder, either in person or via a security camera. Simply displaying your personal information on the screen could lead to it being stolen.

Even if you are using your personal cellphone, you should ALWAYS use SSL encryption whenever possible. Before entering any login or password information, always check to see if the site you're accessing provides an encrypted means of login. Typically the site will have a statement similar to "Secure Login" or "Login over SSL". Using the encrypted login at least ensures that the connection between the two computers is protected from eavesdropping.

Quiz: Making Secure Transactions Away From Home

Test your knowledge by answering the following questions!

Question: 1. True or False. Never trust your friends or relatives' computers. They are out to get your information so they can go on a wild shopping spree at Wal-Mart.
True
False

Question: 2. True or False. Encryption should always be used when possible, especially if accessing sensitive information.
 True
False

Question: 3. True or False. Nobody can steal my information regardless of what system I use because they do not know my password.
True
False

Question: 4. True or False. Your own cellphone or laptop is a good way to check your email while on the road.
 True
False

Smart Home Security: Preventing a High-Tech Home Invasion

Over the last few years, the popularity of smart home devices has exploded. The average US household has more than two smart tech devices, which can include smart speakers, smart thermostats, smart doorbells etc. These devices are designed to make life simpler, and they do in many ways. However, they also add at least one complexity to everyday life - the need for additional security measures.

Smart home devices are just that - smart. They have the ability to listen and respond, which is what makes them so helpful. Their responses are fueled by technology and information that is pulled into your home over the Internet. Internet access points are additional entryways into your home that must be secured.

Open to the Elements

Think of Internet access points as doors or windows on your house. If you add a new door, for example, you'll want to make sure you can close it and lock it, right? For that to happen, it needs to be a good-quality door that is correctly installed. You'll want to use the appropriate locks, hinges, weather stripping etc. If not, the door will fail to keep the elements out and won't protect your home and your belongings from malicious actors.

The door also needs to be well maintained. If it falls into disrepair and doesn't close or lock properly, it will eventually be unable to effectively secure your home. Lastly, your door needs to be used properly. If you leave it wide open, anyone or anything can get into your home, including cold air, thieves, bugs, rogue animals, etc.... you get the picture.

The same rules apply to smart home, smart tech, or Internet of Things (IOT) devices. Proper procurement, installation, maintenance, and use are essential to ensuring security. Below are a few suggestions for keeping your smart home secure:

Proper Procurement

This is an important foundational step. You need to buy high-quality smart home devices from reputable companies. Off-brand items from questionable entities likely do not offer the kind of security settings and maintenance support you need to help keep your device secure and your home safe.

Intelligent Installation

Proper set up/configuration is key to suitable installation. When installing a smart device, don't blindly accept the initial settings. Devices come with preset or default settings. Often these are at the lowest possible security level because that makes set up faster and easier. While that can speed up the installation process, it may leave you open to security vulnerabilities later on. Investigate what security and privacy settings are available. A few hints here:

• Extra Authentication -- Some devices may allow for two-factor authentication, but don't usually default to that setting. You have to choose it. Two-factor authentication creates a two-step process for logging in, requiring a username and password combination, plus additional proof of your identity. This can be a fingerprint, facial recognition, a security token or a separate security PIN. The extra step makes it much more difficult for cyber attackers to hack your device and is well worth the small amount of extra effort on your part.
• Mind the PII - Many devices will request your Personally Identifiable Information (PII) during set up. PII is defined as data that can identify you, such as your birthdate or social security number. It is not usually necessary to enter PII into your device in order to use it. If the device you are using requires PII, you may want to consider a different model. Once you disclose PII you have little-to-no control over where it goes or with whom it is shared. If it gets into the wrong hands, your personal security and even identity could be at risk.
• Router Security - Your smart device will either connect directly to the internet via an app or it will use your router to gain internet access. If the latter, be sure you secure your router effectively by following these steps:
  • Beef up your credentials. Your router requires an admin password to access settings and you have a wireless network password to access the wireless. Both need to be challenging passwords that follow proper password protocol. Never leave them on the default settings.
  • Enhance your encryption. Set your router to Wi-Fi Protected Access II (WPA2) or WPA3, which are the strongest encryption settings.
  • Maintain your firmware. Firmware is the software that controls your router. Be sure your router is still supported by the manufacturer, who should be pushing out regular updates. Many routers update themselves. If yours does not, you can learn how to conduct manual firmware updates on the support website or documentation for your router.
  • Disable insecure or unused features. Turn off the features you shouldn't use, such as Universal Plug and Play (UPnP), which allows remote access to your router. Malware can use UPnP to infect your devices. You should also disable Wi-Fi Protected Setup (WPS). This is another feature that exists to make setup easier, but is very easily compromised and not worth the risk.

Preventative Maintenance

Proper maintenance means staying vigilant about the functionality of your devices. Anything that uses software -- from your burglar alarm system to your printer - requires support and maintenance.

• Update Regularly - In addition to the aforementioned firmware updates on your router, you need to be sure you are keeping all of your devices updated. Software updates are about much more than just new feature developments. They provide security patches that can help prevent the latest cyberattack methods. Since cyber attackers are constantly evolving their tactics, software security must respond in kind. That is why software updates on all of your devices are so important. Some devices are self-updating. Others have associated apps which will alert you when updates are available.
• Stay Supported - Make sure your devices are still supported by the manufacturer. A supported device will have regular software updates available. However once device support is discontinued, that device is no longer updated to guard against the latest hacking methods. Software manufacturers are required to send out notices when they discontinue support. However, users often ignore these notifications, so you may have to manually check. If you have a device that is no longer supported, it is best to trade it in for a newer model.

Responsible Usage

The security of your smart home device is at the mercy of its users. Careless usage of any device will result in security issues. A few things to keep in mind:

Mind the PII (again) - After a device is set up, there will likely be other instances where personal information is requested. This can happen after software updates are completed or when new applications and modules are added. Do not blindly supply personal data in any instance. Be sure it is truly needed before you send it out into the ether.

Secured and Separate WiFi - Never connect your smart device to an open or public WiFi. These networks have very poor security protocols. Additionally, it's wise to put your smart home devices, such as doorbells, thermostats, webcams, etc. on a WiFi network that is separate from the one you plug your computer into. This provides an added layer of security, so if one network is breached you will still have items on a separate network that have not been compromised. You can accomplish this by creating a guest network on your router, in addition to your regular WiFi.

Retiring Devices - When you retire a smart device, it is important to be sure all of your information is wiped before selling it or disposing of it. Smart home devices store a wide variety of data about you, including information about your WiFi network and other devices connected to it. Find the instructions for your device that explain how to perform a factory reset. You will also want to "unlink" your device so it is not connected to anything related to you.

Summary

In summary, effective smart home security boils down to a responsible, pragmatic approach regarding your devices.

• Procure Properly - Buy from a reputable manufacturer.
• Install Intelligently - Setup your device securely to avoid problems down the road.
• Maintain Preventatively - Keep your systems updated to ward off cyberattacks.
• Use Responsibly - Engage with your smart devices mindfully. Once data is shared, it is no longer your own.

Quiz: Smart Home Security

Test your knowledge by answering the following questions!

Question: 1. When you buy a smart home device, it's recommended you:
Find the cheapest option possible
Don't worry about brand reputation
Buy used or second-hand devices
 Buy from a reputable manufacturer

Question: 2. Which of the following contributes to strong smart home security?
How responsibly the device is used
The purchase price of the device
How well the device is maintained
 A and C
 B and C

Question: 3. What is PII?
Personal Internet Information
Professional Internet Information
 Personally Identifiable Information
 Professional Identification Indicator

Question: 4. Which of the following is NOT an effective way to protect your router?
Disable unused features
Set your router to the strongest encryption settings
 Keep using the default passwords
 Keep your firmware up to date

Question: 5. There is no risk in using a device after the manufacturer has stopped supporting it.
True
 False

What is SMiShing?

As technology continues to advance at great speed, smartphone manufacturers race to provide more functions and applications to entice new buyers to purchase their products. Security is one element of these advances, whether it's passcodes, fingerprint scanners, or even facial recognition, all to make sure it's you accessing your phone. These new applications and functions seem safe, give you confidence and are great to use making your device more useful and a key asset in your everyday living. However, these advances are wasted if the user of the phone makes a bad decision.

SMiShing is a combination of the terms "SMS" (short message services, more frequently known as texting) and "phishing." SMiShing is a variation of phishing where you receive a fraudulent email asking you to click on a link or respond with a password. Instead, you receive an SMS message on your mobile phone rather than an e-mail. SMiShing is growing in frequency and sophistication. Often, mass text messages are sent knowing there is a likelihood that a small percentage will fall victim.

How does it work?

The mobile phone user receives an unexpected text message. This could pretend to be from your bank, a dating site or service provider such as a telephone company. All generally ask you to confirm payment details or take action on your phone via a website link they provide within the message. Many SMiShing messages appear to be from your financial institution; sometimes claiming there has been fraudulent activity on your account and will ask you to log into a fraudulent website or call a phone number set up by the attacker. These messages will have a sense of urgency, asking you to confirm a payment or provide account details or the service/payment will be cancelled.

Why is this type of attack becoming successful?

Texting is the most common use of smartphones. A survey by Tecks states that 15,220,700 texts are sent every minute, with Americans alone sending 1.5 trillion text messages a year. Whether from your supermarket or your car dealership, automated text messages are more common than ever. The more accustomed we are to automated texts, the more opportunity there is for cybercriminals to exploit that familiarity.

Most people are aware of the risks of email fraud, such as not opening links within emails that appear strange or unsolicited. You have probably learned to be suspicious of emails that say "Hi, check out this link, or find out more here" where it doesn't contain a written message from the real sender. Plus, we know we must protect our laptops and computers with the latest anti-virus and malware products to keep safe.

SMiShing takes advantage of the fact that people are generally more complacent and less wary of texts to their cellular/mobile devices. Many people wrongly assume that their smartphones are more secure than computers and are unaware of the potential risks.

Smartphone security has limitations and cannot directly protect against SMiShing. Android devices in particular remain a prime target for malware due to wide adoption as well as offering greater flexibility for custom applications. While this greater flexibility benefits its users, it also can benefit cybercriminals. According to an article in Forbes, Comparitech put 21 separate Android antivirus apps to the test over the course of many weeks. Some 47% of them failed in one way or other. Apple's iPhone generally has a good reputation for security, but even it is not SMiShing-proof.

Cybercriminals generally use two methods to steal data and critical information.

1. They may trick you into downloading malware that installs itself on your phone. This malware might masquerade as a legitimate app, tricking you into typing in confidential information that is now accessible for malicious use by cybercriminals.
2. Alternatively, the link in the SMiShing message might take you to a fake website where you are asked to type sensitive personal information that the cybercriminals can use to steal your online ID.

The cybercriminal also relies on the fact that you use your mobile device in a hurry, often when you are on the go, increasing the chance of you to responding/clicking a link in a message without thinking too much about it.

What types of information are the SMiShing Criminal After?

Essentially, they are after your personal data, which they can then use to steal money, access your personal accounts, or even access your company's information if you use your device at work.

More and more people use their personal smartphones for work called "bring your own device" or BYOD for short. Connectivity to a company network could enable cybercriminals to steal critical information or cause havoc to company operations by using your mobile phone as the entry point.

Examples of SMiShing attempts

We would all like to believe we are in line to receive a huge tax rebate! Scammers frequently masquerade as tax authorities, with messages quite often stating, "you are due a tax refund or need to provide some more information to receive this so the Internal Revenue Service can pay back into your account." Unfortunately, this is usually not the case and the cybercriminals are after your personal financial data to exploit it for their own financial gain or perhaps to sell on the black market.

You may think this won't happen to you, but the truth is the more accustomed we are to automated texts, the more opportunity there is for scammers to exploit that familiarity.

Protect Yourself

The following are some ways to protect yourself against SMiShing attacks.

• Simply ignore unexpected or suspect texts from unknown sources. Understand that your bank will not send you a text message asking you to update your account information or confirm your ATM card code. If you get a message that seems to be from your bank, contact your bank using the number provided in your bank statements or checking account to alert them.
• You should regard urgent security alers and "you-must-act-now" text requests as potential warning signs of a SMiShing attempt.
• Never click a reply link or phone number in a message you are not sure about.
• Look for suspicious numbers that don't look like real mobile phone numbers or check the numbers against your account statements or invoices to be sure.
• Do not submit any personal information of any kind when requested to do so via text message.
• Delete any suspicious messages without opening links.
• If you have already entered your bank details after receiving a text message, contact your bank immediately and monitor your account to watch for any strange activity.
• Do not give out any personal information to anyone claiming to be calling from your bank. Always hang up and call your bank using a known, verified phone number to check if they need to speak to you.
• Do not answer or call back if you receive an unexpected call from an unknown international number.
• Install anti-malware software on your phone when available.

Quiz: SMiShing

Test your knowledge by answering the following questions!

Question: 1. What type of device does SMiShing affect?
Apple iPhone
iPad
Android phone
 All of the above

Question: 2. You should click links sent by SMS (text) about your bank account or tax payment.
True
 False

Question: 3. What is the best way to prevent a SMiShing attack?
Delete the text message
Do not respond to the text message
Never click the link or phone number in the message
 All of the above

Question: 4. If you receive a text from a number claiming to be your financial institution saying your account has been compromised, what is the best course of action to take?
Click on the link within the text message
Call the number back from which you received the text
 Delete the text and take no action
 Restart your phone

Question: 5. It is always safe to click a link if the text message seems to come from someone or a company with whom you do business.
True
 False

Social Media Dangers — Social Butterfly Beware

Friending, following, tweeting, instagram-ing, checking-in and linking-up....In today's ever-connected world, people all over the globe are utilizing social media websites and their associated mobile applications.

Social media, although still relatively new and evolving, is here to stay. As such, your goal as a user of the medium should be to understand the potential security issues you may be exposed to through its use.

Did you know that Facebook has 2.4 Billion active users as of 2019 (www.statista.com) and many do not bother with any kind of privacy control? The natural human tendency to trust and the lack of knowledge makes for a quintessential playground for a social engineer on the take.

Knowledge is power, as they say, and the best way to limit your exposure is to understand the dangers of social media and implement solutions to smarter socializing.

Spear phishing, baiting, pharming, elicitation and click-jacking... No, these are not episodes of a reality show on a sports and outdoor channel, these are uncommon names for common tactics used by social hackers. Devious minds with more sinister interests than wanting to hear about what you did over the weekend or who won the corporate volleyball tournament.

These social engineering gurus utilize social media platforms and emerging technology to threaten, track and attempt to take down entire organizations one friend, follower and fan at a time.

"Fraudsters go where the potential victims are and social media sites are a prime breeding ground for fraud. - Elizabeth Khalil - FDIC

"Once a user posts information to a social networking site, that information can no longer be considered private and can be used for criminal purposes," the FBI warns. "Even if you use the highest security settings on your account, others may --intentionally or not-- leak your information. And once in the hands of criminals, this personal information can be used to conduct all kinds of cyber attacks against you or your family members, friends, or business associates in an effort to obtain additional and even more sensitive personal information." (source: FBI)

Even with these sophisticated cyber-tactics, creating a culture of security within your family is well within your reach, in the palm of your hand and at your fingertips. With smart strategies and good old-fashioned common sense, any social butterfly can fly safe and secure. But without these things, social media users could find their wings clipped and victims of a security attack.

Social Media Safety Best Practices

1. Do not use an electronic device, such as a USB thumb drive, given to you from someone you do not know.
2. Avoid having the same password, especially the name of your prized pet, on all social networking sites, banking accounts and access codes.
3. Do not give out your work codes and corporate passwords...ever.
4. Avoid posting on Facebook or Twitter that you are leaving for vacation for a week and that you are bummed your home security system is down.
5. Do not friend people that you do not know.
6. Do not leave your security settings on Facebook inactive.
7. Be mindful of the important information taught during your corporate security training.
8. Remove your Global Position System (GPS) coding in all items.
9. Avoid conducting online banking at a public computer or via public Wi-Fi.
10. Be observant and report suspicious incidents to your internet service provider or the local authorities.

Quiz: Social Media Dangers

Test your knowledge by answering the following questions!

Question: 1. Having different passwords for different social media sites is smart security.
 True
 False

Question: 2. Spear phishing is the concealment of hyperlinks beneath legitimate content which lead the user to unknowingly perform damageable actions such as downloading malware or sending your ID to a site.
True
 False

Question: 3. Conducting online banking at a public computer or on public Wi-Fi is a best practice?
True
 False

Question: 4. It is safe to activate your global position system (GPS) location in all items.
True
 False

Question: 5. Being observant and reporting suspicious incidents will help you build a culture of security.
 True
 False

What is Social Media?

It's so hip and so much fun! Online social networks are a fast-growing trend that is gaining momentum at an exponential rate. Wikipedia defines a social media service as, "interactive computer-mediated technologies that facilitate the creation and sharing of information, ideas, career interests and other forms of expression via virtual communities and networks."¹

There are numerous online social media sites, but some of the most popular in the United States include Facebook, Twitter, Instagram, Tiktok, Snapchat, and LinkedIn. According to eMarketer.com, the reason a preponderance of people use online social network sites is to keep in touch with friends, family, former classmates, and business connections, or just for fun.² While these purposes may seem benign, there are reasons users of online social networking sites should take precautions and be mindful of what they do when visiting these sites.

Why You Should be Careful

If you expose too much information in your profile (such as address, complete birth date, etc.), you run the very real risk of identity theft. If you accept all "friend" or "follower" requests, whether you know the person or not, you make your personal information available to essentially everyone.

Additionally, some employers are using social media sites to research job candidates and for applicant screening. Therefore, items in your profile, as well as posts or pictures you've placed online, could possibly have an adverse effect on your hiring eligibility. Even if you are not looking for a job today, items posted in the past could come back to haunt you at some point in the future. Therefore, it is prudent to be mindful of how things posted today may appear tomorrow.

Bottom line, your identity and reputation are potentially at risk. You should always be vigilant with information you reveal online, and especially while on social networking sites. What might seem like a good idea at one point could prove disastrous to you later. So proceed wisely and make common sense decisions.

How You Can Protect Yourself

Familiarize yourself with Privacy Settings, Security Settings, and/or Account Settings of any social network platform you use. Do not merely accept the default settings; adjust to the strictest point that will suit your needs. You can use these settings to restrict who can access and post on your social networking pages. Also locate and read the Privacy Policies, to ensure you understand exactly how each site shares your information. You should use extra caution when browsing the social networking sites on smart phones and cell phones, which can be just as vulnerable as computers and laptops.

Use anti-virus software and keep it updated. New viruses come out continually and up-to-date anti-virus software will help protect your computer from viruses lurking on a social media site. For more information on this read the TEAM course "Avoiding Viruses and Worms," an earlier topic in this series.

It is also a good idea to use strong passwords to protect your social network account from possible compromise and abuse. Strong passwords use a combination of alphanumeric characters, upper and lower case letters and include special characters such as question marks, exclamation points, asterisks, etc. For more on this read the TEAM course "Creating a Secure Password."

Due to the inherent sociable nature of online social media, people tend to provide more personal information than necessary. As stated earlier, it is good practice to limit the detail in your profile to prevent identity theft. However, there are additional pieces of data that could potentially be harmful as well, not only to you but also to your children using social media platforms. Chief among these is location disclosure. Someone reading the location post could go to that location, and armed with other information gleaned (such as friends' names, interests, hobbies, etc.) could perform a social engineering attack to manipulate or lure you or a younger, more trusting person to them for malicious purposes.

Finally, be suspicious. It is easy for someone to misrepresent himself or herself online in order to gain your trust. Do not believe everything you read. Do not interact with people you do not know. Be wary and vigilant regarding online communications in order to maintain a safe environment for online socializing.

¹ https://en.wikipedia.org/wiki/Social_media
² Anderson Analytics, "Social Network Service (SNS) A&U Profiler," provided to eMarketer, July 13, 2009, www.eMarketer.com

Quiz: Social Networking Online

Test your knowledge by answering the following questions!

Question: 1. You can find a variety of different online social networks for different purposes with different platforms.
 True
 False

Question: 2. It is safe to post all your information in your profile because only your friends will see it.
True
 False

Question: 3. If you change your mind about posting something, you can always delete it and no one will ever see it again.
True
 False

Question: 4. It is a good idea to refrain from posting your complete birth date, address, or places you are going on a social networking site.
 True
 False

Question: 5. You can trust that everyone is who they say they are online.
True
 False

Technology is making life easier for all of us every day, and chances are, you are already utilizing products that are considered IoT devices. IoT or the Internet of Things, refers to the collection of devices connected and controlled over the Internet.

"Alexa, turn the air down to 72 degrees"

"Hey Google, add milk to my shopping list"

"Hey Siri, play classical music"

...all will become more familiar everyday commands as more households and businesses alike embrace IoT. Recent estimates project the number of Internet connected devices to reach 38 billion by 2020, with some studies suggesting an even higher adoption.

It is exciting to experience these innovative products but there is always the need to be aware of the security risks associated with any internet-connected device.

What are some items that make up the Internet of Things?

IoT products are often referred to as "smart" and include mobile phones, cars, refrigerators, coffee makers, televisions, microwave ovens, fitness bands, thermostats, smartwatches, webcams, light switches, door locks, door bells, copy machines, digital assistants and medical devices; almost anything that has an on/off switch and connects to the Internet directly or to is controlled by Internet connected devices.

What are the security risks and concerns of using IoT products?

Many popular IoT products, are manufactured with a goal of convenience for the user through the integration of devices and systems, but not always with security top of mind.

Tracking Your Activity

With your smartphone's range of sensors such as GPS, and connectivity options (Cell, Wi-Fi and Bluetooth), your device can potentially monitor your movements and location, throughout the day. Smart assistants have access to your calendar, contacts, purchase history and more to make your life more convenient.

Tracking Your Home

IoT devices such as Smart Thermostats use sensors, real-time weather forecasts, and occupancy detectors to monitor actual activity in your home. As the smart assistants become "smarter" they record requests to improve responses.

Privacy

IoT devices often sense and collect consumer and personal information and share this with other IoT devices. Have you ever had that feeling you were being followed when you received a notification for a product or service that you had not expressed interest in but it seemed to align with your personal preferences? This may be a sign of IoT sharing.

Not Engineered with Security in Mind

Many manufacturers are designing their products with rigorous security standards. Unfortunately, there are others introducing low-cost, quick-to-market IoT-enabled devices with little to no embedded security defense mechanisms, placing your privacy at risk.

How can you protect yourself in this brave new world of the Internet of Things?

Here are some suggestions:

1. Do not store personal identifying information on any device.
2. Ensure your home network only allows access to authorized users. If devices are password-protected, switch to a two-step authentication process and create complex passwords (password123 will not work!). For instance, develop a password with a combination of lower and upper case letters, numbers and symbols or a passphrase, movie or song that you can remember easily but that has been adapted to make it difficult to decipher. For example, "The Wizard of Oz" could be re-configured into the password, Th3WZRD!ov0Z. Be sure to use unique complex passwords on each of your devices and change them every other month. Or if your home network is capable of creating a secure "Guest" wireless network, attach IoT devices to the Guest wireless instead.
3. Most hacks occur via Wi-Fi or wireless networking, and unsecured Wi-Fi systems are among the easiest to access. The first line of defense against unauthorized access is to make it difficult to gain entry to your network. Again, good password hygiene is imperative.
4. IoT products from a reputable manufacturer. Thoroughly research any IoT devices you are planning to purchase to determine if the manufacturer conducted comprehensive security testing. Publications such as Consumer Reports often provide detailed reviews of these types of products.
5. As a consumer, make a point to conduct research and review user agreements (and other fine print), and consent to IoT updates or purchases only when you feel confident in their security. Find out what information is gathered and stored by your device as well as how the manufacturer uses the information. Privacy principles dictate that users should be able to keep control of their data as well as to be able to opt out of the "smart" environment without incurring negative consequences.
6. Your smartphone is often the device used to manage other IoT devices, opening up an avenue for hackers to gain entrance to your home. Keep your smartphone protected with a strong and unique password that is separate from your internet passwords. Also, install smartphone software updates when they become available.
7. Use and update anti-virus and anti-malware software on all of your Internet connected devices.

The Internet of Things will never be completely safe; but neither is the world outside of the Internet. Just as you take proper precautions to ensure your house is entirely secure against theft, employ the same types of best practices to defend against a potential data breach.

Quiz: Internet Of Things Training

Test your knowledge by answering the following questions!

Question: 1. Which of the following would not be considered part of IoT?
A. Smartphone
B. Laptop
C. Toaster
 D. Anything that does not connect to the internet

Question: 2. How do most hacks occur?
A. A burglar breaks in and uses a desktop computer
B. A hacker obtains a social security number and poses as someone else
 C. An unsecured Wi-Fi network
 D. Shoulder surfing

Question: 3.There is nothing I can do to prevent being hacked through my smartphone:
A. True
 B. False

Question: 4. Most objects connected to IoT are secure:
A. True
 B. False

What are Trojans and spyware?

Trojan: A man-made computer program that can infect your computer but does not spread itself automatically. A Trojan usually masquerades as a legitimate program, such as a game or utility. When executed, the Trojan not only performs the expected function, but also infects your computer. Trojans often gather information about you and/or your computer (files, passwords, etc.) without your knowledge, sending this information back to the person who sent you the Trojan.

In extreme cases, they can also give the sender complete access to your computer without your knowledge. Once this type of Trojan is installed on your computer, the attacker can access and use your computer as if they were you!

Spyware: A computer program that gathers personal data from your computer and information about your activity on the Internet, and reports that information to someone else without your knowledge. Spyware is widely used as a "marketing" tool to gather information about your interests and then target you for advertisements (typically the SPAM e-mail variety) that should appeal to those interests. Spyware can also be a nuisance by slowing your computer down or even making it difficult for you to view certain web pages you would like to visit. Primarily, though, spyware is collecting information about you and your computer usage without your knowledge and supplying that information to others.

Both Trojans and spyware slow down your computer. Spyware may make it difficult for you to enjoy the Internet because you are bombarded with advertisements.

• Did you know? Many people who think their computer must be broken because it's running so slowly are simply the victims of spyware or Trojans!

Trojans can be used to gain control of your computer and view your financial transactions, your private files, or anything else you've used your computer to store. The good news is that you can avoid them.

How does a Trojan or spyware program get on my computer?

Simply put, you install it! Trojans and spyware must be installed to work. If you don't install a Trojan, you will not have one on your computer. The problem is that Trojans and spyware are often hidden inside other computer programs. Trojans and spyware are commonly hidden inside software such as the following:

• Screen savers
• Time and date updaters
• Custom cursors (mouse pointers)
• Weather updaters
• Browser toolbars
• Internet games
• Online word documents

• Did you know? When you are about to install downloaded software onto your computer, you will receive a warning message.

It is very important to know what you are installing on your computer BEFORE you install it! If you are not familiar with the program you are installing, do a search on the web for it. There is a wealth of valuable information available on legitimate programs. If you cannot find information from legitimate sites, or you find information suggesting the program may contain spyware or Trojans, do not install it!

Once spyware or a Trojan is installed on your computer, it can be very difficult to get rid of. Special tools are often required, and it is possible your computer software and system configuration can be corrupted in the process.

What can I do to protect myself?

There are a lot of great programs available to help you protect your computer. A good combination of an anti-virus program (see our training on Avoiding Viruses and Worms) and a spyware detection program is your best bet. Both are readily available through electronic retailers or for download from the Internet. Remember to be careful downloading files, and to make sure they are virus checked before executing them. Many of the spyware tools downloadable from the Internet are free for personal use.

Some key points to keep in mind:

• Know what you are installing before you click 'install'.
• Be wary of installing any software you receive through e-mail.
• Be wary of installing any software you receive as part of a web promotion.
• Do not install software you receive from people or companies you don't know.
• Keep your anti-virus and spyware detection software updated regularly; daily if possible.
• Run spyware checks on your computer frequently. A weekly scan is highly recommended.

Your financial institution has taken strong measures to ensure the security and safety of your account and its overall online banking system. By staying alert to potential security threats and keeping in mind the suggestions listed above, you can help us keep online banking extremely safe and secure. Follow the good practices and use the knowledge we've provided here, and you will be much more prepared to enjoy the conveniences of online services with peace of mind!

Quiz: Avoiding Trojans and Spyware

Test your knowledge by answering the following questions!

Question: 1. What do Trojans and spyware do to your computer?
A. Slow it down
B. Gather information about your computer activity
C. Send information about your computer activity to someone else
 D. All of the above

Question: 2. How do you get spyware on your computer?
 A. You install it unwittingly as part of another program
 B. A member of the CIA installs it on your computer
C. All computers come with spyware installed
D. It is installed automatically when you connect to the Internet

Question: 3. How do you get a Trojan on your computer?
A. You let your friend Troy use your computer
B. Your anti-virus program installed it
 C. You install it unwittingly as part of another program
 D. By installing updates to your software

Question: 4. How do you avoid getting spyware and Trojans on your computer?
A. Keeping your software up to date
B. Using anti-virus and spyware detection programs regularly
C. Don't install software you are not familiar with
 D. All of the above

• Did you know? Computer viruses are among the most common security problems on the Internet today.

What is a virus?

Virus: A man-made computer program that, when opened, infects your computer and attempts to spread itself to other computers. A virus will often attempt to spread via e-mail automatically by sending copies of itself to everyone in your address book.

Worm: Shares most of the traits of a virus, but is able to spread on its own without human interaction.

• Did you know? Viruses need a person to help them! If you don't help them, the virus can't hurt you!

A person must open the virus-infected program in order for the virus to spread. Viruses can be attached to other legitimate programs and run without the user being aware of their presence. That's why it's important to follow some simple rules!

How do they spread?

Viruses are mainly spread via e-mail, although some websites can infect your computer as well. Worms seek out non-infected computers by searching the network, and then spread themselves by exploiting security weaknesses.

• Did you know? It is usually difficult to be infected by a virus without unwittingly installing it yourself!

Computer users often install viruses on their computers by accident. Because viruses spread themselves automatically, they often come from friends or family members without their knowledge. Even though an e-mail came from someone you trust, you may still be in danger of contracting a virus! The purveyors of viruses actually depend on this "trust factor", tricking you into opening the e-mail or its attachments.

For example, let's say you get an e-mail from a friend including an attachment. When you open the attachment, thinking your friend or family member sent it on purpose, your computer becomes infected with the virus. The virus then spreads itself to your family and friends, using your e-mail address book to trick them into believing the message is a legitimately from you.

• Did you know? New viruses are created all the time! Anti-virus programs need to be updated often to keep up!

How do I protect myself and my computer?

• Use an anti-virus program.
• Download updated virus profiles for your anti-virus program as often as practical.
• Set your anti-virus program to scan at start-up.
• Set your anti-virus program to scan each and every file when it's used by the computer.
• Keep your computer software up to date:
  • Operating system updates are critical, the Microsoft Update service is free of charge, and provides a valuable tool to keep operating systems current with the latest security patches.
  • Don't forget to keep your other applications (even your games) updated.
• Don't open attachments to e-mails sent by people you do not know:
  • Tell everyone who uses the computer to do the same.
• If someone you know sends you an attachment, scan it with an anti-virus program before you open it.
• Be very careful when using peer-to-peer file sharing programs, viruses are easily spread on these types of services.
• Make sure to scan all downloads with an anti-virus program before installing.
• Don't install any software or programs unless they are from a source you trust.
• Back up all of your important files regularly:
  • Many viruses corrupt or even delete legitimate files and software.
  • If a virus corrupts your files, and you "clean" your computer to eradicate the virus, you will run the risk of losing the corrupted files.

Your financial institution has taken strong measures to ensure the security and safety of your account and its overall online banking system. By staying alert to potential security threats and keeping in mind the suggestions listed above, you can help us keep online banking extremely safe and secure. Follow the good practices and use the knowledge we've provided here, and you will be much more prepared to enjoy the conveniences of online services with peace of mind!

Quiz: Avoiding Viruses and Worms

Test your knowledge by answering the following questions!

Question: 1. A virus is:
A. A type of computer
B. A problem when you can't get your computer to turn on
 C. A computer program which spreads itself to other computers
 D. A person with an enigmatic personality

Question: 2. What is the difference between a virus and a worm?
A. Worms get into your computer through the ground, but viruses get into your computer through the air
 B. Viruses must be installed to spread, worms don't need to be installed to spread
 C. Worms must be installed to spread, viruses don't need to be installed to spread
D. Worms make a good phishing bait, viruses catch only colds

Question: 3. Viruses are easy to spot in programs because:
A. They only come from strangers; you're friends and family will never send you one
B. All e-mail attachments are viruses
C. You get a fever and begin coughing while looking at the program
 D. Viruses are not easy to spot because they can be hidden in legitimate programs

Question: 4. You can avoid getting viruses by:
A. Using updated anti-virus programs
B. Not opening e-mail attachments from people you don't know
C. Not installing software you're unfamiliar with
 D. All of the above

What is Vishing?

To understand what "Vishing" is you must first be familiar with the terms "VoIP" and "Phishing."

VoIP: VoIP (Voice over IP) is telecommunications or phone calls over the Internet or internal corporate networks.

Phishing: Phishing is an attempt to illegally gather personal information, such as usernames, passwords or credit card details, by acting as a legitimate and trustworthy entity through internet communication. This offense is normally performed through email or text messages, and typically directs users to enter their data onto a website.

Vishing: The word "Vishing" is a combination of VoIP and Phishing, and marries an older form of communication (telephone) with modern technology (VoIP and internet communication). Vishing uses the trusted telephone rather than a link in an email to obtain private, personal, and financial information from those who can be easily coerced into making a phone call and divulging their personal, confidential information.

How Does It Work?

While vishing attacks can originate as an email or a telephone call, the strategy of each is basically the same. The recipient is directed to call a phone number they believe is affiliated with their financial institution or a company with whom they do business.

In a vishing attack, the phone number dialed belongs to the perpetrator's VoIP phone, which is programmed to recognize key strokes or phone tones. Typically, the recipient will hear a message asking them to enter their account number via the phone keypad to verify their identity.

A perpetrator can easily glean valuable numeric information via the telephone. Numbers are easier than letters to transmit when responding to a vishing attack. As a result, victims are likely to divulge the following:

1. Social Security numbers
2. Account numbers
3. Personal identification numbers (PINs)
4. Credit card numbers, expiration dates, and card security codes
5. Birthdays

Due to wide use of these types of data entry methods by financial institutions, most people are comfortable doing this, and feel secure entering in the numbers.

Why Does It Work?

Vishing is successful and attractive to perpetrators because:

1. The telephone is a trusted communication tool
2. The public generally accepts and has adopted automated phone validation systems
3. Specific population groups, such as the elderly, are more easily targeted due to their comfort level with the traditional telephone system
4. Caller ID information is easily masked or misrepresented
5. Automated calling is simple to accomplish
6. The increased use of call centers, often located in foreign countries, promotes victims' acceptance of strangers requesting confidential information
7. VoIP makes it very inexpensive to make and receive calls
8. VoIP provides the ability to route phone traffic internationally using proxies to hide the source of the attacks

Vishing Concerns

Because vishing utilizes VoIP, it is very difficult for authorities to monitor and trace. VoIP provides the ability to mask identity, location, or phone number (spoof caller ID), and provides inexpensive automated systems and anonymity for the person behind the operation. In addition, VoIP providers allow customers to select any area code and prefix, making it easy for a perpetrator to use a local area number to blanket unsuspecting victims by war dialing the vicinity, or sending mass emails. Victims who call the "local" number have no idea their call is being routed to a distant location via the Internet.

Voice recognition technologies have also reached an advanced level and are relatively inexpensive to acquire. Sophisticated vishers are not merely restricted to numeric data and can steal additional information details such as names and addresses via these additional technologies.

Once the perpetrator has gained this information, it is easy for them to perform the following acts:

1. Take control of victim's financial accounts
2. Steal victim's identities
3. Make applications for loans and credit cards
4. Purchase expensive goods and services
5. Transfer stocks, securities or other funds
6. Receive government benefits
7. Obtain personal travel documents
8. Hide criminal activities, such as money laundering

How Do I Protect Myself?

Common sense is your best defense.

1. Be skeptical of anyone contacting you and attempting to gain your private banking or personal information.
2. If you receive an email directing you to call a specified telephone number, disregard it and contact the financial institution directly with a number you know is valid, such as the one from your account statement or telephone book.
3. Educating others can be very helpful. Let your friends and neighbors know what you have learned about vishing and other security related matters and caution them to be on guard for these types of attacks.

What To Do If You Are A Victim Of Vishing

If you think you are a victim of vishing, contact the financial institution immediately and notify them of the issue. Additionally, you should consider contacting the Internet Crime Complaint Center (IC3) immediately at https://www.ic3.gov/complaint. The IC3 serves as a vehicle to receive, develop, and refer criminal complaints regarding the rapidly expanding arena of cyber crime.

The bottom line is that you should always consider and verify the source before divulging any personal information. Once you give information to a con artist, it is gone, and there is no way to get it back completely.

Quiz: Vishing

Test your knowledge by answering the following questions!

Question: 1. Vishing is dangerous particularly because it uses VoIP technology, and utilizes trusted phone communications as part of the attack.
 True
 False

Question: 2. It is easy to track, arrest, and convict vishing criminals.
True
 False

Question: 3. A vishing scam can originate via a phone call or an email.
 True
 False

Question: 4. Common sense combined with skepticism can prevent you from becoming a vishing victim.
 True
 False

Are you a user of Skype™, Vonage or another service that utilizes VOIP? If you answered yes, have you taken the proper steps to ensure your communications are secure? The emergence of these new communication channels has provided easy access, cost-efficiencies, and convenience for individuals and organizations stay in contact with each other.

What is VoIP?

VoIP is a method for converting audio signals, such as the kind you hear when you talk on the phone, and turning them into digital data that can be transmitted over the Internet. Some commonly recognized VOIP applications and providers include:

• Skype
• Vonage®
• OOMA®
• Google Voice

Some VoIP service providers may only allow you to call others within their provider network; however, many allow calls to anyone - whether it is a local, long distance, international, another VoIP user, or mobile number.

Why VoIP?

VoIP continues to grow in usage and popularity as it provides convenience, cost savings through consolidated services, which eliminate additional phone charges, and ease of use. The integration of video and audio applications through VoIP is also appealing to consumers as it offers the advantages of multiple technologies in a single platform. In addition, wireless "hot spots" in locations such as airports, parks, and cafes allow a patron to connect to the Internet and utilize a VoIP service wirelessly, which provides convenience.

VoIP Concerns

As usage of these applications evolve, the potential for security exploitation increase as criminals attempt to capitalize on weaknesses associated with this technology.

- TOLL FRAUD

Toll Fraud results when a hacker compromises a VoIP account and uses the account to make calls or resell calls. Weak usernames and passwords are the easiest way for a hacker to gain access to your account. Anyone using VOIP plays an important role in protecting their VoIP accounts by applying security best practices.

Weak Usernames & Passwords

As stated earlier, the most common threat to VOIP users is the use of weak usernames and passwords on their accounts. Weak passwords are one of the first things a hacker will test for when they are looking for an account to compromise. The use of birthdays, pet names, city names, and other easily guessable information can quickly lead to the compromise of your account, allowing the hacker to use your account for long distance calls or perhaps even more nefarious deeds.

- EAVESDROPPING

Hackers can potentially eavesdrop on VoIP conversations by intercepting the VoIP data. While eavesdropping on telephone conversations is a risk for landline and mobile users, it is much easier to access an IP network conversation. Eavesdroppers don't need to physically put a wiretap on a phone line; they can simply listen in via a laptop loaded with the right tools connected to the Internet in order to gain access.

WHAT YOU CAN DO

As VoIP becomes more popular, users need to be aware of the security threats in order to maintain good phone service and minimize vulnerabilities. As with computer and internet security practices, VoIP users must take the proper precautions to ensure their voice communications are safe and provide the cost savings they expect. To secure your systems against potential threats, employ the following security measures:

• When selecting a VoIP provider, ensure that they take security precautions and use high-tech firewall installations on their hosted VoIP equipment.
• Install anti-virus programs on your own computer and keep them updated.
• Change any default passwords, and use strong usernames and passwords.
• Ensure you apply security patches to the VoIP application as well as any VoIP routers, switches and firewalls on a regular basis. See the vendor website for each product as needed.
• Check your billing statement with care as unusually high charges may signal a theif may be committing toll fraud on your account.
• Be highly suspicious of messages directing you to call and provide credit card or bank account numbers.

If you would like additional information or would like to get involved with a group concerned with VoIP security, you can contact VOIPSA (Voice over IP Security Alliance) at http://www.VoIPsa.org/. VOIPSA is a collaboration of VoIP and Information Security vendors, providers, and thought leaders. Their mission is to drive adoption of VoIP by promoting the current state of VoIP security research, VoIP security education and awareness, and free VoIP testing methodologies and tools.

Quiz: VoIP Security

Test your knowledge by answering the following questions!

Question: 1. VoIP is an application that runs on the data network and therefore is susceptible to the same threats as other data applications.
 True
 False

Question: 2. It is a good idea to keep the default passwords on all your systems, as they are considered highly secure.
True
 False

Question: 3. A strong password for your VoIP account could be your birthday, or the street number of your house.
True
 False

Question: 4. Since VoIP is inherently secure, you don't need to worry about checking your billing account for fraudulent charges.
True
 False

Question: 5. A hacker with specialized tools MAY be able to intercept your VoIP calls.
 True
 False

The prevalence of wireless Internet connectivity is on the rise due to availability, convenience, and the need to connect when traveling. Business travelers use wireless laptops to stay in touch with their home office, vacationers send photos to friends while still on their trip, and shoppers place orders from the comfort of their home.

A wireless network connects computers in different parts of your home or business without a tangle of cords, enabling you to work on a laptop from anywhere within range of the network. It also allows connection to the Internet from any available wireless connection. Wireless "hot spot" connections are commonly found at coffeehouses, airports, hotels and restaurants.

A typical home wireless network consists of a broadband Internet connection (such as a cable or DSL line connected to a modem) and a wireless access point (sometimes referred to as wireless router or base station) which broadcasts a signal, sometimes as far as several hundred feet. Any wireless-equipped computer within range can gain access to the Internet by connecting through the access point.

Wireless Concerns

The proliferation of wireless connectivity increases security risks. Without taking certain precautions, anyone with a wireless-ready computer can use your network. Your neighbors, or even nearby hackers, can "piggyback" on your network, or possibly access the information on your computer. If an unauthorized person uses your network to commit a crime or send spam, the activity can be traced back to your account. The good news is there are steps you can take to protect your wireless network, your networked computers, and your wireless laptop used in public "hot spots" or while traveling.

The following steps should be used together to provide adequate wireless security.

How Can I Protect Myself?

1. Use encryption. The most effective way to secure your wireless network from intruders is to encrypt, or scramble, communications over the network. Most wireless routers, access points, and base stations have a built-in encryption mechanism that you must set-up. The directions supplied with your wireless router should explain this process. If they do not, check the router manufacturer's website. The two most common types of encryption are Wi-Fi Protected Access (WPA) and WPA2. Your computer, router, and other equipment must all use the same encryption. WPA2 is the current standard and should be used exclusively, unless WPA3 is available. It should protect you against most hackers, but by itself is susceptible to sophisticated hacker attacks. Use a long/complex/unique password to gain access to your network. Certain older routers use only WEP encryption. Never use WEP, as it is no longer considered a secure encryption method. Please upgrade your wireless router if this is the only encryption method available. Gaining a password through WEP is trivial and well known. Also, some routers allow Wi-Fi Protected Setups (WPS) to make adding devices to the network easier. WPS was designed with flaws, and is considered insecure as well. Please disable WPS, if your router has it.
2. Use anti-virus and anti-spyware software, and a firewall. Computers on a wireless network need the same protections as any wired computer connected to the Internet. Install anti-virus and anti-spyware software, and keep them up-to-date. If your firewall was shipped in the "off" mode, turn it on. For more information on anti-virus, anti-spyware and firewall protections, please see the complementary courseware within this Training, Education and Awareness Module entitled Viruses/Worms, Trojans and Spyware or Home Firewalls.
3. Change the default identifier on your router. The identifier for your router is likely to be a standard, default ID assigned by the manufacturer to all hardware of that model. Even if your router is not broadcasting its identifier to the world, hackers know the default IDs and can use them to try to access your network. Change your identifier to something known only by you, and remember to configure the same unique ID into your wireless router and your computer so they can communicate.
4. Change your router's pre-set password for administration. The manufacturer of your wireless router probably assigned it a standard default password that allows you to set up and operate the router. Hackers know these default passwords, so change it to something known only by you. The longer the password, the tougher it is to crack.For more information on choosing a strong password, see the complementary courseware within this Training, Education and Awareness Module entitled Creating a Secure Password.
5. Turn off your wireless network or your wireless adapter at times when you know you will not use it. Hackers cannot access a wireless router when it is shut down. If you turn the router off when you are not using it, you limit the amount of time that it is susceptible to a hack. If you are traveling with your device but not connecting to the Internet, be sure to disable your wireless adapter.
6. Do not assume that public "hotspots" are secure. Many cafés, hotels, airports, and other public establishments offer wireless networks for their customers' use. These "hotspots" are convenient, but they are typically not secure. Be wary about sending or accessing information from a public wireless network. When using public hotspots, always assume that other people can access any information you see or send over a public wireless network. Unless you can verify that a hotspot has effective security measures in place, it may be best to avoid sending or receiving sensitive information over that network. Also, be wary of "shoulder surfers" who will try to watch you type your password from behind and never leave your laptop unattended.

Quiz: Wireless Security

Test your knowledge by answering the following questions!

Question: 1. It is impossible to proactively secure wireless connections.
True
 False

Question: 2. It is a good idea to change default passwords for routers and firewalls.
 True
 False

Question: 3. Public 'hotspots' are always secure places in which to make an Internet connection.
True
 False

Question: 4. Hackers would not be interested in getting into your home wireless network.
True
 False