Cybersecurity - Video 1

Passwords, Password Manager, MFA

A Password or Passphrase should be at least 8 characters long and alphanumeric with special characters. Never use personal information that can be found on your social media and try using phrases or having passwords autogenerated.

Password Manager alleviates a cyber-security phenomenon known as password fatigue. In this situation, an end-user can become overwhelmed by remembering multiple passwords for multiple services and which password is used for which service. Password managers typically require a user to create and remember one "master" password to unlock and access all information stored in the application. 

Data Mining is when cybercriminals collect personal information you post on social media (FB, Instagram, TikTok, WhatsApp, Snapchat, etc) to identify potential victims and refine their scams.

MFA / 2FA   Multi Factory Authentication /  Two Factor Authentication  MFA protects personal data—which may include personal identification or financial assets—from being accessed by an unauthorized third party that may have been able to discover, for example, a single password

Example: Withdrawing money from an ATM requires two-factor authentication; only the correct combination of a bank card (something the user possesses) and a PIN (something the user knows) allows the transaction to be carried out.

PII (Personal Identifiable Information) is any information connected to a specific individual that can be used to uncover that individual's identity.  There are 29 items that can be used with your first initial and last name to be considered PII (see chart below).

Your FIRST name (or initial) plus your  LAST NAME  plus  ANY ONE (or more) of the following equals PII

  • Full names (first, middle, last name), maiden name, mother’s maiden name, alias

  • Addresses: street address, email address

  • Phone numbers: unlisted mobile, personal

  • Asset information: internet protocol (IP), media access control (MAC)

  • Personal identification number: social security number (SSN), passport number, driver’s license, state identification number, taxpayer identification number, patient identification number, financial account or credit/debit card

  • Personal features: photographic images (that have distinguishing features e.g. show the face), x-rays, fingerprints, retina scan, voice signature

  • Vehicle numbers: registration, VIN, plate

  • Tax filings

  • Date of birth

  • Place of birth

  • Personal physical characteristics

  • Religious affiliations

  • Employment information

  • Medical information

  • Education information

  • Financial information


Cybersecurity - Video 2

Phishing, Smishing, Vishing, Scams, Statistics

Phishing, Smishing, and Vishing  are when cyber criminals attempt to trick you into giving them your PII

  • Phishing is via email

  • Smishing is via text or chat messages

  • Vishing is over the phone

Spear phishing targets a specific individual to try to steal their login credentials. The attacker often first gathers information about the person before starting the attack, such as their name, position, and contact details

Malware software secretly installed on a computer or phone to collect personal information or do harm to the system. Ransomware encrypts the victim’s files and demands a ransom to remove it.

  • Ransomware downloads can look harmless and like legitimate software downloads but malicious code is embedded to create havoc or gain personal information from the victim’s device.

  • Spyware steals personal information from the victim’s computer or phone

Spoofing is when criminals falsify (spoof) phone names and numbers so that your caller ID appears as a legitimate caller. It is often the precursor to an imposter scam. 

Statistics:

  • 3.4 BILLION phishing emails are sent daily

  • 1 phishing email is sent per  11  seconds  

  • 1 in every 4,200 emails sent is a phishing scam email

  • It’s estimated that 30% of phishing emails are opened, with a 10% chance that a phishing email will succeed in either stealing sensitive information or installing malware

Imposter scams are when criminals pose as a trustworthy person to convince you to send money or provide personal information:

  • Tech support scams: scammer says your computer has a critical virus and only they can fix it. Instead, they steal your personal information.

  • Charity scams: a false/fake fundraiser or story is created to solicit donations.

  • Authority scams: pretend to be someone official, à law officer, IRS auditor, utility company representative, or sweepstakes administrator. Normally need you to take quick action.

  • Romance scams: create fake profiles on dating apps (aka catfishing).

  • Investment/business scams: usually offer a job or investment opportunity.

What to look for in phishing emails (not all-inclusive) 

  1. Urgent action demands.

  2. Poor grammar and spelling errors.

  3. An unfamiliar greeting or salutation.

  4. Requests for login credentials, payment information, or sensitive data.

  5. Offers that are too good to be true.

  6. Suspicious or unsolicited attachments

  7. Inconsistencies in email addresses, links, and domain names.