Don’t

now browsing by tag

 
 

#bumble | #tinder | #pof Is maskfishing the latest dating trend we don’t need? | romancescams | #scams

Blue-stalling: When two people are dating and acting like a couple, but one person in the partnership states they’re unready for any sort of label or commitment (despite acting in […] View full post on National Cyber Security

#bumble | #tinder | #pof ‘I don’t feel like a burden … Why should I act like one?’ | romancescams | #scams

When Kirby Hough meets a man for a first date, she deceives him until she believes he is worthy of the truth. © Jill Toyoshiba/Kansas City Star/TNSKirby Hough recently had […] View full post on National Cyber Security

I don’t want to go to my mom’s funeral. | #facebookdating | #tinder | #pof | romancescams | #scams

“)), n = v(f[r.size_id].split(“x”).map(function (e) {return Number(e);}), 2), i.width = n[0], i.height = n[1]), i.rubiconTargeting = (Array.isArray(r.targeting) ? r.targeting : []).reduce(function (e, r) {return e[r.key] = r.values[0], e;}, {rpfl_elemid: s.adUnitCode}), […] View full post on National Cyber Security

#nationalcybersecuritymonth | Don’t rush to rip out your landline – it could pay you to WAIT for the wireless 5G revolution

Source: National Cyber Security – Produced By Gregory Evans

For better and for worse, our lives have been revolutionised by the internet. But a new high-tech innovation known as 5G is set to transform everything once again.

The internet plays a pivotal role in our lives thanks to broadband piped through our homes. But ‘fifth generation’ 5G will take this a giant step forward.

It will enable mobile phones to use wireless broadband that matches the best fibre optic speeds. We will be able to rip out old phone lines and internet cables that clutter the house – and instead use mobile reception for all our needs.

Experts believe 5G will lead to an explosion of new ‘smart’ gadgets that talk to our mobile phones through more reliable superfast signals – offering everything from fridge cameras that order groceries when the contents are running low, to robot chauffeurs that can take us around in a self-driving car.

The possibilities of this connection of gadgets – known as ‘the internet of things’ – seem almost limitless.

The 5G technology will start by making pin-sharp video phone calls the norm so we can ditch our landlines, if we haven’t already.

And with broadband download speeds of perhaps 200 Megabits per second (Mbps) – which is more than four times faster than the current average home broadband speed – the technology will also help us economise, clean the home and be more secure.

Smartphone apps controlled by 5G will monitor our heating and lights – turning gadgets off when not needed – while providing 24-hour security with cameras viewed from our phones.

They will also run robotic vacuum cleaners and lawn-mowers when we are away on holiday.

But 5G is not without its critics. Last week, the Government came under fire when it announced Chinese firm Huawei would be allowed to be a major player in the building of the UK 5G network.

Experts fear it could allow Chinese spies to eavesdrop on private conversations and install ‘a Trojan horse’ – holding communication networks to ransom with the threat of a cyber war.

Ernest Doku, a technology expert at comparison website uSwitch, says: ‘5G has the potential to transform the way we live – but at this stage it is no silver bullet as we still need to ensure everyone has access to the connection before it can change the world.

‘Last year, it started to be rolled out in major cities such as London, Edinburgh, Cardiff and Belfast – though connectivity is still small and patchy. And you need an expensive new smartphone such as the £800 Samsung Galaxy S10 to gain access.

‘So far Apple devices cannot connect to the 5G network and the revolution cannot begin in earnest until they do – which may happen when the latest iPhone models come out in September.’

Download speeds are at least ten times faster with 5G than on the previous best 4G technology – far better than most people’s home broadband and in line with top fibre optic speeds.

It means not only lightning fast access to the internet but the ability to download music and movies much quicker. Downloading a feature film on 4G can take a quarter of an hour – but with 5G it might take just 90 seconds.

BUT WATCH OUT FOR STINGRAYS! 

New 5G technology offers an exciting opportunity to improve our networks – but it also opens a new door for fraudsters.

One of the key concerns is the threat of so-called ‘stingrays’. This is where a criminal intercepts your mobile signal with a copycat aerial that tricks it into sharing encrypted identifying data about the phone.

Using this information, the fraudster knows what handset you are using, can track your exact whereabouts and might even be able to hack into your phone operating system’s software.

If this is achieved it might be possible to break into your apps that control and monitor 5G ‘smart’ gadgets. By cracking such codes criminals can eavesdrop on phone conversations and even spy on what you get up to from security cameras you place around the home. Harvesting information that can be seen when you tap into a mobile phone could also enable a fraudster to steal identities, using your personal information to go on an online spending spree or using personal details to empty your bank account.

Cyber security expert Colin Tankard, of Digital Pathways, says: ‘The public needs to be aware of the dangers of this new technology – and with more gadgets being hooked up to 5G it increases the risk of problems if you should get hacked.’

Tankard believes those that embrace 5G must ensure they add a layer of security to their smartphones by downloading ‘virtual private network’ software on to their handsets via an app. Such free software is available from security specialists such as Avira, Symantec and Sophos. Decrypting your phone signals to spy on private conversations is one of the key concerns of the critics of the Chinese 5G manufacturer Huawei. The Government is adamant that it has addressed such security issues by only allowing it to have a maximum 35 per cent stake in any projects – with sensitive areas such as military bases and nuclear facilities strictly off limits.

But this has not stopped the National Cyber Security Centre – the cyber war combat arm of the Government’s intelligence service – from voicing concern. The NCSC has listed Huawei as a ‘high-risk’ firm for security.

NCSC technical director Dr Ian Levy says: ‘The level of security in our networks needs to improve as our reliance on them increases. The threat for UK operators ranges from hostile states to organised crime and petty fraudsters.’

There are just a handful of main providers of the technology that supply 5G to customers of mobile networks such as EE, Vodafone and O2. These include Finnish phone giant Nokia, Swedish company Ericsson, South Korean firm Samsung and Chinese part-state run ZTE. But the most controversial is Huawei.

Last week, it was licensed to have up to a 35 per cent market share in 5G projects – supplying masts, antennae and cables. But it was banned from participating in 5G provision for military bases and nuclear plants.

The mobile market leader in 5G is EE. Even though 5G reception at the moment is almost non-existent outside cities (though EE claims it is available in 50 UK locations), signing up to the new technology is not cheap.

You pay £54 a month to EE for its best-selling Samsung Galaxy S10 5G deal – which includes 10GB of data a month, enough for 500 hours of internet browsing. You then pay a further £30 upfront for the device and must sign up for two years. Vodafone has slightly less 5G nationwide coverage and costs £56 a month with £49 upfront for the same phone and 5GB of data each month if you sign up for two years.

Another company that recently joined the fledgling 5G party is O2. It charges £54.64 a month plus an upfront £30 for a Galaxy S10 5G phone and 15GB of data usage a month – but only if you are willing to sign up for at least 36 months.

If you are using your phone in an area with no 5G reception then the mobile automatically reverts to the previous fastest-speed service 4G – or goes on to 3G or 2G if this reception is not available either.

THE way the technology works is by using a new radio bandwidth that allows more information to be packed into a broadcast than previously possible. But it also requires older 4G masts to be adapted so they can send and receive data on the new wavelength.

The 5G technology will also require small transmitters to be positioned on streets outside people’s homes to ensure ‘smart’ devices in the home can be connected with no interference or loss of signal.

Such building work will cost many millions of pounds and because it is still in the early stages, the ‘smart’ gadgets that can use it are not widespread.

Although we might expect 5G to become more popular this year – so far it has a geographical coverage of less than 5 per cent – it could take a decade before devices other than mobile phones catch up with this super-fast broadband wireless technology.

Doku says: ‘Although it may be exciting to be among the first people to embrace this new technology, prices for 5G phones and access to the 5G network should fall if you hold on for at least 12 months.

‘Also, as a newbie, you may initially be disappointed as national coverage is still poor and the number of gadgets connecting to 5G is limited.

‘But the potential for 5G to transform the way we live and manage our homes is really exciting.’ 

Some links in this article may be affiliate links. If you click on them we may earn a small commission. That helps us fund This Is Money, and keep it free to use. We do not write articles to promote products. We do not allow any commercial relationship to affect our editorial independence.

Source link

The post #nationalcybersecuritymonth | Don’t rush to rip out your landline – it could pay you to WAIT for the wireless 5G revolution appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | Purcell column: Don’t take cyber scammers’ bait in 2020

Source: National Cyber Security – Produced By Gregory Evans One of 2019’s biggest stories will be bigger in 2020: Cyber scams are on the rise. “As people increasingly conduct business and live their lives online, more and more criminals are leveraging the internet to steal,” reports Forbes’ Stu Sjouwerman. The dirty rotten scammers continue to […] View full post on AmIHackerProof.com

Why don’t they send ransomware on floppies anymore? – Naked Security

Source: National Cyber Security – Produced By Gregory Evans

December 1989 marks 30 years since the first ransomware attack was spammed out on 20,000 floppy disks [1’39”]. We also talk about the Snatch ransomware [8’08”], iPhone 11 tracking concerns [18’10”], and open-source supply chain madness [28’14”].

Host Anna Brading is joined by Sophos experts Mark Stockley, Peter Mackenzie and Paul Ducklin.

Listen below, or wherever you get your podcasts – just search for Naked Security.

LISTEN NOW

Click-and-drag on the soundwaves below to skip to any point in the podcast.

Source link

The post Why don’t they send ransomware on floppies anymore? – Naked Security appeared first on National Cyber Security.

View full post on National Cyber Security

#city | #ransomware | Don’t Pay the Ransom in a Cyberattack: FBI

Source: National Cyber Security – Produced By Gregory Evans

FLORIDA — As the FBI continues investigating the latest municipal cyberattack of Pensacola, the question for many officials is whether to pay or not to pay the ransom?

  • Pensacola dealing with cyberattack
  • 2019 bad year for cyberattacks in Florida
  • FBI and Cyber Florida experts say don’t pay ransom

FBI policy says no, but in the last year Florida attacks have netted millions in ransom.

The international statistics are even more alarming.

In 2019, reported payments made by six Florida municipal governments to hackers have totaled almost $3 million.

Most of these payments are covered by cyber insurance.

For example, Lake City officials said they paid $10,000 in deductible of an estimated $480,000 ransom insurance payment.

One city, Stuart, got off without paying the ransom because they had backed up their servers.

Over the summer, the Conference of U.S. Mayors passed a resolution to not pay ransomware.

They stated it “encourages continued attacks.”

Examples of other major cyberattacks the lesson learned is you end up paying anyways.

The City of Atlanta reportedly paid out $17 million while reportedly Baltimore paid $18 million.

Usually the cost to a city involves two categories.

There’s the cost of recovery and the cost of downtime of servers which studies show are 5 to 10 times the cost of ransom, according to a 2019 Coveware report.

 Cyber Florida, USF’s online security institute told Spectrum Bay News 9 there’s a reason not to pay, which is in line with FBI policy.

Cyber Florida officials said there’s no guarantee cities will recover completely after a cyberattack.

The Coveware report also found 2019’s cyberattacks have become more complex.

At the start of the year, downtime lasted about a week.

After the midyear, it’s up to a week and half.

Source link

The post #city | #ransomware | Don’t Pay the Ransom in a Cyberattack: FBI appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Dropbox Phishing Scam: Don’t Get Fooled by Fake Shared Documents

Source: National Cyber Security – Produced By Gregory Evans

Hackers use familiar brands like Dropbox to steal login
credentials and spread malware

It’s funny how hackers, phishers, and scamsters can be blatantly obvious and inexplicably unpredictable at the same time. I’m saying obvious because they target the most widely used services/platforms and lots of users know what they’re up to — not just security professionals, but many ordinary users know about these phishing scams and what to look for. Phishers might be predictable in going after big names but it’s the unpredictability in their approaches that makes them tick. Time after time, they come up with new ways that help them achieve exactly what they want and make them “successful.” The Dropbox phishing scam is a perfect illustration of this.

The Dropbox phishing scam surfaced around a
year ago and made headlines in many popular publications. It hasn’t gotten as
much attention recently, but even after a year, attackers are still targeting
users using this same-old trick. And therefore, you need to know about it.

Let’s hash it out.

Dropbox Phishing: It All Starts
with a Simple Email

This is how it all starts: You receive an
email (either text or HTML-based) from a person saying they have shared an
important document with you. The email looks a lot like an official Dropbox
email and has a link to access the document. To make it look authentic, some of
these emails include actual links to Dropbox in the footer of the email. These
are links to Dropbox’s Terms of Service, Privacy Policy, and Help Center.

Here’s a pretty simple example:

Check the “From” Details Carefully

As you can see in the screenshot above,
this phish email has “Dropbox” as its sender’s name. It’s easy to fall prey to
this as the sender name and the email style make it look like an actual Dropbox
email.

However, if you look closely, you’ll see
that the from email address and the embedded link are clearly not Dropbox.

However, if you’re skimming through your
email (as many of us do), it’s easy to fall for this Dropbox phishing scam.
Once you click the link, the URL takes you to a web page that looks almost
exactly like an actual Dropbox login page.

More advanced Dropbox phishers take the
scam to the next level…

Check URLs Carefully — Even If They Include “Dropbox”

Some Dropbox scammers are carefully picking
URLs that look official at first glance.

For example, they will include common keywords such as “Microsoftonline” or “Dropbox” in the domain or subdomain to make it look like a genuine domain:

  • dropbox.secure.somedomain.com
  • login.microsoftonline.com.someotherdomain.com
  • secure.dropboxsharing.somethingelse.com
Email Security Best Practices - 2019 Edition

Don’t Get Phished.

Email is the most commonly exploited attack vector, costing organizations millions annually. And for SMBs, the damage can prove fatal: 60% fold within 6 months of falling victim to a cyber attack. Don’t be one of them.

HTTPS URLs Aren’t Always Safe

And the cherry on the top is how phishers
use fake HTTPS URLs. So, the link that you’re being redirected to isn’t an
HTTPS link. It has HTTPS in the link text, but not as the protocol. If an SSL
certificate protects a website, it will look like this: https://www.(website name).com/. The
fake Dropbox URL looks like www.https-(fake website
name).com. See the difference?

Another trick that phishers have recently adopted is using an HTTPS website. No, the previous sentence doesn’t contain any technical error; it’s a fact that most phishing websites feature HTTPS now. In such cases, users are more likely to fall for it as they’re trained to look for that secure padlock.

Phishers are a Poor Man’s Magicians: Here’s How to Catch Them

What do magicians and phishers have in common? Well, they both take advantage of our psychological limitations to distract us and make us look where they want us to.

However, the silver lining here is that the
phishers are far from good magicians. A great magician can take their secrets
with them to the grave. But with a bit of concentration and training, you can
catch almost every phisher.

So, here’s how you can CATCH the PHISHers
(Got it 😉 ?).

Check the Email Address

First of all, you should always check the email address of the sender. Is the email sent by someone you know? Is the email coming from Dropbox’s (or any service provider’s) list of official domains? This is the first thing you must check, and you should not proceed further if the email is not familiar and/or it’s been sent from a domain that’s not been mentioned in Dropbox’s list of its official domains.

In my
experience, doing this one check will protect you from most email phishing
attacks as hackers shouldn’t have access to Dropbox’s official domains.
However, you should be cautious even if the email appears to be from an
official Dropbox domain as some email servers are not configured to check
SPF/DKIM records, so spoofed emails will be let through.

Check the Link URLs

If the email
passes the first security check, then you should check the links in the email:

  • View the web page in your
    browser and check for “https” at the start of the URL. It should look like https://www.(website name).com/. (Note: Google Chrome
    hides the https:// until you double click in the address bar.)
  • Once this check is done, you
    should again go back to Dropbox’s list of official domains and then check if this
    domain is on the list.
  • To double-check the
    authenticity of the website, you should also check the SSL certificate Dropbox
    uses. As you can see in the screenshot, Dropbox.com is protected by a DigiCert
    EV (extended validation) SSL certificate and this certificate has been issued
    to Dropbox, Inc.
Graphic: Avoid Dropbox phishing scams by checking validity of URLs and site SSL certificates

Extended validation
means that the certificate authority (DigiCert, in this case) did an extensive
verification of Dropbox, Inc before issuing the certificate. This way, you can
be sure that the website you’re on actually belongs to Dropbox.

Quite simple,
isn’t it?

What Could Happen If You Fall Victim to the Dropbox Phishing
Scam?

Dropbox stores
the data of more than 500 million users and 200,000 businesses, and it’s the
most significant cloud sharing and storage company in the world. Putting a
malicious file in just one employee account could be a brutal blow to the
privacy of an entire organization. And it’s not just the privacy, but the
existence of a business could be at stake—that’s a good enough reason to take
your Dropbox security pretty seriously, don’t you think?

Unfortunately, that’s not where it stops. A phisher who has taken complete control over your account and associated data using malware could demand a significant ransom if you want your account back. In technical terms, this is called ransomware.

The consequences of Dropbox phishing could be even more brutal if you’re one of those persons who uses the same password pretty much everywhere. Every bit of information you have on the internet could be in the hands of the attackers. Just think about it!

Hackers may also
scan your account to automatically find valuable data in your saved documents.
This could include customer data, payment details, login credentials for other
platforms, or anything else you might have that’s sensitive.

Last Word on Dropbox Phishing

All scammers — whether in the real world or online — take advantage of our human limitations. Either they make us see and feel something that isn’t there, or maybe they give us some lucrative incentive to distract us (we’ve all heard of the Nigerian Prince scam, haven’t we?). With a little bit of awareness and concentration, you can be a step ahead of all the phishers.

Tip of the day: Remember to look where you want to, not where they want you to.

Recent Articles By Author

*** This is a Security Bloggers Network syndicated blog from Hashed Out by The SSL Store™ authored by Jay Thakkar. Read the original post at: https://www.thesslstore.com/blog/dropbox-phishing-scam-dont-get-fooled-by-fake-shared-documents/

Source link

The post #cybersecurity | #hackerspace |<p> Dropbox Phishing Scam: Don’t Get Fooled by Fake Shared Documents <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | NCSAM is Over, But Don’t Let Cybersecurity Fade to Black

Source: National Cyber Security – Produced By Gregory Evans This Halloween season, we’ve explored the deepest, darkest corners of cyberspace in our National Cybersecurity Awareness Month (NCSAM) blog series—from cyber spooks and digital demons to deathly data breaches and compliance concerns. Our panel of cybersecurity experts assembled to tell you the spookiest things they’ve seen […] View full post on AmIHackerProof.com

#cyberfraud | #cybercriminals | Your Data Is Out There: Don’t Freak Out, Do Take Action

Source: National Cyber Security – Produced By Gregory Evans Equifax, Facebook, Capital One, Yahoo — every week seems to bring news of another data breach. Millions of consumers’ sensitive information, such as login credentials, bank account info and Social Security numbers, is floating around the internet just waiting to be exploited. And 2019 is on […] View full post on AmIHackerProof.com