TA17-318B : HIDDEN COBRA – North Korean Trojan: Volgmer
TA17-181A : Petya Ransomware
TA17-163A : CrashOverride Malware
TA17-156A : Reducing the Risk of SNMP Abuse
TA17-132A : Indicators Associated With WannaCry Ransomware
TA17-075A : HTTPS Interception Weakens TLS Security
December: Lock Down Your Login
November: Shopping Online Securely
October: Helping Others Secure Themselves
September: Password Managers
August: Backup & Recovery
June: Lessons From WannaCry
March: Securely Using Mobile Apps
February: Staying Secure on the Road
January: Social Engineering
December: Avoiding Holiday Scams
November: Shopping Safely Online
September: Staying secure on Social Media
April: Digital Spring Cleaning
February: Staying Safe From Tax Season Scams
Security tips of the week
How fast will identity thieves use stolen info?
If you've been affected by a data breach, or otherwise had your information hacked or stolen, you've probably asked yourself, "What happens when my stolen information is made public?" At the FTC's Identity Theft workshop on May 24, 2017, the FTC Office of Technology staff reported on research they did to find out.
First, they created a database of information about 100 fake consumers. To make the information realistic, they used popular names based on Census data, addresses from across the country, email addresses that used common email address naming conventions, phone numbers that corresponded to the addresses, and one of three types of payment information (an online payment service, a bitcoin wallet or a credit card).
They then posted the data on two different occasions on a website that hackers and others use to make stolen credentials public. The criminals were quick to pounce. After the second posting, it took only nine minutes before crooks tried to access the information.
In total, there were over 1,200 attempts to access the email, payment and credit card accounts. The identity thieves tried to use our fake consumers' credit cards to pay for all sorts of things, including clothing, games, online dating memberships and pizza.
The research shows that Identity thieves are actively looking for any consumer credentials they can find: if your account data becomes public, they will use it.
So what can you do to limit your risk? Well, in this study, two-factor authentication prevented thieves from gaining access to the accounts. Two-factor authentication is a process that requires both your password and an additional piece of information (such as a code sent to your phone). Because these thieves did not have access to the second factor, they were unable to access the accounts. It's not a cure-all, but it can help.
Tech Support Scams
Last week, the FTC announced a bunch of cases against tech support scammers: the people who act like there's a problem with your computer and then try to convince you to fork over money to fix – ahem – "fix" it. Except there never was a problem, and they weren't really from tech support.
If you get an unexpected pop-up, call, spam email or other urgent message about problems with your computer, stop. Don't click on any links, don't give control of your computer and don't send any money.
Learn more about spotting tech scams and what you can do if you get a call or pop-up.
How to defend against ransomware
Here are some tips to protect your devices from ransomware, and what to do if you're a victim :
- 1. Update your software. Use anti-virus software and keep it up-to-date. And set your operating system, web browser, and security software to update automatically on your computer. On mobile devices, you may have to do it manually. If your software is out-of-date, it's easier for criminals to sneak bad stuff onto your device.
- Think twice before clicking on links or downloading attachments and apps. According to one panelist, 91% of ransomware is downloaded through phishing emails. You also can get ransomware from visiting a compromised site or through malicious online ads.
- Back up your important files. From tax forms to family photos, make it part of your routine to back up files on your computers and mobile devices often. When you're done, log out of the cloud and unplug external hard drives so hackers can't encrypt and lock your back-ups, too.
What if I'm a victim of ransomware?
- Contain the attack. Disconnect infected devices from your network to keep ransomware from spreading.
- Restore your computer. If you've backed up your files, and removed any malware, you may be able to restore your computer. Follow the instructions from your operating system to re-boot your computer, if possible.
- Contact law enforcement. Report ransomware attacks to the Internet Crime Complaint Center or an FBI field office. Include any contact information (like the criminals' email address) or payment information (like a Bitcoin wallet number). This may help with investigations.
Should I pay the ransom?
Law enforcement doesn't recommend paying the ransom, although it's up to you to determine whether the risks and costs of paying are worth the possibility of getting your files back. If you pay the ransom, there's no guarantee you'll get your files back. In fact, agreeing to pay signals to criminals that you haven't backed up your files. Knowing this, they may increase the ransom price — and may delete or deny access to your files anyway. Even if you do get your files back, they may be corrupted. And you might be a target for other scams.
Free movies, costly malware
"Something for nothing" sounds appealing, but often there's a hidden cost. If the something is a site or app offering free downloads or streams of well-known movies, popular TV shows, big-league sports, and absorbing games, the hidden cost is probably malware. Sites offering free content often hide malware that can bombard you with ads, take over your computer, or steal your personal information.
We recently downloaded movies from five sites that offered them for free. In all five cases, we ended up with malware on our computer. Generally, it served up a slew of unwanted ads.
And if that's not enough to make you pause, downloading pirated content is illegal.
Finally, some free download sites ask for a credit card to process your registration. It's not a good idea to give your credit card number to a site offering illegally downloaded content. They're run by "pirates," not legit business people, and you can't trust them with your financial information.