Cybersecurity Tip of the Week

id = "FBMainForm_38110945" action="/cybersecurity.html" method = "post" onsubmit = "return false" >
Cybersecurity Tip of the Week Search  

 
Social media – a hackers’ favourite target
by FCNB on 


Social media – a hackers’ favourite target
(Part 1)

Did you know that there are more than three billion active social networks users worldwide? This is why cyber attackers love social media.

Users that spend a lot of time on social networks are more likely to click links posted by trusted friends − a behaviour hackers use to their advantage.

Here are some of the most common types of cyberattacks directed at social media platforms:

  • Like-jacking: occurs when criminals post fake Facebook “like” buttons to webpages. Instead of “liking” the page, the user unknowingly downloads malware.
  • Link-jacking: a practice used to redirect one website’s links to another. Hackers use this to redirect users from trusted websites to malware- infected websites that hide drive-by downloads or other types of infections.
  • Phishing: the attempt to acquire personal information such as usernames, passwords, etc. by disguising itself as a trustworthy friend. Find out more about phishing here.
  • Social spam: unwanted spam content appearing on social networks and other websites with user-generated content (comments, chat, etc.). It can appear in different forms, including bulk messages, insults, hate speech, fraudulent reviews, fake friends and personally identifiable information.

Find out how these cyberattacks affects you and what you can do to protect yourself in next week’s post.



Comments     Permalink     Add Comment

Do you https?
by FCNB on 

Do you https?


When shopping or banking online make sure you’re using secure sites. Websites that start with https:// or shttp:// use higher security measures than ones that begins with http://.

To make your browsing more secure, install HTTPS Everywhere for Chrome, Firefox, Android and Opera. This free extension will encrypt your communication with major websites, thus increasing your browsing security. This will make the data you send and receive from the websites encrypted, so cyber criminals won’t be able to snoop on the information transfer and steal your data


Comments     Permalink     Add Comment

A parent's guide to protecting your kids online
by FCNB on 


A parent's guide to protecting your kids online

In recent months, a handful of New Brunswick families found out the hard way that if kids have internet access, they also have access to all the bad things that come along with the online world. Four children between the ages of eight and twelve voluntarily sent nude images or videos of themselves that were later discovered by RCMP on various unspecified free websites.   

Perhaps the only positive outcome from this story is that because it hits so close to home, it serves as a much-needed wake-up call to other parents, who will often say, “My kid wouldn’t do that” — but we’re learning that, in 2019, you may know your child, but if you don’t monitor their internet activities, you can never really be sure what they’re up to. 

Prevention, not punishment
This stuff is scary, but there are effective ways of protecting kids from the darker side of this age of connectivity. Rather than punishing negative behaviour after the fact, prevent it.

How, you ask? Two approaches work.

First: Maintain an open dialogue with children about what’s acceptable online. Make yourself out to be an ally, not an enemy, so that kids feel comfortable bringing issues to you before they even begin. 

Ask kids who they’re talking to online, explain to them that adults shouldn’t be pursuing relationships with kids, talk about healthy versus unhealthy relationships, about ways to get out of uncomfortable situations online, and talk openly about what kinds of thing you do online so children know how the internet should be used. 

Second: It doesn’t get much more tangible than physically removing devices from kids’ bedrooms —especially anything with a webcam. They don’t need it! 

Prevent your child from seeing things they shouldn’t online by changing some basic security settings — monitor the settings of the device itself, as well as your ISP settings. 

Take safety a step further by plugging a cool gadget like CleanRouter or Circle into your router. These control what all other devices are able to do while on the Wi-Fi network at home: they can filter out age-inappropriate content, set internet curfews, and generally monitor what kids are doing online.

It can happen to you, but it doesn’t have to
Studies show that 60% of people under the age of 30 have created an intimate image of themselves — by the time a pic is snapped it can make its way out of your hands. If adults can fall victim to this kind of thing, kids obviously can too. 

It’s important to remind your children (and yourself!) of the legal implications of online activities — sharing intimate images without consent is illegal. 

A good guideline: Tell your kids, “Don’t do anything online that you wouldn’t do at the mall.”

*Article de blogue de Beauceron Security. Pour plus d’information, consultez : https://www.beauceronsecurity.com/blog?offset=1552065484713



Comments     Permalink     Add Comment

Identifying fraudulent emails
by FCNB on 


Identifying fraudulent emails

If you receive an official-looking email, but aren’t sure if it is valid, look out for these telltale signs of a scam:

  • Poor grammar and misspelled words.
  • You’re asked to pay money up front to be eligible for a prize.
  • You’re urged to act quickly.
  • Emails from large companies sent from a Hotmail or Gmail account. Legitimate corporations don’t use these accounts for business.
  • The email begins with “Dear Sir/Madam”.
  • “You’ve won!” even though you haven’t entered any contests.
  • You’re told to call a 1-900 number to claim your prize. There is always a charge for calling a 1-900 number.
  • Online advertising banners offering free gifts or services.
  • A job offer that sounds too good to be true.

If you’re still not sure, contact the company directly (don’t reply to the email).  Ask them if the information is legitimate.


Comments     Permalink     Add Comment

Ransomware 101
by FCNB on 


Ransomware 101

Ransomware is malicious software that encrypts all your data and either blocks your access to files or locks you out of your operating system all together. Then you get a pop-up image or message demanding you pay a ransom within a certain amount of time to gain access to your data again.  The payment is often requested in Bitcoin because it cannot be tracked.

To protect yourself against ransomware, follow these tips:

  • Back up your data regularly.
  • Don’t keep vital information only on your computer.
  • Never download or open attachments in emails from unknown senders.
  • Don’t click links in emails from unknown senders.
  • Keep your operating system, software and apps up to date at all times.
  • Use a reliable antivirus.

Learn more about Frauds and Scams



Comments     Permalink     Add Comment

My McD’s app hack points to importance of securing accounts
by FCNB on 

My McD’s app hack points to importance of securing accounts 


It’s not the first “Hamburglar” hack and it probably won’t be the last, but a recent McDonald’s app attack has some lessons to teach us about securing our accounts in the age of digital loyalty programs.  

 

What happened

A tech writer in Toronto who used the McDonald’s app learned that a scammer had broken into his My McD’s account and purchased more than 100 meals — racking up around $2K in charges. The app was linked to his debit card, and he was oblivious to it all, receiving no notifications from McDonald’s or the bank.

 

It’s safe to say that no one could eat that much McDonald’s and survive, so chances are the victim’s username had been reused or compromised, the hacker guessed it or otherwise accessed it, then traded it on the dark web to be exploited by multiple criminals.  

 

A PR nightmare for Mickey D’s

This looks bad on McDonald’s — especially since similar things have happened in other areas including Quebec and Nova Scotia involving the same app. It’s likely not a widespread issue for McDonald’s specifically, though, but an illustration of what will inevitably happen more and more as these loyalty and rewards programs become more common.

 

Rewards apps = easy targets

Loyalty programs and apps are attractive targets for cybercriminals: they’re easy to hack, highly profitable, and — let's face it — police don’t care about a $2K McDonald’s bill, so fraudsters can get away with it. We’re seeing many issues with rewards campaigns and users’ accounts being drained.    

 

What should companies do?

Companies could allow users to load the app with a certain amount of money, and set limits, to remove the possibility of a thief racking up a steep bill. 

 

Corporations could also set up two-factor authentication on their apps, meaning any time someone logs in from a new device that wasn’t previously using the app, it would require them to prove they are who they say they are, and not allow transactions if they can’t validate their identity.  

 

2FA? We’re lovin’ it!

Two-factor authentication often isn’t built into apps – even though it would be easy enough for these corporations to do – because companies are not subject to any regulatory requirements around security, and because customers just aren’t asking for 2FA. 

 

The best way to get companies to change their behaviour in Canada is to voice your concerns. 

 

Supersize your password

If you’re using an app like this, make sure to secure your account by creating long, strong passwords, never reusing passwords, using a password manager, and using two-factor authentication where the app supports it.

 

To learn more about protecting your identity at home or at work, contact the Beauceron Security Team @ mailto:info@beauceronsecurity.com or 1-877-516-9245 and check out our blog on 7 Reasons to start using a password manager today!

 

*Blog post from Beauceron Security, for more information visit: https://www.beauceronsecurity.com/blog?offset=1552065484713

 

Learn more about Frauds and Scams

See all Cybersecurity tips

Learn more about how to Get Cyber Safe


Comments     Permalink     Add Comment

Recognize when you're being played
by FCNB on 


Recognize when you’re being played

It’s okay to be (a little) paranoid. Being aware of what’s going on, online and offline, can help keep you from being compromised.

Here are a few simple rules to live by online:

  • Don’t give your money or personal information to strangers on the Internet.
  • If it looks fishy, stay away.
  • If someone asks for your confidential information, don’t give it to them.
  • A healthy dose of skepticism is a good thing.

Social engineering is using deception and manipulation to get you to give up confidential or personal information, usually passwords, banking information or access to your computer.  The information may be used to commit fraud or to access your computer and install harmful software.

How it can happen:

An email from a friend with an attachment that you just have to check out!  Because it comes from a friend, you’re less likely to be skeptical and more likely to download the attachment that may have malicious software included!

An email from your bank saying there is an urgent problem with your account, with a link to log in. 

A contractor your company works with asks for private company information that grants access into your system.Protect yourself, and your company, by slowing down. Think first, and then act. 

Scammers try to get you worked up so you’ll act before having time to think about what you’re doing.  Delete any emails that ask for personal or financial information, logins or passwords, and don’t download attachments you’re not expecting.



Comments     Permalink     Add Comment

Less spam, fewer problems
by FCNB on 


Less spam, fewer problems

Is spam clogging up your inbox? If so, there are a couple of things you can do to weed out most of it and keep your inbox and device safe:

  • Be careful where you submit your email address.
  • Unsubscribe from any unnecessary newsletters.
  • Use filters and mark emails as spam to help your email provider block it more effectively.
  • Never click on links in spam emails.
  • Never unsubscribe from spam emails.
  • Never download or open attachments in spam emails.
  • Disable the automatic downloading of HTML graphics in your email settings.
  • Create completely separate email accounts with different purposes.
  • Do not list your email account on social media.

Don’t forget, spam campaigns are still one of the main ways cyber criminals attack, so the less spam you have, the more secure you are.



Comments     Permalink     Add Comment

Robo-Advisors
by FCNB on 


Robo-Advisors

Robo-advisors are increasing in popularity thanks in part to easy-to-use smartphone apps and online portals that make setting up an account convenient and quick.

But if you’re considering using a robo-adviser, it’s important you’re aware of the cybersecurity risks and considerations before opening an account.

What are the risks?

It seems that data breaches are becoming a common event these days, this can be scary for many reasons but it is something extremely nerve-wracking for people considering this technology-based tool.

The good news is that security is a primary concern for robo-advisors as well. Banks (and robo-advisors) have high levels of security encryption that keeps your assets and data safe. That’s why you rarely hear about a bank being hacked.

Also, many robo-advisors are owned by larger banks and investment houses, which means that investors get the same level of protection that an in-person banker enjoys.

Third-party apps that require access to your financial institution accounts may pose a problem in the event of a breach or hack.  It is important to talk to your financial institution to ask what impact using this app may have on your account, and if your funds are protected if the app or website gets hacked. 

How do I protect myself?

As with any app or online account, here a few things you can do to help protect yourself from a data breach:
  • Use a complex password.
  • Change your password on a regular basis.
  • Never use the same password.
  • Make sure your devices (laptops, tablets, phones) are locked in case of theft or lost.
  • Review your accounts and credit report occasionally. This would avoid an unpleasant surprise when you go to make a large purchase using your investments.

To learn more about investing using a robo-advisor click here.

Whether you decide to work with a human advisor or robo-advisor, make sure you choose the right one. To help you make the decision, use our Five Steps to Choosing an Advisor workbook or visit our Saving & Investing webpage for more information.

*This post is not intended to provide investment, financial, legal or other professional advice - always do your research and check registration before you invest.



Comments     Permalink     Add Comment

Tracking your health with an app? Facebook is too
by FCNB on 


Tracking your health with an app? Facebook is too

You don’t even have to be a Facebook user for the social media platform to collect data on you – and highly personal data, at that!

If you’re using a phone app that tracks things like your menstrual cycle, heart rate, exercise habits and calories burned, chances are good that that app is sending that information along to – you guessed it – Facebook. 

Fuel for advertising
A Facebook-provided analytics tool called “App Events” lets app developers track and store user data, then send it right to Facebook, who then use it to fuel their advertising algorithms. Developers use App Events to track how and when people used their apps, and to gain insights for their own advertising purposes. 

The social media platform was caught acquiring sensitive data from Flo Period & Ovulation Tracker, and around 30 other apps so that information could be used for hyper-targeted ads. People were willingly inputting this info into their apps, but they had no idea what would happen to the data beyond the primary function of the app.

An example: Say a woman is trying to get pregnant, so she’s tracking her periods, ovulation and sexual activity in the Flo Period app. The app sends that information to Facebook, who then hit her with ads for maternity clothing, prenatal vitamins, diapers and daycares in her area. 

The goal of most tech is to slurp up information and turn it into profit, no matter how private the data. And it doesn’t get much more private than bodily functions!

Feigning ignorance 
Facebook claims it requires apps to tell users what info is shared and forbids apps from sending intimate data. But it did nothing to stop the flow of that sensitive data. 

Given their lax attitude toward data privacy, it’s not hard to imagine Facebook selling private information to health insurers, who would pay a premium for it and even use it to decide who they’ll cover. Free health apps have already been known to give up sensitive information to insurance companies – why wouldn’t Facebook do it?
 
Digital gangsters
A Wall Street Journal investigation found that many of these apps didn’t disclose that they would be sharing this information with third parties, or with Facebook specifically. Shortly after the Journal story broke, New York Governor Andrew Cuomo called for further investigation into this invasion of privacy.

This all comes on the heels of a scathing report out of the U.K. that essentially called Facebook digital gangsters who are abusing the power of their platform. And it’s not just Facebook; Google and Amazon have a scary amount of data on every one of us, which means we need to be taking this seriously. 

Data privacy should be an election issue
While the issue of data privacy is finally starting to be a high priority in the States, with investigations into breaches and tougher policies mirroring those or Europe, in Canada we’re just not there yet. We need to push for stricter privacy legislation and make it an election issue. We need to demand accountability from these data-hoarding corporations.   

*Blog post from Beauceron Security, for more information visit: https://www.beauceronsecurity.com/blog?offset=1552065484713 



Comments     Permalink     Add Comment

 
RSS Feed


2017 © Financial and Consumer Services Commission