Black Friday Cyber Monday – Stop … Look … Think! 0 434

Phishing email

Customers are not the only ones feeling opportunistic with the great deals offered over the Black Friday/Cyber Monday period, cyber criminals are too. The large scale of SALE communications sent to users prompting customers to “Click Here” and receive the deal of lifetime (for example) has created limitless ways for cybercriminals to cash in on unsuspecting victims. These communications come in the form of emails, SMS’s and social media posts, all of which can be easily replicated by cyber criminals.

We consulted our tech expert Dennis Koome on how to stay safe when shopping online.

So what do you, the customer, need to do to stay safe?

Stop, Look and Think

How’s your internet security mindset?

– Have you ever looked at yourself up online to see what information is out there about you?

– Have you clicked in any links in emails or on websites offering discounts?

– When shopping online, do you check the security status of the website?

– Have you paid attention to or customized your twitter, Facebook, skype, email security settings?

– At home, do you have an external backup source for your computer?

 

Some Terminologies:

  1. Spam: Unsolicited bulk commercial email messages.
  2. Phishing: Refers to tricking individuals into disclosing sensitive personal information or taking a potentially dangerous action, such as opening an infected attachment or visiting a compromised web link using deception via email.
  3. Spear Phishing: Refers to a form of phishing where the attack specifically targets an individual or a group. Since the attacker has researched the target and crafted their attack accordingly, spear phishing attacks are more likely to succeed.
  4. Spoofing: Refers to tricking or deceiving you or your system. This is done by hiding the sender’s identity or faking the identity of another user. This may involve sending messages from a bogus email address of another user.

 

DO’s and DON’TS

DON’TS:

  1. Open any email attachments that end with: .exe, .scr, .bat, .com, or other executable files you do not recognize
  2. “unsubscribe” – it is easier to delete the e-mail than to deal with the security risks.
  3. Respond or reply to spam in any way. Use the delete button
  4. Ever click embedded links in messages without hovering your mouse over them first to check the URL.

Always:

  1. Check the email ‘From’ field to validate the sender. This ‘From’ address may be spoofed.
  2. Note that www.eset.com and www.support.eset.software.com are two different domains
  3. Check for so-called ‘double-extended’ scam attachments. A text file named ‘safe.txt’ is safe, but a file called ‘safe.txt.exe’ is not.

Tips for Password Security

  1. Keep your passwords private – never share a password with anyone else.
  2. Do not write down your passwords.
  3. Use passwords of at least eight (8) characters or more (longer is better).
  4. Use a combination of uppercase letters, lowercase letters, numbers, and special characters (for example: !, @, &, %, +) in all passwords.
  5. Avoid using people’s or pet’s names, or words found in the dictionary; it’s also best to avoid using key dates (birthdays, anniversaries, etc.). Substituting look-alike characters for letters or numbers is no longer sufficient (for example, Password” and “P@ssw0rd”).
  6. A strong password should look like a series of random characters.
  7. On the web, if you think your password may have been compromised, change it at once and then check your website accounts for misuse. At work, change your password at once, and then call your company’s IT Security help desk.

Be on Alert for any email that asks:

  1. Replying (including sending an “unsubscribe” answer)
  2. Clicking any hyperlinks in the message (and that includes “unsubscribe” link)
  3. Opening an attachment.
  4. Forwarding the email message to others.
  5. Offers to gain something of value.
  6. Requires urgent, immediate action to avoid a negative consequence or to mitigate a threat.
  7. Asks you to resolve an urgent problem.

Recommended

When online shopping, it is recommended to do so on your personal internet connection rather than on a public WiFi connection, especially when required to enter passwords, banking details and personal information.

It is also recommended to secure all of your devices with internet security, many of us forget about our phones or tablets when we think about security however these devices are still avenues of attack!

To see the security solutions available for all of your devices including Security Awareness training, please go to our website or contact us at sales@esetafrica.com.

 

Previous ArticleNext Article

Coming to terms with cyber security nightmare 0 195

Teddy Njoroge

Last year internet security companies made forecasts about possible cyber-threats to really worry about this year. This we followed with measures that companies and individuals needed to take to ensure a cyber-safe 2018. Paramount among these was the need for proactive use of protective software tools as well as sensitisation and training of users about these threats.

True to predictions, 2018 started with a scenario hardly anyone could have foreseen. Two serious design vulnerabilities in Computer Central Processing Units (CPUs) were exposed that could enable cyber-criminals to steal sensitive or private information such as passwords, documents and photos among other data from unsecured devices.

The “Meltdown and Spectre” CPU vulnerabilities point to a much larger underlying issue. Software bugs and hardware bugs are more common than not, but these once identified can be fixed fairly easily with either a software patch or firmware update for hardware issues.

However, as it turns out this is not possible with these two vulnerabilities as they are caused by a design flaw in the hardware architecture, only fixable by replacing the actual hardware. And that is where the problems begin.

CPUs of affected manufacturers such as AMD, ARM, Intel, among others appear in a lot of Internet of Things (IoT) devices and which are scattered all over the globe.

According to ARM, they are already “securing” a trillion (1,000,000,000,000) devices. Granted, not all ARM CPUs are affected, but if even 0.1 per cent of them are, it still means a billion (1,000,000,000) affected devices.

Due to the huge costs involved, it is not feasible to replace all these faulty CPUs. In reality people will keep their existing devices until end of their life cycles, for years even.

Deployed for countless and diverse applications in the households or offices, once operational many owners have most likely forgotten that they have them and which inherently leaves a giant gap for cybercriminals to exploit.

Any Wi-Fi-controlled device such as refrigerator, digital picture frames, Smart TVs, DVRs and PVRs etc., potentially provides opportunity for sensitive data to be lost. For example, a compromised Wi-Fi password for any of these can make it possible for anyone to hack your home or office network thus giving automatic access to any other connected platform such as emails, social media pages and even shared cloud or archive platforms.

Even though to get access to your IoT device, a would be attacker needs to have compromised the internet network already, or even the applications running on the device, we know that cyber-criminals just like a pack of wolves will not relent after smelling blood.

As a warning, when you are buying a new IoT device, ensure to check which CPU it is running on, and if that CPU is affected by these vulnerabilities.

 

Meltdown and Spectre 0 300

 Microsoft released Security Advisory 18002 on Wednesday, January 3, 2018 to mitigate a major vulnerability to Windows in modern CPU architectures. ESET released Antivirus and Antispyware module 1533.3 the same day to all customers to ensure that use of our products would not affect compatibility with Microsoft’s patch.

The first few days of 2018 have been filled with anxious discussions concerning a widespread and wide-ranging vulnerability in the architecture of processors based on Intel’s Core architecture used in PCs for many years, as well as processors from AMD, and even affecting ARM processors commonly used in tablets and smartphones.

The good news is that ESET can help protect against the types of malware that could take advantage of these vulnerabilities.

And, ESET was one of the very first security vendors to allow the Microsoft patch against the flaw to be enabled.

While ESET protects against potential malware infection, you should also take these steps to secure your computers and data:

  • Make sure your browser is up to date. For Chrome or Firefox users:
    • Mozilla has released information describing their response, including how Firefox 57 will address these security flaws.
    • Google has stated, “Chrome 64, due to be released January 23, will contain mitigations to protect against exploitation.” In the meantime, you can enable “Site Isolation” found in current stable versions of Chrome to provide better protection.
  • Make sure you update your ESET software, then update your Windows OS to protect against this exploit. To update ESET:
  • Customers should review ESET’s Knowledgebase article for important updates.
  • See this great collection of tips, articles and recommendations from the Google Project Zero team.
  • If you have a cloud-based server or have a website hosted by hosting provider, check to see what mitigations they have implemented already to prevent Meltdown.