Tech Tip: Cracking the QR Code

SECURITY HINTS & TIPS

Cracking the QR Code

 

What Is a QR Code?
Have you ever seen a poster that had a jumbled-looking, square-shaped barcode printed on it? These unique squiggles make up a QR code. A QR code (Quick Response code) is an interactive link that you can scan with your smartphone. The link could take you to a website, start a file download, or open an app on your phone to take an action, like adding an event to your calendar. QR codes are fun, easy, and alluring because they can be placed on anything from business cards to a bag of chips.

 

How Can Cybercriminals Use QR Codes?
Unfortunately, since a QR code is nothing more than a fancy-looking link, cybercriminals can use them just like they would use a link in a phishing email. There are many free websites that allow you to create your own QR code that links to anything you choose. This means that the bad guys can create a QR code that links to a malicious website or downloads malware onto your device. Once they have created their malicious QR code, it can be emailed, posted to social media, printed out on flyers, or even made into stickers and placed on top of legitimate QR codes.

 

 

Tips to Safely Use QR Codes:
A Follow these tips to stay safe when scanning QR codes.

• Never scan a QR code from an unknown or untrustworthy source. Did you receive a random, anonymous flyer claiming you could win the latest iPhone if you scan the code? Don’t trust it!
• When scanning a QR code, be sure to use a scanner app that provides a preview of the destination. This feature gives you a chance to review the URL and decide if the QR code is safe.
• If you scan a QR code and the URL looks cryptic, or the website requires a login, or the site is unrelated to what you scanned, close out of your browser immediately.

 

Stop, Look & Think. Don’t Be Fooled

Tech Tip: Top Five Facebook Scams

SECURITY HINTS & TIPS:

Top Five Facebook Scams

Facebook now has over a Billion users, that’s a mind-boggling number of people who check their page regularly. The bad guys are irresistibly attracted to a population that large, and here are the top five scams they are trying to pull off every day of the year.

  1. Who Viewed Your Facebook Profile: This scam lures you with messages from friends or sometimes malicious ads on your wall to check who has looked at your profile. But when you click, your profile will be exposed to the scammer and worse things happen afterward.
  2. Fake Naked Videos: There are tons of fake naked videos being posted all the time using the names of celebrities like Rihanna or Taylor Swift that sometimes make it past the Facebook moderators. These scams are in the form of an ad or a post and have a link to bogus YouTube videos. That site then claims your Adobe Flash player is broken and you need to update it – but malware is installed instead!
  3. Viral Videos: Viral videos are huge on social media platforms. If you click on one of these “videos” you’ll be asked to update your video player (similar to the scam above) but a virus will be downloaded and installed instead. To avoid this, type the name of the video into Google and if it doesn’t have a YouTube or other legitimate site link, it’s likely a scam.
  4. Fake Profile Scam: Scammers are stealing the name and pictures from an existing profile and “friending” the real person’s friends in efforts to scam friends and family by faking an emergency. Be very cautious of accepting friend requests from someone you’re already friends with.
  5. Romance Scams: A specific type of “Fake Profile Scam” where con artists create a fake profile using the photos and stories of another person, and then develop “relationships” with their victims over posts, photos, and Facebook messenger. These scammers typically shower you with romantic language, promise happiness, and eventually con you into giving up personal information, or even money. Avoid personal and financial heartbreak, don’t “friend” people you don’t know in real life.

Security Tech Tip: How to Stay Safe While Working from Home

You may work remotely on a regular basis or you may have been mandated to work remotely due to unexpected circumstances. Either way, working from home can feel much different from working in an office. You could find yourself snacking more often, getting distracted by furry friends, or forgetting the last time you put on real pants. No matter how your environment changes, it is important to keep one thing the same: your organization’s security.

Keep your data safe by creating a secure workspace, maintaining digital security, and by following the same best practices that you would in the office. Let’s take a closer look at each of these ideas:

Create a Secure Workspace

Here are a few things to keep in mind when creating your workspace:

  • Have a clear understanding of the hardware and software required for your job, and know whether or not your organization will be providing those resources.
  • Find a comfortable and private space with minimal distractions. This will help with both productivity and security–you don’t want anyone taking a peek at your screen!
  • Keep information safe by putting important documents away, shredding anything that is no longer needed, and by locking your computer when you are not at your desk.

Maintain Digital Security

Here are some ways to increase your digital security at home:

  • If you’re using your personal computer, make a separate user account with a password that is specifically for work. Don’t let anyone else use this account.
  • If you’re using a computer provided by your organization, only use it for work purposes and never give someone else access.
  • Most routers come with a default username and password that are public knowledge. Ensure your internet connection is secure by changing this to a unique password.

Maintain Office Best Practices

Here are some best practices you can use in the office and at home:

  • Understand your organization’s work from home policies. For example, if your organization requires the use of a virtual private network (VPN), you should know how to connect to the VPN and who to contact if you have any questions or complications.
  • Use a unique, strong password for any website or program that requires a login. Never use the same password twice. Using a password manager application is recommended.
  • Stay alert and think before you click! Always be skeptical of requests for sensitive information.

Keeping security a priority while working from home will ensure the safety of yourself, your coworkers, your customers, and your organization as a whole.

 

Stop, Look, & Think. Don’t be fooled.

Tech Tip: What NOT To Do With A Suspicious Email

Learning how to identify suspicious emails is essential to keeping your organization safe from cybercriminals. But did you know that mishandling a phishing attack could be just as dangerous as falling victim to one?

Here are some examples of what NOT to do when you receive a suspicious email:

Do not reply to the email for verification.

If you receive a suspicious email that appears to be from someone you know, you may be tempted to investigate further. Replying to the email with questions like, “Have you been hacked?” or “Is this attachment safe?” only increases the security risk. If an email account has been compromised, the person who replies back to your question probably won’t be who you expect. You could be communicating with a cybercriminal in disguise.

Do not forward the email to someone else.

The best practice is to never click a link or open an attachment that you were not expecting. But if you are fooled by a phishing email and you click a malicious link or open a malicious attachment, you may find that the link or attachment will not behave as expected. For example, after you open what appeared to be an image attachment, the file may open an installer window instead. Another example is when a malicious link redirects you to an unrelated login page.

If you see the unusual behavior of a malicious link or attachment, you may think about forwarding the email to a coworker for help. But, don’t do it! Whenever you click on a link or open an attachment, consider any unusual behavior as a red flag. Never forward unusual or suspicious emails to other users. If you forward a phishing email, you increase the risk of a security breach because it helps cybercriminals reach more potential victims.

Do not mark the email as spam.

First, let’s clarify the difference between spam and a phishing attack. Spam emails are typically annoying or unwanted advertisements. Spam is often unsolicited, but it is usually just a harmless attempt to sell you something. On the other hand, a phishing attack is a malicious email designed to look and feel like real correspondence. Phishing emails typically include a call to action such as clicking a link, opening an attachment, or even transferring money.

Marking an email as spam moves that email, and any other emails that you receive from that sender, to a different folder. This means moving a phishing email to spam would only hide the problem, not resolve it.

What should I do with a suspicious email?

The best way to handle a suspicious email is to notify your organization. If you report a suspicious email, your cybersecurity specialists can assess and mitigate the threat.

Here are some tips for reporting a suspicious email:

• Be sure to follow your organization’s process for reporting suspicious emails. Following cybersecurity protocols will help keep everyone’s information safe.

• If you don’t know how to report the email, leave it in your inbox and ask a manager or supervisor for help.

• If you’re not sure whether an email is spam or a phishing attack, report it and let the experts decide.

 

STOP, LOOK, & THINK.    DON’T BE FOOLED!

Tech Tip: Cybersecurity Myths, Busted!

Security Hints & Tips: Cybersecurity Myths – BUSTED!

It’s time for a pop quiz: Which of the following is a myth?

  1. Only people in high-power positions are targets of cybersecurity attacks.
  2. High-tech hackers pose the highest threat to your organization.
  3. Cybersecurity is a highly technical process that only your IT department can handle.
  4. Security awareness only really matters when you’re at work.
  5. Smart devices are rarely targeted by cybercriminals.

Did you find the myth? Hopefully you did, because this was a trick question! Each of these is a common cybersecurity myth. Read on to learn the truth behind these misconceptions:

Myth #1: Only people in high-power positions are targets of cybersecurity attacks.
Executives and administrators are prime targets for cybercriminals, but that doesn’t mean they’re the only targets. Scammers attack every level of an organization, looking for gaps in security. After all, it only takes one hacked machine to access your entire network.

Myth #2: High-tech hackers pose the highest threat to your organization.
You may imagine a cyberattack as the use of highly sophisticated technology to break down firewalls and decode user passwords. But in truth, it is much more likely that Dave wrote his password on a sticky note and it fell into the wrong hands. Human error is an easy target for cybercriminals, so stay alert!

Myth #3: Cybersecurity is a highly technical process that only your IT department can handle.
The security tools that your IT department manages are important, but technology can only do so much. These security measures can’t stop an employee from sending sensitive information within an email. Creating a human firewall, made up of each and every employee, is essential to the security of your organization. Security is everyone’s responsibility.

Myth #4: Security awareness only really matters when you’re at work.
Your organization’s at-work policies and compliance regulations may not be necessary in your home life, but security awareness still matters. Scammers could phish your personal email for bank accounts, login credentials, or even personally identifiable information, which can be used to perform identity theft.

Myth #5: Smart devices are rarely targeted by cybercriminals.
Nearly everyone has a smartphone and many people use smart devices throughout their homes. From smart speakers to security cameras to lightbulbs, all of these gadgets connect to the internet. As these devices become the norm, cybercriminals happily accommodate. Treat smart devices the same way you would treat any other computer. Always use strong passwords, install antivirus and anti-malware software, and keep these devices up-to-date with the latest security patches.

Tech Tip: Keep Devices and Software Up to Date

You know that little pop-up prompting you to restart your computer for a software update? The one that only seems to come up when you’re in the middle of something important? As annoying as it may seem, this notification is actually a valuable asset to your cybersecurity. So, before you click the “Later” option, let’s take a closer look!

What is a software update?
A software update is a new and improved version of a program, application, or operating system that you are already using. The update may include new features, bug fixes, or important security patches.
Why are updates important for cybersecurity?

Do you ever wonder how secure the programs installed on your device are? Cybercriminals do. They look for cracks in the security of programs and use these vulnerabilities to gain access to your device. With this access, they could enable a keylogger to track what you type, steal confidential information, or even install ransomware to lock you out of your files and demand payment for access. Developers help prevent this by fixing vulnerabilities as soon as possible. These fixes are included in software updates. Meaning, the longer you wait to install the update, the longer your system is at risk.

How do I check for software updates?
Any device that runs software, be it a computer, tablet, or even a smart tv, can release updates. Most software will prompt you when an update is available, but it’s good practice to check periodically. Here is a general guide to checking for updates on common platforms:

Mac System Updates (for macOS Catalina)
1. Open the Apple menu and select About this Mac.
2. Click Software Updates….
3. If any are available, you will have the option to install it.

Windows System Updates (for Windows 10)
1. Open the start menu and select Settings.
2. Select Update & Security Settings then select Windows Update.
3. Click Check for Updates. If any are available, you will have the option to install it.

iOS Updates
1. Open the Settings app and tap General.
2. Tap Software Update.
3. If any are available, you will have the option to install it.

Android Updates (for most devices running Android 10 or higher)
1. Open the Settings app and go to the System section.
2. Tap About Phone. (If this is not an option, skip to step 3.)
3. Tap System Updates.
4. Tap Check for Update. If any are available, you will have the option to install it.
Don’t see what you’re looking for? Please consult the user manual or online support for your specific device.

Cybersecurity Tech Tip | Holiday Edition: Holiday and Seasonal Scams

SECURITY HINTS & TIPS:

Holiday and Seasonal Scams

With the ever-growing popularity of online shopping and online communications, you should always have your guard up in the cyberworld. Criminals will use any situation to their advantage–especially when it comes to annual holidays. Below you’ll find a few examples of commonly used seasonal and holiday scams, and what you can do to protect yourself.

FAKE SHIPPING NOTIFICATIONS

End of the year holidays invite a greater likelihood of this common phishing attack, but this is a scam you must be cautious of all year long. Scammers send fake notifications that appear to come from postal service companies. The emails include dangerous links that, if clicked, could install malware on your computer or take you to a fake login page where your credentials will be stolen.

To check the legitimacy of these types of claims, always login to your online account or service through your browser—not through links in unexpected emails.

TRAVEL DEALS & OFFERS

Scammers know that their potential victims travel for holidays throughout the year. Cybercriminals send emails offering fake travel deals from well-known travel sites. They’re even known to create phony websites for cheap hotels and flights so they can rob you of your money.

When something seems too good to be true, it probably is. Never click on links in unexpected emails. Before booking through an unfamiliar service, do your research and ensure the company is legitimate.

SOCIAL MEDIA DEALS & SALES

All social media advertisements are not created equal. A “paid advertisement” may seem trustworthy, but be warned: Anyone can pay to put an ad on social media. During holidays and popular shopping seasons, fraudsters buy ads that offer deals for items that you’re more-than-likely interested in–considering social media ads target the buyer market. The ads typically contain phishing links that lead to fraudulent websites where they will steal your credit card data. Even if the malicious ad is reported and removed, the bad guys typically only need one victim to fall for their trick to make it worth their investment.

Always hover over links and URLs before clicking to check whether the URL will take you to a dangerous or unexpected site. If a social media ad appears to be from a company you’re familiar with, check the company’s website instead of clicking on links from the ad.

 

Stop, Look, and Think. Don’t be fooled.

CSM Tech Tip: Keep Devices & Software Up to Date

SECURITY HINTS & TIPS:

Keep Devices and Software Up to Date

 

You know that little pop-up prompting you to restart your computer for a software update? The one that only seems to come up when you’re in the middle of something important? As annoying as it may seem, this notification is actually a valuable asset to your cybersecurity. So, before you click the “Later” option, let’s take a closer look!

What is a software update?
A software update is a new and improved version of a program, application, or operating system that you are already using. The update may include new features, bug fixes, or important security patches.

Why are updates important for cybersecurity?
Do you ever wonder how secure the programs installed on your device are? Cybercriminals do. They look for cracks in the security of programs and use these vulnerabilities to gain access to your device. With this access, they could enable a keylogger to track what you type, steal confidential information, or even install ransomware to lock you out of your files and demand payment for access. Developers help prevent this by fixing vulnerabilities as soon as possible. These fixes are included in software updates. Meaning, the longer you wait to install the update, the longer your system is at risk.

How do I check for software updates?
Any device that runs software, be it a computer, tablet, or even a smart tv, can release updates. Most software will prompt you when an update is available, but it’s good practice to check periodically. Here is a general guide to checking for updates on common platforms:

Mac System Updates (for macOS Catalina)
1. Open the Apple menu and select About this Mac.
2. Click Software Updates….
3. If any are available, you will have the option to install it.

Windows System Updates (for Windows 10)
1. Open the start menu and select Settings.
2. Select Update & Security Settings then select Windows Update.
3. Click Check for Updates. If any are available, you will have the option to install it.

iOS Updates
1. Open the Settings app and tap General.
2. Tap Software Update.
3. If any are available, you will have the option to install it.

Android Updates (for most devices running Android 10 or higher)
1. Open the Settings app and go to the System section.
2. Tap About Phone. (If this is not an option, skip to step 3.)
3. Tap System Updates.
4. Tap Check for Update. If any are available, you will have the option to install it.

Don’t see what you’re looking for? Please consult the user manual or online support for your specific device.

TECH TIP: Unexpected Emails

When you receive an email from an online service or business partner that you are not expecting, proceed with caution.
For example, if you receive an email from eBay stating that you have just won an online auction, there are a couple of questions you should ask yourself.

  • Are you a member of eBay? (This goes for online banking as well. If you receive an email from a bank you do not have an account with, do not click any links)
  • Did you bid on any auctions recently? (If you did not bid, you cannot have won)

 

This does not apply to eBay alone. The bad guys can use any online service such as banking, shopping and social networking to try and trick you.

Remember to Stop, Look, and Think before clicking on any email links.

When in doubt, open a web browser and visit the company website of the person who sent you the email. From there you can log in to your account to verify any activity that has taken place.
Do not click a link in the email to visit the site… Open a browser and type in the address of the company.

Let’s stay safe out there!

Cornerstone’s Technology Team