Oregon FBI Tech Tuesday: Cyber Security Awareness Month
Welcome to the Oregon FBI’s Tech Tuesday segment. Throughout October, we will be marking Cyber Security Awareness month with important reminders of how to stay safe online. This week: building a digital defense against some of the most common forms of cyber scams.
There are 4.8 billion Internet users around the world—that’s almost two thirds of the planet’s population. Those numbers represent a huge pool of potential victims to bad cyber actors.
Those cyber actors have developed even more sophisticated methods and tools to steal information in 2020… but the overall schemes that they are using should sound pretty familiar. Two of the most common are ransomware and business email compromise “Ransomware” is a form of malware that locks your system. The bad guy demands payment to release the data.
“Business email Compromise” (BEC) has cost victims billions of dollars over the last five years. With BEC, the bad guy uses email to impersonate a business executive or employee to request fraudulent payments or to obtain access to payroll or W2 information.
The scammer often uses “spoofing” or “phishing” to gain access to your devices when launching ransomware or BEC attacks.
“Spoofing” is when someone disguises an email address, sender name, phone number, or website URL—often just by changing one letter, symbol, or number—to convince you that you are interacting with a trusted source. It’s easy, after all, to fool people by changing a lower case “L” for a numeral “1”.
“Phishing” schemes often use spoofing techniques to lure you in and get you to click on a link or open an attachment that then loads malware onto your device or tricks you into giving up personal information. For instance, you might receive an email that appears to be from a legitimate business asking you to update or verify your personal information. Once you click on that link, you’re sent to a spoofed website that might look nearly identical to the real thing—but it isn’t.
Here’s how to protect yourself.
- Remember that companies generally don’t contact you to ask for your username or password.
- Don’t click on anything in an unsolicited email or text message. Look up the company’s phone number on your own (don’t use the one a potential scammer is providing), and call the company to ask if the request is legitimate.
- Carefully examine the email address, URL, and spelling used in any correspondence.
- Be careful what you download. Never open an email attachment from someone you don’t know and be wary of attachments forwarded to you.
- Set up multi-factor authentication on any account that allows it.
- Be careful with what information you share online or on social media. By openly sharing things such as pet names, schools you attended, names of family members, and your birthdate, you can give a scammer all the information he needs to guess your password or answer your security questions.
If you have been victimized by a cyber fraud, be sure to file a report at the FBI’s Internet Crime Complaint Center at www.ic3.gov or call your FBI local office.