Friday, July 3, 2020
  • AppSecCali 2020 – John Villamil’s ‘Lightning Talk: Modern Web Security: The Art of Creating And Breaking Assertions’
  • Hacked by Police
  • Why Vulnerable IoT Is a Double-Sided Problem for ISPs and Their Customers
  • Bad Actors Target MongoDB Databases, Threatening to Contact GDPR Legislators Unless Ransom is Paid
  • CISA and FBI Issue Advisory on Dealing with Tor Malicious Internet Traffic

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security Security Bloggers Network Threats & Breaches 

Home » Cybersecurity » Data Security » Be afraid … Be very afraid

Be afraid … Be very afraid

by Jane Grafton on October 31, 2019

It seems ironic that Halloween marks the final day of National Cybersecurity Awareness Month (NCSAM). The ghoulish holiday of spooks dredges up visits by shady hacker carnies. Except there’s no need to ask, “Trick or Treat?” With cybercriminals, it’s always a trick. And if you fall for it, it will cost you. Let’s look at some tricks from recent fraudsters you should be afraid of – very afraid.

Don’t Get Pinned

This juicy hack comes to us from Pieter Gunst, @DigitalLawyer. In a nutshell, a hacker pretends to be a bank employee alerting you to fraudulent account charges. The fraudster uses your member number and social engineering to reset your bank account password, then logs in as you. He reads off recent transactions asking if they are valid. This makes the call seem more legitimate. Eventually, the hacker asks for your bank pin code. This was the final straw that ended this particular fraud attempt. According to Pieter, this was “the most credible phishing attempt” he’d experienced to date. Here are the details.

Don’t Cash That Check

If you get a check in the mail you are not expecting, DON’T CASH IT. If you are practicing national cybersecurity awareness, you’ll know it’s likely a scam that will end up costing you dearly. By signing a check, you are signing a legally binding contract. So, you better know what that check is for before you sign your life away. You may be agreeing to a high-interest loan or enrolling in an expensive membership program. It’s nearly impossible to cancel these memberships and your monthly fee could be much more than the amount of that check.

Don’t Greet the Holidays

Do you love receiving holiday cards? Christmas is nearly upon us, so be prepared to sniff and snuff out malicious cyber greetings. Don’t open electronic greeting cards from people or companies you don’t know. Just like phishing emails, these e-cards contain malware laden links waiting to inject your computer with surprise gifts you really don’t want. This is table stakes for anyone who claims to know something about national cybersecurity awareness.

Don’t Read Fake News

Yep, fake news is a real thing. And, it’s dangerous. You could easily become a victim of an online scam by consuming what you think is a real news site, but which is actually a fake. Fake news sites serve up malicious links. Fake news sites sell fake products. And, fake shopping sites are dreaded wormholes. Don’t read fake news and don’t by fake products. Focus on national cybersecurity awareness.

Don’t Answer the Phone

You know from horror movies you should never answer the phone – especially if you are home alone at night. What about calls from numbers you don’t recognize with no caller ID? Should you answer those? No. There’s no treat that comes from an unknown number. More than likely, it’s a scammer trying to get you to divulge personal information or pay an erroneous bill. NEVER SAY THE WORD “YES” WHEN TALKING TO AN UNKNOWN CALLER. Be a national cybersecurity awareness champion and just say no. The fraudster is trying to record your voice saying “yes” so he can prove you agreed to buy something (which you did not). If the caller says, “Can you hear me?” HANG UP.

Do Play the 2019 NCSAM Trivia Game!

Enough about things you shouldn’t do. Let’s talk about actions you should take, in the wake of National Cybersecurity Awareness Month. The NCSAM website has a lot of information we hope you put to good use this month. It’s always important to be vigilant when it comes to national cybersecurity awareness. And, if you haven’t played the NCSAM Trivia game, you’re missing out! It’s easy, fun and informative. For example, do you know how many attempted cyberattacks are reported to the Pentagon every day? Download the 2019 Trivia Game and instructions to find out.

Do Implement Proactive Cybersecurity Controls

For large enterprises, the best defense is an automated offense. Luckily Gurucul offers Behavior Based Security Analytics to predict, detect and stop insider threats, account compromise, data exfiltration, privileged access abuse, fraud and more. Contact us for details. We want to put your mind at ease when it comes to protecting your data from malicious insiders and cyber criminals.

The post Be afraid … Be very afraid appeared first on Gurucul.


Recent Articles By Author
  • Insider Threats are on the Rise
  • ABCs of UEBA: Q is for Qualitative Analysis
  • Hungry for Automated Security Controls? Try These Recipes
More from Jane Grafton

*** This is a Security Bloggers Network syndicated blog from Blog – Gurucul authored by Jane Grafton. Read the original post at: https://gurucul.com/blog/be-afraid

October 31, 2019October 31, 2019 Jane Grafton Account Compromise, Blog, Cybersecurity, Data breach, data exfiltration
  • ← Securing the SMB With a Small Budget
  • FortiGate 60F: The Top NGFW with SD-WAN Now Accelerated by a Purpose-Built Security Processor →

TechStrong TV – Live Streaming

TechStrong TV - All Episodes

The Adventures of Microservice - Latest Episode

Catastrophe Avoided

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

The Adventures of Microservice – Catastrophe Avoided
No Trespassing: Facebook Sues for Data Scraping
Device Security: Don’t Count on Users
To Reduce Cyber Risk, Strive for SecOps
What New Cybersecurity Legislation Doesn’t Include
AppSecCali 2020 – Ksenia Peguero’s ‘How Do JavaScript Frameworks Impact The Security Of Applications?’
Modernizing Your PKI Infrastructure | Keyfactor 
E-learning Platform Exposes Personal Information of Over 1 Million North American Students
Half of Internet Users Fall Victim to Cyber Attacks
Dark web fraud: How-to guides make cybercrime too easy

Upcoming Webinars

Thu 09

Turn Cloud Events into Actionable Security

July 9 @ 1:00 pm - 2:00 pm
Mon 13

Achieving the Optimal Application Security Posture Across the Enterprise

July 13 @ 1:00 pm - 2:00 pm
Wed 15

#Protect2020: Securing the Heart of Our Election Systems

July 15 @ 11:00 am - 12:00 pm
Thu 16

Yes! You Can Apply NIST & ISO Controls to Unmanaged & IoT Devices

July 16 @ 1:00 pm - 2:00 pm
Wed 22

There’s an OpenBullet Attack Config for Your Site – What Should You Do?

July 22 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

Identifying Web Attack Indicators

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

XDR: The Cybersecurity X-Factor
Analytics & Intelligence Cybersecurity Industry Spotlight Security Boulevard (Original) Threat Intelligence 

XDR: The Cybersecurity X-Factor

July 3, 2020 Uri May | 11 hours ago 0
White-Box Encryption: Ending Web App Vulnerability
Cybersecurity Data Security Industry Spotlight Security Boulevard (Original) 

White-Box Encryption: Ending Web App Vulnerability

July 2, 2020 Bill Horne | Yesterday 0
Pandemic Shows Need for Digital Enterprise Strategy
Cybersecurity Incident Response Industry Spotlight Security Boulevard (Original) 

Pandemic Shows Need for Digital Enterprise Strategy

July 1, 2020 Vikas Vijaywargiya | 2 days ago 0

Top Stories

1,000 False Wakewords: A Letter! Buy 200 Toilet Rolls
Application Security Cloud Security Cybersecurity Endpoint Featured IoT & ICS Security News Security Awareness Security Boulevard (Original) Spotlight Threats & Breaches Vulnerabilities 

1,000 False Wakewords: A Letter! Buy 200 Toilet Rolls

July 2, 2020 Richi Jennings | Yesterday 0
Cisco Makes Economic Case for Cybersecurity
Cybersecurity Featured Network Security News Security Boulevard (Original) Spotlight 

Cisco Makes Economic Case for Cybersecurity

July 2, 2020 Michael Vizard | Yesterday 0
TikTok Banned: 59 Chinese Apps Blocked in India
Analytics & Intelligence Cybersecurity Data Security Endpoint Featured Mobile Security News Security Boulevard (Original) Spotlight Threat Intelligence 

TikTok Banned: 59 Chinese Apps Blocked in India

June 30, 2020 Richi Jennings | 3 days ago 0

Security Humor

via  the comic delivery system monikered  Randall Munroe  resident at  XKCD !

XKCD ‘Oily House Index’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2020 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.