October is Cybersecurity Awareness Month and Beth Anne Steele of the Oregon FBI has provided an article with tips on how to stay safe online. In their tech tip article they discuss two fairly large topics, ransomware and business email compromise (BEC). Ransomware is a type of malware which consists of malicious software that locks a computer user out of their system, and will return access to the system via a decryption key once a ransom demand has been met, generally in some form of payment to a threat actor. BEC is when a threat actor impersonates a business executive or employee in order to gain access to specific information such as personally identifiable information (PII) or requests that a fraudulent payment be made. “BEC has cost victims billions of dollars over the last five years” Steele writes.
Steele then goes on to explain two components that usually are seen in these types of attacks, spoofing and phishing. Spoofing is when the threat actor disguises an illegitimate email address, website, phone number, etc. as a trusted source, “often just by changing one letter, symbol, or number” she writes.
Phishing will often make use of spoofing techniques to convince a user to download a malicious file or click on a malicious link. Phishing, much like spoofing, causes a user to think that they have received a legitimate communication from a trusted person or business but in reality it is a fake communication.
Steele ends the article with tips on how to protect yourself, including:
- Examine email addresses, website URLs, and spelling in correspondence carefully.
- Use multi-factor authentication for accounts that allow it.
- Don’t download or click on unsolicited email attachments or links.
- Be cautious on what information you provide or share on social media, as things like pet names, schools attended, birthdays, etc. are commonly used security account question answers or passwords.
Email: Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology