Cyber Security Today: Advice for fraud awareness month, ransomware hits aluminum producer and protect against spear phishing

Advice to businesses and consumers for Fraud Prevention Month, ransomware hits Oslo-based international aluminum producer and ways to protect against spear phishing

Welcome to Cyber Security Today. It’s Wednesday March 20th. I’m Howard Solomon, contributing report on cyber security and privacy for ITWorldCanda.com. To hear the podcast click on the arrow below:

 

Cyber Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

This being fraud awareness month someone decided I was worth attacking. So this week I got a recorded phone call that started like this: “Attention customer. Your credit card has two suspicious transactions. An expense on eBay and one on PayPal. If these were charges you did not make, press 1.” You can detect this is a scam for one good reason: No credit card company will send out a warning with a recorded call. Probably what the attacker wants to you do after pressing 1 is to enter your credit card on your phone keypad. Or, you’d be transferred to an agent who would ask for your credit card number and the secret number on the back for verification. If you are worried about a suspicious charge, call the phone number on the back of your credit or debit card.

Canadian online bank Tangerine notes there are a wide range of phone, email and social media scams going around. Common ones are messages that you’ve won a large lottery or sweepstake, but you have to pay a fee to cover taxes or legal fees; someone pretending to be from head office asking you to send cash or a money order to pay for office supplies; a message saying you have been selected to be a mystery shopper; and a message claimed to be from Netflix asking you to update your payment details by clicking on a link.

Security vendor Eset also offers this advice: Be smart when using your smart phone or tablet for online shopping. Limit the number of sites that automatically store your credit card and personal information. Consider checking out as a guest whenever possible or using Apple Pay, Android Pay and PayPal – which prevent your card details from being transmitted – when on sites not frequently used.

Be careful with apps and websites that want your personal data. You don’t always have to use your real name or your birthday or your hobbies. Give away too much and hackers can then call you posing a legitimate company that sounds like it knows a lot about you. Finally, make sure you safely get rid of old computers, phones and tablets by completely wiping them of personal data.

For more on fraud prevention, see this Government of Canada web site.

Some companies still haven’t figured out how to secure their computers. Yesterday Norwegian metals and energy giant Norsk Hydro, one of the world’s biggest aluminum producers, admitted the company had been hit by an extensive ransomware attack. As a result some operations are running manually. The company said it has recent backups that should help it restore encrypted files without the need to pay the ransom demanded by the attackers. Typically ransomware infections start with someone clicking on an infected email message. That can be slowed by teaching staff to always be careful with email, and making sure systems have the latest security patches. Another tactic of attackers is getting hold of an administrator’s login credentials and planting the ransomware on a server. That can be stopped with tight controls over server access, including two-factor login authentication.

Targeted email attacks called spear phishing help spread malware and ransomware. Security vendor Barracuda Networks this week offered a number of tips to companies to help avoid being victimized. These include making staff use multi-factor authentication for logging into systems and applications, implementing the DMARC authentication protocol to prevent your company’s email from being impersonated, training staff to recognize and report attacks, and use technology that recognizes phishing attacks.

Read the full report here. Registration required.

That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast