International Fraud Awareness Week is Nov. 12-18, 2023. 

Fraud comes in many forms and packages, including scams.  Here are some important tips and reminders to keep you safe and to highlight just some of the many scams and fraud approaches.

Since November 12-18, 2023 is International Fraud Awareness Week, we wanted to include some important tips and resources as well as mention some of the key scams we see this time of year.  Scams are fraud targeting employees and individuals both at home and at work.

Ways to SPOT a Scam before you’re a victim

1. Scammers often PRETEND to be from an organization you know.

Scammers often pretend to be contacting you on behalf of the government. They might use a real name, like the FTC, Social Security Administration, IRS, or Medicare, or make up a name that sounds official. Some pretend to be from a business you know, like a utility company, a tech company, delivery company (FedEx, UPS, Amazon, USPS) or even a charity asking for donations.

They use technology to change the phone number that appears on your caller ID. Be aware that the name and number you see might not be real.

2. Scammers cause emotion when they say there’s a PROBLEM or a PRIZE.

They might say you’re in trouble with the government. Or you owe money. Or someone in your family had an emergency. Or that there’s a virus on your computer.

Some scammers say there’s a problem with one of your accounts and that you need to verify some information.

Others will lie and say you won money in a lottery or sweepstakes but have to pay a fee to get it.

3. Scammers often PRESSURE you to act immediately.

Scammers want you to act before you have time to think. If you’re on the phone, they might tell you not to hang up so you can’t check out their story.

They might threaten to arrest you, sue you, take away your driver’s or business license, or deport you. They might say your computer is about to be corrupted.

4. Scammers often tell you to PAY in a specific way.

They often insist that you can only pay by using cryptocurrency, wiring money through a company like MoneyGram or Western Union, using a payment app, or putting money on a gift card and then giving them the numbers on the back of the card.

Some will send you a check (that will later turn out to be fake), then tell you to deposit it and send them money.

What to do to AVOID being a victim of a Scam:

Block unwanted calls and text messages. Take steps to block unwanted calls and to filter unwanted text messages.

Don’t give your personal or financial information in response to a request that you didn’t expect. Honest organizations won’t call, email, or text to ask for your personal information, like your Social Security, bank account, or credit card numbers.

If you get an email or text message from a company you do business with and you think it’s real, it’s still best not to click on any links. Instead, contact them using a website you know is trustworthy. Or look up their phone number. Don’t call a number they gave you or the number from your caller ID.

Resist the pressure to act immediately. Honest businesses will give you time to make a decision. Anyone who pressures you to pay or give them your personal information is a scammer.

Know how scammers tell you to pay. Never pay someone who insists that you can only pay with cryptocurrency, a wire transfer service like Western Union or MoneyGram, a payment app, or a gift card. And never deposit a check and send money back to someone.

Stop and talk to someone you trust. Before you do anything else, tell someone — a friend, a family member, a neighbor — what happened. Talking about it could help you realize it’s a scam.

Reminders about the dangers of Links and attachments:

• Surfing the Web
• Reading and Responding to:
  • Emails
  • Texts
  • Instant Messages

Remember that the bad guys want you to click on links or open attachments – that is how they “phish” you.  If the email/text/instant message seems odd – don’t click on the link, don’t open the attachment.  If it says it is from your “bank”, “Amazon”, “UPS”, “IRS”, “FBI”, “USPS”, etc. – don’t click on those – these are common “phishing” scams – wanting you to worry or be curious and then open them.  Others will simply send you a text or instant message that simply says:

• Check this out: {vague but malicious link here}
• Did you see this? {vague but malicious link here}
• Shipping confirmation required: {vague but malicious link here}
• Account will be locked, confirm information here: {vague or malicious link here}

Instead – if you are expecting something from Amazon, just login to your normal Amazon account like you normally would. (Don’t use the link in the email/text/IM.)  Best to bookmark your main locations, like your bank, amazon, etc. so you know they are the correct links.   If it says it is from a bank or credit card company, you can always call the number on your bill or the back of your credit card.

Privacy Awareness Reminder:
There has been a lot of activity on the privacy side of the house as well. As you surf the web, be sure you look at privacy statements.  Read the details, determine where your data is going, and more importantly, understand what data will be captured and how it will be used. Also ensure you are looking at cookie settings.  Pick the ones that you want.  Don’t just accept all or go with the default.  It’s your data, be deliberate!

Overview:

October is Cybersecurity Awareness Month.  Here are some important tips and reminders to keep you safe while using technology on all your devices.

Key Points:Blog Post:  Cyber Security Awareness Month – Tips and Reminders:

Since October is Cyber Security Awareness Month, we thought a few tips and common reminders would be helpful.  We also wanted to highlight some of the recent breaches and what they remind us about security. 

In the news (Q3 notable breaches):

You may have heard of one or more of these breaches listed below. The number and frequency of breaches do not seem to be slowing.  We have included hints and tips if you were affected by these breaches.

Here are some of the companies affected by security breaches so far in Q3 2023:

MGM 

What we learned – Remember to train your helpdesk teams how to vet users in a secure way.

Caesars

What we learned – This was basically due to a phishing email, so stay alert for phishing emails.

Tips: 

1. What should you do?  If you have an account at/with any of these companies, you should change your password if you have not already.  You should strengthen it and not just make it similar with a different number, character, or symbol.  Completely change the password and make it at least 16 characters long using letters in both upper-case and lower-case, a number, and special character(s) if allowed by that website/application.
2. Not sure if your password for these or any other site has been breached?  Use this site to check:
   1. https://haveibeenpwned.com/
   2. Check your email(s)
3. Not sure how to make an easy to remember, but hard-to-guess password – see the reminder below.

Password Security Reminders:

• Best security practices suggest you have 16 characters long, including a mix of uppercase letters, lowercase letters, numbers, and special characters.
• Best to not just use dictionary words, but first letters of a phrase – so they are not dictionary words – so perhaps pick a favorite song and use the first letters of each word – so “somewhere over the rainbow skies are blue” becomes “Sotrsab” to use as part of  your password. You could then use another phrase from a different source like a book:  “It was the best of times, it was the worst of times” This becomes “iwtbotiwtwot” It would be easy to remember, but harder to guess.
• Then add some numbers and special characters: So now you have “Sotr57sab!iwtbotiwtwot” and now you have a very long, very strong password that is easy to remember.  Please don’t use this exact one – since this is a post – many people will have seen it, including perhaps some attackers.  So use your own song/book/poem, etc.
• Remember, don’t share that password with anyone.  Don’t write it down on a sticky note under your keyboard or laptop, don’t send passwords in email – as email is not secure, same with Instant messaging, and other similar messaging apps.
• Want an easier solution, if you don’t want to remember all of these passwords, you can use a password manager application.  Then, you only have to remember one long and strong password to get into that application.  It then fills in your different passwords for each application.  If you are picking a password manager password – it should be 20 characters or more.  

Security Best Practices for:

• Surfing the Web
• Reading and Responding to:
  • Emails
  • Texts
  • Instant Messages

Remember that the bad guys want you to click on links or open attachments – that is how they “phish” you.  If the email/text/instant message seems odd – don’t click on the link, don’t open the attachment.  If it says it is from your “bank”, “Amazon”, “UPS”, “IRS”, “FBI”, “USPS”, etc. – don’t click on those – these are common “phishing” scams – wanting you to worry or be curious and then open them.  Others will simply send you a text or instant message that simple says:

• Check this out:  {vague but malicious link here}
• Did you see this? {vague but malicious link here}
• Shipping confirmation required: {vague but malicious link here}
• Account will be locked, confirm information here:  {vague or malicious link here}

Instead – if you are expecting something from Amazon, just login to your normal Amazon account like you normally would. (Don’t use the link in the email/text/IM.)  Best to bookmark your main locations, like your bank, amazon, etc. so you know they are the correct links.   If it says it is from a bank or credit card company, you can always call the number on your bill or the back of your credit card.

Privacy Awareness Reminder:
There has been a lot of activity on the privacy side of the house as well. As you surf the web, be sure you look at privacy statements.  Read the details, determine where your data is going, and more importantly, understand what data will be captured and how it will be used. Also ensure you are looking at cookie settings.  Pick the ones that you want.  Don’t just accept all or go with the default.  It’s your data, be deliberate!

Overview:

Join us as we embark on this journey to unlock the synergy of privacy and cybersecurity, paving the way for a business environment that is not just secure but respects and upholds the sanctity of privacy. It’s time to foster a business culture that is resilient, ethical, and prepared for the future, where privacy is not just a compliance requirement but a competitive advantage. Let’s build businesses that are trusted, respected, and ready for the future. 

Key Points:

In the digital age where data is the new currency, the convergence of privacy and cybersecurity stands as the fortress safeguarding the most valuable assets of your business. Yet, the depth of privacy remains an uncharted territory for many cybersecurity practitioners. It is a dynamic landscape, constantly evolving, and this session will highlight and discuss these key points:

• The ever-changing landscape of State privacy laws and what this means for your business.
• Commonalities among the most recent and trending privacy laws
• How to stay abreast and prepare for future laws and regulations even though we don’t know “exactly” what they will say yet
• The importance of these three items as you prepare for the future:
  • Privacy by Design
  • Data Governance
  • Artificial Intelligence (AI)

Join Carlin Dornbusch, a seasoned veteran in the realms of privacy and cybersecurity, as he delineates the roadmap to transforming privacy from a mere regulatory mandate to a potent competitive edge. Leveraging years of frontline experience, Carlin will unveil strategies that not only safeguard your business but foster a culture of trust and resilience, steering you towards a future where privacy equates to unparalleled business advantage. Carlin serves as the ISSA Denver Recording Secretary and is an active member of the Cloud Security Alliance (CSA), OWASP, and IAPP Denver. Carlin also holds a Certified Information Systems Security Professional (CISSP) certificate from ISC2 and is an ISSA Senior Member.

Resources:

To learn more about this event, the full schedule and register visit this site: https://summit.issala.org/

The detailed schedule is here: https://summit.issala.org/summit-xiii-2023-summit-schedule-2/

American Cyber Security Management is a data privacy, cybersecurity, and Compliance leader. Our mission is to help enterprises protect their data from internal and external threats. We offer on-demand assessment, implementation, and sustainability services focusing on Privacy and Cybersecurity readiness and compliance, risk reduction, and mitigation. https://www.americancsm.com

(See proposed logos here: https://www.fcc.gov/cybersecurity-certification-mark)

Overview:

A new cybersecurity certification and labeling program was announced in July 2023, the “U.S. Cyber Trust Mark,” aimed at helping consumers choose smart devices that are less susceptible to cyberattacks. This initiative is part of a broader effort to protect American consumers and their privacy.

Key Points:

·         The U.S. Cyber Trust Mark” program is proposed by Federal Communications Commission (FCC) Chairwoman Jessica Rosenworcel. The program aims to enhance cybersecurity across common devices such as smart refrigerators, televisions, fitness trackers, and more.

·         Several major electronics, appliance, and consumer product manufacturers, retailers, and trade associations have voluntarily committed to enhancing cybersecurity for the products they sell. These include Amazon, Best Buy, Google, LG Electronics U.S.A., Logitech, and Samsung Electronics.

·         The “U.S. Cyber Trust Mark” will be a distinct shield logo applied to products that meet established cybersecurity criteria. This will provide consumers with tools to make informed decisions about the relative security of products they choose to bring into their homes.

·         The FCC is expected to seek public comment on the proposed voluntary cybersecurity labeling program, which is expected to be operational in 2024. The program will leverage stakeholder-led efforts to certify and label products based on specific cybersecurity criteria published by the National Institute of Standards and Technology (NIST).

·         The FCC plans to use a QR code linking to a national registry of certified devices to provide consumers with specific and comparable security information about these smart products. The Commission also plans to establish oversight and enforcement safeguards to maintain trust and confidence in the program.

·         NIST will undertake an effort to define cybersecurity requirements for consumer-grade routers, a high-risk type of product that, if compromised, can be used to eavesdrop, steal passwords, and attack other devices and high-value networks.

·         The U.S. Department of Energy announced a collaborative initiative with National Labs and industry partners to research and develop cybersecurity labeling requirements for smart meters and power inverters, essential components of the future smart grid.

·         Internationally, the U.S. Department of State is committed to supporting the FCC to engage allies and partners toward harmonizing standards and pursuing mutual recognition of similar labeling efforts.

Implications and Analysis:

From a cybersecurity and privacy perspective, this initiative is a significant step forward in enhancing the security of smart devices and protecting consumers. The labeling program will not only help consumers make informed decisions about the products they purchase but also incentivize manufacturers to prioritize cybersecurity in their product design and development.

The focus on consumer-grade routers is particularly noteworthy and an important vector to protect, given their critical role in home networks and their potential to be exploited for cyberattacks. The initiative by the Department of Energy to develop cybersecurity labeling for smart meters and power inverters also underscores the importance of securing the infrastructure of the future smart grid.

However, the success of this program will depend on the robustness of the cybersecurity criteria, the effectiveness of the enforcement mechanisms, and the level of consumer awareness and understanding of the labeling system. It will be crucial for the FCC and other stakeholders to engage in continuous dialogue and collaboration to ensure the program’s effectiveness and adapt to evolving cybersecurity threats.

Resources:

What the proposed mark will look like: https://www.fcc.gov/cybersecurity-certification-mark

The actual White-House announcement: https://www.whitehouse.gov/briefing-room/statements-releases/2023/07/18/biden-harris-administration-announces-cybersecurity-labeling-program-for-smart-devices-to-protect-american-consumers/

American Cyber Security Management is a leader in data privacy, cybersecurity, and Compliance. Our mission is to help enterprises protect their data from internal and external threats. We offer on-demand assessment, implementation, and sustainability services that focus on Privacy and Cybersecurity readiness and compliance, risk reduction, and mitigation. https://www.americancsm.com

Overview:

In the rapidly evolving cybersecurity landscape, the North Texas ISSA boardroom roundtable discussions shed light on the pressing concerns and challenges industry leaders face. One highlighted topic is the “Leadership Update: New Risks Under New Privacy and Security Legal Requirements.” This discussion emphasizes the importance of understanding and adapting to the latest legal requirements in the realms of privacy and security. With the integration of advanced technologies and the increasing complexity of cyber threats, leaders must be proactive in ensuring compliance and safeguarding their organizations

Latest Privacy and Security Insights from Distinguished Industry Professionals: 

The roundtable discussion is illuminated by the expertise of Jenifer McIntosh, a Data Privacy and Security Attorney at Ferguson Braswell Fraser Kubasta PC; followed by Katie Butler, a Data Privacy and Security Attorney from Mullen Coughlin, LLC; Carlin Dornbusch, the President and CISO of American Cyber Security Management; and Yochai Greenberg, the Founder & CTO of Nano Cyber Solutions. Their collective wisdom provides a comprehensive view of the evolving challenges and intricacies of the new privacy and security legal mandates.

Holistic Approach to New Privacy and Cybersecurity Requirements: 

The discussions emphasize a holistic approach to cybersecurity, encompassing not just technical solutions but also legal, organizational, and strategic considerations which should be considered as the ever-changing landscape continues to evolve.  Learn what these experts will share about realistic and updated approaches you can apply today!

Resources:

Date: Friday, September 15th, 2023 

Time: 8:00 AM – 4:30 PM 

Venue: Collin College Frisco Campus, 9700 Wade Blvd., Main Conf. Center 

Get Tickets Via: https://lnkd.in/gUg3atZg 

We hope to see you at this informative event in Frisco Texas.

American Cyber Security Management is a leader in data privacy, cybersecurity, and Compliance. Our mission is to help enterprises protect their data from internal and external threats. We offer on-demand assessment, implementation, and sustainability services focusing on Privacy and Cybersecurity readiness and compliance, risk reduction, and mitigation. https://www.americancsm.com