Thursday, March 14, 2019

In This Issue IRS 2019 Tax Season Warning

IRS 2019 Tax Season It's income tax season again, and as we get closer to the April 15th deadline, we can Warning expect to see an increase in phishing Don't Reuse Passwords! attempts from scammers. In November 2018, Safe Internet Browsing at the IRS posted a warning on their website Work about a surge of fraudulent emails impersonating the IRS and using tax The Evolution of the Phish transcripts as bait to entice users to open documents containing malware called Emotet.

Key Security Tips This malware has been posing as the IRS and sending scam emails with an attachment labeled "Tax Account Transcript" or something similar, and

To avoid becoming the victim of a the subject line uses some variation of the phrase "tax transcript." "phishing expedition," call your The IRS reminds taxpayers it does not send unsolicited emails to the friend or colleague if an email looks suspicious. public, nor would it email a sensitive document such as a tax transcript, which is a summary of a tax return. The IRS urges taxpayers not to open the email or the attachment. If using a personal computer, delete or forward the scam email to [email protected]. Ask your tech-savvy children to "teach you" about using computers Don't Reuse Passwords! to help you learn what they are doing online. When one of your online services gets hacked, you change your password and figure you might be safe. Unless, of course, Set your home computer to receive you've used the same password across automatic OS and application multiple accounts, in which hackers could updates. use your stolen password to access your other accounts. This famously happened with Facebook's Mark Zuckerberg, whose Twitter and Instagram accounts Don't give out information about were hacked using stolen passwords from the 2012 LinkedIn hack. fellow employees, remote network access, or organizational practices According to a recent 2018 study, The Next Domino to Fall: Empirical and strategies to people outside Analysis of User Passwords across Online Services, of the 28.8 million the organization. users they surveyed:

38% reused the same password for two different online services. 21% slightly changed an old password to sign up for a new service. Online shopping and email accounts are the most common services with reused or modified passwords. Email accounts are shopping sites are known to store addresses and credit card information, so hackers could hit a goldmine if you have reused a stolen password for one of these accounts.

This means that should your favorite shopping brand or email service provider get hacked, changing your password on that site alone won't fix the problem.

Password managers help make remembering and creating strong, unique, passwords extremely easy and some will even tell you if you have reused passwords across multiple services.

If possible, enable two-factor authentication so that in the event you have used the same password on multiple sites and one of them gets hacked, it will be a little more difficult for hackers access other accounts.

Safe Internet Browsing at Work

There certainly hasn't been a shortage of security breaches lately. And as companies become more data-driven, these breaches become more costly.

Part of improving your organization's defense against these types of threats starts with educating your employees on cybersecurity best practices.

Here's a quick guide to making sure you're safely browsing the internet while at work:

Keep your web browser updated – Outdated browsers are more susceptible to being compromised by bad actors. Keeping your browser up-to-date is a simple way for employees to keep themselves safe from cyberattacks. Make the most of your browser's features – Making sure you review your browser's settings and configure them with security in mind can help you browse safely at work. Only browse SFW sites – The best rule of thumb is to only browse the websites that are relevant to your work. Install security-aware apps and plugins – There are many browser apps that act as an extra layer of protection to help you safely browse the internet at work. Ad blockers, for example, can help eliminate sites that display compromised web advertisements. Visit your browser's app store to see what's available to you.

When it comes to preventing online threats from lurking into your organization's network, your employees are your first line of defense. Practicing these safe browsing techniques will help to keep your company protected.

The Evolution of the Phish

When you think of phishing, you most likely think about email phishing, as 91 percent of phishing attacks start with this method of communication. However, phishing attacks are evolving every day, becoming more sophisticated in both type and frequency. In this article we will outline some of the ways phishing has evolved from emails.

Social Media Phishing

More than two-thirds of adults use social media these days, and that number is even higher among young adults. Cyber-criminals are taking advantage of popular social platforms in hopes of hacking accounts or tricking people into giving them personal information. One way they do this is by creating fake accounts. These accounts can mimic people you're close with or businesses that offer promotions. Cyber-criminals will then post malicious links and steal login information.

Vishing and SMiShing

SMiShing is a form of phishing where cyber-criminals send text or SMS messages to another individual requesting their personal information. These texts often contain malicious links. If you receive a text from an unknown number that contains a link or is requesting personal information, think twice, and research the business or phone number.

Another way cyber-criminals attempt to steal personal information using your phone number is vishing. Vishing is the fraudulent practice of extracting sensitive information over the phone. Vishers often impersonate your bank by calling and leaving fake voicemails, or even emailing you an imposter phone number to call to provide your banking details. Always remember to double research the phone number provided to you. If something seems phishy, call your bank directly and ask if the request is legitimate.

USB Baiting

External storage devices, like USB flash drives, can be used to inject malicious code into your network, redirect you to phishing websites, or give a hacker access to your network. If you find an external storage device, never plug it in toy our computer. Turn it in to your IT administrator.

While social phishing, vishing, SMiShing, and USB baiting are some very tricky forms of phishing, you should always be on alert for any type of phishy situation. Always think twice before clicking a link or providing any sensitive information to anyone over the phone or digitally. It's always better to be safe than sorry! Inspired eLearning | 4630 N Loop 1604 W | Suite 401 | San Antonio, TX 78249

Forward this email to a friend.

© 2019 Inspired eLearning, LLC. All Rights Reserved. All organizations with an active Security Awareness license are granted permission to republish any or all of the content in our Security Awareness Newsletter, as long as distribution of that content is limited to employees within the organization.