Posts

TaylorMade Solutions

Six Tips for Consumers to Avoid Becoming a Victim of Cybercrime

I believe that information is power. I know that every person that uses the internet could become a victim of cybercrime. Cybercriminals are becoming much, much better at duping us and getting us to willingly give up our credit card numbers. So, as I started out with, knowledge is power and I want to offer up the following six tips to avoid becoming a victim of cybercrime.

But before I give the tips, let me give an overview of what some of us are being victimized by. And, I want to stress that if you have been a victim, you are not alone. In fact, according to the 2017 Norton Cyber Security Insights Report, 10 million Canadians were affected by cybercrime last year. And the cost of this cybercrime? $1.8 billion Canadian dollars…this is not small change be any means.

So, how were criminals able to get this amount of money from people? Here are a few ways:

  1. Fake tech support via computer pop-ups:

Consumers accessing insecure sites often get pop-ups that tell you that you have a virus, that your computer has been compromised, or even that you have committed some fraudulent activity.  Of course you have not, but these criminals are playing on your fear, emotion and the hopes that you don’t have the technical savvy to realize this is a scam.

So, how can you tell that the site is not secure? One way is to look at the url or web address.

You need to see the secure lock as you see on our website. This is a SECURE site:

TaylorMade Solutions

 

 

This is an insecure site:

  TaylorMade SolutionsTaylorMade Solutions

2. Fake Tech support via phone calls:

If you have been an unfortunate victim of a pop-up scam, and gave your credit card, and/or control of your computer over to the scammers, they could wait a few months and then call pretending to be someone from Microsoft, Google, Norton, ….or any vendor really.  Your information my have been released on the Dark Web too, which makes you an interesting target for criminals. The callers will indicate that there is suspicious behaviour with your computer and they can help you fix it.

The fact is that vendors cannot legally see anything that is happening with your computer. If someone is claiming that they can see what is going in with your computer, either they are lying or they have some sort illegal access…or they are a member of the CIA, FBI, CSIS, MI5 or some other spy agency.

So, if you don’t think a member of a spy agency is watching you…it’s a scam. Hang up. Don’t ever, ever, ever give control of your computer over to a caller. Don’t ever, ever, ever give any credit card information to someone claiming they can fix your computer who has called YOU (or if there is a popup on your computer).

3. Fake Credit Card Breach:

If someone calls claiming to be from your credit card company stating the your card has been used inappropriately, never give any information. The scam is that they will ask for your birthdate, your card number and some other details, maybe even your PIN or the SVC on the back of the card. Never. I repeat. Never give this information. Instead hangup and call the number YOU have for your credit card company and ask to validate a call that just came in. Don’t call the number that the potential scammer gave you. That’s how they get you.

So, what can you do? Here are Six simple tips:

  1. Don’t fall for computer pop-ups. If they appear, either get off the site, or disconnect from internet or shut down your computer or all of these options… Always look and use secure sites. Look for the https: and the lock symbol as shown above.
  2. If you get a call from someone claiming to be tech support, hang-up.
  3. Never give access to someone to remotely control your computer..NEVER.
  4. Never give your credit card information to someone who claims to be helping you.
  5. Remember that vendors, be it Microsoft, Norton, your service provider, etc. cannot see that something “suspicious” is happening with your computer. If someone claims that, they are lying to you.
  6. Keep your antivirus software updated, but don’t think that will protect you from everything. You need to be vigilant and follow 1-5 above.

But what happens if one of this very clever scammers succeeds… and by the way, you would not be alone. Remember that approximately 10 million Canadians were victim to cybercrime in 2017. Here are some things you must do:

  1. Contact your bank or credit card company immediately, if you gave your information, to advise them of what has happened.
  2. Never call the “company” again. Doing so tips them off and thwarts police investigation.
  3. Report the scam to your local police.
  4. If you gave access to your computer, ALWAYS take your computer to a professional who can clean your computer and remove viruses, malware and/or other software installed by the criminal. Not doing so could mean that the criminal installed malicious software that can record your keystrokes to get your sensitive information, or could be a virus or something else that will harm you and your data.

Being on line is no different than protecting yourself in your home. You lock the doors and you don’t let strangers in. Do the same for your online safety.

Want to know more? Contact us for more details.

TaylorMade Solutions, cybercrime

Are Communication Failures Lessening the Impact of Cybercriminals?

Not a day goes by where we don’t hear of some hack or another where cybercriminals are making a killing. Despite this however, there are a couple of things that appear to be happening:

  1. The average person, consumer or even worker is not connecting the dots to either realize that they are at risk, or that their actions are the risk and the entry point for these cybercriminals. 
  1. Organizations, for profit or not-for-profit, are not heeding the simple warnings to carry out simple tasks such as patching, but they aren’t also being held accountable for the compromise of personal data breaches.

The lack of accountability is very significant and we as consumers need to hold their feet to the fire and require that regulations, laws and enforcement occur.

So, why is this? I think that there are a few reasons that the message for action and taking precautions are not getting through. They include:

  1. We continue to use language that people don’t understand. This definitely tops my list. I see it when I speak to business people all of the time. I talk about cybersecurity issues or risks and they just don’t get it. One of the first comments is: we outsource our IT. Or, we operate in the Cloud, so it’s not an issue.

These comments definitely demonstrate that they are only seeing cybersecurity as an IT or networking issue. It’s much more than that and we need to educate our front line defence! Our human resources! And to arm them properly, we need to find a common language that people understand, not just the people in the “biz.”TaylorMade Solutions, cybercrime

Rather than refer to cybersecurity breaches, we need to help people see the criminal aspect of what is happening and that there are some easy steps to take to help protect each of us from them. For example, how many people lock their homes when the leave? Heck, how many of us keep the doors locked all of the time? It’s a matter of personal protection. Protecting our families and protecting our property. We now need to think about online safety in the same way. We need to lock the doors (our computers and internet access from criminals) and ensure that ensure that our windows are also closed and locked. If by chance a lock doesn’t quite work like it used to (continuously update our versus protection and software patches), we replace it immediately.

      2. When we do talk about cybercrime, we paint the picture of the villain in a hoodie in a dark basement. This is an old and outdated picture. Reality is, cybercriminals are often the people you least expect and can quite frankly be anywhere in the world, including next door, or in another country on the other side of the world. The point is, they aren’t likely lurking in a basement, but rather in comfortable quarters living off the ill gotten gains of people who might just be a little too trusting. Maybe you, maybe your neighbour, maybe a family member.

So, what is the solution?

In my opinion we need to go back to basics. Communications 101 actually. Who is our audience? What are we trying to tell them in order to get them to change behaviours? What language should we be using so that they understand? In other words, stop with the tech talk or cybersecurity industry talk. Speak to them in their language. And finally, where are they consuming information so that we can reach them?

These are simple steps that we can do. We just need to do them.

Do you have other ideas? We would love to know.

Do you need help implementing your internal Comms Plan or even developing a Privacy Breach Plan? If so, let us know.

Why I Will Never Wish You Happy Birthday Again on Social Media

Not a day goes by that I don’t see friends or family celebrating their birthday. I know it is their birthday because I see both the reminders on social media – Facebook and LinkedIn – and the countless scores of people who are sending their best wishes. In fact, I used to be one of those people!

I will however, never wish you happy birthday again on social media! And here’s why:

I actually care about you. Now of course those doing the well wishing care too. Don’t get me wrong. The fact is however, that social media is the primary method that cybercriminals now use to learn about you. It’s called social engineering. And knowing what I know now, I opt to not help cybercriminals.

Some of you might be saying: “What the heck is social engineering and why do I care?”Social Engineering/CyberCrime

It’s a great question. I am glad you are asking and you should definitely care. There are of course many definitions. Some formal and others not so much. For simplicity sake, social engineering is psychological manipulation of people into performing actions or divulging confidential information. In the age of social media however, manipulation might not be an issue. After all social media is meant to be sharing platforms where we can express ourselves, share information about our family, our jobs, our vacations and even what we buy or do.

For years we have been encouraged to share…maybe even overshare. Every detail of our lives can be found on our social media profiles. And while this is a great way to keep family and friends up-to-date with what we are doing, there is a dark side.

In fact, social media is now one of the best sources for criminals to obtain countless bits of information about you, your family, your employer and even your friends. They can then use this information to:

  1. Spoof you and create fake social media accounts in your name and/or fill out credit applications. This of course is known as identity theft. The ramifications can range from less than desirable to very serious.
  2. Send phishing email to your colleagues at work attempting to:
  • get more details on your organization,
  • try to secure false payments, or
  • have a virus or ransomware deployed when a link and/or attachment is clicked by your trusting coworkers who think you are emailing them.

These have all been very effectively used by cybercriminals not just globally, but locally.

So, how can you protect yourself and your employer? Here are 10 simple tips:

  1. Ensure your privacy and security settings are as strong as possible.
  2. Review your privacy settings on a regular basis, say three times a year. Set a calendar reminder.
  3. Never show your birthdate on your social media. Never.
  4. Never list your martial status on your social media. Never.
  5. Don’t list your family members.
  6. Never accept connection requests from people you don’t actually know. This applies to LinkedIn as well.
  7. Never put your home address on social media.
  8. While we tend to put a lot of information about ourselves on LinkedIn, don’t put personal information on this profile.
  9. When you receive an email from someone you don’t know, never click on the link or open an attachment that maybe included. This includes email from couriers, Canada post, Revenue Canada, etc. Think twice and never click.
  10. When you do receive email from some you DO know, but aren’t expecting it, think twice before clicking on the link or to open the attachment. Don’t be afraid to call the person you know or send a new email ( don’t do a respond) asking if he or she sent you an email with a link and/or attachment.

These 10 simple tips will help protect you and your employer against the actions of cybercriminals. And, I do think it is our responsibility to help protect our employers. Research has shown that cybercrime is expensive and some businesses can’t recover, so doing our part is helping to protect our jobs.

We all must remain vigilant. It is an unfortunate part of using social. Like anything criminals find new ways to leverage technology to try to gain from.

If you would like to learn more, connect with us. Be Prepared! Be Trained! Have a TaylorMade Solution!