Wednesday, May 15, 2019

In This Issue

Free Streaming ServicesLead to MalwareInstagram & Facebook – APhisher's Catch of the DayHow to have the "TechTalk" with your Teens!61% of IT Pros HaveExperienced a DataBreach

Key Security Tips Configure your home computer touse a firewall and antispywaresoftware to provide a safer webbrowsing experience.

Certain types of attachment aremore dangerous than others.Never open .exe files from youremail.

Data sent through email may beaccessible to others. You canprotect your data by using apassword-protected, encrypted ZIPfile.

Your mother's maiden name canbe used by identity thieves. Makesure it is not visible anywhere from

i l di

Free Streaming Services Lead to Malware

The Digital Citizen's Alliance, a nonprofitorganization focused on Internet safety,recently investigated how the dark web isusing "free streaming services & devices" toexploit unsuspected users. According toDCA, hackers are targeting the market thatoffers illegal access to pirated movies andlive programming to spread malware and exploit unsuspecting users.

The attack starts by the user purchasing a device loaded with apps thatoffer "free access" to things like the latest movies, live broadcasts, orprofessional sporting games. The devices are typically for sale onFacebook Marketplace, Craigslist, or eBay. The devices look and behavelike regular streaming boxes, such as Roku or Apple TV.

The malware steals usernames and passwords and probes users'networks and uploads data.

But instead of accessing legitimate services like Netflix or Hulu, they linkto pirate apps that steal your login credentials. Once these devices areplugged into your home network, hackers now can bypass any securitymeasures designed to protect your system.

According to Tom Galvin, executive director of DCA, the problem is notwith the hardware of the set-top boxes, many of which are used to hostlegitimate applications for accessing streaming services. The issue is withthe applications that a criminal can load onto the hardware before it'sdelivered to the consumer.

In a DCA research survey of 2,073 Americans, 13 percent reported thatthey have a device that offers pirated content in their home. The majorityof Americans (59 percent) said that "most consumers are probablyunaware of the security risks that can occur when plugging one of thesedevices into a home network."

Protect yourself from this scam by taking note of the following tips:

Avoid any offer that claims to give "free access" to anything.Terms like "jailbroken" or "preloaded" are red flags for this type of

your social media accounts. scam.Kodi Boxes is another term for these infected devices.Only purchase streaming devices from the direct source(apple.com, amazon.com, etc.) or from a storefront like Best Buy,Target, Walmart, etc.Spread the word to your friends and family to increase consumerawareness.

Instagram & Facebook – A Phisher's Catch of the Day

Social media phishing is nothing new, butphishers’ interest in Instagram phishing sawa large increase in the first quarter of 2019.According to Vade Secure, the number ofInstagram phishing URLs increased by1,868.8% from Q4 of 2018 to Q1 of 2019.The biggest impact was due to phishingemails offering a verified Instagram badge to steal users’ login credentials.After receiving their credentials, hackers would lock users out of theiraccounts, often changing their account’s associated email address andphone number.

Facebook had seen a steady decrease in phishing related emails from Q12018 through Q4 2018. This all changed when phishing emails surged155.5% in Q1 2019. This surge is likely tied to social sign-on becomingmore popular. Facebook credentials can be used to log into any linkedaccounts, so once a phisher has access to your Facebook login, theyhave access to everything connected to it.

With social media based phishing attempts, always keep in mind phishingprevention best practices.

Make sure the sender’s email address looks legitimate. Hover over links to make sure you know their true destination. Reputable organizations will not ask for your login credentials aspart of a form. Don’t be distracted by sensational phrases or offers (getting averified Instagram badge is no easy feat).

Just as with any phishing attack, don’t be lured by the shiny object.

How to have the "Tech Talk" with your Teens!

Talking to your teen about safety of any kindcan sometimes be frustrating as crossinggenerations tends to create a disconnect.Teens feel invincible like nothing ever bad isgoing to happen to them. Add a technicalarena filled with social media apps,specialized lingo and new ways ofcommunicating may have parents feeling lost on how to talk with theirteens.

Helping young people stay safe online has been at the forefront since theintroduction of the internet. But policing a black hole is impossible. Wecan't possibly be with our teens every second of every day. Their need tobe connected is threaded tightly through their education and social statusand it is very hard to get them to unplug. So, if you are wondering how tonurture your teens about online safety but don't know where to start keepreading!

The National Cyber Security Alliance have posted these tips to helpparents start the conversation.

Make rules that can be enforced: Many teens have online accounts that their parents aren't aware of, rulesrequiring advance permission before creating accounts are likely to bebroken and unenforceable. Before setting a rule, think about whether it willsignificantly improve your children’s safety and how you can keep thelines of communication on the issue open.

Have a core set of rules the whole family follows: Create a set of rules that everyone in the family is expected to follow.Limiting use of devices during meal times or other family time, practicingdiscretion when sharing personally identifiable information about familymembers, and seeking permission from one another before sharinginformation, such as posting photos on social networks. This teaches yourchild responsibility and accountability to their own family.

Make rules together and change them over time: Young people may surprise you with how much they already know aboutbeing safer and more secure online. Ask them about the rules they havemade for themselves and the practices they currently follow. Make surethat the rules evolve as your children grow.

It's not about the technology – it's about how it is used. Get involved! Smart devices have cameras and apps that allow video chator live streaming. While super fun, they can also be used to sendinappropriate images or create security vulnerabilities. Teaching the familyhow to use the technology appropriately and manage privacy and securitysettings will help everyone learn how to better protect themselves online.

Establish a safe environment for technology conversations. Teens are likely to ask everyone but their parents first for advice. Createan environment of trust in which your kids can comfortably talk to youabout their experiences and issues without fear of punishment or blame,even if they have broken a rule.

Help teens help their friends. Encourage your teen to talk to their friends on how to block users on sitesand how to report problems or abuse on the apps they use. Establishsome parameters about when they should seek adult help, such as if afriend may commit harm to themselves or others or the law has been

broken. While teens are unlikely to intervene directly in an online incidenta friend is experiencing, role-play and strategize about how they wouldhandle problems. Being safe and secure online is about trying to preventnegative incidents, but also building resilience.

Talk to teens about your shared concerns. When it comes to online safety, parents and teens share commonconcerns on topics like someone accessing a teen's account withoutpermission, someone sharing a teen's personal information and having ateen's photo or video shared that they wanted to keep private. Speakingopenly with your teens often will help them make good decisions shouldany of these occur.

61% of IT Pros Have Experienced a Data Breach

Last month in a report from McAfee, anoverwhelming number of IT securityprofessionals said that they struggle toprotect their organization from securitybreaches and other cyberattacks, even withtoday’s advances in cybersecurity. Astaggering 61% of IT security pros said theyhave experienced a data breach with their current employer.

The report noted that these attacks are becoming harder for organizationsto defend because cybercriminals are continually finding new and variedways to steal corporate data. Top vulnerabilities include database leaks,network traffic, file shares, and corporate email.

To make matters worse, 52% of respondents indicated that after a breachoccurs, IT teams usually take the blame. However, when it comes toholding accountability, IT pros and C-suite executives aren’t exactlyseeing eye-to-eye. More than half those surveyed believed that executivesshould lose their jobs if a company is exposed to a serious data breach,while 61% also indicated those same executives expect more lenientsecurity policies for themselves.

Hopefully, as more organizations adopt cybersecurity training programs,these statistics will improve and reduce the amount of conflicts.

Inspired eLearning | 4630 N Loop 1604 W | Suite 401 | San Antonio, TX 78249

Forward this email to a friend.

© 2019 Inspired eLearning, LLC. All Rights Reserved. All organizations with an active Security Awareness license are granted permission to republish any or all of the content in our Security

Awareness Newsletter, as long as distribution of that content is limited to employees within the organization.