KnowBe4 Security Tips - What Are Browser Notifications?

Most internet browsers allow websites to offer browser notifications. The first time you visit a website that offers browser notifications, you will see a pop-up message at the top of your browser window asking you to either allow or block notifications. If you choose to allow them, browser notifications can be displayed at any time, even when you are not on that website. These notifications are typically used for things like blog updates, social media interactions, and upcoming sales. Unfortunately, cybercriminals can also send their own malicious browser notifications to steal your money and information.

How Do Cybercriminals Use Browser Notifications?

Cybercriminals can use two different methods to send you malicious browser notifications. They can either hijack a legitimate website and offer fake notifications from that website, or they can trick you into allowing notifications while visiting a malicious website. For example, in one scam, cybercriminals used a malicious website that appeared to be a video player and instructed users to click "Allow" before they could play a video. Once cybercriminals are able to send you browser notifications, they can use the notifications in several ways:

• They can display excessive pop-up messages, inappropriate content, or other disruptive material in your browser. This tactic allows cybercriminals to hold your system hostage while they demand a ransom.
• They can send you malicious advertisements, also known as malvertising. Malvertising is when cybercriminals use ads to spread malware, trick you into providing sensitive information, or steal your money using fake storefronts. 
• They can include malicious files and code within browser notifications. If you click on one of these malicious notifications, your system may be automatically prompted to download a piece of malware. 

Hints and Tips to Stay Safe

Use the tips below to stay safe from malicious browser notifications:

·        Think before you click! Whether it is a browser notification or another kind of pop-up message, always read and consider a prompt before taking action.

·        Check the permissions settings within your browser and only allow notifications for websites that you know and trust. Most browsers include a list of websites that are allowed to send you notifications. Some browsers also allow you to globally block notifications for all websites.

·        Keep your browser and other software up-to-date. Software updates often include security patches that help close known vulnerabilities. We recommend enabling automatic updates to ensure that your browser is always up-to-date.

Exploiting the Coronavirus: Phony New Policies

During the COVID-19 pandemic, organizations are acting quickly to update HR policies and new security measures in order to protect their employees. Unfortunately, the bad guys work just as fast to use these changes to their advantage. They are sending emails that appear to be from your HR or IT department, hoping to fool you into trusting them. These phishing emails direct you to review a new policy by downloading a malicious attachment or clicking a link that takes you to a phony login page. Don’t be fooled!

Here’s how to keep your organization safe:

• Whenever you need to log in to an account or online service, always navigate to the login page using your browser, rather than clicking on links in an email.
• Never click on a link or an attachment that you weren’t expecting. Even if it appears to be from someone in your own organization, the sender’s email address could be spoofed. 
• When in doubt, reach out to the sender by phone to confirm the legitimacy of the email before clicking.

Multi-factor Authentication

What is it?
Multi-factor Authentication (MFA) is the process of verifying that you are who you claim to be when logging in to a device or an account. If you're reading this from your work computer, you probably logged in to your computer - that's single-factor authentication. But single-factor authentication is no longer enough to keep your accounts secure. Learn more below about the various ways you can digitally-authenticate your identity.

Understanding the Types of Identity Claim Factors:

• Something you own. This is using a mobile phone or device that you have in your possession to prove your identity. Typically, the device provides a code via an application, text message, email, or voice call. You then enter this code, and for successful authentication, your code must match what is expected by the service you’re attempting to log in to.
• Something you know. This is something you’ve memorized or stored somewhere, such as a PIN. You must supply the correct PIN to log in to your device or service.
• Something you are. This factor is something about your physical body that cannot be altered, such as your fingerprint or retina. Biometric scanners or readers are used to confirm you’re physically the person that you’re claiming to be.

Why do I need it?
In our digitally-driven world, passwords are no longer enough to keep your information safe. These days, it takes minimal effort for hackers to break into, or social engineer their way into, accounts that are only protected by passwords. Adding an extra step to access your accounts, such as entering an authentication code, means that hackers would also need to have your phone to break in.

Create an additional layer of security and make it harder for criminals to access your data by using two-factor or multi-factor authentication.

"Google" Yourself

With the rise of the digital age, it is difficult (if not impossible) to remain totally anonymous on the internet. Having an online presence and maintaining your social networks can be a wonderful and valuable tool, but sometimes we are unaware of how much personal information can be obtained about us over time.

When was the last time you typed your name or your email address in a web search like Google or Bing? You may be shocked at the results. You may find that old photos of yourself pop up, or an old user account from a forgotten social network or blog that is still associated with your name. You may even want to search for your work email, to make sure it has not been compromised and made available on the internet for the bad guys to find.

By searching and analyzing your online presence often, you can take steps to remove those things you may not want strangers to see. Like that embarrassing photo from college. You know the one I’m talking about.

 Be Aware, Be Vigilant, Be Skeptical!

Keep Devices and Software Up to Date

You know that little pop-up prompting you to restart your computer for a software update? The one that only seems to come up when you’re in the middle of something important? As annoying as it may seem, this notification is actually a valuable asset to your cybersecurity. So, before you click the “Later” option, let’s take a closer look!

What is a software update?
A software update is a new and improved version of a program, application, or operating system that you are already using. The update may include new features, bug fixes, or important security patches.

Why are updates important for cybersecurity?
Do you ever wonder how secure the programs installed on your device are? Cybercriminals do. They look for cracks in the security of programs and use these vulnerabilities to gain access to your device. With this access, they could enable a keylogger to track what you type, steal confidential information, or even install ransomware to lock you out of your files and demand payment for access. Developers help prevent this by fixing vulnerabilities as soon as possible. These fixes are included in software updates. Meaning, the longer you wait to install the update, the longer your system is at risk.

How do I check for software updates?
Any device that runs software, be it a computer, tablet, or even a smart tv, can release updates. Most software will prompt you when an update is available, but it’s good practice to check periodically. Here is a general guide to checking for updates on common platforms:
 

Mac System Updates (for macOS Catalina)

1.    Open the Apple menu and select About this Mac.

2.    Click Software Updates....

3.    If any are available, you will have the option to install it.

Windows System Updates (for Windows 10)

1.    Open the start menu and select Settings.

2.    Select Update & Security Settings then select Windows Update.

3.    Click Check for Updates. If any are available, you will have the option to install it.

iOS Updates

1.    Open the Settings app and tap General.

2.    Tap Software Update.

3.    If any are available, you will have the option to install it.

Android Updates (for most devices running Android 10 or higher)

1.    Open the Settings app and go to the System section.

2.    Tap About Phone. (If this is not an option, skip to step 3.)

3.    Tap System Updates.

4.    Tap Check for Update. If any are available, you will have the option to install it.

Don’t see what you’re looking for? Please consult the user manual or online support for your specific device.

How to Use Cybersecurity in Your Everyday Life

If you’re reading this, there is a good chance that you have multiple internet-connected devices in your home. These devices make our lives easier, but they also make us easy targets for cybercriminals. So, whether you are connecting on social media, shopping online, or listening to music on a smart speaker, here are some cybersecurity tips for everyday use:

Social Media Safety

• We recommend keeping your social media profile set to private and only connecting with people who you know and trust.
• Don’t share anything online that you wouldn’t want to be made public. No matter how cautious you are, any information posted on social media can still fall into the wrong hands. 
• Watch out for posts that trick you into oversharing. For example, there are a number of popular posts that give you a silly nickname based on random personal details. These personal details, such as your first pet’s name or the year you were born, can be used by cybercriminals to guess passwords, answer security questions, or even to spoof your social media profile.
  

Online Shopping Safety

• Only shop at well-known, reputable websites.
• Only pay using a credit or debit card. Never agree to send cash or wire money to a seller.
• Shop around—not for the cheapest deal, but the safest. A website that is offering a product for a third of the price of other retailers is a red flag. Remember, if a deal seems too good to be true, it probably is.

Smart Device Safety

• Smart speakers and some smartphones have an “always listening” setting to allow you to call its name when you need assistance. We recommend turning this setting off if you don’t use it. If you do use this feature, mute the microphone any time you’re discussing sensitive information or while working from home.
• Like a web browser, smart devices keep track of your activity history. Review this history periodically to check for any unusual activity. We also recommend clearing your history on a regular basis. 
• Keep your devices up-to-date. Smart devices receive important security patches through software updates

Staying Safe Around Always Listening Devices     

With the overwhelming popularity of always-listening devices such as Alexa, Google Home, and smartphones, you’ve probably heard stories of these devices joining in on conversations without being prompted. Perhaps it’s even happened to you!

While this idea can be alarming and unsettling, there are ways to protect your private information, and conversations, from these always-listening devices. To help you stay safe from these devices, here are some tips:

• Review and delete voice recordings: Your device will store your search and activity history to create a customized experience for you. However, you can review and delete these recordings from the device of your choice in order to protect your privacy. 

• Mute the microphone: You can mute your microphone to ensure that your device is not listening and recording when you are not using it. The recording capabilities will remain off until you turn them back on.

• Don’t link accounts with sensitive information to your device: If you have any accounts containing your sensitive information in them, it is best not to link those accounts to your device. This will keep your sensitive information secure from potential data breaches.

• Change the settings to automatically manage data stored by the device: Personally managing what data is being linked with your account will give you more control on the information that is being stored by your device and will save you time when deleting your history.

• Turn off your device when you’re away: When in doubt, turn it off. If your device does not have a power button, simply unplug it.

By creating a habit of unplugging and deleting voice recordings from these always-listening devices, you can help to make sure that there is an extra layer of protection between your always-listening device and your private information.

Be Aware, Be Vigilant, Be Skeptical!

KnowBe4 Security Tips - Holiday and Seasonal Scams

 With the ever-growing popularity of online shopping and online communications, you should always have your guard up in the cyberworld. Criminals will use any situation to their advantage–especially when it comes to annual holidays.

Below you’ll find a few examples of commonly used seasonal and holiday scams, and what you can do to protect yourself.

Fake Shipping/Postal Notifications: End of the year holidays invite a greater likelihood of this common phishing attack, but this is a scam you must be cautious of all year long. Scammers send fake notifications that appear to come from postal service companies. The emails include dangerous links that, if clicked, could install malware on your computer or take you to a fake login page where your credentials will be stolen.

What can I do? To check the legitimacy of these types of claims, always log in to your online account or service through your browser–not through links in unexpected emails.

Travel Deals and Offers: Scammers know that their potential victims travel for holidays throughout the year. Cybercriminals send emails offering fake travel deals from well-known travel sites. They’re even known to create phony websites for cheap hotels and flights so they can rob you of your money.

What can I do? When something seems too good to be true, it probably is. Never click on links in unexpected emails. Before booking through an unfamiliar service, do your research and ensure the company is legitimate.

Social Media Deals and Sales: All social media advertisements are not created equal. A “paid advertisement” may seem trustworthy, but be warned: Anyone can pay to put an ad on social media. During holidays and popular shopping seasons, fraudsters buy ads that offer deals for items that you’re more-than-likely interested in–considering social media ads target the buyer market. The ads typically contain phishing links that lead to fraudulent websites where they will steal your credit card data. Even if the malicious ad is reported and removed, the bad guys typically only need one victim to fall for their trick to make it worth their investment.

What can I do? Always hover over links and URLs before clicking to check whether the URL will take you to a dangerous or unexpected site. If a social media ad appears to be from a company you’re familiar with, check the company’s website instead of clicking on links from the ad.

Be Aware, Be Vigilant, Be Skeptical!

KnowBe4 Security Tips - How to Safely Use Telehealth Services

Telehealth is a way for health providers to diagnose, treat, and communicate with patients remotely, by phone or video. Telehealth is a quick and easy alternative to your typical doctor’s appointment, but it could also be a quick and easy way for cybercriminals to find targets.
Here are some ways to safeguard your personal information while using telehealth services.

Keep Your Device Up-to-Date

Whether you connect to telehealth using a smartphone or a computer, make sure the device is up-to-date with the latest security patches. This includes updating all applications, not just the ones used for telehealth purposes. Each app is a potential point of entry for cybercriminals. If the bad guys gain access to your device in any way, then your sensitive medical information will be at risk.

Use an Advanced Login

Telehealth services typically require users to create a username and password. If the service offers Multi-factor Authentication (MFA), use it! MFA requires you to enter your password and then enter another form of verification, such as a code sent via text message. If MFA isn’t offered, we recommend using a password manager to generate and securely store complex passwords. 

Connect with a Secure Network

Never use a public wifi connection for telehealth services. You never know who could be watching and tracking your activity. When connecting from home, be sure to set up a strong password for your router. Default router passwords are often public knowledge or easy to guess. For the most secure network, connect to a virtual private network (VPN), which encrypts web traffic to protect your information. 

Be Aware, Be Vigilant, Be Skeptical!

KnowBe4 Security Tips - How to Keep Your Organization Safe—In and Out of the Office

October is Cybersecurity Awareness Month. Each week in October, we’ll cover a different cybersecurity topic to help keep you and your family safe online. This week, we’ll explore what you can do to help keep your organization safe from cybercriminals. 
Whether you work from home or work in an office, the security of your organization must be a top priority. While these two locations can feel quite different, you can use the same precautions no matter where you’re working. Let’s look at some important cybersecurity rules and how they can be used both in the office and at home.

Only Use Secure Devices

• Remember that your device is only as secure as the apps running on it. Never install an application or plugin without checking with your IT department first. 
• Only use your work devices for work. If you are using your personal computer for work, we recommend that you create a separate user account with a unique username and password. 
• In the office, network security is probably managed by your IT department. To help keep your home internet connection secure, use a complex password on your router. If your organization offers access to a Virtual Private Network (VPN), connect to that as well. 

Protect Your Physical Workspace

• In the office, watch out for piggybacking and tailgating. A piggybacker is someone who claims to be part of your organization and follows you into a secure area without the use of a badge or entry code. A tailgater is someone who waits for you to enter or exit a secure area and then sneaks in while the door is still open. Be suspicious of anyone who you do not recognize and don’t be afraid to ask for identification.
• At home, find a private and comfortable workspace, where no one can view your screen while you work. You must keep all sensitive information out of sight for any unauthorized persons—including your partners, children, and friends. 
• Always lock your computer when you step away from your desk. If you leave your computer unlocked, anyone can use it to access sensitive data, steal your login credentials, or even install malware. 

Think Before You Click

• Never click a link or download an attachment from an email that you weren’t expecting. Even if the sender appears to be part of a legitimate organization, the email address could be spoofed.
• When an email asks you to log in to an account or online service, navigate to that service through your browser and not by clicking the link in the email. That way, you can ensure you’re logging in to the real website and not a phony look-alike.
• When in doubt, call the sender of the email to be sure the request, link, or attachment is legitimate. Do not call the phone number provided within the email as it may be a fake number.

Be Aware, Be Vigilant, Be Skeptical!

KnowBe4 Security Tips - Disinformation Campaigns

Have you ever seen an article with a dramatic title, but the article content was completely unrelated? 

This is called “clickbait” and it is a common example of how cybercriminals take advantage of large-scale media platforms to distribute disinformation campaigns that confuse and mislead audiences.

Let’s take a look at different types of disinformation campaigns to look out for:

• Fabricated Content: Content that is completely untrue.
• Manipulated Content: Content, imagery, or videos that have been edited or distorted.
• Imposter Content: Content that pretends to be from a reliable source.
• Misleading Content: Content that presents information in a misleading way.
• False Context by Connection: Content that contains both facts and untrue information.
• Satire and Parody: Humorous stories that exaggerate facts and may be used to fool readers.

Now, let's look at some methods you can use to combat disinformation.

• Consider the Source
  Always consider the reliability of the source and author of the content you are viewing. Ask yourself: What is this author or source known for? Where was the information retrieved from? Credible news sources typically cite where their information came from and their cited sources are credible as well.
• Fact-Check and Educate
  You can also combat disinformation by fact-checking information that you see and by educating yourself on the subject. You can use fact-checking sites such as FactCheck.org, PolitiFact.com, or Snopes.com to check the validity of content that you find.

Be Aware, Be Vigilant, Be Skeptical!

KnowBe4 Security Tips - How to Use Cybersecurity in Everyday Life 

If you’re reading this, there is a good chance that you have multiple internet-connected devices in your home. These devices make our lives easier, but they also make us easy targets for cybercriminals. So, whether you are connecting on social media, shopping online, or listening to music on a smart speaker, here are some cybersecurity tips for everyday use:

Social Media Safety

• We recommend keeping your social media profile set to private and only connecting with people who you know and trust.
• Don’t share anything online that you wouldn’t want to be made public. No matter how cautious you are, any information posted on social media can still fall into the wrong hands. 
• Watch out for posts that trick you into oversharing. For example, there are a number of popular posts that give you a silly nickname based on random personal details. These personal details, such as your first pet’s name or the year you were born, can be used by cybercriminals to guess passwords, answer security questions, or even to spoof your social media profile.

Online Shopping Safety

• Only shop at well-known, reputable websites.
• Only pay using a credit or debit card. Never agree to send cash or wire money to a seller.
• Shop around—not for the cheapest deal, but the safest. A website that is offering a product for a third of the price of other retailers is a red flag. Remember, if a deal seems too good to be true, it probably is.

Smart Device Safety

• Smart speakers and some smartphones have an “always listening” setting to allow you to call its name when you need assistance. We recommend turning this setting off if you don’t use it. If you do use this feature, mute the microphone any time you’re discussing sensitive information or while working from home.
• Like a web browser, smart devices keep track of your activity history. Review this history periodically to check for any unusual activity. We also recommend clearing your history on a regular basis. 
• Keep your devices up-to-date. Smart devices receive important security patches through software updates.

Be Aware, Be Vigilant, Be Skeptical!

KnowBe4 Security Tips - Not So Fast! Is Your Zoom Account Really Suspended?

Whether you are commuting to an office or working from home, millions of employees rely on video conferencing apps like Zoom, to stay connected. If you were suddenly notified that your Zoom account had been suspended, how eager would you be to resolve the problem? Cybercriminals assume you’ll be quick to respond. In fact, they hope you won’t think twice about it.

A recent phishing scam spoofs an email notification from Zoom. The email claims that your account has been suspended and that you are unable to make or join video calls until you click the "Activate Account" button included in the email. Once you’ve clicked the button, you are brought to a convincing Microsoft 365 look-a-like login page. If you enter your details on this page, this information will be sent directly to the scammers. The bad guys could use your login credentials to gain access to your organization's network and sensitive information.

Keep you and your organization safe with these tips:

• Never click on a link within an email that you weren’t expecting.
• Remember that email addresses can be spoofed. Even if the email appears to be from a familiar organization, it could be a phishing attempt.
• When an email asks you to log in to an account or online service, log in to your account through your browser—not by clicking the link in the email. That way, you can ensure you’re logging into the real website and not a phony look-a-like.

Be Aware, Be Vigilant, Be Skeptical!

KnowBe4 Security Tips - Exploiting the Coronavirus: “PANDEMIC IS WITHIN, BEWARE!”

With the recent increase in targeted attempts to specific people in the District, and the influx of Covid-19 related emails being sent out, it’s more important than ever to scrutinize any and all emails you receive. That said, we would like you to take 2 minutes of your time and view the following video related to phishing and its consequences as it relates to Covid-19. (Note: if you receive and error, click OK to proceed).

COVID-19 Campaign Notification Message

During this storm of COVID-19 phishing scams, the bad guys have loved posing as your trusted Human Resources department. One HR scam started with the following overdramatic subject line: “COVID-19 PANDEMIC IS WITHIN, BEWARE! WARNING!!!” In a series of run-on sentences, the email claims that some of your co-workers have tested positive for Coronavirus. Keeping with the HR theme, they ask that you do not discriminate against these people and they suggest that “everyone should rather cease panic”.

The email does not identify anyone by name, but asks you to download an attached photo of the infected employees. This attack targets your natural curiosity. Who could it be? Wasn’t Bill coughing last week? I have to know! If you were to download the attachment, you would find that it is actually a piece of malicious software designed to secretly steal data through your organization’s network. Don’t be fooled!

Remember these tips:

• Watch out for sensational words like “BEWARE” and “WARNING!!!” The bad guys want you to panic.
• Be wary of emails with spelling or grammatical errors, especially when it supposedly came from a reputable source. 
• When questioning the legitimacy of an email sent from someone in your company, give them a call! One quick call could save your organization from a potential data breach.

With the recent increase in targeted attempts to specific people in the District, and the influx of Covid-19 related emails being sent out, it’s more important than ever to scrutinize any and all emails you receive. If you haven’t done so already, please take 2 minutes of your time and view the following video related to phishing and its consequences as it relates to Covid-19.

Be Aware, Be Vigilant, Be Skeptical!

KnowBe4 Security Tips -  Exploiting the Coronavirus: Watch Out for Fake Charities!

With the Coronavirus pandemic still raging on, people all over the world are doing what they can to help one another. The bad guys are hoping to use this compassion to their advantage. They are posing as charitable organizations that claim to fund research, support hospitals, or provide help to victims of the virus. Don’t be fooled! 

Want to donate to real causes? Here are some tips:

• Do your research. Use a trusted website like Charity Navigator to research an organization before making donations.
• Reach out. Contact your charitable organization of choice directly by going to their website or calling your local chapter. 
• Never trust a link. Even if the email appears to be sent from a legitimate organization, type the webpage into your browser instead of clicking a link provided in an email.

KnowBe4 Tip of the Week

 KnowBe4 Security Tips -  Exploiting the Coronavirus: Watch out for These Scams!

Look out! The bad guys are preying on your fear and sending all sorts of scams related to the Coronavirus disease (COVID-19) outbreak.

Below are some examples of the types of scams you should be on the lookout for:

1. Emails that appear to be from organizations such as the CDC (Centers for Disease Control), or the WHO (World Health Organization). The scammers have crafted emails that appear to come from these sources, but they actually contain malicious phishing links or dangerous attachments.
2. Emails that ask for charity donations for studies, doctors, or victims that have been affected by the COVID-19 Coronavirus. Scammers often create fake charity emails after global phenomenons occur, like natural disasters, or health scares like the COVID-19.
3. Emails that claim to have a "new" or "updated" list of cases of Coronavirus in your area. These emails could contain dangerous links and information designed to scare you into clicking on the link.

Keep in mind, these are only a few examples and these scam artists are constantly coming up with new ways to fool you.

What Can I Do?

Remain cautious! And always remember the following to protect yourself from scams like this:

• Never click on links or download attachments from an email that you weren’t expecting.
• If you receive a suspicious email that appears to come from an official organization such as the WHO or CDC, report the email to the official organization through their website.
• If you want to make a charity donation, go to the charity website of your choice to submit your payment. Type the charity’s web address in your browser instead of clicking on any links in emails, or other messages.

Be Aware, Be Vigilant, Be Skeptical!

KnowBe4 Tip of the Week

 KnowBe4 Security Tips -  Safeguard Your Personal Data During the 2020 Census Season

It’s that time again. Every 10 years, United States residents are required to respond to the Census survey. The primary purpose of the census is to provide a count of every member of the U.S. population.

By law, each household is required to complete the census survey. From a cybercriminal’s perspective, this is a perfect opportunity for their social engineering scams. Scammers might send emails or other messages that appear to come from the U.S. Census Bureau, or they might even pose as official Census Bureau workers and show up at your door!

This census season, keep the following tips in mind so you can safeguard your household’s sensitive information:

• If you receive an email to complete the 2020 Census survey, delete it! The U.S. Census Bureau will only send the official survey notification by mail, or if your survey response is late, an official Census Bureau worker may come to your home to ensure you have received the census.
• If a Census Bureau worker visits your home, verify that they are who they claim to be. A valid ID badge should have the worker’s photograph, a U.S. Department of Commerce watermark, and an expiration date. If you’re still unsure, call your Regional Census Center and speak with a Census Bureau representative.
• Remember, the Census Bureau will never ask for the following: your Social Security number, your bank account or credit card numbers, anything on behalf of a political party, donations, or money.

Be Aware, Be Vigilant, Be Skeptical!

KnowBe4 Tip of the Week

 KnowBe4 Security Tips -  Scam of the Week; Protect Yourself Against Card Skimmers

With the convenience and seemingly secure way of paying at the gas station pump and using drive-up ATMs, cybercriminals are now targeting these locations. They are using this technology called Card Skimmers to read and record your card information in a matter of seconds. With each Card Skimmer being able to hold details on about 80 cards, protecting yourself at gas station pumps and ATMs should be a priority now more than ever.

How Does It Work?

Card Skimmers are physical devices that cyber criminals attach to the credit card reader. The card skimmer then reads the magnetic strip on the card to gather your full name, the card number and the expiration date. Once the skimmer reads your card information, the cybercriminals can then sell your information or use it to gain access to your bank account. These skimmers are designed to fit tightly over the real card reader at the gas station and ATM making them undetectable if you don’t know what to look for.

How To Avoid Card Skimmers?

To protect yourself against the cybercriminals that are using Card Skimmers, follow these helpful tips:

• Pay with cash. Paying with cash will completely eliminate the risk of coming in contact with a Card Skimmer.
• Shake and pull the card reader. If it doesn’t seem right, pay inside and report it.
• Go inside. Paying inside of the gas station or going into the bank will reduce the risk of coming in contact with a Card Skimmer since it is less likely that the card readers inside have been tampered with.
• Use mobile payment options if they are available. Use options like Google or Apple Pay to eliminate having to use your card.
• Download a Skimmer Scanner app. These apps, which are available on both the App Store and Google Play, will warn you about where Card Skimmers are located in the area.

Be Aware, Be Vigilant, Be Skeptical!

KnowBe4 Tip of the Week

KnowBe4 Security Tips -  Scam of the Week; Coronavirus Phishing Attack

The global threat of the coronavirus has everyone’s attention, and the cybercriminals are already taking advantage of it. The bad guys are using the coronavirus as clickbait so they can spread malware and steal your personal information.

They’ve crafted their phishing emails to look like they’re coming from health officials such as doctors or national agencies, such as the Center for Disease Control and Prevention. Some of these emails suggest clicking a link to view information about “new coronavirus cases around your city”. Other emails suggest downloading the attached PDF file to “learn about safety measures you can take against spreading the virus”. Don’t fall for it! If you click the phishing link, you’re brought to a webpage that is designed to steal your personal information. If you download the PDF file, your computer will be infected with malware.

Always remember: Never click on a link or download an attachment that you weren’t expecting. Because of the alarming subject matter, the bad guys expect you to click or download without thinking. STAY ALERT! Don’t be a victim.

Be Aware, Be Vigilant, Be Skeptical!

KnowBe4 Tip of the Week

 KnowBe4 Security Tips - Multi-factor Authentication

What is it?
Multi-factor Authentication (MFA) is the process of verifying that you are who you claim to be when logging in to a device or an account. If you're reading this from your work computer, you probably logged in to your computer - that's single-factor authentication. But single-factor authentication is no longer enough to keep your accounts secure. Learn more below about the various ways you can digitally-authenticate your identity.

Understanding the Types of Identity Claim Factors:

• Something you own. This is using a mobile phone or device that you have in your possession to prove your identity. Typically, the device provides a code via an application, text message, email, or voice call. You then enter this code, and for successful authentication, your code must match what is expected by the service you’re attempting to log in to.
• Something you know. This is something you’ve memorized or stored somewhere, such as a PIN. You must supply the correct PIN to log in to your device or service.
• Something you are. This factor is something about your physical body that cannot be altered, such as your fingerprint or retina. Biometric scanners or readers are used to confirm you’re physically the person that you’re claiming to be.

Why do I need it?
In our digitally-driven world, passwords are no longer enough to keep your information safe. These days, it takes minimal effort for hackers to break into, or social engineer their way into, accounts that are only protected by passwords. Adding an extra step to access your accounts, such as entering an authentication code, means that hackers would also need to have your phone to break in.

Create an additional layer of security and make it harder for criminals to access your data by using two-factor or multi-factor authentication.

Be Aware, Be Vigilant, Be Skeptical!

KnowBe4 Tip of the Week

 KnowBe4 Security Tips - Holiday and Seasonal Scams

With the ever-growing popularity of online shopping and online communications, you should always have your guard up in the cyberworld. Criminals will use any situation to their advantage–especially when it comes to annual holidays.

Below you’ll find a few examples of commonly used seasonal and holiday scams, and what you can do to protect yourself.
 
Fake Shipping/Postal Notifications: End of the year holidays invite a greater likelihood of this common phishing attack, but this is a scam you must be cautious of all year long. Scammers send fake notifications that appear to come from postal service companies. The emails include dangerous links that, if clicked, could install malware on your computer or take you to a fake login page where your credentials will be stolen.

What can I do? To check the legitimacy of these types of claims, always log in to your online account or service through your browser–not through links in unexpected emails.
 
Travel Deals and Offers: Scammers know that their potential victims travel for holidays throughout the year. Cybercriminals send emails offering fake travel deals from well-known travel sites. They’re even known to create phony websites for cheap hotels and flights so they can rob you of your money.

What can I do? When something seems too good to be true, it probably is. Never click on links in unexpected emails. Before booking through an unfamiliar service, do your research and ensure the company is legitimate.
 
Social Media Deals and Sales: All social media advertisements are not created equal. A “paid advertisement” may seem trustworthy, but be warned: Anyone can pay to put an ad on social media. During holidays and popular shopping seasons, fraudsters buy ads that offer deals for items that you’re more-than-likely interested in–considering social media ads target the buyer market. The ads typically contain phishing links that lead to fraudulent websites where they will steal your credit card data. Even if the malicious ad is reported and removed, the bad guys typically only need one victim to fall for their trick to make it worth their investment.

What can I do? Always hover over links and URLs before clicking to check whether the URL will take you to a dangerous or unexpected site. If a social media ad appears to be from a company you’re familiar with, check the company’s website instead of clicking on links from the ad.

KnowBe4 Tip of the Week

 KnowBe4 Security Tips - Staying Safe Around Always Listening Devices

With the overwhelming popularity of always-listening devices such as Alexa, Google Home, and smartphones, you’ve probably heard stories of these devices joining in on conversations without being prompted. Perhaps it’s even happened to you!

While this idea can be alarming and unsettling, there are ways to protect your private information, and conversations, from these always-listening devices. To help you stay safe from these devices, here are some tips:

• Review and delete voice recordings: Your device will store your search and activity history to create a customized experience for you. However, you can review and delete these recordings from the device of your choice in order to protect your privacy.

• Mute the microphone: You can mute your microphone to ensure that your device is not listening and recording when you are not using it. The recording capabilities will remain off until you turn them back on.

• Don’t link accounts with sensitive information to your device: If you have any accounts containing your sensitive information in them, it is best not to link those accounts to your device. This will keep your sensitive information secure from potential data breaches.

• Change the settings to automatically manage data stored by the device: Personally managing what data is being linked with your account will give you more control on the information that is being stored by your device and will save you time when deleting your history.

• Turn off your device when you’re away: When in doubt, turn it off. If your device does not have a power button, simply unplug it.

By creating a habit of unplugging and deleting voice recordings from these always-listening devices, you can help to make sure that there is an extra layer of protection between your always-listening device and your private information.

KnowBe4 Tip of the Week

 KnowBe4 Security Tips - Post-its are not for Passwords!

Do you keep a login and password written down on a Post-it or piece of paper near your desk?

If so, you should get rid of it immediately! You should use a paper shredder to dispose of the Post-it.

Do not simply place the Post-it in the trash.
While it may be tough to remember a login and password for all of the sites and portals you belong to, writing the passwords down on a piece of paper, or keeping them in an unsecured document on your computer, is a bad habit to have.

This can put you and the entire District at risk.
Try to use passwords that are easy for you to remember, but hard for others to guess.

KnowBe4 Tip of the Week

 KnowBe4 Security Tips - Think Before You Shop!

The bad guys are taking advantage of mobile shoppers this holiday season! By using mobile apps, they can trick you into giving your personal information or installing malware onto your smartphone. This can give them access to your credit card information or lock your smartphone with ransomware, forcing you to pay a fee to unlock it. To stay safe this year, never download apps from offers that sound too good to be true, never download from unofficial app stores, and do your research. Make sure to check for any fake reviews, the number of downloads the app has, spelling errors, or strange logos. When in doubt, only use retailers you trust through their official sites or apps.

Stop Look Think - Don't be fooled  

 KnowBe4 Security Tips - Top 5 Facebook Scams . . . UPDATED!

• Who Viewed Your Facebook Profile: This scam lures you with messages from friends or sometimes malicious ads on your wall to check who has looked at your profile. But when you click, your profile will be exposed to the scammer and worse things happen afterward.
• Fake Naked Videos: There are tons of fake naked videos being posted all the time using the names of celebrities like Rihanna or Taylor Swift that sometimes make it past the Facebook moderators. These scams are in the form of an ad or a post and have a link to bogus YouTube videos. That site then claims your Adobe Flash player is broken and you need to update it - but malware is installed instead!
• Viral Videos: Viral videos are huge on social media platforms. If you click on one of these "videos" you'll be asked to update your video player (similar to the scam above) but a virus wil be downloaded and installed instead. To avoid this, type the name of the video into Google and if it doesn't have a YouTube or other legitimate site link, it's likely a scam. 
• Fake Profile Scam: Scammers are stealing the name and pictures from an existing profile and "friending" the real person's friends in efforts to scam friends and family by faking an emergency. Be very cautious of accepting friend requests from someone you're already friends with.
• Romance Scams: A specific type of "Fake Profile Scam" where con artists create a fake profile using the photos and stories of another person, and then develop "relationships" with their victims over posts, photos, and Facebook messenger. These scammers typically shower you with romantic language, promise happiness, and eventually con you into giving up personal information, or even money. Avoid personal and financial heartbreak, don't "friend" people you don't know in real life.

Stop Look Think - Don't be fooled  

KnowBe4 Security Tips - Beware Look-Alike Phishing Sites

The bad guys are changing their tactics and you need to be aware! They are now creating phishing sites that resemble the sign-in pages of popular companies.

They will try anything to get you to authenticate on their fake site. Some phishing sites will even try to fool you by appearing in your:

• Pop-ups
• Ads
• Search results
• Social media
• Chat and IM applications
• Rogue browser extensions
• Web freeware
• “Trusted” apps downloaded from app store

Don’t fall for this trick - the bad guys want you to give up your login credentials so it can be used as part of a larger attack! Make sure to always check a website for any signs that it may not be legitimate, or type in the company’s web address yourself.

Stop Look Think - Don't be fooled  

KnowBe4 Security Tips - Don't Trust Pop-Ups 

• Avoid clicking on pop-ups.
• Update your operating system regularly
 - don’t postpone or snooze updates!
• Use web-filtering software to warn you before accessing potentially harmful sites.

Stop Look Think - Don't be fooled  

KnowBe4 Security Tips - Social Engineering Red Flags: Email Body 

The prevalence of phishing scams is at an all-time high. Because you are the key to preventing a cyberattack within your organization, it is important to question the legitimacy of every email you receive. Below is a list of questions to ask yourself about the content and body of the email that may help you realize that you are being phished.

Review the content of the email. 

• Is the sender asking me to click on a link or open an attachment to avoid a negative consequence, or to gain something of value?
• Is the email out of the ordinary, or does it have bad grammar or spelling errors?
• Is the sender asking me to click a link or open up an attachment that seems odd or illogical?
• Do I have an uncomfortable gut feeling about the sender’s request to open an attachment or click a link?
• Is the email asking me to look at a compromising or embarrassing picture of myself or someone I know? 

If you notice anything about the email that alarms you, do not click links, open attachments, or reply. You are the last line of defense to prevent cyber criminals from succeeding and making you or your company susceptible to phishing attacks.

Stop Look Think - Don't be fooled  

 KnowBe4 Security Tips - That's Suspicious!

Stop Look Think - Don't be fooled

 KnowBe4 Security Tips - Protected Health Information (PHI)

• Social Security Number
• Medical record number
• Health plan beneficiary number
• Biometric identifiers, including finger and voice prints
• Full Face photographic images and any comparable images – and more

Stop Look Think - Don't be fooled

 KnowBe4 Security Tips - Malvertising

Visit any website these days and it’s very likely that you will be viewing ads as well.  Sometimes these ads can be tempting, with many offering sales, promotions, or freebies to attract more clicks. Ads on certain websites can even be targeted specifically to you based on past browsing history, making you even more likely to click! 

Remember this: just because you are on a reputable, well-known website, it does not mean that the ads on the website are safe to click as well.

How adspace can become infected: Advertisers do not sell their ads to websites one at a time. Websites that want to make money sell their advertising space to an ad network. Advertisers sign contracts with that ad network which then displays the ads on the participating websites. The ad network sits in the middle between the advertisers and the websites and manages the traffic and the payments.

So there can be a problem because of this. Cybercriminals can fool the ad network into thinking they are a legit advertiser, but the ads which are displayed on major websites can be poisoned. If you browse to a page with a poisoned ad on it, that is enough to run the risk your PC will be encrypted with ransomware, which can hold your computer or your entire network hostage until you pay the cybercriminal a ransom.

Tips to prevent the effect of harmful ads:

• Disable Adobe Flash on your computer - or at least set the Adobe Flash plug-in to "click-to-play" mode - which can block the automatic infections.
• Keep up-to-date with all the security patches and install them as soon as they come out.
• Download and install a reputable ad blocker plug-in for your browser. These prevent the ads from being displayed in your browser to start with. These ad blockers are getting very popular with hundreds of millions of people using them.

Stop Look Think - Don't be fooled 

 KnowBe4 Security Tips - Facebook Tips

Facebook now has over a Billion users, that's a mind-boggling thousand million people who check their page regularly. The bad guys are irresistibly attracted to a population that large, and here are the Top 5 Scams they are trying to pull off every day of the year. 

1.     Who Viewed Your Facebook Profile lures you with messages from friends or sometimes malicious ads on your wall to check who has looked at your profile. But when you click, your profile will be exposed to the scammer and worse things happen afterward.

2.     The Facebook Color Changer App tries to trick you to personalize your Facebook page, but it also leads you to phishing sites, deceives you to share the app with friends, and infects your mobile devices with malware. Stay away from it. 

3.     Fake Naked Videos There are tons of fake naked videos being posted all the time using the names of celebrities like Rihanna or Taylor Swift that sometimes make it past the Facebook moderators. These scams are in the form of an ad or a post and have a link to bogus YouTube videos. That site then claims your Adobe Flash player is broken and you need to update it - but malware is installed instead!

4.     Facebook Videos With Come-On Titles The bad guys often try enticing titles like "Not Safe For Work" or "Scandalous" to lure you into clicking on these videos and get redirected to phishing sites that steal your personal information.

5.     Check my status update to get free Facebook T-shirt Messages from your Facebook friends to go to their page, and get a free Facebook t-shirt. It's a scam and remove any access to rogue applications if you have clicked on something like this.

Facebook is what it is. There simply is no way to change the colors of your profile or change the theme. Stay away from such messages if you want to avoid getting your PC infected with malware. 

Stop Look Think - Don't be fooled 

 KnowBe4 Security Tips - "Safe" Email Attachments

You may already be aware that you should not open email attachments with an extension such as ".exe", but did you know that even PDFs or Word Documents can be rendered unsafe to open? Opening these attachments from senders with malicious intent can cause your computer (and any networks to which you are connected) to be compromised, hacked or even riddled with ransomware.

What are the unsafe file types to look out for?  This question is better answered by listing file types that are generally considered to be safe to open. The truth is that most file types are at risk of being “booby-trapped” to attack your computer or device. The general rule is to NEVER open any email attachment if you do not know who it came from or why you received it

You should always be on guard with any email attachments that are not .TXT files. 

How can I tell if an attachment is safe to open?

• Ask yourself: Was I expecting to receive this attachment, and did it come from who I would expect it to come from? Check email addresses for any “red flags” that may indicate the email address has been spoofed or faked.
• Never open an email attachment if you don’t recognize the sender that it came from.
• If you recognize the person or email address sending you the file, but it was still unexpected, contact them first through a different form of communication (such as by phone) to ask them if they intended to send you the file.

Stop Look Think - Don't be fooled 

Know Be4 Tip of the Week

 Fiendishly Clever Gmail Phishing Scam You Need to Know About

Let's stay safe out there!

Stop Look Think - Don't be fooled

Know Be4 Tip of the Week - Responsible Social Networking
 

Facebook, Twitter, LinkedIn
Chances are you are a member of one or more of these social networks.
Chances are you have posted something about work (positive and/or negative).
Chances are you have friends/followers/connections that are co-workers or your supervisor.

You have the right to remain silent . . .
Anything you post may be used against you, so be careful.
Consider that what you post online to social networks is a body of evidence. If a someone sees negative things being posted about work, it may trigger a meeting. Be mindful of what you post regarding the district. Do not post anything sensitive about your employer online.

- Attackers use social networking sites to gather information about you and your company and use it against you.

Interview over
Potential and current employers can research your posts and pictures. If you post pictures of you doing illegal things, or acting overly irresponsible, it could hurt you and your career. Be mindful of posting strongly opinionated views. This could cause coworkers to feel uncomfortable around you if they do not feel the same way.

- Think carefully about what you are posting and who can see it. It could come back to bite you.

Use what you are given
Most of the social networking sites allow you to only show specific groups of people specific information.
Use this feature. Make as little as possible 'public.' Consider separating work relationships from personal ones online.
Be careful what you post online. It could come back to hurt you, or the district. It is perfectly fine to make use of social networking, just make sure to be responsible about it.

Stop Look Think - Don't be fooled

KnowBe4 Security Tips - HTTPS The 'S' stands for Secure

If you have ever signed in to a website such as Facebook or Amazon, you will notice that on the login page, the URL will change from 'http' to 'https'.

What that little 's' stands for is secure. It means that your web browser and the website have both agreed to communicate securely so that no other individuals will be able to 'listen in' on our conversation.

If you needed to communicate some sensitive information such as a password to someone else, you would not shout out in the open 'HERE IS MY PASSWORD'.Typing sensitive information into a browser when the URL does not have https, is like shouting out that information for others to hear.

Just remember to look for that little important 's' when transmitting any sensitive information through a web browser.

Stop Look Think - Don't be fooled 

KnowBe4 Security Tips - Hovering Over Links

How can you tell if an email is safe? Even if you catch red flags in an email, such as typos or poor grammar, an urgent demeanor, or even a spoofed domain, how can you truly decipher the safety of an email?

An immediate step you can take is to watch out for one of the most critical tell-tale signs of a phishing email—a mismatched or fake URL.

Why is hovering important? What can it do for you?
Hovering not only allows you a moment to think before proceeding, it allows you the opportunity to see where a link is going to redirect you. This is especially important because not all links lead to where they appear, or insinuate they'll go.

When you hover, check for the following to ensure you're staying safe and secure: 

• If the email appears to be coming from a company, does the hover link match the website of the sender?

• Does link have a misspelling of a well-known website (Such as Micorsoft.com)?

• Does the link redirect to a suspicious external domain appearing to look like the sender’s domain(i.e., micorsoft-support.com rather than microsoft.com)?

• Does the hover link show a URL that does not match where the context of the email claims it will take you?

• Do you recognize the link’s address or did you even expect to receive the link?

• Did you receive a blank email with long hyperlinks and no further information or context?

If you notice anything about the email that alarms you, do not click links, open attachments, or even reply. If everything seems okay, but you're still not sure–verify! Ask your IT team or leadership if the email is legitimate before proceeding.

Remember, you are the last line of defense to prevent cyber criminals from succeeding and making you or your company susceptible to an attack.
 

Stop Look Think - Don't be fooled 

 KnowBe4 Security Tips - Lock Your Screen

• Files can be downloaded from the Internet and executed on your computer (malware, spyware, etc.)

• Emails can be sent or read

• If you save passwords in your browser (another no-no), they can now access your online banking, facebook, etc.

• Pressing the Windows Key + the L key at the same time on your keyboard

• Pressing Ctrl+Alt+Del then choosing Lock This Computer

 KnowBe4 Security Tips - It's not your personal computer.

• Should you be doing that on your work computer?

• Acceptable use policy

• Be safe online

 Stop Look Think - Don't be fooled