Wednesday, May 24, 2017

Do's and don'ts for securing your Android

Here is a list of tips and some resources to help you secure your Android phone. The list may seem long and you may not be able to do all of these, but that is OK. No device or app can ever be 100% secure. Every step you take to lock down your smart phone and reduce your online footprint improves your defenses against attackers.

Do:

Don't:

  • Download apps outside of Google Play
  • Connect to unsecured Wi-Fi
  • Allow application installations from unknown sources (this is the default configuration in Settings)
  • Share too much on social media
Also, as with any computing device, be sure to keep your operating system updated (in Settings), as well as your apps 
(ensure your apps are set to auto-update over Wi-Fi in Google Play > Settings)

Tuesday, May 16, 2017

DocuSign users, beware email phishing attempts

If you are a user of an electronic document signature service called DocuSign, you may be the target of an email phishing attack. Be very careful and think before you act on any email that purports to be from or about DocuSign. Do not click attachments or links in DocuSign emails.

According to the company web site, email addresses of DocuSign users were exposed to hackers before May 9, 2017.

Brian Krebs (KrebsOnSecurity.com) posted this sample image of a malicious email with subject line Completed: docusign.com - Wire Transfer Instructions for recipient-name Document Ready for Signature.

DocuSign phishing email

If you get an email like this, do not interact with it. On that note, any unexpected email about a "wire transfer" is suspicious. Don't fall for it! For more information, see the DocuSign online Trust Center at https://trust.docusign.com/en-us/personal-safeguards/.

Thursday, May 4, 2017

USAA members beware phishing email about money transfer

This fake email from USAA is making the rounds to USAA members. Do not click links in the message! The links do not point to the legitimate USAA.com web site.

This is a way for bad guys to get you to input your USAA login credentials on their scam web page and capture all your login information. They can then log in as you on the real site and take over all of your USAA accounts.

If you get an email that looks like this, send it to your spam folder or delete it:

Remember to never click links in emails that appear to be from your financial institution. Instead, navigate to the trusted URL in your web browser, and log in from there.