Protecting your kids online

The Department of Homeland Security (DHS) provides a wealth of resources to help parents navigate the vast digital world that their kids interact with every day called the Internet.

DHS encourages all parents to follow these common sense steps to protect your children online.

• Create an open and honest environment with kids.
• Have regular conversations with kids about practicing online safety.
• Emphasize the concept of credibility to teens: not everything they see on the Internet is true and an people on the Internet may not be who they appear to be.
• Watch for changes in behavior — if your child suddenly avoids the computer, it may be a sign of being bullied online.
• Review security settings and privacy policies for the websites kids frequent. These settings are frequently updated so check back regularly.
• Make sure mobile devices are secure.
• Use PINs and strong passwords, only install apps from trusted sources, and understand the privacy settings and permissions for all apps.

For more information about protecting children online, visit the Stop.Think.Connect. Chatting with Kids about Being Online booklet. For additional resources, access the Stop.Think.Connect. Toolkit at www.dhs.gov/stopthinkconnect-toolkit.  

How much you do know about cyber security?

I challenge you to test your basic cyber security knowledge with this short 10-question quiz from the U.S. Department of Homeland Security. I did!

Pew Research Center’s study about what the public knows about cyber security sheds light on the fact that many Americans are unclear about key cyber security concepts. The majority of Internet users were able to answer less than half of the questions correctly. Though cyber security can be a complex topic, the quiz includes general concepts and basic building blocks that experts stress are important for users to protect themselves online. 

Test yourself and let your kids try it too! Take the Cyber Security Knowledge Quiz and see how your results compare with the 1,055 randomly sampled adults that took part in the national survey.

To help improve your general knowledge of basic security and best practices, see the Stop.Think.Connect. Campaign Toolkit at www.dhs.gov/stopthinkconnect. 

Three steps to secure messaging (by Teen Vogue)

Can an outsider eavesdrop on the SMS texts that you send from your phone? Of course they can. Can you take steps to thwart that type of activity? The answer is yes, and it is something that you and your kids should be proactive about doing.

I work for a progressive data privacy platform provider, which makes me a huge fan of Internet privacy. Recently, a friend of mine from my organization's security operations center shared this article with me: How to Keep Messages Secure, posted in March 2017.

It is enlightening to see a youth magazine educating its readers in the Internet security arena. We need more sharing like this, across the globe. Talk to your kids about the three steps described in Teen Vogue:

1. Keep your phone operating system (OS) updated—whether it be Android or iOS. For help, just google the phone OS name with the word "updating" or "patching" (i.e., updating Android).
2. Set a long PIN to unlock your phone, and don't use personal dates (like anniversaries) or years (such as your birth year) in your PIN. Better yet, use biometric authentication (like a fingerprint) or a passphrase (as opposed to a shorter password) where offered.
3. Use a secure messaging app instead of SMS for texting—for example, Facebook messenger, WhatsApp, or Signal. 

For details, see the entire article or go to this one from Business News Daily: 5 Best Secure Messaging Apps. Stay safe online!

Got Gmail? Watch out for this clever scam

News of this effective email phishing scam that targets people with Google email accounts (Gmail) was first published by Fortune two months ago and was picked up by Bruce Schneier, who linked to it on his infamous Schneier on Security blog on March 17, 2017. It works like this.

The Gmail recipient receives an email with an object that appears to be a PDF file attachment to the message. This "attachment" is actually an image file embedded in the message contents. It was made from a screen shot of a PDF file attachment and looks like this:

Be on the alert for IRS tax scam emails

It's that time of the year when scammers take advantage of unsuspecting citizens by baiting them with a simple phishing scam.

Earlier this month, Dark Reading published 9 Phishing Lures that Could Hijack your 2017 Tax Refund. The nine sample phishing emails are shown below, and the full article is here: http://www.darkreading.com/perimeter/9-phishing-lures-that-could-hijack-your-2017-tax-refund-/d/d-id/1328334.

Defending against this is easy. If you get any email purporting to be from the IRS, know this: The IRS does not send email to taxpayers. If you are getting audited or owe taxes, you will be notified by snail mail. The IRS will not send you email promising a big payback either. Delete it.

#1

#2

#3

#4

 #5

#6

#7

 #8

#9

Whenever you receive an unexpected email or any message that seems out of the ordinary, remember to stop, think and do not click.

Scam email from Mystery Shopper recruiter

Thinking of working as a mystery shopper? It's a legitimate business, but be aware that these companies don't recruit by email.

Here is just one example of a fraudulent email designed to trick you out of money:

How the scam works

You receive a bank check along with a request that you deposit it immediately and then go shop; you are also told that you'll get to keep some of the money. But the scammers ask you to wire the remaining money back to them right away. As you might have guessed, their check is bogus but the money you wire back is real.

Things to remember

• When you receive a check, wait until it fully clears before spending it.
• Never accept a check for more than what is owed with instructions to send back the rest. 
• Always be wary if you are asked to wire funds.

Think before you click!

CEO fraud and W-2 scams running at full-tilt during tax season

In Wyoming, two health organizations fell victim to a W-2 phishing scam last month. At Campbell County Health, an employee clicked a link in an email that appeared to be sent by a hospital executive. End result: SSNs and W-2 information of 1,400 employees were disclosed. A similar breach occurred at eHealthInsurance when one of their employees sent W-2 information in response to a phishing email that he/she believed was sent from a company executive. 

In Kansas, Sedgwick County lost $566,000 when a Georgia (U.S.) hacker sent an email to a county employee that appeared to be from the CEO of another company. The email included a form requesting payments be made electronically to a new account at a Wells Fargo Bank in Georgia. The payment was made. 

In this particular case, the hacker was caught, and George S. James is now charged with one count of wire fraud. See https://www.justice.gov/usao-ks/pr/georgia-man-charged-cyber-crime-cost-sedgwick-county-566000. 

The moral of the story: Things are not always as they seem. 

It's called "CEO fraud" because typically the email address of the CEO is spoofed in the "From" line on an email that is delivered to an employee or other C-level executive of the company. Just because an email appears to come from someone you know doesn't mean it actually is.

The lesson here is that you should never send sensitive information like W-2s (or money!) based on an email you received. Always verify an email's origin before taking action. When it comes to sharing private or otherwise sensitive information, trust but verify.