By David Harley
The Identity Theft Resource Center – @ITRCSD – invited
researchers from ESET North America to take part in a Twitter chat, a holiday
edition of their #IDTheftChat. The conversation related to scams targeting
businesses and consumers, which always seem to increase dramatically at this
time of year. The chat took place on December 7th 2017, and you can read the whole thing using that
hashtag. However, here are the contributions from Lysa Myers, Aryeh Goretsky,
and David Harley.
@ITRCSD: Q1: An @AARP survey discovered that 70% of
U.S shoppers failed a short quiz on how to stay safe from holiday #scams. What
are some tips for safe #shopping this season?
Aryeh: Scams often
prey on victims by offering something which sounds “too good to be true.” If it
sounds too good to be true, it probably should be avoided.
Lysa: Enable
2-Factor Authentication on your online accounts wherever it’s available.
Use credit rather than debit cards if you can, especially online.
Lysa: Understand the risks of sending pre-paid gift cards.
Q2: How are #businesses also targeted by Grinches
looking to steal valuable data?
Aryeh: Businesses
are often sent fake invoices and waybills which install ransomware. Teach staff
to avoid these. If questionable, ask your IT dept to look at it. E-cards have
been a target in the past and may be used again in holiday-themed attacked.
Lysa: Many
breaches are facilitated by stolen credentials. Make sure staff get regular,
positive training for recognizing and avoiding phishing and other scams that
use social engineering.
Lysa: Thieves
often enter networks by exploiting vulnerabilities in software. Updating
promptly can help, but for those systems that can’t be quickly updated, utilize
layers of protection to help mitigate risk.
Q3: What kind of impact can #DataBreaches have on
businesses and their customers?
Aryeh: A data
breach can put a company out of business and subject its owners to fines in the
100Ks to millions range.
Lysa: Lost time
and productivity are the most obvious impact. Regulatory fines, lawsuits are
also a huge potential impact. Don’t discount the loss of reputation – studies
show that this can be a significant $$$$ hit.
Q4: If a #breach does occur, it can feel like a
real lump of coal. What are some tips for businesses to stay on the nice list
with customers?
Aryeh: Create a
policy for handling a data breach, and test it 1-2× a year to see how well it
works.
Lysa: Businesses’
response in the wake of a breach can make a huge impact on the loss of
reputation. Notifications that are quick, orderly and informative are a much
easier pill to swallow.
Lysa: Have a
breach-response policy in place (and kept updated!) beforehand so that you know
who must do what, and when. This will decrease the number & severity of
possible errors that could compound loss of trust.
Q5: Mail theft also increases during the holidays.
How can you stop a shady snowman?
Aryeh: Get your
mail promptly and don’t leave it out all day. Consider a locked mailbox. Place
a security camera on your mailbox to record thieves.
Q6: Looking to be Santa’s helper? What kind of
employment scams should you look out for?
Aryeh: Be aware of
employment scams that offer guaranteed work-from-home, secret shopper or
shipping of packages are usually scams.
David: Some job scams
are seasonal. Here are some tips that apply to job scams in general, though.
·
Check that
the company offering the job exists before you respond to job offers by email.
Especially if you haven’t been looking for job offers.
·
If the
company exists, check with them directly – and not via the email or
contact points linked in the message –that the jobs exist.
·
Be suspicious
of poor English and presentation. But don’t assume that good presentation = a
genuine offer.
·
If they
insist on making your travel and visa arrangements, be deeply suspicious. Run
like the wind in the opposite direction if they want you to pay in advance.
·
Many email
providers offer free addresses with minimal or no identity checking. Reputable,
reliable companies don’t usually use them to make job offers.
·
An
organization large enough to have a Human Resources Department yet so
tightfisted as to restrict it to a free email account on mail.com (for
example)? Unlikely…
·
An old
article here, but has lots more points to watch for:
Q7: Ho-ho-hold on. What are some common holiday
#phone scams & tips to protect your information & #finances?
Aryeh: Watch out
for fake callers pretending to be from banks, Microsoft support, businesses
saying you’ve won a prize or surveys offering a free cruise. They are scams.
Lysa: If you
haven’t already, now is a good time to consider freezing your credit.
Lysa: Do you make
(and test!) regular backups of your data? Do you encrypt sensitive files on
your hard drive or on mobile devices? Have you enabled 2 Factor Authentication?
Q8: Don’t follow that scammer under the mistletoe!
How can you spot a sweetheart #scam?
Aryeh: Romance
scams prey on older single people. Watch out for unexpected friend requests
from people across the country or that claim to be serving overseas.
Q9: “But first, let me take an #Elfie.” Best tips
for not oversharing on #social media?
Aryeh: Don’t share
information that contains your address/location or holiday travel plans. These
let crooks know what, where and when to rob you.
Lysa: The Internet
is forever: you can’t put the metaphorical toothpaste back in the tube. Before
sharing, ask yourself if you would be comfortable with a total stranger, law
enforcement, your boss, or your mom/child seeing this?
David: Remember
that even if you only share info with people you trust, they may not be as
careful as you are. Your friends may be well-intentioned, but they aren’t
necessarily security-savvy.
Q10: Please share more resources to having a merry
and safe holiday season both online and offline!
Aryeh: Visit
welivesecurity.com for the latest on scams, tricks and threats.
@ESET: And don’t forget our #GiveSecurity contest
is still running on Instagram! Enter by 12/22 and you could win a MacBook Air,
Samsung Tab S3 and more! https://www.eset.com/us/givesecurity/