CyberConnect Banner_EN_no blue box_V1.png
Dec 1 Phish art.jpg
Year end fake email.png

Scammers are customizing their end-of-the-year messages to steal your money and personal information.

They also impersonate managers who urgently request information about an employees' job or bank account. Check out these examples.

Year end phishing email wh.png

BEFORE

Year end phish left.jpg

AFTER

Year end phish right.jpg
Year end Voicemail wh.png
00:00 / 00:19

Here's a voicemail message with instructions that back up the fake email.

Year end text wh.png
Fake Text graphic.png

We're also seeing text messages and voicemail attachments instructing employees to provide information about jobs and personal financial information. 

Trust your instinct wh.png
Cybersecurity Headlines.png
Dec 1 news heads.jpg

> York Regional Police say they have uncovered a way that thieves are using Apple's AirTag wireless trackers to steal high-end cars. The crooks place an AirTag on the vehicle in a parking lot where the owner won't see it and then track the vehicle to the owner's home, where the vehicle is stolen. MacRumors says there have been five cases in the York Region alone. 

 

 > Technology designed to cut down on spam calls across Canada is now in place. Required under CRTC regulations, the system is designed to prevent fraudsters from making it appear they're calling from a trusted phone number. Global News says the technology isn't perfect, and some carriers may charge users an extra monthly fee to access it. 

> The most common passwords in use this year are 123456 (or a variation of that), QWERTY, "password," and the person's first name. Nordpass says, in Canada, "OneDirection" (the musical group), "2021," and the person's birth year are also popular. Don't use easy-to-guess passwords! Instead, subscribe to and install a password manager on your personal devices.

Keep photos on phone wh.png
Stay Cyber Secure Logo_2 colour.png

This space can have a custom message that changes with each edition or a boilerplate. We recommend including a dedicated allstate.ca email address that employees can use to send messages about cybersecurity concerns.

One more thing.png
Dec 1 Cartoon.jpg
Answers readers cybersecurity questions.png

"If someone sends you an email that says you should click the 'Validate' button to confirm your email address, is it spam?"

Probably so. Unless you recognize the sender's actual email address (the part that's between the "<" and the ">")...and the sender has a valid reason to ask...simply delete the email.

"My wife received an email from a friend, asking to purchase an Amazon gift card because the friend was having trouble getting it resolved through Amazon. She contacted the friend, who confirmed she didn't send the gift card email. So does my wife need to change her email password? Should her friend?"

Ignore requests to purchase gift cards. Your wife isn't at risk simply because she received a suspicious email. But her friend's address book was likely hacked, exposing all the addresses in it. Your wife's friend should change her email password right away. Google recommends creating a unique password at least 12 characters long for each email account. For an email account used for sensitive communications, Microsoft says the password should be 64 characters long!

"My question is — what does 'encrypted' mean? And what are 'cookies'?"

“Encrypted” means that information is converted into secret code as it leaves your computer. You (the sender) and those to whom you send it, are the only ones who can understand what you sent. Most email platforms, like Gmail and Outlook, are not fully encrypted. Websites whose addresses begin with “HTTPS”, such as banks and the IRS, are encrypted.

 

"Cookies," meantime, are small bits of data that are generated as you use the web. Cookies include usernames, passwords, and information about what you do when you visit websites. This information is stored in your web browser. Cookies don’t cause computer viruses, but they do identify your computer as well as personal information about you to the websites you visit.

Do you have a cybersecurity question?

Aware Force Cybersecurity News • December 2021 a • Edition #135

A Aware Force logo no gradient.png

Cartoon © 2021 Tom Fishburne | Marketoonist

Original content © 2021 Aware Force LLC | Aware Force is a registered trademark