Cybersecurity news you can use
from the IRR Team.
Scammers are customizing their end-of-the-year messages to steal your money and personal information.
They also impersonate managers who urgently request information about an employees' job or bank account. Check out these examples.
Here's a voicemail message with instructions that back up the fake email.
We're also seeing text messages and voicemail attachments instructing employees to provide information about jobs and personal financial information.
> The most common passwords in use this year are 123456 (or a variation of that), QWERTY, "password," and the person's first name. Nordpass says "OneDirection" (the musical group), "2021," and the person's birth year are also popular. Don't use easy-to-guess passwords! Instead, subscribe to and install a password manager on your personal devices.
> The online brokerage company Robinhood says email addresses for 7 million of its 19 million customers have been stolen in a cyber breach. CNBC advises Robinhood customers to consider freezing their credit, setting up credit alerts with one of the big three reporting agencies, or subscribing to a credit monitoring service.
> Google Chrome users have a new tool to help them discover if their passwords are for sale on the dark web. If you use Google's Chrome web browser to store your passwords, go to passwords.google.com, click on "Password Checkup," and follow the instructions.
The Synovus IRR Team is dedicated to keeping you and your family safe online.
Have you received what you think is a fake phishing email? Let the IRR team know right away. The faster we know, the more we can do to protect everyone.
> First, click the phishing icon in your email browser to forward the email to the IRR team.
Do you have a question we can use in an upcoming edition of Cybersecurity News? Send it to firstname.lastname@example.org.
"If someone sends you an email that says you should click the 'Validate' button to confirm your email address, is it spam?"
Probably so. Unless you recognize the sender's actual email address (the part that's between the "<" and the ">")...and the sender has a valid reason to ask...simply delete the email.
"My wife received an email from a friend, asking to purchase an Amazon gift card because the friend was having trouble getting it resolved through Amazon. She contacted the friend, who confirmed she didn't send the gift card email. So does my wife need to change her email password? Should her friend?"
Ignore requests to purchase gift cards. Your wife isn't at risk simply because she received a suspicious email. But her friend's address book was likely hacked, exposing all the addresses in it. Your wife's friend should change her email password right away. Google recommends creating a unique password at least 12 characters long for each email account. For an email account used for sensitive communications, Microsoft says the password should be 64 characters long!
"My question is — what does 'encrypted' mean? And what are 'cookies'?"
“Encrypted” means that information is converted into secret code as it leaves your computer. You (the sender) and those to whom you send it, are the only ones who can understand what you sent. Most email platforms, like Gmail and Outlook, are not fully encrypted. Websites whose addresses begin with “HTTPS”, such as banks and the IRS, are encrypted.
"Cookies," meantime, are small bits of data that are generated as you use the web. Cookies include usernames, passwords, and information about what you do when you visit websites. This information is stored in your web browser. Cookies don’t cause computer viruses, but they do identify your computer as well as personal information about you to the websites you visit.
Aware Force Cybersecurity News • December 2021 a • Edition #135
Cartoon © 2021 Tom Fishburne | Marketoonist
Original content © 2021 Aware Force LLC | Aware Force is a registered trademark