This morning, I received an email from the USPS (United States Postal Service) in my email inbox. In the subject field it read, “FWD: Reminder: Your USPS track number.“ Without having to look at the email address (USPS <[email protected]>) I knew it was spam. Of the numerous phishing emails that I go through for myself and clients as a cybersecurity expert, I found the standards on this one to be extremely poor. Curious, I decided to delve a little deeper into this one. It turns out, that this particular type of phishing email has been successful enough times that the United States Postal Inspection Service has posted a warning about it on their site.
Most people consider these to be Junk Email scams – except that this one managed to get past my Junk filters and sat in my inbox. When I decided to view it on my phone, I changed my assessment of the email. It was constructed for mobile devices, using a very simple tactic that involves spoofing a familiar logo and using an easy to touch button that takes you to a fake website where they trick you into giving up personal information or paying false delivery fees that are used to empty bank accounts and steal identities.
And that’s not all. The website installs software on your computer allowing them to do things like hack your contact list or spoof your email account, the same way they spoofed the email account of <[email protected]> to get the phishing email past our Junk mail filters.
Things like this are the reason why cybersecurity matters to everyone.
YOUR CYBER HYGIENE IS IMPORTANT
We have often discussed how no one, no matter how unimportant you think you are, is immune to cybercriminals. Every piece of personal data has value on the dark web, and the more they get, the more advanced hacker attacks become.
Let’s put this in another context. Public health organizations recommend that we get vaccines to protect ourselves and others. Whether it’s a flu shot, measles vaccine, or this new Covid-19 vaccine, those who don’t get it are more likely to become infected and pass it on to others. Cybersecurity should be thought of in the same way. If you’re not secure online, you are putting your friends and family at risk to cybercriminals. Intrusions into your computer not only exposes your digital identity and opens you to financial crime, it also gives the hackers a path to everyone with whom you communicate.
Cybersecurity is a shared responsibility. The recent Solar Winds Hack that Darren discussed in his Intrusions Protection video blog is an excellent example. This attack spread to at least 18,000 and potentially 33,000 clients, including Fortune 500 companies and the US Government, and it went undetected for months. At the moment, we still don’t know how many people may have been affected by this breach, but early estimates put it in the tens of millions.
Now imagine a microcosm of that breach with you at the center, how many of the people you know could be affected?
SECURITY CONSCIOUS
I hear it often. Using Strong Passwords and 2-Factor Authentication is time-consuming. Short lockout periods are frustrating. Yes, being secure takes effort, but we already know this. All of us lock our car and house doors. We all keep our money in banks and our wallets and purses in a secure place. We teach children to lock their bikes when leaving them in public places. Cybersecurity is just as important as all of the other things we do in a day to be secure.
Just as you would let a friend know if they leave their car doors unlocked, if you see them doing something insecure online, let them know about it.
Whether your teaching kids or seniors about computers or learning yourself, before using the internet, make sure there is an understanding of the risks and the awareness to spot potential problems. When you get frustrated with the security, stop and think about how your actions could impact your digital wellbeing and that of everyone you know. Being aware and being secure will make it far easier for you to enjoy the content available on the internet.
This article was originally published by Clark Computer Services via The Clark Report.