Imagine waking up to a strange text from your bank. The rather short message is telling you that a transfer from your account was successfully completed. That’s it. No further information. Those words are staring at you in the face. But I didn’t make any transfers, you tell yourself. This has got to be a scam. Maybe my brother is playing a prank. Maybe I should ignore this, you wonder, falling back into bed.Yet a slight case of anxiety gets the best of you and you fire up your laptop to check your balance online. Better to be safe than sorry, you tell yourself. You log on to your bank account and unfortunately, it’s a few thousand dollars lighter. You’ll have to go to the bank to try to sort this out. What a nightmare.You’re told the transfer was initiated from your own account. That is, this scammer actually had your login credentials. How in the world? You change all your passwords immediately.
A couple weeks later, you discover your direct deposit account for payroll has been changed to something you don’t recognize. Not again. You change all your passwords again just to be on the safe side. Yet later that day, your friends tell you that when they call you, they get some stranger on the other line.
You change your passwords yet again.
What you don’t realize is that the attacker had compromised your cellular provider account as well as your credentials. He had redirected your calls and signed into your cloud service account allowing him to view not only your emails, but also your passwords listed in an unencrypted note taking app, which are all synced via your cloud storage account. His goal was purely to steal your money.
This scenario is certainly scary, and while we must be aware of the lengths that attackers will go to steal your money, also note that this can be avoided by practicing good cyber hygiene. Below are several everyday tips you can apply to keep you safe and provide peace of mind in our increasingly technologically connected world. Please note that these tips are from a general security perspective, not necessarily a Fermilab policy perspective.
Email security
Almost all cyberattacks start with a phishing email, making this one of the most significant cyber attack routes today. All it takes is one click on a malicious link to launch malware on your computer or harvest your login credentials. In some cases, a little can go a long way for attackers, who can use your information to infiltrate all areas of your life, including bank accounts and services. Avoid clicking on links altogether by seeking alternative ways to access the information you need such as logging into accounts via a web browser to review information or calling the supposed sender of the message to confirm the contents of the message.
Social engineering
Social engineering is essentially “hacking” the human. This involves using manipulation tactics to trick someone into doing something they wouldn’t otherwise do, such as giving up their login credentials to the attacker. The most common form of social engineering is, of course, phishing emails, but this also happens via scam phone calls. If you receive a call from a number you don’t recognize, do not pick up. If it’s legitimate, the caller will leave you a voicemail regarding something you have knowledge of such as an appointment reminder. If you have a voicemail that makes no sense to you, you can safely disregard it as a scam. Some examples of unusual voicemails may include a message relayed in a foreign language, something claiming to be from a bank you are not associated with or information regarding ways to lower student loans. Also, remember that no legitimate company will ever ask you for passwords or personally identifiable information (such as social security or credit card numbers). In addition, the IRS, your bank and your supervisor will never ask you to purchase gift cards for any reason, so if you have a message from someone claiming to be the bank asking for this, you can safely delete it.
Internet security
It is important to always consider your safety when browsing the internet because it is a gateway for attackers to access your computer. Possible attack routes may be found in ads, so an ad blocker can help to prevent these from displaying (and executing) when viewing webpages. It’s also good practice to visit reputable sites you are familiar with and to run only up-to-date web browsers with up-to-date web components as well to address any possible vulnerabilities. On the same note, refrain from running obsolete operating systems such as Windows XP or Mac OS Sierra and ensure your current operating system (Windows 10 or Mac OS Catalina, Mojave, High Sierra) have the most up-to-date patches available.
Passwords
One of your most important lines of defense against cyber attackers is a strong password. The more complex a password can be (long, uppercase letters, lowercase letters, numbers and special characters) the more difficult it is to crack. While it may be a pain, it’s also important to use a different password for each website or service. This is especially important for your Fermilab accounts – choose a different password for your Windows logon, Services, Kerberos and Workday accounts. It is also good practice to change your passwords regularly, something that is currently required by the Fermilab Computing Policy.
To help with large quantities of passwords, use an encrypted password manager, such as KeePass, instead of saving them in clear-text files. Examples of clear-text files that should not be used for storing passwords include Apple Notes, Word Documents, text files, or Google Keep. These are not encrypted and can be easily accessed by attackers.
Enable two-factor authentication
Enable two-factor authentication for any account that allows it. This adds an additional layer of security by requiring a password and something else, such as a token or biometric, to log in to a service.
Patch systems regularly
Updates and patches delivered from your device’s manufacturer contain fixes for vulnerabilities in the operating system or software, and applying them may prevent attackers from taking advantages of these issues.
Use an antivirus program
Not only do these programs allow you to schedule virus scans to check for potential security issues, but they also run in the background to alert you if something unusual is happening with your computer. They may also offer firewall or intrusion detection services.
Keep good backups
Backups are a great way to keep a copy of your data in case you lose something on your system. If something happens, you can restore back to a “clean” version of your computer to mitigate those issues. In a way, this is a way to help protect against attacks, as long as you restore from a “clean” copy of the data.
Be careful with your cloud services
It is also important to protect cloud services that may replicate your data on multiple devices. If these are compromised in any way, an attacker can potentially view your files or a backup of your phone to another device. Using two-factor authentication on these services is one way to mitigate this.
Check login history
Consider checking the login history on your most sensitive accounts such as bank accounts or credit cards. You should only see logins from your location and devices. If something doesn’t seem right, that may be an indicator of compromise.
Sign up for services that check for fraudulent activity
If you suspect something has been compromised, it may be helpful to sign up for services that check for fraudulent activity on your credit card or bank account to alert you of anything suspicious. This will get you on your way to addressing the issue and will hopefully stop further compromise down the road.
Reporting incidents
Any time you suspect a cybersecurity incident has occurred on your lab-owned computer you must contact the Cybersecurity Team via email at cybersecurity@fnal.gov or via the Service Desk. If an incident requires immediate attention, call the Service Desk at 630-840-2345, and they will contact our incident response team member 24/7. For any other inquiries or phishing reports, email cybersecurity@fnal.gov. Also be sure to notify us if a compromise has occurred with your personal computing in any way (such as identify theft). While we cannot fix the problem, we can provide tips for addressing the situation and can investigate your Fermilab accounts for potential compromise associated with the situation.
Resources
There are many places you can get more information on cybersecurity. Below are a few links to get your started.
Cybersecurity for everyone (available off site)
Cybersecurity for system administrators (available off site)
Computing policies page (available on site only)
For questions, concerns, phishing reports: cybersecurity@fnal.gov
More information
If you’d like to learn more about these topics, or if you are looking for other cybersecurity educational resources, please visit our Quick Links page.
Art Lee is the Fermilab threat management and incident response leader. Jessie Pudelek is a computer security analyst at Fermilab.