Recently, there has been a notable increase in spam communications, including phishing emails, SMS phishing (text messages) and voice phishing (robocalls). Attackers are taking advantage of this time of change and stress to trick people. Keep reading for tried-and-true methods to support you in identifying and avoiding all spam messages.
Cyber attackers are sending emails claiming to be from a voicemail or phone service stating that you missed a call and that you can retrieve the voicemail message by clicking on a link or viewing an attachment. However, instead of taking you to an actual voicemail, the link or attachment will take you to a form to steal your credentials or will launch malicious code on your computer.
One effective phishing method is crafting a message that appears to be coming from a popular cloud service and contains a link you click on to view the document. Clicking on the link will take you to a web form to steal your username and password instead of taking you to the cloud service. Since document-sharing scams are one of the trickier forms of phishing to identify, it is important to be extra careful when handling these types of messages. Add these tips to your anti-phishing toolbox to help you avoid these scams.
Most of the Fermilab community is settling into a new telecommuting routine and adjusting to different ways of accomplishing our work. Working remotely brings a separate set of cybersecurity concerns, as being away from the on-site lab network creates a different computing environment than you may normally use. As such, the Cybersecurity Team has compiled a list of reminders and instructions to help you stay safe online during this time.
When it comes to social engineering tactics, email scammers will use any means necessary to trick you into giving up your credentials or launching malware on your computer. Most recently, their efforts have been spent capitalizing on the widespread concern and confusion surrounding the coronavirus outbreak. Security researchers have already identified several different types of phishing scams specific to coronavirus, and it is likely there will be variations to these emails coming as the crisis continues.
Phishing emails come in a variety of formats, including different levels of sophistication and trickery. Most phishing emails are common garden-variety scams used to directly solicit financial and personal information from you. Garden-variety scams are a little different from other phishing emails that try to steal your credentials to get into your personal and financial accounts. The good news about these scams is that they are easy to spot due to the outlandish stories pushed to the recipient.
As phishing becomes more widespread and as attackers learn to make their phishing attempts more and more devious, exposure of usernames and passwords has become one of our primary cybersecurity risks. The best way to mitigate this risk is to use multifactor authentication. By doing so, a stolen credential alone will no longer provide access to Fermilab systems because one must also use a second factor to authenticate to these systems.
Thanksgiving has come and gone, and we are now setting our sights on the holiday season and trying to find that perfect gift! In the rush of holiday shopping it is especially important to keep cybersecurity best practices in mind so your financial information and money stays safely yours. Fermilab’s cybersecurity team has compiled a few easy tips to help you stay safe when shopping online.
New training requirements will soon appear on your ITNA. Everyone at the lab is required to take one-time-only training on personally identifiable information (PII). The lab is now required to conduct short, online-only refresher courses on these topics, “Basic PII Refresher,” for most people and “Advanced PII Refresher,” for those who have access to PII. Once these new refresher courses are introduced this week, the ITNAs for individuals who have recently taken the courses should be accurately updated to reflect…