ANY message telling you your computer, tablet, or phone
is infected is a Blatant LIE. No one can tell that from
outside your computer, tablet or phone.
Phishers (Bad guys) will (and do):
1. Send you an email message, pretending to be...
2. Send you a text message, pretending to be...
3. Popup a window while using your web browser, pretending to be...
4. Call you on your phone, pretending to be...
5. Send you a letter (USPS Mail), pretending to be...
6. Knock on your door, pretending to be...
Phishers (Bad guys) try to convince you:
1. Your computer (or phone) is infected and...
2. Your package cannot be delivered...
3. Your account or credit card has been charged...
4. Your computer is sending out spam, pornography, etc.
5. Your account has been blocked, suspended, or deleted
6. You ordered something, or you've been charged...
7. Your friend is stranded...
8. And so on...
Phishers (Bad guys) pretend to be:
1. From your bank...
2. From your investment company...
3. From UPS, Apple, Google, Microsoft, etc.
4. From FBI (or other law enforcement or government agency)
Phishers (Bad guys) try to get you to:
1. Click on this link
2. Call this phone number
3. Download (install) something to your computer
4. Let them get onto your computer
5. Give them money (or your credit card number)
6. Give them account information, passwords, etc.
7. Give them ANY information about you
WHAT YOU SHOULD DO
WEBSITE PHISH - Popup a window in your browser
You are using your web browser (Safari, Firefox, Chrome,
etc.) and a window pops up with some message saying that
your computer or mobile device is infected...
1. Don't Respond in any way!
2. On mobile devices, delete all tabs
3. On computeres Quit or force quit your browser
4. Restart your computer without reopening any Apps
Your browser should start up in your home page and you can
get on with your life. Clear History and Website Data.
Doing so should clear any data and cookies from the infected
website that popped up the phishing window.
If you need help from Microsoft
Phone: 800-642-7676
If you need help from Apple
Phone: 800-MY-APPLE (800-692-7753)
Make sure your devices are up2date
http://edu-observatory.org/olli/Manage/Updates.html
There is a lot of malware out there that has been mitigated
by recent updates. If you haven't installed the latest
updates, you may wind up in a world of hurt!
EMAIL PHISHES
1. Don't Respond
2. Mark the email message as junk (or spam). Training your
email system to recognize phishes, spam, and junk will
help reduce those distressing emails.
TEXT MESSAGE PHISHES
1. Don't Respond
2. Be vigilant and delete phishing messages. Ignore, delete
and get on with your life.
FREEZE YOUR CREDIT (now!)
Report: Everyone Should Get a Security Freeze
https://krebsonsecurity.com/2015/11/report-everyone-should-get-a-security-freeze/
How I Learned to Stop Worrying and Embrace the Security Freeze
https://krebsonsecurity.com/2015/06/how-i-learned-to-stop-worrying-and-embrace-the-security-freeze/
How to place or lift a security freeze on your credit report
https://www.usa.gov/credit-freeze
What To Know About Credit Freezes and Fraud Alerts
https://consumer.ftc.gov/articles/what-know-about-credit-freezes-and-fraud-alerts
https://www.aprfinder.com/credit-bureau-phone-numbers
Equifax: 888-548-7878 https://www.equifax.com/
TransUnion: 800-916-8800 https://www.transunion.com/
Experian: 800-493-1058 https://www.experian.com/
MONITOR YOUR PASSWORDS - Data Breaches happen
⓵ CHECK IF YOUR PASSWORD HAS BEEN COMPROMISED IN A DATA BREACH
https://haveibeenpwned.com
https://haveibeenpwned.com/Passwords
If your password has been detected in any of these breached
sites -- make sure you login to your account and change the
password. Every password should be unique, 16-20+
characters, randomly generated, and stored in a password
manager.
⓶ CHECK THE INTEGRITY OF YOUR PASSWORDS ON YOUR APPLE DEVICES
https://support.apple.com/en-us/120758
Goto the app: Passwords > Security
iPhone/iPad/Mac can securely monitor your passwords and
alert you if they are weak or appear in known date leaks.
For each flagged password, log into that account and set a
new password. Every password should be unique, 16-20+
characters, randomly generated, and stored in a password
manager.
⓷ USE PASSKEYS INSTEAD OF PASSWORDS
https://support.apple.com/en-us/102195
Passkeys reside on your device, not anywhere else.
Passkeys are a replacement for passwords that are designed
to provide websites and apps a passwordless sign-in
experience that is both more convenient and more secure.
Passkeys are a standard-based technology that, unlike
passwords, are resistant to phishing, are always strong, and
are designed so that there are no shared secrets. They
simplify account registration for apps and websites, are
easy to use, and work across all of your Apple devices, and
even non-Apple devices within physical proximity.
Passkeys are built on the WebAuthentication (or "WebAuthn")
standard, which uses public key cryptography. During account
registration, the operating system creates a unique
cryptographic key pair to associate with an account for the
app or website. These keys are generated by the device,
securely and uniquely, for every account.
One of these keys is public, and is stored on the server.
This public key is not a secret. The other key is private,
and is what is needed to actually sign in. The server never
learns what the private key is. On Apple devices with Touch
ID or Face ID available, they can be used to authorize use
of the passkey, which then authenticates the user to the app
or website.
No shared secret is transmitted, and the server does not
need to protect the public key. This makes passkeys very
strong, easy to use credentials that are highly
phishing-resistant. And platform vendors have worked
together within the FIDO Alliance to make sure that passkey
implementations are compatible cross-platform and can work
on as many devices as possible.
Use passkeys to sign in to apps and websites
https://support.apple.com/guide/iphone/use-passkeys-to-sign-in-to-apps-and-websites-iphf538ea8d0/ios
MONITOR YOUR BANK (and financial institution) ACCOUNTS
A checking account is a useful tool for paying bills and
covering expenses when using a debit card. Thanks to online
and mobile banking, it's easier than ever to track debit and
credit transactions.
There are several good reasons to keep a close eye on your
banking activity, particularly if you're concerned about
preventing fraud or minimizing fees.
Monitor all your finances: Bank Accounts, Credit Unions
Accounts, Investment Accounts, and Credit/Debit Card
Transactions. Take advantage of the smartphone apps from
those companies and institutions.
IDENTITY THEFT
https://consumer.ftc.gov/topics/privacy-identity-online-security
https://consumer.ftc.gov/topics/identity-theft
https://consumer.ftc.gov/features/identity-theft
https://www.identitytheft.gov
IdentityTheft.gov is the federal government's one-stop
resource for identity theft victims. The site provides
streamlined checklists and sample letters to guide you
through the recovery process.
RESOURCES FROM ELECTRONIC FRONTEER FOUNDATION (EFF)
How to: Avoid Phishing Attacks | Surveillance Self-Defense
https://ssd.eff.org/en/module/how-avoid-phishing-attacks
Protecting Yourself on Social Networks
https://ssd.eff.org/en/module/protecting-yourself-social-networks
Protecting Your Device From Hackers
https://ssd.eff.org/en/module/animated-overview-protecting-your-device-hackers
Tips, Tools And How-Tos For Safer Online Communications
https://ssd.eff.org/en
PHISHING GUIDANCE: STOPPING THE ATTACK CYCLE AT PHASE ONE
http://edu-observatory.org/olli/Manage/PDFs/Phishing_Guidance.pdf
The Cybersecurity and Infrastructure Security Agency (CISA),
National Security Agency (NSA), Federal Bureau of
Investigation (FBI), and Multi-State Information Sharing and
Analysis Center (MS-ISAC) are releasing this joint guide to
outline phishing techniques malicious actors commonly use
and to provide guidance for both network defenders and
software manufacturers. This will help to reduce the impact
of phishing attacks in obtaining credentials and deploying
malware.
sam.wormley@icloud.com