Silicon Prairie Cyber Services' Blog

Let’s talk about phishing emails and impersonation. Hackers often use impersonation to get you to open their phishy emails. If the email is from someone you know you’re more likely to open it. For many years, Microsoft was the most impersonated company in phishing emails. It makes sense, I mean, what big business doesn’t use Microsoft? But there’s a new winner, and it’s DHL. In Q4 of 2021, DHL was the most impersonated company in phishing emails, thus dethroning Microsoft? Why the spike? Bad guys follow the money. Q4 means shopping, and with spikes in online shopping again last year, it only made sense that even more cherished Christmas presented would be shipped. How does it work? The attacker used a from name of ‘DHL Customer Support’ The Subject contains ‘DHL Shipment Confirmation…’ It works, because who doesn’t want to know where their package is?! Beware, DHL wasn’t the only shipping server that’s impersonated. FedEx entered the top 10 list as well. How can your cybersecurity awar...

Have you heard of mouse jigglers or mouse movers? They’ve become all the range since work from home has become more mainstream.   Back in my FBI days, we used mouse jigglers when we were on a search or at a crime scene to stop the computer from locking or going to sleep. If we didn’t have a mouse jiggler then the newest person would have to sit there and babysit the computer, constantly moving the mouse around to make sure we didn’t lose access to that computer, but I digress…   Today, people are using mouse jigglers to make sure they always appear active and don’t go to an away status on their computer while working remotely. They say it’s in the name of being paranoid about getting fired for being away from their desk too long to go to the bathroom or eat lunch. Yeah, let’s stick with that version of the story…   Now, before you jump on the Internet and start looking for your own mouse jiggler there is a dark side to all of this (besides your employer blocki...

Have you seen the Black Friday and Cyber Monday ads that started Nov 1 st ? The black Friday shopping that started Nov 4 th ? Clearly, businesses want you to spend your money shopping with them. And that means cyber criminals are just a few steps behind, and ready to snag your cash instead. In order to help you keep your money safe and receive the gifts you want this holiday season, I’m sharing… 10 TIPS FOR A SAFE AND SECURE HOLIDAY SHOPPING SEASON 1.  Turn on MULTI-FACTOR AUTHENTICATION Add that extra layer of security to all of your accounts by adding an extra step to your login-procedure. This is a code you enter after you submit your username and password. The code can arrive via an app (such as Google Authenticator), text, or email. It may also called to as dual-factor or two-factor and is abbreviated as MFA or 2FA. Enable it everywhere possible -especially on password keepers, email, and financial accounts. 2.  Avoid FREE WIFI That FREE WiFi you're using might ...

Phishing emails, they’re a big deal. That’s probably because ~91% of data breaches start with a phishing email. In response to the sheer volume of phishing emails out there, many companies include sending simulated phishing emails to their employees as part of their cybersecurity awareness program. The frequency, content, and punishment for failure can run the gambit. A few bad phishers have made headlines, and now the question ‘to phish or not to phish’ your employees is a hot topic. What did they do? They sent simulated phishing emails to their employees promising big bonuses (up to $10,000) as a thank you for all their hard work during COVID. They said their company had been receiving similar phishing emails IRL, and it made sense to simulate these types of emails. The worst phisher of all didn’t even tell employees for TWO DAYS that they failed the test. Many of those employees spent their ‘bonus money’ during those two days. What happened next? The employees got pissed. The employ...

The theme for Week 2 of Cybersecurity Awareness Month is Cybersecurity First. We are more connected than ever. The hybrid workplace is here to stay, and for employees, this means relying on connected devices from their home office. Smart home systems will rise to a market value of $157 billion by 2023, and we expect the number of installed connected devices in the home to rise by a staggering 70% by 2025. TIPS FOR SECURING ALL THOSE DEVICES. Remember smart devices need smart security Make cybersecurity a priority when purchasing a connected device. When setting up a new devices and accounts, be sure to set up the privacy and security settings to limit the sharing of information. Default settings often aren’t secure. Once your device is set up, remember to keep tabs on how secure your information is and actively manage location services so you don’t share your location by mistake. Put cybersecurity first in your job Make cybersecurity a priority in your job. Good cyber hygiene shoul...

The theme for Week 2 of Cybersecurity Awareness Month is Fight the Phish From the Colonial Pipeline to T-Mobile, cybersecurity attacks have been rampant over the last 12-24 months. However, for all the emerging threats and news that are cropping up, phishing continues to quietly wreak havoc, and remains a major threat to individuals and businesses. Don’t overlook phishing as a cyber risk. It’s been a major threat for decades. In fact, 43 percent of cyberattacks in 2020 featured phishing or pre-texting, while 74 percent of US organizations experienced a successful phishing attack last year alone. Phishing is one of the most dangerous and effective attacks methods used against your organization. As a result, you need to know how to fight the phish. 3 TIPS TO HELP YOU FIGHT THAT PHISH AND WIN Know the Red Flags Phishes are masters of making their content and interactions appealing. From content design to language, it's difficult to determine whether the content is genuine or a po...

The theme for Week 1 of Cybersecurity Awareness Month is Be Cyber Smart. Being cyber smart means getting familiar with cyber basics. When we are more connected than ever, being “cyber smart” is super important. This year we’ve already seen the number of attacks and breaches skyrocket, including the SolarWinds and Kaseya breaches and high-profile attacks on the Colonial Pipeline and critical infrastructure. What do these recent breaches teach us? Cyberattacks are becoming more evolved and sophisticated with new cybercriminals popping up daily. Luckily, there are several steps that everyone can take to reduce their risk and stay one step ahead of the bad guys. Here’s a few quick tips to get you started. Enable MFA Multi-factor authentication (MFA) adds a necessary second check to verify your identity when logging into your account. By requiring multiple methods of authentication, your account is further protected even if the bad guy knows your password. You can use MFA by enteri...

Cybersecurity Awareness Month begins tomorrow! Are you ready?  This year’s theme is  “Do Your Part. #BeCyberSmart.”. Here’s a rundown of this year’s  weekly themes  that will help you learn how to protect yourself and your business from cyberattacks through actionable steps. Review the schedule below. Oct 4 - 10: Be Cyber Smart Oct 11 - 17: Fight the Phish Oct 18 - 24: Explore. Experience. Share. (Cybersecurity Careers) Oct 25 - 31: Cybersecurity First You can also catch me speaking live at the  Nebraska Cybersecurity Conference  on October 19. The conference is virtual, and there’s still time to register. So no matter where you’re sitting, you’ll have a great seat. In honor of Cybersecurity Awareness month, I’m switching up my email and blog schedule. During October, I’m going to kick off your week by sending you an email every Monday morning all about the week’s cybersecurity awareness theme. Not on my email list? Join now . Also, you'll want to follow me...

Let’s talk about phishing emails and the techniques used by cyber criminals to get you to click. Today, I’m going to focus on the subject line.   The subject line is super important, and that’s why the bad guys are using it against you. Why is the subject line so important? The subject line is the first and only hint at what the email is about. If you can’t reel ‘em in with the subject line they might never open your email. In fact, the subject line is so important that marketers test different subject lines against each other to see which one will get the most opens.   Cyber criminals try to invoke a sense of urgency and emotions to get you to click. That’s why words like ‘URGENT’ and ‘IMPORTANT’ have appeared in their subject lines for years. But now, there’s a new word in the subject line, and that new word is ‘NEW.’   THE NEW WORD IS NEW.   WHY IS ‘NEW’ SUCH A POWERFUL WORD IN PHISHING EMAILS? Legit emails and alerts contain the word ‘new’ The...

When I say ‘FlyTrap’ what comes to mind? A venus fly trap? ‘The Little Shop of Horrors’? A bug zapper? A strip of sticky tape with a bunch of flies stuck to it? Malware?   I hope you were thinking about malware because there’s some FlyTrap malware taking over Facebook Accounts, and it's been around since March.   How are they doing it? Social Engineering .   The bad guys have placed malicious apps in Google Play and other Android stores to lure you in with offers for free Netflix coupon codes and voting for your favorite soccer player or team. These apps look legit. They are high quality, use great graphics, and are free from grammar and spelling errors.   To get the code or to vote, you have to log in with your Facebook username and password. You are actually using Facebook to login, but unknown to the victim, there is something nefarious going on in the background, and it’s stealing their sensitive info.   WHAT TO DO IF THIS HAS ...

Did you know Bitcoin increased in value by almost 400% between October 2020 and April 2021? Fraudsters follow the money, and with the recent spikes in value and popularity of cryptocurrency it is no surprise that crypto currency email scams are flooding inboxes. HERE’S WHAT YOU NEED TO KNOW… WHAT IS CRYPTOCURRENCY? It’s a digital currency, and it doesn’t exist in a physical form. There's no central control – there isn't a central bank of digital currency. Bitcoin was the first. Ransomware tends to demand payment in Bitcoins. TOP 3 CRYPTOCURRENCY SCAMS TO WATCH OUT FOR Emails from businesses and government agencies asking for payment in cryptocurrency A person, website, or social media ad that only accepts payment via cryptocurrency Cryptocurrency investment opportunities TOP 3 TERMS USED IN CRYPTOCURRENCY SCAMS Urgently today Nearest bitcoin machine Day Runs Have you received any cryptocurrency scam emails? What happened? What did you do? Drop a comment below and share your sto...

Have you heard about the UC San Diego Health data breach?   It started with a phishing attack back in December, and now the personal info of patients, students, and employees could be in the hands of cybercriminals. The victims could face identity theft at any time.   A CLASSIC EXAMPLE OF AN EMPLOYEE DOING THE EVIL BIDDING OF THE BAD GUY. Employee(s) took action as directed in the phishing email. Those actions gave the hackers access to employee email accounts. The hackers could access everything in the employee email accounts.   WHY IT’S BAD FOR BUSINESS The hackers can access any password reset links that arrive via email. The hackers can access any multi factor authentication codes that arrive via email. The hackers can send emails directly from your email account and message your contacts requesting information or even changing payment instructions.   WHAT YOU NEED TO KNOW Sometimes maliciou...

I thought it'd fun (and a little embarrassing) to share a story about the first time I testified in federal court for an FBI case. I had never been a courtroom before, and I really wasn’t into any of the shows that took place in one either. I didn’t really know what to expect. The Assistant United States Attorney (AUSA) told me they’d call me into the courtroom, then I would be sworn in, and sit down in the witness stand. Sounds simple enough. Then once in the witness stand the fun would begin… They’d  ask me many questions about my background to get me brought in as an expert witness, I'd have to do a whole song and dance to see my notes when I didn’t recall the answer to something, and I'd have to speak to the jury like they have a 5 th  grade education (from the 1950s and know nothing about computers) with analogies aplenty. In this story, there’s a bad guy who did some nasty stuff to a woman and then tried to blackmail her. This how I remember the day... The ...