Monday, May 8, 2017

Increasing Your Digital Responsibility - Protect Yourself

Increase Your Digital Responsibility - Protect Yourself

Attempts from Hackers to steal your private information are getting more and more aggressive all the time.  Our IT Department filters out thousands of email a day containing malicious files, spam, and other unwanted garbage.

No matter how good our filter is some email gets through that you need to be on the look out for.  More than 70% of emails sent are spam.



4 Main types of attacks:

1:  The Imposter: Spoofing

These messages are designed to look legitimate and almost identical to the real thing.  There are some very easy tips to identifying the fakes! Look below in "What Can I do?"

For more information click here:

2:  The Sharp Shooter: Spear Phishing

Phishing attacks and spear phishing have much in common, including the shared goal of manipulating victims into exposing sensitive information. Spear phishing attacks differ from typical phishing attacks in that they are more targeted and personalized in order to increase chances of fooling recipients. Attackers will gather publicly available information on targets prior to launching a spear phishing attack and will use those personal details to impersonate targets’ friends, relatives, coworkers or other trusted contacts.

For more information click here:

3:   The Scorch the Earther: Generic Phishing

Very general messages containing poor grammar and no real content. These are sent out through mass emailing.  Most of these are filter but they can sneak through. They may not fool you but they can fool our younger users!

For more information click here:

4:  Google Docs:

Hackers are now trying to send emails asking you to open a shared google doc. When users open the shared doc they are asked to accept the permissions.  The doc is not actually a google doc at all.  The unknowing user just gave away access to your contacts and now many other bad emails will be sent from your account.  Google has since closed this hole and added another security layer.
Click HERE:

How do you protect yourself?  Verify the address of the person sharing with you?  Do you know them?Is it a MyTool2Go.ca account?  When you share a doc with someone you don't need to accept any permissions.  Just close the tab and delete the email!

WHAT CAN I DO?

At the very minimum when dealing with unsolicited email or email from financial institutions look at the URL (link) to see where you are being pointed. Just put your mouse cursor on the link the email wants you to click on and you will see the link in the bottom left of the screen.  You can practice on any link on this blog!  

Be wary if the link does NOT have https:// or include the company name in the FIRST domain.

For example https://www.tdcanadatrust.com/products-services or https://drive.google.com/drive

TIP: When accessing financial institutions access them using your own proven link.  

David Petro has an informative slide show from his FAKE NEWS presentation on April 28th that is also a great resource to protect yourself and spot these attacks and more!


Take the Google Security Checkup!

https://myaccount.google.com/secureaccount

This will quickly walk you through all the permissions you have granted outside software and websites to use.  You can remove access and add them back later if necessary.  If you don't recognize the site REMOVE it!  You can also remove access from any Computer you may have used in the past and accidently allowed it to save your information.


Complete this check up with both your personal Gmail account and your MyTools2go.ca  account.

If you do have questions do not be hesitate to contact the IT Department for assistance!






No comments: