Tag: Personally Identifiable Information

Cyber Identity Theft: What To Do?

On January 28, 2022

Identity theft is one of the most common and fast growing cyber-crimes. Cyber identity theft occurs when a fraudster steals a user’s identity or say poses to be that user by gaining access to his Personally Identifiable Information (PII). To get details of user’s digital PII fraudsters use scams like phishing attacks or planting a malware on the victim’s system.

What is his Personally Identifiable Information (PII)?

It is the unique personal information that enables a fraudster to prove his identity as the victim. Some examples of PII include:

Driver’s License
Banking Information such as account number
Login Id & Password for various online accounts
Social Security Number

In order to understand what happens if cyber identity is stolen, it is first important to know how online identity theft occurs. Some of the tactics used by fraudsters are:

Phishing: Cybercriminals send emails with compromised links that are disguised as essential information from a financial institution. The link, when clicked, opens a form that requires the user to provide his PII.
Pharming: Under this tactic, the browser is compromised. The user enters a legitimate address in the search bar of the browser, but is redirected to a malicious page designed to steal PII.
Malware: Specially designed malware can be downloaded on victim’s system via different sources to steal financial details.
Unsecure Websites: Make it a point to check the authenticity of the website before making an online purchase. Make sure to use official and secure websites with “https” prefix.
Weak Passwords: Using weak passwords for social and financial accounts leaves users vulnerable and susceptible to hackers.

Once the online identity is stolen, it can give rise to an array of problems for the victim:

Fraudsters can use the victim’s credentials to infiltrate an organization’s network and gain access to business secrets.
The PII can be used to gain access to victim’s financial accounts and exploit them.
The stolen identities can be sold by the fraudsters over dark web.
Victim’s identity can be used to enter the system and encrypt the data for ransom.
Stolen PII can be used to cause non-monetary damage such as hampering the public image.

In case you discover that you have been victimized by an identity breach, take following measures:

Regularly monitor your bank statements and credit reports for any unauthorized activity.
In case of an unusual activity, follow up immediately and consider putting your credit report on hold.
Consider using activity alerts services offered by financial institutions

For more information on cyber identity theft and methods to prevent them, contact Centex Technologies at (254) 213 – 4740.

How To Identify Signs Of A Phishing Attempt?

By centexitguy

On October 25, 2021

In Security

Organizations of all sizes are subjected to regular, highly sophisticated phishing attempts. Expecting IT and security teams to identify and combat all phishing attacks solely through technology is impractical. Phishing can take many forms, but it is essentially any email attack that is aimed to get the recipient to take a specific action. Phishing emails are now being meticulously researched and concocted to target specific receivers. So, how can you raise awareness about it and train your team to recognize a phishing email?

Phishing emails frequently include a variety of red flags that, if detected by the receiver, can prevent the attack from succeeding. A few red flags as mentioned below suggest the authenticity of any email: –

Addressing, greeting, and context of the email: When reading a phishing mail, the first thing that generally raises suspicion is the words, tone, and figure of speech. In most of the mails, someone impersonating as a coworker may suddenly becomes overly familiar, or a family member may become a little more professional.
Unfamiliar looking email ids, URIs: Looking for suspicious email ids, URIs (Uniform Resource Identifiers), and domain names is another simple approach to spot a potential phishing scam. It’s recommended to double-check the originating email ids against previous similar correspondence done. If the email contains a link, hover the pointer over the link to see what pops up. Don’t click if the domain names don’t match the links.
Threats or high level of importance: Any email that threatens unpleasant repercussions should be viewed with caution. Another strategy used by criminals is to convey a sense of urgency to encourage, or even demand, urgent action from the receiver in order to confuse them. The fraudster expects that by reading the email quickly, the content will not be thoroughly reviewed, allowing additional phishing-related irregularities to go undetected.
Attachments are the root cause of all evils: Be wary of emails with attachment(s) from an unknown sender. When the recipient did not request or expect to receive a file from the sender, the attachment should not be opened. If the attached file contains a file extension that you have never heard of, be cautious. You can flag it for an anti-virus scan before opening it.
Irrelevant follow-ups: In a follow up email of some previous correspondence, if the correspondence requests something unusual, could be a sign of fraudulent communication. For example, if an email purports to be from the IT team and requests you to install a program or click a link to patch your asset whereas all patching is typically handled centrally. It is a strong indication that you’ve received a phishing email and should not follow the instructions.
Concise and precise: While many phishing emails will be crammed with information in order to provide a false sense of security, others will be sparse in order to capitalize on their uncertainty. A scammer may send an email impersonating a familiar connection with some irrelevant text, for example – “Are you up for a profitable business venture with me?” and an attachment “Business Proposal”. These kinds of emails are usually sent to 9 to 6 working professionals who are looking to make side-income apart from their primary profession.
Recipient didn’t initiate the email thread: As phishing emails are unsolicited, a common red flag is to inform the receiver that he or she has won a reward. The recipient can be lured to qualify for a prize if they reply to the email, or will receive a discount if they click on a link or open an attachment. There is a significant likelihood that the email is questionable if the receiver did not initiate the dialogue by opting in to receive marketing materials or newsletters.
PII (Personally Identifiable Information) requested: When an attacker creates a false landing page that users are directed to via a link in an official-looking email, often some sort of credentials, payment information, or other personal information is asked.
Grammatical errors: The use of poor grammar and spelling is another prevalent symptom that raises a red flag. As most firms have the spell check feature turned on in their email client, you’d expect emails from a professional source to be free of errors in language and spelling.

Sifting through the numerous reports to eliminate false positives is difficult and cumbersome. So, how can a business prevent phishing emails and spot phishing attacks? One strategy is to give priority to notifications from individuals who have a history of correctly recognizing phishing messages. These prioritized reports from employees help the SOC (Security Operations Center) team quickly respond to possible phishing attempts. This reduces the risk to individuals and business partners who could fall prey to such phishing campaigns.

To know more about various cyber-attacks and methods to prevent them, contact Centex Technologies at (254) 213 – 4740.