Protecting Yourself Against a Cyberattack

Cybersecurity – Staying Safe Online

Yes, there are crooks who are out to get you online! Learn how to thwart them.

Cybersecurity involves preventing, detecting and responding to cyberattacks that can have wide ranging effects on the individual, organizations, the community, and the nation. Cyberattacks are malicious attempts to access or damage a computer system. Cyberattacks can lead to loss of money, theft of personal information, and damage to your reputation and safety.

Cyberattacks can occur through computers, mobile phones, gaming systems and other devices. They can include identity theft, could block your access or delete your personal documents and pictures, and can target children. They can also cause problems with business services, transportation, power and other infrastructure.

Protect Yourself Against a Cyberattack

• Keep software and operating systems up-to-date.
• Use strong passwords.
  • 12 characters or longer
  • Upper and lowercase letters, numbers and special characters
  • Use a password manager
• Use stronger verification such as Two-Step Authentication. This can include using a PIN or password that only you would know, or a separate device that can receive a code or uses a biometric scan (e.g., fingerprint scanner).
• Watch for suspicious activity (phishing – more about this below).
  • asks you to do something right away
  • offers something that sounds too good to be true
  • needs your personal information
• When in doubt, don't click.
• Check your account statements and credit reports regularly.
• Use encrypted (secure) internet communications.
• Use sites that use https if you access or provide any personal information. Do not use sites with invalid certificates.
• Regularly backup your files in an encrypted file or encrypted file storage device.
• Protect your home and/or business Wi-Fi network with antivirus and malware solutions and firewalls to block threats.
• Limit the personal information you share online.
  • Review and change privacy settings if necessary.
  • Do not use location features.
• Protect your home network by changing the administrative and Wi-Fi passwords regularly. When configuring your router, choose the Wi-Fi Protected Access 2 (WPA2) Advanced Encryption Standard (AES) setting, which is the strongest encryption option.

Don’t Take the Bait!

Recognizing and Avoiding Phishing Scams

Phishing is one of the most dangerous methods of cybercrime. It involves emails, texts, or calls that seem to be from companies or people you know, but they are actually from scammers. They want you to click on a link or give personal information, including a password, so that they can steal your money or your identity, or gain access to your computer. According to Verizon’s 2020 Data Breach Investigations Report, 32 percent of all cyberattacks involved phishing.

Phishing emails and text messages may look like they’re from a company you know or trust. They may look like they’re from a bank, a credit card company, a social networking site, an online payment website or app, or an online store.

• Scammers use familiar company names or pretend to be someone you know.
• They ask you to click on a link or give passwords or bank account numbers. If you click on the link, they can steal your personal information or install programs to lock you out of your computer.
• They pressure you to act now, often threatening that something bad will happen if you don't.
• Watch this short video, What is Phishing and How Do I Protect Myself, from AARP, to learn more.

Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment. They may:

• say they’ve noticed some suspicious activity or log-in attempts.
• claim there’s a problem with your account or your payment information.
• say you must confirm some personal information.
• include a fake invoice.
• want you to click on a link to make a payment.
• say you’re eligible to register for a government refund.
• offer a coupon for free stuff or say you have won something.

Remember:

• No legitimate bank, government agency or business would call or send an email requesting that you discuss or enter your private information.
• Misspellings, poor grammar and typos are also good indicators of phishing.
• Watch out for extra or odd characters in the URL (web address) or sender’s email address.
• Even if a link has a name you recognize somewhere in it, it doesn't mean it links to the real organization. Roll your mouse over the link and see if it matches what appears in the email. If there is a discrepancy, don't click on the link.
  • Example: paypal.ssecure.server.de (will take you where you don’t want to go)
• Websites where it is safe to enter personal information begin with "https" — the "s" stands for secure. If you don't see "https" do not proceed.
• Watch out for a generic greeting. Phishing emails are usually sent in large batches. Internet criminals use generic names like "First Generic Bank Customer." If you don't see your name, be suspicious.

If You Have Been Cyberattacked

• File a report with the Office of the Inspector General (OIG) if you think someone is illegally using your Social Security number. OIG reviews cases of waste, fraud and abuse.
• File a complaint with the FBI Internet Crime Complaint Center (IC3). They will review the complaint and refer it to the appropriate agency.
• File a report with the local police so there is an official record of the incident.
• eport identity theft to the Federal Trade Commission.
• Contact additional agencies depending on what information was stolen. Examples include contacting the Social Security Administration (800-269- 0271) if your social security number was compromised, or the Department of Motor Vehicles if your driver's license or car registration has been stolen.
• Report online crime or fraud to your local United States Secret Service (USSS) Electronic Crimes Task Force or the Internet Crime Complaint Center.
• For further information on preventing and identifying threats, visit US-CERT’s Alerts and Tips page.