Fake Browser Updates

Fake browser updates are dangerous. If you initiate a download, you will expose your device, your data and our organization to a cyber attack.

The link below takes you to a brief (two-minute) module that shows an example of a fake update message and helps explain the techniques cybercriminals use to fool people. You can also read the attached PDF for more information.

Link to module: https://web-demos.wombatsecurity.com/demos/rlf-release-candidate-1575561477/awareness/as191201/

(Note: This link will take you to the website of Wombat Security, a division of Proofpoint.)

Please familiarize yourself with this scam and remain alert. Fake browser updates could appear on any website, even those you visit frequently. If you encounter a suspicious message, be sure to report it to the Information Security Office by emailing us at security@northwestern.edu.

Reporting an Incident

Bad guys are very persistent, eventually anyone can make a mistake. If a phone call from the “Help Desk” doesn’t sound quite right, if an email seems suspicious or if a program you installed starts acting funny, ask for help! In addition, perhaps you lost a work laptop or a USB drive. The sooner you report an incident, the sooner we can help resolve the problem.

To learn more, check out this SANS OUCH! newsletter.

Don’t Trust Links Sent in Email Messages

A common method cybercriminals use to hack into people’s computers is to send them emails with malicious links. People are tricked into opening these links because they appear to come from someone or something they know and trust. If you click on a link, you may be taken to a site that attempts to harvest your information or tries to hack into your computer. Only click on links that you were expecting. Not sure about an email? Call the person to confirm they sent it.

To learn more, check out this SANS OUCH! newsletter.

Phishing

Phishing is when an attacker attempts to fool you into clicking on a malicious link or opening an attachment in an email. Be suspicious of any email or online message that creates a sense of urgency, has bad spelling or addresses you as “Dear Customer.”

In an effort to prevent email scams from reaching the University’s central email server Northwestern’s Email Defense System (EDS), powered by Proofpoint, blocks the majority of malicious messages from being distributed to the University community. However, malicious and junk email occasionally slips through this security net.

As part of the University’s continued commitment to providing a secure computing environment to the University community, Northwestern IT provides a list of reported Scam Email Attempts recently targeting Northwestern:

If you believe you have received a scam email, forward the message to security@u.northwestern.edu with the message headers

To learn more, check out this SANS OUCH! newsletter.

Source: Security Awareness Tip of the Day

Message and Smishing Attacks

One of the most common ways cyber attackers attempt to trick or fool people is by scamming you in email attacks (often called phishing) or try to trick you with phone calls. However, as technology continues to advance bad guys are always trying new methods, to include tricking you with messaging technologies such as text messaging, iMessage/Facetime, WhatsApp, Slack or Skype. Here are some simple steps to protect yourself and spot / stop these common attacks. 

When you receive a message that seems odd or suspicious, start by asking yourself does this message make sense, why am I receiving it? Here are some of the most common clues of an attack.

  • A tremendous sense of urgency, when someone is attempting to rush you into taking an action.
  • Is this message asking for personal information, passwords or other sensitive information they should not have access to?
  • Does the message sound too good to be true? No you did not win the lottery, especially one you never entered.
  • A message that appears to come from a co-worker or friend’s account or phone number, but the wording does not sound like them. Their account may have been compromised and taken over by an attacker, or the attacker is attempting to pretend to be them, tricking you into taking an action.
  • If you get a message that makes you have a strong reaction, wait a moment and give yourself a chance to calm yourself and think it through before you respond.

Message / Smishing Attacks

Source: Security Awareness Tip of the Day

Clues You Have Been Hacked

Some of the most common indicators that you may have been hacked include the following: Your friends tell you that they have received odd emails or messages from you, messages you know you did not send; Your password no longer works for one of your accounts, even though you know you never changed the password; Your anti-virus informs you that one of your files or computer is infected. You receive a pop-up message informing you that the files on your computer have been encrypted and you must pay a ransom to recover them.

To learn more, check out this SANS OUCH! newsletter.

Source: Security Awareness Tip of the Day

Smart TVs – A FBI Warning

The greater the deals are, the less secure your devices may be. Black Friday/Cyber Monday may offer you great deals, but at what price should you risk your privacy and/or security?  

The FBI has issued a warning to all consumers to be wary of how secure their devices are, especially Smart TVs. Smart TVs connect to the internet to allow you to use popular streaming services and apps. Many of them come in with a microphone on the controller or on the TV itself. A few the newer TVs also have built-in cameras for facial recognition, to know who is watching and can suggest programming appropriately.  

When these TVs are connected to your network, most people don’t bother placing them in a different VLAN, making it easily accessible to all others who have or can get access to your Wi-Fi. Earlier this year, hackers showed it was possible to hijack Google’s Chromecast streaming stick and broadcast random videos to thousands of victims. There are even steps on how to exploit a Samsung Smart TV on WikiLeak.

The FBI recommends placing black tape over an unused smart TV camera, keeping your smart TV up-to-date with the latest patches and fixes, and to read the privacy policy to better understand what your smart TV is capable of. We also recommend buying a Smart TV that comes with the security even if it costs a bit more.  

Source: Now Even the FBI is Warning About Your Smart TV’s Security