Blog   Tagged ‘cyber criminals’

The Evil Airline Phishing Attack

  |  Posted by

Imagine clicking on an attachment in an email confirmation for an online purchase or hotel reservation and being greeted by an urgent pop-up that reads, “A virus has been detected due to suspicious activity. Click here to run a diagnostic on your computer hard drive.” Seems like good advice, right? Before clicking OK, you might want to learn more about a new email phishing scam.

Continue Reading

Known as the evil airline phishing attack, this scam is a two-wave social engineering scam that attempts to take over your computer and steal sensitive personal information—or both— potentially leading to identity theft or damage to your computer. What makes this especially alarming is that recent research says this scam is successful about 90 percent of the time‡.

The scam targets individuals who frequently book travel or shop online and are familiar with receiving email confirmations on purchases or bookings. Like other phishing scams, cybercriminals research online and offline before sending these authentic looking emails. The subject line will look something like this:

When the victim receives the email, the two-wave phishing attack begins:

  • First wave: Opening the message signals to the cybercriminal that the email address is authentic and has been received by a real person.
  • Second wave: Inside the email is an authentic-looking attachment such as a .pdf or .docx file. This file is masquerading as a travel confirmation or purchase receipt with malware‡ embedded in it. If the attachment is opened, the malware springs into action impacting your data and computer.

The goal of these cybercriminals is to:

  • Trick you into clicking links and opening attachments which can secretly infect your computer or device
  • Access and steal your information (e.g. usernames, passwords, credit card numbers, etc.)
  • Make transactions, file fraudulent tax returns, use you or your children’s identity, share sensitive medical data with other hackers and a variety of other activities

How can you help protect yourself?

  • First defense: Desktops, laptops, tablets and even mobile devices are at risk of this attack. Install antivirus protection on your electronic devices (including tablets and mobile phones) and keep your hardware and software updated.
  • Second defense: Never click on links or attachments in emails you aren’t expecting. If something looks “phishy,” it probably is. If you have questions or concerns about any electronic communication, go to the company’s website to confirm details or contact them directly.
  • Final defense: Communicate with your coworkers, friends and family. One of the best ways to keep from falling victim is to ask questions, open dialogue and stay informed.

For more information to stay cyber aware, visit UMB’s Security and Privacy page.

When you click links marked with the “‡” symbol, you will leave UMB’s website and go to websites that are not controlled by or affiliated with UMB. We have provided these links for your convenience. However, we do not endorse or guarantee any products or services you may view on other sites. Other websites may not follow the same privacy policies and security procedures that UMB does, so please review their policies and procedures carefully.


Ms. Flores serves as senior vice president and Chief Information Security Officer, providing oversight of UMB’s information security and privacy programs. She joined UMB in 2010 and more than 15 years of experience in information technology and information security. She attended Kansas State University with a focus on management information systems and is a Certified Information Security Manager (CISM), Certified Information Privacy Professional (CIPP/US) and Certified Information Systems Auditor (CISA).



Leave a Comment

Tagged: , , , , , ,

Wait a minute…who’s been sending emails from my account?

  |  Posted by

Did you know every day thousands of webmail accounts (Gmail, Yahoo, AOL, etc.) are taken over by cyber criminals? Compromised webmail can be used to make purchases, transfer money from bank accounts or even trick friends and family into giving out information that allows access to their webmail – in a matter of minutes.

Take time to do a few simple things to ensure your webmail accounts are as secure as possible:

Continue Reading

Passwords

Weak passwords can be easily hacked and used to access your account.

  • Avoid using the same password on numerous accounts. This may make your email vulnerable if another site is compromised.
  • Change your password often.
  • Use strong passwords. For example, think of a special phrase and use the first letter of each word as your password. For more tips, visit OnGuardOnline.gov

Security Questions

Even a strong password can be compromised if security questions are easy to guess.

  • Make sure answers can’t be researched on social media sites.
  • Pick a question that only you know the answer to.
  • Choose the custom security question option if available.

Phishing Email

Phishing scams use a convincing message to trick you into clicking a link, downloading attachments or other “bait” that can be used to log your online activity, give a cyber criminal control of your computer or even direct you to a phony website where you’re asked to enter your username and password. All of these can be used to commit online crimes. To avoid phishing scams:

  • Look for misspellings or grammatical errors.
  • Question suspicious email; don’t click questionable links or download attachments that appear out of the ordinary, even if from a friend or company you’re familiar with.
  • If you aren’t sure, OnGuardOnline.gov provides help for identifying phishing scams.

Review Account(s)

The best protection against cyber crime is staying alert.

  • Check sent, trash, and other folders for suspicious incoming or outgoing mail.
  • Check advanced account options for changes you didn’t make. Your email may be forwarded to someone else and you didn’t even know it.
  • Investigate security options offered by your provider like notices for suspicious log-in attempts or two-step verification using a code that’s texted to your phone.
  • Regularly review financial accounts associated with your email address for suspicious activity.
  • Contact your bank and all other financial institutions immediately if you think your email has been compromised.

Don’t fall victim to cyber crime. Take time to secure your webmail accounts and encourage friends and family to do the same.


Ms. Flores serves as senior vice president and Chief Information Security Officer, providing oversight of UMB’s information security and privacy programs. She joined UMB in 2010 and more than 15 years of experience in information technology and information security. She attended Kansas State University with a focus on management information systems and is a Certified Information Security Manager (CISM), Certified Information Privacy Professional (CIPP/US) and Certified Information Systems Auditor (CISA).



Read One Comment

Tagged: , , , , , , , , , , , , , , , , , , , , , , , ,