Cybersecurity

No one from St. Mark's Episcopal Church will ever contact you by text or email to request the purchase of gift cards or to ask for personal information. Any unusual or suspicious requests for money, information, or assistance of any kind should be verified with the Office Administrator, Deacon-in-Charge, or a member of the Vestry before taking any action.

Introduction

Crime is not a new thing, but criminal methods continue to evolve. Bad actors are always working on new ways to trick you into giving out your personal information or money. Technology helps us all do things faster and more efficiently, including the criminals, or bad actors. While it is good to keep current on the latest scams, it is important to know how to recognize a fraudulent email, text message, phone call and social media contact.

Cyber crime can be categorized into two areas. You have pure cyber crime that exists because of computers and the Internet. This is what most people think of when they of when discussing cybersecurity. It is the protection of computers by firewalls, routers, passwords and more; and usually left to the IT professionals.

But there is also enhanced cyber crime. This is crime that existed before the Internet and just uses technology to widen the target area and population. You can think of this as computer-assisted crime. This site will help raise awareness of the type of cybersecurity that we can all use to reduce cyber crime.

Only when cybersecurity is on your mind with every email communication, day in and day out, can you be best protected.

Hacking People, Not Computers

Contrary to popular belief, most cyber crime is due to people, not computers. Con-artists have been around long before computers. The advent of email and social media simply gives them better tools with which to ply their trade. Social engineering is the art of getting people to do something that they may not ordinarily do. Aspects of social engineering are used in sales and politics all of the time. While not always bad, social engineering has become synonymous with cyber crimes, especially spear phishing.

Social Engineering Red Flags

Cybersecurity company KnowBe4 has some great articles about social engineering. They hired social engineering expert and former phone phreak, Kevin Mitnick as their Chief Hacking Officer, and he offers his insights on the subject. Take a look at their comprehensive What is Social Engineering page for a detailed look at the subject.

Social engineering can be found in:

email - phishing and spear phishing
phone calls/voice mail - vishing
text messages - smishing
face-to-face - yes, some people still do things the old-fashioned way

Here are some things to look for

Urgent language

Most attempts to get you to hand over your money or personal information include some kind of urgent language to get you to comply. It is harder to think when you are under stress.

Warnings of consequences

We all want to avoid inconveniences or problems, so the use of some kind of consequence for non-compliance is used.

Short time-frame for action

Most scams include a warning to "act now" to avoid the consequence or penalty. This is to reduce your time to think about what you are doing.

Asking for Information

When someone contacts you claiming to be from a service provider, business or other entity and asks for information that they should already know -- like your account number or Social Security number -- or something that they have no business knowing -- like your account password or other personal information -- it is a good bet that they are not who they say they are.

Verifying Passwords

You should never have to verify your password. That would be like verifying your house key; you do that every time you unlock your door. Every time you log in, you are "verifying" your password. When someone asks you to verify your password in a place that is not the normal login area, they probably want to steal it.

No reputable tech support service or bank will need you to verify your password -- especially not on a Google Form. Your password is verified every time you log in and you should never provide it to anyone or be prompted to enter it anywhere other than the official login page.

Mobile Phone Attacks

Do not think that you are safe from attacks just because you are using a mobile phone. Smartphones are mini computers, and like any other computer, susceptible to hacks. It is less likely, though, that the phone itself will be compromised, but rather be used as a way to get an unsuspecting user to give out information to a social engineer.

In addition, connecting to a compromised wireless (Wi-Fi) network can allow a bad actor to intercept your information.

Page updated

Report abuse