The amount of time and effort you put into your blog or website is countless.  The amount of time it takes cybercriminals to compromise your site is only seconds.  They can impersonate most emails and companies effortlessly and inexpensively.  Did you know that over a third of all emails sent from .gov are fraudulent?

Let’s talk about some of the top threats that we face today and how a little awareness can help keep your brand safe.

CybercriminalsPasswords – Yes this is very basic but the most important. Here are a few ideas to help protect you.

  • Change your password!!
    • You don’t have to do this often but don’t just add a 1 or ! to your current password or change one letter.  Be bold and pick something strong and out of your comfort zone.
    • Check the strength of your password here http://www.passwordmeter.com/
    • See if your email address has been compromised here https://haveibeenpwned.com/
  • DO NOT make a spreadsheet of all you logons and passwords and load it to the Google docs or Dropbox (yes, I’m talking to you)!
  • Find a password manager if you need help.  LastPass and Dashlane are popular for this.
  • Use Two Factor Authentication (2FA) – an extra layer of security that requires not only a password and username but also something that only a user has on them like a phone. Google, Apple, and several other vendors offer this service. (This is the #1 thing you can do right now to dramatically increase your security)

 

Tactics used by Cybercriminals

Social Engineering – The art of tricking, influencing or deceiving people into giving up personal or sensitive information.  Basically Cybercriminals have figured out that is easier to trick a human than a computer so instead of trying to break into your house they just ask for the key…..and we give it to them.

  • Phishing – When someone tries to trick you into sharing personal information typically via email, ads or similar looking sites that you frequently visit.  Below is a fake Google log-on page that looks completely authentic.  It may be very hard to tell a real site from a malicious one. When in doubt check the URL very closely or navigate to the website on your browser rather than clicking on the link provided.

 

Cybercriminals

  • Check that the email address and the sender name match.
  • Hover over any links before you click on them. If the URL of the link doesn’t match the description of the link, it might be leading you to a phishing site.
  • Most companies will never ask for you to enter or verify personal information vie email.
  • Never click on attachments or open documents from unknown sources.

Social Imposters – Who is pretending to be you?

  • It has become insanely easy (and lucrative) to pretend to be someone else or another company in the digital world.
  • Up to 60 million fake Facebook accounts, 48 million fake Twitter accounts and millions more across all social media platforms.
  • Always be sure who you are dealing with online.  If a campaign or blogging opportunity seems too good to be true it probably is.
  • Always be leery of direct messages sent via social media platforms.  Do not click on links or attachments unless you are 100% sure of the content.

Will the real Chris Pratt please stand up?

Cybercriminals

Can you tell the difference between these two Wells Fargo accounts?

 

Cybercriminals

 

Typosquatting – Don’t look too close (that’s what they want)

Cybercriminals often create fake websites that imitate the look and feel of your intended destination so you may not realize you’re at a different site.

  • These site aim to steal your personal information, spread malicious software or simply to inflate ad revenue to a specific site.

Can you see the difference here?  Look how easy it is to confuse www.equifaxsecurity2017.com with any of the URL’s in the image below

Cybercriminals

As technology evolves at a rapid pace, new tricks and techniques are always being introduced by cybercriminals.  The best way to protect yourself is being aware of the tools and methods being used by criminals and to always be suspicious of anything that you do online.

What challenges or experiences have you had protecting your blog and brand?