Don’t Let Romance Scams Spoil Your Valentine’s Day

By Dr. Richard White

Valentine’s Day is for romance and connection, but scammers are skilled at using emotion as a social engineering tool.

In my book “CYBERCRIME: The Madness Behind the Methods,” I explain in detail how social engineering manipulates how we see and hear what we want to believe. In turn, dopamine released in the brain reinforces our new actualized belief.

There are five areas where scammers are most successful at engineering our beliefs and driving our actions through emotional connections.

1. Email and Phishing scams are always a threat. When romance is in the air, concerns for security may take a back seat to the excitement of finding the perfect romantic gift.

For example, scammers develop ads designed to lure victims to malicious websites or steal their credit card information with promises of gift cards, great discounts or a gift you never knew existed. Be wary of unknown companies and always verify the validity of a company before clicking a link.

2. Facebook and social media are powerful marketing sights for scammers. Perpetrators use the power of search algorithms to seek out the right victims for their scam and ads you clicked in the past combined with your search patterns allow just the right ad to be placed on your screen.

Scammers’ ads may look legitimate and their products or services may be real, but their goal is to steal your information or take your payment without delivering merchandise. Remember that social media platforms are designed to get people to respond to ads. Don’t click on an ad until you research the company with a Google search or the Better Business Bureau to ensure trustworthiness.

3. Fake profiles are a common problem on dating sites. Leading up to and during Valentine’s Day, scammers up their romantic game to establish online relationships. Remember, people tend to see and hear what they want to believe.

A common scam involves a U.S. citizen or service member who is living abroad but soon to return home, conveniently right near were you live. Once the online relationship is established, the scammer comes up with an issue and needs your financial assistance to return home.

4. Variations of the Nigerian prince scam abound. This scam involves receiving something amazing in exchange for documentation, money or a credit card number.

You receive some type of communication from a person searching for someone with your name who claims to be a long-lost love, family member, or special someone who got away. But he or she is not sure you’re the right person, so asks you to provide information to prove who you are.

Remember who is at risk here, and that you are the one putting yourself out there—possibly in harm’s way. Slow down, think and verify whom you are dealing with.

5. Compromised websites are a great way to spread malware. A website may be real and belong to a legitimate business or person, but it may have been hacked.

Be careful with any type of site that is open to the public for posting comments. Anyone can post a link that will direct you to malware or a compromised website. Whether an advertisement, a product review, or a personal ad from someone searching for you, do not let your emotions get the better of you and do not rush into something out of pure excitement. Research links before clicking on them and don’t ever post personal information online.

Also, don’t forget about the things you can do to mitigate your risk. Here are five:

  1. Always be mindful of phishing emails and attachments. If a link seems to be exactly what you are looking for, beware. Scammers may have targeted you.
  2. Many websites will allow you to test a link before you click on it, such as checkshortURL.com, virusdesk.kaspersky.com/, and scanurl.net/. These sites will let you know if the link has been reported as malicious or if malware was found on the site. Always test a link before clicking on it.
  3. Be careful when sharing personal or financial information with someone you have not met personally.
  4. Protect your privacy when using an online dating site. Do not use the same username and email address used for your normal daily activity and never put your full name on your profile.
  5. Never go off-site to use personal email or instant messaging. Social media and dating sites have a communication platform designed to protect you and keep your information private.

Finally, if you do have a need to send money overseas please follow this advice: Wiring money is the same as sending cash. It is gone as soon as it is sent. The most secure way to send money to a U.S. citizen abroad is through the U.S. State Department. To find out more about this and other options for sending money abroad go to http://www.travel.state.gov and visit the international travel section or contact Western Union and ask about this program.

Remember, your best defense online is combining awareness of cyber threats and risks with recognizing your own personal bias in the moment. Ultimately, if you are not completely comfortable with an email or website, then leave it alone.

Happy Valentine’s Day!

Dr. Richard White is an adjunct professor of cybersecurity and information assurance at University of Maryland University College (UMUC) and the author of Cybercrime: The Madness Behind the Method.”

Cybersecurity Trends for 2019: Hear from University of Maryland University College Faculty Experts

As it was when 2018 began, cybersecurity remains a top global priority at year’s end and, arguably, even more so. We simply need to look back over the past year to see that data breaches have affected just about every aspect of our lives. What can we expect 2019 to bring?

Cybersecurity faculty experts at the University of Maryland University College (UMUC) offer five unique industry predictions, trends and priorities for the coming year.

1) A Broader Investment in Leadership and Hiring Strategies:
Dr. Mansur Hasib, program chair, Cybersecurity Technology, The Graduate School

Organizations appear poised to realize that cybersecurity executives are needed at the highest levels in order to drive organizational digital strategy. In 2019, we will see boards and CEOs get more engaged in the governance aspects of cybersecurity. We may also see some signs of legislation to hold executives accountable for due diligence.

On the hiring end, because companies are finding it harder to poach qualified workers from other companies, they are likely to start investing more in their people. Organizations will begin to engage in more creative ways to hire, including offering internships and apprenticeships, and grooming and investing in their own workforce. Organizations will also begin to look at qualified people with less experience, especially those who can speak the language of business.

2) GDPR Non-Compliance and Renewed Focus on Election Security
Balakrishnan Dasarathy, program chair, Information Assurance

Several companies will be caught for non-compliance with General Data Protection Regulation (GDPR) and a few of them will be fined heavily. This will send shivers through various industries and businesses that steward customer data and predict their behavior. Home Internet of Things (IoTs) are going make the situation dire. On the upside, this will result in better privacy policies and protection of privacy-related data through adequate cybersecurity measures.

With Democrats controlling the U.S. House of Representatives —and with Marcia Fudge playing a key role in the new House—we will see more scrutiny of both the 2018 midterm and 2016 national election processes and controls. The cybersecurity of election systems, voter registration and disenfranchisement are among the many areas that will get their due attention.

3) Decentralization, Assured Identity & Privacy, and HCI Take Center Stage
Michelle Hansen, collegiate professor, Cybersecurity and Computer Forensics

Blockchain, a model for distributed, decentralized frameworks used for information sharing, has quickly become a popular technology based on its financial uses, such as Bitcoin cryptocurrency. Cybersecurity will focus on securing these types of frameworks so that they are impenetrable and more suitable for businesses.

Authentication schemes and access control systems need to provide assured identity and individuals’ privacy. Flexible signatures, which use a verification algorithm to validate credentials in a quantifiable and trusted manner, will play a critical role with new technologies, including IoT and real-time systems.

Finally, people have long been identified as the weakest link with any information technology, system, or device. This vulnerability will be of great focus soon, as human-computer interaction aims to persuade user activity and mitigate security incidents, such as using new machine integration technologies in identifying users’ phishing susceptibility.

4) Cloud-based Breaches Rise, Machine Learning Gains Larger Role in Carrying Out Attacks
Jimmy Robertson, program chair, Software Development, Security and Computer Science

As more agencies and companies move to the cloud, shortages in skilled personnel who fully understand the shared-responsibility security model will result in more cloud-based security breaches. Putting security first before deployment is a best practice.

The application of artificial intelligence—in particular, machine learning—to both offensive and defensive cyber operations promises to offer more efficient and more effective tools for carrying out attacks that occur at machine speeds.

Resurgence of Battle Tested Attacks
Richard White, PhD, adjunct professor and course chair, Cybersecurity Information Assurance

Ransomware will continue to plague large and small businesses alike. The ransomware paradigm has proven highly successful and extremely profitable for bad actors, so it’s a safe bet that we have not seen the last of these types of attacks.

Phishing attacks also will continue, simply because they are tried and true techniques for duping the good guys into ‘mousing over,’ clicking, or downloading packages that provide a range of services to bad actors, such as credential theft, key stroke logger, remote control, and back door.

We also will see more attacks against entire industries, including watering hole attacks or NotPetys, which are both easy to deploy, present very little risk to the bad guys, and are extremely successful regarding their evil objective. Due to the many attributes associated with these types of attacks, it is likely that we will see similar attacks across 2019. 

 

Cyber Connections News Roundup: December 4

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

December 4, 2018

Global Cybersecurity in Healthcare to Reach 10.7 Billion By 2024

According to a report by Zion Market Research, the global cybersecurity in healthcare market was valued at approximately USD 6.6 billion in 2017 and is expected to reach USD 10.7 billion by the end of 2024. Major factors driving the growth of cybersecurity in healthcare include: an increase in cyber attacks; increased use of laptops, mobile devices, and smartphones with healthcare applications; and the introduction of advanced technology solutions. North America and Europe are projected to lead the way in cybersecurity in healthcare globally. Read more.

Will the Marriott Breach Lead to New Cybersecurity Laws?

News of the recent Marriott hotel hack that affected approximately 500 million guests may result in renewed calls for new federal legislation, according to a recent www.mediapost.com report. Senator Ed Markey (D-Mass), for one, is pushing for Congress to pass comprehensive consumer privacy and data security legislation that would require companies to follow strong data security standards, direct them to only collect the data they actually need to service their customer, and create penalties for companies that fail to meet them. Read more.

Dell Computer Breach Most Likely Avoided Data Extraction

US-based computer hardware manufacturer Dell announced on Nov. 9 that an unauthorized intruder (or intruders) attempted to extract Dell.com customer information from its systems, such as customer names, email addresses, and hashed passwords. The company stated in a press release that its internal investigations found no conclusive evidence that any data was extracted. According to a www.zdnet.com report, Dell is still investigating the incident, but said the breach wasn’t extensive, with the company’s engineers detecting the intrusion on the same day it happened. Read more.

Russian Hackers Back in Action After Midterms

According to a recent article on www.thehill.com, Russian hackers carried out a widespread campaign that targeted the federal government, media outlets and think tanks after the Nov. 6 midterm elections. American officials detected activity by a Kremlin-linked hacking group that took place days after the polls closed. The article suggested that the post-midterm attacks are a sign that hackers are exploring the new political landscape now that Democrats will be in control of the House starting in January. Read more.

What Is the Role of the SEC in Cybersecurity Regulation?

A recent article posted on www.lawfareblog.com examines the relationship of the Securities and Exchange Commission (SEC) and cybersecurity regulation. According to a White House Council of Economic Advisers report released earlier this year, malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016. Yet, despite major breaches like the Equifax hack, Congress has not passed new legislation, even though SEC leadership has acknowledged that the greatest threat to our markets right now is the cyber threat. What should the role of the SEC be in regulating cybersecurity? Read more.

Securing the Cloud Is a Shared Responsibility

Cloud computing—using a network of remote servers hosted on the Internet to store, manage, and process data—is an attractive solution for business owners and government agencies from a security standpoint. If used properly, cloud computing can result in fewer security concerns and greater cost savings. But what about security?

Last month at CyberMaryland 2018, Jimmy Robertson, program chair, Computer Science and Software Development and Security at University of Maryland University College, sat down with us to explain how cloud security is a shared responsibility among all stakeholders and to offer his  insights into the security implications of moving into the cloud. Watch the video below:

Cyber Connections News Roundup: Sept. 25

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

New Document Lays Out Trump Administration Cyber Strategy

The new White House cybersecurity strategy, announced on Sept. 21, according to national security adviser John Bolton, suggests a more aggressive posture, including authorizing offensive cyber operations against foreign adversaries. The directive — called National Security Presidential Memorandum 13, or NSPM 13 – aims to deter malicious actors from launching digital attacks against the United States. However some argue that the 40-page document lacks new proposals, according to a recent Washington Post report. Read more.

Three “Out of the Box” Solutions for Closing the Cyber Skills Gap

Recently on http://www.wsj.com, Janaki Chadha reported on three proposals for closing the cybersecurity skills gap – a “Cybersecurity Peace Corps” (proposed by Scott Shackelford, chair of the cybersecurity program at Indiana University, Bloomington); a Cyber ROTC (proposed by Michèle Flournoy, a former senior official in the Defense Department); and financial incentives in the form of tax breaks for employers that develop training programs for cybersecurity jobs. Read more.

US House Introduces Cyber Workforce Bill

In other cybersecurity workforce news, http://www.zdnet.com reported that US lawmakers have introduced a bipartisan bill meant to address the current shortage of cybersecurity professionals. The bill, called the Cyber Ready Workforce Act (H.R.6791), would establish a grant program within the Department of Labor to support the creation, implementation, and expansion of apprenticeship programs in cybersecurity. Read more.

Many US Adults Lack Awareness of Cyber Careers According to New Survey

Meanwhile, a recent report on http://www.securityboulevard.com suggests that closing the cybersecurity skills gap may be difficult because many adults lack awareness of the opportunities in the field. A new national University of Phoenix survey found that 80 percent of U.S. adults have never considered a career in cybersecurity. These findings owe a lot to a greater lack of awareness and familiarity with cyber jobs and job titles, according to the report. Read more.

Healthcare Industry Must Keep Pace With Growing Number of Cyber Threats to Mobile Devices

A recent article on http://www.healthtechmagazine.net outlines what healthcare organizations must to do to keep pace with the inherent cybersecurity threats to the growing number of health mobility programs available to patients and medical staff. The article cited 2017 HIMSS Cybersecurity Survey data, which indicate that health industry users are generally aware of phishing or typical threats that affect a desktop computer, but less aware of threats that impact mobile devices such as smartphones or tablets. Read more.

Cyber Connections News Roundup: August 28

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

August 28, 2018

Are Supercomputers Ready to Combat Cyber Threats

Supercomputers may be evolving, but many believe they remain impractical for solving security challenges. In June 2018, a new winner was crowned as the world’s fastest supercomputer, with the US taking the honors back from China. Oak Ridge National Lab’s Summit supercomputer can process more than 122 petaflops –122 thousand trillion floating-point operations per second. Supercomputers can have application in cybersecurity as well, but, according to experts, the days when that’s a reality are far ahead. Read more.

12 TED Talks That Will Change the Way You Look at Business Cybersecurity

From http://www.varonis.com comes a list of its top 12 TED Talks on cybersecurity. These discussions touch on everything from how to create a strong password to the impact hackers have on world peace. Find out if your business is ready to face its next cyber threat. Read more.

Is New NIST Law Aimed at Helping Small Businesses with Cybersecurity Effective?

The president recently signed into law the NIST Small Business Cybersecurity Act, S.770, originally introduced as the Main Street Cybersecurity Act. This law mandates that NIST (National Institute of Standards and Technology) produce and disseminate educational materials to help small businesses improve their cybersecurity posture. The website http://www.seacoastonline.com offers a succinct overview of the measure plus some invaluable commentary on its effectiveness. Read more.

Google Parent Company Alphabet Closer to Going Public With New Cybersecurity Platform

According to a recent report on http://www.cnbc.com, Google’s parent company, Alphabet, has revealed additional details on its new cybersecurity company, called Chronicle. Last year, Alphabet announced the company, but held back on much of the details. Recently, though, Chronicle CEO Stephen Gillett sat down with CNBC to offer some new details about the company’s direction, including plans to deliver “planet-scale” security services to large corporations. Read more.

Steps Healthcare Organizations Must Take to Combat Growing Cyber Threats

A recent article in HealthTech Magazine offers an overview of the cyber threats faced by healthcare organizations, the latest breach trends and security best practices for providers. To help meet today’s cyber challenges, healthcare organizations should first and foremost view cybersecurity as a business risk rather than just a technical challenge. Read more.

7 Cybersecurity Predictions for 2018 – UMUC Experts Weigh in on the Future of Workforce, Skills, Disruptive Technologies and More

Cybersecurity remains a top global priority and affects just about every aspect of our lives, including politics and voting systems, national defense, artificial intelligence, social media, mobile devices, the Internet of Things (IoT), financial systems and more. As 2017 comes to a close, Cybersecurity faculty experts at the University of Maryland University College offer their industry predictions—and calls to action—for 2018 and beyond.

1. It’s the Status Quo for 2018 and a Call to Action for the Future.

Ajay Gupta, program chair of Computer Networks and Cybersecurity and faculty sponsor of the UMUC Cyber Padawans Hacking Competition team said he sees no change in the current state of the cybersecurity industry.

We’ve known for a while that we are not graduating or training enough professionals; that has not changed. We’ve also known for a while that systems in every industry are at risk, and that has not changed. Moreover, organizations across industries have not made significant improvements to their security posture even after a digital “Pearl Harbor” with the Equifax breach.

I predict that until we make measurable advances in training professionals who are equipped to mitigate risk across the digital enterprise, we will see no change.

2. There Will Be a Refocus on Developing the Cyber Workforce of the Future.

Loyce Pailen, director of UMUC’s Center for Security Studies, said that during 2018 and over the next few years, cybersecurity and cyber terrorism will continue to impact the organizational, personal, U.S. governmental and political landscapes—and that will force larger segments of society to refocus on developing the cyber workforce of the future.

I predict that the dearth of cyber-trained professionals evident in the early 2010s will reach a critical point by 2020, which will force higher education and secondary-school educators to create cybersecurity programs. Parents, community leaders and others will also begin to include—and require—cybersecurity literacy in pre-schools and primary schools.

My long-term prediction and wish is that media socialization through ad campaigns, films, books, music, gaming and other sources will make “cyber speak” so common that students will grow up to be more readily capable of appreciating and seeking cybersecurity careers.

3. The Cycle Time to Credential Qualified Cybersecurity Professionals Will Be Compressed.

Valorie King, program chair of Cybersecurity Management and Policy at UMUC predicts that workforce demands will dictate a further compression of the cycle times for educating, training, and credentialing cybersecurity professionals. Employers will seek out qualified individuals regardless of bachelor’s- or master’s-degree status and will rely on learning experiences from outside of academia. Badging and alternative forms of credentialing also will gain traction as ways of “qualifying” for entry into the career field or for advancement on a career ladder, King said.

4. Expect a Rise in Skills-Based Hacking Competitions.

Jesse Varsalone, collegiate associate professor of Computer Networks and Cybersecurity as well as head instructor for the UMUC Cyber Padawans Hacking Competition team, piggy-backs on King’s projection with his prediction that, an increasing number of businesses will come to value and support skills-based hacking competitions as a way to provide students and professionals with the critical-thinking and decision-making abilities they need to succeed in a cybersecurity career.

More organizations will come to realize that students who are actively engaged in competitions have a better opportunity to learn and demonstrate their skills. On the flip side, Varsalone said, employers will come to see that watching a student perform technical tasks in a high-pressure team environment provides a great deal more confidence for hiring.

5. The Adoption of Blockchain Technology Will Impact Cybersecurity.

Balakrishnan Dasarathy, collegiate professor and program chair for Information Assurance in UMUC’s Graduate School predicts that one area in the application space—blockchain—is going to explode in 2018 and beyond. Blockchain is the technology that supports the use of vast distributed ledgers to record any transaction and track the movement of any asset, whether tangible, intangible, or digital and open to anyone.

Blockchain technology’s disruptive aspect is its potential to eliminate intermediaries, such as government agencies, banks, clearing houses and companies like Uber, Airbnb and eBay. Blockchain provides these and other companies a measure of speed and cost savings when executing transactions. The blockchain shared, distributed and replicated ledger allows transacting parties to directly update the shared ledger for every transaction. Since parties interact directly through the shared ledger, they have to trust each other, and the transaction records in the shared ledgers should be visible only to the right parties. As such, cybersecurity technologies, specifically cryptography and access control, are critical enabling technologies for blockchain.

6. A Proliferation of Internet of Things (IoT) Will Drive Focus on Security.

Bruce deGrazia, program chair and collegiate professor of Cybersecurity said more and more devices will be connected in 2018, but security will be overlooked. We all know about IoT appliances such as refrigerators and washing machines, but unsecured children’s toys and other smaller devices will be the next frontier, deGrazia said.

7. Machine Learning Will Give Rise to Cybersecurity Challenges and Solutions.

Tamie Santiago, collegiate associate professor of Cybersecurity Policy predicts we’ll see the continued explosion of products in virtual reality, robotics, and the machine-learning space, in which artificial intelligence (AI) is a major component. Just this past year, Saudi Arabia welcomed Sophia, developed by Hanson Robotics, as the world’s first robot citizen, and UK-based AiX introduced a new AI platform for crypto trading that acts as your personal broker.

As AI spreads into every industry, new exploits and vulnerabilities will most likely arise. But, also, cybersecurity may benefit by relying on AI technology to identify attack vectors with more speed and precision.