Tag Archive for Information security

| September 28, 2024
Comments Off on Job Scams That Will Compromise Your Safety

Job Scams That Will Compromise Your Safety

Job Scams That Will Compromise Your SafetyJob scams are on the rise. NBC reports that they increased by 118% from 2022. Job scams are essentially fake job postings. The scammer is trying to access your bank account and looking for your personal information. The rise in remote work and advancements in AI have made it easier for scammers to create convincing fake job listings.

Mark Anthony Dyson has written an interesting article on the Job Scam Report about conducting a safe job search. He warns that job scammers are hijacking the hiring process to steal personal information in the long run. However, they are also after cash in the short run. According to the FTC, the typical job scam victim in 2023 lost $2,000. Additionally, the article details five myths about job scams that are putting job seekers at risk.

Your future

Dyson says that bad guys are running scams to compromise personal info. The Better Business Bureau reports that employment scams were the number one riskiest scam for people ages 18-44 in 2023. Consequently, if scammers get hold of data, your future financial and employment will be adversely affected. 

He points out that most scams are just old scams with new layers and better disguises. They use basic social engineering tactics, like phishing links, infected files, and fake landing pages. We’ve known about all of these tactics for decades.

Dyson says some job seekers let their guard down, and others give up on their job search. However, this critical error in judgment makes everyone more vulnerable to job scam myths like:

Job scams ONLY target the desperate.

Scammers use social engineering to cast a wide net.False: Scammers use social engineering to cast a wide net. They want to find anyone looking for something better. They create offers that are “too good to be true” and uniquely plausible. The “offers” are designed to pique the interest of the receiver. The BBB warns that if you are offered a job without a formal interview with excellent pay and benefits, it’s likely a scam.

How to stay safe: Don’t entertain the possibilities unless you know who sent it to you. One way to verify the sender is to search for the number quickly in Google. If the number is associated with a legitimate business, you should see that the business’s website appears in the first few results. Verify that the number shows up on that business’s website.

Job scams are easy to spot.

False: Job scams evolve just as the job market changes. The author points out that job scams increase when unemployment and uncertainty rise. The growing use of AI is currently driving this trend.  

How to stay safe: Read articles like this about job scams. In addition, check out the Better Business Bureau’s Scam Tracker, which catalogs over 34,000 scams. The BBB is working closely with the FBI to identify scammers.

Legitimate companies won’t ask for personal or financial information.

Legitimate companies don't ask for personal information upfrontTrue: Legitimate companies don’t ask for personal information upfront as a candidate. Once hired, your personal information, such as your social security number or bank account, is necessary, but not before you are hired. Moreover, the BBB states you should be especially wary if someone pressures you to divulge your information, saying the job offer will only last if you fill out all the forms.

How to stay safe: Follow your instincts. Never give sensitive information to anyone you aren’t sure you can trust. Does something seem “a little off?” If that is the case, disconnect and report the crime to the FBI’s ic3.gov or the FTC. You should also contact the job board if that’s where you encountered the scam. Most job sites have a mechanism for reporting these types of issues.

Additionally, Dyson says you must contact the appropriate institutions (bank, credit card, etc.) if you have given up your personal information, cash, or both.

Once scammed, you’ll know how not to get scammed again.

False: No matter how tech-savvy you may be, you are still vulnerable to social engineering tactics. You can be a victim more than once. Different scams can look the same. The bad guys take advantage of job seekers who are desperate and anxious; others are curious due to the “desirable” opportunity they seek.

How to stay safe: You must do your due diligence and research every part of your job search to ensure the opportunity is legitimate. Research the person who contacted you. Look them up. A quick LinkedIn search should reveal if they work for the company they claim to represent. Additionally, you can find the company’s contact information on their official website (check the URL) and contact them directly to ask if they are hiring for the position you’re applying for. You can go even further and verify the website at ICANN here. If they say they’ve been in business for five years, but the website was created a week ago, that is a huge red flag for a job scam.

Once scammed, there’s nothing more to do.

your personal information is their end gameFalse: Once you’re an online scam victim, the work is just beginning. The scammers may have gotten away with some money, but your personal information is their end game. They want to steal your identity and cause damage to YOUR NAME:

They can use your personal info to:

  • Get bank accounts.
  • Open Credit cards.
  • Incur Medical care resulting in medical bills.
  • Apply to multiple jobs in the same company.
  • Scam other people.

How to stay safe: Start before they scam you. Be proactive and protect your personal information. The author suggests you:

  • Regularly change your passwords.
  • Freeze your credit and bank accounts and credit reports.

Furthermore, if you fall victim to a scam, tell your network. The scammers can create social media accounts to scam others in your name.

Related article

 

Ralph Bach has been in IT for a while and has blogged from the Bach Seat about IT, careers, and anything else that has caught my attention since 2005. You can follow me on Facebook or Mastodon. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| March 21, 2013
Comments Off on Tablet Info

Tablet Info

Outside the office, workers turn to the tablet over the PC

Outside the office, workers turn to the tablet over the PCTablet computing is not overtaking smartphones or PCs in the enterprise, but they’re definitely carving a new business niche for themselves a survey conducted by cloud content management firm Alfresco shows. According to the data cited by GigaOM, tablets have replaced the PC as the go-to workstation for working at home and on the road.

The Alfresco study found that staff is using tablets:

  • 48% of enterprise employees are using tablets after hours at home,
  • 55% of respondents use tablets at business meetings (vs. 24% using PCs),
  • 50% are turning first to slates at conferences, compared to 13% using their laptops.

Alfresco reported that employees prefer the smartphone at more informal business functions

  • 57% using them at business lunches and
  • 51% using them in coffee shops.

But the tablet is also starting to become commonplace even in those more casual settings: 34% of respondents said they would haul out their slate at a lunch meeting, while 43% would do the same in a coffee shop.

The Alfresco data indicates that the 3-screen reality is coming true. Tablets aren’t replacing either smartphones or laptops, but are instead creating a new space in-between. The vendor says it’s pretty clear that laptops are increasingly tethered to the desk or cube, while tablets are the tool of choice on the go.

RB- This has huge implications on the support side of the equations

Incorporating Tablets into Enterprise Security

Incorporating Mobile Devices into Enterprise SecurityEnterprise information security hasn’t caught up with the consumerization of IT according to Lenny Zeltser in a recent article on the Lenny Zeltser on Information Security blog. The author states that the urgency with which organizations need to account for consumerization is driven by modern mobile devices such as Apple iPhones and iPads.

Enterprises are coming to terms with the idea of employees connecting to the corporate network over a VPN. Be it from personal laptops and home workstations according to the article. However, most organizations haven’t looked at the effect that the proliferation of powerful mobile devices has on enterprise security architecture.

Mobile devices sometimes have VPN-like access to the corporate network. In most cases have access to the company’s email contents, calendar, and address book. The devices are as powerful as laptops were just a few years ago. Yet, their operating system’s security has not benefited from the test of time. Tablets and mobile devices lack most of the security controls we’d expect to find in a “legacy” workstation OS.

Mr. Zeltser argues we need to understand how to model the threat vectors related to mobile devices and how to adjust the security of the enterprise architecture accordingly. The measures will probably involve:

  • Greater segmentation of the company’s network,
  • Treating any device that users interact with, whether it’s a desktop or a mobile phone, as an untrusted node,
  • Standards and tools to lock down the configuration of mobile devices,
  • Practices and technologies for managing vulnerabilities in applications and the OS of mobile devices,
  • Incident response plans that incorporate both “legacy” IT infrastructure assets and mobile devices.

BYO tablet? Three ways business is getting it all wrong

BYO tech? Three ways business is getting it all wrongSilicon.com had an article describing Three ways businesses are getting BYOD all wrong. The author claims the days of the standard work-issued laptop are numbered as businesses let staff use their own computers and gadgets in the workplace.

However, in the rush to adopt bring-your-own tech, businesses are placing too many restrictions on how personal devices can be used at work according to Anthony Vigneron, collaboration services global manager at global law firm Clifford Chance. He estimates that about 10 percent of firms’ 7,000 staff share the same device at home and work.

Mr. Vigneron described for silicon.com three ways businesses get it wrong when it comes to letting staff use personal devices at work.

Use sandboxing

Businesses are often advised to provide personal devices with secure access to corporate systems using sandboxed virtual machines. Sand-boxed machines allow remote access to corporate info via a virtual desktop that is run from the business’ data center.

He says it is better to let users access corporate data and apps from their device’s own OS. “Trying to deliver applications within a sandbox is not what users want. That’s not consumerization, that’s just another way of providing the same apps on different hardware,” he said.

People want to use the native applications. They don’t want to have to log in through some other system.” He concludes “The business should be able to control some of the applications staff use but you don’t want all those things inside another application.

Give them a choice

Mr. Vigneron argues that the line where work life ends and private life begins is becoming increasingly blurred. So it doesn’t make sense to treat them as two separate entities. By not allowing workers to merge their work and home calendars, contacts, and emails, businesses are imposing an artificial distinction on their staff. He explains, “You do want some separation … People want the choice of being able to work with the same interface.

Costs matter

Letting staff use their personal smartphone while working may seem like a good idea. However, employees might be in for an unpleasant shock when they get their phone bill. Mr. Vigneron said “For companies to allow for consumerization, the price has to get to an equivalent of what we can get as a corporate. They’re not doing that at the moment.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Tablet computing | Tags: , , , , , , , , , , ,
| January 31, 2013
Comments Off on Are Users the Future of CyberSecurity?

Are Users the Future of CyberSecurity?

Are Users the Future of CyberSecurity?Gartner is shopping the idea that the people using IT systems and corporate data are perhaps the best ones to guard them. They are calling the People Centric Security (PCS). According to a ZDNet article, People Centric Security loosens IT controls and relies on end-users to assume responsibilities for protecting IT systems and data.

Gartner logoTom Scholtz at Gartner (IT) presented the idea at the recent Gartner Identity and Access Management conference. They explained it this way, empower users with responsibility for systems and data important to their work, sprinkle in consequences for breaching that responsibility, and users will do the right things to secure their environment.

Gartner argues that the convergence of social, mobile, cloud and big data are eroding corporate boundaries and controls in many areas long thought to be state-of-the-art defenses. “The current approach in developing policies and controls doesn’t scale to current realities,” Mr. Schotlz said.

users will do the right thingMr. Scholtz argues current information security policies and tools grind on productivity. He says the relationship between IT, the business, and workers has transformed and necessitates a change in regard to information security. “In this brave new world, what we do as security people is viewed as negative. We are the people who slow things down.

However, Gartner is not advocating losing all controls and policies only loosening them. Mr. Schotlz argues that taking away controls on data and replacing them with new user-based responsibilities, principles, and rights may just improve end-user focus and produce a more managed and secure environment.  “We cannot forget about the bad guys outside our enterprise; we do not get rid of all our defenses,” he said.

We treat them like childrenOne of the realities in the current approach to information security is we treat the 95% of people that want to do the right thing, we treat them like the bad people in order to protect against the bad things done by the 5% of people who have bad intentions,” said Scholtz. “We treat them like children, and if you treat people like children, they will act like children.

The PCS goal is to implement a “trust space.” ZDNet explains that concepts surrounding “mutual trust” are not new, they have been used in traffic planning, Europe’s Schengen Agreement, open source, and even cloud computing, where companies trust that large providers will protect their data as part and parcel of protecting their own valuable brands.

Gartners People Centric Security Principles

Such an environment “makes it easier to monitor for exceptions, the good people are not trying to circumvent the controls,” says Scholtz.

Protect your dataGartner’s Scholtz knows PCS is not for everyone and that implementation requires cultural and educational challenges. “Maybe we could develop a situation where we have a set of underlying principles that underpin how people use data and how they access systems, and we link those with specific individual responsibilities,” he said. “Maybe we get a more collaborative and social environment.

There are specific requirements if PCS is to prosper according to the article, the process has to be top-down and there have to be effective punishments for those that abuse their rights. Scholtz admits his concepts are in the embryonic stage, but that they will evolve in the coming months as he works with select enterprises. He noted that a European bank and a U.S.-based agricultural business are already adopting PCS concepts.

 rb-

How crazy do you think the PCS concept is? Can it work? Remember that just a couple of years ago, Gartner called BYOD, which I covered here in 2010.

Are your users the future of cybersecurity?

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
| November 17, 2011
One comment

Georgia Tech Predicts Cyber Threats For 2012

Georgia Tech Predicts Cyber Threats For 2012The Georgia Tech Emerging Cyber Threats Report for 2012 predicts that 2012 will feature new and increasingly sophisticated means to capture and exploit user data. “Our adversaries, whether motivated by monetary gain, political/social ideology or otherwise are becoming increasingly sophisticated and better funded,” said Bo Rotoloni, director of the Georgia Tech Research Institute‘s (GTRI) Cyber Technology and Information Security Laboratory (CTISL).

Search PoisoningWe can no longer assume our data is safe sitting behind perimeter-protected networks. Attacks penetrate our systems through ubiquitous protocols, mobile devices, and social engineering, circumventing the network perimeter.

Threats according to Georgia Tech

Search Poisoning – Attackers will increasingly use SEO techniques to optimize malicious links among search results so that users are more likely to click on a URL because it ranks highly on Google (GOOG) or other search engines.

Mobile Web based AttacksMobile Web-based Attacks – Expect increased attacks aimed specifically against mobile Web browsers as the tension between usability and security, along with device constraints (including small screen size), make it difficult to solve mobile Web browser security flaws.

Stolen Cyber Data Use for Marketing – The market for stolen cyber data will continue to evolve as botnets capture private user information shared by social media platforms and sell it directly to legitimate business channels such as lead generation and marketing.

botnetsWe continue to witness cyber attacks of unprecedented sophistication and reach, demonstrating that malicious actors have the ability to compromise and control millions of computers that belong to governments, private enterprises, and ordinary citizens,” said Mustaque Ahamad, director of Georgia Tech Information Security Center (GTISC).

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Georgia Tech Predicts Cyber Threats For 2012
Category: Uncategorized | Tags: , , , , , , , ,