Post-Acute Care News

Get News via Email

Mark Owens

Find me on:

Recent Posts

Security Spotlight: Tips for Secure Holiday Online Shopping

By Mark Owens on Wed, Dec 11, 2019 @ 09:15 AM

As we enter the holiday shopping season, the risk of online fraud increases dramatically. According to the U.S. Secret Service and the Cybersecurity & Infrastructure Security Agency, U.S. retail e-commerce spending for this holiday shopping season is forecasted to top $135 billion. Online criminals will utilize this busy time to prey even more upon consumers who are unsuspecting or unprepared. The following information and best practices can help you have a more secure shopping experience during the holiday season and beyond.

Software and Antivirus Updates

No matter what the device you shop from, Operating System updates and antivirus definitions should be installed as soon as they are available.

Account Passwords

Passwords to online shopping sites and other accounts should be changed regularly and different passwords should be used on each account. If offered by the site, take advantage of multi-factor authentication for an added layer of security. Passwords on home networking equipment, such as Wi-Fi routers, should be changed from the default password they are configured with from the factory. 

Payment Cards

Credit cards should  be used instead of debit cards. Credit cards have better protections for the consumer if fraud occurs. Debit cards have no limit to the amount of loss the consumer can suffer. Verify online transactions by checking your credit card and banking statements routinely.

Using Public Wi-Fi

Online shipping or banking should NOT be conducted over publicly available Wi-Fi networks. While the network in a restaurant, coffee shop, or store may require a password, there is no guarantee as to how secure the network is or who may be monitoring and intercepting your online transactions.

Beware of Phishing E-Mails and Social Engineering

This is the time of year in-boxes are flooded with offers of all sorts, which increase the possibility of encountering fraudulent websites and e-mails. Avoid opening attachments and clicking on links within e-mails from senders you do not recognize. Often, these attachments or links can contain malicious content that can infect your device or computer with ransomware or steal your personal information. Type the hyperlink for the website manually into your browser rather than clicking on the URL in the message. Also, be wary of e-mails or calls requesting that you verify your account by providing information such as your login, password, account number, etc. Legitimate businesses will never call you or e-mail you directly for this information. Utilize the customer service numbers on your credit cards, debit cards, bank statements or the merchant’s website to verify any information requests. Lastly, remember that, if the offer sounds too good to be true, then it probably is.

Whom You Conduct Business With

Extra consideration should be given to merchants and businesses you provide your personal and payment information to online. Reputable and established online businesses utilize encryption to protect your information as it is transmitted to and from your computer or device but this might not be the case for “unknown” online merchants. Also, to lessen the risk of visiting fraudulent or “spoofed” websites, consider how you get there. Certificate errors can be a warning sign that something is not right with the website. When shopping from your smartphone, only use apps from trusted businesses and downloaded directly from the device’s designated app store.

Content provided by the U.S. Secret Service and the Cybersecurity & Infrastructure Security Agency (CISA) and edited by Mark Owens, Director of Information Security, Prime Care Technologies

 

 

 

 

 

 

 

 

 

Security Spotlight: Fake Program Updates

By Mark Owens on Wed, Oct 16, 2019 @ 02:38 PM

Cybercriminals are becoming more sophisticated. In just the past month, a toolkit has been discovered that allows attackers to use Fake Program Updates from compromised web sites to infect computers. Let’s look closer at this type of attack and see what we can do as Human Firewalls to detect and prevent them.

How It Works

  • This is a sophisticated scheme where the bad guys compromise legitimate sites to prompt you to either install software updates or, in some cases, downloads may begin automatically.
    • The prompts to download the software look very convincing, but they are actually downloading malware and remote access software.
  • Imagine you’re visiting a web site and you get a message prompting you to perform a software update.
    • It might be an update to your browser, or flash player, or even a missing font like the following examples:

Fake Google Chrome Update

Fake Flash Player Update

Fake Missing Font Update

Screenshots courtesy of Bleeping Computer

How to Avoid Becoming a Victim

Because of the level of sophistication in this exploit, it can be very difficult to determine if the update is legitimate.  When you really think about it though, it’s unlikely that a retail site such as Best Buy, or a banking site, such as Bank of America, is going to be pushing out updates for your browser, or any program for that matter.  So, your best practice is to assume it’s fake and follow the steps outlined below. 

If you encounter a website prompting you to load any type of update:

  • Do not click on the page
  • Immediately close your browser
  • If something started downloading and updating automatically, cancel the download and update process
    • At this point:
      • If you are at work, notify the anti-virus (“AV”) team right away so they can determine if your computer is compromised
        • They may run a full system AV scan or take other actions like reviewing system processes
      • If you are on your home computer, make sure your AV is active and updated
        • You may also want to use System Restore to revert back to the last version of your system backup just to be safe

What’s Next

If nothing started downloading and updating automatically, or you’re confident your computer is not compromised, you can navigate to the software author’s official website to find out if there are valid updates available.

Conclusion:

This Fake Program Update is, at its core, a social engineering tactic. The bad guys are relying on the fact that computer users are savvier these days and know about the necessity of updates to keep their computers safe.  They then piggyback on the trustworthiness of the programs they claim to represent to get past your Human Firewall defenses. You wouldn’t eat something a stranger on the street just handed you so, as a Human Firewall, don’t install any program update from a site that doesn’t belong to the software author.

Recent Posts

Screen_Shot_2016-07-26_at_3.06.07_PM.png

Gain visibility and control over claims operations

See how Prime Care can move the needle across your enterprise

PLAY DEMO