Is that really you Sunpass? Toll Way Scams 

Is that really you Sunpass? Toll Way Scams 

By Krista Lockhart
Cybersecurity
Text Scam

By Smart City Operations 

Memorial Day is commonly described as the unofficial start to summer. In fact, according to AAA, over  43 million Americans hit the road for a long weekend. Just a few weeks later, over 70 million Americans headed out for the 4th of July holiday. Clearly, travel spikes due to “summer holidays,” but so do toll-related cyber scams. Here are some scams to be aware of. 

First, scams that occur over text messaging are commonly referred to as smishing scams. Smishing scams target motorists by sending text messages claiming that the recipient has an outstanding toll due for driving on the highway. The toll amount is often not substantial. However, late payment fees will be charged if the toll isn’t paid immediately. The text message typically includes a link instructing recipients to tap it to settle their balance. However, this seemingly innocent action is a trap. If the recipient takes the bait by clicking a link, it will direct them to a fake payment website. Cybercriminals have three goals in mind: 

  • Steal your current login information. 
  • Raid financial accounts linked to your toll account. 
  • Install malware on your device for wider spread destruction. 

Here are a few proactive actions that anyone can take against toll-rated smishing scams.    

  1. The first rule of smishing prevention is not to engage. Replying to a smishing text confirms that your number is active and may lead to further attacks. 
  1. Verify the source. If you receive this text, visit the official toll-collection website. 
  1. If you haven’t recently driven on the tollway or weren’t expecting a payment-related message, treat it with suspicion. 

Toll-related scams spike during major holidays, but we can all take proactive measures to protect ourselves from scammers. Equally important, spread the word, tell friends and colleagues about toll-related scams, and share our proactive tips. 

Cyber Scams and Microsoft 365

By Krista Lockhart
Cybersecurity
Security
Microsoft Office scams

By Smart City Operations 

Microsoft 365 is a digital software application package that supports word processing, analysis, information storage, and more. According to Statista, the worldwide market share of office suite technologies is split between Google’s G Suite and Microsoft’s Office 365. Google’s G Suite holds a market share of 59 percent, and Office 365 has 40 percent in the United States. In the United States, there are over one million Microsoft 365 customers. Said another way, Microsoft 365 supports many freelancers and small, medium, and large businesses. Unfortunately, cybercriminals know this, too. They spend a lot of time developing scams and threats against various 365 applications. Here are two common and destructive scams to be aware of. 

 First, one of the most common scams is a completely “free” version of Microsoft Office. This is an effective scam because it appeals to price-sensitive or unsuspecting users. This too good to be true offer is malware. Once a user downloads and installs it, the malware can begin harvesting their data. The installation process appears to be legitimate and professional.  It allows users to select the version of Microsoft Office they would like to install. This malware is designed to avoid detection from most antivirus systems. So even if antivirus software scans and removes it, this malware can re-install itself afterward.  Ultimately, this “free” version of Microsoft Office costs users their valuable personal data! 

Another common yet destructive Microsoft 365 threat starts with an email claiming unusual activity has been detected on the recipient’s Microsoft account. The email warns that several features have been locked. To review this activity, users are instructed to click a link provided in the email. When a user clicks the link in the email, they are taken to what appears to be an official Microsoft login page. However, this page is fake. But it gets worse fast.  Once a user enters their login credentials, cybercriminals can access the account. Once logged in, they can steal personal information and review emails and Teams messages.  

In both instances, these scams are destructive. However, there are proactive steps to stop these threats in their tracks. Here are a few tips: 

  • Analyze the URL of the login page. If you are attempting to log in to Microsoft, the legitimate URL should be login.microsoftonline.com; any other variances could be malicious. 
  • Download software from the official source. In this case, go to Microsoft.com and search for the application and offer. If something is too good to be true, it probably is.  
  • Be sure to follow instructions regarding antivirus software and data backups. Having updated anti-virus software and periodic backups are good practices. 
  • Scammers often try to influence users to act impulsively. Therefore, taking a few steps to verify the offer is critical. 
  • Sometimes, phishing emails contain spelling and/or grammatical errors, or the wording may seem unusual. Keep a watchful eye out for this. 

In closing, Microsoft 365 cyber scams are widespread. Scammers create new ones daily and use generative artificial intelligence to deploy professional offers.  Use all the information and tips referenced in this blog post to make good decisions at work and at home. 

Public Enemy Number One: Data Breach

By Krista Lockhart
Cybersecurity
Security
Be prepared to stop hackers from taking your information.

Written By: Smart City Security Operations

Recently, an underground hacking group claimed to have successfully stolen the data of millions of TicketMaster customers in North America. Live Nation, Ticketmaster’s parent company, issued a statement alleging the group threatened to share the information on the dark web. This incident is developing; however, it reflects a concerning trend. Ticketmaster is not alone; small, medium, and large organizations remain prime targets for hackers.  Said another way, this could happen to any organization. Here are some other growing cyber security concerns:   

Account Takeover Threats occur when unauthorized users access your accounts, leading to potential data loss, financial damage, and reputational harm. Recovering from such an event is often a time-consuming and challenging ordeal. These typically occur due to weak passwords and the lack of Two-Factor Authentication (2FA). 

Weak passwords significantly increase the risk of data breaches. Establishing strong and unique passwords consisting of at least one uppercase character, one number, and one symbol is crucial.  

Also, minimal layers of security make it easier for threat actors to gain control of your accounts.  

However, while the trend line continues to trend up, there are some actionable steps we can all take: 

Create strong passwords. Use a complex mix of letters, numbers, and symbols. Avoid predictable patterns and never use personal information like birthdays or anniversaries. Where possible, activate two-factor verification on all platforms that support it, including social media, email services, and banking websites. Next, protect your mobile number from being transferred without authorization by setting up a port-out PIN with your carrier. Finally, monitor third-party applications regularly. Inspect your email accounts for unrecognized third-party applications. Research your email provider’s security settings and take proactive steps to update security permissions. 

In closing, data breaches serve as a stark reminder that no one is exempt from the threat of cyber-attacks. Do not assume you are immune if you have not been affected yet. Adopting a proactive stance is far more effective than a reactive one. Take steps to secure your accounts today.  

Don’t Trust, Verify

By Krista Lockhart
Cybersecurity
phishing
Security
Cyber security tips and tricks.

Written By: Smart City Security Operations

Americans lost more than $12.5 billion due to cyber scams, according to the FBI’s Internet Crime Complaint Center (IC3) 2023 annual report (PDF). Unfortunately, hacking is a full-contact sport. Scammers reach out by email or even on the phone. They often use bits of relevant information to reel you in. They then layer on fear and urgency. They want you to act without thinking.  A cybercriminal could send what may look like an invoice or service renewal. They may call and pretend to be a customer service representative, alerting you to a security breach. In both instances, they convey a sense of urgency that grabs your attention. 

For example, you receive an email from a colleague at work asking you to review some information. In this scenario, within seconds, this communication lets you open an attached file, and then a pop-up window instructs you to “Enable Editing” by clicking a button. Unfortunately, clicking this button seems harmless but it initiates malware on your computer. This advanced malware can steal your user credentials on your work computer and other personal information on your personal device. It is designed to evade detection by antivirus software. Once installed, it is very difficult to remove. Similar attacks can also occur via standard software like Microsoft Word or PowerPoint. Here are some tips to help you avoid malware scams: 

  1. Be cautious and proactive when reading emails. Scammers often use phrases like “as soon as possible” and “penalties” to create a sense of urgency.
  2. Do NOT click anything, especially buttons labeled “enable editing” or “enable content” on attachments from unknown or unexpected sources. This is a common method for malware installation especially through Microsoft Word and Excel.
  3. Log into your accounts directly to verify invoices or payment requests. You can also contact the company’s customer service department for information.

In closing, cyber scams are evolving rapidly, and cyber security solutions are being developed just as quickly. However, it all comes down to each of us making smart decisions every day. So, can you read that email from your boss? Yes, of course, but don’t just trust. Take steps to verify whether this and all emails asking you to do something are legitimate.   

Protecting Yourself from Phishing

By Krista Lockhart
Cybersecurity
phishing
How to recognize Phishing emails.

Protecting Yourself from Phishing Attacks: Types, Prevention, and Recovery

In contemporary times, phishing attacks have surged in frequency, closely mimicking authentic communications. This blog delves into the world of phishing, shedding light on its nature, the diverse array of phishing tactics, imparting strategies to prevent falling into their traps, and furnishing advice on how to navigate the situation if you inadvertently become entangled in one.

 

What is Phishing?

Phishing is a deceitful tactic involving the transmission of deceptive messages that masquerade as originating from a trusted and reputable source, typically distributed via email and text messages. The primary objective of the attacker is to steal funds, obtain access to sensitive data and login credentials, or surreptitiously implant malware onto the targeted individual’s device. Phishing is a perilous, harmful, and progressively prevalent form of cyber assault.

 

Types of Phishing Attacks
  1. Spear Phishing: Spear phishing is a highly targeted attack where cybercriminals tailor their messages to specific individuals or organizations. Attackers gather information about their targets from various sources, such as social media, to make the emails or messages appear more convincing.
  2. Email Phishing: This is the most common type of phishing attack. Cybercriminals send seemingly legitimate emails that prompt recipients to click on links, download malicious attachments, or provide sensitive information.
  3. Vishing (Voice Phishing): Vishing attacks involve phone calls or voicemails from scammers posing as trusted entities. These attackers may try to extract personal information or ask for payment details.
  4. Smishing (SMS Phishing): In smishing attacks, scammers use text messages to deceive recipients into clicking on links or replying with sensitive information.
  5. Pharming: Pharming attacks redirect users to malicious websites that mimic legitimate sites. Users unknowingly enter their sensitive information, which the attacker then captures.
  6. Whaling: Whaling is a form of spear phishing that specifically targets high-profile individuals or executives within an organization. These attacks aim to steal valuable corporate data.
  7. Clone Phishing: In clone phishing, attackers take a legitimate email, make a near-identical copy, and send it to the original recipient. The goal is to trick the recipient into taking an action that reveals sensitive information.

 

How to Avoid Falling Victim
  1. Verify the Sender: Always double-check the sender’s email address or phone number. Look for slight variations that may indicate a fraudulent message.
  2. Think Before You Click: Be cautious about clicking on links or downloading attachments, especially if the message is unexpected or seems suspicious.
  3. Don’t Share Personal Information: Never provide sensitive data, such as passwords or credit card numbers, through email or over the phone without verifying the identity of the requester.
  4. Use Multi-Factor Authentication (MFA): Enable MFA wherever possible to add an extra layer of security to your online accounts.
  5. Keep Software Updated: Regularly update your operating system, browsers, and antivirus software to patch vulnerabilities that cybercriminals may exploit.
  6. Educate Yourself: Stay informed about the latest phishing techniques and scams. The more you know, the better equipped you’ll be to recognize and avoid them.

 

What to Do If You Fall Victim

Despite our best efforts, anyone can fall victim to a phishing attack. If you suspect that you’ve been phished, here’s what you should do:

  1. Change Your Passwords: Immediately change the passwords for the compromised accounts. Ensure these passwords are strong and unique.
  2. Contact the Affected Service Providers: Inform the service providers (e.g., your bank or email service) about the incident. They can help secure your account and prevent further damage.
  3. Scan for Malware: Run a complete antivirus and antimalware scan on your device to ensure that no malicious software is installed.
  4. Monitor Your Accounts: Keep a close eye on your financial accounts and credit reports to detect any unauthorized activity.
  5. Report the Phishing Incident: Report the phishing attack to the appropriate authorities. In the United States, you can file a complaint with the Federal Trade Commission (FTC).
  6. Educate Others: Share your experience with friends and family to raise awareness about the threat of phishing and help others avoid similar situations.

Phishing attacks are a persistent and evolving threat in the digital landscape. Staying vigilant, educating yourself about the different types of phishing attacks, and taking proactive steps to protect your, personal and financial information can go a long way in preventing falling victim to these scams. If you do fall prey to a phishing attack, knowing how to respond can minimize the damage and help you recover more swiftly. Remember, the best defense against phishing is a combination of awareness, caution, and ongoing cybersecurity practices.

At Smart City, safeguarding our customers’ information from phishing scams is paramount. We employ a multi-pronged approach to ensure the security of their sensitive data. Our employees undergo rigorous training and awareness programs to recognize and thwart phishing attempts effectively. We maintain robust network security measures, including advanced email filtering, intrusion detection systems, and continuous monitoring, to identify and block potential phishing threats. Most importantly we enforce multi-factor authentication (MFA) and adhere to stringent patching and updating schedules to fortify our systems. By staying vigilant and combining employee education with state-of-the-art network defenses, we aim to provide our customers with a secure and trustworthy environment, where their information remains protected against the ever-evolving landscape of phishing scams.