In this week’s scam, you receive an email that appears to be from your organization’s human resources (HR) department. The email seems to be related to your compensation and benefits, and contains a link for you to click so that you can log in to your HR portal to find out more information. If you click the link, you’ll be taken to a login page.
However, the email you received is actually a phishing scam, and the login page is a fake page created by cybercriminals to trick you into entering your user information. If you enter your user credentials, scammers will steal this information and use it to log in to your organization’s real HR portal. Once the cybercriminals have gained access to your profile, they change your direct deposit information so that your paychecks will be sent directly to their bank accounts!
Follow these tips to avoid falling victim to this phishing scam:
- Be cautious of any unexpected or urgent emails, even if they appear to be from HR. Scammers use fear and a sense of urgency to trick you into acting without thinking.
- Never click links in an email to log into your work accounts. Instead, open a new window and log in to the official website.
- Always follow your organization's procedures for reporting suspected phishing emails. Quick action helps protect your colleagues and your organization from cyberattacks.
Did you know that the average person uses the same three to seven passwords to log in to over 170 online accounts? In addition to being reused, these passwords are often weak and can be easily guessed by cybercriminals. If cybercriminals guess these passwords, they could access the majority of their victim’s online accounts. Even worse, the victim may not know that their password has been compromised for several months or years. To keep your passwords squeaky clean and safe from cybercriminals, follow the tips below:
Create Strong Passwords
Creating strong passwords helps prevent cybercriminals from gaining access to your online accounts. Your passwords should be as long, complex, and random as possible. While many websites only require passwords to be eight characters long, we recommend making your password at least 12 characters long. You should also include a combination of lowercase and uppercase letters, numbers, and symbols in your password. To keep your accounts extra safe, you can use password phrases, or passphrases. However, when you create your password or passphrase, make sure that you don’t use any personal information that a cybercriminal could guess.
Don’t Reuse Passwords
Reusing passwords for your online accounts may be convenient, but it’s also risky. If you reuse passwords, you could be at risk of having multiple accounts compromised at once. If a cybercriminal guesses your password, they could access multiple accounts instead of just one account. Cybercriminals can also sell passwords or make them available online. Creating a unique password for each online account reduces the risk if one of your passwords is compromised.
Use a Password Manager
You’re probably wondering how you are supposed to remember long, complex passwords for all of your online accounts. The answer is a password manager. You can use password managers to securely store all of your passwords. Instead of having to remember passwords for every online account, you only have to remember one password for your password manager. In addition to storing your passwords, many password managers can also generate passwords for you based on specific criteria.
Use Multi-Factor Authentication
You can also use multi-factor authentication (MFA) to secure your online accounts, if available. MFA requires multiple forms of authentication, such as a password and a code from your smartphone or a USB smart key. By requiring you to use multiple forms of authentication, cybercriminals will have a harder time gaining access to your account, even if your password is compromised.
Nobody wants cybercriminals to guess their passwords. To keep your passwords squeaky clean and safe, remember to create strong passwords, avoid reusing passwords, and use a password manager or MFA, if possible.
Video games are a popular pastime for people across the world. Even if you've never played video games, you’ve probably heard of games like Legend of Zelda, Minecraft, FIFA, or Call of Duty. Cybercriminals are taking advantage of the growing popularity of video games by creating scams to steal your sensitive information.
Free Downloads May Contain Malware
Cybercriminals post free downloads of popular video games to lure you in. If you download the file, it may contain malicious files in addition to the game. Most commonly, cybercriminals use malware that allows them to download additional malware on your device without you knowing. Then, they can use this malware to monitor your computer activity and steal your sensitive information, such as your bank information or login credentials.
Cybercriminals Sell Your Digital Items
Downloads aren’t the only way cybercriminals may be targeting you. Many video games allow you to use real money to buy digital credits, which are referred to as “in-game currency.” You can exchange in-game currency for special game items. Cybercriminals target players with high-value items and use techniques such as phishing emails to try to steal your login credentials. If cybercriminals obtain your login credentials, they can send your in-game items to their own accounts. Then, they can auction and sell your items to other players.
What Can I Do to Stay Safe?
Don’t fall for video game scams! Follow the tips below to stay safe:
- Never download files from an unverified source. A file that looks legitimate and runs properly can still contain malware.
- Always think before you click. Cyberattacks are designed to catch you off guard and trigger you to click impulsively so cybercriminals can obtain your sensitive information.
- Enable multi-factor authentication (MFA) on your accounts when available. MFA adds a layer of security by requiring that you provide additional verification to log in to your account.
In this week’s scam, cybercriminals are using a clever trick that makes their phishing emails seem more real than ever. You receive an email from a real PayPal email address. The email contains an invoice for a large purchase you did not make, and a phone number for you to call if you want to dispute the charge. Even though the email comes from a real PayPal email address, this is actually a scam.
Cybercriminals create a PayPal account and use it to send you a fake payment invoice. The email you receive is real, but the invoice is not, and if you call the phone number in the email, you will not be connected to PayPal's support team. Instead, your call will be answered by a cybercriminal who will pretend to work for PayPal support. They will try to trick you into giving them your credit card information for a "refund," or trick you into paying a fee to fix your account!
Follow these tips to avoid falling for this phishing scam:
- If you receive an unexpected PayPal invoice, log in to your account on the official website or app to verify if it is legitimate.
- Remember to be wary of unusual emails, even if they come from what appears to be a genuine email address. Be suspicious of any unexpected bill or urgent request for money.
- Don’t call the phone number listed in a suspicious email. If you have any questions or concerns, always use the official customer support number on the organization's real website.