Marc Harris’ Post

Monitoring the activity on email aliases can help individuals detect unauthorized use or sharing of their personal information. Unusual or suspicious activity, such as unexpected emails or account sign-ups associated with a specific alias, may indicate potential data misuse or unauthorized access. Prompt detection allows individuals to take corrective action, such as revoking access or reporting abuse, to protect their privacy and security. Email alias services often provide convenient features for managing and organizing aliases, such as alias creation, forwarding rules, and inbox filtering. These tools simplify the management of multiple email addresses and aliases, making it easier for individuals to maintain control over their personal data and streamline their online communications. Email aliases can help mitigate the risk of falling victim to phishing attacks, where cybercriminals attempt to trick individuals into revealing sensitive information or credentials. By using aliases for online accounts and interactions, individuals can avoid exposing their primary email address to potential phishing attempts, reducing the likelihood of unauthorized access or identity theft. Email aliases offer flexibility and adaptability to changing privacy preferences or security concerns. Individuals can create new aliases as needed, modify existing aliases, or deactivate aliases that are no longer required. This flexibility allows individuals to adjust their data protection strategies in response to evolving threats, privacy regulations, or personal preferences.

SMALL BUSINESS SOLUTIONS An Innocent Looking Cybersecurity Risk You Never Think About Did you know?   Even something as simple as adding your personal signature to your email signature could be a cybersecurity risk you might not see coming. Some are: 1️⃣ Potential for Fraud and Forgery: A digital image of your handwritten signature can easily be copied and used in unauthorized ways.   2️⃣ Authenticity Concerns: Recipients might even question the legitimacy of emails with a scanned signature. 3️⃣ Lack of Authentication: A handwritten signature doesn’t offer the same security as a digital signature or certificate, specifically designed to verify identity in certain circumstances. 4️⃣ Sensitive Information Risks: Signature images are easy targets. The Bigger Picture While the exact percentage of identity theft or other types of crimes specifically attributed to lifted digital signatures from unprotected content is difficult to determine, there are relevant trends: ❗ Business Email Compromise (BEC): This form of fraud, which often involves email signature forgery, accounted for over $1.8 billion in reported losses in the United States in recent years (FBI’s Internet Crime Report). While not all cases involve signature forgery, it’s common in impersonation schemes. ❗ Identity Theft from Digital Forgery: In cases of identity theft involving forgery, digital signatures from unprotected content play a role, especially in corporate fraud or phishing schemes. More often seen in professional services, signature lifting happens where signatures are shared in emails or online documents. ❗ Social Engineering and Cybersecurity Weaknesses: Social engineering schemes exploit visual elements, including signatures, to appear authentic. Cybersecurity experts often emphasize using digital certificates or secure document sharing over openly emailing signatures. What Can You Do? To begin, use a professional, typed name and title for most emails, and save your official signature for formal, secure transactions only.  Include official disclaimers to reduce the risk of misuse. If digital signature security is a significant concern, consider encrypted signatures or secure email platforms to mitigate these risks. Further, cybersecurity experts recommend measures like multi-factor authentication and signature verification in business communications. Cybersecurity – yes, the world seems to have danger lurking at every turn. Help yourself to rest a little easier.  

The Growing Cyber Risk of Deepfakes: A Story of Deception and Betrayal Imagine blurring the lines between reality and fiction in a world. In a world where someone can manipulate and use a person's voice, face, and even identity against them. This is the world of deepfakes. It's a growing cyber risk. It threatens to erode trust and create confusion about what is real online. The Rise of Deepfakes: Deepfakes are AI-powered technologies that manipulate video and audio to create believable fakes. Machine learning analyzes data to copy a person's appearance and voice. This makes it hard to tell real and fake content apart. This tech could spread lies. It could also enable theft and fraud. The Harmful Potential of Deepfakes Deepfakes can have severe consequences, including: 1. Deepfakes can spread false information. They erode trust and create online confusion about what is real. 2. Deepfakes can create convincing fake identities. This leads to a surge in identity fraud and theft. The Alarming Statistics The statistics are alarming: 1. Identity Fraud Surge: Deepfake identity fraud has increased by 2,600% in the US and 4,500% in Canada. 2. Deepfake Porn Proliferation: 96% of deepfake videos online are non-consensual pornography. 3. Public Unawareness: 71% of people don't know what deepfakes are and struggle to detect them. The Impact on Businesses: The growing cyber risk of deepfakes poses a significant threat to businesses. Deepfakes can manipulate employees. They can compromise sensitive information and harm a company's reputation. Protecting Your Business: To mitigate the growing cyber risk of deepfakes, it's essential to take proactive measures: 1. Employee Training: Educate staff on deepfake tactics and how to identify suspicious activity. 2. Technological Solutions: Implement advanced detection tools and fraud monitoring systems. 3. Organizational Policies: Develop robust security protocols and incident response plans. Keepnet's Anti-Deepfake Offerings Keepnet provides innovative solutions to help you prepare your employees against deepfake threats: 1. Voice Phishing Simulation: Test employee readiness against AI-generated voice attacks. 3. SMS Phishing Simulation: Prepare staff to identify and respond to text-based phishing scams. 4. Callback Phishing Simulation: Emulate callback phishing tactics to improve incident response. Conclusion: Deepfakes pose a growing cyber risk. They are a serious threat that needs immediate attention. Educating your employees, using tech, and making strong policies can shield your business. They will shield it from the harm of deepfakes. Stay ahead of the deepfake threat. Learn more about Keepnet's anti-deepfake offerings. Use them to protect your business from the growing cyber risk of deepfakes. A DEMO USING MY FACE:

Day 77/100 What is Identity and Access Management in Cyber Security ? Identity Access and Management is abbreviated as IAM. In simple words, it restricts access to sensitive data while allowing employees to view, copy and change content related to their jobs. This information can range from sensitive information to company-specific information. It refers to the IAM IT security discipline as well as the framework for managing digital identities. It also deprives the provision of identity, which allows access to resources and performing particular activities. When you exceed your target, IAM ensures that the appropriate resources, such as the database, application, and network, are accessible. Everything is proceeding according to plan. IAM's objectives are as follows : ➼To prevent unauthorized parties from exiting the system, the purpose of this IAM should be to ensure that legitimate parties have adequate access to the right resources at the right time. ➼It only gives access to a certain group of people, such as contractors, employees, customers, and vendors. You'll also need the key to verify their identities and provide them access to everything throughout the onboarding process. ➼To revoke access and begin monitoring activities in order to safeguard the system and data. IAM goals include operational efficiency in regulatory compliance, fraud detection, and lifecycle management, in addition to protection against cyber intrusions. ➼When it comes to fraud protection, IAM is the best way to reduce fraud losses. Since a crime has been committed, the insider who has abused his access rights has been identified as corrupt. IAM assists in hiding traces to evade discovery. IAM is an automated system that analyses transactions for fraud detection using preset criteria. ➼It also guarantees that the Company meets various regulatory criteria for the detection and identification of suspicious behavior and money-laundering situations. #100daysofcybersecurity #100dayschallenge #100daysoflearning #zetaxcyber

Most people don’t know the importance of a two factor authentication. Let’s say a hacker want to hack your emails and social media account. He has done all the necessary information gathering on you, then it’s time to payload and send whatever virus to you in guise of a message, if you set your two factor authentication, he will not even gain access to you to gather his so called information. A two factor authentication is a strong security that will protect your account from hackers and stop them from gaining access to your account. Always update your computer too. Here are the importance of a two factor authentication: Increased Security: 2FA adds an extra layer of protection by requiring two different forms of identification—typically something you know (password) and something you have (a mobile device or security token). This makes it significantly harder for attackers to gain unauthorized access. Protection Against Phishing: Even if an attacker manages to obtain your password through phishing, they would still need the second factor (like a code sent to your phone) to access your account. Mitigates Password Weaknesses: Many users tend to use weak or reused passwords. 2FA reduces the risk associated with these practices by adding an additional barrier to unauthorized access. Reduces Risk of Identity Theft: With 2FA, even if your password is compromised, your identity and personal information are still protected, significantly lowering the risk of identity theft. Compliance with Regulations: Many industries and regulatory bodies require or recommend 2FA for certain types of data access, especially in financial services, healthcare, and other sensitive sectors. Builds User Trust: Implementing 2FA demonstrates a commitment to security, which can build trust with users and customers who are increasingly concerned about the safety of their data. Protects Against Remote Attacks: With the rise of remote work and online services, 2FA is essential for securing access from various locations and devices, where traditional security measures may not be sufficient. The essence of security is not to stop the hackers but to make things difficult for them. Learn to use a complex password.

It's Day 28 in Cybersecurity Awareness Month. Today, let’s discuss Voice Phishing, or "Vishing" ☎️🎙️. Did you know attackers can trick you into giving up sensitive information over the phone? Voice Phishing, or Vishing, is a social engineering attack where attackers impersonate trusted entities over the phone to deceive victims into revealing personal information, such as passwords, credit card numbers, or social security details. Vishing attacks exploit: ⚫ Caller ID spoofing ⚫ Urgency and fear tactics ⚫ Limited caller verification Let’s dive into how vishing works and why it’s a major cybersecurity concern: What is Voice Phishing? Vishing involves fraudsters posing as trusted figures—like a bank representative, tech support, or even law enforcement—to gain the victim’s trust over the phone. Using psychological manipulation, they persuade victims to provide confidential information that can be used for identity theft or financial gain 🛠️. How it works: 1. Caller ID Spoofing: Attackers make calls appear from legitimate organizations, such as your bank or government agencies 📞. 2. Urgency Tactics: They create a sense of urgency, claiming issues like “fraudulent activity detected” on your account or “immediate action required” ⚠️. 3. Information Extraction: Through carefully crafted conversations, they request sensitive data, passwords, or payment information to “resolve” the fictitious issue 🔐. The consequences: 1. Identity Theft: Personal details shared during vishing attacks can lead to identity theft and financial losses 🏦. 2. Compromised Accounts: Attackers often use acquired information to gain access to your bank accounts, credit cards, or other sensitive platforms 📉. 3. Psychological Impact: Many victims feel violated, embarrassed, or distrustful after falling for a vishing scam, impacting their confidence and security habits 💼. How to protect yourself: 1. Verify Caller Identity: Hang up and call back using a verified phone number from the organization’s official website, not from the caller ID ☎️. 2. Never Share Sensitive Info: Avoid giving out passwords, Social Security numbers, or account details over the phone unless you are certain of the caller’s identity 🔒. 3. Be Skeptical of Urgent Requests: Remember that legitimate organizations rarely pressure you to act immediately. Take time to verify before responding 👀. Vishing can be deceptive, but staying cautious and verifying calls can help you avoid falling victim to these phone scams. #CyberSecurity #Vishing #StaySecure

Last week, I shared Microsoft’s recommendations for combatting abusive AI-generated content, including the growing threat of deepfakes. While deepfake scams remain a top concern for enterprise leaders and we must be vigilant and prepared to defend against them, it’s important to note that Business Email Compromise (BEC) schemes currently pose a far greater threat to organizational security. Last May, Microsoft Threat Intelligence reported 35 million BEC attempts annually, and a recent study from Perception Point found that BEC attacks had risen 1,760% in the past year. Like other social engineering tactics, BEC attacks exploit organizations’ weakest link: their people. Using generative AI, scammers can create more convincing phishing emails that are harder to spot, duping employees into sharing sensitive information that leads to data breaches and millions of dollars in loss. Not surprisingly, teams in finance, treasury, procurement, and HR are the most frequent targets. This piece shares some excellent points on prioritizing security against BEC attacks, including monitoring vendor payment data, unifying fraud prevention efforts across the organization (something we are implementing across our own teams here at Microsoft), and deploying fraud prevention software (such as Microsoft 365 Fraud Protection) as an extra layer of defense. I would also add requiring multi-factor authentication (MFA) for all employees, implementing a Zero Trust strategy for identity access and management, and adopting secure email and payment platforms. In this unpredictable and ever-changing landscape, one thing is clear: whatever the modus operandi, AI-enabled attacks will continue to rise. We must be prepared to tackle them at scale. You can revisit our Cyber Signals report on BEC attacks for more insights and recommendations from our Threat Intelligence team: https://lnkd.in/eiXtCUbk https://lnkd.in/eHHDfzSE #Cybersecurity #FraudPrevention #AI #BEC #SocialEngineering 

37% of publicly shared files expose personal information: Many sensitive documents stored on platforms such as Google Drive, Slack, and other collaborative work applications have been left unattended for several months or even years. This has led to data sprawl challenges for companies and significant data security threats for individuals and their employers, according to Metomic’s “State of Data Security in Financial Services” report. 86% of the files had not been updated in 90 days, 70% in over a year, and 48% in … More → The post 37% of publicly shared files expose personal information appeared first on Help Net Security. #HelpNetSecurity #Cybersecurity

As reported in a recent Financial Times article, a troubling trend is emerging -#QR code #phishing scams, known as "#quishing", are slipping through corporate cybersecurity measures and tricking customers into compromising their financial information. Amir Sadon, Director of IR Research at Sygnia, provided valuable insights on this growing threat. "These attacks take advantage of the fact that QR codes, by nature, are difficult to interpret visually, so victims often don't know where they are being directed to until it's too late." To mitigate the risk of QR code phishing, Amir advises organizations to take proactive steps: ⏺️ Educate employees and customers about the risks, teaching them to verify the source of QR codes, especially in unexpected contexts. ⏺️ Implement QR code scanning tools that allow users to preview the URL before opening it. ⏺️ Encourage the use of mobile security apps that check the safety of URLs in real-time. Enforce strong authentication mechanisms and single sign-on to prevent account compromises. As criminals continuously evolve their tactics, staying vigilant and adopting robust security measures is crucial to safeguarding organizations and their customers from the growing threat of QR code phishing scams.