Asset Protection
Cybersecurity Monthly Newsletter November 2023
In this issue:
-
Beware: Work-from-Home Scams and Lead to Identity Theft
-
Cybersecurity Shorts
-
Software Updates
Welcome to your November Savvy Cybersecurity newsletter. Read on to learn more about:
- An update on the Las Vegas cyberattack
- How to stay safe from work-from-home scams
- And much more
Beware: Work-from-home scams can lead to identity theft
A retired family member of mine has recently been looking for a part-time remote job online. They had joined a couple of local online job groups on Facebook. One job in particular caught their eye—data entry for $35/hour—so they applied. They told me about this over the phone and I immediately put my cybersecurity hat on. Something about it seemed suspicious and I told them to be careful moving forward.
A few days later, this company asked my family member to fill out paperwork. They then wanted to send a check to be used to purchase equipment for their at-home work setup. When the check arrived, it was clearly fake.
Luckily, this family member took some caution and created a separate bank account to provide to this company. This move ultimately protected their account from potentially being drained. However, they did share personally identifiable information with this fraudulent company—including name, date of birth, license information, and a social security number.
When I got the call about the fraudulent check that confirmed this job was a scam, we immediately went into clean-up mode. This was the action plan I gave:
- Immediately call your bank and alert them of the fake check and vulnerable account.
- Freeze your credit with the big three credit bureaus.
- Monitor your other bank accounts closely. Ask the bank if they can add any extra layers of security.
- Contact the DMV regarding the driver’s license information exposed.
- File a police report.
- Continue to monitor all financial and personal accounts closely.
Fraudulent job red flags
Work-from-home scams are not new, however, they have become more prevalent following the pandemic. While there are plenty of legitimate remote jobs, some job postings are fraudulent. Here are some red flags to be aware of regarding work-from-home jobs:
- Jobs posted on Facebook: If you are looking for a remote job, stick to job boards like LinkedIn or other reputable sources. There’s little vetting done before someone can post a job on a Facebook group.
- Jobs asking you to purchase items: If the job asks you to purchase items with your own money to be reimbursed later—investigate further. This is one of the key signs of a fraudulent job.
- High pay for the task: If the job is offering very high pay for the task, it may be a scam. Like most scams, if things seem too good to be true—they probably are.
If you or someone you know does fall victim to one of these scams, be sure to share the action plan outlined above with them.
Cybersecurity shorts
SEC charges SolarWinds with fraud. The SEC has charged SolarWinds and its CISO with fraud and internal control failures for allegedly misleading investors about its cybersecurity practices leading up to the Sunburst attack that was discovered in December 2020. Additionally, the SEC has alleged that SolarWinds overstated its cybersecurity practices and failed to disclose known risks from October 2018 up to at least when the attack was discovered in December 2020. You can read more about the charges and allegations SolarWinds is facing here.
K-12 are improving protection against attacks but still remain vulnerable. There are more than 9,000 small public school districts across the country with up to 2,500 students – which is roughly 70% of public districts in the country – that are eligible for free cybersecurity services through a new program called Project Cybersafe Schools. And while cybersecurity services and federal officials have hosted exercises with schools to help them learn how to better secure their networks, many districts are still being lax, which means thousands are still vulnerable to ransomware gangs that can steal their confidential data.
New York is adding rigorous requirements to financial cybersecurity rules. Earlier this month, New York’s watchdog published significant updates to its cybersecurity regulations that added strict provisions around board oversight and ransom payments that go further than recent federal rules. While the updated rules in some areas are similar to those recently approved by the SEC, New York’s rules go into greater detail in some areas. For example, in a new addition, companies now face significant requirements related to ransom payments. You can read more about these newly revised requirements here.
The attackers behind Las Vegas attacks are social engineering experts. The group that is claiming responsibility for major attacks against MGM Resorts, Caesars Entertainment, and Clorox, is composed of experts in social engineering. Scattered Spider, which deploys AlphV ransomware in some of its attacks, uses multiple techniques and tools to gain remote access or bypass multifactor authentication, federal cyber authorities warned in a recent advisory. The FBI and CISA shared technical details but are saying more information is still needed as a lack of reporting hinders law enforcement’s ability to take action.
Software updates
Adobe: Adobe patched over 70 security issues this month—including critical vulnerabilities in Adobe Acrobat and Reader. Be sure to update your software as soon as possible. You can learn more about the updates here.
Microsoft: Over 50 security holes were closed in this month’s Microsoft update. Three of these vulnerabilities are considered “zero day.” These threats allow malicious content to bypass Windows SmartScreen and could result in users downloading malware. Your device should prompt you to update automatically. You can learn more here.
SERVICES WE OFFER RELATED TO THIS TOPIC
The information contained in this post is for general use and educational purposes only. However, we do offer specific services to our clients to help them implement the strategies mentioned above. For specific information and to determine if these services may be a good fit for you, please select any of the services listed below.
The 4x4 Financial Independence Plan ℠
The Smart Asset Protection Planner ℠
Asset Protection
Coaching and Consulting
Your Co-Owned Business Probably Needs a Buy-Sell Agreement
Tax PlanningBradford Tax InstituteSay you’re a co-owner of an existing business. Or you might be buying an existing...
Big Tax Changes to Know for 2024
Financial Guides2024 has brought some big tax changes with it. It’s essential to stay informed about these...
The Smart Tax Planning Newsletter March 2024
Tax PlanningIn This Issue: IRAs for Young Adults Get Up to $32,220 in Sick and Family Leave Tax Credits New Crypto Tax...
Contact
Follow
LIFETIME’S SERVICES
- The 4×4 Financial Independence Plan sm
- The Smart 3-Tiered Cash-Reserve System sm
- The Smart 401(k) Supercharger sm
- The Smart Asset Protection Planner sm
- The Smart Debt Eliminator/Credit Builder System sm
- The Smart Estate Plan Protector sm
- The Smart Financial Independence Blueprint sm
- The Smart Investment Property Evaluator sm
- The Smart Legacy Plan Organizer sm
- The Smart Mortgage Minimizer sm
- The Smart Mortgage Paydown Accelerator sm
- The Smart Social Security Benefits Maximizer/Retirement Healthcare Expense Estimator
- The Smart Tax Minimizer sm(For Consumer and Home-Based Businesses)