Friday, October 30, 2020

Digital Citizenship Awards - October 2020

 

DIGITAL CITIZENSHIP AWARDS 

ATTRIBUTED TO CHRISTIAN AND LISBETH


Providence, October 30, 2020

When educators acknowledge their students' efforts, academic performance, and other fine qualities, they can contribute to boost students' self-confidence, offer them a sense of accomplishment, and motivate others to improve. It ultimately fosters a positive learning environment where teachers, students and even parents benefit from. 

To achieve this goal in my Cybersecurity class, I created this year the "Digital Citizenship Award" that is attributed monthly to two students for best academic performance and for best attendance. So, I am pleased to announce that for the month of October, senior Lisbeth Copado won the Digital Citizenship Award for best academic performance and senior Christian Ayala won the Digital Citizenship Award for best attendance. 

Please, join your voice with me to congratulate Lisbeth and Christian for their outstanding efforts.




 




Mr. Frederique


Friday, October 23, 2020

Beware of Scams!


BEWARE OF SCAMS!

By: Nikerson Frederique

PTECH Cybersecurity Instructor

A few months ago, most of us at PCTA received an email from "wobbersont@gmail.com" where the author pretending to be Principal Torchon (stuck in a meeting) asked you to buy him an Amazon gift card. The scammer (fake Mr. Torchon) promised to reimburse you once done with the meeting. Did anyone fall in the trap? Honestly, I almost did, then I quickly remembered a few cybersecurity tips. They indeed helped me avoid the scam. So, what's a scam? How can you protect yourself against scams?

What's a scam?

In general, the term scam is used to "describe any fraudulent business or scheme that takes money or other goods from an unsuspecting person."(https://www.computerhope.com/jargon/s/scam.htm). In the era of new technologies, imposters now combine sophisticated social engineering tools with old fashioned tricks to extort money from unsuspected people or have them give out personal information. 

This email from the pretending Mr. Torchon is indeed one of the most popular scams that have been around for quite a while now. But, according to the Federal Trade Commission (FTC), other popular scams involve many aspects of people's daily lives such as charity, health, investment, lottery and sweepstakes, jobs, education, online dating, immigration, cars, identity theft, shopping, travel, phone fraud, etc. Last year in the US, 167,795 scams were reported which cost $142,895,772.00 to consumers. So far this year, 147,000 cases have been reported for more than $116 millions lost. You can be the next victim, unless you're taking now some measures to protect yourself. 

How can you protect yourself against scams?

The Federal Trade Commission proposes these 10 tips or things you can do to avoid fraud:

  1. Spot imposters. Scammers often pretend to be someone you trust, like a government officiala family membera charity, or a company you do business with. Don’t send money or give out personal information in response to an unexpected request — whether it comes as a text, a phone call, or an email.  
  2. Do online searches. Type a company or product name into your favorite search engine with words like “review,” “complaint” or “scam.” Or search for a phrase that describes your situation, like “IRS call.” You can even search for phone numbers to see if other people have reported them as scams.
  3. Don’t believe your caller ID. Technology makes it easy for scammers to fake caller ID information, so the name and number you see aren’t always real. If someone calls asking for money or personal information, hang up. If you think the caller might be telling the truth, call back to a number you know is genuine.
  4. Don’t pay upfront for a promise. Someone might ask you to pay in advance for things like debt relief, credit and loan offers, mortgage assistance, or a job. They might even say you’ve won a prize, but first you have to pay taxes or fees. If you do, they will probably take the money and disappear. 
  5. Consider how you pay. Credit cards have significant fraud protection built in, but some payment methods don’t. Wiring money through services like Western Union or MoneyGram is risky because it’s nearly impossible to get your money back. That’s also true for reloadable cards (like MoneyPak or Reloadit) and gift cards (like iTunes or Google Play). Government offices and honest companies won’t require you to use these payment methods.
  6. Talk to someone. Before you give up your money or personal information, talk to someone you trust. Con artists want you to make decisions in a hurry. They might even threaten you. Slow down, check out the story, do an online search, consult an expert — or just tell a friend.
  7. Hang up on robocalls. If you answer the phone and hear a recorded sales pitch, hang up and report it to the FTC. These calls are illegal, and often the products are bogus. Don’t press 1 to speak to a person or to be taken off the list. That could lead to more calls.
  8. Be skeptical about free trial offers. Some companies use free trials to sign you up for products and bill you every month until you cancel. Before you agree to a free trial, research the company and read the cancellation policy. And always review your monthly statements for charges you don’t recognize.
  9. Don’t deposit a check and wire money back. By law, banks must make funds from deposited checks available within days, but uncovering a fake check can take weeks. If a check you deposit turns out to be a fake, you’re responsible for repaying the bank.
  10. Sign up for free scam alerts from the FTC at ftc.gov/scamsGet the latest tips and advice about scams sent right to your inbox.
In the case of the "fake" Mr. Torchon's email asking for Amazon gift cards, check the email address more closely. Have you ever received an email from Mr. Torchon before using that email address? Next, check for grammar and spelling errors. Is it Mr. Torchon's writing style or habit? Remember, scammers prey on your kindness and emotion. When emotionally charged we don't always think rationally. So, take a deep breath and allow yourself a few seconds to scrutinize the message before making a decision. 

So, next time you receive such emails, you now know what to do. If you like your Principal and still want to do something nice to show him your appreciation, check with him first to make sure it not the bad guy at the other side of the fence. 



Sources:





Monday, October 12, 2020

Preventing Phishing Attacks

Preventing Phishing Attacks

By: Ikzyanid Brache and Mr. Frederique 


In our cybersecurity class last week, we learned about phishing attacks. In the spirit of celebrating the National Cybersecurity Awareness Month as a 2020 champion, we’re happy to share a few tips with the PCTA community on how to prevent and recover from a  phishing attack on the Internet. 


What’s a phishing attack?


Phishing attacks are ones of the most common forms of social engineering techniques. Social engineering “is the act of tricking someone into divulging information or taking action, usually through technology. The idea behind social engineering is to take advantage of a potential victim’s natural tendencies and emotional reactions.” Phishing attacks use email or malicious websites to infect your machine with malware and viruses in order to collect personal and financial information.


Cybercriminals attempt to lure users to click on a link or open an attachment that infects their computers, creating vulnerability to attacks. Phishing emails may appear to come from a real financial institution, e-commerce site, government agency, or any other service, business, or individual. The email may also request personal information such as account numbers, passwords, or Social Security numbers.  In many cases, the attacker uses threats, creating a panic reaction to pressure the user to divulge personal information when filling out an electronic form. For instance in the case of the popular IRS scam, the phisher threatens the user the IRS will go after them for tax fraud if he or she refuses to provide the information. Since the start of the COVID-19 outbreak in January, cybercriminals have launched flows of phishing attacks targeting consumer trust in big name videoconferencing platforms, hospitals, government agencies to steal personal information and harm lives.  


How can I prevent phishing attacks?


Phishing attacks are preventable. The National Cybersecurity Alliance and its partners propose these simple steps:


  • Play hard to get with strangers. Links in email and online posts are often the way cybercriminals compromise your computer. If you’re unsure who an email is from—even if the details appear accurate—do not respond, and do not click on any links or attachments found in that email. 

  • Be cautious of generic greetings such as “Hello Bank Customer,” as these are often signs of phishing attempts. If you are concerned about the legitimacy of an email, call the company directly.

  • Think before you act. Be wary of communications that implore you to act immediately. Many phishing emails attempt to create a sense of urgency, causing the recipient to fear their account or information is in jeopardy. If you receive a suspicious email that appears to be from someone you know, reach out to that person directly on a separate secure platform. If the email comes from an organization but still looks “phishy,” reach out to them via customer service to verify the communication.

  • Protect your personal information. If people contacting you have key details from your life—your job title, multiple email addresses, full name, and more that you may have published online somewhere—they can attempt a direct spear-phishing attack on you. 

  • Be wary of hyperlinks. Avoid clicking on hyperlinks in emails and hover over links to verify authenticity. Also ensure that URLs begin with “https.” The “s” indicates encryption is enabled to protect users’ information.

  • Double your login protection. Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. 

  • Shake up your password protocol. According to NIST guidance, you should consider using the longest password or passphrase permissible. Get creative and customize your standard password for different sites, which can prevent cyber criminals from gaining access to these accounts and protect you in the event of a breach. Use password managers to generate and remember different, complex passwords for each of your accounts. 

  • Install and update anti-virus software. Make sure all of your computers, Internet of Things (IoT) devices, phones, and tablets are equipped with regularly updated antivirus software, firewalls, email filters, and anti-spyware.


How can I recover from a phishing attack?


If you believe you’ve been victim of a phishing attack or if you’re facing one now as you read this post, here are some steps you can take to recover from:


  • Disconnect your computer or device immediately from the Internet.

  • Make a backup of your sensitive personal information or files.

  • Change your credentials including passwords, bank accounts logins, etc.

  • Scan your system for malware.

  • Set a fraud alert by contacting immediately your local banks and/or the most major credit bureaus (TransUnion, Equifax, Experian).

  • Report the incident to the Federal Trade Commission (FTC) if you believe your identity is a risk of being stolen.

We understand that no one is 100% immunized from the threat of phishing attacks or any other threats when navigating the cyberworld. However, if we follow these simple steps, we can at least reduce our vulnerability. 

Tuesday, October 6, 2020

PCTA is a 2020 NCAM Champion!

Celebrating the National Cybersecurity Awareness Month.

By Isaiah Antonetti

PTECH Class of 2021


October is National Cybersecurity Awareness Month. Most people might not know it. It’s a time for businesses, government, and individuals to step back and reflect on their online practices while promoting awareness around cyber threats that affect our everyday lives as a nation as well as citizens of the cyberworld. 


National Cybersecurity Awareness Month (NCAM) was launched in October 2004 by the National Cyber Security Alliance in partnership with the U.S. Department of Homeland Security as a broad effort to help all Americans stay safer and more secure online. As our lives rely more and more on the Internet, lots of efforts have been made nationwide since the launch of the NCAM seventeen years ago to promote a safer online environment. We’re proud to announce that PCTA is 2020 National Cybersecurity Awareness Month Champion. What does that mean for us? It means that PCTA is among thousands of organizations and institutions across the nation who commit to help in promoting a safer, more secure, and more trusted Internet. But, we as individuals play a major role in keeping the Internet safe. This is one of the reasons why the 2020 Cybersecurity Awareness Month theme is ‘Do Your Part. #BeCyberSmart’. 


As Cybersecurity students of class 2021, we have decided that throughout the month of October we will inform the PCTA community about the importance of Cybersecurity. We’ll provide you with some useful tips to empower you to own your role in protecting your part in cyberspace. 


Our first tip for the month is how to create a secure password. Passwords are considered as the first line of defense against cyber threats; it’s an important step to protecting yourself and your information online. We learned this week that 91% of users have a password from the 1000 most commonly used passwords. Your passwords might be ones of them. There are many free online tools available to detect if your password(s) are in that list or have been compromised. If so, it’s time to change your password(s) immediately. Here are some tips from the National Cybersecurity Alliance to help you create strong passwords:

  • Use a long passphrase. According to NIST guidance, you should consider using the longest password or passphrase permissible. For example, you can use a passphrase such as a news headline or even the title of the last book you read. Then add in some punctuation and capitalization.
  • Don’t make passwords easy to guess. Do not include personal information in your password such as your name or pets’ names. This information is often easy to find on social media, making it easier for cybercriminals to hack your accounts.
  • Avoid using common words in your password. Substitute letters with numbers and punctuation marks or symbols. For example, @ can replace the letter “A” and an exclamation point (!) can replace the letters “I” or “L.”
  • Get creative. Use phonetic replacements, such as “PH” instead of “F”. Or make deliberate, but obvious misspellings, such as “enjin” instead of “engine.”
  • Keep your passwords on the down-low. Don’t tell anyone your passwords and watch for attackers trying to trick you into revealing your passwords through email or calls. Every time you share or reuse a password, it chips away at your security by opening up more avenues in which it could be misused or stolen.
  • Unique account, unique password. Having different passwords for various accounts helps prevent cyber criminals from gaining access to these accounts and protect you in the event of a breach. It’s important to mix things up—find easy-to-remember ways to customize your standard password for different sites.
  • Double your login protection. Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token—a small physical device that can hook onto your key ring.
  • Utilize a password manager to remember all your long passwords. The most secure way to store all of your unique passwords is by using a password manager. With just one master password, a computer can generate and retrieve passwords for every account that you have – protecting your online information, including credit card numbers and their three-digit Card Verification Value (CVV) codes, answers to security questions, and more.

I hope the information I have provided in this post will help you stay safe and secured online. But it'll require you to take the necessary steps, do your part to protect your passwords.




"Do your Part, #BeCyberSmart"


Avoid Coronavirus Scams!

                                            AVOID CORONAVIRUS SCAMS! By: Nikerson Frederique Cybersecurity Instructor Since the first corona...