September 25, 2012 by Carsen
Have you been a victim of pretexting?
Consider this situation, which would fall under pretexting, another form of social engineering. In this situation, the attacker has some prior knowledge about you that makes you believe the situation. Suppose you receive a call from a claimed representative of your bank and this person is asking for specific information in regards to your business account. The individual knows your name, your position in the company and your last bill amount, but the caller needs to verify your account number because the person believes unauthorized activity has taken place. In order to confirm your access, the account number is needed.
Don’t fall victim to this trap. Here are a few ways to stay protected.
While banks do send out alerts when they notice unusual activity, you shouldn’t confirm information unless you are absolutely sure this person is legitimate. What you should do is, thank the individual for alerting you and mention that you will follow-up right away with your usual contact there. Do not offer any information right away. Call the official number of the bank to ensure this call is from your bank. Alert your contact there that you received an alert and verify the situation.
Be certain when you receive a call from an individual requesting any form of private personal or organizational information, you verify the sources, even if you initially believe it to be legitimate. It is better to be safe than sorry.
September 20, 2012 by Carsen
According to Verizon's 2012 Data Breach Investigation Report, Social engineering techniques are increasing in popularity, associated with over half of the breaches investigated. This reminds us the importance in understanding how to avoid becoming a victim of social engineering. Phishing, a form of social engineering, is one of the most popular cyber attacks used today.
IID (Internet Identity(R)) reported in their recent eCrime report that there was a 333 percent increase in phishing attacks impersonating email service providers from Q4 2011 to Q1 2012.
Joseph Steinberg, C.E.O. of Green Armor Solutions, a leading provider of online security technology, recently discussed congressional testimony that stated that phishing remains the most popular attack method that criminals use to infect victims' computers.
Four tips to staying protected
1. Do not click on links within your email, especially if they require a log-in or personal information. It is always a best practice to go to the actual website of the trusted company by entering in the URL manually, then logging in as you normally would. If this call is legitimate, there will be a message in your account.
2. Do not download attachments you are not 100 percent sure come from a trusted representative in your company. You should never download attachments from senders you are not familiar with, but even if you are familiar with the sender, contact that sender to verify the document is safe and was intended for you before you download it.
3. Think logically. If you receive an urgent call to action that does not make sense or seems random, verify the urgency before acting on any requests. These attackers want you to act fast, so they provide scenarios that equate to emergencies.
4. Immediately report, then delete any messages that fall under phishing attacks.
September 14, 2012 by Carsen
We at GLS were recently named an “Award of Excellence” winner in the Best of Elearning! 2012 Awards and are a finalist in the Compliance/Certification program category. It was through the feedback of our customers, the readers of Elearning! and Government Elearning! magazines, and professionals from both the private and public sectors, who cast the ballots for the best programs that we won this award for excellence in training.
We appreciate the time and thought taken to nominate us and we are deeply honored to provide our customers with the best security, compliance and custom Elearning solutions available in the marketplace. We will also continue to ensure that our training solutions effectively engage and educate learners, while promoting best practices and increasing awareness.
We truly value our customer relationships and enjoy receiving your feedback so we can continue to develop new and improved compliance training products and solutions that meet your on-going training requirements.
-The GLS Team