“What’s that password again? Wait, I changed it … Harrumph. I don’t remember!” We’ve all been there, sometimes many times a day. Password autofill on our Web browsers felt like the sun was shining on our online activity again. Sorry to tell you, but this convenience may not be entirely safe. Most browsers will ask after you’ve entered a new password into a site or changed a password if you want it stored for you. That way, when you revisit that site, the browser can autofill the access credentials for you. It saves you the struggle of trying to keep all your passwords straight.
The problem is that some sites, including legitimate sites, can be compromised with a hidden form. You’ll never see it, but your browser will. So, it will autofill that form, and in clear, unencrypted text. This allows bad actors to capture your username and password without your knowledge. Another risk? Irresponsible digital marketers may use hidden autofill forms to track your online activity. That’s done without your consent. Using browser autofill with a password manager can also cause confusion, especially if your browser autofills, whereas the manager asks before filling in forms. Using both at the same time you also run the risk of duplicating passwords, which could make it difficult to track your passwords and increase the risk of security breach. How to disable autofillYou can protect your passwords by disabling autofill on any browser you use:
Can I keep using password managers?A password manager, such as LastPass or 1Password, typically provides more security than browser autofill. Password managers have strong encryption algorithms to protect your login credentials, which means that even if your device is compromised, your passwords are safe. Still, if the manager autofills your credentials, you face the same risks. Most password managers have autofill disabled by default. That’s good. Leave preemptive autofill off. You might see it called “Autofill on page load.” Keep that turned off, too. Our advice? Use a password manager that requires you to click a box before it fills in your credentials. This action avoids your information from automatically populating a hidden form. Securing your online activity is an ongoing challenge. Our experts can help identify ways you can protect your privacy and data online. Contact us today at 262-515-9499. In recent years, electronic mail (email for short) has become an essential part of our daily lives. Many people use it for various purposes, including business transactions. With the increasing dependence on digital technology, cybercrime has grown. A significant cyber threat facing businesses today is Business Email Compromise (BEC). Why is it important to pay particular attention to BEC attacks? Because they’ve been on the rise. BEC attacks jumped 81% in 2022, and as many as 98% of employees fail to report the threat. What is Business Email Compromise (BEC)?
Business Email Compromise (BEC) is a type of scam in which criminals use email fraud to target victims. These victims include both businesses and individuals. They especially target those who perform wire transfer payments. The scammer pretends to be a high-level executive or business partner. Scammers send emails to employees, customers, or vendors. These emails request them to make payments or transfer funds in some form. According to the FBI, BEC scams cost businesses around $1.8 billion in 2020. That figure increased to $2.4 billion in 2021. These scams can cause severe financial damage to businesses and individuals. They can also harm their reputations. How Does BEC Work? BEC attacks are usually well-crafted and sophisticated, making it difficult to identify them. The attacker first researches the target organization and its employees. They gain knowledge about the company’s operations, suppliers, customers, and business partners. Much of this information is freely available online. Scammers can find it on sites like LinkedIn, Facebook, and organizations’ websites. Once the attacker has enough information, they can craft a convincing email. It's designed to appear to come from a high-level executive or a business partner. The email will request the recipient to make a payment or transfer funds. It usually emphasizes the request being for an urgent and confidential matter. For example, a new business opportunity, a vendor payment, or a foreign tax payment. The email will often contain a sense of urgency, compelling the recipient to act quickly. The attacker may also use social engineering tactics. Such as posing as a trusted contact or creating a fake website that mimics the company's site. These tactics make the email seem more legitimate. If the recipient falls for the scam and makes the payment, the attacker will make off with the funds. In their wake, they leave the victim with financial losses. How to Fight Business Email Compromise BEC scams can be challenging to prevent. But there are measures businesses and individuals can take to cut the risk of falling victim to them. Educate Employees Organizations should educate their employees about the risks of BEC. This includes providing training on how to identify and avoid these scams. Employees should be aware of the tactics used by scammers. For example, urgent requests, social engineering, and fake websites. Training should also include email account security, including:
Enable Email Authentication Organizations should implement email authentication protocols. This includes:
These protocols help verify the authenticity of the sender's email address. They also reduce the risk of email spoofing. Another benefit is to keep your emails from ending up in junk mail folders. Deploy a Payment Verification Process Organizations should deploy payment verification processes, such as two-factor authentication. Another protocol is confirmation from multiple parties. This ensures that all wire transfer requests are legitimate. It’s always better to have more than one person verify a financial payment request. Check Financial Transactions Organizations should deploy payment verification processes, such as two-factor authentication. Another protocol is confirmation from multiple parties. This ensures that all wire transfer requests are legitimate. It’s always better to have more than one person verify a financial payment request. Establish a Response Plan Organizations should establish a response plan for BEC incidents. This includes procedures for reporting the incident. As well as freezing the transfer and notifying law enforcement. Use Anti-phishing Software Businesses and individuals can use anti-phishing software to detect and block fraudulent emails. As AI and machine learning gain widespread use, these tools become more effective. The use of AI in phishing technology continues to increase. Businesses must be vigilant and take steps to protect themselves. Need Help with Email Security Solutions? It only takes a moment for money to leave your account and be unrecoverable. Don’t leave your business emails unprotected. Give us a call today to discuss our email security solutions. 262-515-949 |
Tech Force BlogWe provide you with important, practical tips and insight for your technology and networks for both home and business. Archives
September 2024
Categories
All
|