Fort
|
As groundbreaking leaders in personal security and risk management for travelers, we stand ready to equip and serve as you are called to the ends of the Earth.
|
ARE YOU PREPARED?
Faith-based guidance and practice in prevention, protection, interaction, and survival
Vertical Divider
|
Collaborative workshops on assessing risks, mitigating crises, and managing contingencies
Vertical Divider
|
Partner together to provide 24/7 emergency access, consultation, and threat analysis
|
|
|
|
|
|
NEWS FOR YOU
TOP SCAMS FROM 2022
Identity Theft, Phishing, and Pharming: A scammer sends an email, a text message or calls your phone and pretends to be some organization, company or person you trust. Scammers gain access to your confidential information, like social security numbers, date of birth and then use it to apply for credit cards, loans and financial accounts. They will typically ask you to click on a link or open an attachment to update your account information. When you click on the link, you are taken to a fake website that looks identical to the legitimate site. You then enter your personal information into the fake site, which the criminal collects. Don’t do it. One-Time Password (OTP) Bots An alternative to SIM swapping, some scammers are using so-called OTP bots to trick people into sharing the authentication codes that are sent to them via text or email, or that they have to look up in an authentication app or device. The bots may initiate a robocall or send you a text imitating a legitimate company. For example, the robocall may look and sound like it's coming from a bank. The voice asks you to authorize a charge and tells you to input the code you're texted if it's not one you made. In reality, the bot is attempting to log in to your account, which triggers the system to send you the code. If you share the code, the scammer can then log in to your account. Don’t do it. Imposter Scams These schemes can take many different forms. Sometimes the scammer claims to be a law enforcement official or someone connected to a government agency such as IRS or FBI. They may also claim to be a well-known company, such as Amazon, Netflix, or a major bank. They will typically instruct you to electronically send money someplace, or follow a link and enter information. Don’t do it. FREE Stuff! Nothing brightens the day like the word 'FREE'. Scammers have been known to take advantage of this weakness by sending bulk phishing emails requesting personal information to receive free gift cards. In some of these emails, scammers impersonate legitimate companies like Starbucks, Costco, or Amazon and promise gift cards to loyal customers that have been supporting their business. They may also use pop-up ads or send text messages with links saying you were randomly selected as the winner for a prize. Don’t do it. Email Compromise Details below... |
TIPS & ADVICE
Are You Sure They Are Who They Say They Are??
Did you know that Business Email Compromise is one of the most financially damaging online crimes?
Criminals send an email message that appears to come from a known source making a legitimate request, like in these real life examples:
~ A vendor that your organization regularly deals with sends an invoice with an updated mailing address.
~ A company CEO asks her assistant to purchase dozens of gift cards to send out as employee rewards. She asks for the serial numbers so she can email them out right away.
~ A homebuyer receives a message from his title company with instructions on how to wire his down payment.
All the messages received were fake. And in each case, thousands—or even hundreds of thousands—of dollars were sent to criminals instead.
How Do They Do It?
~ Spoof an email account or website. Slight variations on legitimate addresses (john.kelly@examplecompany.com vs. john.kelley@examplecompany.com) fool victims into thinking fake accounts are authentic.
~ Send spearphishing emails. These messages look like they’re from a trusted sender to trick victims into revealing confidential information. That information lets criminals access company accounts, calendars, and data that gives them the details they need to carry out the schemes.
~ Use malware. Malicious software can infiltrate company networks and gain access to legitimate email threads about billing and invoices. That information is used to time requests or send messages so accountants or financial officers don’t question payment requests. Malware also lets criminals gain undetected access to a victim’s data, including passwords and financial account information.
How Do We Protect Ourselves?
1. Be careful with what information you share online or on social media. By openly sharing things like pet names, schools you attended, links to family members, and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions. Think FB questionnaires from “friends”
2. Don’t click on anything in an unsolicited email or text message asking you to update or verify account information. Look up the company’s phone number on your own (don’t use the one listed on the message), and call the company to ask if the request is legitimate.
3. Carefully examine the email address, URL, and spelling used in any message. Scammers use slight differences to trick your eye and gain your trust.
4. Be careful what you download. Never open an email attachment from someone you don't know and be cautious of email attachments forwarded to you.
5. Set up two-factor (or multi-factor) authentication on any account that allows it, and never disable it.
Did you know that Business Email Compromise is one of the most financially damaging online crimes?
Criminals send an email message that appears to come from a known source making a legitimate request, like in these real life examples:
~ A vendor that your organization regularly deals with sends an invoice with an updated mailing address.
~ A company CEO asks her assistant to purchase dozens of gift cards to send out as employee rewards. She asks for the serial numbers so she can email them out right away.
~ A homebuyer receives a message from his title company with instructions on how to wire his down payment.
All the messages received were fake. And in each case, thousands—or even hundreds of thousands—of dollars were sent to criminals instead.
How Do They Do It?
~ Spoof an email account or website. Slight variations on legitimate addresses (john.kelly@examplecompany.com vs. john.kelley@examplecompany.com) fool victims into thinking fake accounts are authentic.
~ Send spearphishing emails. These messages look like they’re from a trusted sender to trick victims into revealing confidential information. That information lets criminals access company accounts, calendars, and data that gives them the details they need to carry out the schemes.
~ Use malware. Malicious software can infiltrate company networks and gain access to legitimate email threads about billing and invoices. That information is used to time requests or send messages so accountants or financial officers don’t question payment requests. Malware also lets criminals gain undetected access to a victim’s data, including passwords and financial account information.
How Do We Protect Ourselves?
1. Be careful with what information you share online or on social media. By openly sharing things like pet names, schools you attended, links to family members, and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions. Think FB questionnaires from “friends”
2. Don’t click on anything in an unsolicited email or text message asking you to update or verify account information. Look up the company’s phone number on your own (don’t use the one listed on the message), and call the company to ask if the request is legitimate.
3. Carefully examine the email address, URL, and spelling used in any message. Scammers use slight differences to trick your eye and gain your trust.
4. Be careful what you download. Never open an email attachment from someone you don't know and be cautious of email attachments forwarded to you.
5. Set up two-factor (or multi-factor) authentication on any account that allows it, and never disable it.
HOW CRACK-ABLE ARE YOU?
Brute-force hacking can crack an eight-character password in less than one hour, according to Hive Systems.
In a recently published research article, the security news firm says any password with less than seven characters can be brute-forced "INSTANTLY". Its findings show how more accessible and affordable cloud computing services make it simpler to crack passwords than two years ago, when the company showed that a relatively strong, eight-character password was crackable in eight hours.
While password managers are the best bet for protecting passwords, research also showed that a 12-character password created by a password manager could take some 3,000 YEARS to brute-force crack. Check out this password table of its findings on password-character combinations and their vulnerabilities to brute-force hacks.
Brute-force hacking can crack an eight-character password in less than one hour, according to Hive Systems.
In a recently published research article, the security news firm says any password with less than seven characters can be brute-forced "INSTANTLY". Its findings show how more accessible and affordable cloud computing services make it simpler to crack passwords than two years ago, when the company showed that a relatively strong, eight-character password was crackable in eight hours.
While password managers are the best bet for protecting passwords, research also showed that a 12-character password created by a password manager could take some 3,000 YEARS to brute-force crack. Check out this password table of its findings on password-character combinations and their vulnerabilities to brute-force hacks.
