Data Privacy & Security Service
Issue 8
PHISHING ATTACKS (CONTINUED)
Additional Resources from New York State Office of Information Technology Services:
Enterprise Information Security Office Newsletters: http://www.its.ny.gov/eiso/awareness-training-events/news
Annual New York State Cyber Security Conference: http://www.its.ny.gov/eiso/conference/2017/
Microsoft: https://www.microsoft.com/en-us/safety/online-privacy/phishing-symptoms.aspx
Anti-Phishing Working Group: http://www.antiphishing.org/resources/overview/avoid-phishing-scams
Using Cyber Common Sense to Combat Threats to Privacy and Security: http://www.mitre.org/publications/project- stories/using-cyber-common-sense-to-combat-threats-to-privacy-and-security For more information about the Enterprise Information Security Office and how to keep safe online, please visit www.its.ny.gov/eiso . Cyber Security Is OUR Shared Responsibility.
A New Source of Phishing Information: Your Friends
With friends like that, who needs enemies or so the idiom goes and has been reborn in the age of cyber ransom. Ransomware is a tool hackers use through phishing to get quick cash. This new tool has been reinvented with a new scheme called Popcorn Time . This ransomware scheme offers release of your data for $775 or 1 Bitcoin. But wait, you don’t have the money or the bitcoin? Give up the email addresses of some of your friends and your files will be re- leased.
Additional Resources
Here are some suggestions for dealing with a ransomware attack: 1. Don’t click on a link from someone you don’t know or that looks suspicious 2. Educate yourself on the latest cyber secu- rity issues 3. Review your security protocols and make sure they are up-to-date.
Source: https://www.neovera.com/attack-friends-save-data/
Schools are not Immune from Phishing Attacks
Many believe that schools are not a prime target of scammers and phishing attacks. However, they are at the top of the lists of organizations that hackers want to target. The reason for this is that schools hold a significant amount of PII on students and staff. The data that schools possess allows hackers to assume the identities of persons whose data they steal. As shown in the below articles, phishing and hacking is not exclusive to school administrators. There are a variety of ways that hack- ers can get in. Simply compromising a secretary’s login to an SIS system could provide the hacker
with a significant amount of PII. Other examples could be a teacher logging into a website that allows the hacker to install ran- somware on a workstation. Using this type of access, the hacker then could gain entry to the district’s network and essentially take control of the district’s data. For these reasons, it is important that districts educate their staff on how to identify and avoid phishing and ransomware attacks. Additionally, district IT staff should regularly review and assess preventative measures against ransomware. This includes internal filters and firewalling to limit the scope of a potential attack. LA School Pays $28,000 Ransomware Bill L.A. County employees victim of phishing email that may have impacted 756,000 Cyber attackers hold Valley College hostage Phishing attack compromises Olympia School District employee data Superintendent's email hacked East Baton Rouge school system caught up in bizarre 'phishing' email fraud, $46,500 lost in wire transfers Ransomware Attacks Force School Districts to Shore Up—or Pay Up Below are just a few examples of recent phishing attacks against educational organizations:
2
Made with FlippingBook flipbook maker