See Yourself in Cyber—How Individuals Can Reduce Security Risk

It seems like just yesterday our biggest security risk was a ‘long lost relative’ claiming we had millions of dollars waiting for us if only we would send them a little money up front. The world and technology have come a long way since then, and not always for the better. Now we are inundated with spam in the form of calls, texts, emails, and every other form of communication in existence—all alongside our actual conversations. Your grandma might message you on Facebook to ask for your help and it turns into requiring a trip to Walmart to buy $500 in Apple gift cards. Your CEO might text you with an urgent request when they’ve never texted you before. With this constant barrage of threats that continue to get more and more believable, is it even possible to be safe online? It most certainly is, but it requires vigilance and a keen, informed eye.

Man at computer facing security risk phishing attempt

October is Cybersecurity Awareness Month in the US and this year’s theme is ‘See Yourself in Cyber’. Whether you’re the head of IT, a bank teller, a homemaker, or anything in between, you’re at risk of a cybersecurity attack. However, the industries experiencing the highest number of incidents are finance, healthcare, and public administration. As scammers, hackers, and generally ‘bad actors’ hone their craft, we also need to sharpen our detective skills. It’s an unfortunate truth, but we need to learn how to spot the red flags because it’s expected that, by 2025, there will be an average of 10 devices per person connected to the internet globally. All of which become a playground for cybercriminals if the devices aren’t well guarded by technology—and you.

Types of Threats

There are as many reasons bad actors attack as there are ways they do it. Understanding the most common methods will help you better avoid them in the wild. Here are some of the most widespread attacks you might see:

Phishing: When a bad actor sends an email that appears to be from a reputable source or someone you are likely to trust in the hopes that you will open an infected attachment or follow a malicious link. This could allow them access to your system or persuade you to divulge personal information, such as passwords or credit card information.
Spear Phishing: When a bad actor sends a phishing attack specifically targeting you. Typically, it will include information they’ve learned about you from social media or other online public forums.
Smishing: This is phishing in the form of a text message.
Vishing: This is phishing in the form of a phone call.

Spotting the Red Flags

For these types of threats, you’ll need to be able to identify something out of place to make you pause before taking any harmful actions. However, this is where vigilance is critical because these red flags are becoming increasingly more difficult to spot. Below you will find guidance on where you are most likely to spot a threat:

Email is the most likely path a scammer will take. When identified separately, these signs may not seem concerning, but when combined, they are a sure sign of a phishing attack.
- Does the subject line or content of the email seem alarming or urgent?
- Is the email from someone unexpected or unknown?
- Is the ‘reply-to’ address different from the ‘from’ address?
- Did the email come in at an unusual time or day, such as in the middle of the night or on a weekend?
- Are there grammar or spelling mistakes?
- Does the wording seem unnatural?
- Are there unexpected or suspicious links or attachments?
- Are they offering you money or gift cards in exchange for an action?
- Is the email unexpected or out of place?
Text messages may come in a different format, but they can still open you to the same security risks. Many of the red flags above still apply, but these are the most common examples in smishing.
- Is the sender claiming to be an executive at your company with an urgent need?
- If you know the sender, is the text from the number you have for them?
- Are you being asked personal information?
- Are you being asked to follow a link?
Phone call scams commonly prey on the elderly and are more common outside of the workplace. Common signs to look for in vishing are:
- Is the call unexpected?
- Does the caller request access to your device to solve an issue?
- Does the caller threaten legal action or claim to be from a governmental body such as the IRS?
- Does the caller claim you have won money or a prize?
- Does the caller request payment in the form of gift cards or money orders?

Protecting Yourself

This feels like a lot of effort; what’s really the worst that can happen if you fall for one of these scams? If you click on a malicious link or download an infected attachment, you leave the door wide open for a hacker to access not only your device, but your entire network of devices and data. If they are able to access your personal information, they could potentially access your bank account, credit card information, or other private accounts. Shockingly, 88% of data breaches are caused by employee mistakes. Here are some steps you can take to ensure you aren’t part of that 88%:

If an email comes from someone you work with, but you are noticing red flags, especially links or attachments, contact the person directly to verify they actually sent it.
If there are links in the email, hover over them to ensure they match what is being displayed.
Ensure links point to a trustworthy site. For example, you might receive an email from Microsoft asking you to reset your Outlook password, but when you hover over the link, it shows http://www.microsoftt.com/. Notice the misspelling in Microsoft.
If you are unsure of a link, navigate to the website through your browser rather than clicking the link.
If you receive an attachment that you didn’t expect, such as a financial statement when you don’t work in finance or a UPS shipping confirmation when you didn’t order anything, don’t open it until you can confirm its validity.
Always remember, it is truly better safe than sorry when it comes to suspicious links or attachments.

This is just a small window into an ever-changing landscape of security threats. It might feel impossible to keep up as threats evolve, but there are ways to stay informed and vigilant for both you and your company. Through its Secure Managed Services Solution, Aunalytics provides the tools and talent you need to stay protect from outside threats, include a streamlined training platform to ensure you and your team can stay up-to-date with current threats and reduce security risk. When you are able to ‘See Yourself in Cyber’, you become critical in fighting against bad actors and the cyber threats they pose.

Cookie	Duration	Description
__hssrc	session	This cookie is set by Hubspot. According to their documentation, whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
_GRECAPTCHA	5 months 27 days	This cookie is set by Google. In addition to certain standard Google cookies, reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
uncode_privacy[consent_types]	1 year	This cookie is set by Uncode WordPress theme and is used to manage privacy settings on the website.
uncodeAI.css	session	This cookie is set by Uncode WordPress theme to run the Adaptive Images system. According to their documentation, these cookies contain runtime information about the viewport and screen resolution, these data are used on any page refresh to calculate the correct Adaptive Images. No personal information are stored within these cookies.
uncodeAI.images	session	This cookie is set by Uncode WordPress theme to run the Adaptive Images system. According to their documentation, these cookies contain runtime information about the viewport and screen resolution, these data are used on any page refresh to calculate the correct Adaptive Images. No personal information are stored within these cookies.
uncodeAI.screen	session	This cookie is set by Uncode WordPress theme to run the Adaptive Images system. According to their documentation, these cookies contain runtime information about the viewport and screen resolution, these data are used on any page refresh to calculate the correct Adaptive Images. No personal information are stored within these cookies.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__hssc	30 minutes	This cookie is set by HubSpot. The purpose of the cookie is to keep track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.
aka_debug		This cookie is set by the provider Vimeo.This cookie is essential for the website to play video functionality. The cookie collects statistical information like how many times the video is displayed and what settings are used for playback.
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang		This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	This cookie is set by LinkedIn and used for routing.
player	1 year	This cookie is used by Vimeo. This cookie is used to save the user's preferences when playing embedded videos from Vimeo.

Cookie	Duration	Description
__hstc	1 year 24 days	This cookie is set by Hubspot and is used for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag_UA_28928707_1	1 minute	This cookie is set by Google and is used to distinguish users.
_gcl_au	3 months	This cookie is used by Google Analytics to understand user interaction with the website.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
hubspotutk	1 year 24 days	This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.

Cookie	Duration	Description
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.

Cookie	Duration	Description
_dc_gtm_UA-28928707-1	1 minute	No description
AnalyticsSyncHistory	1 month	No description
CONSENT	16 years 7 months	No description
li_gc	2 years	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.