Cybersecurity

With even more purchasing being done online, the FBI is warning online shoppers to be on the alert for fraudulent e-commerce websites that offer what appear to be great deals but never deliver the merchandise. The sites are typically accessed through social media or search engine shopping pages, and have privately registered domains with URLs ending in .top or .club. Take a look at the FBI posting to for tips on how not to get scammed and ideas on what to do if you have an issue with one of these sites.

The recent fast-spreading cryptocurrency scam involving the Twitter accounts of major companies and individuals, including former President Barack Obama, Joe Biden, Elon Musk, Bill Gates and Apple, is "small potatoes compared with the much worse things a malefactor could do with access to Twitter's highest profile accounts," such as President Donald Trump's, writes Ina Fried. Twitter attributed the breach to a "coordinated social engineering attack" on its own employees that enabled the hackers to access "internal systems and tools." If there was ever a reason to chat with your kids about vetting online posts, this is a good one.

The US government is examining TikTok, the video app popular with tweens and teens, and is considering banning the app for US users amid concerns the Chinese-backed firm is being used by the government to surveil individuals and spread propaganda, says Secretary of State Mike Pompeo. TikTok was recently banned from India over national security and privacy concerns

Fewer than half of K-12 students in the US are learning about cybersecurity, according to a survey by the nonprofit Education Week Research Center. The survey was commissioned by the nonprofit Cyber.org, and consisted of 912 teachers in 50 states and Washington, D.C. Kevin Nolten, academic outreach director for the nonprofit, said the findings highlight potential challenges for the future of the country's cybersecurity workforce.

Apparently "Guest123!" isn't the most secure password on the Internet. Who knew? If you are guilty of using common passwords, or the same password for various websites, you should consider enhancing your online security. Google's Security Checkup function now alerts users to when websites for which it stores a password have been compromised. The alert not only urges users to change the password for that particular site, but also might nudge people to not use the same password across multiple websites.

Here is another vocabulary term you need to add to your lexicon – deepfakes. Deepfakes are images and audio pulled from social media accounts to create convincing videos – sometimes of people who never existed - for extortion, misinformation and disinformation. Deepfake technology enables anyone with a computer and an Internet connection to create realistic-looking photos and videos of people saying and doing things that they did not actually say or do. Cybercriminals are increasingly interested in the potential use of deepfake videos to pressure people into paying ransom or divulging sensitive information or to spread misinformation, Trend Micro reports, making the vetting of any information online or in media even more important.

The coronavirus tracking apps coming onto the market, initially hailed as an important tool for containment of the virus, have quickly encountered fears about privacy, cybersecurity and effectiveness. Tracking apps are already in use in Australia, India, China, Singapore and South Korea, and under development in France and Germany. In the United States, tech giants Google and Apple are teaming up to develop “exposure notification” software for use in iOS and Android apps. The technology uses Bluetooth signals to determine the distance between phones. A person with a confirmed case of coronavirus can automatically send notifications to other phones with the contact tracing app, alerting users that they may have been exposed to the virus. The software, which is in beta testing, will be shared with local health departments. Apple and Google say location services will not be used and any personal data would be anonymized and stay on the user’s phone, rather than going to a centralized database. However, researchers say that anonymized data can be reverse-engineered and mined for valuable particulars including gender, age and marital status.

There are a myriad of stories floating around online about laptop cameras, security cameras, and baby monitor cameras being hacked, allowing hackers to both spy on or communicate with unsuspecting adults and children. While these attacks do happen, they are preventable. Here are a few tips if you have these devices in your home:

• If you haven’t already, you probably should cover the camera lens on your desktop or laptop, even if you just fold a piece of paper or put a sticky note. For most of us, chances of being spied on this way will never happen, but it is easy to eliminate all risk.
• Secure your wireless router so that you can disable remote access to your router. This will prevent it from being configured from anywhere but inside your house and connected to your network. This is especially important id you have Internet protocol (IP) cameras in your household, including your baby monitor. These devices use the Internet and your local area network to communicate with your smart phone.
• Next you need to add layers of protection – one is not enough. First and foremost, all cameras in your household should have a strong password. It is important to treat your cameras with the same attention to security that you do with your laptop, tablet and phone. You will also want to make sure your network itself is protected by enabling encryption and disabling remote access. Another good tip is to change the name of your home network – leaving it as default can tip off a cybercriminal onto what type of router you have. If they know the manufacturer of your router, they will know the vulnerabilities that model has and can try to exploit them, according to Ioana Rijnetu from the Heimdal Security blog.
• Stay vigilant and make sure your keep the firmware – the pre-installed software that runs your camera – updated. Since the steps for doing that vary from manufacturer to manufacturer, make sure you know the name and model of your camera if you need to consult with the manufacturer.
• Beyond that, follow this Video Baby Monitor Security checklist that works for most any kind of camera in your home.

In a recent opinion piece in The Dallas Morning News, Doug Levin, president and founder of the K-12 Cybersecurity Resource Center, challenges school leaders to take measures to protect both their schools and communities from digital threats amid growing reliance on technology in school operations, teaching and learning. He urges them to collaborate on security challenges and share information on cyber threats with other school districts that face similar issues. School cybersecurity failures across the country have resulted in the theft of millions of taxpayer dollars, outages of school IT systems, and large-scale identity theft.

Did you receive an update or post from your children’s school on social media that seems a little off? Fake accounts for schools and school districts, and even school administrators, have popped up all over the country. Most of the claims on the sites  - like a feral skunk being loose in a school building that has to be closed and burned down – are so outrageous that most parents spot them or figure out they aren’t coming from the school’s regular communication channels, but these kinds of accounts do pose all kinds of dangers, especially in emergency situations.

Schools are fighting back by sending out clarifying messages on their actual Twitter and Facebook pages and immediately forwarding the fake message to school, school board leaders, and local media to inform them of the issue so they don’t accidently share the false information.