During the past few years, the media has been full of stories about breaches in the security of our private information over the internet. The most recent was in September 2017, when the consumer credit reporting company Equifax announced a cyber-security breach in which cybercriminals accessed approximately 145.5 million U.S. Equifax consumers’ personal data, including their full names, Social Security numbers, birth dates, addresses, and, in some cases, driver license numbers.
Bringing these issues to life for the Perry Kiwanis Club Tuesday was Cole Ponto of CyberSecurity LLC, who discussed cyber security and the Dark Web at a recent noon luncheon meeting.
Ponto said the best ways to avoid attacks to your computer is to use a firewall, intrusion detection system/intrusion prevention system and anti-virus software. He said these types of services are always being updated, and those trying to get around these systems are continually figuring out ways to hack them.
Ponto said the study of human psychology shows us that human behavior is predictable, and humans are predisposed to respond automatically to certain psychological triggers. The hackers rely on this and use techniques to prey on these typical responses to trick people out of their data. Hackers put out millions of false emails and if even a small fraction of people fall for them, the hackers can make a lot of money.
Ponto discussed the concept of phishing email. Phishing is the sending of false emails that look like legitimate emails in order to obtain private information fraudulently.
Mass phishing targets a large group, Ponot said, and spear phishing targets a specific groups and is common. Clone phishing replaces a legitimate email with a malicious link and resends it to others. SMS phishing or smishing is a form of phishing that is delivered by text. Whaling targets upper management or executives.
A dozen Kiwanians attended the meeting. Ponto said half of the people in attendance have had their information compromised and do not know about it. This information is for sale on the deep or dark web, which is not accessible to surface web users and is a dangerous place to go in terms of putting your computer at risk.
Ponto recommended several ways to make sure every email is legitimate. Confirm that the address matches who the sender is supposed to be. Make sure the address contains https. If there is no s, it is not trustworthy. Call the entity if you are not certain the email is real. Also be aware of false telephone numbers.
A member asked how someone could create a fake email using his business name. He said it looked almost identical to his email and logo but if you looked closely, you could see it was fake. The fake email asked an attorney to wire money using the member as the contact. The attorney did contact the member before doing anything. This attorney’s office had been defrauded of thousands of dollars by these type of emails.
Ponto said about 43 percent of cyber attacks target small businesses, and 60 percent of these business go out of business within six months of the cyber attack.
Stolen identities and credit cards are sold online, Ponto said. Prices range from $1 to $400 per identity. The average price was $21.35 but since the breach of Equifax, the average cost to steal an identity is $2. Millions of identities were compromised so with the glut of identities for sale, the price has declined. Because of the millions of identities stolen, cyber hackers can still make millions of dollars by selling these stolen identities at $2 each.
Welcoming Ponto was 19-year Kiwanian Kendall Rathje.
