3 last-minute printable New Years party favors
By in

3 last-minute printable New Years party favors

The start of a new year calls for a celebration and a New Year’s Eve party can be an opportunity to showcase your creativity while making guests feel special. We’ve put together 3 last-minute printable party favors that can help make your evening even more special!

1. Glass charms
Here are some downloadable New Year’s-themed wine charms that slip around the stem of a wine glass or champagne flute. Simply click, print and cut out. Keeps those glasses from getting mixed up throughout the evening. Here’s the link.

2. Toast cards
These champagne flute-shaped toast cards let you and your guests write down the things you’re most excited about in the new year. Hand one to each of your friends, family, or new year’s guests—or leave one at each place setting if you’re having a sit-down dinner. (Write each guest’s name on the bottom and they double as place cards!) If everyone feels like sharing, each person can say their own out loud, or you can collect them all to read when the clock strikes 12. And when the party’s over, everyone can take theirs home as a reminder of a memorable evening. Here’s the link.

3. 2020 New Year’s Resolution Cards
The best way to start a new year is with gratitude. Why not write it down? These printable cards are great to hand out to guests or just fill out for yourself. After all, writing your resolutions make them more likely to happen! Here’s the link.

From our families to yours, we wish you good health and prosperity in the new year.

Warning - New study finds Christmas tech toys unsafe for kids
By in

Warning - New study finds Christmas tech toys unsafe for kids

I don’t know about you, but I feel that the best toys are tech toys and we’re not just talking about kids here. But we probably should focus on the kids since the newest and best toys this Christmas are high tech. Sorry moms – Mr. Potato head fell out of fashion about 50 years ago. Unfortunately just recently security researchers tested smart toys from several top brands including Mattel and Spinmaster and discovered that many if not most of these high tech toys that use Bluetooth or WiFi have major security vulnerabilities.

The Takeway

Here’s what you should look out for when shopping or before you open that battery powered who-knows-what your son, daughter, niece or nephew has been begging for:

  1. Some Bluetooth toys allow you to connect to them without a password. Well, think about it, if you can connect without a password, so can anyone else. From there, who knows what they can do with that toy. They could use the toy to control it or spy on you or your kids. Not good. For example, security researchers found that walkie-talkie devices of the same brand as that of the toy could be effortlessly paired and used to communicate with the child, from a distance of up to 450 feet away. 

  2. Another flaw they found was that some toys required logging into certain websites for updates or downloading certain features. But, these websites were missing encryption and consequently exposed account and session data that could being intercepted by almost anyone. Furthermore, these websites often indicated whether a username or email address was already registered. While this sounds harmless, this could allow attackers to launch brute-force attacks to obtain registered usernames and email addresses which could then be used for spam, phishing and malware. Not good.

So what can you do about it?

Let’s be real here. The responsibility of keeping their product safe to use may lie with the manufacturer, but we as parents should check to make sure that the item we are purchasing is actually cyber-safe. A good place to start is to check the manual. Does it have sufficient language indicating the product’s security and privacy? If not, that’s a red flag. Even so, if you have already made your purchase and if you’re worried about security, try being old fashioned and use supervision while your kids are playing with the toy and when they’re done with it, turn it off. In fact, if you’re still nervous about it, go ahead and take out the batteries. Sometimes it’s just not worth the risk.

Stay safe out there.

Warning - smart light bulbs could allow hackers to steal your personal data
By in

Warning - smart light bulbs could allow hackers to steal your personal data

Researchers at the University of Texas at San Antonio (UTSA) recently found that the smart bulbs that come equipped with infrared interfaces, the same interface that the remote control on your TV uses, well they can be controlled by hackers.

Once connected, hackers can send commands to smart bulbs to either steal data or masquerade as other connected devices on your network and harvest data from anything connected to it. The researchers did mention that some smart bulbs connect to a home network without requiring a smart home hub, and if these smart bulbs are infrared-enabled, hackers can get into them and then worm their way into files stored on your computer.

The Takeaway

If you absolutely have to have smart bulbs in your house, which you might want to consider as they are pretty cool, look for ones that use a smart home hub rather than one that connects directly your Wifi. Of course, it’s best if smart bulb manufacturers were to implement security measures to limit the level of access that smart bulbs have to other connected home devices but who knows when that’s going to be. Hopefully that helps.

Stay safe out there.

 

How to spot the top 3 scams targeting minors
By in

How to spot the top 3 scams targeting minors

It’s a sad fact but scammers target both adults and young people through popular online platforms such as apps, games and popular social networking websites. Youth are particularly attractive targets for scammers as they often have unused Social Security numbers, do not generally check their credit reports, and are used to sharing information online. Scammers may pose as someone else in order to get young online users to involuntarily share personal information, steal their identity and ruin their credit even before they have a chance to make it to adulthood.

If we can help young people recognize these issues now, they can be proactive and protect their personal information, which as we all know may be one of their most valuable assets. Here are the the top 3 scams that target young people so that you can work with your young ones so that they don’t fall for one:

1. Inexpensive/Free Stuff Scam

Many online ads offer cheap or free stuff for sale, such as clothes, sunglasses or handbags. In many cases, these ads are a scam. An unsuspecting young adult may send money but never receive the item or worse, may receive an item of lesser quality. The fake sale may also be an attempt to get personal information, such as user names and passwords, which would allow the scammer to gain access to the victim’s account. It’s very similar to phishing, a topic we’ve covered a number of times. Here’s a recent article about the Venmo scam and College Student scams – they’re all pretty similar. Why? Well, they work – people keep falling for it so scammers will keep using them.

Before purchasing items online, do your research to ensure that the source is legitimate. Scammers often re-post a discount offer that was previously valid but will no longer be accepted by the retailer. Use a search engine to look at customer reviews but beware of websites that post fake reviews to attract more customers. Trust your instincts. If you feel that something seems wrong about the deal, there probably is. Consider only purchasing from established online retailers such as Amazon, Costco, Walmart, etc.

2. Scholarship Scams

Some social media accounts may promise to provide a scholarship, but they’re  actually an attempt to steal your money or your identity. Typically, these scams promise to give scholarships to a certain number of new followers in return for a fee or personal information, such as a Social Security number, bank account information or a credit card number.

Legitimate scholarships do not charge any fees. Avoid sharing your Social Security number, password or any financial information with someone offering a scholarship. None of this information is needed to verify your identity or to “hold” a scholarship. These should all be red flags for online cronies.

3. Account Deletion Scam

Scammers may use messaging services on social media platforms to directly contact other account holders to claim that their account may be deleted or locked if they do not click on a link to update their account. The link may appear legitimate, but when users click it, they are redirected to a website asking for the user’s information, such as passwords, email or physical addresses, or other personally identifying information.

Beware of any message that asks you to click on a link to update your information. If you think you need to update your account, do so through the app settings on your phone or from their website.

The Takeaway

If you believe you have fallen victim to any of these scams, you are encouraged to file a complaint with the Office of the Hawaii Attorney General or with the Federal Trade Commission. We have a complete list of resources, all in one place for you here: https://cylanda.com/how-to-report-fraud/

Stay safe out there.

 

What to do with an Active Shooter
By in

What to do with an Active Shooter

In the aftermath of this week’s events that hit us all so close to home, I think we can agree that having a bit of Active Shooter preparation would be beneficial. We often come across after shooter preparedness in our security training materials so I thought it would be helpful to share some of it with you and the community.

The following will help you make better choices if you find yourself in an active shooting event, how to recognize signs of potential violence around you, and what to expect after an active shooting takes place. Remember during an active shooting to RUN. HIDE. FIGHT.

Before

  • Make a plan with your family, and ensure everyone knows what they would do if confronted with an active shooter.
  • Look for the two nearest exits anywhere you go, and have an escape path in mind & identify places you could hide.

During

RUN and escape if possible

  • Getting away from the shooter or shooters is the top priority.
    Leave your belongings behind and get away.
  • Help others escape, if possible, but evacuate regardless of whether others agree to follow.
  • Warn and prevent individuals from entering an area where the active shooter may be.
  • Call 911 when you are safe, and describe shooter, location, and weapons.

HIDE if escape is not possible

  • Get out of the shooter’s view and stay very quiet.
  • Silence all electronic devices and make sure they won’t vibrate.
  • Lock and block doors, close blinds, and turn off lights.
  • Don’t hide in groups- spread out along walls or hide separately to make it more difficult for the shooter.
  • Try to communicate with police silently. Use text message or social media to tag your location, or put a sign in a window.
  • Stay in place until law enforcement gives you the all clear.
  • Your hiding place should be out of the shooter’s view and provide protection if shots are fired in your direction.

FIGHT as an absolute last resort

  • Commit to your actions and act as aggressively as possible against the shooter.
  • Recruit others to ambush the shooter with makeshift weapons like chairs, fire extinguishers, scissors, books, etc.
  • Be prepared to cause severe or lethal injury to the shooter.
  • Throw items and improvise weapons to distract and disarm the shooter.

After

  • Keep hands visible and empty.
  • Know that law enforcement’s first task is to end the incident, and they may have to pass injured along the way.
  • Officers may be armed with rifles, shotguns, and/or handguns and may use pepper spray or tear gas to control the situation.
  • Officers will shout commands and may push individuals to the ground for their safety.
  • Follow law enforcement instructions and evacuate in the direction they come from, unless otherwise instructed.
  • Take care of yourself first, and then you may be able to help the wounded before first responders arrive.
  • If the injured are in immediate danger, help get them to safety.
  • While you wait for first responders to arrive, provide first aid. Apply direct pressure to wounded areas and use tourniquets if you have been trained to do so.
  • Turn wounded people onto their sides if they are unconscious and keep them warm.
  • Consider seeking professional help for you and your family to cope with the long-term effects of the trauma.

We sincerely hope you never have to use these tips, but if you do, hopefully it can save a life.

Stay safe out there.

Florida city loses over $500,000 from spear-phishing attack
By in

Florida city loses over $500,000 from spear-phishing attack

The city of Ocala, Florida has become the latest victim of a ‘spear-phishing attack’. Officials revealed that the city lost over $500,000 after sending a payment to a fraudulent bank account.

According to Ocala.com, the city’s website, the incident occurred when a scammer sent a phishing email to a city department employee.

The scammer pretended to be a construction contractor working with the city and sent an email, requesting payment for services via electronic transfer.

While the email was phony, the underlying invoice was legitimate – which was enough to trick the employee.

The employee mistook the email to be legitimate and inadvertently transferred $640,000 to a fraudulent bank account set up by the scammer.

Here’s the thing, the email address used in the attack included an extra letter that is not part of the legitimate contractor’s email. So, it was only one letter off but enough to pass the human firewall test.

Once the city learned of the payment to the fake account, it reported the issue to law enforcement agencies.

About $110,000 was still in the account when law enforcement later tried to access it. So, the scammer collected a just over $500,000.

The Takeaway

Ocala spokesperson Ashley Dobbs confirmed that no information systems were compromised in the incident. Furthermore, Dobbs added that the incident has been isolated and customers’ data is safe. Now let’s be clear, that taxpayer money is straight up gone. What’s the city doing about this? Here’s what they said:

“While we can’t change this outcome, we will continue to update and refine our cybersecurity systems and training to minimize future impacts.”

So, they’re doing exactly what all companies should be doing – cybersecurity training. This is small, short, ongoing micro-training sessions to educate employees on the latest methods criminals use to try and trick them into giving out company data such as employee records and bank account information. As you can see, once that money is gone, it’s gone for good and that could really sink even a medium sized business. At Cylanda, we do this and more, including monthly simulated phishing attacks to keep your employees on their toes. Feel free to reach out if this sounds like something you and your organization could benefit from. We can help.

Stay safe out there.