Follow our Featured News to stay current with service changes, new service releases, awareness, and education on current services and technology.
People have protected their personal information and sensitive documents for centuries. Historically that involved mostly physical protections, but in a digital world, physical protections are not enough. Physical protection of sensitive documents can occur by locking them away in a drawer or renting a safety deposit box at the bank. However, protecting a person’s digital information can be more difficult. Personally Identifiable Information (PII) is any type of unique information that can be used to distinguish or trace an individual’s identity. In the wrong hands, stolen personal information can lead to financial loss and identity theft.
PII comes in many forms. Some examples of PII include, but are not limited to:
Name: full name, maiden name, mother's maiden name
Personal Identification Numbers: social security number (SSN), driver's license number, taxpayer identification number, financial account number, credit card number
Biometric Data: Facial recognition, retina scans, thumbprint
Criminals use many nefarious methods of stealing PII in order to commit identity theft including public data breaches, capitalizing on a lost or stolen device, and collecting data from publicly available sources. While identity theft is concerning, the actual damage usually comes after an attacker uses the stolen information for malicious purposes. This can lead to devastating consequences for the victim, especially when the attacker starts targeting important aspects of the victim’s life such as insurance, bank, and credit card information. Many victims of identity theft are usually unaware that they have been compromised and are surprised when faced with the reality of the consequences, such as damaged credit and loss of personal funds, as well as financial and emotional stress.
Protect Your Digital Identity
Your identity exists in digital form all over the Internet. It is critical to guard your digital privacy — in order to protect your identity and finances!
The following are specific steps you can take to protect your online information, identity, and privacy.
Think Before You Act: Be wary of communications that implore you to act immediately, offer something that sounds too good to be true, or ask for personal information.
Use Unique Passwords: Hackers often use previously compromised information to access other sites. Choosing unique passwords for each site keeps that risk to a minimum. Using an encrypted password manager to create and store your passwords makes it easy to securely access your accounts.
Get Two Steps Ahead: Switch on two-step verification or multi-factor authentication wherever offered to prevent unauthorized access.
Be Aware of What's Being Shared and With Who: Be aware of the type of information you are revealing when you share posts, pictures, or videos online. It is also important to know who you are sharing your information with. It is recommended to review your information on social networks regularly.
Own Your Online Presence: Set the privacy and security settings on web services and devices to your comfort level for information sharing. Privacy and security settings often change, it is important to frequently review the settings to ensure you are comfortable with them.
If you detect signs that someone is trying to use your identity, you should immediately alert your bank and report it to one of the three major credit card bureaus. Ask them to place a fraud alert on your credit file and consider putting a freeze on your account. You should also report the identity theft to the federal government and get a recovery plan. You can also choose to contact your local law enforcement and ask about filing a police report. Continue to monitor your bank and credit card statements for charges you don’t recognize.
October 19, 2020
Did you know that email scammers can easily forge the email from address? It’s called email spoofing and it can make the job of spotting scams more difficult.
Email spoofing is a form of impersonation where a scammer creates an email message with a forged sender address in hopes of deceiving the recipient into thinking the email originated from someone other than the actual source. Scammers will use email spoofing to help disguise themselves as a Pastor, supervisor, vendor, or financial organization to trick users into performing some type of action. Scammers use this method of deception because they know a person is more likely to engage with the content of the email if they are familiar with who sent the message.
There are various types of email spoofing.
Display name spoofing portrays a display name of the person being impersonated while leaving the actual sending email address intact.
Example 1: "John Doe"
Example 2: "John Doe"
Scammers can also spoof the entire email address as well or just the domain name, i.e., what follows the @ symbol.
There are a few things you can do to help determine if an email is coming from a spoofed email address or is otherwise malicious.
Check the Email Header Information
The email headers contain a significant amount of tracking information showing where the message has traveled across the Internet. Different email programs display these headers in different ways.
Please note that email headers can be spoofed and are not always reliable.
The following tips can help identify a spoofed message in the email headers.
Identify that the 'From' email address matches the display name. The from address may look legitimate at first glance, but a closer look in the email headers may reveal that the email address associated with the display name is actually coming from someone else.
Make sure the 'Reply-To' header matches the source. This is typically hidden from the recipient when receiving the message and is often overlooked when responding to the message. If the reply-to address does not match the sender or the site that they claim to be representing, there is a good chance that it is forged.
Find where the 'Return-Path' goes. This identifies where the message originated from. While it is possible to forge the Return-path in a message header, it is not done with great frequency.
Example: In this example, a scammer impersonates a clergy of a Parish to send a fake job offer to parishioners. Assume that John Doe is an actual Pastor with an email address of johndoe@parish.name.org. The message requests personal information including an alternate communication path so that if someone else reports the message to the email hosting company (google, yahoo, Microsoft) and blocks are implemented, the criminal can continue to scam any victims that responded with an alternate email or phone number. Once the scammer has an interested individual, he can request that the individual provide personal financial information for the “job” such as a social security number or bank account, cash a fake check, or open a malicious attachment.
From: Pastor John Doe
Subject: Research Assistant Job
Do you want to work remotely from home as a research assistant and earn $250 weekly? If interested, indicate by providing the required information below. You will receive a follow up detailing work schedule. This job requires little to no prior experience.
Full Name:
Cell Phone #:
Alternate Email:
Regards,
Father John Doe
Parish Name
When looking at the headers of this message, it can be observed that the scammer spoofed the display name and domain name to show the actual pastor's name and parish email address. However, a closer look at the 'Return-Path' and 'Reply-To' in the email headers indicates that the sender is not who they claim to be.
From: "Pastor john Doe "
Reply-To: "Pastor John Doe"
Return-Path:
Question the Content of the Message
Sometimes the best defense against phishing is to trust your best instincts. If you receive a message from a supposed known source that appears out of the ordinary, it should raise a red flag. When receiving an unsolicited message, users should always question the content of the message, especially if the message is requesting information or directing the user to click on links or open attachments.
Before responding to any questionable message, perform the following tasks to ensure the message is reliable.
Ask yourself:
Was I expecting this message?
Does this email make sense?
Am I being pushed to act quickly?
Examine the email and look for:
Sense of urgency
Unsolicited request of personal information
Generic greeting/signature
Unfamiliar links or attachments
Contact the sender of the message through a trusted channel
If the email appears legitimate, but still seems suspicious, it is best to contact the supposed sender through a trusted phone number or open a new outgoing email message using their real email address found in the address book. Do not reply to the message in question.
It is important to always remain vigilant when receiving mail whether it is from an unknown sender, someone you are close with, or an organization you are familiar with. Cyber scammers are always looking for new ways to exploit individuals for their own personal gain.
Announcement from FCC /Bureau/Office: Consumer and Governmental Affairs
Date: 03/13/18
If you don't change default passwords on your voicemail accounts, you or your company could be in for an expensive surprise. There are hackers who know how to compromise voicemail systems to accept and make international collect calls without your knowledge or permission.
Date: 03/13/18
Two new serious security vulnerabilities have been discovered in the microprocessors inside nearly all of the world’s computers and mobile devices. Devices running Microsoft Windows, Google Android, Google ChromeOS, Apple macOS using Intel and ARM processors are all affected.
The two flaws, called the Meltdown and Spectre, may allow attackers to use malicious programs to steal passwords, account information, encryption keys, or other sensitive data. Windows, Apple and other vendors have already released updates to address the Meltdown vulnerability.
Spectre, while more difficult to exploit, is unable to be fixed in software and will require manufacturers to create new hardware. It is important to watch for updates from manufacturers of your devices and operating system vendors.
The Meltdown and Spectre vulnerabilities affect many CPUs, including those from AMD, ARM, Intel, virtual CPUs, and the devices and operating systems running on them. There have been no reports of attackers exploiting the Meltdown vulnerability; however, security researchers have demonstrated various methods of exploitation.
Recommendations for personal computers and mobile devices or systems include:
Apply operating system updates as they become available. Microsoft, Apple and others have already released updates that begin to address the vulnerabilities and may release more as researchers learn more about the vulnerabilities and their possible impact. Please note that there are possible performance degradation impacts that will result from the Meltdown updates.
For questions or for assistance in determining the appropriate equipment for your needs, please contact us via email at helpdesk@diometuchen.org.
Date: 10/17/17
Dear Diocesan Members,
Today the Internet is buzzing with reports of newly discovered vulnerabilities in WPA2, a security protocol that protects the confidentiality of Wi-Fi network connections. A bad actor could exploit these weaknesses on an unpatched Wi-Fi network or client to read encrypted communication and in some cases, do additional harm such as change the content of communications and spread malware.
The diocesan Office of Information Systems has already patched wireless network infrastructure on the St. John Neumann Pastoral Center and is working with other locations to confirm that patching is comprehensive. However, other Wi-Fi networks, your home wireless network, and your client devices (computers, mobile devices, etc.) may still be vulnerable. It will take time for all vendors to create patches and even more time for those patches to be applied.
So what should you do?
Thank you for following these best practices and for partnering with us to keep the diocese and each other safe online. Please feel free to email us if you have questions, concerns, or suggestions for how we can improve.
For questions or for assistance in determining the appropriate equipment for your needs, please contact us via email at helpdesk@diometuchen.org.