Encryption Guidance Newsletter Phishing Ransomware Social Engineering

Have a Happy (and Secure) Thanksgiving

Turkeys Photo

People across America are preparing to travel over the river and through the wood, visiting friends and family for Thanksgiving. The American Automobile Association predicts more than 53 million people will travel for Thanksgiving this year, an increase of 13% from 2020 and the most significant single-year increase since 2005.

Many of us are eager to reunite with loved ones after more than a year of separation. Meanwhile, “cyber actors halfway across the world are looking for ways—big and small—to disrupt the critical networks and systems belonging to organizations, businesses, and critical infrastructure” (CISA, November 22, 2021).

At a recent House Judiciary Committee hearing, Federal Bureau of Investigation director Christopher Wray warned that “cyber threat is increasing almost exponentially” (Doherty 2021). The holidays are a particularly vulnerable time because offices are often closed, and employees are home celebrating with their friends and families. Earlier this year, cyber attackers launched major ransomware attacks on holiday weekends, including the Independence Day attack on Kaseya and the Mother’s Day attack on Colonial Pipeline .

CISA and the FBI urge organizations and individuals to exercise extra caution to prevent cybercrime this holiday season. Whether cyber attackers want to hold organizational data and systems for ransom or gain access to your bank account, they often target individuals as the point of entry. Travelers are desirable targets because they carry a “goldmine of data” while traveling, including passports, credit card information, bank account information, boarding passes, and travel itinerary information (Kane 2019). Criminals sell these data on the dark web or use them to craft convincing phishing attacks to learn login credentials and other personal information.

This holiday season, please protect yourself and the WashU community at home and while you travel. Remember the following tips to stay safe online:

Travel Security

  1. Don’t charge your devices at public USB stations. Cybercriminals modify these stations to download your data or install malware on your device. Instead, charge and back up your devices before you leave and bring a portable charger with you.
  2. Don’t connect to public Wi-Fi networks and disable auto-connect on your devices.
  3. Credit cards offer more consumer protections than debit cards, so use them to pay for things whenever possible. If you need to use an ATM, choose a machine inside a bank branch where cybercriminals are less likely to have tampered with it.
  4. Check your financial accounts and rewards accounts regularly to identify any suspicious activity.
  5. Avoid verbally sharing details about your travel in public places or posting details in publicly visible areas (e.g., social media accounts). Wait to post travel photos until you’re back home.
  6. Shred your tickets, boarding passes, luggage tags, and other travel-related personal information after you’re finished using them.

Device and Data Security

  1. Treat your devices as if they are valuable. Never leave them unattended.
  2. If you’re taking work with you while you travel, consider using a loaner laptop .
  3. Backup your data and update your devices before you leave.
  4. Turn on “ Find My ” or other device-locating features before you leave.
  5. Make sure your devices are encrypted .

Phishing Awareness

  1. Do not interact with suspicious emails, voicemails, or text messages or click on any links they contain. When in doubt, use known contact information to verify the offer or request.
  2. Be very skeptical of urgent requests. Urgency is a social engineering tactic cybercriminals use to manipulate victims.
  3. Watch out for grammar, punctuation and spelling mistakes. These are phishing red flags.
  4. Never provide personal information or login credentials upon request. Ignore these requests or reach out to the purported requestor using known and publicly available communication channels to verify the authenticity of the request.

Related Posts from the Office of Information Security