Lowering The Cybersecurity Risks Created By Staff
Commentary and Checklist
A new Facebook Messenger scam takes advantage of users' interest in seeing videos of themselves posted online.
In this scam, victims receive a Facebook message from a friend asking them "You are in this video?" with a link to the video they are supposedly in. When users click on the link, it directs them, not to a video, but to a fake Facebook login page. The page asks the victim to enter his username and password, which the cybercriminals then steal and use to access the account. The hackers then use the compromised account to send the scam message to more users.
Alternately, the video link may direct the user to a page with a link to download video software infected with malware. If the user clicks the link, his computer will be infected. Waqas "Facebook users hit with "You are in this video?" malware scam," www.hackread.com (Jan. 2017).
- Prohibit staff from using work devices to check their personal email or social media pages. If you do allow social media use at work, require staff to use their personal devices.
- Train staff to never click on a link or open an email attachment unless they are certain what it is, even if the email or message was sent from someone they know.
- Prohibit staff from posting your or your family's personal information or images on their social media pages. Also prohibit staff from "checking in" to locations when they are with you or your children, and from posting about upcoming vacations with the family.
- If staff posts on your personal or organizational social media pages as part of their work duties, make sure they clearly understand what information can and cannot be shared. Tell them not to click on links shared over social media.
- Train staff on signs of a malware infection and to immediately disconnect from the Internet if they suspect an infection, but to leave the device on. That way a computer professional can more easily investigate the issue.
- Tell staff to notify their manager promptly if they believe their work device or computer was hacked.
Finally, your opinion is important to us. Please complete the opinion survey: