Tag: cybersecurity

Online Security for PTAs

Posted on by CAPTA IT

By Mireira Moran, California State PTA Communications Commissioner

If you receive an email/text or social media message that seems a bit strange – you might be a target of a scam. You may have received an email that seems like it’s from someone on your board, maybe from their actual email address (or something close). If the message asks you to pick up gift cards or make some other financial transaction, be on high alert.

As a non-profit association, PTA can be vulnerable to these types of cybercrimes at all levels. As a PTA leader, you are a person most likely to receive these types of emails, especially if you are the president or treasurer. 

Here are commonly asked questions to help you better understand and deal with the situation. 

Why are they sending these emails?

The goals of these emails are to gain access to your information, often for financial gain. But it may not be obvious at first. 

What should I be watching out for?

  1. Email Phishing – typically from fraudulent or spoofed email messages – appear to come from legitimate sources. The message will usually direct you to a spoofed website or otherwise get you to divulge private information (such as bank account information or account passwords or even ask you to purchase gift cards). The perpetrators then use this private information to commit identity theft or trick you into sending money in some form.
  2. Ransomware/malware –a virus that installs covertly on the victim’s computer system and encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them. Often malware is triggered by downloading files or clicking links from untrustworthy sources which appear to be legitimate.

How do the scammers have access to real email addresses?

  1. Spoofing – This usually occurs when spammers gain access to another user’s data and clone their contact list. From there they can replicate any of the contacts’ email addresses. These email addresses will appear to be legitimate. This does not necessarily mean that their email has been “hacked”, the email address may have been forged.   
  2. Fraudulent emails – This is when spammers have access to names but are not able to access accounts. Often you will see the person’s name but when you look at their email address it will be different (example: John Smith <1615168@nonsenseemail.baloney>).

So how should you handle this sort of situation?

  1. If you receive an email from a fraudulent email address, please report it to your email provider immediately and delete the email. This process differs depending on your email provider.  Don’t click on links from people you don’t know.
  2. If you receive an email from an email address you recognize but you suspect it is not the actual person: do not click on any of the links, do not forward to anyone, do not reply to the email. Contact the person another way–call them, text them, email them and alert them to the situation. Delete the email immediately. This is likely email spoofing. If this happens on your PTA email account, send a message to: ITAlert@capta.org

How can I prevent this from happening?

Though it is not possible to entirely prevent these things from happening there are a few things you can do to protect yourself, your accounts, and your contacts. 

  1. NEVER SHARE FINANCIAL INFORMATION IN AN EMAIL (including gift cards)
  2. Always double-check where the email is actually coming from. 
  3. Do not click any links or download any attachments in the suspicious email
  4. If you are in doubt as to the validity of an email, contact the person directly (call/text)
  5. Use anti-virus software on all your devices
  6. Run regular updates on your devices
  7. Establish 2-factor authentication whenever possible
  8. Do not connect to unfamiliar or unsecured Wi-Fi
  9. Do not use the same password for multiple accounts

Beware of Tricky Texts

Posted on by CAPTA IT

By California State PTA Treasurer and state office IT Staff

We are no strangers to various scams across the internet — whether it’s through phone calls regarding our car’s extended warranty or emails from princes in faraway countries. Now a new type of scam is becoming commonplace text messages. 

When we log into our bank, we are often given codes to enter or links to ‘tap on’ that are sent via text as part of a 2-factor authentication method. These are one-time use links that validate our identity to help prevent scammers. Beware, more and more scammers are attempting to exploit people by spoofing these validation texts. Read on to learn what you can watch for.

With this kind of scam, you will receive a text message with a link to click on to verify your identity, typically with an accompanying message indicating that some type of action is needed in your account. Often it will be from a bank you don’t use and they are hoping to have guessed your bank correctly. Occasionally that shot in the dark works and it may appear to be from a bank you have an account with. When this happens you could get a call from the scammers themselves, asking for more information to validate your identity (i.e. your login information, or passcodes that have been sent to you).

As with all SPAM and SCAM messages, unless you are expecting this information from your bank, never click on any links or attachments in the messages. While you can always ignore these and delete them, if you are concerned that your account has been compromised, you should immediately reset your account password by logging in through a computer/tablet, not on your cellular device. Never do this through a reset link that you did not request. Lastly, never share a passcode that you are sent via text message from your financial institution. These passcodes are only intended to be entered by you into the webpage that you initiated to receive it from. 

The best rule of thumb when dealing with possible scams like this is to hang up, look up, and call back. Hang up the phone if you receive a call, look up the institution and their correct customer service phone number, and then call the institution that you hold an account with. They will verify if the request for information is valid or if someone is trying to scam you out of your money or gain access to your personal information.

Taking Personal Responsibility for Cybersecurity

Posted on by CAPTA IT

October is Cybersecurity Awareness Month

“The line between our online and offline lives is indistinguishable. In these tech-fueled times, our homes, societal well-being, economic prosperity and nation’s security are impacted by the internet,” the National Cybersecurity Alliance

The truth of that statement has really come home to families and schools in the last 18 months. We have all become increasingly dependent on the internet to learn, to connect with each other, to shop for necessities, and to stay entertained. That makes Cybersecurity Awareness Month an ideal chance for families to learn more about what they can personally do to stay safe online. 

Start With Some Basics for Individuals

It’s easy to think of cybersecurity as a topic that’s just of concern to large companies and organizations, not something individuals can do much about. A central goal of Cybersecurity Awareness Month, however, is to point out all that we can do to keep ourselves and our information safe on the internet.

For example, there’s a list of basic steps you personally can take to keep your information safe, including: 

  • Use long, unique passphrases (they needn’t be complex) that are easy for you to remember and at least 12 characters long. 
  • Use 2-factor authentication or multi-factor authentication (such as a one-time code sent to your mobile device) whenever it’s offered.
  • Don’t click on links or download anything that comes from a stranger or that you were not expecting. 
  • Keep all software on your internet connected devices current to reduce risk of infection from ransomware and malware.
  • Limit what you do on public WiFi and avoid logging in to key accounts like email and financial services. 

These are just some of the recommendations you’ll find in this two-page guide to cybersecurity basics. You can do your part for cybersecurity awareness by sharing it with others in your PTA, your family, and your community.

Resources for Keeping Kids Safe Online

Acknowledging the increase in internet activity brought on by the pandemic, there’s also a Tip Sheet about Online Learning meant for parents and students: Security Tips for K12 Online Learning.

As kids get older, they need to take greater responsibility for their own cybersecurity. Thankfully there are some great resources available to help families have the “tech talk” about online privacy, and even a guide for helping kids learn about cybersecurity careers. These would be great resources to share. 

You’ll find all this and much more at the official Cybersecurity Awareness Month website: Cybersecurity Awareness Month – Stay Safe Online

In addition, National PTA, in collaboration with LifeLock has developed a web-based tool to facilitate parent-child conversations about being responsible with the use of technology. It’s called The Smart Talk.

Online Security for PTAs: What You Need to Know

Posted on by CAPTA IT

You may have received an email appearing to be from someone on your board — or that even has their actual email address — asking for some sort of financial transaction, but it wasn’t actually from them.

As a non-profit association, PTA can be vulnerable to these types of cyber crimes at all levels. PTA leaders are most likely to receive these types of email, especially if you are the president or treasurer.

Here are a commonly asked questions to better help understand and deal with the situation.

Why are they sending these emails?

The goals of these emails are to gain access to your information, often for financial gain.

There are two main ways they can do this:

  1. Email Phishing – typically from fraudulent or spoofed email messages appearing to come from legitimate sources, usually direct you to a spoofed website or otherwise get you to divulge private information such as bank account information or account passwords or even ask you to purchase gift cards. The perpetrators then use this private information to commit identity theft or trick you into sending money in some form.
  2. Ransomware/malware – a virus that installs covertly on the victim’s computer system and encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them. Often malware is triggered by downloading files or clicking links from untrustworthy sources which appear to be legitimate.

How do they have access to these email addresses?

  1. Spoofing – This usually occurs when spammers gain access to another user’s data and clone their contact list. From there they can replicate any of the contacts’ email addresses. These email address will appear to be legitimate. This does not necessarily mean that their email has not been “hacked.”
  2. Fraudulent emails – This is when spammers have access to names but are not able to access actual email accounts. Often you will see the person’s name in the “from” line, but when you look at their email address it will be different (example: John Smith <1615168@nonsenseemail .bs>).

So how should you handle this sort of situation?

  1. If you receive an email from a fraudulent email address, please report it to your email provider immediately and delete the email. This process differs depending on your email provider.
  2. If you receive an email from the address of someone you know but you suspect it is not from that actual person, do not click on any of the links, do not forward to anyone, do not reply to the email. Doing so just increases the likelihood that someone will click on the link or divulge financial information. Please delete immediately. This is likely email spoofing.

How can I prevent this from happening?

Though it is not possible to entirely prevent these things from happening, there are a few things you can do to protect yourself, your accounts, and your contacts:

  1. Use anti-virus software on all your devices
  2. Run regular updates on your devices
  3. Establish two-factor authentication whenever possible
  4. Do not connect to unfamiliar or unsecure Wi-Fi
  5. Do not use the same password for multiple accounts
  6. Do not click any links or download any attachments in the suspicious email
  7. NEVER SHARE FINANCIAL INFORMATION IN AN EMAIL

Click here to return to the blog homepage.