Internet-enabled crimes and cyber intrusions are becoming increasingly sophisticated and preventing them requires each and every user of a connected device to be aware and on guard.
“It’s no longer enough to be on the lookout for something in your inbox that appears suspicious,” said FBI Cyber Division Assistant Director Matt Gorham. “As criminals have grown savvier and their efforts more targeted, individuals and organizations need to scrutinize messages and requests that appear legitimate.”
Some of the most common and damaging Internet-enabled crimes begin with an employee clicking a link in an email that appears to be from a colleague, following the instructions in a message that looks like it came from a supervisor, or opening an account link or invoice that seems to be from a trusted vendor.
“These routine actions can be what exposes a computer or an entire network to a ransomware attack, data breach, or another crime,” said Gorham. “As we mark National Cybersecurity Awareness Month, our hope is to focus attention on the efforts required to safeguard individual computers and accounts and secure and protect critical data and infrastructure.”
Now in its 16th year, National Cybersecurity Awareness Month is hosted every October by the Department of Homeland Security and the National Cyber Security Alliance. Multiple agencies and organizations, including the FBI, collaborate to raise awareness about cybersecurity and stress the collective effort needed to stop cyber intrusions and online thefts and scams.
“Today’s cyber threat is bigger than any one government agency—frankly, bigger than government itself,” FBI Director Christopher Wray said at a cybersecurity conference in March. “But I think no agency brings the same combination of scope and scale, experience, tools, and relationships that the FBI has.”
The FBI works in close coordination with the private sector as well as with state, local, and international partners to understand and anticipate cyber threats and pursue cyber criminals.
During National Cybersecurity Awareness Month, the FBI joins in asking every user of a connected device to Own IT. Secure IT. Protect IT.
“We look to the public and to organizations to engage by understanding these threats, taking preventive action, and reporting cyber crimes when they occur,” said Gorham.
Understand Current Threats and Know How to Report a Crime
- Visit the FBI’s Cyber Crime page, list of common scams, and the Internet Crime Complaint Center (IC3) to learn about current online risks.
- Use the IC3 complaint form to report crimes when they occur.
Safeguard Your Systems
- Visit the National Cyber Security Alliance website for technical tips and guidance on how to stay safe online. Among the most important tips is to create a strong, unique passphrase for each account and institute a multi-factor authentication process for all account changes.
- Watch a series of videos on cybersecurity created by the FBI as part of its Protected Voices program. The videos are directed to political campaigns, but the advice applies to everyone.
Cyber Safety Tips
All computer users should keep systems and software up to date and use a good anti-virus program. These programs are not foolproof, however, and computer users themselves often help cybercriminals get through these safeguards. To avoid inadvertently downloading malicious code that can harm your network or giving a criminal money or valuable information, the FBI recommends these tips:
- Examine the email address and URLs in all correspondence. Scammers often mimic a legitimate site or email address by using a slight variation in spelling.
- If an unsolicited text message or email asks you to update, check, or verify your account information, do not follow the link provided in the message itself or call the phone numbers provided in the message. Go to the company’s website to log into your account or call the phone number listed on the official website to see if something does in fact need your attention.
- Do not open any attachments unless you are expecting the file, document, or invoice and have verified the sender’s email address.
- Carefully scrutinize all electronic requests for a payment or transfer of funds.
- Be extra suspicious of any message that urges immediate action.
- Confirm requests for wire transfers or payment in person or over the phone as part of a two-factor authentication process. Do not verify these requests using the phone number listed in the request for payment.