How Often Do You Look At The URL? It Could Be Fake

When you browse to a website you assume that if you type in a specific URL, you will connect to that website and in turn the data you provide to that website will be kept secure. Unfortunately, cybercriminals continue to find new ways to inject themselves between you and the secure websites you are trying to visit. They are getting so sophisticated in their methods, that is nearly impossible to detect anymore.

But there are some ways to protect yourself. The most important thing to remember is that when you browse to any website that requires you to provide login credentials or any confidential information, look for the encrypted session. Even though this added check is no secret, the reality is that people often don’t pay attention; especially when they are in a hurry. When you visit a website and the URL starts with “https://,” it indicates that the webpage you are viewing has been encrypted and should generally be considered secure. However, just having those characters at the beginning is not a guarantee of security. You also need to confirm that the encryption is validated. To accomplish this, most modern web browsers will display a warning if there is a problem with the encrypted session. It is up to you to choose to ignore this warning or not. There should never be a situation where you continue to provide confidential information to a website if you have received a warning that the connection is not secure, or the security certificate is not valid. This warning is telling you there is something wrong. If that’s the case, you shouldn’t trust anything about the webpage.

If you visit a website that is asking for login or other confidential information and you do not have an encrypted connection with “https://,” you should stop. Any legitimate website will always provide encryption when requesting this type of information. If you visit a website often and if the site looks the same as every other day, it is easy to stop paying attention to the URL. However, the cybercriminals are onto this and are taking advantage. So you need to remain diligent to ensure you remain secure.

It is also important to remember that you can manually type in the URL for where you would like to go, but actually end up at a malicious website instead. Even worse, the URL will still reflect that website you intended to connect to. This is due to both “Man in the Browser” and DNS type of attacks. These happen so quickly, that you won’t even know it happened either until it’s too late, or never.

Man in the Browser attacks allow criminals to modify your web browser through malware and cause the information displayed and accessed to be manipulated without your knowledge. But wait! That’s not all. The page might show https:// and not even throw any error messages. This is why keeping up with security patches and keeping your computer clear of malware is so important. In addition, DNS attacks can allow criminals to alter where your browser connects causing it to appear to be connected to one website, but in reality it is connected somewhere entirely different. In these situations, the criminal will make the alternate website appear as though it was the original website you intended to connect to, but this new site will actually be designed to steal your confidential information.

Like with most cybercriminal activity, there is no way to eliminate all risk when browsing on the Internet. In fact, the cybercriminals are getting very good at staying a few steps ahead of the defenders. Instead, it’s up to you to remain diligent and watch for little things that might indicate there is something out of place whenever browsing. And in the words of the TSA, “if you see something, say something” to your manager or someone in the IT department.
In addition to stealing information in the above manner, web browsing remains one of the top ways that computers become infected with malware. With that in mind it is easy to understand why organizations continue to focus attention on web browsing security.

One of the biggest mistakes that employees make when it comes to web browsing is overconfidence. They assume that the organization has implemented filters intended to protect them from browsing to potentially malicious websites. While it is indeed true in many cases, when it comes to blocking all malicious websites, it is impossible. This is why it is even more important that everyone understands the risks and makes every effort to avoid putting their computers and the corporate network at risk.

Criminals will attempt to install malware on your computer via web browsing in a variety of ways, ranging from the more obvious attacks in which a website will attempt to send you software to download and install, to the undetectable zero-day vulnerability exploits. There are also other attacks that can take place through web-based applications. These often ask you to install or update a plugin or add-on.

If you are browsing to a website and it requires you to install any software to continue, you should immediately stop and ask someone in your IT department for help. It is rare that your computer will require new software to be installed by a third party website to work properly. In most cases this software will either be malicious or include some level of marketing spyware that will slow your computer or potentially make it unstable. Again, just remember that if any website asks you to download or install something, talk with IT before going any further.

Zero-day exploits take advantage of zero-day vulnerabilities. These can be the single biggest threat to your organization’s network. A zero-day vulnerability means that there is an unpatched vulnerability on your computer and there is no way to fix it. That’s because the developers of the software didn’t know it existed until it was either exploited or someone found it and news got out.

An often-exploited product for these types of issues is Adobe Flash. When a new vulnerability is discovered in Adobe Flash, it may be several days or even longer that your Flash Player is at risk and no patch is available to fix it. The problem is that if you browse to a website that has malicious code on it, simply connecting to the page is all it may take for the vulnerability to be exploited on your computer.

In these situations, you will not see a warning or receive any indication that something may be wrong or is happening. In fact, in most cases it will appear as if you have just browsed to a webpage and everything is fine. Unfortunately, because there is no patch available, there is often very little your IT department can do to protect you. That is why it is so extremely important that you are cautious in choosing where you browse on the Internet. It is also the reason it is so important that you never tamper with your anti-virus, personal firewall, or other security software on your computer and always allow all security updates and patches to be applied when they become available.

There are some instances where a webpage may prompt you to install an application. In these instances, you will be prompted to choose “Yes / No” to install it or “Install / Cancel.” Criminals are creative though and they will make it so that if you choose no or cancel, the page will just prompt you again and again until it wears you down. In some cases, you will not be able to browse to any other page or even close the webpage you are on at the time. The hope by the criminal is that you will simply choose to install the application so that you can move on. It is important that you never give in. In fact, this is a pretty solid indicator that something nefarious is about to happen. Instead pick up the phone and contact your IT department and explain to them what is happening. They will be able to help you get out of the webpage and get back to safe browsing.

Of course other risks do exist when browsing on the Internet outside of malware being installed on your computer. The unfortunate reality is that browsing on the Internet will always be a risk to your computer and your organization’s network. Limiting where you browse and remaining diligent about potential security risks can at least help reduce your chances of falling victim to malicious website attacks. If you are ever even slightly suspicious that you may have visited a malicious website or if your computer seems to be acting strangely or different from normal, don’t hesitate to contact your IT department and make them aware of your concerns.

Stickley on Security
Published July 18, 2019

Fake Browser Updates Source Of Ransomware And Banking Malware

An all-out alarm reported by Surcuri finds bogus alerts circulating about the need to download the latest browser update. Although it’s always recommended to keep software up to date, this report finds hackers are exploiting that call to action in a big way. Using fake updates isn’t exactly a new hacking exploit, but hackers are getting better at it over time and this latest attack is a solid example of that.

Surcuri finds this fake update tactic has been active for a few years. Looking back to 2017, a malvertising campaign discovered by Proofpoint used fake browser updates to install fraudulent advertising malware called Kovter. And in November of 2018, Malwarebytes Labs found the FakeUpdates malware campaign. With alarm bells now ringing, Surcuri’s discovery sounds off about this latest installment of fake update alerts.

Hackers are known to exploit anything they can for success, and in this case, they use the well-known advice to users to update software as soon as possible. In this latest discovery by Surcuri, hackers use email links or script code to compromise a webpage. Either way it’s done, the code results in a message box popping up that tells users a critical error happened due to using an outdated web browser.

Users are then instructed to update the browser, even displaying a visual in the background to simulate their chaotic and vulnerable browser. Clicking the “Update” box the hackers provide, a ZIP archive is released, again displaying messages that appears to be loading a legitimate browser update file. The iOS “update” downloads a Windows EXE file full of ransomware. For Android users, banking malware is downloaded. Users are totally unaware of what exactly is going on, believing they did the right thing by updating their browser and avoiding further “critical errors.”

Unfortunately, with fake updates improving every day, users need to be highly aware of the problem and take steps to avoid being the next victim. Basic checks on the viability of an update are necessary and not difficult to do. Perhaps the most effective way is to first go directly to the source of the update. In this case, typing the Microsoft website name into the browser address line to verify if there truly is an update available. Then always download it directly from the real website whenever possible. This applies to all updates, not just for this one or Microsoft. Hackers notoriously use Adobe updates to spread malware. Going directly to its site is also advised.

Never use web addresses or phone numbers provided in an update message, as they are put there by hackers who want you to do that browser update. Always double check a URL to make sure it’s exactly where you expect to go. Hackers are very good at shifty spelling tricks designed to look like the correct URL. Even the smallest spelling change of one character is enough to send users down the wrong rabbit hole. Always keep system updates current, as added security features may help identify a fake and very harmful browser update.

Stickley on Security
Published July 19, 2019

The New Psychology of Spending: Making A Move From Maximizing To Minimizing

Many of us understand that personal finances are much more than income and expenses. Our spending habits, which directly impact our personal bottom line, are also affected by our emotions, values, and desires. This is known as the “psychology of spending.” Spending money, as opposed to saving, provides an instant feeling of gratification and control. We may spend to fill perceived voids in our lives, to please others, feel “better than” others, or a whole host of other emotionally-driven reasons. We get stuck trying to maximize our social standing, happiness, or clout. In contrast, maximizing our savings does not provide that immediate emotional fulfillment (even if it would logically allow us to have more of those things that we emotionally desire).

While we may understand this emotional complexity around spending, many of us have a more difficult time figuring out how to control those. Many different psychology-based approaches exist, and the newest is the minimalist approach to finances. This movement is based around the minimalist philosophy that less is more. Traditionally, minimalist approaches apply to cutting down the clutter from our homes, personal lives, and diets. It is no surprise then that the minimalist movement would carry over into finances. This minimalist approach to finances lets you clear away the “junk” in your budget so you can clearly see where your money is going. Such insight is integral for setting and reaching financial goals.

The first step in creating a minimalist financial plan is to fully understand your personal values and goals. The key is to simplify your financial goals so that they are concrete and concise. Rather than having 10 different saving goals, you can reframe those goals with a specific dollar amount that covers all categories. For example, a person may be saving for a down payment on a car ($4,000.00), a new phone ($800) and a vacation ($2,000.00) during the year. Rather than trying to track and prioritize three separate goals, instead, she could simply set one goal of saving $6,800.00. This makes it easier to save and keep on track.

Next on the list for creating a minimalist financial plan budget is to evaluate where you spend your money, and more importantly, why. This evaluation is more than simply listing out general budget categories, such as beauty services or clothing. Instead, you look at each specific purchase, and then figure out if those expenses further your financial goals. For example, if a person spends $500 a month on clothing, he would ask if these purchases put him closer to his financial goals or are satisfying a personal desire. Perhaps the $500 is necessary for work attire, or perhaps he could find a less expensive clothing supplier to purchase from, or even just cut the expense in half or more. This helps weed out superfluous purchases from the necessary.

The final step in creating a minimalist financial plan is to consolidate accounts as much as possible. A minimalist budgeter typically has one checking account, one savings account, one credit card that is only used in case of emergency, and a simplified investment/retirement plan. This again helps keep track of spending and saving, which makes it easier to stay on track financially and ease the stress of monitoring multiple accounts.

A minimalist approach to spending may not be right to everyone, but it can shift the focus on spending from emotions to necessities. It allows consumers to spend intentionally and learn to live on less (in order to meet long-term financial goals). Do you think a minimalist financial plan can work for you?


Insure Your Love With Life Insurance

Nobody enjoys talking about death. We don’t even like to think about it, rather, we act like we are going to live forever. However, if we think about the legacy that we will leave behind, it starts not only with how we cared for those that we loved while we lived but also in our death. Nothing says “love” like life insurance because you are making sure the financial needs of those you love are taken care of even after you are gone.

Because life insurance is a key part of your financial plan, it’s important to make a smart, informed decision before purchasing coverage. Consider the following questions when shopping for the right fit for you and your loved ones:

– What type of life insurance should I buy?
– How much coverage do I need?
– Do I really need life insurance?

Types of Life Insurance

Term life insurance is likely the most budget-friendly life insurance coverage available. It covers you for a period of time, known as a “term” of usually 10, 20 or 30 years. Additionally, some policies have premiums that never increase throughout the term. The application process is generally easy and in some cases requires no medical exam. With term life, you decide how much you can afford in policy costs and the length of time you need to be insured.

Permanent life insurance is typically more costly and complicated but offers additional benefits such as cash value growth and the ability to borrow over time. While whole life is the most common permanent life policy, others include universal, variable and variable universal.

How much coverage do I need?

While industry experts suggest you need 7 to 10 times your annual income in life insurance coverage, the amount you need really depends on two factors: your current net worth and your loved one’s lifestyle and future needs. Start by taking an inventory of your assets (savings, retirement accounts, real estate, etc.), then subtract your debts (mortgage, auto loans, credit card or student loan debt) and identify your net worth (assets – debt = net worth). If your net worth is negative (you owe more than you own), you’ll likely need to secure coverage to pay off your debts and to cover funeral expenses. Next, figure out what future expenses will be for your loved ones. Consider factors like housing, health insurance, college costs or assisted living expenses (for older adults). Finally, combine the amount you need to cover current and future expenses and choose the coverage that fits your loved one’s needs and your current budget today.

Do I really need life insurance?

If you’re single with no dependents and you have enough savings to cover funeral expenses, you may not need life insurance coverage. It really depends on the ones you’re leaving behind. If your loved ones rely on your income to cover living expenses, and your net worth is insufficient to cover future costs and existing debt obligations, you likely need some amount of life insurance coverage.

It’s easy to put off the decision to purchase life insurance. After all, life insurance is not required by banks or the Department of Motor Vehicles like home and auto insurance is. No doubt, it can easily be pushed aside in your financial plan as less of a priority. While no one ever wants to think about end of life planning, it is one way to leave a legacy of love. Including life insurance in your financial plan can eliminate the financial devastation that can ensue for your loved ones when you’re gone.

If you love someone, tell them, and then ensure they will have peace of mind when you’re gone because you took the time to plan accordingly with life insurance coverage.


Food Waste is Money Down the Drain

How many times have you gone to pour milk in your coffee, only to see that the date on the carton was yesterday? Some people will instinctively throw it away, but chances are that’s not what the label is intended to convey. It’s likely a marker for when the food might taste its best, not if it’s safe to eat.

By some estimates, as many as 91 percent of consumers may misinterpret food date labels. It’s no surprise as there are dozens of different lables in use, but the misunderstanding and lack of meal planning are contributing to a larger problem. Between 30 and 40 percent of the U.S.’s food supply winds up in the trash or a compost container.

The benefits of reducing food waste are numerous. You’ll save money, which may be reason enough. You could also be lowering your carbon footprint by keeping spoiled food out of landfills and cutting down on the growing and transportation of food that doesn’t get eaten.

Cutting back on this waste could start with understanding what food labels actually mean.

Don’t misinterpret food dates as expiration dates. According to the United States Department of Agriculture (USDA), aside from on infant formula, food label dates aren’t an indication of whether or not the food is safe to eat. For example, “best by” may mean the food will taste, look and feel its best if its eaten by that date. It could still be good for days, weeks or even months (for non-perishables) after that date.

Some states do require expiration dates on milk or meat and food labeling could become less confusing across the country. But for now, you may need to rely on your judgment. The USDA writes that if foods don’t show signs of spoilage, such as changing colors or giving off an unpleasant smell, they could still be safe and wholesome.

Quick tips for keeping fruit and vegetables fresh for longer. Regardless of the date, proper food storage can impact a food’s longevity.

-Wait to wash food until you’re about to cook or eat. Otherwise, the moisture could spur bacterial growth.

Strategically store items in your refrigerator. Your food will typically last longer if you put the least perishable items on the door, meat near the bottom back (unless there’s a meat drawer), veggies in the crisper and dairy or drinks near the top.

-Generally, you want to keep fruits and vegetables away from each other because many fruits produce ethylene gas and exposure to the gas could cause vegetables to spoil more quickly. There are also vegetables that produce the gas and fruits that are sensitive to it.

-If you’re storing a fruit or vegetable that gives off and is susceptible to ethylene gas, wrap it in aluminum foil or store it in a paper bag rather than using less-breathable plastic wrap or bags.

You can look for more tips about particular foods online. There are also apps that can automatically connect to your supermarket loyalty programs to track what you buy (or you can upload a picture of your receipt), warn you when something may be going bad and recommend recipes that incorporate those foods.

Find creative uses for foods that are on their way out. Whether you use an app to sync shopping lists and schedule meals or use a paper list, meal planning can help cut down on waste as well. But even with great intentions sometimes things get forgotten, or meals get pushed off until it’s almost too late.

You can save vegetables from the trash by roasting them, making soup or turning them into a casserole. Carrots, potatoes and other root veggies (plus zucchinis) can be grated and fried to make fritters. You could bake fruits into breads, throw them into smoothies or freeze them for later. In the end, the goal is to use everything you buy.

Bottom line: Food waste could be draining your wallet, hurting the environment and in some cases, may be completely unnecessary. Learning to correctly interpret food labels and performing a sight and smell test before throwing something away could help. Taking the time to prepare before you shop, having a plan for how you’re going to use the food you buy and being okay with a last-minute backup plan can help even more. In the end, taking the extra time to evaluate the true condition of your food can save you money.

by Nathaniel Sillin

For the Second Year In a Row, NASA Federal Named Among Forbes’ Best-In-State Credit Unions

Another huge shout out to our members who named NASA Federal Credit Union among Maryland’s “Best-In-State Credit Unions” for the second year in a row. According to Forbes and Statista, 25,000 customers in the U.S. were asked to rate their Credit Unions on overall recommendations and satisfaction, which included trust, terms and conditions, branch services, digital services and financial advice.

“Once again, we’re reminded that our members appreciate our work each day to empower people to achieve a brighter financial future,” stated Douglas Allman, President and CEO of NASA Federal Credit Union. “It’s also evident for the second year in a row that our 95% member satisfaction rate isn’t just a number on paper.”

NASA Federal Credit Union is a national not-for-profit cooperative providing financial services for individuals, businesses and associations. Chartered in 1949, NASA Federal Credit Union serves the diverse needs of more than 165,000 members with a full array of financial services and the strength of over $2.7 billion in assets.

Open your account today by visiting Membership eligibility required. Insured by NCUA.