Intro
Welcome back! This is episode 32 of The Insider Threat podcast, for January 29th, 2018.
How are you all? Not a whole lot for news here.. just working through compliance stuff, training some new hires, and working on some new ice breakers for awareness training at work. The joke I tried in my last one was absolutely terrible, so obviously that one won't work.
We're getting ramped up for the second BSidesNoVA conference and so far it looks like it will be another great success. If you plan on coming out, let me know so we can meet up.
That's all I've got for announcements, so..
Infosec Trivia Question
It's time for your Infosec Trivia Question, where Google is king and the prize is nonexistent!
The question last episode was "In the book titled "Little Brother", the main character is able to bypass government surveillance techniques and pass secure messages. What kind of device did he hack in order to accomplish this task?"
The answer was "an XBox".
In the setting for this story, the caming consoles were given away practically for free in hopes that profits would come from overpriced games. The main character was able to find a way to secure the devices and send encrypted messages to other citizens of San Francisco who wanted to evade government survaillance. If you haven't read this book, it's pretty good. A little bit on the rebelious teen side, but the message and setting are believable.
Congratulations to Annabelle from Marnoch, Marcus from Toronto, Daniel from Madison, and Paul from Michigan for getting the correct answer.
Here's your question for this episode: "In the 1960s, someone was ablde to get away with creating fake checks, pretending to be a lawyer, a doctor, an airline pilot, a security guard, and an agent from the US Bureau of Prisons before finally getting caught at the age of 21. Who was this person?"
Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag "PotsAndPans".
Discussion Topic for the Episode
This episode’s discussion topic is staying safe during tax season
If at all possible, try to avoid having hard copies of W-2s sent to your house
Never click links in emails (go directly to the website you use for online filing)
Send fraudulent emails to phishing@irs.gov
The IRS will never call you or ask for personal information through email
If someone tries to impersonate the IRS, they will make it seem urgent that you pay through obscure methods (gift cards, paypal, wire transfer, prepaid credit cards)
If someone has already filed on your behalf, go to www.identitytheft.gov for step-by-step instructions to report the fraud and get it taken care of
File your taxes as early as possible (if you file first, they can't file fraudulently)
News
Email phishing scam caused leak of approx. 340 people's full names, social security numbers, home addresses, and salary
Employee at Charlotte Housing Authority received email claiming to be from the CEO asking for employee information for W2s
Without hesitation, employee provided the information
Fairly easy and inexpensive way to combat these types of incidents is to have email flagged if it comes from an external source
Of course, training can help as well
Listener Feeback
Someone called the google voice number but didn't leave a voicemail. I'f I'm not able to answer right away, please either leave a voicemail or text message. I'm hesitant to return calls from strange numbers without knowing who they are.
Closing Thought
Our closing thought for this episode comes from Colin Powell, retired four star general and former secretary of state. He said, "A dream doesn't become reality through magic; it takes sweat, determination and hard work."
Outro
Thank you for listening to episode 32 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.
You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Go to our website, www.theinsiderthreatpodcast.com, to find the show notes for this and every other episode, as well as links to the topics we've covered. You can also go to the website to find a link to the Patreon page and subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.
Thanks again and I'll see you folks next time!
Contact information:
Call in number: (443)292-2287
Email - steve@theinsiderthreatpodcast.com
Blog - http://www.stephenhigdon.com
Twitter - https://twitter.com/stevehigdon
LinkedIn - https://www.linkedin.com/in/stevehigdon-infosec/
Comentarios