Just six days ago we broke the news that the FBI has issued a ransomware alert.

In recent posts we have shared the definition of ransomware and earlier we told you the Department of Homeland Security (DHS) issued a warning about hackers infiltrating VPNs and how you could resolve the issue.

In the past, the federal government would occasionally be proactive regarding the topic of cybersecurity. Lately, it has become very frequent.

Recently, a DHS official said the lack of cybersecurity talent is a national security threat!

Th DHS also warned about ransomware in September of this year.

The IRS warned about phishing emails this past August.

There is a slew of cybersecurity news we’ve been reporting on which we think would be helpful as a resource to help you learn about how to protect your organization.

Other past FBI warnings included one about North Korea, another which suggests organizations use layered defenses to stay cybersecure, and yet another ransomware warning from May of 2016.

Law enforcement and governments are increasingly getting involved with companies that were hacked. Sadly – quite often this happens after the breach has taken place and not handled properly.

In two recent cases the New York Attorney General went after Dunkin for fraud and deceit in conjunction with a mishandled attack as well as a $65,000 penalty for Bombas LLC – they also mishandled an attack and the theft of customer records.

The FBI in Portland, OR sent a press release helping to keep us secure. It was put out by Beth Anne Steele. We reached out to her to ask about the potential criminal liability associated with paying a ransom – if it falls into the hands of ISIS, another terrorist organization or a hostile foreign power. We have been asking the FBI about this since 2016 but have not received an answer.

Beth Anne was not available for comment and her voicemail referred us to a media email address which we used to ask our question. We did not hear back immediately and will update this post if we do.

Here is the full release from the FBI:

Oregon FBI Tech Tuesday: Building a Digital Defense Against Phishing and Spear Phishing Attacks

Welcome to the Oregon FBI’s Tech Tuesday segment. This week: building a digital defense against phishing scams.

October is cyber security month in the U.S., and in recognition of that, we are going to take some time over the next few weeks to explain some basic threats and terms that everyone needs to know to keep themselves safe online.

Let’s start with “phishing”.

There are many different types of fishing: deep sea fishing, ice fishing, fly fishing… you get the point. But today, we want to talk about phishing with a “ph”—and the related problem of “spear phishing.”

Phishing is when a fraudster sends you texts, emails, or other messages with the intent of tricking you into responding in some way. He will often include a malicious attachment or link in the message. If you open the attachment or click on the link, the scammer can gain access to your device.

From there, the possibilities are endless. He can install ransomware that will lock you out of your computer. He can steal your data or install software that allows him to track all of your activity, including the passwords you enter. He can gain access to your bank accounts, credit cards, and the most personal info you have stored.

Spear phishing is a more personalized version of the same scam. In this case, instead of receiving an email from a random individual, the scam artist will send you a personalized message that appears to come from a trusted source. It could look as though it comes from a friend, a business partner, a social media acquaintance, or even your bank. There are many variations of the scam, but the scam artist will often tell you a story to trick you into giving up your private information. For example, the fraudster may:

• Say he’s noticed suspicious activity on your account and wants you to verify your information
• Include a fake invoice
• Offer a government refund or claim you won a prize

So what are the warning signs of such scams?

• Phishing messages often look legitimate—as though they came from a person or company you know. It’s easy to spoof a logo, and scammers will often make their messages look like they are from a trusted source.
• They will ask you to click on a link or open an attachment.
• They may ask for you to provide passwords, bank account numbers, or other confidential information.
• They will use fear to try to pressure you to act quickly. They may threaten to close your account, fine you, or even have you arrested if you don’t move quickly.

What can you do?

• Protect your devices by using anti-virus and anti-malware software. Set the software to update automatically.
• Don’t assume that a message that looks like it is from a friend or business associate is real. Call or email the person or company to confirm before ever clicking on a link or opening an attachment.
• Most importantly, if you have any doubt—don’t click.

If you have been a victim of this online scam or any other fraud, report it to the FBI’s Internet Crime Complaint Center or call your local FBI office.