Jump to Footer
Cybersecurity
We rely on the internet, computers, and other technologies for almost every part of our business, which is why our Cybersecurity team is here to keep you safe.
At Peoples, we work with sensitive information on a daily basis. Our Cybersecurity team defends that information and the property of Peoples, our customers, and you—our employees. And as you use technology and computers in your professional and personal life, we are here to help you make the right decisions, detect suspicious activity, and know how to report cyber events. By helping us, you are an extended member of the cybersecurity team!
News
-
Safety
Watch out for Utility Scammers
As the pandemic continues to pass and more people are losing their jobs , scammers have taken the opportunity to take advantage of people in this heightened state of anxiety. The latest of these have taken the form of spam calls designed to sound and act like a representative of a utility company. This call states you that you owe them money, and that your utilities will be shut off if the debt is not paid.
If you should get a call from someone like this, there are some steps you can take to better protect yourself:
- Verify the information yourself. Call the utility using the number on your bill, get in contact with someone that you have verified actually works for the utility and get the information from them directly.
- Never give out banking information over the phone. Utility companies will never ask for bank information over the phone, and will never force you to pay. If you get a call from someone trying to force you to pay this is most likely a scam.
- Know the signs to identify a scam call
- Sense of urgency – the caller will try and make you feel like you HAVE to pay making threats to shut off your utility.
- They ask to be paid using a gift card, cash reload cards, or cryptocurrency.
- They ask for your bank information, no utility should ever ask for this information over the phone.
If you experience a call like this you should report this to the utility that they are pretending to be. This allows them to reach out to their customers and let them know someone is out there pretending to be them, along with the FTC. More information on this topic can be found here.
-
Safety
Massive Spyware Campaign Distributed via Chrome Web Store
Recently a spyware campaign was discovered, and was found to have been downloaded 32 million times via Google chrome’s web store. When Google was finally alerted to this issue, they took immediate action to remove the malicious add-ons.
This has been the farthest reaching campaign of this type to date. Sadly, though, this is not an uncommon occurrence. This past February, an independent researcher uncovered a similar campaign that affected over 1.5 million users through 500 fraudulent extensions. Here at Peoples, we restrict Chrome extensions to a curated list, specifically to protect users against these types of attacks. It’s still important to be aware of fraudulent extensions, though, to protect yourself at home as well. If you require an extension from the Chrome store, please request it through the help desk. Cybersecurity will review your request and act accordingly.
You can read more about this attack here.
-
Peoples Cybersecurity Awareness Update
As we all continue to work through the COVID-19 situation there are a few important items to be aware of and keep in mind to stay secure, both in our personal usage of computers as well as in our roles at Peoples.
Read More
-
Safety
Be Careful With What You Share Online
Given the current stay at home situation, where boredom reigns supreme, it’s easy to find yourself filling your free time scrolling through social media. Many have found themselves taking the popular quizzes from their friends asking their favorite color, pet names, etc. that get shared on these social networks. Beware of these types of interactions, many of them are designed to reveal answers to secret questions you have used to secure other online accounts. This is a popular tactic for hackers to gather information on user accounts that can eventually be used to leverage access to your account!
The FBI has recently sent out a warning to pay attention with what you share online so that it doesn’t come back to bite you.
Remember to be mindful of what you share online, you might be giving up more than you realize!
Also, remember the best way to protect your online accounts is to enable Multi-Factor Authentication if available.
-
How to safely clean your smart phone
COVID-19 has been a main story across global news outlets and keeping clean has been a common theme. You know to wash your hands and to use hand sanitizer, but do you know how to clean one of the dirtiest items that you touch every single day?
According to some sources, your smart phone screen can be up to seven times as germ-ridden as a toilet seat. That is why it is important, now more than ever, to keep your smart phones and tablets disinfected. Below are two articles by How-To Geek and Apple explaining the best methods to clean your screens while protecting your device.
How-To Geek Article
Apple Product Cleaning Tips
-
Safety
Don’t get fooled by malicious content around COVID-19
With current events revolving around the COVID-19 pandemic, it’s easy to get swept up in the hype, making you want to click on articles, emails and other information that may be sent to you. While it is important to educate yourself on issues such as these, events like this can also pose a significant threat from a Cybersecurity perspective.
Events like these are a perfect storm of sorts, for hackers to craft phishing emails, fake websites click, or lure you into opening malicious content. Already, there have been reports of a malicious website that was setup to look like a live map of corona virus global cases. Anyone going to that site is infected with Malware.
It is just as important now, as ever to remain vigilant, and to use your head when doing research on topics such as these. If you have questions or are looking for more information about the pandemic, visit the CDC’s website for reliable information on the status of the outbreak and what to do.
-
Safety
Cybersecurity Alert: Iran
With the recent developments in Iranian – US relations, we would like to take a moment to remind everyone that it is imperative that we all stay on our toes, keeping a vigilant eye out for suspicious emails and behaviors.
Being a utility company, this puts a target on our back to Iranian nationalist hackers. Hackers tied to or sympathetic to Iran have begun making attacks against both US companies, as well as US federal agencies. An attack over the weekend against the Federal Depository Library Program website just goes to show that no organization is so unimportant/obscure that they won't be targeted.
Please keep this in mind going forward, and stay alert! Remember; look for the signs before opening any emails:
- Don’t open emails from people you don’t know, or weren’t expecting
- Check for poor grammar usage
- Don’t click on links or attachments from emails you weren’t expecting. If it looks like it was from someone you know, call and confirm that they sent it!
Be careful when using social media as well! Iranian hacking groups have a history of using LinkedIn and other social media site to follow and get information on targeted companies. DO NOT accept connection requests from unknown persons. A best-practice is to contact the requester by direct email or phone (don't use the address/phone the requester provided) and verify they sent the request.
-
Safety
Tips to stay safe this holiday season!
The Holidays are quickly approaching, which also means its prime time for cyber criminals trying to take advantage of people. Make sure that you take the extra time this holiday season to better protect yourself and your privacy!
Be wary of Emails and Social Media Deals
Hackers love to use this time of year to try and take advantage of people looking for a good deals. Make sure you read over emails and social media deals very closely, and if it sounds too good to be true, it probably is!
Always do your research
Whenever possible stick to the big name brands: Amazon, Best Buy, Walmart etc. These companies have robust security, so chances of your information getting used for malicious purposes are small. If you do decide to shop at smaller sites, make sure you do your research first! Make sure they are a legitimate place to shop!
Avoid online shopping on public Wi-Fi
It’s always best practice to avoid doing sensitive information over public Wi-Fi, this includes shopping online. Whenever possible, contain this to the comforts of your own home – you never know who else is on a public Wi-Fi network.
Remember, an ounce of prevention, is worth a pound of cure. Keep yourself safe this holiday season. Nothing kills the holiday spirit like getting a call from the credit card fraud department!
Have a Happy Holiday
The Cybersecurity Team
-
Safety
Protect Yourself from Romance Scams!
With the growing popularity of online dating, the Federal Trade Commission has recently released a video to help people better identify and defend against romance scams. The video explains different scenarios that scammers may try to use in order to trick you into sending them money, things like them saying that their aunt is sick and they need money, or that they need money to buy a plane ticket to come see you. You should always use caution when interacting with people you’ve never met over the internet – you never know who could be on the other side.
Please take a moment to watch the video and learn some ways of identifying these types of scams. If you have been a victim of a romance scam, you should file a report with the following:
-
Safety
Be Wary of Social Media Invitations!
Recently, The U.S Cybersecurity firm, FireEye is warning that an Iranian linked group has been on the prowl, targeting users on the popular social network, LinkedIn. They have been sending out fake invitations to join professional networking groups. The emails associated with these invitations contain malware that when triggered, will infect and steal logon credentials and other data. The consensus in the security community is that the recent geopolitical tensions in the Middle East have led to an increase in Iranian based cyber espionage.
An example of what one of these attacks looked like, involved a message sent on LinkedIn from a user named “Rebecca Watts” who appeared to be employed as “Research Staff at the University of Cambridge”. The message was an invitation to submit a resume for potential jobs, and had a link to an .xls file which contained malware. Once the Malware is triggered, it would establish a backdoor, which would then proceed to collect system information, upload and download files, and execute commands on the infected device.
Please remember to stay vigilant when using social networks! The same rules apply as when reading emails:
- Don’t ever open links, or files that are shared with you from invitaitons that you aren’t expecting.
- Look for suspicious signs, like spelling errors, signs of urgency, or deals that sound too good to be true
If you receive any suspicious emails please forward them to Cybersecurity@peoples-gas.com or contact the IT Helpdesk at 412-473-3900 or 1-888-216-0654.
-
Hackers May Have Access to You Webcam
This Monday, a security researcher published information on security and privacy issues relating to the very popular video conferencing software Zoom. The security issue affects over four million Mac webcams. One of the biggest issues allows websites to turn on a Mac user’s camera without explicit consent, and possibly without their knowledge. One of the bigger concerns with this vulnerability is that even if you uninstall Zoom, it leaves a web server up and running on the host computer, allowing Zoom to still download software onto the machine. This is how single click meetings work inside the app. You can read more about them here.
Zoom has released an emergency patch to address this vulnerability. If you are a Mac user, and have used Zoom in the past, please download the patch immediately. Information on how to do this, and on the patch itself can be found here.
