Information Technology

Schools and universities are facing an unprecedented level of ransomware attacks as incidents continue to severely impact the education sector. The warning comes from Jisc, a not-for-profit organisation that provides network and IT services to higher education and research institutions. Jisc’s ‘Cyber Impact 2022’ report suggests there’s an increased threat of ransomware attacks against education. 

ZDNet Recommends

According to the report, dozens of UK universities, colleges and schools have been hit with ransomware attacks since 2020, causing disruptions for staff and students, and costing institutions substantial amounts of money. In some incidents, Jisc says impact costs have exceeded £2 million. SEE: Cybersecurity: Let’s get tactical (ZDNet special report)And the attacks keep coming, as the report details how two universities and a further education and skills (FES) provider were hit by separate ransomware attacks during March 2022.The institutions aren’t specified, but the report says each incident caused a significant impact as systems were taken down to prevent further spread of malware, and to safely recover and restore data. In one case, a third party was called in to help the organisation fully recover from the incident.  According to Jisc, higher education views ransomware and malware as the top cybersecurity threat, followed by phishing and social engineering. The report suggests that one of the reasons universities have become such a common target for ransomware attacks is because of the pandemic-induced sudden shift to remote working for staff and students that inadvertently left institutions open to attack. For example, the switch to remote education led to a big rise in the use of remote desktop protocol, which can provide ransomware attackers with a route into networks.  Cyber criminals can send out phishing emails to steal usernames and passwords, which they can use to enter networks via legitimate user accounts. It’s also possible for cyber criminals to use brute-force attacks to break into accounts that use common or previously breached passwords. “This underlines the importance of basic security controls being in place, such as protections against brute-force attacks,” says the report. While the threat posed by ransomware and other cyberattacks to higher education is well known, some institutions are struggling, particularly when IT and information security teams are hamstrung by a lack of resources. “We are doing our best, but all areas of IT support seem to be growing and requiring more attention and it’s one part of a larger role (where its importance should be far greater). The pandemic has only stretched us further,” an undisclosed FES provider told Jisc. SEE: These are the problems that cause headaches for bug bounty huntersOne of the steps that organisations can take to protect accounts from being hacked and exploited to help launch a ransomware attack is to provide all users with multi-factor authentication (MFA). According to Jisc, there has been a sharp rise in the number of institutions that have MFA in place, although it hasn’t yet been rolled out across the board yet.It’s also recommended that universities encourage the use of strong, unique passwords, which makes them harder to guess and for cyber criminals to breach accounts, even if another account by the user has previously been stolen. In addition, it’s highly recommended that security patches are rolled out as soon as possible, so that devices, operating systems and software aren’t left exposed to known security vulnerabilities. MORE ON CYBERSECURITY More

Welcome to this week’s installment of Ask ZDNet, where we answer your burning tech questions.  In the mailbag this week: Is Microsoft really threatening to cut off security updates for people who install Windows 11 on “unsupported” hardware? How can I make my online services more secure with 2FA? And why is it so difficult to get Google Fiber in a condo or apartment building?  If you’ve got a question about any of the topics ZDNet covers, one of our team of editors and contributors probably has an answer. If they don’t, we’ll find an outside expert who can steer you in the right direction.  Questions can cover just about any topic that’s remotely related to work and technology, including PCs and Macs, mobile devices, security and privacy, social media, home office gear, consumer electronics, business etiquette, financial advice… well, you get the idea.  Send your questions to ask@zdnet.com. Due to the volume of submissions, we can’t guarantee a personal reply, but we do promise to read every letter and respond right here to the ones that we think our readers will care about.  Ask away. 

Is Microsoft really going to cut off security updates for my ‘unsupported’ Windows 11 installation?

I’ve read that Microsoft says installing Windows 11 on an unsupported PC means it won’t be entitled to receive updates in the future. If I do a clean install of Windows 11 on an incompatible PC, is my PC in danger of getting cut off from monthly security updates at some point in the future?

Have you ever heard of FUD? The acronym, short for “fear, uncertainty, and doubt,” has been around a long time, but it was popularized in the 1970s as a way of describing how the giant IBM Corporation discouraged its customers from even considering competing products.FUD is a classic marketing technique used when there’s no good technical argument to make against the choice that the customer is contemplating. It’s odd, though, to see an example like this, in which the giant Microsoft Corporation is using FUD to discourage customers from installing one of its own products.The exact language in that warning is interesting:Installing Windows 11 on this PC is not recommended and may result in compatibility issues. If you proceed with installing Windows 11, your PC will no longer be supported and won’t be entitled to receive updates. Damages to your PC due to lack of compatibility aren’t covered under the manufacturer warranty. [emphasis added]This is, of course, the business-school version of “Gee, nice PC you got there. Be a shame if something happened to it.” But it really doesn’t say that Microsoft is going to cut off your access to updates; it simply says you’re no longer “entitled” to those updates. That word is a tell on Microsoft’s part, disclaiming legal responsibility without actually saying what it will do. In fact, it would require an awful lot of work on Microsoft’s part to configure its update servers to reject requests from PCs based on such detailed configuration information. Doing so would run a risk of snagging customers with valid installations, and it would needlessly anger customers who were otherwise having a perfectly good experience with Windows 11.Instead, that language is a way of convincing timid customers to retire those old PCs in favor of shiny new ones, thereby choosing the option that puts fresh revenue in the pockets of Microsoft and its OEM partners.Also: The best Windows laptops: Top notebooks, 2-in-1s, and ultraportablesThis sort of confusion isn’t without precedent. Back in the days before Windows 10 launched, Windows skeptics were convinced that Microsoft was going to pull the rug out from updates based on some confusing language about the “supported lifetime of the device.” The world’s worst Windows pundit, in fact, was convinced Microsoft was going to start charging Windows 10 customers for updates within two years.That turned out to be a false alarm, for all the same reasons I outlined in this case.It’s possible, of course, that some future Windows update will cause performance and reliability issues on older PCs, but the idea that Microsoft will punish its customers for following a documented upgrade deployment procedure is, in my opinion, highly unlikely.

How do I know which 2FA options are available for the services I use?

A few weeks ago, you recommended using 2FA for online accounts and said using an app or even a hardware key for 2FA is most secure. How can I find out which security options are supported by the services I use? And what happens if your online account (bank, credit card, etc.) doesn’t support advanced security options?

It’s incredibly frustrating to sign in to a service and discover that their advanced security options are weak or nonexistent. There are still too many sites that only support two-step verification using SMS codes, with no option to use an authenticator app or a hardware key.Also: Best security keysFor the most part, finding out which authentication methods are available for a specific site usually requires signing in and then poking around the account options section. Look for anything with the words login or security.If you want to see how your service stacks up against its competitors, check out the excellent 2FA Directory, an open-source project that maintains an exhaustive list of websites, with details on whether and how they support 2FA. If your service isn’t measuring up, and switching is an option, this is definitely the place to start. 

How do I convince Google Fiber to extend service to my building?

I’m about to move into a new condo, and I’ve been looking at my options for internet service. Just about every other building in the neighborhood has access to high-speed fiber options from AT&T or Google, but when I type my new address into either site, they tell me fiber service isn’t available. What can I do to get this option in my building? Am I stuck with Comcast?

Cable TV has been around long enough that its infrastructure is pretty much ubiquitous in modern U.S. housing. That coaxial cable usually offers a connection to the Internet, at terms and prices that might or might not be competitive.One of the best new alternatives to cable is fiber, which typically has the advantage of being faster than cable and offering symmetrical download and upload speeds. Cable systems typically offer fast downloads but much slower upload speeds, which makes a difference when you’re working from home and you’re sharing big projects like video files.Google Fiber, which was an early pioneer in fiber deployment before hitting some speed bumps a few years back, appears to be trying to grow again. A recent news story says the company wants to move into Colorado Springs, even quoting Google Fiber’s general manager of expansion. As of April 2022, there are 20 cities listed on the Google Fiber website.Getting a fiber connection to a single-family home isn’t particularly difficult. Getting connections inside a multi-dwelling unit is a little more complicated. It requires an agreement from the owners of the apartment building or the management of a condo complex, followed by an inspection and then some construction.To handle the logistics of getting service to multiple households in a single building, you need a Network Demarc Point (NDP) outside the building and then a fiber distribution hub inside the building, with fiber distribution terminals and conduit throughout the building. For details on exactly what’s involved, see the Google Fiber Construction Stages and Constructions Guidelines documents. When we asked Google Fiber how you can get your building connected, they recommended that you ask your property manager to fill out the form at google.com/fiber/properties. You should expect a response “within a couple of weeks,” they said, from a team member who can assess whether service is available in the area and whether the building is suitable for connection. If the answer to both questions is yes, they can get the ball rolling.

Send your questions to ask@zdnet.com. Due to the volume of submissions, we can’t guarantee a personal reply, but we do promise to read every letter and respond right here to the ones that we think our readers will care about. Be sure to include a working email address in case we have follow-up questions. We promise not to use it for any other purpose.  

ZDNet Recommends

  More

Millions of Android devices were vulnerable to a remote code execution attack due to flaws in an audio codec that Apple open-sourced years ago but which hasn’t been patched since.    Researchers at Check Point discovered a bug in Apple Lossless Audio Codec (ALAC), which is audio-compression technology that Apple open-sourced in 2011. After this, ALAC was embedded in Android devices and programs for audio playback. 

The problem, as Check Point researchers note, is that while Apple updated and patched its proprietary version of ALAC, the open-source code for ALAC hasn’t been updated since 2011 and it contains a critical flaw that allows for remote code execution. SEE: Google: We’re spotting more zero-day bugs than ever. But hackers still have it too easyA remote attacker can exploit the flaw by sending the target a malformed audio file, which allows the attacker to execute malware on an Android device. The flaw “could have led an attacker to remotely get access to its media and audio conversations,” the researchers said.The bugs affect Android devices with chips from MediaTek and Qualcomm, which have both confirmed the flaws. Qualcomm patched the bug, tracked as CVE-2021-30351, in its December security update. MediaTek also addressed the ALAC issues, tracked as CVE-2021-0674 and CVE-2021-0675, in its December security update.  Qualcomm gave CVE-2021-30351 a “critical” rating with a severity score of 9.8 out of a possible 10. “An out of bound memory access can occur due to improper validation of number of frames being passed during music playback,” Qualcomm says in its advisory.  MediaTek rated CVE-2021-0675 as a “high” severity elevation of privilege bug due to “improper restriction of operations within the bounds of a memory buffer in alac decoder”. It affects dozens of MediaTek chips used in devices running Android versions 8.1, 9.0, 10.0, and 11.0, according to MediaTek.  “In alac decoder, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation,” it notes. MediaTek says CVE-2021-0674 is a “medium” severity rating that “could lead to local information disclosure with no additional execution privileges needed.” Again, user interaction is not needed for exploitation.  How many Android devices are vulnerable depends on how many people have installed firmware updates in which the flaws are fixed. But the two chipmakers are the largest vendors behind system on chips used in Android devices sold in the US and around the world.Check Point estimates that two-thirds of all smartphones sold in 2021 are vulnerable to what it calls “ALHACK”. Google did release a patch for the Qualcomm bug and MediaTek’s CVE-2021-0675 in its December 2021 update. However, it’s still up to each Android handset manufacture to roll out patches at their own pace. Check Point plans to reveal more details about the flaws at the CanSecWest security conference next month. More

Operators of the LemonDuck botnet are targeting Docker instances in a cryptocurrency mining campaign.

LemonDuck is cryptocurrency mining malware wrapped up in a botnet structure. The malware exploits older vulnerabilities to infiltrate cloud systems and servers, including the Microsoft Exchange ProxyLogon bugs, EternalBlue, and BlueKeep.As noted by Microsoft’s security team in 2021, the threat actors behind the malware are known to be selective when it comes to timing and may trigger an attack when teams are focused on “patching a popular vulnerability rather than investigating compromise.” LemonDuck has expanded its operations from Windows machines also to include Linux and Docker. In an ongoing, active campaign, Crowdstrike says that Docker APIs are being targeted to obtain initial access to cloud instances. Docker is used for running containers in the cloud. On Thursday, the cybersecurity researchers said that LemonDuck will take advantage of misconfigurations in instances that cause API exposure to deploy exploit kits and load malware. In a case observed by the team, an exposed API was abused to run a custom Docker ENTRYPOINT instruction and download “core.png,” an image file disguised as a Bash script. The file was downloaded from a domain in LemonDuck’s “vast” command-and-control (C2) infrastructure. “CrowdStrike found multiple campaigns being operated via the domain targeting Windows and Linux platforms simultaneously,” the researchers noted. Core.png will launch a Linux cronjob inside the vulnerable container and then download a secondary Bash file, “a.asp,” the main LemonDuck payload. The cronjob will trigger LemonDuck. The malware will first kill several processes, including network connections, rival cryptocurrency mining operations, and existing ties to mining pools. LemonDuck will also target known daemons tasked with monitoring, such as Alibaba Cloud’s monitoring service. Now the server has been prepared, a cryptocurrency mining operation begins. XMRig, used to generate Monero (XMR), is launched with a configuration set to proxy pools — an attempt to hide the true cryptocurrency wallet address of the attacker. LemonDuck doesn’t stop at just one Docker instance, however. The malware will also search for SSH keys in the file system to log into other servers and repeat its malicious operations. “Due to the cryptocurrency boom in recent years, combined with cloud and container adoption in enterprises, cryptomining is proven to be a monetarily attractive option for attackers, the researchers say. “Since cloud and container ecosystems heavily use Linux, it drew the attention of the operators of botnets like LemonDuck, which started targeting Docker for cryptomining on the Linux platform.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Written by

Jack Wallen, Contributing Writer

Jack Wallen
Contributing Writer

Jack Wallen is what happens when a Gen Xer mind-melds with present-day snark. Jack is a seeker of truth and a writer of words with a quantum mechanical pencil and a disjointed beat of sound and soul.

Full Bio

Tell me, what is the password for your bank account? If you can rattle off that password without thinking, chances are pretty good it’s not nearly strong enough. Any password you can memorize (unless you have an amazing memory) is probably weak. 

Whether you like it or not, it’s way past time you stopped using passwords like password, 12345, qwerty, 111111, 000000, iloveyou, 666666, qwertyuiop, dragon, monkey, or qazwsx. Believe it or not, that list comes from the Nordpass most common password list. That’s right, even with password breaches and massive service hacks becoming the norm, people are still using such simplistic passwords.I get it, I really do. We’re all so busy we don’t have time to add yet another complication to our daily workflow.Also: LastPass vs 1Password: Battle of the password manager titansBut let me ask you a very simple question: Do you really want to prevent bad actors from accessing your accounts and services? The answer should be a resounding, “Yes!” otherwise your approach to security is not in line with modern existence.You might think that to be hyperbole but it’s not. It’s 2022 and if you’re still using weak passwords, it’s only a matter of time before someone hacks any number of your accounts. Consider this, according to Hive Systems, if you use password as an account password, it only takes about 5 seconds to crack it. If your password is 12345678, it can be cracked instantly. If, however, that password is an 11 character combination of upper case, lowercase, numbers, and symbols, that password would take years to crack.Of course, at this point, you’re thinking, “I don’t want to have to memorize a bunch of impossible passwords.” Good thing you don’t have to. In fact, when you employ a password manager, you only have to memorize one password. That one password will unlock a vault containing all of those passwords you’ve created and are next to impossible to memorize.Let’s step back a bit.How does this even work?If you’re new to the world of password managers, let me explain to you how they work. Think of the password manager as a safe, where you can store all of your important bits. Those bits are individual entries for all of the accounts and services you use. You’d create an entry for:Your bankFacebookTwitterInstagramTiktokAmazonAny work systems you useNetflixHuluIn other words, a password manager keeps all of your passwords locked away in a virtual safe and only you have the key to open it. That key is yet another password but it’s the only one you have to memorize. To make this even easier, if you’re using a password manager on your mobile device, you can set it up to unlock using either biometrics (such as a fingerprint or face scanner) or your phone password/PIN. Even better, most password managers include a feature called a random password generator. So when you’re setting up a new account, you don’t have to worry about creating a complicated, strong password. Instead, you let the password manager create the password for you. Using this feature ensures you will not only be using very strong passwords, but it helps keep you from reusing passwords from one site/service to the next. With the help of a password manager, every site/service you use will have its own strong and unique password.If you want to keep your accounts from being hacked, that is the single most important first step you can take. Also: 1Password review: Pretty close to perfectBut the fun doesn’t end there. With some password managers, you get browser integration which means you land on a site that requires a password, and the password manager (once you enter the vault unlock password) will auto-fill the credentials for you. The implications of that are important:You don’t have to have your browser save your password (which can be a security risk).You get the added benefit of using very strong passwords.You only have to type a single password for everything.At this point, you’re probably thinking, “But my web browser has a built-in password manager!” Although that’s true, those built-in password managers aren’t nearly as secure as a stand-alone password manager, nor do they include all the bells and whistles found within a good password manager. If you want the most secure browser experience, you won’t ever allow your browser to save your passwords, and you’ll instead use a password manager with browser integration.Convinced yet? If not, let me spell it out for you in terms that will hopefully open your eyes to why a password manager is an absolute necessity these days:If you don’t use one, eventually one or more of your accounts will get hacked.It’s as simple as that.So, what password managers should you consider? Take a look at what ZDNet believes to be the best password managers on the market.What are you waiting for? Install a password manager and start using very strong and unique passwords for all of the sites and services you use.You’ve been warned.

Jack Wallen: How To More

Businesses in farming and agriculture have been warned that they should be prepared to face an increase in ransomware attacks at critical – like spring planting or harvest. The alert by the FBI suggests that ransomware gangs see farming and agriculture as a lucrative target where victims could be more willing to pay a ransom for a decryption key because of the time-sensitive nature of the industry. Ransomware attacks targeting agriculture could disrupt planting and harvesting operations, potentially impacting the food supplies, not only for people, but also for farm animals, something which could disrupt the wider food supply chain, as well as causing financial damage to farmers.Since 2021, multiple agricultural cooperatives have fallen victim to ransomware attacks, particularly during the spring planting and autumn harvesting seasons. The alert details how there were six recorded ransomware attacks against grain cooperatives during the fall 2021 harvest and two attacks early this year. The attacks in the fall took place in the space of a few weeks between September and October and involved several different ransomware variants, including Conti, BlackMatter, Suncrypt, Sodinokibi (REvil), and BlackByte. Some of the victims had to halt production. The alert doesn’t mention if any of the victims paid the ransom.  SEE: Cybersecurity: Let’s get tactical (ZDNet special report)More recently, a Lockbit 2.0 ransomware attack against a multi-state grain company in March 2022 affected grain processing, along with additional services relating to delivering seeds, fertilizer, and logistics services which were all disrupted by the attack. The FBI alert also notes how in February 2022, a company supplying feed milling and other agricultural services detected and reported unauthorised intrusions into the network which could have been an attempt to deploy a ransomware attack. The attempted incident was stopped before additional damage was done. “Although ransomware attacks against the entire farm-to-table spectrum of the food and agriculture sector occur on a regular basis, the number of cyber attacks against agricultural cooperatives during key seasons is notable,” said the alert. The FBI says cyber criminals will continue to exploit network, system, and application vulnerabilities within the farming and agricultural sectors – but that there are several steps organisations can take to help avoid falling victim to ransomware attacks. These include implementing network segmentation, installing security updates for operating systems, software and firmware as soon as they’re released and using multi-factor authentication whenever possible. It’s also recommended that strong passwords are applied to accounts, data is regularly backed up and stored offline and that organisations should implement a recovery plan, so they know what to do if they do fall victim to a ransomware attack.MORE ON CYBERSECURITY More

Decentralized finance (DeFi) project Beanstalk has lost $182 million in a flash loan attack.

It might seem more like a corporate heist than a typical cyberattack. Still, this security incident was possible after the unknown threat actor secured the project voting rights necessary to transfer reserve funds away from the project’s liquidity pools.On April 19, Beanstalk, a credit-based stablecoin protocol project based on Ethereum, said the platform was subject to a flash loan attack two days previously. The cyberattack exploited the project’s protocol governance mechanism. According to a post-mortem conducted by Omniscia, the exploit occurred due to the recent implementation of the Curve LP Silos, “ultimately permitting the attacker to conduct an emergency execution of a malicious proposal siphoning project funds.” Flash loan functions in DeFi projects allow users to borrow large amounts of virtual funds for a short period of time. In Beanstalk Farm’s case, voting powers were based on the amount of tokens held. Omniscia says that after the attacker secured a flash loan — and, therefore, extensive voting rights normally used to accept or decline changes in the protocol’s code — an emergency governance mechanism was abused to ‘vote’ for a malicious proposal and allow themselves to send funds to a wallet they controlled. The flash loan was then repaid. According to PeckShield, who first spotted the attack, total losses reached $182 million, with the attacker able to pocket roughly $80 million. Other losses were due to the fees required to execute the flash loan. Stolen assets were then liquidated into Ethereum (ETH). Beanstalk says approximately $76 million in non-Beanstalk assets were stolen from liquidity pools. Beanstalk was paused following the discovery of the attack, but this was not enough to prevent the theft or claw back the stolen funds. Remaining BEANs in the exploiter contract have been burned. In a tweet, Beanstalk offered the attacker 10% of the stolen funds as a bug bounty if they returned 90%. Notably, the thief also appears to have sent $250,000 to the Ukrainian relief fund Ukraine Crypto Donation. “Beanstalk Farms, the decentralized development team working on Beanstalk, is preparing a strategy to safely re-launch a more secure Beanstalk with a path forward,” the project says. There are several goals on the roadmap: attracting investment to restart Beanstalk; preserving “as much of each Farmers’ Stalk, Seed, and Pod positions as possible,” and “aligning new capital with previous Stalk and Pod holders.” “This eye-watering amount of money stolen will not only bite financially but in it will potentially chip away at the trust too,” commented Jake Moore, Global Cyber Security Advisor at ESET. “Attackers are heavily targeting crypto finance systems due to the extremely high rewards whilst often leaving no remanence of evidence whatsoever.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

LinkedIn users are being urged to watch out for suspicious emails because the professional networking website is one of the most popular brands targeted by cyber criminals in phishing attacks.According to cybersecurity researchers at Check Point, who analysed phishing emails sent during the first three months of this year, over half of all phishing attacks (52%) attempted to leverage LinkedIn. 

ZDNet Recommends

The phishing emails are designed to look like they come from LinkedIn, but if the recipient clicks the link, they’re sent to a login page designed to look like LinkedIn, and if they enter their email address and password, they’ll be handing them to the attacker, who can use that information to log in to the victim’s LinkedIn account. SEE: A winning strategy for cybersecurity (ZDNet special report)The attacks aren’t particularly sophisticated. But by targeting a commonly used service like LinkedIn, there’s a good chance that some of the recipients won’t spot that what they’re interacting with is a phishing attack. “These phishing attempts are attacks of opportunity, plain and simple. Criminal groups orchestrate these phishing attempts on a grand scale, with a view to getting as many people to part with their personal data as possible. Some attacks will attempt to gain leverage over individuals or steal their information, such as those we’re seeing with LinkedIn,” said Omer Dembinsky, data research group manager at Check Point Software. While LinkedIn was the most commonly spoofed brand for phishing attacks during the reporting period, it’s far from the only known company that cyber criminals are attempting to leverage in attacks. Some of the other brands cyber criminals spoof in phishing emails include DHL, Google, Microsoft, FedEx, WhatsApp, Amazon and Apple. In many cases, the aim, like the LinkedIn attacks, is to steal usernames and passwords, although researchers warn that, in some cases, malicious links and attachments are used to deliver malware. Cyber criminals send out mass-phishing campaigns because, unfortunately, they tend to work – people are clicking malicious links and downloading attachments. But there are often tell-tale signs that an email could be a malicious phishing message.  “Employees should be trained to spot suspicious anomalies such as misspelled domains, typos, incorrect dates and other details that can expose a malicious email or text message. LinkedIn users, in particular, should be extra vigilant over the course of the next few months,” said Dembinsky. LinkedIn provides users with the ability to use multi-factor authentication, which, if applied, can provide an extra barrier against phishing attacks. “Our internal teams work to take action against those who attempt to harm LinkedIn members through phishing. We encourage members to report suspicious messages and help them learn more about what they can do to protect themselves, including turning on two-step verification,” a LinkedIn spokesperson told ZDNet in an email.”To learn more about how members can identify phishing messages, see our Help Center here,” they added.Some of the warning signs that an email might be an attempted phishing attack can include the message containing bad spelling, grammar, and a message that isn’t addressed to you personally, or a message claiming to be urgent that needs to be acted upon immediately. Messages asking you to download an attachment to install a software update should also be treated with caution.A common tactic used in phishing emails is to tell users that their account has been hacked. If you are worried that an email with a cybersecurity warning that says you need to change your password might be legitimate, the best course of action is to avoid the URL in the email and visit the website directly. If there really is an issue, the website will tell you and you can take the necessary action. MORE ON CYBERSECURITY More