Russian/Ukraine Cyber Threat Alert



Author: TJ Hurt, Vice President of Information Security at Vista Bank

CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) highlighting regular targeting of U.S. companies from nation-states and Internet-based special interest groups (hacktivists). These bad actors often take advantage of conflict, natural disasters, or worldwide events to try and exploit individuals and companies through email phishing and other threats. Below are some best practices to keep you and our community safe from cyber threats.

Watch out for Ukraine/Russian phishing scams. Phishing scams use fraudulent emails, texts, phone calls and websites to ellicit a quick response. Do not click on links or open any attachments or pop-up screens from sources you are not familiar with, and NEVER give your password, account number or PIN to anyone.

Rely on official sources for the most up-to-date information on the Russian/Ukraine situation. Scams may appear to come from a popular news source directing recipients to a fake site for “Breaking News”

Do some research before making a donationBe wary of any business, charity or individual requesting Ukraine-related relief payments or donations in cash, by wire transfer, gift card or through the mail. 

Remember that the safest place for your money is in the bank—it’s physically secure and it’s federally insured. When you deposit your money at a bank, you get the comfort of knowing that your funds are secure and insured by the government. You don’t have the same level of protection when your money is outside the banking system.

Keep your computers and mobile devices up to dateHaving the latest security software, web browser, and operating system are the best defenses against viruses, malware and other online threats. Turn on automatic updates so you receive the newest fixes as they become available.

Recognize and avoid bogus website linksCybercriminals embed malicious links to download malware onto devices or route users to bogus websites. Hover over suspicious links to view the actual URL that you are being routed to. Fraudulent links are often disguised by simple changes in the URL. For example: www.ABC-Bank.com vs ABC_Bank.com.

Change your security/password settings to enable multi-factor authentication for accounts that support itMulti-factor authentication—or MFA—is a second step to verify who you are, like a text with a code. This greatly increases your cybersecurity protection.  

Help others by reporting Russian/Ukraine scamsVisit the FBI’s Internet Crime Complaint Center at www.ic3.gov to report suspected or confirmed scams. You can also stay up to date on the latest scams by visiting the FTC. https://www.ftc.gov/tips-advice

If you receive one of these messages, the best practice is to delete it. If you are uncertain of a message, it is always best to err on the side of caution and consult an IT professional.

Please refer to our Fraud Resource Center for many more tips to keep you and your business safe.

For additional information regarding cyber threats, please visit: https://www.cisa.gov/shields-up