Cybersecurity Alerts
Cybersecurity alerts provide timely information about current security issues, vulnerabilities, and threats. If you are a B.C. Public Service employee and believe your system may be compromised or at risk, please contact the 7-7000 Service Desk via email or phone 1-866-660-0811, option 3.
Security AlertsSEPTEMBER 21 | SUBJECT: (Attention <your name>) | Re-authenticate 2 Factor Authentication (2Fa) | 09/19/2023 You may have received an email earlier from senders: kobayashi.yoshimi@white.plala.or.jp With the subject line “(Attention <your name>) | Re-authenticate 2 Factor Authentication (2Fa) | 09/19/2023” please note the dates and times varies between each email. This email contained a link prompting you to click on it and provide your credentials. This email is malicious and should be deleted. SEPTEMBER 20 | SUBJECT: Benefit package : Compensation Adjustment, Salary-Increase, Insurance Revision for <your name> You may have received an email earlier today from HR-Payroll-Gov <info@pondmum.com> with a subject line of “Benefit package : Compensation Adjustment, Salary-Increase, Insurance Revision for <your name>”. This email contained a link prompting you to click on it and provide your credentials. This email is malicious and should be deleted. If you clicked and DID provide your credentials, please immediately change your password to something completely different if possible from a different workstation and contact Security Investigations. If you clicked on the link but DID NOT provide your credentials, you do NOT need to take further action. SEPTEMBER 19 | SUBJECT: (Attention <your name>) | Re-authenticate 2 Factor Authentication (2Fa) | 09/19/2023 You may have received an email today or last week from senders iimura@sstkyokai.co.jp, bimschas@cwbrons.de, uda@pwrc.or.jp, soumu@pwrc.or.jp, credso@aminoresq.com, koarai@rm.med.tohoku.ac.jp, support@merca20.com, sales@logic-research.co.jp, or themir@mg.themirrorllc.com with a subject line of “(Attention <your name>) | Re-authenticate 2 Factor Authentication (2Fa) | 09/19/2023”. This email contained a link prompting you to click on it and provide your credentials. This email is malicious and should be deleted. If you clicked and DID provide your credentials, please immediately change your password to something completely different if possible from a different workstation and contact Security Investigations. If you clicked on the link but DID NOT provide your credentials, you do NOT need to take further action. SEPTEMBER 19 | SUBJECT: Review and Sign Gov Files You may have received an email earlier today from nelton.smith@efinancialcareers.com with a subject line of “Review and Sign Gov Files”. This email contained a link prompting you to click on it and provide your credentials. This email is malicious and should be deleted. If you clicked and DID provide your credentials, please immediately change your password to something completely different if possible from a different workstation and contact Security Investigations. If you clicked on the link but DID NOT provide your credentials, you do NOT need to take further action. SEPTEMBER 19 | SUBJECT(S): "Re: CONGRATULATIONS! You have won an iPhone 15 Pro" or "Re: Congratulations on being a valued client!" You may have received an email earlier from an email address 8alWEpn8alWEpn@Ahmedkkk3.onmicrosoft.com or a similar email address ending with @Ahmedkkk5.onmicrosoft.com with a subject line of “Re: CONGRATULATIONS! You have won an iPhone 15 Pro” or “Re: Congratulations on being a valued client!”. This email contained a link prompting you to click on it and provide your credentials. This email is malicious and should be deleted. If you clicked and DID provide your credentials, please immediately change your password to something completely different if possible from a different workstation and contact Security Investigations. If you clicked on the link but DID NOT provide your credentials, you do NOT need to take further action. |
Vulnerability Reports
17th-23rd
N23-403 Red Hat Openstack Undercloud Vulnerability
N23-402 Kubernetes service for notebooks in RHODS
N23-401 Red Hat Single Sign-On for OpenShift Vulnerability
N23-400 Trend Micro Apex One (on-prem and SaaS) Vulnerability
N23-399 Linux Kernel Below or Equal to 54 Vulnerability
N23-398 Apple Security Advisory
N23-397 MongoDB Server running on Windows or macOS Vulnerability
N23-396 Atlassian September Security Bulletin
N23-395 ISC Releases Security Advisories for BIND 9
N23-394 Drupal Core Cache Poisoning Vulnerability
N23-393 Python through 3.9.1 multiple Vulnerabilities
N23-392 Apache Calcite Vulnerability
N23-391 Microsoft Edge Elevation of Privilege Vulnerability
N23-390 OpenStack Vulnerability
N23-389 Red Hat Security Advisory
N23-388 Apple Security Advisory
N23-387 Apache Airflow prior to 1.10.11 Vulnerability
N23-386 Apache Airflow HDFS Provider prior to 4.1.1 Vulnerability
N23-385 Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 Vulnerability
N23-384 Linux kernel before 6.3.4. Vulnerability
N23-383 Ubuntu security advisory (AV23-558)
10th-16th
N23-381 Palo Alto Networks security advisory (AV22-553)
N23-380 Red Hat security advisory (AV23-552)
N23-379 Fortinet security advisory (AV23-551)
N23-378 Mozilla security advisory (AV23-550)
N23-377 Google Chrome security advisory (AV23-549)
N23-376 Microsoft Edge security advisory
N23-375 Microsoft security advisory – September 2023
N23-374 Adobe security advisory (AV23-546)
N23-372 Google Chrome Security Advisory
N23-371 Ubuntu Security Advisory
1st-9th
N23-370 Apple Security Advisory
N23-368 Cisco Security Advisory
N23-367 Google Security Advisory
N23-366 Android Security Advisory
27th- 31st
N23-363 FortiOS Security Advisory
N23-362 VMware Security Advisory
N23-361 Mozilla Foundation Thunderbird Security Advisory
N23-360 Cisco Unified Communications Products Security Advisory
N23-359 Apache Tomcat 9.x Security Advisory
N23-358 HPE B-Series SANnav Management Portal and Global View Security Bulletin
N23-357 Lenovo Multi-vendor BIOS Security Vulnerabilities
N23-356 Lenovo Third-party Bootloader Vulnerabilities
N23-355 Cisco Application Policy Infrastructure Controller Security Advisory
N23-354 Cisco FXOS Software Security Advisory
N23-352 Cisco Nexus 3000 and 9000 Series Switches Security Advisory
N23-350 Dell Security Advisory
N23-349 Google Stable Channel Update for Desktop
N23-348 VMWare Security Advisory
N23-347 Mozilla Security Advisory
N23-346 Microsoft Edge elevation of privilege vulnerability.pdf
N23-345 IBM security advisory vulnerability.pdf
20th - 26th
N23-344 Linux kernel memory management subsystem Vulnerability
N23-343 binutils libbfd.c 2.36 Vulnerability
N23-342 curl 7.65.2 Vulnerability
N23-341 MarkText on Windows, Linux and macOS Vulnerability
N23-340 Cisco IPV Appliance Multiple Vulnerabilities
N23-339 Cisco FXOS Software SNMP Vulnerability
N23-338 MIT Kerberos 5 Vulnerability
N23-337 Google Stable Channel Update for Desktop
N23-336 Linux Kernel Vulnerability
N23-335 xterm before 380 Vulnerability
N23-334 Python cpython v.3.7 Vulnerability
N23-332 Microsoft Edge Elevation of Privilege Vulnerability
N23-331 PHP loading PHAR files Vulnerability
N23-330 Ivanti Security Advisory
N23-329 Dell Security Advisory
N23-328 Apache Airflow Drill Provider Vulnerability
N23-327 .NET and Visual Studio Denial of Service Vulnerability
13th - 19th
N23-324 Linux Kernel Vulnerability
N23-323 Cisco Security Advisory
N23-322 Ivanti Avalanche below version 6.4.1. Vulnerabilities
N23-321 Atlassian Security Advisory
N23-320 Google Stable Channel Update for Desktop
N23-319 Adobe Security Bulletin
N23-318 Apache Traffic Server Vulnerability
N23-317 Python before 3.11.4 Vulnerability
N23-316 Zoom Desktop Client for Windows Vulnerability
6th - 12th
N23-315 Leaking VPN Client Traffic Vulnerability
N23-314 Zoom SDKs before 5.14.7 Vulnerability
N23-313 Apache Airflow Vulnerability
N23-312 Red Hat Security Advisory
N23-311 Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability
N23-310 Juniper Networks Junos OS Vulnerability
N23-309 Microsoft Security Advisory - August 2023
N23-308 Android Security Advisory – August 2023 Monthly Rollup
N23-307 PHP Information Disclosure Vulnerability
N23-306 Linux kernel Out Of Bounds memory access flaw
1st - 5th
AL23-013 Midnight Blizzard conducts targeted social engineering over Microsoft Teams
AL23-012 2022 Top routinely exploited vulnerabilities
N23-304 Aruba AP Multiple Vulnerabilities
N23-303 Apache Helix through 1.2.0
N23-302 Apache Jackrabbit RMI access can lead to RCE
N23-301 Google Stable Channel Update for Desktop
N23-299 Apache InLong Vulnerability
N23-297 Linux Kernel multiple Vulnerabilities
23rd - 29th
N23-294 Linux kernel's Netfilter Subsystem Vulnerability
N23-293 Kentico CMS Vulnerabilities
N23-292 GitHub Repository Absolute Path Traversal Vulnerability
N23-291 Linux kernel through 6.3.1 Vulnerability
N23-290 Veritas InfoScale Operations Manager Vulnerability
N23-289 Linux Kernel multiple Vulnerabilities
N23-288 DedeCMS v5.7.109 Vulnerability
N23-287 Apache EventMesh Vulnerability
N23-286 Citrix Hypervisor Security Advisory
AL23-011 Threat Actors Exploiting Ivanti Endpoint Manager Mobile CVE-2023-35078
N23-285 Red Hat OpenShift Container Platform 4.13.5 Security Update
N23-284 Apple Security Advisory
16th - 22nd
N23-283 Atlassian Security Advisory
N23-282 Adobe Security Advisory
N23-281 Apache RocketMQ Vulnerability
N23-280 Oracle Security Advisory – July 2023 Quarterly Rollup
N23-279 Google Chrome Security Advisory
N23-278 Red Hat Security Advisory
N23-277 Citrix ADC and Citrix Gateway Security Bulletin
9th - 15th
N23-276 Microsoft Edge Security Advisory
N23-275 Zoom Client Vulnerabilities
N23-274 VMware SD-WAN (Edge) Authentication bypass Vulnerability
N23-273 Apple Security Advisory
N23-272 SonicWall Security Advisory
N23-271 Junos OS J-Web Multiple Vulnerabilities in PHP software
N23-270 Cisco SD-WAN vManage Unauthenticated REST API Access Vulnerability
N23-269 Node v20.2.0 Vulnerability
N23-268 Citrix Security Advisory
N23-267 Microsoft Security Advisory July 2023
N23-266 SAP Security Patch Day – July 2023
N23-265 Mozilla Security Advisory
N23-264 IBM July Security Advisory
N23-263 Apple Security Advisory
N23-262 Ubuntu Security Advisory
1st - 8th
N23-261 Cisco Security Advisory
N23-260 Cisco ACI Multi-Site CloudSec Security Advisory
N23-259 Progress MOVEit Security Advisory
N23-258 Vulnerability Android Security Bulletin
N23-257 Linux kernel’s XFS File System Vulnerability
25th - 30th
N23-244 ISC BIND Security Advisory
N23-245 Google Chrome Security Advisory
N23-246 Fortinet Security Advisory
N23-247 Linux Kernel Vulnerability
N23-248 Red Hat Security Advisory
N23-249 Apache Accumulo Vulnerability
N23-250 Linux kernel's versions 5.6 - 5.11 Vulnerability
N23-251 Linux Kernel Local Code Execution Vulnerability
N23-252 Microsoft Edge Chromium Vulnerabilities
N23-253 Trellix Security Advisory
N23-254 Apache Traffic Server multiple Vulnerabilities
18th - 24th
N23-234 KeePassXC through 2.7.5 Vulnerability
N23-235 Linux Kernel Multiple Vulnerabilities
N23-236 Red Hat Multiple OpenShift Products RCI Vulnerability
N23-237 Gradio open-source Python Library Vulnerability
N23-238 Apple Security Advisory
N23-239 Apache Traffic Server Vulnerability
N23-240 Juniper Networks Security Advisory
N23-241 Apache Tomcat Vulnerability
N23-242 VMware Security Advisory
N23-243 Ubuntu Security Advisory
11th - 17th
N23-226 FortiNet FortiOS RCE Vulnerability in SSL VPN devices
N23-228 Citrix Security Advisory
N23-229 Google Chrome Security Advisory
N23-230 Microsoft security advisory – June 2023 monthly rollup
N23-231 Adobe Security Advisory
N23-232 Microsoft Edge Security Updates
N23-233 MOVEit Transfer Critical Vulnerability
4th - 10th
N23-216 Microsoft Edge Security Advisory
N23-217 Mozilla Security Advisory
N23-218 Android Security Bulletin — June 2023
N23-219 Google Chrome Security Advisory
N23-220 Deviniti for Jira Vulnerability
N23-221 VMware Security Advisory
N23-222 Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability
N23-223 Cisco AnyConnect Secure Mobility Client for Windows Local Privilege Elevation Vulnerability
N23-224 curl below v8.1.0 Information disclosure Vulnerability
N23-225 Cisco ASA-Firepower Threat Defense SSL-TLS denial of service Vulnerability
1st - 3rd
N23-213 Splunk Enterprise multiple Vulnerabilities
N23-214 Progress MOVEit Transfer
N23-215 Barracuda Email Security Gateway Appliances Security Advisory
28th - 31st
N23-209 Wireshark multiple Vulnerabilities
N23-210 Red Hat JBoss Remote DoS Vulnerability
N23-211 Apache Tomcat Vulnerability
N23-212 Google Stable Channel Update for Desktop
21st - 27th
N23-204 Android security updates - May 2024
N23-205 Moxa Security Advisory
N23-206 Hitachi Energy Security Advisory
N23-207 Hitachi Energy’s RTU500 Series Product Security Advisory
N23-208 Ubuntu Security Advisory
14th - 20th
N23-195 IBM May Security Advisory
N23-196 Google Chrome Security Advisory
N23-197 Ubuntu Security Advisory
N23-199 Cisco Security Advisory
N23-200 Cisco Small Business Series Switches Security Advisory
N23-201 Mitel Product Security Advisory
N23-202 Mozilla Foundation Thunderbird Security Advisory
N23-203 Apple Security Advisory - May 2023
7th - 13th
N23-179 Linux Kernel io_uring subsystem Vulnerability
N23-180 Microsoft Security Advisory – May 2023
N23-181 Mozilla Security Advisory
N23-182 Cisco SPA112 2-Port Phone Adapters Security Advisory
N23-183 Intel Security Advisory
N23-184 Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches Security Advisory
N23-185 Cisco StarOS Software Key-Based SSH Authentication Security Advisory
N23-186 Hitachi Energy Advisory
N23-187 Cisco BroadWorks Network Server TCP Denial of Service Vulnerability
N23-188 Cisco Security Advisory
N23-189 Lenovo Security Advisory
N23-190 Red Hat Security Advisory1
N23-191 FortiADC Security Advisory
N23-192 Microsoft Edge Security Updates
N23-193 Adobe security advisory
N23-194 VMware security advisory
1st - 6th
N23-173 Apache Spark UI Vulnerability
N23-175 Apache Superset Session Validation Vulnerability
N23-176 Google Chrome Security Advisory
N23-177 Fortinet Security Advisory
N23-178 Microsoft Azure API Management multiple Vulnerabilities
Resources:
The best protection against all forms of malicious cyberattacks is to arm yourself with the knowledge ahead of time, so when you are faced with these adverse situations you are prepared and ready to respond accordingly.
Read up on the types of malicious cyberattacks you and your colleagues are at risk of falling victim to:
Phishing is a social engineering method most frequently used by cyber criminals to capture personal and/or financial information. It uses email with faked information and takes the user to dangerous websites. Phishing emails are able to fake the sending address and reproduce logos of legitimate senders such as a bank or a government agency.
A phishing email usually has a few common elements:
- It claims to come from a credible organization
- It claims to come from someone familiar
- A tone of urgency that asks the recipient to take immediate action
- A tone of urgency that asks the recipient to take immediate action
- A threat of negative consequences, or the promise of some kind a reward
The goal is to trick a user into divulging personal and/or financial data such as credit card numbers, account user names and passwords or other valuable information. In some situations, the phishing email may trick a user into downloading dangerous malware onto their computer.
How do you guard against Phishing?
Remember that legitimate businesses, financial institutions, and help desks should never ask you for personal or confidential information via email, voice or text message. Be ware of unexpected messages and verify them by contacting. Less sophisticated messages may set off alarm bells because there are misspelled words or faulty grammar. You can ‘hover’ your mouse over a URL to see if it is identical to what is written; if they are different, this is an indicator that the source is probably not legitimate.
In General
- Be careful if the email was unsolicited.
- Be suspicious if the unsolicited email contains spelling errors or incorrect grammar.
- The best practice is to not trust supplied links, especially if received in unsolicited emails; use a reputable search engine to look up the address and/or company names and go from there.
- Do not reply with any personal, confidential or financial information to ‘verify’ your identity.
- Monitor your credit card and bank statements. If you believe you have been a victim of phishing contact your local police to get advice and to file a complaint.
- Do not click on “Unsubscribe” in a spam/ phishing email – this lets the spammers know they have hit a “live” address and you will get more emails of this type.
- If you believe the email communication to be valid, contact the company directly.
- If you are unsure what to do when a suspect email is received, best practice is to delete it.
Read up on the following external resources for a better understanding of phishing emails and how they are composed:
Ransomware is a form of malicious code or malware that infects a computer or network and spreads rapidly to encrypt the data. This malware makes the data inaccessible to the users and the criminals responsible will demand payment from the user in order to have their files unencrypted and returned. The payment is often requested in Bitcoin or other electronic currency. Businesses and individuals worldwide are currently under attack by ransomware. Individuals are reporting incidents in which their systems are frozen while an on-screen message demands payment to have their data returned. Individuals both at work and at home are at risk of these and similar attacks by hackers. Trend Micro researchers anticipate that ransomware will make further grounds in 2018 and that it’s not going away anytime soon.
Steps to lower the risk of infection and to help with recovery
- Make sure all software is kept up-to-date with the latest patches including Windows, web browsers, Java and Adobe.
- Perform regular backups of your data. Ideally, this data should be kept on a different device other than your computer.
- Don’t open links or attachments in emails from untrusted or unknown sources.
- Ensure your anti-virus is up to date.
- Consider using a security application from a reputable company on your mobile device.
- Don’t download or install applications from untrusted or unknown sources.
- Never click on pop-up windows that claim your computer has a virus.
How to protect against a ransomware infection
Be skeptical. Do not click on any emails or attachments you do not recognize, and avoid suspicious websites altogether, such as the ads/links that often appear at the right or the bottom of a website. Do not accept any software updates that are triggered from a website or email. This includes offers of Windows 10, and updates to Java and Adobe Flash.
What to do if your workstation or other network-connected device is infected:
If you receive a ransomware pop-up, or come across a file that prompts you to pay a ransom to regain access to your files, you need to:
- Disable Wi-Fi (if using)
- Disconnect the network cable from the device to try and halt the spread
- Leave the device powered on for investigative reasons
- Go to another workstation and change key online passwords such as online banking
- Report the problem immediately to your IT department
Spyware, a kind of malicious software, can monitor and control your computer without your permission. It
may be used to monitor your internet surfing, record your keystrokes and could potentially lead to identity
theft.
Because spyware is mostly focused on information collection or “spying”, the clues that spyware is on a computer can be difficult to spot. Spyware-like services are also sometimes installed ‘legally’ through the
wording of EULA agreements on social media and legitimate software.
The good news is that consumers can minimize how much of their information is collected by following some simple recommendations.
Recommendations
- Keep your operating system and web browsers updated. Your operating system (like Windows or Linux) may offer free software “patches” to close holes in the system that spyware could exploit.
- Download free software only from sites you know and trust. It can be appealing to download free software like games, peer-to-peer file-sharing programs, customized toolbars, or other programs that may change or customize the functioning of your computer. Be aware, however, that some of these free software applications bundle or hide other programs in the software, including spyware.
- Don’t install any software without knowing exactly what it is. Take the time to read the end-user license agreement (EULA) before downloading any software. If the EULA is hard to find — or difficult to understand — think twice about installing the software.
- Minimize “drive-by” downloads. Make sure your browser security setting is high enough to detect unauthorized downloads, for example, at least the “Medium” setting for Internet Explorer. Keep your browser updated.
- Don’t click on any links within pop-up windows. If you do, you may install spyware on your computer. Instead, close pop-up windows by clicking on the “X” icon in the title bar.
- Don’t click on links in spam that claim to offer anti-spyware software. Some software offered in spam actually installs spyware.
- Install a personal firewall to stop uninvited users from accessing your computer. A firewall blocks unauthorized access to your computer and will alert you if spyware already on your computer is sending information out.
What to do if you suspect Spyware
If you think your computer might have spyware on it, you should take three steps:
- Get an anti-malware program from a vendor you know and trust.
- Set it to scan on a regular basis — at least once a week — and every time you start your computer, if possible.
- Uninstall unused software from your computer. Review and uninstall what you don’t use.
Social Engineering is a way that people use normal social interactions to manipulate people to breach security. It isn’t limited to any technology or system, it can be conversation, texting, body language, or email.
The goals of Social Engineering are typically sensitive or personal information, but it can be used to access secure systems. Social Engineering is used for fraud, identity theft, or can be the prelude to a more serious hack.
Usually Social Engineering plays on a person’s expectations, and emotions. Sometimes it means a person is pretending to be a delivery person, or they could pretend to be frazzled and running late. They play on our gut reactions in order to bypass our reasoning.
There is no single technology or strategy that can defend against social engineering. Each person is the front line against this kind of intrusion. The critical element to protect yourself and your organization is critical thinking.
How to Avoid Being a Victim?
Keep your eyes open and ask yourself questions:
- If someone wants to enter your house, ask yourself if this is really a secure situation? Are you expecting maintenance or a delivery? Is this person from the company that you’d expect?
- Why is someone asking about details about your work? Is this information that could be used
maliciously? - How is this person making me feel? Am I feeling sorry for this person who forgot their keycard? Am I feeling intimitated by this bigshot who demands access and information? Am I feeling like I owe this friendly stranger in the café?
- Does this person really have authority? Have I actually seen any of their credentials?
- Does it make sense for me to be using my financial information in this situation? Am I dealing with a verified and trusted entity?
- Am I communicating in a secure way? Is this connection secure? Can I be overheard?
These questions might give you a sense that something is off about a situation. Be diligent and double-check information. Verify information with a trusted third party. Don’t take everything at face value.
What to do if you think you are a victim?
- If you believe your financial accounts have been compromised, contact your financial institution or credit card company immediately. Watch for any unexplainable charges to your account.
- Document the situation, report the attack to the police and file a report.
- Check your credit report with:
- Equifax Canada – www.consumer.equifax.ca/home/en_ca
- Trans Union Canada – www.transunion.ca
- If you believe you might have revealed confidential or sensitive information about your organization, report it to the appropriate Security or Privacy people within your organization.
In recent years, we’ve seen Social Media networks being used to spread extremism, erode social trust, and influence elections. By changing people’s perception of the world, cyber-propaganda can manipulate the choices of people.
Read on to learn how you can resist cyber-propaganda.
Fake News
Fake news is being used to spread distrust, as well as change public opinion through manipulation. Fake news is hard to spot right away because the world changes at a rapid pace. That means we need to read everything with a critical eye.
Don’t just browse the headlines. When reading articles online, take a moment to ask some questions before sharing:
- Who wrote it?
- Is the site credible?
- Does the evidence support what the author is claiming?
- Is it supported by other articles?
- Does the article serve a different purpose?
False Accounts
Not every user account online is who they claimto be. Foreign governments and cybercriminals have been creating fake accounts to generate conflict on the internet. Many of these accounts will pretend to have an extreme version of an existing opinion in order to break trust and cause further divisions between different political leanings. By creating more conflict, this allows groups to influence public decisions.
Before responding to an online post, check these things first:
- How long has this user been in existence? Fake accounts are usually only used for short periods of time.
- Does this user have a lot of “likes” but not a lot of followers? They could be artificially boosting their popularity.
- Does this user often post links using URL shorteners like bit.ly or tinyurl?
Online Radicalization
Extremist groups use the internet to radicalize and recruit new members into violent and dangerous
movements. You might know someone who is at risk of online radicalization.
Watch for these signs:
- Is the person reposting or linking to radical content? (hate groups, extremist groups)
- Are they withdrawing from their usual social networks?
- Are they exhibiting black-and-white thinking around social topics?
- Is the person expressing extreme anger when faced with disagreement?
What you can do:
- If you feel safe doing so, talk to someone if you’re worried they’re at risk of radicalization
- Report online material promoting terrorism or extremism
https://www.canadiancrimestoppers.org/tips - If you suspect a crime has occurred, report it to your local police force
How to Protect Against Cyber-Propaganda
The propaganda in our social networks can be scary, but we aren’t alone.
Here are some general tips to help resist cyber-propaganda:
- Don’t just debunk, support media that is honest and reliable
- Practice good information security to prevent your accounts from being breached and misused
- Pay attention to those who benefit from the information that you see online
- Use social media responsibly and think critically before you share anything