As the reliance on the internet and digital devices for business and personal use continues to grow, criminals are increasingly attempting to steal information for economic gain. Cybercriminals and fraudsters are becoming more sophisticated, attempting to lure individuals into clicking suspicious links, downloading email attachments, or "connecting" on social media, which are often gateways for stealing sensitive information. Fraudsters may impersonate legitimate organizations like Dtop Universal Carnival, create fraudulent websites, send emails, or make phone calls to solicit money payments. These scams are sophisticated, as the criminals often use real employee names and replicate proprietary documents.

​

Dtop Universal Carnival places great importance on cybersecurity and fraud prevention and has implemented plans and technical controls to protect customer accounts and information. To help improve your personal cybersecurity posture, we provide the following information and guidance on cyber threats to help protect users, partners, and third-party organizations from becoming victims of cyberattacks or fraud scams.

​

Understanding Cybersecurity Threats

Any organization or individual can be a target of cyber criminals. Here are some of the most common tactics and types of attacks employed by these actors:

Malicious Emails and Websites

An unsuspecting e-mail from your bank or favorite retailer may secretly be an attempt to steal your identity or personal information. “Phishing” is a common tactic of cyber criminals that relies on “spoofed” e-mails or fraudulent websites (that look and feel like a well-known website) to collect personal and financial information or infect your machine with malware and viruses. Criminals use this stolen information to commit identity theft, credit card fraud and other crimes. Phishing can also occur by telephone and is becoming increasingly prevalent on social media and professional networking sites.

When you click a malicious link, you may unknowingly install malware on your device. Malware refers to software that is intentionally designed to cause damage to a digital device. The most common form of malware is a virus, which is typically designed to give the criminals who create it some sort of access to the infected devices.  Ransomware is another type of malware that is becoming increasingly prevalent. Ransomware accesses a victim’s files, locks and encrypts them and then demands the victim to pay a ransom to get them back. Ransomware is like the “digital kidnapping” of valuable data – from personal photos and memories to client information, financial records and intellectual property. Any individual or organization could be a potential ransomware target.

Credential-based Attacks

If you use the same username and password combination across different websites or services, you are particularly susceptible to this cybercrime technique where stolen account credentials are used to gain unauthorized access to a user’s various other online accounts. Credential stuffing attacks can often go unnoticed until funds are transferred.

Social Media Impersonation

Criminals are increasingly using social media to build relationships with victims and ultimately steal data. Typically, these actors create fake accounts that appear (and claim) to be official accounts for an individual or organization. Social media impersonation can also refer to the takeover of real accounts. These accounts can be used for phishing activities or causing an individual or a company reputational damage.

​

How You Can Protect Yourself

Establish Secure Email Protocols:Emails continue to be a common entry point for hackers for performing online fraud. Do not click on links or open attachments from suspicious-looking emails. Expand your communication protocol to verify sensitive information, such as wire instructions, in person or by telephone. Generally, Goldman Sachs will never send wiring instructions via email.

Employ Password Management:Use lengthy, unique, and complex passwords — a great first step toward stopping bad actors. In fact, cybersecurity best practices suggest utilizing long, memorable, and hard-to guess passwords such as a favorite song lyric. Avoid reusing passwords. Consider using a password application, such as LastPass, Password or Dashlane to help manage multiple complex passwords.

Enable 2-Step Authentication Measures:Where available, use 2-factor authentication for account login (2FA) a.k.a. two-step verification or multi-factor authentication, commonly done via a PIN sent over text message or email and done most securely when a hardware token or phone application is used. At a minimum, enable this capability for your email, cellular provider, financial websites, password manager, cloud file storage and social media.

Lock Down Social Media:Periodically review and adjust social media account settings to better control who can view the content posted. Hackers and social engineers frequently obtain critical information about a target from social media sources. When posting, always consider how that information can be used against you.

Reduce Your Public Online Footprint:Periodically review all your online accounts. Reduce and/ or obfuscate personal information on the internet, remove unnecessary data, delete unused accounts, and avoid sharing or reusing passwords across accounts to minimize exposure.

Protect Critical Data:Know where all your sensitive personal information is stored. Ensure that your sensitive data is always stored encrypted, to prevent someone from viewing it if your device gets lost or stolen. Also consider having a second encrypted backup of your sensitive data, whether on a flash drive stored in a safety deposit box or in the cloud using a reputable service such as Dropbox, iCloud, or Google Drive.

Protect Your Personal Devices:Configure devices securely, considering what your risks would be if your device were stolen. Use a difficult to guess passcode as a backup to biometric security such as a thumb print or Face ID, and be sure your device is encrypted. Ensure that sensitive data, such as email, does not display on the lock screen.

Update Your Software:Keep all of your software up to date. Apply software updates as soon as possible once they become available. Consider enabling automatic updates where available.

Secure Wi-Fi Access:Be aware that using public Wi-Fi can expose your communications and devices to risk. If you must use public Wi-Fi, consider a virtual private network (VPN) solution to protect your communications — particularly when traveling and using public Wi-Fi at the airport or hotel. Alternatively, consider using a mobile hotspot, to protect sensitive information. At home, use a guest network for visitors.

Freeze Credit Lines:Thwart identity theft and minimize fraud risk with a call to major credit-reporting bureaus Experian, TransUnion and Equifax, as well as Innovis, the unofficial fourth credit bureau, to set a security freeze on your credit reports. Considering signing up for an identity theft protection service such as LifeLock, Kroll, or Experian, which also offers credit monitoring. These suggestions apply to all family members.

​

Understanding Financial Fraud

Financial fraud occurs when someone takes money or other assets from you through deception or criminal activity. Here are some common examples of financial fraud:

Investment Scams

Investment scams involve enticing you or your business into financial transactions with promises of dubious financial opportunities. To execute these scams, fraudsters typically make contact via email, websites, or phone calls, presenting opportunities, and often go to great lengths to gain the trust of the victim, even making them believe they may be in a genuine relationship. These offers often involve low-risk, high-return investments, which typically sound "too good to be true" because they often are! To assess whether you are a target of an investment scam, you should consider:

1. How are you contacted? Any contact with Dtop Universal Carnival will come from an official document's publicly disclosed email address (not from a free email account).

2. Have I found business investment opportunities through websites unrelated to Dtop Universal Carnival? For example, comparison websites.

3. Have I provided my personal information on websites unrelated to Dtop Universal Carnival?

4. Has anyone contacted me via sales calls or emails, offering low-risk, high-return investment opportunities?

5. Do the emails or documents contain a large number of spelling errors or printing errors?

6. Have I provided identity documents or address proof with photos? If so, consider informing the issuing organizations and contacting anti-fraud services in your area.

7. Have I been pressured to make transfers to avoid missing out on opportunities?

Identity Theft

Identity theft occurs when someone steals your personal information and uses it without your permission. Examples of how your information may be used include opening bank accounts, applying for credit cards and loans, or applying for government benefits and documents in your name.

While there are no definitive rules on how to protect yourself from identity theft, in addition to the good cybersecurity practices listed above, you can also protect yourself by:

1. Do not share your personal data with anyone or any website you are not familiar with.

2. Securely dispose of unnecessary documents, such as utility bills or bank statements.

Business Email Compromise

Business Email Compromise (BEC) scams refer to cybercriminals infiltrating legitimate business or individual email accounts to intercept communications between victims and their business partners or to conduct unauthorized fund transfers. Fraudsters often tend to intercept email wire transfer instructions from investment firms, real estate agencies, and art dealers, then impersonate trusted sources.

In addition to the good cybersecurity practices listed above, you can also protect yourself by:

1. Confirm payment instructions verbally (rather than via email) with the recipient.

2. Be alert to unusual circumstances when receiving sudden changes in transfer instructions or payment information via email.

​