Blog

Deidre Frith 8/11/17 Deidre Frith 8/11/17

TECHNOLOGY SCAMS IN YOUR MAILBOX

You probably don’t remember signing up, but it’s just one of a hundred and ten things related to technology you probably don’t think about too often. This letter is designed to trick you into parting with some money, in this case, $228.00.

DID I FORGET TO PAY AN INVOICE?

To the unsuspecting, the above image looks like a legitimate invoice. You probably don’t remember signing up, but it’s just one of a hundred and ten things related to technology you probably don’t think about too often. This letter is designed to trick you into parting with some money, in this case, $228.00.

WHAT EXACTLY ARE THEY SELLING?

Just what they say, a website listing service. If you pay them, they will list your business on their own website. That’s it. This has no value for any business but theirs.

If you read this letter carefully, they do clearly state that you don’t have to do this, but most everything else is geared towards convincing you into sending them a check. We saw a rash of these misleading business practices a few years ago and just got wind of one today that we wanted to share as a reminder to be on your toes. I note that the wording has changed a bit since the last time I encountered this, probably due to lawsuits. It even says that this is a solicitation, something new for this year.

I logged onto the website and while a legitimate website and business (albeit worthless,) it is unfortunate that close to 10,000 businesses have fallen for this, which comes to close to 3 million dollars – I can see why this unsavory business is still around and still hunting suckers.

A WORD OF ADVICE

Our advice to our clients regarding any solicitations regarding their domain name, website, internet marketing, social media, computers, technology support, and the like, that you are not 100% sure is legitimate is to contact us before you commit to anything so that we can make sure someone isn’t trying to scam you.

*Some older versions even say that they are Accredited by the Better Business Bureau, but they aren’t.

Deidre Frith 6/16/17 Deidre Frith 6/16/17

Masked Email Targets CEO

It seems as if every week, sometimes every day, we hear about a data breach somewhere. I had an attempted breach hit really close to home just recently. Here’s what happened:

Our controller received an email that she had every reason to believe was from me. My email address was spelled properly and the extension was correct. Inside the email, the request was short and straightforward; the sender asked what information was needed to initiate a wire transfer and it was signed with my first name. The controller did note that there was no email signature as we sometimes use, but internally I don’t always include that on my emails to her.

She responded to the request and very shortly received a second email instructing her to proceed with the sizeable wire transfer. I was out of the office that day so she assumed that I was in a rush for the money. However, at the very last minute, as she thought about the wording in the email, she said that it “just didn’t sound like me.” The wording was too terse, too abrupt and there were no “please” or “thank you’s” as she and I usually include in our requests to one another. She picked up the phone and called me. The wire transfer was stopped.

The sender had masked his/her email address so that it appeared as an email from me. Had our recipient hovered over the address, she might have been able to see the actual sender’s address. In this case, however, this employee listening to that tiny voice in her mind saying that something wasn’t quite right is what saved the day. This is the level of vigilance we must all maintain to keep our environments safe.

When in doubt, no matter how small, check it out.

-Elaine Taylor, RealTime CEO

Deidre Frith 6/5/17 Deidre Frith 6/5/17

DEFEND YOURSELF WITH AN UNHACKABLE PASSWORD

One of the easiest ways to protect yourself from hackers is to use a strong password. Human nature tells us to use the same or similar passwords across different applications; and given a choice, most of use would use something very simple that we could easily remember.

This, however, leaves you open to attacks. Hackers like to use "guessing" - a technique in which they repeatedly guess words or phrases using your children's names, sports teams, etc. There is also an automated program that hackers use called an Online Dictionary Attack. Here, the program attempts to log on using a different word from the text file on each try. These are only two ways that hackers attack your system but there are many, many more. The best method of defense is to learn to create a password that is safe and you can remember.

THINGS NOT TO USE IN YOUR PASSWORD

Your Birthday
Any part of your name
Your mother's maiden name
Names of your children or pets
City where you were born
Local sports teams
Any part of your address

TIPS ON CREATING A SECURE PASSWORD

Replace a letter with the same character every time you make a password. EXAMPLE: Use % instead of an A
Use a minimum of 9 characters
Make sure to include upper and lower case letters, numbers and symbols.

Attacks can be slowed down significantly through the use of strong passwords.

Deidre Frith 5/15/17 Deidre Frith 5/15/17

"WannaCry" RANSOMWARE TAKES ADVANTAGE OF WINDOWS VULNERABILITY

The ransomware, called "WannaCry," locks down all the files on an infected computer and asks the computer's administrator to pay in order to regain control of them. The exploit was leaked last month as part of a trove of NSA spy tools.

WHAT IS HAPPENING?

The ransomware is spread by taking advantage of a Windows vulnerability that Microsoft (MSFT, Tech30) released a security patch for in March. But computers and networks that hadn't updated their systems were still at risk.

In the wake of the attack, Microsoft said it had taken the "highly unusual step" of releasing a patch for computers running older operating systems including Windows XP, Windows 8 and Windows Server 2003.

"Affected machines have six hours to pay up and every few hours the ransom goes up," said Kurt Baumgartner, the principal security researcher at security firm Kaspersky Lab. "Most folks that have paid up appear to have paid the initial $300 in the first few hours."

Sixteen National Health Service (NHS) organizations in the UK have been hit, and some of those hospitals have canceled outpatient appointments and told people to avoid emergency departments if possible.

When CNNTech first reported the Microsoft vulnerabilities leaked in April, Hickey said they were the "most damaging" he'd seen in several years, and warned that businesses would be most at risk.

HOW TO PROTECT YOURSELF

Consumers who have up-to-date software are protected from this ransomware. Here's how to turn automatic updates on.

READ THE FULL ARTICLE

*This blog post is excerpts from the original article on money.cnn.com

Deidre Frith 5/11/17 Deidre Frith 5/11/17

5 TYPES OF SOCIAL ENGINEERING SCAMS

With the recent phishing scam using Google Docs, phishing is a word on everybody's lips. Educating yourself and your employees to understand all the different types of cyber threats is important and how to avoid them is crucial to keeping your company and personal information secure. In today's blog, we'll cover the 5 different types of social engineering scams.

PHISHING

This is the leading tactic used by today’s ransomware hackers, usually delivered in the form of an email, chat, web ad or website designed to impersonate a real system and organization. The message within these emails often appears to be from the government or a major corporation; it can include corporate logos and/or other legitimate-looking branding and is often written in a way to deliver a sense of urgency and importance.

QUICK TIP: You should never click through the offered link or hit reply unless you are 100% certain that an email is legitimate.

BAITING

Like phishing, baiting involves the offer of something enticing in exchange for private data. The “bait” comes in many forms: it could be digital, such as a music or movie download, or it might be physical, such as a jump drive left out on a desk for an end user. Once the bait is taken, malicious software is delivered directly into the victim’s computer.

QUICK TIP: Never insert any item into your computer that you "found" to see what is on the drive.

QUID PRO QUO

Quid pro quo is also a request for the exchange of private data but in this scheme, the enticement is a service. For example, an employee might receive a phone call from the hacker posed as a technology expert offering free IT assistance in exchange for login credentials.

QUICK TIP: Never give out your login credentials to anyone, especially to someone you don't know over the telephone.

PRETEXTING

When a hacker creates a false sense of trust between him/herself and an end user by impersonating a co-worker or an authority figure within the company to gain access to private data, this is known as pretexting. For example, a hacker may send an email or a chat message posing as the head of IT Support who needs private data to comply with a corporate audit (that isn’t real).

QUICK TIP: Don’t give out your personal information on the phone, via email or snail mail unless you’ve initiated the contact or unless you’re sure it’s safe. Pretexters are especially interested in information such as your SSN, mother’s maiden name, pet or child’s name, bank, brokerage and credit card account numbers, and phone company.

TAILGATING

Tailgating is the most face-to-face cyber threat: a scam artist physically enters your business through the front door. Often these hackers will try to befriend an employee or will ask a person with access authorization to hold the door open claiming they’ve forgotten their RFID card. In this way, they gain access into a restricted area and can steal valuable company secrets and /or wreak havoc on your IT infrastructure.

QUICK TIP: Never hold the door open to a secure building for someone you don't work with directly.