The Eleven Types Of Phishing Attacks You Need To Know To Stay Safe

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Like Darwin’s finches, phishing has evolved from a single technique into many specialized tactics, each adapted to specific targets and technology. First described in 1987, phishing is now carried out via text, phone, advertising and, of course, email.

Boiled down, all of these tactics exist for the same purpose – to steal confidential information from an unsuspecting target in order to extract something of value.

Knowing about the hugely diverse set of today’s phishing tactics can help you be more prepared for the inevitable instance when you become the target.

Standard phishing – casting a wide net
At its most basic, standard phishing is the attempt to steal confidential information by pretending to be an authorized person or organization. It is not a targeted attack and can be conducted en mas. [Read more…]

Is Your Network Stealing Your Staff’s Time?

Jason Cooley is Support Services Manager for Tech Experts.

At some point in the last six months, maybe you’ve been on a Zoom call or chatting away in Microsoft Teams and wondered what would have happened if Covid had come along in the 1980s or even 1990s.

Let’s be honest… the world would have totally shut down. Business would have completely ground to a halt. We couldn’t have done the last six months without the amazing technology that we now totally take for granted.

Depending how old you are, what we can do easily today was literally the stuff of dreams just 20 years ago.

But as much as great IT has made working from home easier and enabled many businesses to keep going, we also must remember that bad IT can still be a massive time thief.

We’ve all become so reliant on computers that we’ve forgotten how to perform simple tasks ourselves. And we go into panic mode when they stop doing what we expect of them.

Most businesses find that even the most committed staff in the world will jump at the chance for a little bit of office down time. So, when computers aren’t doing their job that’s a great opportunity to down tools and do very little.

If they’re in the office, people sit around chatting or go home early, while every second your business is losing money.

That’s not to say that all employees want to take the easy way out. There will be others who like a challenge and want to try their best to make things better, using their own limited IT knowledge or good old Google to guide them.

Unfortunately, IT set ups are complex. And if you don’t really know what you’re doing you could end up digging a far bigger hole for you and your entire organization.

Well-meaning staff, no matter how lovely and helpful they might be, can cause more problems than you could ever imagine.

Just like you wouldn’t want someone who did a biology class 20 years ago to perform open heart surgery on you, you really don’t want someone who’s just watched a couple of YouTube tutorials fixing your business’s computer system.

This is what we do, day in, day out. And we’re the local experts.

If you want to ensure that your workforce doesn’t grind to a halt when things stop running smoothly, it pays to invest in experts who can:

a) Stop most things from going wrong in the first place, and
b) When they do go wrong, get you back on track quickly and reliably

That means minimal downtime, less chatting and more getting things done.

What Exactly Is The Cloud? And Is It Safe?

It’s the kind of question you’d think would be easy to answer, until someone asks you: What exactly is the cloud?

Put simply, it’s using someone else’s computers over the internet to do things we used to do in our own computers. Like run software or store data.

When you run software in a tab in your browser, that software is still running on a computer… it’s just not your computer. That means you can run very powerful applications without needing a powerful computer. Excellent!

So, is the cloud safe? The answer is that it depends.

While there’s no technology that is 100% safe – working with the larger cloud providers is often safer than running things on your own network. Simply because they have dedicated teams of security experts.

You should also focus on making sure your business’s use of the cloud is safe too. Such as by:

• Never ever sharing logins (even amongst your team members)

• Making sure you use randomly generated passwords protected by a password manager, and

• Keeping all devices 100% up-to-date at all times with Updates and Next-Gen Anti-Virus tools

Password Security: Lock Your Digital Doors Too

Password security may not be on the forefront of everyone’s minds – but it’s more important and easier than ever.

Password security issues have been going on for a long time. Back in November 2014, a webpage started livestreaming security cameras from around the world that had not updated the default credentials. In the US alone, there were over 11,000 cameras livestreaming; a year later in December 2015, there were still almost 6,000 cameras live. [CSOonline.com]

Then in December 2019, many Ring camera accounts were hacked – not with default passwords this time, but actual hacks on accounts without two-factor authentication. [vice.com]

What exactly is two-factor authentication? Two-factor authentication means a second confirmation after your password. This second method is often sent to your cell phone as a text or through an app, which you then input or confirm. Many banks require this, but there are also lots of other sites which have it as an option, like Ring.

While many people see this as an inconvenience, it is a safety feature and it’s becoming the new standard for security.

A good analogy for this is a deadbolt on your door. Your door handle has a working lock, but it is not too hard to get through that lock.

As a second security method, you turn your deadbolt to make it much harder to access your home. That is your physical two-factor authentication – and if it is important enough for entry physically into your home, it should be important for virtual access as well.

Even if you do not have two-factor authentication, at least changing the default passwords and using different passwords across all your accounts are vital steps to more secure accounts. While it’s very convenient to have one password for all your accounts, it also means that if one account is compromised, they are all compromised.

If a hacker gains access to an account and you use the same password for your email, they can “verify” account ownership and change your passwords to lock you out.

That’s why your method of two-factor has to be secure too. If you have verification codes sent to your email and your email password is “password,” that second factor is not helping. It’s just a second “door” that a hacker can walk right through. Not much of a defense.

Going back to the importance of changing default passwords, most of us own a lot of devices in our house that are network-connected. And it is very easy to plug them in, take all the defaults, and go on with your day.

If you live in an area with a lot of neighbors nearby, take a look at the wireless networks you can see.

From my desk at work, I can see over ten networks that are outside of our office. The signals from unsecure devices aren’t kept within the walls of your own home.

A quick Google search can tell you the default username and password of almost anything, including unsecure devices that might be in your own home. In the Symantec Internet Security Threat Report for 2019 [https://docs.broadcom.com/doc/istr-24-2019-en], 60 percent of the IOT attacks (Internet of Things – meaning everything Internet-connected) used a username of “root” or “admin” and over 40 percent of the attacks used a password of “123456” or left that field blank. Not the work “blank” – an actual password of nothing.

People almost always worry about security in some form: we lock our cars, our houses, our cell phones. The same philosophy should be applied to our technology.

Take the time to change your passwords, use varying passwords, and change them periodically. It does not take much of a hacker if we don’t bother to lock our own doors.

Do We Have A Connection Here Or What?

Most businesses are heavily reliant on the internet. Everything is cloud-based and streamed. And it’s especially important now we have more people working from home than ever before.

Without the Internet, those Zoom chats wouldn’t work. We’d spend the day with a mobile phone glued to our ear, and probably with chronic neck ache. Ouch.

So how do you cope if one or more of your remote workers has a poor Internet connection? That can quickly become a frustrating experience for everyone.

Your first port of call would be to run a speed test and then shop around. Find out which providers offer the best speed in their area.

And if they need to, switch. You might choose as a business to financially help them with upgrading their home Internet.

If that’s not an option, then we need to get a little more creative. In extreme cases, you can look at alternatives such as satellite Internet, or a Wi-Fi router that uses 4G.

You can also check their Wi-Fi router to see if an upgrade would be beneficial. And there are things called range extenders that boost the Wi-Fi to reach different parts of their home.

If you’re not sure what you’re looking for or could use some advice on helping your staff get more done from home, call us.

Planning Tips: Don’t Wait Until After Disaster Strikes

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Fun fact. Did you know that floods and droughts kill far more Americans a year than earthquakes, tornadoes, and hurricanes? In 2019, the US recorded 1,520 tornadoes and 1,126 in 2018. So far, 2020 is showing a downward trend with only 602 tornadoes in May compared to May of 2019, which had 932.

What is even more surprising is when you look at the Insurance Information Institute’s data of events for 2019, the events that caused the most deaths and damage to the respective communities were actually severe thunderstorms and winter storms.

If there is anything that is guaranteed when it comes to severe weather it is that your business will be affected by one. The when, what and how are the unknowns.

In order to protect your business from these events, you need to have a process in place before you find yourself on the wrong side of a significant weather event. [Read more…]

This Is Now The Biggest Crime Risk To Your Business

Jason Cooley is Support Services Manager for Tech Experts.

If someone asked you to take a wild guess at the world’s biggest crime, what do you think? Burglary maybe? Common assault? Or perhaps you might take a more humorous approach and suggest man buns or women with ridiculous eyebrows?

Well, you might be surprised (and a little concerned) to find out that the most commonly reported crime right now is actually online fraud, AKA cybercrime.

With one in ten people falling prey to Internet fraudsters and over five million cases reported every year, cyber criminals are very real predators that can have a devastating effect on your personal life, your business, and your credit rating.
And these figures are just the tip of the iceberg. Many more cybercrimes are believed to go unreported because victims feel too embarrassed to let on that they’ve been duped by a stranger sitting behind a keyboard.

The digital age comes with lots of well documented pros and cons. We can now work from anywhere in the world and stay constantly connected, but that has an added effect on our personal lives and stress levels.

Cybercrime costs billions of dollars every year. That’s an obscene amount of money by anyone’s standards. And the really scary thing is that the ever- increasing industry called data theft is now relatively easy for anyone to get involved in.

Gone are the days of 1980s sci fi movies, where computer hackers were dark, mysterious and possessed savant-like levels of intelligence.

Today anyone with the inclination and $50 to spend can pick up a powerful piece of software that will enable them to hack into your computer systems and wreak havoc.

Funnily enough – the best way to be 100% sure a hacker can’t break into your business is to not use computers. We all know that’s not possible. The second best way is to make sure you have next generation cybersecurity protection and tools in place.

Call us today at (734) 457-5000 or email at info@mytechexperts.com to chat about your cybersecurity coverage.

Are You Using Multi-factor Authentication Yet?

Robust security is key for storing data. Cyber-criminals are targeting all businesses all the time, using clever automated tools to sniff out weaknesses they can exploit. Don’t make it easy for them.

Multi-factor authentication gives you another level of security when logging into apps.

What is it? You’ve probably used it when you log into your bank account. You enter your password, then on the next screen, you click to have a code texted to your phone, which you enter as a second, single-use password.

The thing is, it’s not just for your bank. You can use it to access many applications.

It’s simple to set up, and you can use it for any account that holds data you’d rather not fall into the wrong hands.

There are lots of different ways to do multi-factor authentication to protect your business’s data:

• The text message approach: That’s lots better than nothing, but is the least secure multi-factor authentication
• Generate a code on your cell phone: This is better
• Have a special small USB device that must be plugged into your laptop

If you’re unsure how to set this up, please give us a call at (734) 457-5000. We’d love to help.

Buyer Beware: New Phishing Scams Appearing On Craigslist

Craigslist email scams come in many shapes and forms, but in general, a Craigslist email scammer is known to do at least one of the following things:

● Ask for your real email address for any reason at all.
● Insist on communicating by email only (using either your Craigslist email or your real email).
● Send you fake purchase protection emails that appear to be from Craigslist itself.

Asking for your real email address
Scammers might ask you for your real email address for any of the following reasons:

The scammer claims they want to send payment via PayPal. Scammers posing as buyers might try to talk you into accepting online payments, such as those via PayPal.

Once you give your PayPal email address to the scammer, however, they can easily send you a fake PayPal confirmation email to make you think that they paid when they really didn’t.

The scammer claims they use a third-party to securely handle the payment. Similar to the PayPal scenario above, a scammer (posing as either a buyer or a seller) might ask for your real address so that they can send a fake email that appears to come from an official third party.

These types of emails typically are cleverly designed to look like they offer a guarantee on your transaction, certify the seller, or inform you that the payment will be securely handled by the third party.

The scammer intends to send you multiple scam and spam messages. A scammer who asks for your real email address might be creating a list of victims they’re targeting to hack their personal information.

They could be planning to send you phishing scams, money or lottery scams, survey scams or even social network scams.

Insisting on communicating entirely by email
Scammers might insist on talking exclusively by email for any of the following reasons:

The scammer can’t speak to you by phone or meet up in person. Many Craigslist scammers operate overseas and don’t speak English as their first language, which is why they prefer to do everything via email. If they’re posing as a seller, they almost definitely don’t have the item you’re trying to buy and are just trying to get your money.

The scammer is following a script and has an elaborate personal story to share. Scammers use scripts so that they can scam multiple people. If they’re posing as a buyer, they might refer to “the item” instead of saying what the item actually is.

Since English is typically not most scammers’ first language and they operate around the world, it’s very common for them to misspell words or use improper grammar. And finally, to back up why they can’t meet up or need payment immediately, they’ll describe in detail all the problems they’re currently facing/have faced in order to get you to sympathize with them.

The scammer is looking to pressure you to make a payment, or wants to send a cashier’s check. Using their elaborate story, the scammer who’s posing as a seller might ask you to make a deposit via a third party such as PayPal, Western Union, MoneyGram, an escrow service, or something else.

They might even convince you to make multiple payments over a period of time, looking to extract as much money from you as possible before you realize you’re not getting what you’re paying for.

On the other hand, the scammer who’s posing as a buyer might offer to send a cashier’s check, which will likely be discovered as fraudulent days or weeks later.

Beware of anyone who tells you they’re in the military. This is a strong sign of a scam.

Sending fake purchase protection emails
Scammers have been known to send protection plan emails that appear to be from Craigslist. Of course, Craigslist doesn’t back any transactions that occur through its site, so any emails you receive claiming to verify or protect your purchases via Craigslist are completely fake.

The most important thing you can do to avoid getting involved in a Craigslist email scam is to never give away your real email address to anyone you’re speaking to from Craigslist.

Three Ways To Avoid Work From Home Burnout

The lines between work and non-work have blurred for so many people. For those who are still working from home (WFH), they may now be in their sixth consecutive month where there’s little balance between what they do professionally and personally.

Because when the work is sitting there in your personal space, it’s far too easy to work early or late – or both. Accidentally spotting that “urgent” email just before you’re about to go to bed really is incredibly damaging.

Added pressures of childcare have made this worse. Some parents feel that working all hours is the only way they can make up for the perceived reduced quality in their work.

The stress of constantly working (or constantly thinking about work) is dangerous. Our bodies and minds simply aren’t designed to be “on” all the time.

This is bad for our mental health. Which can easily have a negative effect on our physical health too. As IT specialists, we’ve been working remotely for years. Here are our top 3 suggestions to avoid WFH burnout.

1) Have physical ways to transition from personal you to work you, and back again. The easiest way to do this is with a dedicated workspace that’s strictly only used for work.

Even a specific seat at a table can be dedicated to work, even if you sit in other seats to do other things, like eat or play games. Some people dress for work each day, so they can change their clothes to mark the end of the working day.

2) Set strict work hours and stick to them. 9 to 5 might be impossible, but you can still have set work times, even if they’re scattered throughout the day. Make sure your family knows when you’re working. This is where having a set physical space can really help. In your non-work hours, make sure you only do non-work things. And do not check your email!

3) Prioritize what really matters: The other downside of sitting surrounded by work all the time is that there’s always something else that can be done. There’s no point working on minor tasks at 11pm at night, because the chances are, you’re not actually achieving anything meaningful. Assume you have 3-4 hours of truly productive time each day. And make sure you get and stay organized to achieve the most important things in this time.