What Are The Newest Phishing Attacks?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Phishing is a term adapted from the word “fishing.” When we go fishing, we put a line in the water with bait on it, and we sit back and wait for the fish to come along and take the bait. Maybe the fish was hungry. Perhaps it just wasn’t paying attention. At any rate, eventually a fish will bite, and you’ll have something delicious for dinner.

How Does Phishing Work?
This is essentially how cyber phishing works. Cybercriminals create an interesting email, maybe saying that you’ve won a $100 gift certificate from Amazon. Sound too good to be true? Find out! All you have to do is click the link and take a short survey.

Once you click the link, a virus is downloaded onto your system. Sometimes it’s malware, and sometimes it’s ransomware. Malware includes Trojans, worms, spyware, and adware. These malicious programs each have different goals, but all are destructive and aimed at harming your computers. [Read more…]

How To Reduce Pop-Ups And Other Browser Best Practices

Jason Cooley is Support Services Manager for Tech Experts.

One of the most annoying things about browsing the web are pop-ups. Depending on your browser, your ability to limit or block pop-ups is probably built-in. If it’s not, there is definitely an extension for that purpose.

There are also other ways to ensure you have the best and fastest browsing experience possible.

Before we get into which browsers have which kind of pop-up blocker, let’s examine a fact. Pop-ups are annoying, but not always intrusive or unwanted.

There are instances where I need a pop-up from a site as it may be an internal page that has been requested or a log-in box. This can be frustrating as we may not know a pop-up is coming from a link. It may appear that nothing has happened.

So how do you know? The best practice and safest way is to allow pop-ups from sites you trust (as needed).

Say you’re on your banking site and you click log-in. Normally, a pop-up log-in box is displayed, but nothing happens. The pop-up has been blocked.

In the browser, you can enable this webpage to allow pop-ups, thus restoring your access and keeping you secure in the process.

In addition to pop-ups, users must also be on the lookout for pop-under windows. These are typically pages that open with other pages, like a tag along. They also frequently occur when attempting to leave a web page. They pop underneath other windows, hence the name. In most cases, pop-up blockers will stop most pop-unders.

So what about the browsers? Well, let’s just cover the Big Three: Chrome, Edge, and Firefox.

These browsers all come with a built-in pop-up blocker – all of which can be enabled in the settings page of the browser.

In most cases, these will do what you want them to: stop pop-ups. However, there are some instances where pop-ups or pop-unders make it through. There are third party extensions for most browsers that will typically offer more security.

Now that these pop-ups are handled, what else can we do to make a better browser experience? There are a few things you can do to perform sort of “maintenance” on your browser.

Clearing your cache (stored data) can help a website that doesn’t want to load very quickly. Most people know about clearing your browsing history, but there are other clean-up methods available.

There are a few different types of stored data associated with browser use. Some of this is background information, temporary data, passwords, and preferences. You can choose which parts to remove, so you can still keep your saved information without having to reenter it.

Another quick and easy tune up process is to remove any unused browser extensions. This can help with basic browser speed and performance.

Maintaining a generally healthy system is also a key to browser speed. Malware and adware can often specifically affect browsers. Any malware affecting the entire system would affect your browsing speed as well.

The best practice you can have is to use a strong antivirus and scan your computer regularly. There are many factors at play and paying attention to all of them is key to the best browsing experience.

New Whaling Schemes: CEO Fraud Continues To Grow

In previous years, the first clue that your corporate email has been compromised would be a poorly-spelled and grammatically incorrect email message asking you to send thousands of dollars overseas.

While annoying, it was pretty easy to train staff members to see these as fraud and report the emails. Today’s cybercriminals are much more tech-savvy and sophisticated in their messaging, sending emails that purport to be from top executives in your organization, making a seemingly-reasonable request for you to transfer funds to them as they travel.

It’s much more likely that well-meaning financial managers will bite at this phishing scheme, making CEO and CFO fraud one of the fastest-growing ways for cybercriminals to defraud organizations of thousands of dollars at a time.

Here’s how to spot these so-called whaling schemes that target the “big fish” at an organization using social engineering and other advanced targeting mechanisms.

What Are Whaling Attacks?

Phishing emails are often a bit more basic, in that they may be targeted to any individual in the organization and ask for a limited amount of funds.

Whaling emails, on the other hand, are definitely going for the big haul, as they attempt to spoof the email address of the sender and aim pointed attacks based on information gathered from LinkedIn, corporate websites and social media.

This more sophisticated type of attack is more likely to trick people into wiring funds or passing along PII (Personally Identifiable Information) that can then be sold on the black market. Few industries are safe from this type of cyberattack, while larger and geographically dispersed organizations are more likely to become easy targets.

The Dangers of Whaling Emails

What is particularly troubling about this type of email is that they show an intimate knowledge of your organization and your operating principles. This could include everything from targeting exactly the individual who is most likely to respond to a financial request from their CEO to compromising the legitimate email accounts of your organization.

You may think that a reasonably alert finance or accounting manager would be able to see through this type of request, but the level of sophistication involved in these emails continues to grow. Scammers include insider information to make the emails look even more realistic, especially for globe-trotting CEOs who regularly need an infusion of cash from the home office.

According to Kaspersky, no one is really safe from these attacks — even the famed toy maker Mattel fell to the tactics of a fraudster to the tune of $3 million. The Snapchat human resources department also fell prey to scammers, only they were after personal information on current and past employees.

How Do You Protect Your Organization From Advanced Phishing Attacks?

The primary method of protection is ongoing education of staff at all levels of the organization. Some phishing or whaling attacks are easier to interpret than others and could include simple cues that something isn’t quite right. Here are some ways that you can potentially avoid phishing attacks:

  • Train staff to be on the lookout for fake (spoofed) email addresses or names. Show individuals how to hover over the email address and look closely to ensure that the domain name is spelled correctly.
  • Encourage individuals in a position of leadership to limit their social media presence and avoid sharing personal information online such as anniversaries, birthdays, promotions and relationships — all information that can be leveraged to add sophistication to an attack.
  • Deploy anti-phishing software that includes options such as link validation and URL screening.
  • Create internal best practices that include a secondary level of validation when large sums of money or sensitive information is requested. This can be as simple as a phone call to a company-owned phone to validate that the request is legitimate.
  • Request that your technology department or managed services provider add a flag to all emails that come from outside your corporate domain. That way, users can be trained to be wary of anything that appears to be internal to the organization, yet has that “external” flag.

There are no hard and fast rules that guarantee your organization will not be the victim of a phishing attack. However, ongoing education and strict security processes and procedures are two of the best ways to help keep your company’s finances — and personal information — safe from cyberattack.

Inside The Anatomy Of The Human Firewall

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Each year, around 61% of small businesses become the victims of a malware attack. While many small businesses may think no one would ever come after them because of their size, know that over half of the total global attacks hit small businesses and, for thieves, getting access to your systems is becoming increasingly lucrative.

Companies collect more about customers than ever before: medical history, financial records, consumer preferences, payment information, and other confidential information.

Some of this information could be used in malicious ways to either harm your business or directly harm the customers, so we all understand that we must protect it from cyberattacks.

Creating a human firewall is the best way to keep your system and data safe, but what exactly is a human firewall, why do you need one, and how can you build one? Let’s take a look! [Read more…]

What Are The Top Cybersecurity Trends For 2019?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Several events in 2018 brought cybersecurity to the forefront of public consciousness, as major sectors– from financial institutions to Facebook– were affected by cybercrime.

According to Forbes, 34 percent of US consumers had their personal information compromised in 2018. Security experts and business leaders are constantly looking for ways to keep two steps ahead of hackers.

Cybersecurity trends for 2019 are a popular topic. Here is what’s anticipated this year in the cybersecurity realm.

Tougher regulations
As digital capabilities are rapidly gaining a worldwide foothold, data is becoming our most highly-valued commodity. [Read more…]

Inside The United States Of Cybersecurity

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Last year, Alabama and South Dakota passed laws mandating data breach notification for its residents.

The passage meant all 50 states, the District of Columbia and several U.S. territories now have legal frameworks that require businesses and other entities to notify consumers about compromised data.

All 50 states also have statutes addressing hacking, unauthorized access, computer trespass, viruses or malware, according to the National Conference of State Legislatures (NCSL). Every state has laws that allow consumers to freeze credit reporting, too.

While those milestones are notable, there are broader issues when it comes to legislative approaches to cybersecurity across the United States. There are vast discrepancies and differences among states when it comes to cybersecurity protection. [Read more…]

Top 5 Cybersecurity Predictions For 2019

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Cyber threats are a genuine danger for businesses, no matter their size or industry. Companies that face data breaches are likely to fail within months after the attack, according to the National Cyber Security Alliance. Security issues can ruin your reputation and cause expensive damage to your company.

In 2019, we are already predicting increased cyber crimes to steal more data and resources. The FBI reported that over $1.4 billion in losses were experienced by companies and individuals in 2017.

These expenses come from increasing security, losing information, losing physical resources, ransomware payouts, scams and more. The most significant sources of cybercrime included: [Read more…]

HTTPS And Why The Internet Still Isn’t Secure

Frank DeLuca is a field technician for Tech Experts.

HTTPS stands for “Hyper Text Transfer Protocol Secure” and it is the secure version of HTTP, the protocol over which data is sent between your browser and the website you’re connected to.

Most web traffic online is now sent over an HTTPS connection, making it “secure.” In fact, Google now warns that unencrypted HTTP sites are “Not Secure.”

So why is there still so much malware, phishing, and other dangerous activity online?

“Secure” Sites Have a Secure Connection

In previous iterations of Chrome, it used to display the word “Secure” along with a green padlock in the address bar when you were visiting a website using HTTPS. Modern versions of Chrome simply have a little gray padlock icon next to the navigation bar, without the word “Secure.”

That’s partly because HTTPS is now considered the new baseline standard. Everything should be secure by default, so Chrome only warns you that a connection is “Not Secure” when you’re accessing a site over an HTTP connection.

The reason for the removal from displaying the word “Secure” is that it may have been a little misleading. It may have easily been misconstrued to appear like Chrome was vouching for the contents of the site as if everything on the page is “secure.” But that’s not true at all. A “secure” HTTPS site could be filled with malware or phishing attempts.

HTTPS Does Not Mean A Site is “Secure”

HTTPS is a solid protocol and all websites should use it. However, all it means is the website operator has purchased a certificate and set up encryption to secure the connection.

For example, a dangerous website full of malicious downloads might be delivered via HTTPS. The website and the files you download are sent over a secure connection, but they might not be secure themselves.

Similarly, a criminal could buy a domain like “www.bankofamerica.com,” get an SSL encryption certificate for it, and imitate Bank of America’s real website. This would be a phishing site with the “secure” padlock, but again, it only refers to the connection itself.

HTTPS Stops Snooping and Tampering

Despite that, HTTPS is great. This encryption prevents people from snooping on your data in transit, and it stops man-in-the-middle attacks that can modify the website as it’s sent to you. For example, no one can snoop on payment details you send to the website.

In short, HTTPS ensures the connection between you and that particular website is secure. No one can eavesdrop or tamper with the data in-between.

HTTPS Is An Improvement

Websites switching to HTTPS helps solve some problems, but it doesn’t end the scourge of malware, phishing, spam, attacks on vulnerable sites, or various other scams online.

However, the shift toward HTTPS is still great for the Internet. According to Google’s statistics, 80% of web pages loaded in Chrome on Windows are loaded over HTTPS. Plus, Chrome users on Windows spend 88% of their browsing time on HTTPS sites.

This transition does make it harder for criminals to eavesdrop on personal data, especially on public Wi-Fi or other public networks. It also greatly minimizes the odds that you’ll encounter a man-in-the-middle attack on public Wi-Fi or another network.

It’s still no silver bullet. You still need to use basic online safety practices to protect yourself from malware, spot phishing sites, and avoid other online problems.

October Is National Cybersecurity Awareness Month

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Online security is something that should get everyone’s attention. Threats exist all around us: ransomware, viruses, spyware, social engineering attacks and more. There’s so much you need to know to keep your personal and business information safe.

But where do you start?

As trusted cybersecurity professionals, we want to help you get educated and stay informed.

That’s why during National Cybersecurity Awareness Month our goal is to give you all the information you need to stay secure.

How can we help? We’ll be sharing valuable and timely information on cybersecurity in blogs, in our newsletter, and on all of your favorite social media sites. [Read more…]

Browser Battle: Why Chrome Continues To Take Over

Jason Cooley is Support Services Manager for Tech Experts.

Every day I see different browsers on different computers. There’s Chrome, Internet Explorer, Firefox, Vivaldi, Opera, and Apple’s Safari browser. Some people like to stick with what they know, and they use Internet Explorer or even Microsoft Edge on Windows 10.

There are those people that really love Mozilla’s Firefox browser and are loyal and comfortable using that. Apple users tend to stick with Safari, like how Windows users use Internet Explorer and Edge, because it’s the default they’ve used for years.

I made the switch to Google Chrome for good about 5 or 6 years ago, and I continue to use it as my browser of choice.

There are preference issues and everyone likes what they like, but there is definitely more to why I use Google Chrome over the other browsers. There are even reasons why I think you should probably use Chrome too.

Let’s start by acknowledging that there are certain websites that only have full functionality in a certain browser and that’s OK. Maybe you need to use Internet Explorer for something. Use what you need to for certain tasks. When you have a choice, use Chrome.

Chrome is celebrating its 10th birthday with a nice updated look, but that’s just the surface. It continues to add features that not only improve your user experience, but also help make things a little more secure.

Chrome now will auto-generate and suggest strong passwords for new accounts created, keeping them unique and therefore significantly more secure.

Google also made sure that the mobile integration for Chrome is second to none. Just make sure you are signed in on your computer and your phone to keep all of your bookmarks and browsing synced.

While a browser like Firefox may meet some of the standards set by Google, there are areas other browsers just can’t stack up.

Mozilla has updated and launched a new and improved mobile app. It is now faster than it was ever before. Want to sync your data between your phone and computer browser with Mozilla? Sure, just create a completely separate account, link them, and hope for the best. Mozilla’s ability to share bookmarks is fair, but it can’t keep the settings streamlined.

These are the areas that Google Chrome excels in, making your browsing experience seamless.

The password manager will also make using your account on multiple devices much easier, as you can use the manager to store passwords and use them on any device you are signed in to.

If you own an Android phone or use the Google Play store but don’t use Chrome, you are missing out on great app integration.

Another reason Chrome pulls ahead in the battle is because of its amazing app library and easy integration and updates. Other browsers can’t begin to offer the things that Google does.

If you need more reason, consider that most of the major browsers use Google’s safe browsing programming to detect potentially dangerous sites.

Consider that these companies are using someone else’s programming to keep you safe… and that programming is from the clear leader in the browser battle: Google Chrome.