Heads Up: Hackers Are Exploiting Email Forwarding Rules

The ways in which hackers attack accounts are endless, and a lot goes into keeping your accounts both safe and usable.

A newer attack style that is being used (and one we have personal experience with resolving) is the manipulation of email forwarding rules.

Email forwarding rules are rules that are set up in your inbox to forward a message to another mailbox as soon as it arrives.

The danger for the email owner is that these rules can also clean up after themselves by deleting the message, preventing a copy of the forward from showing in the “Sent Items” folder, and deleting the message from the “Deleted Items” folder.

If a hacker takes advantage of this, then all your email will be sent to and read by someone you do not even know.

Think about the items in your inbox, especially the ones that are sensitive and/or confidential. Can you risk there being a period of time where your messages are being forwarded without your knowledge?

Also, as the hackers are good at cleaning up and hiding their tracks, you need someone with the experience and expertise to resolve this for you if it does occur.

One of the big dangers with this attack style is that changing your password or adding two-factor authentication will not stop the current breach once the rule is in place.

Forwards will continue to be sent because the rule is not password dependent. It’s the same with two-factor authentication; if you enable this after the rule is in place, it will not do you any good.

There are steps that can be taken to prevent these types of attacks, however most of them are not settings that an end user would be familiar with.

It’s important to not allow forwarding to occur to email addresses outside of your domain, and relatedly, it’s a good idea to allow the full sync of settings between the web client and the local desktop client.

For example, Office 365 by default will not sync these settings, so if someone gains access to your email and creates a forward on the web page, you and your IT department will not see it if they look in your Outlook client on your local computer.

These rules can be hidden if the hacker knows what they are doing. This means a quick open-and-check-if-a-rule-exists is not sufficient. Steps need to be taken to make sure there are no rules, not just a lack of visible rules.

Checking for these rules if there is a suspected breach is critical because of another potential problem: if you do a password reset on another account that you are concerned about (for example, your bank because you use the same password), that email with details gets forwarded to the hacker and they may be able to gain access to that account.

Hackers will continue to evolve as they need to. As this exploit is discovered and procedures are put in place to mitigate their effect, the next exploit will be used and the cycle will start again. Having a partner to help you navigate through all these potential issues is essential.

Being aware of these exploits, watching for new ones, and making necessary changes to keep your business safe is a big part of what Tech Experts does.

Handling these concerns is part of our core business, giving you the peace of mind to handle your core business.

Everyone On Your Team Needs Cyber Security Training. Including You!

Every good business leader knows that training is essential for a highly productive team.

But have you ever considered giving your staff cyber security training? You really should.

What is it?

It’s about increasing their awareness of the ways that criminals try to break into your IT system, and the devastating consequences if they do.

So, they’d learn:
• How to spot the different types of fake emails and messages, and what to do with them
• The risk of social engineering by email, phone, or text message
• Why we use basic security tools such as password managers and multi factor authentication (where you generate a code on another device)

By holding regular cyber security training sessions, you can keep everyone up to date. And develop a great culture of security awareness. It’s another layer of protection to help ensure that your business doesn’t become part of a scary statistic (one small business is hacked every 19 seconds).

As the company owner, it’s critical you do the training, too.

You’ll be one of the most targeted people in the business, as you probably have access to all the systems, including the bank account.

If you don’t already have cyber security training in place, we’d love to help. Give us a call at (734) 457-5000, or an email to info@mytechexperts.com.

Could One Well-intended Click Take Down Your Business… From The Inside?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Not many owners and managers realize this… but the biggest data security risk to your business is actually your team.

We’re not talking malicious damage. But rather, them being caught out by cyber criminals.

It only takes one click on one bad website, and your business can be compromised. It really can be that simple.

Hackers target staff to try to install malware on your devices. Then they can try to extort money, corrupt files, or steal your sensitive business data.

In some cases, this can cause such extreme damage to your business that it makes genuine recovery very hard. Trust us when we say you want to avoid it at all costs.

Fortunately, there are a few things you can do to help protect your business from this kind of attack. And you’re probably already doing some of them. [Read more…]

Are You Using Multi-factor Authentication Yet?

Robust security is key for storing data. Cyber-criminals are targeting all businesses all the time, using clever automated tools to sniff out weaknesses they can exploit. Don’t make it easy for them.

Multi-factor authentication gives you another level of security when logging into apps.

What is it? You’ve probably used it when you log into your bank account. You enter your password, then on the next screen, you click to have a code texted to your phone, which you enter as a second, single-use password.

The thing is, it’s not just for your bank. You can use it to access many applications.

It’s simple to set up, and you can use it for any account that holds data you’d rather not fall into the wrong hands.

There are lots of different ways to do multi-factor authentication to protect your business’s data:

• The text message approach: That’s lots better than nothing, but is the least secure multi-factor authentication
• Generate a code on your cell phone: This is better
• Have a special small USB device that must be plugged into your laptop

If you’re unsure how to set this up, please give us a call at (734) 457-5000. We’d love to help.

Buyer Beware: New Phishing Scams Appearing On Craigslist

Craigslist email scams come in many shapes and forms, but in general, a Craigslist email scammer is known to do at least one of the following things:

● Ask for your real email address for any reason at all.
● Insist on communicating by email only (using either your Craigslist email or your real email).
● Send you fake purchase protection emails that appear to be from Craigslist itself.

Asking for your real email address
Scammers might ask you for your real email address for any of the following reasons:

The scammer claims they want to send payment via PayPal. Scammers posing as buyers might try to talk you into accepting online payments, such as those via PayPal.

Once you give your PayPal email address to the scammer, however, they can easily send you a fake PayPal confirmation email to make you think that they paid when they really didn’t.

The scammer claims they use a third-party to securely handle the payment. Similar to the PayPal scenario above, a scammer (posing as either a buyer or a seller) might ask for your real address so that they can send a fake email that appears to come from an official third party.

These types of emails typically are cleverly designed to look like they offer a guarantee on your transaction, certify the seller, or inform you that the payment will be securely handled by the third party.

The scammer intends to send you multiple scam and spam messages. A scammer who asks for your real email address might be creating a list of victims they’re targeting to hack their personal information.

They could be planning to send you phishing scams, money or lottery scams, survey scams or even social network scams.

Insisting on communicating entirely by email
Scammers might insist on talking exclusively by email for any of the following reasons:

The scammer can’t speak to you by phone or meet up in person. Many Craigslist scammers operate overseas and don’t speak English as their first language, which is why they prefer to do everything via email. If they’re posing as a seller, they almost definitely don’t have the item you’re trying to buy and are just trying to get your money.

The scammer is following a script and has an elaborate personal story to share. Scammers use scripts so that they can scam multiple people. If they’re posing as a buyer, they might refer to “the item” instead of saying what the item actually is.

Since English is typically not most scammers’ first language and they operate around the world, it’s very common for them to misspell words or use improper grammar. And finally, to back up why they can’t meet up or need payment immediately, they’ll describe in detail all the problems they’re currently facing/have faced in order to get you to sympathize with them.

The scammer is looking to pressure you to make a payment, or wants to send a cashier’s check. Using their elaborate story, the scammer who’s posing as a seller might ask you to make a deposit via a third party such as PayPal, Western Union, MoneyGram, an escrow service, or something else.

They might even convince you to make multiple payments over a period of time, looking to extract as much money from you as possible before you realize you’re not getting what you’re paying for.

On the other hand, the scammer who’s posing as a buyer might offer to send a cashier’s check, which will likely be discovered as fraudulent days or weeks later.

Beware of anyone who tells you they’re in the military. This is a strong sign of a scam.

Sending fake purchase protection emails
Scammers have been known to send protection plan emails that appear to be from Craigslist. Of course, Craigslist doesn’t back any transactions that occur through its site, so any emails you receive claiming to verify or protect your purchases via Craigslist are completely fake.

The most important thing you can do to avoid getting involved in a Craigslist email scam is to never give away your real email address to anyone you’re speaking to from Craigslist.

The Latest Small Business Security SNAFU? Zoom

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

With everyone now working from home and finding new ways to collaborate and get things done, Zoom has become one of the most popular video conferencing applications, reporting growth of 378% over just one year ago.

As its popularity has grown, so has the allure for hackers. The FBI in Boston reported that two online high school classes had been interrupted by individuals who began yelling obscenities and the address of the teacher to another which displayed swastika tattoos. So how does this happen?

To start, most recurring meetings use the same meeting IDs. Someone, in an effort to make sure other attendees were aware of the event, would share it in an unsecured way, such as on Facebook or other social media.

Hackers can pick up this information, and even after the event was over, they could use the same information to gain access to the next meeting. Fortune Magazine has reported that dark web dedicated forums have popped up on popular sites like Reddit, and all a hacker would need to do on Facebook is search for “zoom.us” to find any public post containing the targeted words.

So what is a business to do to secure their meetings and avoid the potential sharing of sensitive corporate information during this time of extensive virtual meetings? First, and foremost, set your meeting to private. This means that there is a password required for each participant to enter. Although Zoom has now changed this setting to be the default setting, some users are still opting to make the meeting public for the sake of convenience.

As inconvenient as it is to have invitees enter a password to get into their meeting, it’s even more inconvenient to have sensitive corporate information released. Also… and this might seem to be stating the obvious but do not share your meeting invite over social media.

No matter our security settings on social media profiles, it’s best to assume that nothing you say on there will stay private. Another way to ensure the security of your zoom meeting is to use the feature of the waiting room. This means that each invitee who logs in will first be placed into a room where the meeting host then has to approve their entry and allowing the host to assess each attendee before they enter the room.

Also, never use your personal ID. Each zoom user has a personal virtual meeting room assigned when they create an account. Defaulting to using your assigned virtual meeting room can make it easier for hackers to enter in from old meeting announcements.

You know the phrase, what happens in Vegas stays in Vegas? Yeah. When it comes to Zoom (and any virtual meeting for that matter) assume what happens in Zoom does not stay in Zoom. If the information that is going to be shared is of such critical nature, you should find another medium where you have no chance of being overheard.

How To Protect Your Business From Phishing And Spearphishing

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

One of the best ways to protect your business against these types of attacks is by educating your employees on the methods these criminals exploit to gain access to your employees and your sensitive information. But beyond that, there are some methods you can use in conjunction with education to help protect your business.

Pre-delivery
Using filters can help prevent malicious emails from reaching your employees’ inbox and is effective for preventing indiscriminate attacks but not targeted ones.

More useful, however, are solutions that not only filter emails before reaching the inbox but incorporating virus scanners, real-time intent analysis, reputation checks, URL checkers, and other assessments before any email reaching your employee. We have an offering that can help you prevent an attack before it even starts. [Read more…]

Zoom Zero-Day Bug: Webcam Hijacking And Other Intrusive Exploits

Jason Cooley is Support Services Manager for Tech Experts.

Internet safety is always a concern and there are a large number of tools available to assist with that. Depending on how much security you need, you may need to run multiple pieces of software. Antivirus, antimalware, firewalls, and even 2-factor authentication are security measures all doing different things.

Even with all of these types of security layers in place, there is no such thing as guaranteed safety. You can be as careful as possible and avoid anything seemingly questionable, but one thing you can’t avoid are security exploits.

An exploit could be used to track a user’s history, and possibly even every keystroke. This could potentially send passwords for anything you enter on the computer.

Recently, Zoom, a video conferencing application, was discovered to have a severe vulnerability on the Mac platform. This exploit was a very simple one: a person attempting to access your webcam could send a legitimate Zoom meeting invite, but set with certain settings on a certain server.

When the link is clicked, even without accepting the invite, the client is silently launched, turning on the end user’s webcam. Even if the Mac user had uninstalled Zoom, the client would silently reinstall and launch.

Back in 2017, a much larger user base was at severe risk of an exploit that would allow hackers to silently install malware to take remote control of the user’s computer. The CVE-2017-11882 exploit was a flaw in Microsoft Office software.

If Office was installed, a Visa paylink email was sent, and when the user opened the word document attached, it launched a PowerShell command installing Cobalt Strike, granting remote control to whoever deployed it.

It was not long before Microsoft had a security fix rolled out, but if the software was installed prior to installing the security update, the remote control software would persist and have free reign on not only one computer, but also be able to travel through the network.

These vulnerabilities are discovered in normal software and have been found in Windows’ core system more times than you probably realize. Microsoft is typically quick to roll out updates when they have the power to fix the flaw, even if it isn’t their software. This illustrates the great importance of keeping Windows up to date.

Sure, if you are at work and have an IT team like the staff at Tech Experts, your updates are managed and prioritized. While some updates are optional or just good for a more user-friendly experience, important security updates should always be installed as soon as possible.

As Windows 7 updates come to an end this year, any of these types of exploits will remain unfixed. Switching to Windows 10 or replacing your computer is the only way to keep getting the latest patches for these intrusive exploits.

If you are already on Windows 10, make sure you have antivirus installed. As always, check your system regularly for updates and get help if you need it – your safety depends on it.

Small Businesses Are Under Cyber Attack

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Ransomware, crypto jacking and phishing are now the biggest threat to the survival of small- and medium-sized companies (not to mention large companies, local governments, and even the federal government). Here are some sobering statistics:

  1. Ransomware or hackers attack a business every 14 seconds in the United States.
  2. Sonicwall (a major firewall vendor) reported a 300% increase in the frequency of attacks in 2018.
  3. Ransomware attacks on healthcare organizations will quadruple by next year.
  4. The financial impact of ransomware attacks against small companies is predicted to reach $11.5 billion dollars in 2019.
  5. MOST ALARMING: 91% of cyberattacks begin with a spear phishing email, the most common way to infect a company with ransomware.

The threat landscape has changed significantly in the last 12 months. It used to be the reliability of our client’s backups and disaster recovery options that would worry me at night. [Read more…]

Mozilla And Google Boosts Anti-Tracking And Security

Jason Cooley is Support Services Manager for Tech Experts.

Internet security changes all the time and so does the variety of issues. We have to be sure to run anti-virus, watch out for infections and phishing, and regularly change our passwords just to start the process of being safe on the Internet.

There are people that spend time to create these viruses and other hidden or unwanted system modifications.

While their motivation may not be known (usually money), one of the hazards of using the Internet is dealing with the headaches these things can cause.

On top of regular infections, there are many data gathering processes that can run in the background of your system.

These can be gathering data to send to someone attempting to steal your information. There are also websites that gather data when you visit, login, or create an account.

While there are instances where gathering data is used maliciously as I mentioned, it is also something legitimate sites can be guilty of. In 2019, you may have heard of sites like Google and Facebook gathering information, but what and how much are they gathering? What can you do about it?

Earlier this year, the International Computer Science Institute investigated Google and the Applications linked with its Playstore.

Applications downloaded from Google and the Playstore can gather data, and that can be used to create your Advertising ID. This ID is unique, but is and can be reset.

Many applications were also linking that Advertising ID with the hardware IDs of a device, such as the MAC address. This is forbidden as it allows the data to be permanently stored, even when you erase your history and erase the application data. Google is addressing the issue and already forcing some applications to change its data gathering process.

Google is also stepping up security for mobile devices in another way. Users that are familiar with Chrome and its password storing may know the browser version of Google can suggest a strong password.

This is now coming to mobile devices as well, which will sync security across all devices, prompting you to use a strong and unique password when it is determined your password is weak or frequently used.

Facebook may be the king of data harvesting. I am sure many of you have searched for something on the Internet, then noticed ads on Facebook showing that item. This is part of targeted advertising done by Facebook.

Facebook has the ability to follow you around the web, checking your browser habits and collecting user data anytime you are on a site with a Like or comment section from Facebook attached.

Mozilla Firefox introduced the Facebook Container extension for its browser last year, which keeps Facebook isolated.

While it has been out for awhile, 2.0 was just released, which blocks those sites with the Facebook links from gathering information.

Firefox is stepping up the anti-tracking to another level as well. The browser debuted its new “Enhanced Tracking Protection.” Mozilla teamed up with Disconnect, an open source anti-tracking program to create this new protection that blocks over 1,000 third party websites from gathering data while you browse the Internet.

This feature is enabled by default once the browser is updated to its newest version.

Some may not worry about their privacy online, but for those who do, it’s time to update.