TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Online Security

Five Tips For Staying Ahead Of Malware

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Malicious software has become an everyday issue for many computer users, and it can have serious implications for your finances. To keep your information, data, and finances safe, you need to be aware of the common threats to your online security that exist and how you can protect yourself against fraudulent activity.

According to research from Kaspersky Security, malicious software, which is also commonly referred to as malware, impacted as many as 34.2% of computer users in 2015. But what is malware and how does it work?

Malware is somewhat different than computer viruses because instead of completely stopping your computer from operating, it sits quietly in your system stealing important and sensitive information.

It is estimated that over 1 million new forms of malware are released on a daily basis in the form of spyware, Trojan horses, phishing links, and ransomware. [Read more…] about Five Tips For Staying Ahead Of Malware

Go Phish: Keeping An Eye On Your Email

Brian Bronikowski is a field service technician for Tech Experts.
Email phishing scams are nothing new in the IT world. There are always new messages coming through that seem more and more realistic. When you add this to your messages from princes, lottery winners, and investment requests, your inbox can grow rapidly.

There are a few ideas that phishing scams use, but there are also ways to look out for them.

There are a few different types of phishing on the Internet. Some will focus specifically on an organization or group.

Others are more generic. Some will take an idea that could apply to those with a certain attribute of family or business life. There are even attempts that pinpoint the “higher ups” in certain organizations and businesses.

So what are ways to notice these scams? A largely common way to decipher what’s real and what is not is the sense of urgency that these messages will have.

They require important personal information as quick as possible. This urgency is used to put your caution aside so you don’t lose out on whatever they are threatening.

These will also be very broad so it seems you’re not the only one receiving this message – and of course, you aren’t.

Either way if someone states they are deleting your emails, suing for some unknown offense, or offering part in a larger grouping of people, it’s likely that you need to take a minute and think about what’s really going on.

Another easy method that cannot be stated enough is the amount of spelling and grammatical errors.

Professional emails are generally well-groomed and checked over by the sender. Phishing scams, however, seem to have a commonality in that they never seem to read properly. These will have easily noticeable spelling errors.

You can also notice that sentence structure is off and it is very broken in general. While people can make spelling mistakes and others may not be the best proofreaders, there is always a need to be on the lookout for errors. In the scenarios where a business or group is targeted, there may be a few other steps to take.

Emails may be sent that were not expected by the receiver. Perhaps it is an event you did not hear about beforehand. Other times, and commonly as of late, there will be a document that the receiver was allegedly “expecting.”

Other times, they will use the tactics mentioned previously such as the urgency or broadness. While none of these are good to open, it is especially dangerous to open any attachments that are in the spam messages.

These can lead to ransomware and cryptoware infections that cost a lot more than the annoyance of seeing the messages.

Luckily, for all of these issues, there are ways to prevent the messages as a whole. Most large email providers will have some level of protection.

The messages will instead be directed towards your junk folder in hopes you won’t accidentally click on them.

For those that use hosted services, providers are likely taking further steps to prevent these messages. Tech Experts is one of these providers; we are able to host email and protect against a large majority of these threats.

Regardless of what you use for email services, it is always important to keep in mind what’s real and what’s too good to be true.

Keeping that in mind can be the deciding factor between infections, data loss, or identity theft.

Do You Have Internet Privacy At Work?

Luke Gruden is a help desk technician for Tech Experts.
Sometimes, when there’s a break or the work day is slow, it can be tempting to check on a couple different websites. In doing this, would anyone know what websites were visited? Other than the people around, who else would know what sites might have been visited? It may come at a surprise that there could be many different people later on – or even immediately – that find out about the websites that were visited.

It is common for workplaces to have a firewall that prevents certain websites from being visited. Along with blocking certain websites, firewalls usually keep track of all the different websites that have been visited and by who.

Any time a website is visited that has been blacklisted (blocked), this usually triggers an alert to the IT department or management, so they can look over who tried to connect to a blacklisted site. From there, if IT or management feel it is necessary, they could look over the entire history of websites that were visited by a user or a group of users.

Now, let’s say for some odd reason that the business does not have a firewall or other device that keeps records of websites visited – could websites that were visited still be discovered?

Well, the computer someone uses also keeps records of websites that they have been visiting, which can be accessed by IT.

Some clever users might be able to remove their footprints from their workstation computer, but they may not have access to something like that.

There is another way that websites visited from a workplace can be tracked without a firewall or looking into the computer files.

If the websites visited warrant any legal action or an investigation is happening at the company, the ISP (Internet Service Provider) can release any and all records of websites visited and exact information of what was done. There is no way to get around this as you need an ISP to use the internet.

There are even more ways to find out what websites are being visited than what was mentioned here. In short, if someone at the office is using the work Internet, it is more than possible that every website visited is being kept track of in one way or another.

If you follow the rules of your workplace and visit only the type of websites allowed by the work place, you shouldn’t have much to worry about. As a rule of thumb, you should only visit sites and do things that you don’t mind the public or workplace knowing about. If you ever see “NSFW” (Not Safe for Work), do not visit or have anything to do with it while on the work Internet.

Only surf the Internet when you are allowed to surf the internet. Don’t visit websites or open emails where the main site or email sender is unknown. With these tips in mind and a better awareness of how a person can be tracked on a business network, you can make better choices while on the company’s Internet.

Major Password Breach Uncovered

Some people collect antique trinkets while others collect more abstract things like adventures. There’s someone out there, however, collecting passwords to email accounts, and yours just might be part of that collection. To date, it has been estimated that over 273 million email account passwords have been stolen by a person or entity now called “The Collector.” This criminal feat is one of the largest security breaches ever, and the passwords have been amassed from popular email services, including Gmail, Yahoo!, and AOL.

It is unclear exactly why “The Collector” has procured so many email passwords, aside from the fact that the individual is trying to sell them on the dark web. The puzzling part of this, however, is that the asking price is just $1. So, the hacker may only be seeking fame for achieving such a large-scale feat.

The email account credentials may have more value in being used in an email phishing scam, but it’s impossible to know the cybercriminal’s intentions as this point. While potentially having your email hacked doesn’t sound like that big of a threat, there are multiple ways in which this information could be used for harm.

The most notable risk is that the login information may be used to access other accounts; many people use the same username and password for their emails accounts as other ones, such as for online banking. So, there is far more value in this large collection than just the asking price of $1. To protect yourself, security experts advise you change your password immediately.

Bots! What Are They And How Do They Affect Me?

First of all, what in the world is a “bot?” Most people have at least heard of them before, but may not know what exactly they are. A bot is a program designed to operate on its own and carry out whatever function it was intended to. Basically, a robot doing what it’s told.

They can run offline, online, or even as a combination, running offline and collecting information then sending it via email over the Internet.

An example of a bot is a web crawler. When you type in a search into Google, it uses crawlers to search the millions of sites and content for keywords you enter, then reports back. Web crawlers can also be used for data mining.

So how do these affect you? People employ the use of both good bots and bad bots. Most that you encounter are good ones, such as the search engine crawlers, but others can collect your private information.

Good bots or data miners are helpful, making your life easier or personalizing your ad experiences.

They can track statistics for marketing, like what types of things you shop for or what videos you watch on YouTube. In turn, they use this data to put those personalized ads on your screen. Sure, they might be annoying, but their intention is good.

Another example of a good bot could be when you post something on your Facebook account. A bot goes out to the site you’re sharing from and grabs whatever information it is programmed to take, then that information is posted on your page. Although it might seem simple, it’s a time-consuming task to complete manually, which the bot takes care of for you.

Then we have the bad side of bots. As easy it is to program a bot or data miner to collect innocent information, it is just as easy for a malicious person to program a bot to gather information they should not have, like banking information.
They can be programmed to go to hundreds (if not thousands) of sites, servers, or computers where highly sensitive data is stored. They take the information and send it back to their creator.

A recent example of malicious bot would be from the Ashley Madison hack. What they did was create bots that acted as profiles to attract others and steal information from them. Of course there are a myriad of other bad bots out there.

So how do you handle bots? Typically, you would handle them just as you would other malicious content through anti-virus and strong firewalls – along with using your judgment and staying away from suspicious sites, emails, and chat messages.

Data-mining can be blocked, but contact your trusted tech support provider before downloading or installing any programs or browser extensions.

As always, if you have any questions or if you’re interested in finding out how to better block bots, feel free to give us a call at 734-457-5000, or email us at support@mytechexperts.com.

Small Businesses Experience Increase In DDOS Attacks

Some readers may already be wondering, “What exactly is DDoS and why should I worry about it?” DDoS stands for Distributed Denial of Service – and a DDoS attack is when a person (or group) acts maliciously and uses a program which has a sole purpose of flooding a server with traffic.

Why would someone do this? There are many reasons one would execute this devastating attack. For instance, you run a news website. You publish an article that this person doesn’t agree with. They, in turn, run their malicious program. It sends thousands upon thousands of page requests (unique requests to open the website), which causes more traffic than your server can handle.

Your server crashes from the load and no one is able to view your site. Of course, this could be one reason among an infinite amount. For whatever evil agenda they have, it does not fare well for those on the affected side.

In 2015 alone, there were some 50,146 attacks that were detected – averaging 137 per day and 5 per hour (Newswire, 2016).

While these attacks may not make national news or headlines, the IT world is paying close attention. With more devices and easier programs to use, almost anyone could be on the bad side of the cyber war.

One of the more recent attacks that happened was on New Year’s Eve. A group calling themselves New World Hacking took down BBC’s global site and Donald Trump’s site. Another big attack was aimed at a big part of the Internet itself. Namely, the 13 DNS servers on the backbone of the Internet.

These servers are important because they translate the words we use (such as website addresses) into the numerical equivalent that the machines understand. There were two separate attempts, one being 160 minutes long and another lasting about an hour. It caused three of the DNS servers to go offline for a couple hours or so, which is enough to cause a lot of slowness issues or DNS errors on a lot of people’s screens.

What can be done to help mitigate this issue? There are a few things. You definitely should have an IT department or IT security group who is able to handle this. Bigger corporations especially should be keeping up with threat trends and keeping their firewalls and security prevention up to date and active.

Now, say you’re a small to medium size business and you have no security on your network. It would be a good idea to have an IT service provider such as Tech Experts to help with your IT and security needs. These days, especially in recent years, it’s not a good idea to just pay your cousin under the table to install a router and call it good.

If you can’t afford to have anything happen to your data or to be down for a day or more, hire a professional. We can set you up with a network designed with your needs and security in mind.

Don’t Pay A Ransom To Get Your Data Back

Michael Menor is Vice President of Support Services for Tech Experts.

Requesting a ransom from victims is an unfortunate trend gaining momentum in the hacking world. This is typically done using ransomware (where hackers encrypt data and request money for the key) and distributed denial of service attacks (where hackers threaten to overwhelm a system with traffic, thus knocking it offline).

In both scenarios, hackers are looking for the victim to pay up…or else. Should they?

The answer should be obvious: absolutely not.

However, when a person’s valuable data becomes encrypted or they receive a legitimate threat to take down their servers, emotions often get in the way and they’ll end up “paying the piper.” Hackers know this, which is why their ransom methods employ fear tactics.

For example, ransomware like CryptoLocker will lock the user out of their computer while the screen displays a countdown to when their data will be deleted.

With DDoS attacks, a hacker may contact the victim mid-attack and promise to cease the attack for a fee. Both of these situations play straight into a person’s irrational fear, causing them to cough up cash.

Before reaching for your credit card to pay a hacker’s demands… stop, take a deep breath, and think objectively about the situation.

What guarantee do you have that these hackers will actually make good on their promise to turn over your data or cease the attack?

This guarantee is only as good as a hacker’s word, which is pretty worthless seeing as they’re, you know, criminals. Therefore, whatever you do, DON’T GIVE MONEY TO A HACKER!

By paying hackers money, you’ll only add fuel to the fire and help fund the spread of their devious acts.

Plus, there are several reported cases where a victim pays the ransom, only to still have their data deleted or the attacks on their site continue.

What’s it to them if they go ahead and follow through with the attack? They have your money, so who cares? It’s a classic case of adding insult to injury.

Need proof? There’s a recent example of this happening to ProtonMail, a Switzerland-based email encryption service.

On November 3rd, ProtonMail was threatened with a DDoS attack by the hacking group Armada Collective.

Like many companies would do, they ignored the threat, deeming it to not be credible. Soon afterward, their servers became overloaded to the point where they had to cease operations. After paying the ransom, the hackers continued the attack.

Now, consider your own situation. How much would it cost your company if you lost revenue for a full day of work, and you still had to make payroll?

For a medium-to-large sized company, losing a full day’s work would likely come to much more than a few thousand dollars. In fact, hackers understand how downtime can be so costly, which is why they feel justified asking for such an exorbitant fee.

What are you supposed to do if you were asked to pay a ransom by a hacker? The first thing you’ll want to do is contact the IT professionals at Tech Experts. We’re able to take an assessment of the attack to determine how bad it is and restore your data to a backed up version that’s not infected with malware.

When facing a hack attack, we can present you with all the options you can take – none of which will include paying a hacker money.

Yes, You Can Still Get Infected – Even With Anti-Virus

Scott Blake is a Senior Network Engineer with Tech Experts.

With the sudden release of a new variants of malware and ransomware such as CryptoWall, users are wondering why their anti-virus programs are not blocking the ransomware infection from infecting their computer.

As with many other forms of malware, the infection needs to exist before a cure or way to detect the threat can be created. This takes time and during this period of R&D, the malware spreads like wildfire.

While there are several forms and classifications of infections, there are basically only two different methods in which infections are released into your system: User Initiated and Self Extraction.

User Initiated infections are caused by a user clicking on a link within a webpage or email or by opening infected email attachment. Once opened, the malware is released and quickly spreads throughout your system.

Because the user manually clicked on or opened the link/document, most anti-virus programs receive this as an authorized override by the user and either internally whitelists the link/document or skips the scan.

CryptoWall is spread through this method, usually contained within an infected Word, Excel or PDF document. The creators of these programs take advantage of the programming of the document to hide the infection.

With the world becoming a paperless society, we are becoming more and more accepting of receiving and opening attachments sent to us through email. It has practically become second nature to just click and open anything we receive, regardless of any warning.

Self-Extracting infections are exactly what they’re named. These infections require no outside assistance to worm their way through your system, infecting as they go.

The number one method creators of this form use to place their software on your system is through “piggy back” downloads.

Red button on a dirty old panel, selective focus - virus

Piggy back downloads occur when you authorize the download and install of one program and other programs (related or unrelated to the original program) are automatically downloaded and installed with it. The most common way is by downloading programs promising to speed up your computer.

Infections can also exist on your system and lay dormant for long periods of time, waiting for the computer to reach a certain calendar day or time. These infections are called “time bomb” infections. Just like piggy back infections, they require no outside assistance to infect your system.

They are mostly found buried in the registry of the system or deep within the system folders. Because they are not active on the time of placement, most anti-virus programs will not detect them. Active reporting through toolbars is another means of becoming infected over time.

When a user downloads and installs a toolbar for their browser, they authorize at the time of install that it is okay to install and all of its actions are safe. However, most toolbars are actively scanning, recording, and reporting back to the creator. They also act have conduits for installations of other unwanted programs behind the scene.

If left unchecked, those additional programs can become gateways for hackers to gain access to your system and spread even more infections.

To help stop the spread of malware/ransomware such as CryptoWall and its variants, we need to become more vigilant in our actions when either surfing the Internet or opening email and attachments.

The best rule of thumb to follow for email is: if you don’t know the sender, or you didn’t ask for the attachment, delete it. As for websites, read carefully before you download anything and avoid adding toolbars.

The Three Scariest Threats To Small Business Networks

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

While spam, pop-ups, and hackers are a real threat to any small business network, there are three security measures that you should be focusing on first before you do anything else.

Worry About E-mail Attachments, Not Spam
Sure, spam is annoying and wastes your time, but the real danger with spam is in the attachments.

Viruses and worms are malicious programs that are spread primarily through cleverly disguised attachments to messages that trick you (or your employees) into opening them.

Another huge threat is phishing e-mails that trick the user by appearing to be legitimate e-mails from your bank, eBay, or other financial accounts.

Here are three things you must have in place to avoid this nightmare: [Read more…] about The Three Scariest Threats To Small Business Networks

Beware The Fake Microsoft Cold Calls

Scott Blake is a Senior Network Engineer with Tech Experts.

The phone rings and you don’t recognize the number or name on the caller ID. You pick up anyway and the caller tells you that they work for Windows Support or Windows Service Center and they are a Microsoft Certified Technician.

They go on to say they have received log files or have determined that your computer is infected and causing corruption throughout your Windows operating system.

They ask if you’re at your computer now and, if not, to go there. Once there, they walk you through how to open your Event Viewer and show you the Administrative Events under the Custom Views folder.

They are quick to point out all of the red circles labeled “Error” are all Malware infections. They then ask you to look at the number of events listed and they go on to advise this is the total number of infections currently on your computer.

The caller then says they can clean your system of all infections, but they will need to have remote access to the computer.

At this point in the call, most people have been thoroughly convinced by the voice on the other end of the phone that their system is indeed infected and needs to be cleaned. After all, the caller knew where to look for the so-called infections and they do sound like they truly want to help.

The Microsoft “employee” will even tell you that if you don’t let them remove the infections, the “hackers” that placed the malware on your system will have complete access to all of your information.

They warn that your identity is in jeopardy of being stolen. You must give them remote access to your computer. They are your only hope and you must trust them. After all, they say they work for Microsoft.

The fact of the matter is that the caller does not work for Microsoft in any capacity. They don’t work for any of their third party vendors nor any security firm that has been retained by Microsoft.

They are in fact the “hackers” attempting to convince you to give them access to your computer to infect your system and steal your data.

If you allow them remote access, they will start to install malicious programs on your computer. They’ll copy all of your information and, in some cases, encrypt your data.

They will tell you that that the infection is too severe for a “standardized” cleaning and you will need to pay money to have them install removal programs to clean the system.

In mid-2013, NBC News Technology reporter Frank Catalano, reported on receiving one such phone call himself.

After his ordeal with the fake Microsoft, Mr. Catalano contacted the real Microsoft. He received the following reply:

“In 2010, Microsoft began receiving reports of scammers making phone calls or sending emails to people,” replied a spokesperson for Microsoft’s Digital Crimes Unit. They advised that they had referred the cases to the Federal Trade Commission.

One very important thing to remember is that Microsoft (or any of its partners) will never cold call you. They will never ask for remote assistance. They will never ask for usernames and passwords.

If you have fallen victim to such a scam, disconnect your network cable and take your computer to a trusted service center or repair facility and explain in detail what happened as soon as possible.

For questions or advice on what to do about cold call scammers, contact Tech Experts at (734) 457-5000, or by email at info@mytechexperts.com.