Online Security

How To Avoid Infections On Your Company’s Network

February 1, 2017

Luke Gruden is a help desk technician for Tech Experts.

Computers are just like people – they too can catch a virus and become infected. Your computer can potentially be infected from anything it connects or interacts with, so it’s important to watch what disk or USB device you insert into your computer or websites you go to.

What is a computer infection?
A computer infection is referring to malicious software that can harm your computer or even steal your information. There’s more than one variation of it. There is spyware that watches what you type and do on your computer to gather and steal information.

There is adware which will change your settings and hijack certain parts of your computer to promote its own products.

There is cryptoware which will lock your whole computer and make it unusable.
There are also many other types of infections or malware that your computer can come across.

Is my computer infected?
If your computer has been running slower recently and you are seeing strange pop-ups or odd programs, you are very possibly infected. At Tech Experts, we monitor many different computers, keeping track of any odd processes and programs that are installed. We also have managed anti-virus that further helps us identify when our client’s computers could be infected.

How can I clean an infected computer?
There are many tools and resources that can be used to clean an infected computer and no single tool is absolutely perfect. Usually when cleaning an infection, we run at least three to four different (reputable) programs, depending on what type of infection it is.

If it is a very deep infection, we could end up running seven or more different programs to clean out the infection. It is important to know which tools to use and how to use them, however.

Certain programs can cause damage to the computers’ registry if you don’t know exactly what you’re looking for.

How do you prevent an infection?
Understanding your computer habits are one of the biggest ways to prevent infections. If you find yourself web surfing to questionable sites or to sites you’ve never been to before, this is one of the biggest ways to catch an infection.

Downloaded programs you don’t remember installing are one of the biggest red flags of an infection. Opening up emails and attachments that you don’t know where they came from is a good way to become infected. Know the sites you visit are safe and be attentive to what emails and downloads you view.

Having a good anti-virus is very important for a clean computer protected from those threats that you cannot see normally. At Tech Experts, we provide AV for ourselves and clients that prevent most infections. No AV is 100% able to stop all infections. With hackers making new threats every day, there is no method to make sure all possible vulnerabilities are blocked.

However, having good software and good habits will prevent the great majority of infections of hopping onto your computer.

How To Identify And Handle Scareware Pop-ups

February 1, 2017

jared-stemeye — Jared Stemeye is a Help Desk Technician at Tech Experts.

Let’s say you’re reading the latest news articles on a webpage you visit regularly. In an instant, a new browser window flashes onto your screen, blinking with some sort of notice, a warning of virus infections, a legitimate looking logo, and a phone number to call.

Some of these even employ audio statements such as, “Your PC is infected. If you close this window you will lose all information stored on your hard drive.”

These tactics combined do a very good job of eliciting emotions of fear and anxiousness from their victims.

However, with the proper knowledge to identify the fraudulent practices of these groups, along with the proper steps to handle such occurrences, you will be able to avoid the hardship many others have encountered.

The first thing you should know is that it is quite simple for anyone to attach the Microsoft, or any name brand anti-virus’ insignia onto the page to make it appear convincingly genuine. The ‘official’ logos you see on these pop-ups are not legitimate, though it is very easy to think that they are.

The second, and probably the most important, thing to know is to never – under any circumstances – call the phone number provided by the pop-up.

The disreputable individuals on the other end of the phone are not meant to help you. Like the pop-ups, they too are proficient at inducing anxiety among their victims, urging those who call to allow permission for remote access to the targeted computer.

Once someone has access to your desktop, they have access to all your locally stored files and can make changes to them as well as plant malware or spyware.

Never allow remote access to your computer unless you, without any doubt, know who it is you’re allowing access.

Now, what you should do next? First, attempt to close the window as you would with any other window by clicking the X in the top right corner.

In many cases, a dialogue box will appear at the top of the screen, providing more anxiety-inducing phrases to make you think your actions are incorrect. Rest assured you are on your way to ridding yourself of the pop-up.

Browsers such as Internet Explorer, Google Chrome, and Mozilla Firefox have an opportunity to prevent these boxes from reappearing after you exit out of them. In the pop-up box, click the check field next to the “prevent additional dialogues” option and click OK.

If the pop-up window has yet to close, retry exiting out of the window. No additional dialogue boxes should appear at this point, allowing you to regain control of your computer.

If the pop-up window does not close after these steps or if the issue persists after a short period, contact your trusted IT team to remove the issue.

Under any circumstance, remember, these pop-ups are not viruses themselves and, if you follow the advice given in this article, they will cause no harm to your computer.

However, it is still best practice to run a full virus scan if this does occur to ensure you are unaffected.

What Makes For A Good Password?

October 25, 2016

It seems like every week we need to make a new password for a new account. When making a password, there is usually some colored bar letting you know if your password is strong or weak.

It is very important that we maintain strong passwords for our accounts, so no one uses a password generator to guess the password and gain access to our private information.

What actually makes a good password? Length is one of the best methods to making a stronger password as it’s harder for a computer to hack a longer password. For the length, it’s recommended to have at least 12 characters.

If your password consists of basic words, it’s recommend the password be even longer as a lot of password crackers out there auto-search dictionary words.

You can even make a sentence or sentences. There is no rule against something like this: “Hello! I am Luke with Tech Experts and I work on computers!” That was about 60 characters and would take significantly longer to crack than a simple 12 character password.

The next best factor to making a good password is complexity. Complexity is when a password uses special characters, numbers, random capitals, and contains few or no dictionary words. The more complex a password is, the far harder it is for a computer to crack the password. “s5df1K51lj!@# ^k5$#1#!!2 @” would be a really good password, but good luck remembering it. Too complex and it’s hard to remember, too short and it’s easy to crack.

However, using length and complexity, we can make a strong password that we can remember.

Adding a number and special character to each word you use will drastically increase the strength of the password without making it too complex “Hello$1 my$2 name$3 is$4 Luke!$5” is most likely a stronger password than the one I used earlier that contained 60 characters simply because the special characters aren’t in the dictionary.

Another important note about passwords is that you should keep every password different for each profile. It can be tempting to use the same password for every account online, but at least try to make variations of your passwords.

The main reason why is that if a website is leaked or hacked, your password can be out there in the public and can be attempted on your other accounts, so even if you have the best password in the world, using the same password for every account can make your accounts vulnerable.

The last good practice for passwords is to change your password every 6 months or so, so even if your password was leaked without your knowledge, changing the password would end the issue. Also, some computers will try to crack a password 24/7 and, with enough time, it will eventually guess the right password. Changing your password every so often will thwart those computers that endlessly guess at your password.

Another way to ensure you have different strong passwords is to use a password manager. A password manager is a type of program that stores your different passwords for different accounts, but that itself still needs a good password to protect your collection. With a password manager, you can use a generator to create very long complex passwords and not have to worry about remembering them as long as you have accesses to your manager.

If you need any help with passwords or with setting up a password manager, you can count on your Tech Experts to help you on your way. Contact us with any questions at (734) 457-5000.

Five Tips For Staying Ahead Of Malware

October 25, 2016

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Malicious software has become an everyday issue for many computer users, and it can have serious implications for your finances. To keep your information, data, and finances safe, you need to be aware of the common threats to your online security that exist and how you can protect yourself against fraudulent activity.

According to research from Kaspersky Security, malicious software, which is also commonly referred to as malware, impacted as many as 34.2% of computer users in 2015. But what is malware and how does it work?

Malware is somewhat different than computer viruses because instead of completely stopping your computer from operating, it sits quietly in your system stealing important and sensitive information.

It is estimated that over 1 million new forms of malware are released on a daily basis in the form of spyware, Trojan horses, phishing links, and ransomware. [Read more…] about Five Tips For Staying Ahead Of Malware

Go Phish: Keeping An Eye On Your Email

July 28, 2016

Brian Bronikowski is a field service technician for Tech Experts.

Email phishing scams are nothing new in the IT world. There are always new messages coming through that seem more and more realistic. When you add this to your messages from princes, lottery winners, and investment requests, your inbox can grow rapidly.

There are a few ideas that phishing scams use, but there are also ways to look out for them.

There are a few different types of phishing on the Internet. Some will focus specifically on an organization or group.

Others are more generic. Some will take an idea that could apply to those with a certain attribute of family or business life. There are even attempts that pinpoint the “higher ups” in certain organizations and businesses.

So what are ways to notice these scams? A largely common way to decipher what’s real and what is not is the sense of urgency that these messages will have.

They require important personal information as quick as possible. This urgency is used to put your caution aside so you don’t lose out on whatever they are threatening.

These will also be very broad so it seems you’re not the only one receiving this message – and of course, you aren’t.

Either way if someone states they are deleting your emails, suing for some unknown offense, or offering part in a larger grouping of people, it’s likely that you need to take a minute and think about what’s really going on.

Another easy method that cannot be stated enough is the amount of spelling and grammatical errors.

Professional emails are generally well-groomed and checked over by the sender. Phishing scams, however, seem to have a commonality in that they never seem to read properly. These will have easily noticeable spelling errors.

You can also notice that sentence structure is off and it is very broken in general. While people can make spelling mistakes and others may not be the best proofreaders, there is always a need to be on the lookout for errors. In the scenarios where a business or group is targeted, there may be a few other steps to take.

Emails may be sent that were not expected by the receiver. Perhaps it is an event you did not hear about beforehand. Other times, and commonly as of late, there will be a document that the receiver was allegedly “expecting.”

Other times, they will use the tactics mentioned previously such as the urgency or broadness. While none of these are good to open, it is especially dangerous to open any attachments that are in the spam messages.

These can lead to ransomware and cryptoware infections that cost a lot more than the annoyance of seeing the messages.

Luckily, for all of these issues, there are ways to prevent the messages as a whole. Most large email providers will have some level of protection.

The messages will instead be directed towards your junk folder in hopes you won’t accidentally click on them.

For those that use hosted services, providers are likely taking further steps to prevent these messages. Tech Experts is one of these providers; we are able to host email and protect against a large majority of these threats.

Regardless of what you use for email services, it is always important to keep in mind what’s real and what’s too good to be true.

Keeping that in mind can be the deciding factor between infections, data loss, or identity theft.

Do You Have Internet Privacy At Work?

June 27, 2016

Sometimes, when there’s a break or the work day is slow, it can be tempting to check on a couple different websites. In doing this, would anyone know what websites were visited? Other than the people around, who else would know what sites might have been visited? It may come at a surprise that there could be many different people later on – or even immediately – that find out about the websites that were visited.

It is common for workplaces to have a firewall that prevents certain websites from being visited. Along with blocking certain websites, firewalls usually keep track of all the different websites that have been visited and by who.

Any time a website is visited that has been blacklisted (blocked), this usually triggers an alert to the IT department or management, so they can look over who tried to connect to a blacklisted site. From there, if IT or management feel it is necessary, they could look over the entire history of websites that were visited by a user or a group of users.

Now, let’s say for some odd reason that the business does not have a firewall or other device that keeps records of websites visited – could websites that were visited still be discovered?

Well, the computer someone uses also keeps records of websites that they have been visiting, which can be accessed by IT.

Some clever users might be able to remove their footprints from their workstation computer, but they may not have access to something like that.

There is another way that websites visited from a workplace can be tracked without a firewall or looking into the computer files.

If the websites visited warrant any legal action or an investigation is happening at the company, the ISP (Internet Service Provider) can release any and all records of websites visited and exact information of what was done. There is no way to get around this as you need an ISP to use the internet.

There are even more ways to find out what websites are being visited than what was mentioned here. In short, if someone at the office is using the work Internet, it is more than possible that every website visited is being kept track of in one way or another.

If you follow the rules of your workplace and visit only the type of websites allowed by the work place, you shouldn’t have much to worry about. As a rule of thumb, you should only visit sites and do things that you don’t mind the public or workplace knowing about. If you ever see “NSFW” (Not Safe for Work), do not visit or have anything to do with it while on the work Internet.

Only surf the Internet when you are allowed to surf the internet. Don’t visit websites or open emails where the main site or email sender is unknown. With these tips in mind and a better awareness of how a person can be tracked on a business network, you can make better choices while on the company’s Internet.

Major Password Breach Uncovered

June 27, 2016

Some people collect antique trinkets while others collect more abstract things like adventures. There’s someone out there, however, collecting passwords to email accounts, and yours just might be part of that collection. To date, it has been estimated that over 273 million email account passwords have been stolen by a person or entity now called “The Collector.” This criminal feat is one of the largest security breaches ever, and the passwords have been amassed from popular email services, including Gmail, Yahoo!, and AOL.

It is unclear exactly why “The Collector” has procured so many email passwords, aside from the fact that the individual is trying to sell them on the dark web. The puzzling part of this, however, is that the asking price is just $1. So, the hacker may only be seeking fame for achieving such a large-scale feat.

The email account credentials may have more value in being used in an email phishing scam, but it’s impossible to know the cybercriminal’s intentions as this point. While potentially having your email hacked doesn’t sound like that big of a threat, there are multiple ways in which this information could be used for harm.

The most notable risk is that the login information may be used to access other accounts; many people use the same username and password for their emails accounts as other ones, such as for online banking. So, there is far more value in this large collection than just the asking price of $1. To protect yourself, security experts advise you change your password immediately.

Bots! What Are They And How Do They Affect Me?

April 18, 2016

First of all, what in the world is a “bot?” Most people have at least heard of them before, but may not know what exactly they are. A bot is a program designed to operate on its own and carry out whatever function it was intended to. Basically, a robot doing what it’s told.

They can run offline, online, or even as a combination, running offline and collecting information then sending it via email over the Internet.

An example of a bot is a web crawler. When you type in a search into Google, it uses crawlers to search the millions of sites and content for keywords you enter, then reports back. Web crawlers can also be used for data mining.

So how do these affect you? People employ the use of both good bots and bad bots. Most that you encounter are good ones, such as the search engine crawlers, but others can collect your private information.

Good bots or data miners are helpful, making your life easier or personalizing your ad experiences.

They can track statistics for marketing, like what types of things you shop for or what videos you watch on YouTube. In turn, they use this data to put those personalized ads on your screen. Sure, they might be annoying, but their intention is good.

Another example of a good bot could be when you post something on your Facebook account. A bot goes out to the site you’re sharing from and grabs whatever information it is programmed to take, then that information is posted on your page. Although it might seem simple, it’s a time-consuming task to complete manually, which the bot takes care of for you.

Then we have the bad side of bots. As easy it is to program a bot or data miner to collect innocent information, it is just as easy for a malicious person to program a bot to gather information they should not have, like banking information.
They can be programmed to go to hundreds (if not thousands) of sites, servers, or computers where highly sensitive data is stored. They take the information and send it back to their creator.

A recent example of malicious bot would be from the Ashley Madison hack. What they did was create bots that acted as profiles to attract others and steal information from them. Of course there are a myriad of other bad bots out there.

So how do you handle bots? Typically, you would handle them just as you would other malicious content through anti-virus and strong firewalls – along with using your judgment and staying away from suspicious sites, emails, and chat messages.

Data-mining can be blocked, but contact your trusted tech support provider before downloading or installing any programs or browser extensions.

As always, if you have any questions or if you’re interested in finding out how to better block bots, feel free to give us a call at 734-457-5000, or email us at support@mytechexperts.com.

Small Businesses Experience Increase In DDOS Attacks

March 8, 2016

Some readers may already be wondering, “What exactly is DDoS and why should I worry about it?” DDoS stands for Distributed Denial of Service – and a DDoS attack is when a person (or group) acts maliciously and uses a program which has a sole purpose of flooding a server with traffic.

Why would someone do this? There are many reasons one would execute this devastating attack. For instance, you run a news website. You publish an article that this person doesn’t agree with. They, in turn, run their malicious program. It sends thousands upon thousands of page requests (unique requests to open the website), which causes more traffic than your server can handle.

Your server crashes from the load and no one is able to view your site. Of course, this could be one reason among an infinite amount. For whatever evil agenda they have, it does not fare well for those on the affected side.

In 2015 alone, there were some 50,146 attacks that were detected – averaging 137 per day and 5 per hour (Newswire, 2016).

While these attacks may not make national news or headlines, the IT world is paying close attention. With more devices and easier programs to use, almost anyone could be on the bad side of the cyber war.

One of the more recent attacks that happened was on New Year’s Eve. A group calling themselves New World Hacking took down BBC’s global site and Donald Trump’s site. Another big attack was aimed at a big part of the Internet itself. Namely, the 13 DNS servers on the backbone of the Internet.

These servers are important because they translate the words we use (such as website addresses) into the numerical equivalent that the machines understand. There were two separate attempts, one being 160 minutes long and another lasting about an hour. It caused three of the DNS servers to go offline for a couple hours or so, which is enough to cause a lot of slowness issues or DNS errors on a lot of people’s screens.

What can be done to help mitigate this issue? There are a few things. You definitely should have an IT department or IT security group who is able to handle this. Bigger corporations especially should be keeping up with threat trends and keeping their firewalls and security prevention up to date and active.

Now, say you’re a small to medium size business and you have no security on your network. It would be a good idea to have an IT service provider such as Tech Experts to help with your IT and security needs. These days, especially in recent years, it’s not a good idea to just pay your cousin under the table to install a router and call it good.

If you can’t afford to have anything happen to your data or to be down for a day or more, hire a professional. We can set you up with a network designed with your needs and security in mind.

Don’t Pay A Ransom To Get Your Data Back

January 15, 2016

Michael Menor is Vice President of Support Services for Tech Experts.

Requesting a ransom from victims is an unfortunate trend gaining momentum in the hacking world. This is typically done using ransomware (where hackers encrypt data and request money for the key) and distributed denial of service attacks (where hackers threaten to overwhelm a system with traffic, thus knocking it offline).

In both scenarios, hackers are looking for the victim to pay up…or else. Should they?

The answer should be obvious: absolutely not.

However, when a person’s valuable data becomes encrypted or they receive a legitimate threat to take down their servers, emotions often get in the way and they’ll end up “paying the piper.” Hackers know this, which is why their ransom methods employ fear tactics.

For example, ransomware like CryptoLocker will lock the user out of their computer while the screen displays a countdown to when their data will be deleted.

With DDoS attacks, a hacker may contact the victim mid-attack and promise to cease the attack for a fee. Both of these situations play straight into a person’s irrational fear, causing them to cough up cash.

Before reaching for your credit card to pay a hacker’s demands… stop, take a deep breath, and think objectively about the situation.

What guarantee do you have that these hackers will actually make good on their promise to turn over your data or cease the attack?

This guarantee is only as good as a hacker’s word, which is pretty worthless seeing as they’re, you know, criminals. Therefore, whatever you do, DON’T GIVE MONEY TO A HACKER!

By paying hackers money, you’ll only add fuel to the fire and help fund the spread of their devious acts.

Plus, there are several reported cases where a victim pays the ransom, only to still have their data deleted or the attacks on their site continue.

What’s it to them if they go ahead and follow through with the attack? They have your money, so who cares? It’s a classic case of adding insult to injury.

Need proof? There’s a recent example of this happening to ProtonMail, a Switzerland-based email encryption service.

On November 3rd, ProtonMail was threatened with a DDoS attack by the hacking group Armada Collective.

Like many companies would do, they ignored the threat, deeming it to not be credible. Soon afterward, their servers became overloaded to the point where they had to cease operations. After paying the ransom, the hackers continued the attack.

Now, consider your own situation. How much would it cost your company if you lost revenue for a full day of work, and you still had to make payroll?

For a medium-to-large sized company, losing a full day’s work would likely come to much more than a few thousand dollars. In fact, hackers understand how downtime can be so costly, which is why they feel justified asking for such an exorbitant fee.

What are you supposed to do if you were asked to pay a ransom by a hacker? The first thing you’ll want to do is contact the IT professionals at Tech Experts. We’re able to take an assessment of the attack to determine how bad it is and restore your data to a backed up version that’s not infected with malware.

When facing a hack attack, we can present you with all the options you can take – none of which will include paying a hacker money.

« Previous Page