TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

online security

Malware And Ransomware: What You Need To Know

Bad software comes in many forms, but two of the most serious threats businesses face today are malware and ransomware. These types of malicious programs can damage your computers, steal sensitive data, and cause serious downtime. Understanding the difference between malware and ransomware — and how they operate — is essential to protecting your business.

Malware is the general term used to describe any “malicious software” designed to cause harm. It includes a wide variety of programs that can corrupt your files, steal your personal information, or even use your computer to attack other systems.

Some common types of malware include viruses, which spread from one computer to another; worms, which can replicate themselves without any action from you; trojans, which disguise themselves as legitimate programs to trick you; and spyware, which secretly monitors your activity.

The damage malware causes can vary widely. It may slow down your system, delete important files, steal your private information, or give control of your computer to cybercriminals. Some malware quietly operates behind the scenes without you ever knowing, while others cause immediate and noticeable problems.

Ransomware, on the other hand, is a specific type of malware that takes your data hostage. It works by locking your files — or sometimes your entire computer — and demanding payment to unlock them.

Think of it as a digital form of kidnapping. Ransomware usually finds its way into your system through infected emails, suspicious downloads, or compromised websites. Once inside, it encrypts your files and displays a message demanding payment for the decryption key.

Sometimes, even paying the ransom doesn’t guarantee that you’ll get your files back, as some attackers simply take the money and disappear.

There are two main types of ransomware. Locker ransomware locks you out of your entire computer, making it unusable. Crypto ransomware specifically targets your files, encrypting them while leaving the system itself accessible. Both types are disruptive and can severely impact business operations.

While malware and ransomware share some similarities, their goals and behaviors differ. Malware is often designed to operate silently, focusing on stealing data or causing long-term harm without immediate detection.

Ransomware, however, is loud and upfront. It wants you to know it’s there because the demand for payment is the whole point.

Unfortunately, malware and ransomware have many ways of sneaking into your business. They often arrive through infected email attachments, fake websites, compromised USB drives, or outdated software with security holes.

Staying protected means keeping your systems updated, using strong passwords, being cautious with links and attachments, and regularly backing up your data.

Knowing the difference between malware and ransomware isn’t just technical trivia — it can make a big difference. The better you understand these threats, the more prepared you’ll be to prevent them.

And if you ever do fall victim to an attack, identifying what you’re up against will help you respond more effectively and minimize the damage.

If you’re unsure whether your business is fully protected or need help strengthening your defenses, get in touch.

We’re here to help you stay secure.

Six Simple Steps to Enhance Your Email Security

Email is a fundamental communication tool for businesses and individuals alike. But it’s also a prime target for cybercriminals. Cyberattacks are increasing in sophistication. This means enhancing your email security has never been more critical.

By taking proactive measures, you can protect your sensitive information as well as prevent unauthorized access and maintain communication integrity. Here are six simple steps to enhance your email security.

Use strong, unique passwords

Passwords are the first line of defense for your email accounts. A weak password is like an open invitation for cybercriminals. To enhance your email security, use strong, unique passwords. Ones that are difficult to guess.

Consider using a password manager. Remembering several complex passwords can be challenging. A password manager can help you generate and store unique passwords for all accounts. With a password manager, you only need to remember one master password. This simplifies the process while enhancing security.

Enable two-factor authentication (2FA)

Two-factor authentication (2FA) adds an extra layer of security to your email accounts. Even if someone gets hold of your password, they won’t be able to access your account. They would need the second factor of authentication to do that.

Enable 2FA for all your email accounts. Most email providers offer this feature and setting it up usually takes just a few minutes. This simple step significantly improves your email security.

Be cautious with email attachments and links

Email attachments and links are common vectors for malware and phishing attacks. Clicking on a malicious link or attachment can give attackers access to your system. Exercise caution to protect your email security.

Before opening an attachment or clicking on a link, verify the sender’s identity. If you receive an unexpected email from someone you know, contact them. But do it through a different channel to confirm they sent it. For emails from unknown senders, exercise extra caution.

Keep your email software updated

Software updates often include security patches that address vulnerabilities in your email client. Keep your email software updated. This ensures you have the latest protections against known threats.

Most email clients and operating systems offer automatic updates. Enable this feature. It ensures your software stays up to date without requiring manual intervention. Automatic updates reduce the risk of missing critical security patches.

Use encryption for sensitive emails

Encryption adds a layer of protection to your emails. It encodes the content, making it readable only by the intended recipient. This ensures that even intercepted email information remains secure.

If you’re sending encrypted emails, make sure the recipients know how to decrypt them. Provide clear instructions about how to access the encrypted content securely.

Watch your email activity

Regularly monitoring your email activity can help you detect suspicious behavior early. By keeping an eye on your account, you can take swift action if something seems off.

Many email providers offer activity alerts. They notify you of unusual login attempts or changes to your account settings. Enable these alerts to stay informed about your account’s security status.

Review your email account activity on a regular basis. This includes login history and devices connected to your account.

Beware of Deepfakes! Learn How to Spot the Different Types

Have you ever seen a video of your favorite celebrity saying something outrageous? Then later, you find out it was completely fabricated? Or perhaps you’ve received an urgent email seemingly from your boss. But something felt off.

Welcome to the world of deepfakes. This is a rapidly evolving technology that uses artificial intelligence (AI). It does this to create synthetic media, often in the form of videos or audio recordings. They can appear real but are actually manipulated.

Deepfakes have already made it into political campaigns. In 2024, a fake robocall mimicked the voice of a candidate. Scammers wanted to fool people into believing they said something they never said.

Bad actors can use deepfakes to spread misinformation and damage reputations. They are also used in phishing attacks. Knowing how to identify different types of deepfakes is crucial in today’s world.

So, what are the different types of deepfakes, and how can you spot them?

Face swapping deepfakes

This is the most common type. Here the face of one person is seamlessly superimposed onto another’s body in a video. These can be quite convincing, especially with high-quality footage and sophisticated AI algorithms. Here’s how to spot them:

  • Look for inconsistencies: Pay close attention to lighting, skin tones, and facial expressions. Do they appear natural and consistent throughout the video? Look for subtle glitches such as hair not moving realistically or slight misalignments around the face and neck.
  • Check the source: Where did you encounter the video? Was it on a reputable news site or a random social media page? Be cautious of unverified sources and unknown channels.
  • Listen closely: Does the voice sound natural? Does it match the person’s typical speech patterns? Incongruences in voice tone, pitch, or accent can be giveaways.

Deepfake audio

This type involves generating synthetic voice recordings. They mimic a specific person’s speech patterns and intonations. Scammers can use these to create fake audio messages and make it seem like someone said something they didn’t. Here’s how to spot them:

  • Focus on the audio quality: Deepfake audio can sound slightly robotic or unnatural. This is especially true when compared to genuine recordings of the same person. Pay attention to unusual pauses as well as inconsistent pronunciation or a strange emphasis.
  • Compare the content: Does the content of the audio message align with what the person would say? Or within the context in which it’s presented? Consider if the content seems out of character or contradicts known facts.
  • Seek verification: Is there any independent evidence to support the claims made? If not, approach it with healthy skepticism.

Text based deepfakes

This is an emerging type of deepfake. It uses AI to generate written content like social media posts, articles, or emails. They mimic the writing style of a specific person or publication. Scammers can use these to spread misinformation or impersonate someone online. Here’s how to spot them:

  • Read critically: Pay attention to the writing style, vocabulary, and tone. Does it match the way the person or publication typically writes? Look for unusual phrasing, grammatical errors, or inconsistencies in tone.
  • Check factual accuracy: Verify the information presented in the text against reliable sources. Don’t rely solely on the content itself for confirmation.
  • Be wary of emotional triggers: Be cautious of content that evokes strong emotions. Such as fear, anger, or outrage. Scammers may be using these to manipulate your judgment.

Staying vigilant and applying critical thinking are crucial in the age of deepfakes.

Familiarize yourself with the different types. Learn to recognize potential red flags. Verify information through reliable sources. These actions will help you become more informed and secure and protect you from these threats.

Be Careful When Scanning QR Codes

QR codes are everywhere these days. You can find them on restaurant menus, flyers, and posters. They’re used both offline and online. QR codes are convenient and easy to use. You just scan them with your smartphone camera. You’re then directed to a link, a coupon, a video, or some other online content.

With the rise in popularity of QR codes comes an unfortunate dark side. Cybercriminals are exploiting this technology for nefarious purposes. Scammers create fake QR codes. They can steal your personal information. They can also infect your device with malware or trick you into paying money.

It’s crucial to exercise caution when scanning QR codes. This emerging scam highlights the potential dangers lurking behind those seemingly innocent squares.

The QR code resurgence

QR codes were originally designed for tracking parts in the automotive industry. They have experienced a renaissance in recent years as a result, and they’re used as a form of marketing today.

They offer the convenience of instant access to information. You simply scan a code. Unfortunately, cybercriminals are quick to adapt. A new phishing scam has emerged, exploiting the trust we place in QR codes.

How the scam works

The scammer prints out a fake QR code. They place it over a legitimate one. For example, they might stick it on a poster that advertises a product discount or a movie.

You come along and scan the fake QR code, thinking it’s legitimate. The fake code may direct you to a phishing website. These sites may ask you to enter sensitive data such as your credit card details, login credentials, or other personal information.

Or scanning the QR code may prompt you to download a malicious app. One that contains malware that can do one or more of the following:

  • Spy on your activity
  • Access your copy/paste history
  • Access your contacts
  • Lock your device until you pay a ransom

The code could also direct you to a payment page. A page that charges you a fee for something supposedly free.

Tactics to watch out for

Malicious codes concealed: Cybercriminals tamper with legitimate QR codes. They often add a fake QR code sticker over a real one. They embed malicious content or redirect users to fraudulent websites.

Fake promotions and contests: Scammers often use QR codes to lure users into fake promotions or contests. When users scan the code, it may direct them to a counterfeit website.

Malware distribution: Some malicious QR codes start downloads of malware onto the user’s device.

Tips for safe QR code scanning

Verify the source: Verify the legitimacy of the code and its source.

Use a QR code scanner app: Use a dedicated QR code scanner app rather than the default camera app on your device.

Inspect the URL before clicking: Before visiting a website prompted by a QR code, review the URL.

Avoid scanning suspicious codes: Trust your instincts. If a QR code looks suspicious, refrain from scanning it.

Update your device and apps: Keep your device’s operating system and QR code scanning apps up to date.

Be wary of websites accessed via QR code

Don’t enter any personal information on a website that you accessed through a QR code. This includes things like your address, credit card details, login information, etc. Don’t pay any money or make any donations through a QR code.

Insights from the 2023 Annual Cybersecurity Attitudes and Behaviors Report

We are living in an era dominated by digital connectivity. As technology advances, so do the threats that lurk in the online world.

Often, it’s our own actions that leave us most at risk of a cyberattack or online scam. Risky behaviors include weak passwords and lax security policies, as well as thinking “This won’t happen to me.” This is why human error is the cause of approximately 88% of data breaches.

The National Cybersecurity Alliance and CybSafe publish a report on cybersecurity attitudes and behaviors. The goal is to educate both people and businesses on how to better secure their digital landscapes.

This year’s study surveyed over 6,000 people across the U.S., Canada, the U.K., Germany, France, and New Zealand. The survey asked about several things including knowledge of cybersecurity risks, security best practices, and challenges faced.

The report reveals some eye-opening insights, including how people perceive and respond to cyber threats as well as what they can do to improve their cybersecurity posture.

We are online… a lot

It’s no surprise that 93% of the study participants are online daily. The logins we create continue to expand, as well as those considered “sensitive.” Sensitive accounts hold personal information that could be harmful if stolen.

Nearly half (47%) of the study’s respondents have ten or more sensitive online accounts. This amplifies risk, especially if people are using the same password for two or more of those accounts.

Online security makes people frustrated

Most people (84%) feel that online security is a priority. But as many as 39% feel frustrated, and nearly the same amount intimidated. It can seem that you just can’t get ahead of the hackers. Just over half of people thought digital security was under their control. That leaves a whole lot that don’t think so.

But that is no reason to let down your defenses and become an easy target. There are best practices you can put in place to safeguard your online accounts that work, including:

  • Enabling multi-factor authentication on your accounts
  • Using an email spam filter to catch phishing emails
  • Adding a DNS filter to block malicious websites
  • Using strong password best practices

People need more access to cybersecurity training

One way to reduce human errors associated with cybersecurity is to train people. The survey found that just 26% of respondents had access to cybersecurity training.

It also broke this down by employment status. We see that those not actively employed are most lacking. Even those employed can use more training access and encouragement. Just 53% report having access to cybersecurity awareness training and using it.

Employers can significantly reduce their risk of falling victim to a data breach by improving their security awareness training.

Cybercrime reporting is increasing

Over a quarter (27%) of survey participants said they had been a victim of cybercrime. The types of cybercrimes reported include:

  • Phishing (47%)
  • Online dating scams (27%)
  • Identity theft (26%)

Millennials reported the most cybercrime incidents. Baby Boomers and the Silent Generation reported the fewest.

No matter where you fall in the generations, it’s important to adopt security best practices and be vigilant about your online security.

Hackers Don’t Take Holidays – Ransomware Is On The Rise

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Studies have shown up to a 70% increase in attempted ransomware attacks during the holiday season.

Although we may be planning for a restful holiday ahead, full of delicious food and time with loved ones, hackers are not. Their ongoing exploitation of vulnerabilities and ever-changing tactics requires you and your team to be as vigilant as ever.

Phishing attacks have reached record highs this year. Worryingly, in the third quarter of this year alone, phishing attacks skyrocketed by a staggering 173%, compared to the previous three months.

And malware? It’s not far behind, with a 110% increase over the same period.

Let’s put this into perspective. Imagine you’re on a quiet beach, enjoying the sun and the surf. Suddenly, the tide starts to rise rapidly. Before you know it, your picnic basket is floating away, and you’re knee-deep in water. That’s what’s happening in the cyber world right now.

According to a report, the ‘phisherfolk’ group were most active in August, casting out more than 207.3 million phishing emails. That’s nearly double the amount in July. September wasn’t much better, with 172.6 million phishing emails.

But who are these cyber criminals targeting? Old favorites Facebook and Microsoft continue to top the charts, with Facebook accounting for more phishing URLs than the next seven most spoofed brands combined. Block Facebook on your network.

So, what’s the bottom line here? The attacks are coming from everywhere, and your business could be next.

Phishing attacks are like a rising tide, and if you’re not careful, they can quickly sink your business. They target everyone – from tech giants to financial institutions, and even government agencies. The question is – are you prepared?

Take a moment to consider the authenticity of emails. Are they from a trusted source? Do they contain suspicious links? Are they asking for sensitive information?

Make sure your employees are aware of the risks. Encourage them to think twice before clicking on a link or downloading an attachment. After all, a moment’s hesitation could save your business from a devastating cyber attack. [Read more…] about Hackers Don’t Take Holidays – Ransomware Is On The Rise

Should Your Business Follow Google’s Security Lead?

Google has introduced a new security strategy – but is it right for your business?

It has put some employees on a cyber diet, restricting their internet access to limit potential threats.

On the surface, it sounds like a smart move. Google’s approach is like building a taller fence around your house to keep out burglars.

By reducing internet connectivity, they’re effectively shrinking their digital footprint and making it harder for cyber criminals to find a way in.

But is it foolproof?

Well, not exactly.

While this strategy does limit external threats, it doesn’t entirely eliminate the risk.

Think of it this way: you’ve built a towering wall around your house, but your teenager leaves the back gate open. Similarly, internal systems might remain connected to other devices that can access the internet, providing a potential entry point for cyber threats.

In other words, you can’t just focus on keeping things out.

Yes, there are very real threats from external hackers using all sorts of techniques like phishing, zero-day attacks, and malware. But the security industry often overlooks significant threats from within the perimeter.

Research shows that insider threats account for 62% of all security breaches. These insiders – disgruntled employees, careless staff, or malicious actors – often have legitimate access rights, intimate knowledge of the system, and can bypass traditional security checks. It’s like having a burglar who knows where you hide your spare key.

So, what’s the takeaway?

While Google’s strategy has its merits, it’s not a one-size-fits-all solution. Just as you wouldn’t wear shoes that are too big, your business needs a cyber security strategy tailored to fit its unique requirements. A robust cyber security strategy should focus on both external and internal threats and have measures in place to mitigate risks from all angles.

Our advice? Instead of simply following in Google’s footsteps, consider your own business’s needs and vulnerabilities. And of course, if you need help with that, get in touch.

Cyber Security Threats Your Team Must Know About

Your employees are your first line of defense in cyber security, and their training is as crucial as the cutting-edge tools you’ve invested in. Are you overlooking this vital element?

We strongly advise you make an ongoing commitment to regular cyber security training for every single one of your team. That means keeping them up to date on the latest cyber threats, the warning signs to look out for, and of course, what to do should a situation arise.

If you’re not already doing that, arrange something now (we can help).

While you wait, here are some urgent cyber threats to address right away:

Admin attack

Email addresses like “info@” or “admin@” are often less protected due to perceived low risk. But several teams may require access to these accounts, making them an easy target. Multi-factor Authentication (MFA) can double your security. Even if it seems tedious, don’t neglect it.

MFA fatigue attacks

MFA can feel intrusive, leading employees to approve requests without scrutiny. Cyber criminals exploit this complacency with a flood of fake notifications. Encourage your team to meticulously verify all MFA requests.

Phishing bait

Phishing remains a top threat. Cyber criminals mimic trusted sources with deceptive emails. Teach your team to inspect email addresses closely. Implementing a sender policy framework can also enhance your protection.

Phishing scams are attempts to trick you into revealing your personal information, such as passwords, credit card numbers, or Social Security numbers.

Scammers often send emails or text messages that appear to be from legitimate companies, such as banks, credit card companies, or government agencies. They may also create fake websites that look like real websites.

The three most common phishing scams are:

  • Fake shopping websites, which sell counterfeit products – or even sell nothing at all. They collect your credit card information to sell to other hackers.
  • Romance scams to trick people into falling in love, so they’ll be more willing to send money.
  • Social media scams that either impersonate real people, or invent new personas entirely.

Other common internet scams include:

  • Investment scams (yes, people still fall for these every day) that promise victims high returns on their investments, but the investments are actually fake.
  • Tech support scams which claim to be a tech support company, but then charge for unnecessary services or steal personal information.
  • Lottery and sweepstakes scams tell people that they have won a lottery or sweepstakes, but they need to pay a fee to claim their prize.
  • Charity scams impersonate legitimate charities and ask for donations.

Cyber security training doesn’t have to be tedious. Try simulated attacks and think of them like an escape room challenge—fun yet enlightening. It’s about identifying vulnerabilities, not fault-finding.

Don’t exclude your leadership team. They need to understand the response plan in case of a breach, much like a fire drill.

If you receive an email, text, or call from someone who is asking for your personal information or money, be suspicious! Don’t click on anything until you verify the sender is who they say they are!

Do You Still Believe In These Common Tech Myths?

Is it okay to leave your smartphone charging overnight? Do Macs get viruses? And what about those 5G towers? What’s going on with those?

Common tech myths can often lead to misunderstandings. They can even hinder your ability to fully use various tools and devices.

Let’s debunk some of the most common tech myths that continue to circulate and explore the truth behind them.

Myth 1: Leaving your device plugged in overnight damages the battery

First is one of the most persistent tech myths. Leaving your device plugged in overnight will harm the battery life. But this myth is largely outdated.

Modern smartphones, laptops, and other devices have advanced battery management systems.

These systems prevent overcharging. Once your device reaches its maximum charge capacity, it automatically stops charging. So, feel free to charge your gadgets overnight without worrying about battery damage.

Myth 2: Incognito mode ensures complete anonymity

While incognito mode does provide some privacy benefits, they’re limited.

For example, it mainly prevents your device from saving the following items:
• Browsing history
• Cookies
• Temporary files

However, it does not hide your activities from your internet service provider (ISP). Nor from the websites you visit.

Myth 3: Macs are immune to viruses

Another prevalent myth is that Mac computers are impervious to viruses and malware. It is true that Macs have historically been less prone to such threats compared to Windows PCs. This does not make them immune.

It’s true that in 2022, 54% of all malware infections happened in Windows systems and just 6.2% happened in macOS. But as of January 2023, Windows had about 74% of the desktop OS share to Mac’s 15%. So, it turns out the systems aren’t that different when it comes to virus and malware risk.

The data shows the infection rate per user on Macs is 0.075. This is slightly higher than Windows, at 0.074. So, both systems have a pretty even risk of infection.

Myth 4: More megapixels mean better image quality

When it comes to smartphone cameras, savvy marketing sometimes leads to myths. Many people believe that more megapixels equal better image quality. This is a common misconception.

Other factors, in addition to megapixels, play a significant role, such as:
• The size of individual pixels
• Lens quality
• Image processing algorithms
• Low-light performance

A camera with a higher megapixel count may produce larger images. But it does not guarantee superior clarity, color accuracy, or dynamic range. When choosing a smart-phone or any camera, consider the complete camera system.

Fake Software Ads Used To Distribute Malware

Google is most people’s first port of call for help or information online – something cyber criminals are using to their advantage.

Specifically, they are targeting Google ads, impersonating campaigns for popular software such as Grammarly, Slack, Ring, and many others. This is nothing to do with those companies, but to the untrained eye they look like the real deal… which is how they’re tricking people into clicking the ads.

If you’re not using an ad blocker, you’ll see promoted pages at the top of your Google search results. These look almost identical to the non-promoted, down page organic search results, so you or your people could easily be tempted to click.

It’s a complicated scam. Criminals clone the official software websites, but instead of distributing the genuine product, when you click download they install ‘trojanized’ versions. That’s geek speak for malware that disguises itself as real software.

Google is working to protect us by blocking campaigns it’s able to identify as malicious. But criminals have tricky ways around that too.

Ads first take you to a benign-looking website – which the crooks have created. This then redirects you to a malicious site that convincingly impersonates a genuine page. That’s where the malware lurks waiting for a click, beyond Google’s reach.

Worse, in many cases, you’ll still get the software you’re trying to download, along with a hidden payload of malware. That makes it harder to tell that your device or network has been infected and may give the malware longer to do its job.

To stay protected, train your team about the dangers and make sure everyone is on the lookout for anything that doesn’t seem quite right.

Encourage people to scroll down the Google results until they find the official domain of the company they’re looking for, and make it a policy that people seek permission before downloading any software – no matter how innocent it may seem.

You could also consider using an ad blocker in your browser. That will filter out any promoted results from your Google search for some extra peace of mind.

For help and advice with training, software policies and network security give us a call.