TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Phishing

Gone Phishing! How To Spot A Phishing Scam

If you are a user that has been around for a while, there is a pretty good chance you’ve been targeted with a phishing scam. You may have a long lost relative in another country who left you millions – and all the executor of the estate needs is your banking information to send you your inheritance! Or a prince of a small country is trying to move some of his fortune and escape to America – and if you can help, you will be rewarded!

These are some oldies-but-goodies, however phishing scams have and will continue to get better and smarter.

There was a time when phishing scams almost always came filled with poor grammar, spelling errors, and writing that just seemed a little off. While these still exist, things have become harder to detect.

These scammers are always looking for your personal information. There are a few ways they can do this, but most of them begin with email spoofing, where a sender will mask their actual email address with a familiar one.

If it isn’t a spoofed email, it may come from an address that is very close to that of a known and trusted sender. This could have an extra letter or even just a period to try to trick you into completing whatever task they are using in an attempt to get your information. This could be something as simple as a link to “family photo” or video and it could very well open your system to different vulnerabilities.

Something like a keylogger, a program that tracks your keystrokes, can be almost undetected while also gathering your online banking or credit card information.

Lately, phishers and scammers have pulled out all the stops. There have been cases where phishers will not only spoof an email, but also documents. These can look pretty real, so take a close look.

A new long-shot, big-payoff scam is to spoof an email address of a financial institution to try to intercept money from home purchases. This is done with forged documents and a fake email. While it’s a long shot for something that big to happen, do big business in-person or through trusted secure communications.

What to watch for:

When you have email communication from a known sender that doesn’t quite add up (or doesn’t sound like them), don’t assume they’re just having an off day. One example: if you know your family member shares all of their photos on Facebook, would they really email you a link with little to no writing in the email?

Any “company” asking for any personal information or passwords through email should also raise red flags. While this might seem obvious if the email address doesn’t match, a spoofed email address can make this trick easier to fall victim to.

Also, be wary of anyone asking for your bank account number via email. Even if it is legitimate, there are other ways to send this information. Protect yourself by choosing a more secure method of communication.

What to do:

If something seems off, research it. If you get a weird email requesting something or asking you to click on a link, don’t assume it’s safe. If it’s from someone you know, ask them if they did send it.

If you are the one “sending,” check your Outbox or Sent folder. This is a good indication if the email came from you or someone you know.

Do You Have A Blind Spot In Your Security?

Security is only as good as its weakest link — one blind spot and a company can be compromised. It is important that each aspect of a company’s security is understood and up to date.

With the following best security practices, it can be better understood what to be aware of and how to better advance a company’s security.

From remote hackers, to in-person social engineering, and even your own e-mail, there are different methods of attacks and means of defense to maintain a company’s integrity.

Physical Security
The basic defense that predates IT security is physical security. Locked doors, restricted access, and watch patrol are some of the oldest methods to prevent aggressive physical security breaches.

Technology has only made physical security even better with security cameras, alarm systems, RFID badges, and biometric systems that identify a person from their physical being. Having the appropriate physical security is key to preventing and deterring break-ins and stolen items.

Social Engineering
With the right words and story, some people gain access to compromising areas and information that can give a company a real bad time.

Without a physical break-in or even a computer, social engineering works against human psychology, finding the vulnerabilities of staff and workers to trick and deceive their way past security. The best way to defend from this is to have a strong and easily understood security policy that educates staff and workers not give out credentials and access to unauthorized personnel.

Phishing
Billions of emails are sent out every day — promising a vacation, warning people about their bank accounts, or asking for charity — that are entirely design to steal or compromise a person or company. Phishing targets everybody, asking for credit card numbers, asking a person to sign in to their account on a fake site, or taking something in other ways.

Do not open emails or download email attachments with suspicious or unknown origins. If an email looks odd or is too good to be true, call or check a website directly to confirm if an email is legitimate.

Clicking or falling for phishing could end with a stolen identity, stolen money, or a locked PC or network demanding ransom money. Be smart and wise about checking emails.

Hackers
There are people that spend most of their day trying to break security codes, finding software loop holes, and other abstract means to force their way through digital security to gain illegal access to computers.

There are just as many (if not more) people working together to prevent such people from ever gaining access with new security measures and patches. To protect a PC or a company from hackers, always update your security definitions on Windows and antivirus software. Knowing what software to trust and what updates are needed are important ensuring digital security. We at Tech Experts make it our business to keep digital security online and updated at all times, so that no one has to fall victim to the unseen security threat.

Being aware of these different security risk and knowing how to defend from them can give a strong basis in understanding and learning in what needs to be done to keep a company or person secure.

Security is always evolving and changing, but having a modern understanding with security in place can make the difference between a secure environment and a risky work place that could come to a grinding halt when security is breached. Be safe, be smart, and be productive with good security.

Beware: Online Banking Phishing Schemes Are On the Rise

Banking online is a convenient and time saving way of managing and keeping track of your company’s finances.

Weak security practices, though, can make it more possible for cyber-thieves and hackers to steal your hard-earned money. It is important to make sure that all possible steps are taken to safeguard your company’s finances.

Online banking is a tool that many businesses utilize because of the ease, efficiency, and convenience it offers.

It’s a great way to manage finances in your day-to-day operations. Unforunately, as more businesses turn to online banking, cyberthieves and hackers who target small companies are becoming more adept at stealing from companies online.

Security experts are urging companies to beef up their security systems to keep them safe from cyber and identity theft.

The more companies rely on the Internet, especially when it comes to managing finances through online banking, the more prudent it is to take steps to prevent that hardearned money from being stolen or diverted to someone else’s account.

One tip experts give is to establish proper protocols for transacting with the bank, such as requiring two people to verify a transaction before it is approved.

This helps create a checks-and-balance system that hackers can’t bypass.

Having a dedicated workstation used for only online financial transactions is also recommended, as this lessens the likelihood of it being infiltrated by Trojans, viruses, spyware, and other malware that may come from the machine being used for other purposes.

Having the right anti-virus and antimalware software – and keeping it updated – also goes a long way in keeping your online banking transactions safe from unfriendly eyes.

Your finances are the lifeblood of your business. If you’re interested in how you can make your online banking experience more safe and secure, we’d be happy to sit down with you to discuss security solutions that are tailor-fit to your specific requirements and needs.

Give us a call at the office, (734) 457-5001.

Phishing Schemes Are On The Rise

A phishing e-mail is an e-mail sent by a hacker designed to fool the recipient into downloading a virus, giving up their credit card number, personal information (like a social security number), or account or login information to a particular website.

Often these e-mails are well designed to look exactly like an official notification from the site they are trying to emulate.

For example, a recent phishing e-mail was circulated that appeared to come from Facebook stating that videos or photos of Osama Bin Laden’s death were posted online. These e-mails looked exactly like a legitimate Facebook e-mail and even appeared to come from “Facebookmail.com.”

Once you clicked on the e-mail the phishing site would attempt to install a virus on your machine.

And now due to recent security breaches with Sony and e-mail marketer Epsilion, phishing attacks are going to increase – and they are going to get more sophisticated and harder to distinguish from legitimate e-mails.

That’s because the hackers that were able to access the private databases of the above mentioned companies now have the name, e-mail and interests of the subscribers, and in some cases birthdays, addresses and more. That means a phishing e-mail can be personalized with relevant information that the user provided to Sony, making the e-mail appear to be more legitimate and the user more likely to click on the links provided and take the actions requested. Now more than ever it’s critical that you are wary of e-mail notifications and the actions they request you take. Even having good anti-virus software installed won’t protect you if you give your account information away freely.

 

 

Almost Every Small Business Can Expect To Get Hacked

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Juniper Networks recently commissioned a study on small and medium company network security.

The startling result: Over 90% of US companies reported at least one security breach in the last year, with more than half indicating they experienced two or more significant security problems with their networks.

There’s a misconception among a lot of small business owners that they’re safe from cyber attacks, because small companies offer a smaller payback for hacking efforts.

Small business network security is usually lax

The reality is, security policies and procedures at small companies usually make them an easy and simple target for hackers.

While the payout isn’t as large as hacking TJ Maxx, invading a small business’ network usually takes a lot less effort, and the business lacks a sophisticated response system.

Why is hacking so easy?

A new technique, called spear phishing, let’s hackers target a small group of previously identified people. Sometimes, the attack goes after just a handful of people who work at the same company.

Spear phishing does away with the need for hackers to gain access to your passwords. As more companies start to use social media sites such as FaceBook and Twitter, hackers using spear phishing are finding it easier to “trick” unsuspecting employees into installing crimeware on their company computers. This crimeware let’s the criminals access the computer system directly. Once they have access to one machine on your network, it’s easy to connect to the others.

Recent attacks have highlighted the growing need for companies to implement network security controls to catch the bulk of socially engineered spear phishing attacks.

They also need to take measures to quickly detect and contain security breaches.

The first thing you’ll want to do to protect your business is implement a strong firewall (see Frank’s article on page two) that lets you assign security restrictions for users based on the content of websites, and even keywords that might be potentially dangerous.

The next thing to look at is your company’s acceptable use policy. This can be as simple as a few pages added to your employee handbook that outlines what is and isn’t acceptable behavior on your network.

The final thing to examine is your backup and disaster recovery plan. The hacker’s aren’t giving up, which means it’s time to plan for what comes after a security breach.

Avoiding Common Email Security Threats

Most companies today rely heavily on the use of email. Emailing is a very fast and cost effective form of communication for many different types of businesses.

Most companies use it as their main source of communication between employees. In fact, most employers do not realize the risk of using email.

Some risks range from viruses, hackers, to someone else just trying to gain a little information.

Here’s an overview of the most common email security threats in today’s Internet world.

Viruses
Viruses cause billions of dollars in damage to businesses every year.

Many corporate email systems are still quite vulnerable to viruses. In fact, in last year alone, an estimated 63 distinct email virus attacks hit the United States. These attacks come quickly and can spread quickly.

They mainly cause slowdowns across the internet. However some have been known to take down major corporation’s entire email systems.

Today’s viruses are very complex and often appear to be harmless such as personal notes, jokes, or promotions. While most viruses require recipients to download attachments in order to initiate infection and spread, some are designed to launch automatically with absolutely no user action required.

Spam
Studies have shown that 20 percent of corporate email is spam. A company that has a thousand employees could receive over two billion spam emails in a full year.

Most do not realize it until a lack of productivity ends up costing the companies billions of dollars each year.

While most spam is just annoying, some of it can be very dangerous. Most trick employees into opening malicious emails to spread faster. Also, many hackers have begun disguising viruses as spam.

Phishing
Phishing is used to trick a person into thinking the email is legit and came from a real website, usually asking the person to verify their password or to change some sort of account information.

Then, taking them to a fake website and stealing what you have typed in. This is the number one way people get their identity and personal information stolen.

Spyware
The main purpose of spyware is to install itself on the victim’s computer. It monitors all key strokes and mouse clicks so that they can later go back and collect usernames, passwords, credit card numbers and bank account numbers.

These infections can stay installed on computers for many months without an antivirus picking them up.  Most are detected and removed instantly if the user keeps their antivirus up to date.

Having a great antivirus that scans files as well as emails can help prevent virus attacks, phishing and spyware.

Users should also have an up to date spam filter that prevents the infection from getting to your inbox to begin with. And most importantly never open an email attachment you didn’t specifically request.

Also, pay attention to links inside emails that appear legitimate. Many times, phishers will send you an email that looks like it came from an official source. After clicking the links, you’re redirected to a site on the hacker’s network. This is often used to collect personal information and passwords.

New Phishing Schemes You Should Know About

I know growing up as a child, I loved to go fishing. I never caught very many fish, but just being out on the water “drowning worms” was good enough for me. As the years have passed, though, a new kind of “phishing” has emerged.

The term phishing refers to luring techniques used by identity thieves to fish for personal information in a lake of unsuspecting Internet users.

Their purpose is to take this information and use it for criminal objectives such as identity theft and fraud.

Phishing is a general term for the creation and use by criminals of emails and websites – designed to look like they come from well-known, legitimate and trusted businesses, financial institutions and government agencies – in an attempt to gather personal, financial and sensitive information.

These criminals deceive Internet users into disclosing their bank and financial account information or other personal data such as usernames and passwords.

Today a new form of phishing appears to be spreading through social websites such as Facebook. This new scam works like this.

As soon as you login to the site, it will steal your email and password and then log you into Facebook. Within a short period of time the system will automatically switch your password and block you from the site. It then begins to send the same URL to all of your Facebook friend’s inboxes.

As this spreads, the criminals gather thousands of email addresses and passwords before Facebook can stop all references to the website.

The scammers have developed a method to duplicate the scam immediately and the next thing you know they have four or five phishing scams going on at the same time all over Facebook. This allows them to gather hundreds of thousands of victims very quickly.

It is not known yet what these people intend to do with all these addresses, but you can almost guarantee that they will result in a malicious worm at some point. The potential to access a user’s financial information and accounts could result in the loss of millions of dollars.

Another form of phishing is called “in session” phishing. This form does not use email nor does it rely on the user having to be tricked into clicking on a link.

It works like this. Let’s say you go to your banking website that is secure. You login and take care of your business, then leaving that browser window open you innocently go to another website that has been compromised. All of a sudden a pop-up asks you to validate your login to continue your banking session.

Remember two things must happen in order for this scam to work. First, a website must be compromised and infected—the higher traffic the better, obviously.

Second, the downloaded malware must be able to identify whether or not the unknowing user is logged into a relevant website.

Most banking institutions have taken steps to prevent this. One step is having a rapid disconnect of an idle session.

But in order to be safe we would recommend closing all browser windows after you have visited a secure banking website.

In addition it is very important to keep your system free of all spyware, malware and viruses.

Tech Experts has certified technicians that clean these types of infections and malware from computers every day. We urge you to take advantage of our system checkup and cleaning service to keep your identity to yourself.

How To Keep Hackers At Bay

No one wants to have their network “hacked,” but what exactly can a hacker do?

Plenty, and you are right to be afraid!

One common way for hackers to access your network is through spyware or viruses, which are malicious programs written to imbed themselves into your network to gather private information, steal financial data, access passwords, e-mail addresses, and spread themselves to other users. But one of the most common ways for hackers to access your system is through e-mail, or spam e-mail to be more specific.

Phishing is when a hacker sends you a legitimate looking e-mail from a trusted source — like PayPal, your bank, eBay, or any number of other legitimate business web sites. These e-mails will tell you that your account is expired or will be closed if you don’t go to a designated web site and update or verify your account information.

Although you may have seen these e-mails before, be very careful! Hackers are brilliant at making not only the e-mail seem legitimate, but also at making the web site you go to look like the real thing.

If you fall prey to their scam, the site will gather your private information and then use that to access your bank account or to charge your credit card. To protect yourself, install a spam filter and NEVER open or respond to any e-mail requesting account verification. Instead, call the company. If it is a legitimate request, you can verify that with them over the phone.

How To Keep Hackers Away From Your Data

No one wants to have their network “hacked,” but what exactly can a hacker do? Plenty, and you are right to be afraid!

One common way for hackers to access your network is through spyware or viruses, which are malicious programs written to imbed themselves into your network to gather private information, steal financial data, access passwords, e-mail addresses, and spread themselves to other users.

But one of the most common ways for hackers to access your system is through e-mail, or spam e-mail to be more specific. Even if you have the latest anti-virus software installed, hackers are very clever at getting you to circumvent your anti-virus software through phishing e-mails.

Phishing is when a hacker sends you a legitimate looking e-mail from a trusted source — like PayPal, your bank, eBay, or any number of other legitimate business websites. These e-mails will tell you that your account is expired or will be closed if you don’t go to a designated website and update or verify your account information.

Although you may have seen these e-mails before, be very careful! Hackers are brilliant at making not only the e-mail seem legitimate, but also at making the website you go to look like the real thing.

If you fall prey to their scam, the site will gather your private information (usernames, passwords, accounts, etc.) and then use that to access your bank account or to charge your credit card.

To protect yourself, install a spam filter and NEVER open or respond to any e-mail requesting account verification. Instead, call the company. If it is a legitimate request, you can verify that with them over the phone.

Data Security And Theft Top IT Concerns For 2006, Continuing Into 2007

The number of personal records exposed in data security breaches surpassed 100 million this year.

So says the Privacy Rights Clearinghouse, which has been keeping count ever since a high-profile data leak at information broker ChoicePoint in early 2005. It keeps track of thefts and losses of gear such as laptops, storage tapes and drives, as well as of hacking incidents and insiders who leak data.

The count climbed throughout 2006: Boeing, the Department of Veterans Affairs, Hewlett-Packard, McAfee, the University of California, and many others made headlines as a result of breaches.

Most incidents come to light because of laws requiring public notification of data loss in cases where data is unencrypted. In response, security companies are increasingly pitching encryption products for secure storage–for example, Seagate Technology is building it into its drives. Microsoft is also getting into the game: business versions of Windows Vista have a full-disk encryption feature called BitLocker.

But encryption technology still lacks usability, a panel of industry experts said at an event celebrating the 30-year anniversary of cryptography.

Meanwhile, banks and credit agencies are hawking credit-monitoring services. In September, researchers named several banks as a consumer’s best bet in terms of offering protection against identity theft.

Breaches are only one way people’s identities can be compromised. Phishing scams are getting more widespread, and fraudsters are getting trickier in their attempts to con Internet users. People with high incomes attract more phishing e-mails and lose more money to them than other Internet users, according to a November Gartner report.

Scammers are helped by an apparent influx of cross-site-scripting bugs. These Web security flaws could let attackers craft a URL that looks like it points to a trusted site, but serves up content from a third, potentially malicious site. This year, this type of bug was found in many popular Web sites and in Google’s search appliances.

Phishing shields are now common. Microsoft has built one into its latest browser, IE 7, and Mozilla offers a similar feature in Firefox 2.

Alternative approaches to combat phishing include a new DNS service, OpenDNS, whose free address-lookup service blocks phishing sites and other threats.

Yahoo added an antiphishing feature to its site that displays a custom image on the log-in screen to verify that it is indeed a Yahoo page.

But if confidential data isn’t exposed through data breaches or pilfered through a phishing scam, there’s still malicious software. Criminals are crafting more-targeted Trojan horse attacks that seek to sneak onto PCs through zero-day flaws, experts have warned. In addition, some malicious software is now designed to let cybercrooks surf into online banks with you to steal your money.

You could also be exposed while on the go. Privacy watchers warn that people carrying passports equipped with radio chips could have the information in the document read from a distance. The solution: keep the passport closed and in a foil bag.
— from CNET News Service