TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Online Security

How To Save Your Business From Phishing Scams

Workplaces today are filled with computers and machines, but just as these workstations optimize efficiency and profit, they also increase the possibility of attacks designed to steal, destroy, or corrupt your data through the use of malicious programs.

The most probable avenue for these malicious programs is through phishing scams. To understand how to stop these attacks, you must first understand what a phishing scam entails.

A phishing scam is an attempt for someone to steal sensitive information or install malware onto your PC by tricking you into clicking a link, opening an attachment, or providing personal information.

Although these attacks use tactics that trick people every day, you can stay safe by staying smart. Through time and practice, it can become easy to spot a phishing attack and keep your PC and personal information safe.

If you receive an email containing a threatening message, usually one demanding immediate action, it is probably a phishing scam. Most of these messages try to trick users into clicking a link or opening an attachment with threatening messages like, “Your account has been compromised! You are no longer protected! Click here to protect your account!”

Once you click the link, though, you are redirected to a phishing site.

Another example may be what seems to be an email from your boss’ boss demanding sensitive information to complete company documentation. Always beware when you see a threatening or demanding message.

Another indicator of a phishing scam is an unfamiliar email address or domain name. Some scammers may use domain names or email addresses similar to your normal contacts, but they will never be the same. If you notice an inconsistency, report the email.

Phishing scams can also normally be identified by the sender’s grammar skills. Here is an example from a phishing email: “Click here to cancel this request, else your öffice 365 accöunt…” Terrible grammar and unfamiliar characters as shown here are indicators of a scam.

Lastly, be wary of any request for any type of personal or sensitive information whatsoever, even if it initially seems to be from a trustworthy source.

Even if it does not show any other signs of being a phishing scam, always double and triple-check the authenticity of the request.

If you do stumble across a phishing scam, your best course of action would be to delete the email in question without opening any attachments or clicking any links.

In addition, you should report the incident to your superior or your IT service provider. If a phishing attack happened to you, it can happen to your coworkers as well.

Giving sensitive company information away to a scammer is the last way you want to start your week.

Their tactics are always changing, so the best way to fight attacks like these is through education and awareness rather than programs or filters. Remember the red flags of a phishing scam, and you will have no problem keeping your business safe and secure.

What Are The Newest Phishing Attacks?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.
Phishing is a term adapted from the word “fishing.” When we go fishing, we put a line in the water with bait on it, and we sit back and wait for the fish to come along and take the bait. Maybe the fish was hungry. Perhaps it just wasn’t paying attention. At any rate, eventually a fish will bite, and you’ll have something delicious for dinner.

How Does Phishing Work?
This is essentially how cyber phishing works. Cybercriminals create an interesting email, maybe saying that you’ve won a $100 gift certificate from Amazon. Sound too good to be true? Find out! All you have to do is click the link and take a short survey.

Once you click the link, a virus is downloaded onto your system. Sometimes it’s malware, and sometimes it’s ransomware. Malware includes Trojans, worms, spyware, and adware. These malicious programs each have different goals, but all are destructive and aimed at harming your computers. [Read more…] about What Are The Newest Phishing Attacks?

How To Reduce Pop-Ups And Other Browser Best Practices

Jason Cooley is Support Services Manager for Tech Experts.

One of the most annoying things about browsing the web are pop-ups. Depending on your browser, your ability to limit or block pop-ups is probably built-in. If it’s not, there is definitely an extension for that purpose.

There are also other ways to ensure you have the best and fastest browsing experience possible.

Before we get into which browsers have which kind of pop-up blocker, let’s examine a fact. Pop-ups are annoying, but not always intrusive or unwanted.

There are instances where I need a pop-up from a site as it may be an internal page that has been requested or a log-in box. This can be frustrating as we may not know a pop-up is coming from a link. It may appear that nothing has happened.

So how do you know? The best practice and safest way is to allow pop-ups from sites you trust (as needed).

Say you’re on your banking site and you click log-in. Normally, a pop-up log-in box is displayed, but nothing happens. The pop-up has been blocked.

In the browser, you can enable this webpage to allow pop-ups, thus restoring your access and keeping you secure in the process.

In addition to pop-ups, users must also be on the lookout for pop-under windows. These are typically pages that open with other pages, like a tag along. They also frequently occur when attempting to leave a web page. They pop underneath other windows, hence the name. In most cases, pop-up blockers will stop most pop-unders.

So what about the browsers? Well, let’s just cover the Big Three: Chrome, Edge, and Firefox.

These browsers all come with a built-in pop-up blocker – all of which can be enabled in the settings page of the browser.

In most cases, these will do what you want them to: stop pop-ups. However, there are some instances where pop-ups or pop-unders make it through. There are third party extensions for most browsers that will typically offer more security.

Now that these pop-ups are handled, what else can we do to make a better browser experience? There are a few things you can do to perform sort of “maintenance” on your browser.

Clearing your cache (stored data) can help a website that doesn’t want to load very quickly. Most people know about clearing your browsing history, but there are other clean-up methods available.

There are a few different types of stored data associated with browser use. Some of this is background information, temporary data, passwords, and preferences. You can choose which parts to remove, so you can still keep your saved information without having to reenter it.

Another quick and easy tune up process is to remove any unused browser extensions. This can help with basic browser speed and performance.

Maintaining a generally healthy system is also a key to browser speed. Malware and adware can often specifically affect browsers. Any malware affecting the entire system would affect your browsing speed as well.

The best practice you can have is to use a strong antivirus and scan your computer regularly. There are many factors at play and paying attention to all of them is key to the best browsing experience.

New Whaling Schemes: CEO Fraud Continues To Grow

In previous years, the first clue that your corporate email has been compromised would be a poorly-spelled and grammatically incorrect email message asking you to send thousands of dollars overseas.

While annoying, it was pretty easy to train staff members to see these as fraud and report the emails. Today’s cybercriminals are much more tech-savvy and sophisticated in their messaging, sending emails that purport to be from top executives in your organization, making a seemingly-reasonable request for you to transfer funds to them as they travel.

It’s much more likely that well-meaning financial managers will bite at this phishing scheme, making CEO and CFO fraud one of the fastest-growing ways for cybercriminals to defraud organizations of thousands of dollars at a time.

Here’s how to spot these so-called whaling schemes that target the “big fish” at an organization using social engineering and other advanced targeting mechanisms.

What Are Whaling Attacks?

Phishing emails are often a bit more basic, in that they may be targeted to any individual in the organization and ask for a limited amount of funds.

Whaling emails, on the other hand, are definitely going for the big haul, as they attempt to spoof the email address of the sender and aim pointed attacks based on information gathered from LinkedIn, corporate websites and social media.

This more sophisticated type of attack is more likely to trick people into wiring funds or passing along PII (Personally Identifiable Information) that can then be sold on the black market. Few industries are safe from this type of cyberattack, while larger and geographically dispersed organizations are more likely to become easy targets.

The Dangers of Whaling Emails

What is particularly troubling about this type of email is that they show an intimate knowledge of your organization and your operating principles. This could include everything from targeting exactly the individual who is most likely to respond to a financial request from their CEO to compromising the legitimate email accounts of your organization.

You may think that a reasonably alert finance or accounting manager would be able to see through this type of request, but the level of sophistication involved in these emails continues to grow. Scammers include insider information to make the emails look even more realistic, especially for globe-trotting CEOs who regularly need an infusion of cash from the home office.

According to Kaspersky, no one is really safe from these attacks — even the famed toy maker Mattel fell to the tactics of a fraudster to the tune of $3 million. The Snapchat human resources department also fell prey to scammers, only they were after personal information on current and past employees.

How Do You Protect Your Organization From Advanced Phishing Attacks?

The primary method of protection is ongoing education of staff at all levels of the organization. Some phishing or whaling attacks are easier to interpret than others and could include simple cues that something isn’t quite right. Here are some ways that you can potentially avoid phishing attacks:

  • Train staff to be on the lookout for fake (spoofed) email addresses or names. Show individuals how to hover over the email address and look closely to ensure that the domain name is spelled correctly.
  • Encourage individuals in a position of leadership to limit their social media presence and avoid sharing personal information online such as anniversaries, birthdays, promotions and relationships — all information that can be leveraged to add sophistication to an attack.
  • Deploy anti-phishing software that includes options such as link validation and URL screening.
  • Create internal best practices that include a secondary level of validation when large sums of money or sensitive information is requested. This can be as simple as a phone call to a company-owned phone to validate that the request is legitimate.
  • Request that your technology department or managed services provider add a flag to all emails that come from outside your corporate domain. That way, users can be trained to be wary of anything that appears to be internal to the organization, yet has that “external” flag.

There are no hard and fast rules that guarantee your organization will not be the victim of a phishing attack. However, ongoing education and strict security processes and procedures are two of the best ways to help keep your company’s finances — and personal information — safe from cyberattack.

Inside The Anatomy Of The Human Firewall

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Each year, around 61% of small businesses become the victims of a malware attack. While many small businesses may think no one would ever come after them because of their size, know that over half of the total global attacks hit small businesses and, for thieves, getting access to your systems is becoming increasingly lucrative.

Companies collect more about customers than ever before: medical history, financial records, consumer preferences, payment information, and other confidential information.

Some of this information could be used in malicious ways to either harm your business or directly harm the customers, so we all understand that we must protect it from cyberattacks.

Creating a human firewall is the best way to keep your system and data safe, but what exactly is a human firewall, why do you need one, and how can you build one? Let’s take a look! [Read more…] about Inside The Anatomy Of The Human Firewall

What Are The Top Cybersecurity Trends For 2019?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Several events in 2018 brought cybersecurity to the forefront of public consciousness, as major sectors– from financial institutions to Facebook– were affected by cybercrime.

According to Forbes, 34 percent of US consumers had their personal information compromised in 2018. Security experts and business leaders are constantly looking for ways to keep two steps ahead of hackers.

Cybersecurity trends for 2019 are a popular topic. Here is what’s anticipated this year in the cybersecurity realm.

Tougher regulations
As digital capabilities are rapidly gaining a worldwide foothold, data is becoming our most highly-valued commodity. [Read more…] about What Are The Top Cybersecurity Trends For 2019?

Inside The United States Of Cybersecurity

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Last year, Alabama and South Dakota passed laws mandating data breach notification for its residents.

The passage meant all 50 states, the District of Columbia and several U.S. territories now have legal frameworks that require businesses and other entities to notify consumers about compromised data.

All 50 states also have statutes addressing hacking, unauthorized access, computer trespass, viruses or malware, according to the National Conference of State Legislatures (NCSL). Every state has laws that allow consumers to freeze credit reporting, too.

While those milestones are notable, there are broader issues when it comes to legislative approaches to cybersecurity across the United States. There are vast discrepancies and differences among states when it comes to cybersecurity protection. [Read more…] about Inside The United States Of Cybersecurity

Top 5 Cybersecurity Predictions For 2019

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Cyber threats are a genuine danger for businesses, no matter their size or industry. Companies that face data breaches are likely to fail within months after the attack, according to the National Cyber Security Alliance. Security issues can ruin your reputation and cause expensive damage to your company.

In 2019, we are already predicting increased cyber crimes to steal more data and resources. The FBI reported that over $1.4 billion in losses were experienced by companies and individuals in 2017.

These expenses come from increasing security, losing information, losing physical resources, ransomware payouts, scams and more. The most significant sources of cybercrime included: [Read more…] about Top 5 Cybersecurity Predictions For 2019

HTTPS And Why The Internet Still Isn’t Secure

Frank DeLuca is a field technician for Tech Experts.

HTTPS stands for “Hyper Text Transfer Protocol Secure” and it is the secure version of HTTP, the protocol over which data is sent between your browser and the website you’re connected to.

Most web traffic online is now sent over an HTTPS connection, making it “secure.” In fact, Google now warns that unencrypted HTTP sites are “Not Secure.”

So why is there still so much malware, phishing, and other dangerous activity online?

“Secure” Sites Have a Secure Connection

In previous iterations of Chrome, it used to display the word “Secure” along with a green padlock in the address bar when you were visiting a website using HTTPS. Modern versions of Chrome simply have a little gray padlock icon next to the navigation bar, without the word “Secure.”

That’s partly because HTTPS is now considered the new baseline standard. Everything should be secure by default, so Chrome only warns you that a connection is “Not Secure” when you’re accessing a site over an HTTP connection.

The reason for the removal from displaying the word “Secure” is that it may have been a little misleading. It may have easily been misconstrued to appear like Chrome was vouching for the contents of the site as if everything on the page is “secure.” But that’s not true at all. A “secure” HTTPS site could be filled with malware or phishing attempts.

HTTPS Does Not Mean A Site is “Secure”

HTTPS is a solid protocol and all websites should use it. However, all it means is the website operator has purchased a certificate and set up encryption to secure the connection.

For example, a dangerous website full of malicious downloads might be delivered via HTTPS. The website and the files you download are sent over a secure connection, but they might not be secure themselves.

Similarly, a criminal could buy a domain like “www.bankofamerica.com,” get an SSL encryption certificate for it, and imitate Bank of America’s real website. This would be a phishing site with the “secure” padlock, but again, it only refers to the connection itself.

HTTPS Stops Snooping and Tampering

Despite that, HTTPS is great. This encryption prevents people from snooping on your data in transit, and it stops man-in-the-middle attacks that can modify the website as it’s sent to you. For example, no one can snoop on payment details you send to the website.

In short, HTTPS ensures the connection between you and that particular website is secure. No one can eavesdrop or tamper with the data in-between.

HTTPS Is An Improvement

Websites switching to HTTPS helps solve some problems, but it doesn’t end the scourge of malware, phishing, spam, attacks on vulnerable sites, or various other scams online.

However, the shift toward HTTPS is still great for the Internet. According to Google’s statistics, 80% of web pages loaded in Chrome on Windows are loaded over HTTPS. Plus, Chrome users on Windows spend 88% of their browsing time on HTTPS sites.

This transition does make it harder for criminals to eavesdrop on personal data, especially on public Wi-Fi or other public networks. It also greatly minimizes the odds that you’ll encounter a man-in-the-middle attack on public Wi-Fi or another network.

It’s still no silver bullet. You still need to use basic online safety practices to protect yourself from malware, spot phishing sites, and avoid other online problems.

October Is National Cybersecurity Awareness Month

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Online security is something that should get everyone’s attention. Threats exist all around us: ransomware, viruses, spyware, social engineering attacks and more. There’s so much you need to know to keep your personal and business information safe.

But where do you start?

As trusted cybersecurity professionals, we want to help you get educated and stay informed.

That’s why during National Cybersecurity Awareness Month our goal is to give you all the information you need to stay secure.

How can we help? We’ll be sharing valuable and timely information on cybersecurity in blogs, in our newsletter, and on all of your favorite social media sites. [Read more…] about October Is National Cybersecurity Awareness Month