Security

FBI Warns of Email Phishing Attacks in COVID-19 Pandemic

Several of our clients have reported an increasing amount of phishing email messages showing up in their Inboxes and those of others in their organizations. The global efforts to combat the COVID-19 pandemic have understandably diverted much of our attention. Businesses large and small are reeling from the economic impacts. More than ever, we must keep our cyber guards up.
Cybercriminals are always looking for new ways to steal your money, identity and data. Protect yourself and do your research before clicking on links purporting to provide information on the virus, donating to a charity online or through social media, contributing to a crowdfunding campaign, purchasing products online, or giving up your personal information in order to receive money or other benefits. These are just a few of the ways cybercriminals are using to infect computers with malware, steal usernames and passwords, gain access to business information and more. On Friday March 20, 2020, the FBI issued an alert addressing these emerging threats.
According to the FBI alert, phishing emails are being sent daily in record numbers. Be on the look out for phishing emails that ask you to verify your personal information in order to receive an economic stimulus check from the government. While talk of economic stimulus checks has been in the news cycle, government agencies are not sending unsolicited emails seeking your private information in order to send you money. Phishing emails may also claim to be related to:

  • Charitable contributions
  • General financial relief
  • Airline carrier refunds
  • Fake cures and vaccines
  • Fake testing kits

Also watch out for emails claiming to be from the Centers for Disease Control and Prevention (CDC) or other organizations claiming to offer information on the virus. Do not click links or open attachments you do not recognize. Fraudsters can use links in emails to deliver malware to your computer to steal personal information or to lock your computer and demand payment. Be wary of websites and apps claiming to track COVID-19 cases worldwide. Criminals are using malicious websites to infect and lock devices until payment is received.
Remember, you are the first line of defense against phishing attacks and malware infections. Following these simple steps will limit your chances of biting on a phishing scam or malware infection:

  • Don’t open messages from unknown senders
  • Do not click on any links. By hovering your mouse pointer over the link, you can see the actual link displayed in a pop-up info balloon. If the link address looks unusual or does not match the site it states it’s from, it’s a phishing attempt.
  • Call the sender and ask them if they sent you the message. Only follow the link or open the attachment if you can verify its legitimacy with the sender.
  • Do not provide personal information to any unsolicited requests for information
  • Type in a trusted URL for a company’s site into the address bar of your browser to bypass the link in a suspected phishing message
  • If you want to donate, visit the fundraising organization’s web site directly, don’t use any links from any other source.
  • Only provide personal information on sites that have “https” in the web address or have a lock icon at bottom of the browser
  • Immediately delete messages you suspect to be spam

Email phishing messages can be safely deleted. If a message appears suspicious and you would like help determining whether it’s a phishing attack or not, please call our office at (209) 790-4560 option 2, or send us an email at support@ntelogic.com.
If you believe you have already responded to an email phishing message, clicked on a suspicious link or opened a suspicious attachment, notify your supervisor and manager, and then call our office at (209) 790-4560 option 2.

Remember to always stay safe online and think before you click!

NTELogic.com | VPN ServicesDo You VPN?

If you travel for business, it is highly likely you’ve connected to the free Wi-Fi in the airport terminal, local coffee shop or even on public transit. Have you ever connected to that free Wi-Fi in your hotel room and gotten a creeping sense of dread, wondering if anyone might be able to see what you’re doing online? That’s not just a feeling, it’s a reality. Public and free Wi-Fi networks are the playground of cyber thieves. With a VPN – Virtual Private Network – you can protect your online transactions from snooping eyes.

What Is a VPN, and How Does It Work?

A VPN creates an encrypted tunnel between you and a remote server operated by a VPN service. All your internet traffic is routed through this tunnel, so your data is secure from prying eyes along the way. Because your traffic is exiting the VPN server, your computer appears to have the IP address of VPN service server, masking your identity and location.

Do I Need a VPN On All My Devices?

Short answer is yes. You need a VPN on all your devices that connect to Wi-Fi outside your trusted office or home network. For the most part, VPN clients are the same for both Windows and macOS.

What a VPN Won’t Do

Even with a VPN, things like cookies allow companies to track your internet usage even after you’ve left their sites.

Protect Yourself With a VPN

Today, many of us have multiple devices that connect to the web. Modern devices are more powerful than the top computers of just 10 years ago. The internet however, hasn’t really changed. It was designed to be distributed and insecure. Cyber criminals take advantage of the insecure nature of the Internet. This means, unfortunately, it is up to individuals to protect themselves. Antivirus apps and password managers go a long way toward keeping you safer, but a VPN is a uniquely powerful tool that you should definitely have in your personal security toolkit, especially in today’s connected world.

Ready to Give It a Try?

Many of the VPN service providers offer a free trial. Others offer a basic VPN service for free, and additional features with a paid version. We are proud to have partnered with Hide Me. Register here (link) for a free account and start your VPN service today. Each free account includes 2GB of data transfer, 1 simultaneous connection (1 device) and your choice of 5 worldwide proxy servers.
Once you see how powerful and easy to use the Hide.Me VPN service is, we’re confident you’ll want to upgrade to the paid subscription. By upgrading your service, you’ll enjoy unlimited data transfer, 10 simultaneous connections (10 devices) and 60 worldwide proxy server locations. NTELogic takes care of upgrading your service so you never have to worry about a lapse in protection. Give it a try today – it’s free!

As we posted last March, email phishing attacks continue at record levels. Those who seek to commit fraud keep getting more innovative in their efforts. Many people have become savvy enough to recognize the common tell-tale signs. Whether it’s a tragedy or a fake IRS collection notice, we’re rarely surprised by the bait used by those who are phishing. This is one of those instances that gave us pause.
A client forwarded an email message that appeared to be a voicemail notification from their office phone. Many of us are used to getting text and email notifications for voicemail messages left for us. Whether the fake notification looks similar to what you normally see or not, one link click whilst in a hurry can lead to compromise.

The recipient did the right thing. Using the information they have learned about the tactics used by cyber-criminals, the client recognized the clues and didn’t take the bait.
Remember to always think before you click. Stay smart, the criminals are working hard to stay in business. Don’t let them get into your business.

Microsoft Release Urgent Security Patch

Unpatched Windows 7 Systems Exposed to WannaCry Style Worm

As part of its May 14 Patch Tuesday, Microsoft released an urgent security fix for several older versions of Windows. For users still running Windows 7, Windows XP or Windows Server 2003, the patch repairs  a potentially “wormable” flaw in those systems. If left unpatched, the systems could be hit by a malware attack like WannaCry.
The vulnerability, CVE-2019-0708, is in remote desktop services (also known as Terminal Services). To exploit the vulnerability “an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP,” Microsoft officials noted. The update corrects how Remote Desktop Services handles connection requests.
The fact that Microsoft would issue a patch for Windows XP, which has been out of support status for many years indicates the scope of this threat.
If you have a system running Windows 7, you are urged to make sure Windows Update is set to automatically download and install updates. alternatively, you can manually install the patch by following the guidance issued by Microsoft.
Please call our Support Department if we can assist you in patching your systems.

What the Barracuda Email Spoof Means for Your Business

Elaborate Scheme to Steal O365 User Credentials

The email spoof remains one of the favorite tools used by cyber-criminals to phish information. A recently uncovered scheme moved the bar up in terms of sophistication. As if using known brands wasn’t enough, this latest phishing attempt spoofed one of the leading email security firms. As a result, the implications are scary.
Internet security training firm KnowBe4 reported how the attackers took great effort to cover their tracks. A typical email spoof involves forging the sender address. Known and trusted brands are used to trick recipients into opening the message. This attack however,  went beyond using a known brand and forged the email message header information. In an attempt to give increased credibility, the attackers spoofed the message header information as if the message had been safely validated by Barracuda Networks, an email security company known for tracking and reporting email shenanigans like email spoofing.
Once a recipient opened the message, they were asked to login to their Office 365 account. The illegitimate landing page was a complete duplicate of the real Office 365 portal. Even a savvy user who took the time to review the message header information could have easily surrendered their O365 account credentials. This is the scary part – this tactic will likely be used over and over again, using other, well known security brands.

What’s a Small Business to Do?

If you’ve not discussed how to spot an email spoof with your teams, now is the time. Email phishing attacks are at an all time high. Remind staff to be vigilant and question any email that doesn’t seem quite right. The best rule-of-thumb is to think before you click.
A plethora of email security solutions are also available. From simple to sophisticated, there is an email security solution for every budget. Talk to your IT department or give us a call about email security in your office.

Facebook Data Breach Exposes User Data

540 Million Facebook Users Impacted

User ID’s, Friends Lists and Photos Among the Data Exposed

Two separate databases that stored Facebook user profile details on unsecured Amazon AWS cloud servers were discovered this week by cybersecurity research firm Upguard. It was just last April that Facebook admitted malicious actors had likely accessed user data for all of Facebook’s 2.2 billion users. This time, the world’s biggest social network is not to blame.
The massive data breach was tracked back to Mexico-based media company Cultura Colectiva. Another 3rd-party app, At the Pool, also improperly stored user profile data in a different AWS database, contributing to the breach.
Upguard notified Cultura Colectiva and Amazon of the exposed data in January. Apparently, no action was taken until April 3rd.

What This Means for You

The databases have been secured and taken offline. While it’s unknown whether affected Facebook users will be notified that their data has been compromised, this latest breach is a good reminder to change your passwords, especially passwords used with Facebook.
IT security best practices call for changing your passwords every 90 days. This may not be achievable for many users. A reasonable goal would be to change your passwords twice a year. Picking notable dates, such as Mother’s Day or the first day of school makes it easier to remember. Just like we’re supposed to change the batteries in our smoke alarms when the time changes. Pick your dates and put a note on the calendar.

How Do I Create a Secure Password?

Rather than trying to create and remember a password, try using a phrase or expression. After you’ve picked one, use the first letter of each word in the phrase. Substitute numbers and special charachters for two or more of the letters. Viola! You’ve created an easy to remember, secure password.
Our Support Center has a How-To article on creating secure passwords that illustrates how easy it can be.

Over the past 48 hours, we have seen a large spike in email phishing activity. Our Support Department has received calls from several users who have reported receiving email messages that turned out to be phishing attempts. We thought it a good time to share some information about what email phishing attacks are, how to identify an email that is attempting to phish information and what to do if you believe you have received an email phishing message.

What are email phishing attacks?
According to the US Department of Homeland Security’s Computer Emergency Readiness Team, email phishing is an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques. Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual. These emails often attempt to entice users to click on a link that will take the user to a fraudulent website that appears legitimate. The user then may be asked to provide personal information, such as account usernames and passwords, that can further expose them to future compromises. Additionally, these fraudulent websites may contain malicious code.

Tech-savvy con artists and identity theft criminals will use spam, fake websites constructed to look identical to real sites, email and instant messages to trick you into divulging sensitive information, like bank account passwords and credit card numbers. Once you take the phisher’s bait, they can use the information to create fake accounts in your name, ruin your credit, and steal your money or even your identity.

How do I identify a phishing email?
If you receive an email message that appears to have been sent from a coworker, vendor or other trusted third-party and it’s requesting you to click on a link, open an attachment, take an action (like issuing a check or buying gift cards), or sending information about employees, bank accounts, customers or vendors, it may be a phishing attempt. Stop and scrutinize the message carefully. Here’s some clues to look for that will help determine if the message is a phishing attempt:

  • An email phishing message typically will use awkward sentence structure or use words in the wrong context. Nouns and punctuation may be used incorrectly.
  • An email phishing message will suggest that you requested some information and will ask you to click on a link or open an attachment.
  • A phishing email can look like a fundraising message for a recent disaster or other newsworthy event.
  • A link may be disguised to look like a legitimate site, such as Amazon, Microsoft or a bank.

I think I just received an email phishing message. What should I do?
If you think you’ve received an email phishing message, the most important action to take is to stop – don’t click any links, don’t open any attachments, and don’t reply. Some other actions to take are:

  • Don’t open messages from unknown senders
  • Do not click on any links. By hovering your mouse pointer over the link, you can see the actual link displayed in a pop-up info balloon. If the link address looks unusual or does not match the site it states it’s from, it’s a phishing attempt.
  • Call the sender and ask them if they sent you the message. Only follow the link or open the attachment if you can verify its legitimacy with the sender.
  • Do not provide personal information to any unsolicited requests for information
  • Type in a trusted URL for a company’s site into the address bar of your browser to bypass the link in a suspected phishing message
  • If you want to donate, visit the fundraising organization’s web site directly, don’t use any links from any other source.
  • Only provide personal information on sites that have “https” in the web address or have a lock icon at bottom of the browser
  • Immediately delete messages you suspect to be spam

Email phishing messages can be safely deleted. If a message appears suspicious and you would like help determining whether it’s a phishing attack or not, please call our office at (209) 790-4560 option 2, or send us an email at support@ntelogic.com.

If you believe you have already responded to an email phishing message, clicked on a suspicious link or opened a suspicious attachment, notify your supervisor and manager, and then call our office at (209) 790-4560 option 2.

Remember to always stay safe online and think before you click!

Ntelogic.com | Business Email Compromise Alert

Internet Crime Complaint Center Releases Business Alert

Report cites 136% increase in lost business assets

On Friday the 13th, the Internet Crime Complaint Center (IC3) released a Public Service Announcement. The announcement warns of the risks businesses face from Business Email Compromise (BEC) and Email Account Compromise (EAC). From October 2013 to May 2018, IC3 tracked over 78,000 reports of BCE/EAC that resulted in losses over 12 billion dollars US.

What is Business Email Compromise?

Email compromise is a sophisticated scam that targets businesses and individuals. A cyber-criminal gains unauthorized access to a business e-mail account. Social engineering tactics trick the recipient into transferring funds.
The scam may not always involve a request for transfer of funds. Others trick the recipient into disclosing personal information or wage and tax information.

How to avoid Business Email Compromise

  • Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
  • Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.
  • Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
  • Don’t send sensitive information over the Internet before checking a website’s security.
  • Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
  • If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information.
  • Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic.
  • Take advantage of any anti-phishing features offered by your email client and web browser.

If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.

The FBI has revised its recommendations for home network security. The guidelines focus on protecting personal devices connected to the Internet. The information also applies to protecting your devices while traveling. It also provides best practices for your small business office network.
More devices are now connected to the Internet than ever before. Consequently, as the Internet of Things (IoT) grows larger, security risks also increase. Home users are especially vulnerable.
Two common misconceptions befall home users.

  • They believe their home network is too small to interest bad actors.
  • They believe their devices are secure enough out-of-the-box.

Cyber attacks are indiscriminate – they don’t consider the type of network. A network connected to the Internet is a potential target. Without specific precautions, any network can be compromised.
Most Internet-enabled consumer devices come configured with basic, default factory settings. This includes passwords to access sensitive settings. The default settings often go unchanged. Subsequently, hackers can gain access by use of the default password.
Here are some simple yet effective steps you can take to improve your network security.

– Keep your software updated

Update all software. This is one of the easiest steps to keeping connected devices safe. Along with adding new features, updates include security fixes. Windows 10 applies all updates automatically. If you’re using another Operating System use automatic updates if available.

– Remove unnecessary software and disable unneeded services

Many new computers come with preinstalled trial software. This leads to security holes. “Bloatware” as it’s known can be removed. Check running services against the list provided by the National Cybersecurity and Communications Integration Center (NCCIC). Disable any services that are not required or needed.

– Change factory default settings and passwords

New devices come configured with simple passwords and user-friendly settings. This is to make set-up easy. But it leaves the device at risk. Change default passwords to a personal password. Check router configurations and disable unneeded ports or services.

– Use anti-malware software and keep it up-to-date

Using a reputable antivirus or anti-malware app is the best line of defense. These watchdog programs protect your system and act to quarantine known and suspected threats. Many affordable software choices exist, some are even free. Be sure to set your anti-malware program to update automatically. Doing so ensures your system has protection against emerging and zero-day threats.

– Install a network firewall

A network firewall sets-up hardened perimeter where your network connects to the Internet. Network firewalls prevent intruders from gaining access to your network. Routers provided by Internet service providers include a network firewall. Check the settings to make sure the greatest protection is active.

– Install a firewall on connected devices

Use of firewalls on computers connected to your network increase intrusion protection. This type of firewall looks at the incoming and outgoing traffic. If a traffic request violates a rule, the firewall blocks the request. Device firewalls are embedded in common operating systems. Most anti-malware programs include a device firewall. Bundled firewalls offer more advanced features.

– Enable Wireless security

An open wi-fi network is a welcome sign to hackers. Use the strongest encryption protocol your wi-fi router has available. There are two recommended encryption protocols for home use. The first is Wi-Fi Protected Access 2 (WPA2) Personal Advanced Encryption Standard (AES). The second is Temporary Key Integrity Protocol (TKIP). Be sure to change the default network name (SSID) and default password. Check for firmware updates. Install updates as they become available.

– Back-up your data

Regular back-up of your files has never been easier. It is also affordable. Many options exist that automatically back-up your files. Local, cloud-based and hybrid options are available. A good back-up strategy is cheap insurance against data loss.
These recommendations are also effective for small business network security. A few simple changes can prevent a cyber-attack. They also protect against compromise of personal information and loss of data.

Ntelogic.com | Changes to Chrome and HTTPS: Is Your SMB Web Site Ready?The end of HTTP is near. Starting with Chrome version 70, web pages not served via an HTTPS secure connection will be mark as unsafe.
The search engine behemoth has been promoting the idea of an encrypted web for years. Google moved in 2014 to mark all sites served as HTTP as insecure.
Google has moved this idea forward, believing that as more site owners adopt HTTPS, Chrome security features should change in response.
The move toward securing web sites has come a long way in a short time. In fact, secure web traffic has almost doubled since 2014.
With increasingly broader adoption of HTTPS, Google is set to eliminate unsecured web pages. Chrome will begin displaying the red “Not Secure” warning.
“We hope these changes continue to pave the way for a web that’s easy to use safely, by default. HTTPS is cheaper and easier than ever before, and unlocks powerful capabilities, so don’t wait to migrate to HTTPS,” stated Emily Schechter, Product Manager, Chrome Security, notes in a blog post.
Google isn’t alone in this effort. Beginning in 2017, Firefox began warning users when web pages are delivering login fields via HTTP connections.
Sites not served by a compliant SSL certificate will appear as a potentially dangerous web site to visitors. As a result. this change could have a big impact to small business web sites.
Wordpress hosted web sites can obtain a free SSL certificate. Let’s Encrypt provides free HTTPS certificates. Many low-cost options also exist.
Installing an SSL certificate is not always a straight forward task. Having an implementation plan will reduce unpleasant surprises.
Small business web site owners should contact their web host or IT specialist to determine whether their site is being served securely. If not, the time to act is now.