Mother Lode: (209) 694-4599
Central Valley: (209) 790-4560

Tag: Identity Protection

  • COVID-19 and Cybercrime

    FBI Warns of Email Phishing Attacks in COVID-19 Pandemic

    Several of our clients have reported an increasing amount of phishing email messages showing up in their Inboxes and those of others in their organizations. The global efforts to combat the COVID-19 pandemic have understandably diverted much of our attention. Businesses large and small are reeling from the economic impacts. More than ever, we must keep our cyber guards up.
    Cybercriminals are always looking for new ways to steal your money, identity and data. Protect yourself and do your research before clicking on links purporting to provide information on the virus, donating to a charity online or through social media, contributing to a crowdfunding campaign, purchasing products online, or giving up your personal information in order to receive money or other benefits. These are just a few of the ways cybercriminals are using to infect computers with malware, steal usernames and passwords, gain access to business information and more. On Friday March 20, 2020, the FBI issued an alert addressing these emerging threats.
    According to the FBI alert, phishing emails are being sent daily in record numbers. Be on the look out for phishing emails that ask you to verify your personal information in order to receive an economic stimulus check from the government. While talk of economic stimulus checks has been in the news cycle, government agencies are not sending unsolicited emails seeking your private information in order to send you money. Phishing emails may also claim to be related to:

    • Charitable contributions
    • General financial relief
    • Airline carrier refunds
    • Fake cures and vaccines
    • Fake testing kits

    Also watch out for emails claiming to be from the Centers for Disease Control and Prevention (CDC) or other organizations claiming to offer information on the virus. Do not click links or open attachments you do not recognize. Fraudsters can use links in emails to deliver malware to your computer to steal personal information or to lock your computer and demand payment. Be wary of websites and apps claiming to track COVID-19 cases worldwide. Criminals are using malicious websites to infect and lock devices until payment is received.
    Remember, you are the first line of defense against phishing attacks and malware infections. Following these simple steps will limit your chances of biting on a phishing scam or malware infection:

    • Don’t open messages from unknown senders
    • Do not click on any links. By hovering your mouse pointer over the link, you can see the actual link displayed in a pop-up info balloon. If the link address looks unusual or does not match the site it states it’s from, it’s a phishing attempt.
    • Call the sender and ask them if they sent you the message. Only follow the link or open the attachment if you can verify its legitimacy with the sender.
    • Do not provide personal information to any unsolicited requests for information
    • Type in a trusted URL for a company’s site into the address bar of your browser to bypass the link in a suspected phishing message
    • If you want to donate, visit the fundraising organization’s web site directly, don’t use any links from any other source.
    • Only provide personal information on sites that have “https” in the web address or have a lock icon at bottom of the browser
    • Immediately delete messages you suspect to be spam

    Email phishing messages can be safely deleted. If a message appears suspicious and you would like help determining whether it’s a phishing attack or not, please call our office at (209) 790-4560 option 2, or send us an email at support@ntelogic.com.
    If you believe you have already responded to an email phishing message, clicked on a suspicious link or opened a suspicious attachment, notify your supervisor and manager, and then call our office at (209) 790-4560 option 2.

    Remember to always stay safe online and think before you click!

  • Five Simple Ways to Spot Phishing Emails

    Five Simple Ways to Spot Phishing Emails

    Five Ways to Spot Phishing Emails

    Did you know that 9 out of 10 data breaches today involve a phishing attack? These attacks typically consist of fake emails designed to look like they’re coming from a brand or institution that you trust or do business with.

    Their goal is to compel you to click a link or download an attachment, which then, puts malicious files on your computer. This can enable hackers to steal your identity, breach your employer’s systems, and more.

    The best way to defend yourself against phishing attacks is to identify phony emails before you click on them.

    Here are the five simple ways to spot a phishing email:

    1. Who’s the real sender?
      Make sure the organization name in the From line matches the email address between the brackets: Sam Sender <sam.sender@hisdomain.com>. Watch out for typos or foreign domains – think amaz0n.com or microsoft.com.ch
    2. Check the salutation
      If you have a relationship with the sender’s organization, the email should always greet you by name, not the generic :Dear valued customer”.
    3. Hover your mouse
      Use the mouse hover trick to see the full URL (web address) of any link you’re asked to open. DO NOT click the link, just hover your mouse pointer over the link and the full web address will be displayed. If you don’t recognize the web address, don’t click it.
    4. What’s in the message footer?
      The footer of any legitimate email should include at a minimum:
      – A physical address for the business
      – An unsubscribe button
      If either are missing, the message is likely fake
    5. When in doubt, hit DEL
      If you don’t know the sender or something just doesn’t seem right with the message, simply delete it. If it’s a legitimate message, the sender will resend the message or contact you some other way.

  • Barracuda Email Spoof

    What the Barracuda Email Spoof Means for Your Business

    Elaborate Scheme to Steal O365 User Credentials

    The email spoof remains one of the favorite tools used by cyber-criminals to phish information. A recently uncovered scheme moved the bar up in terms of sophistication. As if using known brands wasn’t enough, this latest phishing attempt spoofed one of the leading email security firms. As a result, the implications are scary.
    Internet security training firm KnowBe4 reported how the attackers took great effort to cover their tracks. A typical email spoof involves forging the sender address. Known and trusted brands are used to trick recipients into opening the message. This attack however,  went beyond using a known brand and forged the email message header information. In an attempt to give increased credibility, the attackers spoofed the message header information as if the message had been safely validated by Barracuda Networks, an email security company known for tracking and reporting email shenanigans like email spoofing.
    Once a recipient opened the message, they were asked to login to their Office 365 account. The illegitimate landing page was a complete duplicate of the real Office 365 portal. Even a savvy user who took the time to review the message header information could have easily surrendered their O365 account credentials. This is the scary part – this tactic will likely be used over and over again, using other, well known security brands.

    What’s a Small Business to Do?

    If you’ve not discussed how to spot an email spoof with your teams, now is the time. Email phishing attacks are at an all time high. Remind staff to be vigilant and question any email that doesn’t seem quite right. The best rule-of-thumb is to think before you click.
    A plethora of email security solutions are also available. From simple to sophisticated, there is an email security solution for every budget. Talk to your IT department or give us a call about email security in your office.