Chat with us, powered by LiveChat
678-389-6200

Modern Phishing Email and Article Headlines That Fool Even Tech Professionals

Learn more about the kind of email phishing headlines that end up fooling the smartest tech professionals, and how you can better protect your business.  

Phishing Headlines

Any tech professional worth their salt understands the damage wrought by unsuspecting users clicking on links inside “phishing” emails. It’s not surprising when tech-challenged individuals end up getting sucked in by today’s social engineering attempts. However, some of the headlines used by hackers manage to fool a lot of experienced IT pros.

Emails aren’t the only place where tech professionals show their vulnerability. Messaging portals in spaces like Facebook and LinkedIn have become prime targets for scammers, especially as traditional email providers step up their protections. In fact, both platforms had the highest success rate for phishing scams when they were included in an email subject line at 28% and 55%, respectively.

How Do Experienced Tech Professionals End Up Getting Fooled?

It’s hard to imagine how the people charged with keeping company systems safe end up ensnared in these schemes. Security-minded individuals become so comfortable in their knowledge of suspicious emails and technology in general that it makes them less careful. They’re prone to quickly scanning and clicking emails and messages without absorbing the information. It’s already too late by the time they realize their error in judgment.

What Makes a Phishing Headline Successful?

Phishing email headers that include words like “Request,” “Follow-Up,” and “Urgent/Important” tend to have a higher click rate, especially if it seems they come from a colleague or high-level executive. Victims often feel compelled to respond quickly out of fear of not delivering on job expectations. They also worry about costing the company money by failing to follow through on requests related to finance and payments.

The manipulation of that social element can have the same effect on tech workers. They’re more likely to respond quickly to a request that seems to come from a company vice-president. No one wants to be the person preventing them from getting back to company business.

Let’s look at some of the headlines used to fool regular users and IT professionals.

  1. Requests for password changes
  2. Deactivation of Microsoft Office email service
  3. Setting up employee raises for HR
  4. Document sharing using a secure server
  5. Lack of internet service due to scheduled server maintenance.
  6. Address needed for FedEx delivery
  7. Locked company Twitter account
  8. Complete steps for Google service
  9. Error with Coinbase
  10. Closed company bank account

How Can Businesses Upgrade Their Current Phishing Protections?

There’s no one step a business can take to prevent someone from falling for a phishing scam. It pays to use a multi-pronged approach to blocking and dealing with suspicious emails and websites targeting company workers.

Tools like SPAM filters, mock phishing practice scenarios, and web filters to block malicious websites should be a priority. It also pays to encrypt sensitive company information, making it harder for employees to share the data with anyone. That goes double for telecommuters who must log into company systems remotely from different devices.

Businesses should initiate company-wide security initiatives and enforce them consistently. Make sure IT employees understand – their expertise doesn’t leave them immune to these types of attacks.

For more on keeping your network secure, call us at 678-389-6200 or contact us online

Five Golden Rules For Data Privacy

Your data and privacy deserve respect. Here are five golden rules for keeping yourself, your business, and your employees secure.

Limit Who Has Access

Keep information on a need-to-know basis. The more people that have access to a particular folder or file, the greater the risk of a data breach or exposure. Your employees should only have the information they need to perform their work.

Use Secure Passwords and Multi-Factor Authentication

If your business uses easy-to-guess passwords or doesn’t have rules in place regarding password complexity and expiration dates, it’s time to make a change. Implement your own rules and requirements for password management, or use a management tool that provides effective security while simplifying the process for your employees. Multi-factor authentication (MFA), which can be enabled via SMS or email, is an added layer of protection.

Implement Consistent Backups

Your data isn’t safe unless it’s backed up. Back-ups protect valuable information from accidental or malicious deletion and overwrites, hardware or software failures, and even cyber attacks. Backups should happen as often as makes sense for your business’s needs – but more often is better. And follow the rule of three: Three copies of data, on two types of media, and one offsite storage facility.

Protect Your Physical Space, Too

Picture an average workstation: Passwords written on sticky notes, USB drives sitting out in the open, unattended or unlocked computers displaying sensitive information. If your offices feature these common oversights, educate your employees about the simple steps they can take in their physical space to secure your company’s data and privacy.

Stay Informed

As technology rapidly evolves, so do threats to your business’s data security. Stay vigilant, stay informed, and use an IT provider that has your back. For more on keeping your business secure, call us at 678-389-6200 or contact us online

 

Are Public Charging Stations A Security Threat?

Here’s a new cyber threat to worry about: Juice Jacking. Read on to learn what about juice jacking and how to prevent yourself or employees from becoming a victim.

Juice Jacking

What Is Juice Jacking?

One common feature of modern smartphones is that the power supply and data stream pass through the same cable. When you plug your phone in to charge, hackers could theoretically access your phone through the same cable and inject malicious code or steal your personal information.

Your USB connector has five pins. However, it only uses one of those five pins to pass-through power for charging. Two additional pins are used for transferring data. So, when you charge, you could also be opening a port for passing data between devices.

We have only seen unconfirmed reports of juice jacking happening in the real world, but engineers have demonstrated how it is possible. In theory, threat actors might hide a device in a public charging station at airports or hotels. It’s a big enough concern that the District Attorney’s office in Los Angeles recently put out a warning to travelers to avoid using public USB charging stations.

The FBI put out a warning about a device that’s small enough to fit inside a USB charger that can steal keystrokes from wireless keyboards. Another device hidden inside a USB charging station accesses your video display. It then records a video of everything you do, which might include passwords, accounts numbers, or PINs.

How To Prevent Juice Jacking From Happening to You or Your Employees

We’ve been warning people about the potential danger of using public Wi-Fi stations for years. Hackers can set up Wi-Fi hotspots in coffee shops and other public places then intercept data as it’s sent back and forth to your device. Now you can add public charging stations to the list of potential problems.

This doesn’t mean you shouldn’t use them. You just need to take basic security precautions to stay safe.

  • Avoid using public USB charging stations or plugging into unfamiliar computers.
  • Instead, use an AC power outlet and your own charging device. No data transfer is going to take place when you’re using an AC outlet and your charger.
  • Consider external batteries, power banks, or wireless chargers if you need a charge on the go.

You should also avoid the temptation to plug into a USB charger you find left plugged in somewhere. It may be waiting for you to plug in and infect your device.

For iOS users, you can also use USB Restricted Mode which allows charging but prevents data transfers under certain circumstances. You’ll find it by going to Settings > Face ID & Passcodes (or Touch ID & Passcode) > USB Accessories. For Android users, USB data transfer should be disabled by default. If you want to check to make sure that’s the case, plug in your phone in a safe place, click on the notification and check USB Configuration options.

Questions about keeping safe from cyber threats? Call us at 678-389-6200 or contact us online

Homeland Security Issues Rare Warning To Firefox Users: Update Now Or Risk Attacks

If your small business is using any but the latest, just-patched version of Firefox, you need to update now. That directive comes from no less than the United States Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).

Whether you use Windows or Mac, older versions of Firefox for desktop contain a critical vulnerability that allows attackers to take control of a user’s entire operating system. This nightmare scenario is already playing out, hence the urgent warning from Homeland Security.

From CISA:

Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 72.0.1 and Firefox ESR 68.4.1 and apply the necessary updates.

Mozilla itself says: “We are aware of targeted attacks in the wild abusing this flaw.”

To upgrade your Firefox browser:

  • On a Mac: launch Firefox and click About > Firefox and click the “Restart to update Firefox” button.
  • On a PC: launch Firefox and go under either Options > Firefox Updates or Options > Advanced > Update to update Firefox.

The version you want to be running is Firefox 72.0.1 and Firefox ESR 68.4.1 or higher. Firefox browsers for mobile devices are not known to be affected.

Need help upgrading your system? Call us at 678-389-6200 or contact us online

Reminder: Windows 7 Losing Support Today

If you use Windows 7, you need to be aware that Microsoft is ending support for your operating system today – January 14th, 2020. Now is the time to upgrade to Windows 10.  

Windows 7 is an operating system that still has plenty of users – in fact, it was only earlier last year that the market share for Windows 10 moved past Windows 7. Impressive, considering that Windows 10 was released in 2015. But nothing lasts forever in technology, and Windows 7 is no exception.

With Microsoft ending support for Windows 7, the operating system will become much more difficult to keep up and running effectively. Worst of all, a loss of support means Windows 7 will be more vulnerable to security threats.

What Does “Loss of Support” Mean?

There are several things that will happen when support ends for your Windows 7 operating system, including:

  • Loss of tech support. Right now, if something goes wrong with your Windows 7, you can contact Microsoft and get somebody to help you with the problem. They can run you through troubleshooting steps and try to get things going again. But when support ends, you won’t have the option of contacting Microsoft about it.
  • No more software updates. Microsoft is always working to improve their operating systems – at least the ones they currently support. But once they stop support, they stop putting resources into improving an OS. That means there will be no more updates to make Windows 7 secure and stable.
  • Loss of security. This is the big one. There are always people out there looking to compromise Windows operating systems, even ones as old as Windows 7. When you lose support for your OS, it means that Microsoft will no longer be trying to identify threats and upgrade your OS to defend against those threats.
  • Loss of compatibility. Over time, the software you rely upon will stop working with Windows 7, effectively spelling the end of your computer’s functionality.

Fortunately, getting support for your OS is easy enough – you just have to upgrade to Windows 10.

Need help upgrading your system? Call us at 678-389-6200 or contact us online

Web Analytics