Chat with us, powered by LiveChat
678-389-6200

How to Protect against Phishing email scams

Being Protected from scams

Phishing scams are one of the most popular tools in a cyber criminal’s arsenal today, given the ease with which they can deliver their attack through the relatively undefended route of email.

Email breaches come in a variety of forms, but predominantly involve the use of a false identity – creating trust between the recipient and the hacker – with the intent of duping the victim into unknowingly sharing sensitive information or opening a malicious file on their computer.

Deception is, of course, the key to a successful phishing attack – this trust is used to draw the victim into clicking on a link embedded within the email, which will often load a website posing as a brand entity or company likely known to the email recipient. The scammers go into extensive detail to impersonate individuals and entities that you or your team are likely to trust, so that you’ll comply with their requests. Familiar names such as Netflix, your bank or governmental departments will often be used – with a message requiring the user to act urgently in updating their credit card information or sharing their login credentials.

While most cyber criminals want to gain access to your systems or to compromising and sensitive information for financial gain, some do it for the pure goal of causing chaos.

Methods of the Phishing Scammer

There are technical solutions designed with the intention of blocking phishing attempts, but the most important and first line of defense is ‘the Human Firewall’. Your team needs to know what to look out for if a scammer slips through the net into their inbox.

Your team’s first reaction to any and every email they receive must be to distrust it, until they can verify its legitimacy.

Deceptive Phishing, as described above, not only impersonates an organization you trust, but it urges you to take immediate action. The email may contain a message along the lines of: “Click link to verify identity” or “Unverified account log in, click link to identify.” Or, it may seem to be helping you avoid something bad, when actually they are the bad thing to avoid. Messages such as these will often be accompanied by a redirect to a login portal designed to  harvest account details.

Spear Phishing is a more targeted technique whereby the cybercriminal performs background research on the victim in order to pose as an individual or entity known to them personally. These criminals are not lazy – they will do whatever research they need before beginning an attack. Fraudsters can gather an extensive amount of information from social media profiles so you’ll believe it someone you know and trust. Scams of this nature have a higher chance of success as victims may not think they’d be targeted personally.

CEO Fraud is where the scammer impersonates a company CEO or other other high-status person. Armed with publicly-sourced information about the CEO they’re impersonating, they communicate with company employees asking them to perform tasks and transactions that would normally be unauthorized. The cyber criminals invent stories as to why the requests are valid in the hope that your team complies. Would you disobey and slow down the boss’s workday? You wouldn’t think twice if the source seemed genuine.

Cloning involves creating an identical copy of a previously sent email from a legitimate sender. This time, however, any of the links contained within the original email will be replaced with malicious ones.

Pharming involves directing users toward fake websites set up to steal login credentials and other forms of sensitive information. Cyber criminals may use viruses to direct individual users towards the rogue site – but this method does involve infecting the user’s computer beforehand, which can be difficult.

 

3 Ways to Avoid Phishing Attacks

With their techniques getting more sophisticated by the day, their manipulative talents, and their clever tricks, anyone can fall prey to Phishing scams. You must always proceed with care, examine links closely, and if you are in doubt, delete.

Pay close attention to URLs. If you find yourself redirected to a site from an email, take a moment to look at the URL to compare it to what you would expect. Look out for anything out of the ordinary, slight misspellings, extra words, or unnecessary hyphens in the domain name for example. Also look to see if the ‘top-level domain’ is as you expect. For example, if you expect ‘.com’ but you see ‘.fr’ then something is not quite right. As we said, if in doubt, just close your window and if you need to visit that site, enter the correct URL manually.

Know your bank and the way it operates. Do some research – or even contact – your bank to learn how they will contact you in the event of an emergency. Any financial establishment worth its weight will let you know exactly how they will get in touch so that you distinguish between legitimate communications and the fraudulent ones.

Do not reveal too much! A massive, publicly available social media presence is a goldmine to fraudsters, and they will use it to gain access to sensitive information. Apply privacy settings and keep things like your friends list, phone numbers and your date of birth viewable only to people you know and trust.

 

mPowered IT – Ensuring Cyber Security for Your Business

mPowered IT is your go-to proactive partner in keeping IT systems secure and defended. We never leave things to chance or wait for a problem to arise – predicting and preparing for the threats of tomorrow will help ensure your valuable data is protected and your business continuity maintained.

 

6 Things You Should Have In Place to Protect your Systems

Protecting what matters

In the modern digital age, our businesses need the security and reliability of our IT systems and infrastructure. Any outage or loss can seriously disrupt the efficiency and security of business operations, potentially creating financial loss, and breaching industry compliance obligations.

Where to begin

The security of your IT should be a priority but how do you achieve it? You should start with these six key tools that give your business the best chance of preventing a cyber-attack.

Six tools to help protect your systems

Firewalls

A firewall protects the perimeter of your network by sifting inbound and outbound traffic. It looks for open ‘doors’ that could leave your system vulnerable to exploitation or take over from cyber criminals. A well configured firewall, (hardware or software) will allow or disallow permissions to enter your network for both people and data traffic. Perhaps most importantly, it monitors and protects information and data, making it much more difficult for data to be stolen. But a firewall alone, especially without continuous updates, will not serve you well for long.

Secure configuration

To achieve a secure configuration, you must implement a series of security measures when building and installing your computers and network devices. By doing this, you reduce your risk of becoming a victim of a cyber attack. Criminal hackers look to exploit your security misconfigurations to gain access to your system. Apply best practices to the way your network and systems are configured to prevent misuse and exploitation.

Access control

Between cyber security and company best practice access protocols, you should limit system access permissions on a ‘need to know’ or ‘need to access’ basis. Restricting access will stop staff from accessing files and folders that do not pertain to their role, while simultaneously limiting the potential reach should a cybercriminal successfully breach your system. Administration rights are seen as the `master key` for cyber criminals. Losing that key could have serious consequences for an individual computer or in the worst-case scenario, your entire network.

Malware protection

Malware protection comes in the form of software that is designed to protect IT and individual computers from malicious software. Malware is the umbrella phrase used to explain malicious software, or what is more commonly referred to as viruses. A virus is essentially designed to cause disruption or steal information from your network. One of the most common forms of malware is ransomware. Ransomware is used by the criminal as a means of locking out your access to your files & folders, sealing them behind the criminal’s own encryption key, only allowing you access after you pay a considerable ransom.

Patch management

Hackers are constantly working to exploit vulnerabilities within the software applications and operating systems you use every day. By employing patch management, you will keep your software up to date and secure by rolling out critical updates as they become available.

Education

There is absolutely no point in implementing all the above tools in your quest for cyber security without educating your staff. Everybody should be aware of best practices when it comes to navigating their cyber environment. Think of it like this — the tools you implement are the armor and the person inside is the soldier that uses them all. They are all there to help as best they can, but ultimately the quality of their defense comes down to the capabilities and knowledge of the person behind them.

How to begin your implementation

If you have an IT person, ask if all the above has been implemented. A lot of businesses just get a firewall and some form of malware protection installed and feel their security is covered. It’s not. Cybercriminals do nothing but look for new ways to attack. Your business cannot passively protect itself against an active, motivated, stalking, evil predator. So start with a conversation with whomever is responsible for your network security to get an idea what measures are in place. If that falls short, or you’re not sure, you need a good IT partner who will work with you, and your IT person, to ensure you have real, up-to-the-minute security measures in place, that are appropriate for your business and budget. The ideal partner will adopt a customer-first approach while having the technical knowledge and competency to see things as they apply to real world solutions and your business.

mPoweredIT – cyber security experts

At mPoweredIT we are proactive in keeping systems secure. We never leave things to chance or wait for a problem to arise. We take care of your business systems with the attention and care as if it were our own network on the line.

 

Your Own Employees are Your Biggest Threat

Your Own Employees are Your Biggest Threat – and Last Line of Defense Against a Ransomware Attack on Your Business

employees defense ransomeware

Major ransomware attacks are on the rise across the country, not just taking down single businesses, but entire infrastructure systems. The cybercriminals are gaining in sophistication, finding more clever ways to hack into your network. They hold your systems and data hostage and demand payment. What can your business do about it?

Train Your Employees! In the past, cybercrime was easier to notice and avoid. Today, the criminals are savvy and can fool even those who are watching and aware. Your employees are answering phone calls and emails all day every day, and they need to be well trained and hyper aware of the dangers around them. All it takes is one employee responding to a bogus email, or providing a bit of information on a phone call, to allow a cybercriminal access to your network. Most employees already know to ignore emails from people they don’t know, and never click a link from an unknown sender. But increasingly bogus emails are looking exactly like real ones. Phone calls can seem to be from legit sources, and the person on the other end knows exactly how to gain trust and extract information. mPowered IT CEO John Mamon is a huge advocate for training employees to protect the employer’s business. “We have extensive technology to protect businesses from all kinds of security threats, and they work extremely well,” he explained. “But one employee can innocently give a hacker enough info to get into your system and hold your data hostage. The employee won’t even know they did anything wrong.”

Small businesses are ripe for ransomware attacks Most small business don’t have real security measures in place, or the security they have is outdated and ineffective. Security measures have to keep innovating to stay ahead of cybercriminals, who spend all day every day thinking up more devious ways to get your data, take your money, or both. To stay ahead of the criminals, you need an MSP who focuses on security, stays ahead of security technology, and can train your employees to be the last line of defense. For more information, call mPowered IT at 678-389-6200 or visit mpoweredit.com.

Ransomware- The Rise of Cyber Extortion in Healthcare

mPoweredIT_Enforce Managed Security_Hacker

Today, it’s almost impossible to say the word “malware” without talking about ransomware. It is one of the most common and destructive forms of malware online today. Thieves take over your computer systems and hold your files hostage until you pay the ransom. Even if you decide to pay up, there is no guarantee you’ll get your files back or what condition they’ll be in. Nowhere is this cybercrime easier to see than in the healthcare industry, which continues to endure waves of the attacks.

While only 30 ransomware breaches in healthcare were reported in 2016, the number more than doubled to 64 the following year, according to a study by Protenus and Databreaches.net. The attacks are having a significant impact. Four of the five largest data breaches reported to the Office for Civil Rights (OCR) in 2017 were attributed to ransomware.

The jump in reports may be partially in response to new guidelines published by the OCR in July 2017. The document, released after a rash of attacks, clarified the OCR’s position that ransomware infections that encrypt protected health information (PHI) are presumed a HIPAA violation and must be reported – unless the victim can prove otherwise.

Of course, the jump may also be driven by a genuine increase in ransomware attacks, which was seen across many industries. A 59% increase in ransomware was observed year over year in 2017, according to McAfee Labs’ March 2018 Threat Report.

In study after study, researchers find ransomware to dominate the malware infections found in healthcare. More than 70% of malware-based security incidents involving PHI were attributed to ransomware in a Verizon report. That’s ten-times the number attributed to the second most-common type, RAM scrapers, which were found in just 7% of the incidents.

Examples of Cyber Extortion

Cyber extortion is a growing tend according to the OCR’s Jan. 2018 Cybersecurity Newsletter. The department predicts the threat “will continue to be a major source of disruption for many organizations.”

However, other types of cyber extortion have cropped up. They include the use of distributed denial of service (DDoS) attacks. This is when an attacker will render network systems unreachable to intended users, and then demand payment to end the flood of online traffic. Another type cited in the newsletter is perhaps the simplest of all. It occurs when an attacker steals sensitive data and threatens to publish or sell it unless payment is made.

Many varieties of cyber extortion are likely to emerge in the coming years as malicious outsiders continue looking for new ways to turn malware and hacking skills into profit.

What Can You Do About It?

You need an IT support partner who thoroughly understands both HIPAA compliance and network security, as they have to work in tandem to keep your medical practice secure and clear of HIPAA violations. To learn more, call 678-389-6200 or see HIPAA Compliance and Network Security for Medical Practices.

Top 5 Security Cyber Security Threats to Your Small Business

I hate to say it, but the bad guys are getting really good at taking advantage of businesses, and they’re making a mind-boggling amount of money off it. So, it’s not going to slow down, it’s just going to escalate. I want to let you know what the biggest cyber threats are, according to Webroot’s 2018 Cyber Threat Report, so you can make sure you’re not one of their statistics.

1. Phishing – Employees are taking the bait!

Phishing scams used to be almost laughably obvious – a Nigerian prince wanted to send you money! But now these scams are so cleverly disguised, it takes an eagle eye to spot one. It’s very easy for your employees to innocently click on what appears to be a legitimate link and open your business to thieves. Today’s phishing scams are more likely to be via email from what appears to be a company you already do business with. Employees need to be trained to never provide info or click links unless they’re absolutely sure they’re from a legitimate source. Talk to us about our Security Awareness Training.

2. Static Malware is history. Polymorphism is the new threat. 

Static lists were once the preferred method of keeping known malicious files from being downloaded onto machines. However, polymorphism’s popularity means static lists are useless in defending against malware. Tiny variations in malware binaries, ones that otherwise do not change their core functions, now prevent these lists from reliably filtering out threats. Of the hundreds of millions of executable files Webroot analyzes each year, 94% percent were polymorphic. We provide the latest in endpoint protection through our Enable program.

3. Cryptojacking uses your computers without your knowledge.

The best cons are the ones you never even know about. Cryptojacking involves hijacking the computing power of a machine and reassigning it to the task of cryptomining, the process of adding transactions to a blockchain leger in exchange for a small transaction fee. Over time, these efforts can lead to steady returns on little effort for cryptojacking operations. We have advanced security services that watch for unusual behavior on your systems.

4. Ransomware – Extremely quick and profitable!

This is one of the most frustrating and costly cybercrimes. Thieves take over your computer systems and hold your files ransom until you pay up. The worst part of it is, even if you go ahead and pay the ransom, there’s no guaranteed that you’ll actually get your files back, and if you do, they could be damaged or corrupted. Two major ransomware attacks in 2017 caused over $4 billion in losses in just 24 hours. Those grabbed headlines, but the truth is, ransomware happens on a smaller scale to small business every day. A layered security approach coupled with comprehensive backup systems is the best approach to thwarting Ransomware.

5. Malicious mobile apps

With nearly two billion smartphone users, and the enormous popularity of mobile apps, this is now a sweet spot for cyber criminals. Webroot found that one third of mobile apps are now built with malicious intent. In other words, they appear to be something fun or useful, but their actual purpose is to hack your phone.Be wary of applications you install on your phone and be sure to read what access they need to the data stored there.

What can you do about it?

The first line of defense is to make sure you train your employees and keep all systems updated. Those pesky reminders that you need to update your software should never be ignored. Updates are not just improvements in function or design, they also contain fixes of known vulnerabilities.

The next line of defense is to have a great IT partner who will focus on your security. We make it our priority to keep our clients’ networks secure against all known threats, and be informed of potential future threats. It costs so little to protect your business from cyber threats, especially when you consider how much even one small attack can cost in terms of lost revenue and reputation.

Give us a call and we can help you assess your vulnerability to cybercrime and show you how to avoid it.

Call 678-389-6200.

Web Analytics