Is your data safe from the Facebook data breach?

, , , , , , , ,

Businesses have made lots of money using social media to engage with current and potential customers for years now. But after a recent breach, some users are reevaluating Facebook’s reputation. Read on to know how this concerns you and if you must do something about it.

Last month, news broke that a firm known as Cambridge Analytica collected private data from over 50 million Facebook users. The British company supposedly used this information in 2016 to influence voter behavior during the US presidential election and UK’s Brexit campaign.

How did they harvest the data?
In 2015, a Facebook personality quiz app called “This is Your Digital Life” was created by Cambridge psychology professor Aleksandr Kogan. Around 270,000 Facebook users signed up and gave information about themselves in exchange for humorous results.

What users didn’t know was that Kogan’s firm, Global Science Research, struck a deal with Cambridge Analytica to share the information that was gathered. Aside from collecting information about the Facebook users, the app also mined some data about the users’ friends.

Information collected was based on:

  • Data from other platforms that are also owned by Facebook, including Instagram and WhatsApp
  • Advertisers and other third-party partners
  • Apps and websites which use Facebook services
  • Your location
  • The devices you use for Facebook access
  • Payments handled by Facebook
  • Your Facebook connections and networks
  • Messages, photos and other content that other users send to you
  • The information you disclose to Facebook
  • Your activities on Facebook

What happened to the sourced information?
Cambridge Analytica analyzed the collected data to create psychological profiles and invent better political drives to influence whom people would vote for. Although there is still a huge debate about how effective this plans were, there’s no doubt that tens of thousands of users were manipulated into signing away their data without knowing it.

What can I do to keep my information safe?
Remove third-party apps that use your Facebook account. Visit your “Settings” menu and go to “Apps”. You should see the list of all the services that are using information about your Facebook profile. Check on each app, and if you don’t need it or use it anymore, delete it to revoke its access.

If you need more information on how to keep your data secure, feel free to give us a call today!

Published with permission from TechAdvisory.org. Source.

What are watering hole attacks?

, , , , , ,

When talking about cyberattacks, the first one that usually comes to mind is phishing, a scam that uses email to spread malware or steal personal information. But hackers have a new method to infiltrate your systems, and it’s surprisingly effective. Here’s what you need to know about watering hole attacks.

What are watering hole attacks?
Much like phishing, a watering hole attack is used to distribute malware onto victims’ computers. Cybercriminals infect popular websites with malware. If anyone visits the site, their computers will automatically be loaded with malware.

The malware used in these attacks usually collects the target’s personal information and sends it back to the hacker’s server. Sometimes the malware can even give hackers full access to their victims’ computers.

But how does a hacker choose which websites to hack? With internet tracking tools, hackers find out which websites companies and individual users visit the most. They then attempt to find vulnerabilities in those websites and embed them with malicious software.

Any website can fall victim to a watering hole attack. In fact, even high-profile websites like Twitter, Microsoft, Facebook, and Apple were compromised in 2013.

You can protect yourself by following these tips.

Update your software
Watering hole attacks often exploit bugs and vulnerabilities to infiltrate your computer, so by updating your software and browsers regularly, you can significantly reduce the risk of an attack. Make it a habit to check the software developer’s website for any security patches. Or better yet, hire a managed IT services provider to keep your system up to date.

Watch your network closely
To detect watering hole attacks, you must use network security tools. For example, intrusion prevention systems allow you to detect suspicious and malicious network activities. Meanwhile, bandwidth management software will enable you to observe user behavior and detect abnormalities that could indicate an attack, such as large transfers of information or a high number of downloads.

Hide your online activities
Cybercriminals can create more effective watering hole attacks if they compromise websites only you and your employees frequent. As such, you should hide your online activities with a VPN and your browser’s private browsing feature.

At the end of the day, the best protection is staying informed. As cyberthreats continue to evolve, you must always be vigilant and aware of the newest threats. Tune in to our blog to find out about the latest developments in security and to get more tips on how to keep your business safe.

Published with permission from TechAdvisory.org. Source.

Gearing up for phishing scams in tax season

, , , , , , ,

Paying and filing taxes is already annoying without the threat of refund fraud or identity theft. But phishing schemes, especially during tax season, have become so widespread that you’ve probably already received spoofed emails or calls during the last few years. To maintain the security of your business, you and your employees need to be extra cautious with the emails you receive at tax time.

Phishing baits to watch out for

Phishing attacks often consist of fabricated or compromised emails sent to finance/payroll or human resources employees that are made to look like they’re from an executive in your company. The message might contain a request to forward employee records, including their W-2 forms, but that’s not all…

Another common scheme, which doesn’t only happen during tax season, involves getting a call from a person declaring to be an IRS employee. And no, caller IDs won’t save you because they can forge that, too. The phisher will inform you that you owe them cash from back taxes and they will threaten legal action if you don’t pay via credit card at that instant.

Always remember, the IRS will never contact you on the phone to let you know that you owe them money. And they certainly won’t threaten you or demand payment over the phone. If they really need to notify you of such matters, they’ll use the postal service and will give you a chance to discuss payment terms.

Standard protection protocols

Don’t worry, the usual security measures against these phishing scams are pretty easy to integrate into your business. Begin by developing a policy that bans the request of private details through email. If an employee ever requires such info, they should get in touch with the person directly, follow your established protocols for the transfer of sensitive information, and minimize the number of people involved in the transaction.

Taking security a step further

Data loss prevention (DLP) systems are also valuable weapons against these types of phishing attacks. They evaluate traffic going in and out of your company, such as web usage, emails and instant messages, and virtually anything sent on your network. DLP systems can filter out private details, including Social Security numbers, and stop them from being sent out.

But beware, DLP systems come with a minor drawback, as they can also block legitimate traffic, like when your accounting department sends tax info to your CPA. Fortunately, an MSP like us can properly segregate the good and the bad traffic to avoid confusing and/or frustrating your employees.

Phishing schemes may be a normal occurrence during tax season, but that doesn’t mean you can’t do anything about it. Don’t let the vulnerabilities in your business, particularly the human element, fall prey to cybercriminals. Send us a message right away and we’ll conduct an assessment of the security of your business, as well as design a risk management plan to help counter future complications.

Published with permission from TechAdvisory.org. Source.

Equifax finds more users hit by major breach

, , , , , ,

Everyone thought the worst was over when credit-reporting agency Equifax revealed that the credentials of 145.5 million people in the US were leaked. However, the company recently discovered that there are more victims from the major breach. Here’s everything you need to know.

What happened?
On March 1, Equifax reported that the names and driver’s license numbers of approximately 2.4 million Americans were stolen. According to the company, sensitive information like home addresses, home states, or the license issue and expiration dates were not leaked. Equifax said these breaches were discovered only recently because their forensic investigations primarily focused on stolen Social Security numbers.

In response, the company said that anyone affected would be notified directly. They’re also now offering a security program designed to prevent identity theft and credit tampering. However, given the company’s poor track record, not many are willing to enroll.

When the company first announced the breach in September last year, the tool used to check whether an account had been hacked didn’t work and came up with false positives. Fortunately, there are other things you can do to protect yourself.

Monitor your credit
Consider looking through your credit reports for any suspicious spending. If you spot any new accounts, loans, and other payments you don’t recognize, contact your credit card company to report fraudulent transactions.

Check the dark web
Compromised data is often sold to the highest bidder on the dark web, so most Equifax data can probably be found there. To see whether your personal information has indeed been compromised, sign up for dark web monitoring services. Then consult with a security professional to discuss your options.

Place a credit freeze
One way you can prevent hackers from opening credit cards and making payments in your name is to freeze your credit. When you implement this, anyone masquerading as you will be required to provide a PIN to unfreeze your account. Contact the credit bureaus (Equifax, Experian, TransUnion) to activate this service.

Set fraud alerts
When you set a fraud alert, credit card companies and businesses must verify your identity before opening an account or making any payments. Together with a credit freeze, alerts will make it extremely difficult for hackers to steal your identity.

Learn to identify phishing scams
Because Equifax is notifying data breach victims directly through email, hackers could take this opportunity to send fake messages that direct users to dangerous websites. As such, knowing how to identify phishing scams (suspicious URL links, attachments, and spelling errors) is vital.

Dealing with data breaches is a long and frustrating process, especially for businesses that just want to focus on growing their operations. So if you have any security concerns, call us today. We have the cybersecurity expertise to protect you.

Published with permission from TechAdvisory.org. Source.

Chrome users panic as new scam spreads

, , , , , , , , , ,

During the previous quarter, fake Chrome notifications urging users to dial a tech support number have grown dramatically. Research reveals that this tech support scam could possibly use an Application Programming Interface (API) to freeze the browser, convincing the user to get in touch with the support line and share their credit card details.

The End Game

The scam works by displaying an error message indicating a bogus security breach incident that renders a browser unusable. These scammers capitalize on the fact that a serious crash can’t be solved by simply closing the site, thereby sending the users into a panic. This encourages them to dial the number listed on the warning message.

On the other end of the line, the scammers would pose as Microsoft or Apple representatives to convince users into surrendering their credit card details to repair a non-existing security issue. The scams are generally carried out through legitimate sites or malicious ads that have been hacked.

The Ingenious Process

This new scam operates against Chrome by corrupting the window.navigator.msSaveOrOpenBlob programming interface, which basically uses it as a form of distraction. The hackers manipulate the browser and forces it to save a random document on a disk repeatedly at super fast intervals that are impossible to notice. After five to 10 seconds, Chrome will be completely unresponsive.

The Easy Fix

To recover, Windows users simply have to open Windows Task Manager (press ctrl + shift + esc keys) and stop the process there. On the other hand, macOS users just need to wait until a system message prompts them to close the unresponsive Chrome tab. Typically, the latter is a more appealing option since users would have the freedom to close only the corrupted page. Manually closing the whole browser means possibly losing unsaved files in any open Windows.

When faced with IT-related issues, you need to determine how you can approach them calmly. The threats in the digital world may be terrifying and intimidating, but causing a panic in your workplace isn’t the answer. Call us as soon as any problems arise, and we’ll help you as soon as we can. We can even hook you up with other security measures to beef up your network security.

Published with permission from TechAdvisory.org. Source.

Don’t fall for distributed spam distraction

, , , , , ,

One of the most frustrating things about using email is seeing dozens of spam messages every day. Fortunately, they’re just minor annoyances that are easy to remove from your inbox. However, hackers have developed a way to make spam much more insidious. Here’s what you need to know about modern spam attacks.

Understanding DSD
Distributed Spam Distraction (DSD) is designed to inundate your inbox with thousands of nonsense emails. There are no dangerous links, ads, or attachments involved, just random excerpts of text stolen from books and websites. What’s more, the email and IP addresses used are all different so victims can’t simply block a specific sender.

These attacks last anywhere from 12 to 24 hours and can flood inboxes with as many as 60,000 messages. While they may seem like harmless annoyances, the true purpose of DSD is to draw victims’ attention away from what hackers are doing behind the scenes.

And what they’re doing is exploiting your personally identifiable information (PII) to make unauthorized purchases or pilfer cash directly from your accounts. The DSD acts as a sort of smokescreen to hide payment confirmation messages behind a deluge of spam messages.

New tactics
Over the years, hackers have developed new tactics involving DSD. Several reports have shown that, instead of nonsensical emails, hackers are using automated software to have their targets sign up for thousands of free accounts and newsletters to distract them with authentic messages. This allows DSD blasts to slip past spam filters that have been designed to weed out malicious code and gibberish text used by traditional DSD attacks.

What’s even more worrying is that any ill-intentioned individual can go to the dark web and pay for DSD services. They just have to provide a hacker with their target’s name, email address, and credit card numbers — all of which can also be purchased in the dark web — and pay as little as $40 to send 20,000 spam messages.

How to stop it
DSD is a clear sign that one of your accounts has been hijacked, so whenever you receive dozens of emails in quick succession, contact your financial institutions to cancel any unfamiliar transactions and change your login credentials as soon as possible. It’s also important to update your anti-spam software (or get one if you don’t have one already) to protect your inbox from future DSD attacks.

Hackers only initiate DSD attacks after they’ve obtained their target’s email address and personal information, so make sure your accounts and identity are well protected. This means you should regularly change your passwords and pins, enable multi-factor authentication, set up text alerts for whenever online purchases are made in your name, and be careful about sharing personal information.

For more tips on how to deal with DSDs or other cyberattacks, call us today. We offer powerful tools and expert advice that will ensure your business’s safety.

Published with permission from TechAdvisory.org. Source.

Enlist IT help when installing CPU updates

, , , , , , , , , , , , , ,

When it comes to security updates, time is usually of the essence. The longer you wait to install a fix from a vendor, the higher the risk of being compromised. But in the cases of the Meltdown and Spectre flaws, you might be better off waiting until a more reliable patch is released. Let’s review what’s going on and what the best course of action currently is.

Unsecured data storage

Spectre and Meltdown are the names given to two hardware flaws that allow hackers to see any piece of information stored on your computer. Although slightly different in execution, both take advantage of a hardware feature that computer chips use to access and store private information. For the last 20 years, security experts believed this information could not be stolen or spied on by malicious software, but that assumption was proven false on January 3, 2018.

Now that the Spectre and Meltdown vulnerabilities are public information, hackers can use them to create programs that steal passwords, social security numbers, credit card numbers, and anything else you type into your computer.

Because these problems are hardware-based, none of the updates will be able to secure the vulnerable storage; they’ll simply prevent your computer from storing anything in it. Currently, there are patches for:

  • Operating systems (Windows, macOS, and Linux)
  • Web browsers (Chrome, Firefox, Safari, Edge, and IE)
  • Chip firmware (low-level programs installed on the processor itself)

If you’re using an Apple computer, these updates are relatively easy to install. If you’re using a Windows or Linux-based computer, these patches may cause your machine to freeze, reboot unexpectedly, or significantly slow down.

Why should I wait to install the updates?

Intel, one of the chipmakers responsible for the Spectre and Meltdown flaws, has provided contradictory recommendations on more than one occasion. As recently as January 18, Intel recommended waiting for an updated patch, but in the same announcement also recommended “consumers to keep systems up-to-date.”

Experts believe detecting an attack that is based on one of these flaws will be relatively easy and represent an alternative to installing updates that could render your computer unusable.

What should I do?

IT support experts will be able to quickly and easily assess what is the best option for your computers. For example, our team can determine whether or not your hardware will conflict with the current patches, and either install them or set up a detection strategy that will help you mitigate the risks without ruining your computer.

If you need expert IT support for quick responses and ironclad security — give us a call today.

Published with permission from TechAdvisory.org. Source.

Beware of what you save in web browsers

, , , , , , , ,

Passwords are a double-edged sword. If you make them too simple, they’ll be easy to guess; if you make them too complex, they’ll be impossible to remember. One solution is to create an uncrackable password and save it to your browser. Unfortunately, recent research suggests that tactic could drastically reduce your privacy.

Why auto-fill passwords are so dangerous

In 2015, the average internet user had 90 online accounts, a number that has undoubtedly grown since then. This has forced users to create dozens of passwords, sometimes because they want to practice healthy security habits and other times because the platforms they’re using have different password requirements.

Web browsers and password manager applications addressed this account overload by allowing usernames and passwords to be automatically entered into a web form, eliminating the need for users to hunt down the right credentials before logging in.

The process of tricking a browser or password manager into giving up this saved information is incredibly simple. All it takes is an invisible form placed on a compromised webpage to collect users’ login information without them knowing.

Using auto-fill to track users

Stealing passwords with this strategy has been a tug-of-war between hackers and security professionals for over a decade. However, it has recently come to light that digital marketers are also using this tactic to track users.

Two groups, AdThink and OnAudience, have been placing these invisible login forms on websites as a way to track which sites users visit. These marketers made no attempts to steal passwords, but security professionals said it wouldn’t have been hard to accomplish. AdThink and OnAudience simply tracked people based on the usernames in hidden auto-fill forms and sold that information to advertisers.

One simple security tip for today

Turn off auto-fill in your web browser. It’s quick, easy, and will go to great lengths to improve your account security.

  • If you use Chrome – Open the Settings window, click Advanced, and select the appropriate settings under Manage Passwords
  • If you use Firefox – Open the Options window, click Privacy, and under the History heading select “Firefox will: Use custom settings for history.” In the new window, disable “Remember search and form history.”
  • If you use Safari – Open the Preferences window, select the Auto-fill tab, and turn off all the features related to usernames and passwords.

This is just one small thing you can do to keep your accounts and the information they contain safe. For managed, 24×7 cybersecurity assistance that goes far beyond protecting your privacy, call us today.

Published with permission from TechAdvisory.org. Source.

Phishing alert: scammers now use encryption

, , , ,

When you visit an encrypted website, the connection between the source of the web page and your browser is secure. Encryption ensures users’ browsing habits are safe from hackers’ prying eyes, but phishing scammers have found a way to adopt it for their own schemes.

How hackers use encryption to carry out phishing scams

According to recent research, 24% of phishing scams in 2017 use web encryption — an astounding increase from last year’s 3%. This means more HTTPS sites may not be truly safe.

Phishing scammers rely on their victims to do what they ask, which is why it’s so effective. And with this new trick, unsuspecting users are more likely to be deceived. What makes this encryption-aided scam even more effective — and dangerous — is that it makes hackers’ phishing email or text that much more authentic-looking.

For example, if you receive an email that purports to be from Amazon and includes a link to an encrypted site, there’s now a slightly higher chance you’d believe this email is the real deal. Clearly, if you’ve never purchased anything from Amazon, you’d know that this is a fake. But then again, there are millions of Amazon customers who could be misled into thinking that that email is legitimate.

Does encryption mean a safer internet?

With organizations like the Internet Security Research Group and Google promoting encryption, the world wide web should be a safer place, but that’s not necessarily the case. In fact, encrypting more legitimate websites could simply result in an increased number of encrypted phishing sites.

It may also be useful to know that not all phishing sites use encryption. Many phishing scams are still carried out using websites that may or may not be encrypted.

What you can do to ensure safety

This isn’t meant to cause panic, and despite this new phishing tactic, encryption is still an essential security tool that every business must implement.

Websites with HTTPS are still much safer than unencrypted ones. This is why it’s more important than ever to be vigilant when visiting suspicious sites and clicking on links. If you receive an email from PayPal asking you to verify your bank account details or password to a seemingly secure link, be wary. Some phishing scams are easy to detect, but some are not.

Practice extreme caution when responding to requests for sensitive data. Consider the source of the message, think before clicking, and don’t hesitate to seek the advice of an expert in case you have doubts. Phishers succeed only if you do what they ask you to do.

Phishing and other cyber scams are constantly getting upgrades, and no single solution can prevent hackers from attacking you. But your business could be much safer with the right cyber security protections in place. If this is exactly what you need, get in touch with our cyber security technicians.

Published with permission from TechAdvisory.org. Source.

1 2 3 4»

6749 S. Westnedge Ave

Suite K, #128

Portage, MI 49002-3556

Southwest Michigan: (269) 290-7137

St. Louis: (314) 558-0623

Toll Free: (877) 288-5527

© 2022 Brain Trust Technologies, LLC. All Rights Reserved