Phishing alert: scammers now use encryption

, , , ,

When you visit an encrypted website, the connection between the source of the web page and your browser is secure. Encryption ensures users’ browsing habits are safe from hackers’ prying eyes, but phishing scammers have found a way to adopt it for their own schemes.

How hackers use encryption to carry out phishing scams

According to recent research, 24% of phishing scams in 2017 use web encryption — an astounding increase from last year’s 3%. This means more HTTPS sites may not be truly safe.

Phishing scammers rely on their victims to do what they ask, which is why it’s so effective. And with this new trick, unsuspecting users are more likely to be deceived. What makes this encryption-aided scam even more effective — and dangerous — is that it makes hackers’ phishing email or text that much more authentic-looking.

For example, if you receive an email that purports to be from Amazon and includes a link to an encrypted site, there’s now a slightly higher chance you’d believe this email is the real deal. Clearly, if you’ve never purchased anything from Amazon, you’d know that this is a fake. But then again, there are millions of Amazon customers who could be misled into thinking that that email is legitimate.

Does encryption mean a safer internet?

With organizations like the Internet Security Research Group and Google promoting encryption, the world wide web should be a safer place, but that’s not necessarily the case. In fact, encrypting more legitimate websites could simply result in an increased number of encrypted phishing sites.

It may also be useful to know that not all phishing sites use encryption. Many phishing scams are still carried out using websites that may or may not be encrypted.

What you can do to ensure safety

This isn’t meant to cause panic, and despite this new phishing tactic, encryption is still an essential security tool that every business must implement.

Websites with HTTPS are still much safer than unencrypted ones. This is why it’s more important than ever to be vigilant when visiting suspicious sites and clicking on links. If you receive an email from PayPal asking you to verify your bank account details or password to a seemingly secure link, be wary. Some phishing scams are easy to detect, but some are not.

Practice extreme caution when responding to requests for sensitive data. Consider the source of the message, think before clicking, and don’t hesitate to seek the advice of an expert in case you have doubts. Phishers succeed only if you do what they ask you to do.

Phishing and other cyber scams are constantly getting upgrades, and no single solution can prevent hackers from attacking you. But your business could be much safer with the right cyber security protections in place. If this is exactly what you need, get in touch with our cyber security technicians.

Published with permission from TechAdvisory.org. Source.

Hackers KRACK WiFi security

, , , , , , , ,

For ages, most people assumed that setting a strong password on their WiFi router was enough to prevent cyberattacks, but recent events prove otherwise. Two Belgian security analysts have found a serious weakness in WiFi networks, called KRACK, that puts your wireless devices in danger.

What is KRACK?
Simply put, KRACK, short for ‘key reinstallation attack,’ allows hackers to bypass WPA2 — a security protocol used by routers and devices to encrypt activity — and intercepts sensitive data passing between the mobile device and the wireless router, including login details, credit card numbers, private emails, and photos.

In extreme cases, KRACKed devices can be remotely controlled. For example, hackers can log in to your surveillance systems and shut them down.

What’s worse, Internet of Things devices — like smart thermostats and IP cameras — rarely receive security fixes, and even if some are available, applying patches are difficult, as these devices tend to have complex user interfaces.

The good news, however, is you can do several things to mitigate the risks.

Download patches immediately
According to recent reports, security patches have already been released for major platforms, including iOS, Windows, and Android. Router manufacturers such as Ubiquiti, Mikrotik, Meraki, and FortiNet have also issued firmware updates, so make sure to install them as soon as possible.

Although IoT patches are rare, consider getting your smart devices from reputable vendors that push out updates regularly. It’s also a good idea to contact a managed services provider to install the updates for you.

Use Ethernet connections
Some wireless routers don’t yet have a security patch, so while you’re waiting, use an Ethernet cable and disable your router’s wireless setting. Turn off the WiFi on your devices as well to make sure you’re not connecting to networks susceptible to KRACK.

Stay off public networks
Free public WiFi networks — even ones that are password-protected — in your local cafe should also be avoided because they usually don’t have holistic security measures in place, making them easy targets for cybercriminals.

Connect to HTTPS websites
If you do need to connect to a public WiFi hotspot, visit websites that start with “HTTPS,” and stay away from ones that are prefaced with “HTTP.” This is because HTTPS websites encrypt all traffic between your browser and the website, regardless of whether the connection is vulnerable to KRACK

Hop on a Virtual Private Network (VPN)
You can also use a VPN service to hide all network activity. Simply put, VPNs encrypt your internet connection so that all the data you’re transmitting is safe from prying eyes.

Although the potential impact of a KRACK hack is devastating, security awareness and top-notch support are the best ways to stay safe online. Want more security tips? Contact us today.

Published with permission from TechAdvisory.org. Source.

5 security measures made easy

0 Comments , , , , ,

2016July14_Security_CLet’s face it, keeping yourself free from online threats can be a pain: using different passwords for every site, changing them every three months, using advanced encryption, the list goes on and on. You either end up paranoid of being online or give up altogether. We’ve organized 5 simple cybersecurity measures that we promise anyone can implement.

1. Two-Factor Authentication

Did an attacker get your password? With two-factor authentication they’ll still need your mobile device to do any damage. Here’s how it works: every time you log into a service that requires a password, the service will send a code to your mobile device for another layer of authentication. Nowadays, most internet services have this option: Google, Facebook, Twitter, Instagram, Skype, Slack, etc. Check a full list here to see if you could be using two-factor authentication on any of your online accounts.

2. Password Manager

Say goodbye to the bygone era of memorizing a long list of different passwords for the various websites and services you use. Password manager software may have been around for a long time, but it’s still a viable solution for improving your login integrity. After installing it, all you need to do is create one secure master password and let the software do the rest. It will store and encrypt all of your passwords in one place for future reference and help generate random, more secure passwords for any new logins.

3. Keep All Software Up to Date

Update all of your software and your operating system as often as possible — it’s that simple. New versions come with better protection and fix any newly discovered loopholes. If you are too busy or can’t find the time to do it, check for an automatic update option. Any excuse for postponing updates will feel a lot less valid when it means a security breach or system crash.

4. Disable Flash Player

Adobe Flash Player may be what allows you to play Candy Crush during your work breaks, but it has boasted such a poor security record that most experts recommend that users block the plugin entirely. Most internet browsers have the option to block Flash by default, while allowing you to enable blocked content you deem acceptable by simply right-clicking and selecting Run this Plugin.

5. HTTPS Everywhere

When dealing with technology, long acronyms tend to scare off novice users before they even make it to step two. But don’t panic, there’s only one step to this trick. ‘HTTPS Everywhere’ is a browser extension that forces your browser to automatically navigate to sites using a secured encryption, if the site allows it. The thing is, a significant percentage of websites offer HTTPS connections but don’t present them as the default. When that’s the case, ‘HTTPS Everywhere’ gives your browser a gentle nudge in the right direction.

While in-depth security measures need to be implemented and managed by experts, little steps like the ones listed here can be just as important. Check back often for more helpful cybersecurity tips, but if you have more urgent security needs for yourself and your business, our experts are ready and waiting to offer a helping hand — why not reach out to us today?

Published with permission from TechAdvisory.org. Source.

6749 S. Westnedge Ave

Suite K, #128

Portage, MI 49002-3556

Southwest Michigan: (269) 290-7137

St. Louis: (314) 558-0623

Toll Free: (877) 288-5527