August 29th, 2013
The instances of phishing attacks is on an aggressive rise. Over the past 12-months, the number of users who have experienced a phishing attack has risen 87-percent, from 19.9-million to 37.3-million.
During that time, there have also been multiple high-profile attacks, whose victims have included Twitter and the New York Times. Anyone can be a victim to a phishing attack and the rise in victims seems to indicate an increase in the number of threats online. It also suggests that more users need to understand the risks and how to avoid them.
Brian Clark Howard delved into this topic for National Geographic to help educate users so they may be able to avoid phishing attacks in the future.
A phishing attack refers specifically to an online scam use social engineering to coerce users in giving up personal information like social security numbers, bank account information and phone numbers. The most common means of phishing comes through spam emails. These emails are sent to hundreds or thousands of recipients and made to look like official correspondence from banks, service providers or even government agencies. Some include the threat of termination of service, while others will promise money or deals.
Spear phishing is an attack specifically targeting an individual or organization. By using information gleaned from other places, a hacker will put together an email that seems more legitimate because it will include information about you that a random person shouldn’t know.
This is usually how large-scale enterprises get hacked. They’re specifically targeted and employees are tricked into giving out their log in information, which opens the door for hackers to access the company’s network.
Anyone using email is at risk of a phishing scam. Trusting your spam filters helps to avoid many of the lazier phishing attempts, but you’ll also need to be wary of unsolicited emails asking for information you wouldn’t feel comfortable giving out to just anyone. Attachments, links, misspelled words and bad grammar are all signs that the email isn’t legitimate. In nearly every case, it’s better to contact a company by phone instead of replying to an email with personal information.
If you do fall for a phishing scam, you should immediately take action to change your passwords and monitor accounts closely for strange activity.
For help keeping your email secure and beefing up spam filters, contact Geek Rescue at 918-369-4335. We’ll help keep hackers out and your information secure.
August 28th, 2013
Recognizing that an account that you use often has been hacked is fairly easy. Recovering from a hack is much more difficult.
Matt Cutts, head of Google’s Webspam team, recently tackled this issue on his blog. As he notes, not only do you need to make sure the hacker no longer has access to any of your accounts, but you also need to safeguard for the future.
In the event that you have a hacked account, here’s what to do.
Take this opportunity to make passwords stronger using numbers, symbols and both upper and lowercase letters. If you’re changing multiple accounts, make sure you’ve secured your email address first. Otherwise, a criminal could have access to emails from other accounts informing you about your new passwords.
For Google accounts, and most email and social media accounts, you should be able to see when your account was last active. If you’re being told that someone accessed this account within the hour and it wasn’t you, you know there’s still a problem. You should also be able to find out where other users are logging in from.
For email accounts, a hacker may have set your address to forward to his. For other accounts, check to make sure your email address is still the one associated with the account.
- Consider two-factor authentication
This method is available for most accounts and requires both your log-in and password in addition to a code the website send you, usually over text message. This adds another layer of security and throws in an additional pass code that outsiders shouldn’t know.
Unfortunately, even if you’re careful you run a significant risk of a hack. Knowing how to recover quickly and re-secure your account is important so you don’t lose more than you have to.
For help with security at home or the office, contact Geek Rescue at 918-369-4335.
August 28th, 2013
Is your organization the target of a cyber attack? Almost definitely, yes.
John P. Mello reports for CIO that “about half of global organizations have suffered a cyber attack in the last year”.
What you should take away from that statistic is that every organization is at risk, regardless of size, who they cater to and what industry they’re in.
Here’s why an attack is such a major concern for any business. About 65-percent of attacks result in a loss of revenue because of system and employee downtime. About 19-percent result in the loss of potentially valuable data. If you aren’t protecting yourself properly, you’re inviting criminals to affect your bottom line.
Many of the cyber attacks that affect businesses worldwide are not of the targeted variety. A targeted attack implies that an individual hacker or group specifically came after your company for a reason. That reason can be because they wanted specific data, or just because they don’t like your company.
If an attack isn’t targeted, it’s usually the result of bad surfing practices by employees or lax security. Hackers unleash malware on the public with no specific target in mind and wait for their tactics to pay off. Clicking a bad link, opening spam email or downloading a file all opens the door for these attacks.
Detection of these attacks is key. Just as stopping a virus attacking a human body is easiest when detection is early, early detection of a cyber threat makes stopping the threat and closing the gap in security much easier.
To improve your company’s security, call Geek Rescue at 918-369-4335. We offer a customized approach to safeguard your data and network.
August 26th, 2013
Data security for all types of businesses is a hot topic. Strangely, there are still many that subscribe to the theory that data theft won’t happen to them because they either have nothing of value or because they are too small to be targeted.
Thor Olavsrud reports for CIO that about two-thirds of industrial executives at midmarket firms said they were “at little or no risk”. Even though that’s down from about 77-percent a year ago, the large number of decision makers who don’t make security a priority is exactly why their firms become a target.
While larger companies tend to embrace the security risks they face, small to medium sized companies often feel they can get away with less security because larger companies will be targeted instead. If you’re a hacker, however, would you go after the company with robust security, or the company with next to none?
The belief that a company’s data is not valuable is also a false assumption. Even without a desire for access to the data you use to run your business, a cyber criminal will want personnel files, which contain social security numbers, personal identifiable information and financial information. This is data kept by any company, no matter how big.
Without the proper security measures in place, a business will have a difficult time knowing what’s been compromised, or even if they’ve been hacked at all. That makes recovery more difficult. It also makes it next to impossible to take necessary precautions to prevent stolen data from costing you more.
Data security is extremely important for any business. Those that feel they don’t need security are actually advertising themselves as ideal targets. To build an effective security infrastructure for your business, contact Geek Rescue at 918-369-4335.
August 23rd, 2013
When spam email arrives in your inbox, it’s easy to ignore it, delete it and forget about it, right? Well, maybe not so easy for many of us.
As Chris Matyszczyk, of CNet, reports, a recent study found that about 30-percent of people knowingly, willingly opened an email that they knew, or at least strongly suspected, was spam. Why? Sometimes, the promise of something too good to be true is too good to pass up.
To make matters worse, about 9-percent of people willingly downloaded attachments included in the spam email. So, they thought it was spam, opened it anyway and downloaded the attachment. Sometimes, we make it too easy for the hackers.
Those hackers, however, don’t make it easy for users. It’s because of the social engineering they employ that it’s so enticing to open messages we know we shouldn’t. The most popular tactics are the promise of money, sex or a new friend.
This behavior is why having antivirus software installed on your computer isn’t enough to keep you fully secure. It is this human error that often causes viruses and malware to infect your PC and steal your data.
These tempting spam attacks extend beyond your email inbox, as well. You’ll see similar tactics used on social media and in text messages. You’ve likely already received a text from an unknown number informing you that you’ve won some money or are entitled to a free gift card. When those arrive on our smartphones, it’s easy to identify them as spam, but sometimes it’s much more difficult to delete them and move on.
If you’d like to improve the security on your email, or need to clean and fix a device that’s infected with malware, contact Geek Rescue at 918-369-4335. We understand spam is tricky, but we will fix whatever harm has been done.
August 23rd, 2013
Imagine your text alert on your smartphone goes off. You eagerly check your new message and find that it’s from an unknown number telling you that your email account has been hacked. The message informs you that you’ll need to text back a word or phrase that they give you, likely to verify your identity or something. What do you do next?
The Federal Trade Commission is warning the public not to text back. These text messages are part of a new scam and the target is your personal information.
When you reply to these texts, the scammers gain information about you and your smartphone. This gives them the tools they need to access your data and compromise your accounts.
Even though plenty of people around they world learn the unfortunate news that their email has been hacked, there probably aren’t many, if any at all, that are warned via text message from their email provider. If you are contacted about a compromised account, be it your email, bank account or credit card, the company will likely do it on a more secure channel.
These text messages may also include a link for you to follow for more information or continue the process of fixing your email. These links are tempting as you want to find out more information, but don’t click them. Just by following the link, you’ll likely be installing malware onto your device, which hackers use to monitor your activity and steal your data.
What you can do is alert your phone’s provider about the message. Most of the large providers have a spam number you can call, or forward these text messages to.
If you feel that malware, or any other type of malicious software, has been installed on your phone or your smartphone is just not performing like it should, contact Geek Rescue at 918-369-4335. We fix smartphones.
August 22nd, 2013
A new spear phishing attack has prompted a public service announcement from from the FBI’s Cyber Division. The attack uses an email made to look like it’s from the National Center for Missing and Exploited Children.
Spear phishing is a targeted attack that attempts to gain access to accounts or data. Their targeted nature usually suggests those responsible are trying to steal something specific from those receiving the email. Put another way, if you receive the email, you have something the hackers want.
This particular attack contains the subject “Search For Missing Children” and has a .zip file attached. This file contains three malicious files included, which are harmful to your computer and could steal or log your information.
Implementing better security is a great step in avoiding these types of attacks, but practicing better internet habits is key. Regardless of who it’s from, you should be wary of any unsolicited email with attachments that arrives in your inbox. Some of these attack emails also contain links that should also be avoided.
If you’ve seen this specific email spear phishing attack, or one similar, you’re urged to report it to the FBI.
To safeguard yourself or your company against these attacks and other malicious attempts to infiltrate your network, contact Geek Rescue at 918-369-4335. We have a variety of security solutions to help you and will educate you on how to stay secure.
August 16th, 2013
Getting hacked, having data stolen and money lost is at the front of everyone’s mind. Unfortunately, there’s no way to guarantee that you’re 100-percent safe. Your security will never be unbreachable, no matter how much effort you put into it.
Tom Cochran, of Entrepreneur, calls your efforts to protect yourself against cyber crime “a battle of asymmetry”. Put simply, there are too many vulnerabilities for you to monitor all of them and keep them secure.
This certainly doesn’t mean security shouldn’t be a concern. Even though the reality is you can’t be completely impenetrable, you should still strive to be as secure as possible.
Verizon reports that 79-percent of hacking victims were targeted simply because of opportunity. This means their security was woefully insubstantial and they were targeted because hackers found them to be an easy target. Of those targeted because of opportunity, 97-percent of them were avoidable with simple tools added to their security.
It’s a bit like the old saying about escaping a bear attack. You don’t have to be faster than the bear. You just have to be faster than those around you. You need to have the best security possible to dissuade cyber criminals from even trying to hack your network. If you make it difficult on them, they’ll look elsewhere. Here are a few ways for you to improve your security.
- Password Protected Everything
Businesses have attempted to make more and more of their data available from anywhere, which also means outsiders have the opportunity to hack into your network from anywhere. Passwords on devices and applications help to keep out those who shouldn’t have access. If you’re in doubt about whether an element you use needs a password, add one.
- Strong, Memorable Passwords
Password protection is useless if the password is easily broken. Use a combination of numbers, both upper and lower case letters, and symbols. Make your password eight characters or more. Try not to use whole words or information, like the names of your kids or pets, readily available on social media.
This doesn’t mean your password should be so nonsensical that you’ll never remember it. Passwords should still mean something to you, but be clever and use acronyms or other tricks to make your password strong.
We’re not advocating dancing here, but rather two-step verification. This means, in addition to password protection, there’s another layer of protection required for log in. Usually, this is a code given over the phone or via text message.
For social media, email or cloud services that are accessible by anyone, two-step verification is needed. After all, if the site is available to anyone, then anyone could be trying to break in.
Again, these tips don’t seal up your data entirely. Unfortunately, you are always at a risk of being hacked. But the more effort you put into your security, the more slight your chance of being hacked is.
To discover better security options for your business, or personal accounts, call Geek Rescue at 918-369-4335.
July 23rd, 2013
We all have mobile phones. In fact, an often quoted statistic floating around the web claims more people have cell phones than have toothbrushes. Whether or not you believe that, you have to believe that hackers view phones as a juicy target.
You may not realize that it’s your SIM card that could be most vulnerable. That tiny little card usually found parked next to your battery gives away a lot of information. Jeremy Kirk, of PC World, reports that their are 7-billion SIM cards currently in use worldwide and many still use a weak form of encryption capable of being broken in mere minutes.
You may still be wondering exactly how outdated encryption from your SIM card results in your data being stolen. Let’s say a cyber criminal sends a piece of code, which can be anything but in this case we’ll call it a malicious software update, over SMS to your phone. Your phone rejects that code because it wasn’t authenticated by a trusted source. However, your SIM card responds with an error message carrying it’s encrypted key. Once that encryption is broken, the cyber criminal has the key and can send any malicious software they want to your phone and your device will accept them as coming from a trusted source.
SIM cards were thought by many to be the final piece of unhackable tech in your phone. These new revelations reveal that new security measures are needed to protect you from evolving cyber crime tactics. In order to keep your phone secure and your data safe, contact Geek Rescue at 918-369-4335. We use the latest security software and measures to keep criminals out of your private data.