by Felicien | Jan 23, 2020 | Education
Small Town Reeling After BEC Scammers Get Employee to Wire $1M
Would you fall for this scam that cost a small town $1M? Find out what a BEC scam is, how it works, and what you can do to keep your company from falling victim.
What would you do if you found out your employee just cost you a million dollars? We’ll just guess they probably wouldn’t stay working for you much longer.
The little town of Erie, Colorado, was recently faced with this scenario. Hackers used a Business Email Compromise (BEC) scam to deplete the town’s savings.
Don’t know what a BEC scam is? You should. Here’s what you need to know
What Is a BEC Scam & How Does It Work?
BEC scams are targeted and sinister. In this scam, a hacker gains access to the business email someone in C-suite, or of similar power.
Once inside, they monitor the account to determine who among your staff they should target from that account for financial gain. Once they’ve identified the person who holds the purse strings, they send that person an email from your account with instructions to wire money somewhere.
If the person who receives the email is suspicious, hackers don’t want their cover blown. So they may also mess with your email rules so that any emails received with words like “scam”, “is this a joke” or “please verify” in them automatically get deleted.
They may target several people to see who takes the bait. And the scammers use the principle of social engineering to convince people to comply.
In the case of the Erie BEC scam, the criminals were able to find a real account payable and request that the employee change where the payment was sent.
This gave legitimacy to the request that reduced suspicion.
How Do Hackers Get Access to Your Email?
The most common way to hack your email is through a phishing email scam. The fraudster may send an email to you that looks like it’s from your email service provider. They then trick you into giving up your password by having you log into a spoofed website or download malicious key-tracking software.
If your business email is through Microsoft, Google or another company with many product lines that use a single password, they can get it in a roundabout way, further lowering your guard.
If you don’t have a strong password, they may also be able to guess it by following the bread crumb trail all of us leave online.
How Do You Protect Against BEC Scams?
BEC scams are convincing. You’re dealing with professional con artists, not hacker hobbyists. Because of that, you need a multi-faceted plan, which will include email scam security solutions like:
Employee education
Having a clear verification process including additional safeguards when changing where payment is sent or when other red flags go up
Email server monitoring for suspicious activity
Strong password policy with two-step verification along with enforcement
Spam filters, which reduce the risk of you or someone else in C-suite seeing the spoof email in the first place.
Up-to-date malware protection
And above all, stay informed about scams and schemes like these. Criminals constantly adapt their strategies. Don’t fall for it. Follow our blog to stay up-to-date.
by Felicien | Jan 16, 2020 | Education
Learn about juice jacking and how to prevent you or employees from becoming a victim.
Here’s a new cyber threat to worry about: Juice Jacking. Read on to learn what about juice jacking and how to prevent yourself or employees from becoming a victim.
What Is Juice Jacking?
One common feature of modern smartphones is that the power supply and data stream pass through the same cable. When you plug your phone in to charge, hackers could theoretically access your phone through the same cable and inject malicious code or steal your personal information.
Your USB connector has five pins. However, it only uses one of those five pins to pass-through power for charging. Two additional pins are used for transferring data. So, when you charge, you could also be opening a port for passing data between devices.
We have only seen unconfirmed reports of juice jacking happening in the real world, but engineers have demonstrated how it is possible. In theory, threat actors might hide a device in a public charging station at airports or hotels. It’s a big enough concern that the District Attorney’s office in Los Angeles recently put out a warning to travels to avoid using public USB charging stations.
The FBI put out a warning about a device that’s small enough to fit inside a USB charger that can steal keystrokes from wireless keyboards. Another device hidden inside a USB charging station accesses your video display. It then records a video of everything you do, which might include passwords, accounts numbers, or PINs.
How To Prevent Juice Jacking From Happening to You or Your Employees
We’ve been warning people about the potential danger of using public Wi-Fi stations for years. Hackers can set up Wi-Fi hotspots in coffee shops and other public places then intercept data as it’s sent back and forth to your device. Now you can add public charging stations to the list of potential problems.
This doesn’t mean you shouldn’t use them. You just need to take basic security precautions to stay safe.
Avoid using public USB charging stations or plugging into computers that you aren’t familiar with.
Instead, use an AC power outlet and your own charging device. No data transfer is going to take place when you’re using an AC outlet and your charger.
Consider external batteries, power banks, or wireless charges if you need a charge on the go.
You should also avoid the temptation to plug into a USB charger you find left plugged in somewhere. It may be waiting for you to plug in and infect your device.
For iOS users, you can also use USB Restricted Mode which allows charging but prevents data transfers under certain circumstances. You’ll find it by going to Settings > Face ID & Passcodes (or Touch ID & Passcode) > USB Accessories. For Android users, USB data transfer should be disabled by default. If you want to check to make sure that’s the case, plug in your phone in a safe place, click on the notification and check USB Configuration options.
by Felicien | Jan 15, 2020 | Education
What You Can Do to Prevent Cyber Attacks Targeting Employee Data
Threat actors are targeting companies to obtain personal information about employees to use for tax fraud and filing false returns.
Your company stores all sorts of personally-identifiable data about your employees. Birth dates, social security numbers, health information, and bank account numbers are all on the shopping lists for hackers who can sell the information they steal or use it for malicious acts. One of the most sought-after documents by bad guys is tax records and tax forms.
These threat actors use that information to steal identities and file fake tax returns. Tax identity theft is the biggest type of ID theft reported to the Federal Trade Commission (FTC) each year. The FTC estimates the fraud at more than $5 billion annually.
Often, the victims aren’t aware anything has happened until they go to file their personal tax returns. They may try to file electronically, and have it rejected as a duplicate, or get a notice from the IRS saying there’s a problem. By then, the fraudsters are long gone.
How Do Hackers Steal Employee Data?
The most common way your employee data is breached is via phishing emails. Nearly a third of all data breaches and 78% of cyber-attacks started with a phishing email.
Hackers use email as a weapon to gain access to your systems. It may be as simple as sending an email asking employees to update their payroll information. Clicking on a malicious link can send that info to the wrong people. That’s exactly what happened to employees at the University of Kansas who soon found the direct deposit of their paychecks had been re-routed.
Other phishing emails may be targeted at individual employees using a variety of schemes to trick employees into giving up login credentials allowing cybercriminals to have access to company records. Other schemes may install malicious code when clicked and set up backdoors for hackers to access company computer networks. HR employees are also being targeted. A forged email may appear to come from a company executive or a third-party payroll processor asking for verification of information.
In an increasingly mobile society, hackers are gaining access to sensitive data when employees are connecting remotely to company servers without using proper security practices. When employees use public Wi-Fi, for example, they are vulnerable to man-in-the-middle attacks where threat actors intercept data as it’s being transmitted back and forth.
How To Prevent Becoming A Victim
Educating your employees about the dangers of phishing emails is a good place to start. One trillion phishing emails are being sent every year. While your company’s spam filters catch many of them, a significant number can slip through. Employees need to recognize the warning signs and everybody within your organization needs to take precautions to safeguard your data:
Install anti-virus and anti-malware software on all devices
Use strong passwords of 8 or more characters, numbers, and alphanumeric characters. Force changes regularly.
Encrypt all sensitive information
Back up sensitive information to a secure external source
Limit access to employee data with escalating security procedures
Require employees to install security software on all devices that access company data, including personal devices
Use Virtual Private Networks (VPNs) to encrypt data accessed remotely
It’s also important to keep all your software up-to-date. Hackers exploit what’s known as zero-day vulnerabilities in outdated software. These are known security problems that have been patched by the company. If the patches haven’t been applied by those using the software, hackers can exploit this known problem. That’s what happened to credit reporting agency Equifax, which saw hundreds of millions of records stolen when the company had failed to apply patches to known security issues.
Consider A Managed Service Provider
Even the best IT teams can be overwhelmed by managing all the various devices and entry points to their networks. They may not have the expertise needed to stay on top of constantly evolving threats and security practices.
A Managed Service Provider (MSP) can actively monitor a company’s servers, exchange servers, active directory servers, firewalls, routers, switches, and platforms remotely. This ensures software is always up-to-date and breaches are identified immediately.
An MSP will monitor your network traffic and incursion points 24/7 in a cost-effective way. In case there is a cyber-attack, an MSP can be your best weapon in identifying the threat, shutting it down, and building additional security walls to prevent future breaches.
by Felicien | Jan 7, 2020 | Education
Have you been following the news lately?
The recent events between the United States and the Islamic Republic of Iran are causing some concerns across the cybersecurity community. The Cybersecurity and Infrastructure Security Agency (CISA) has issued a very important alert focused on Iran’s historic use of cyber offensive activities as retaliation for attacks against their state.
Read more here
Patterns of known Iranian threat techniques include: credential dumping, obfuscated files or information, data compressed, PowerShell, user execution, scripting, registry run keys/startup folder, remote file copy, spearphishing link, and spearphishing attachment.
As your trusted IT services provider, we want to make you aware of this information shared so you can protect yourself, your company, and your customers. The CISA recommends taking the following actions:
Adopt a state of heightened awareness. This includes minimizing coverage gaps in personnel availability, more consistently consuming relevant threat intelligence, and making sure emergency call trees are up to date.
Increase organizational vigilance. Ensure security personnel is monitoring key internal security capabilities and that they know how to identify anomalous behavior.
Confirm reporting processes. Ensure personnel knows how and when to report an incident. The well-being of an organization’s workforce and cyberinfrastructure depends on an awareness of threat activity. Consider reporting incidents to CISA to help serve as part of CISA’s early warning system.
Exercise organizational incident response plans. Ensure personnel is familiar with the key steps they need to take during an incident. Do they have the access they need? Do they know the processes? Are your various data sources logging as expected? Ensure personnel is positioned to act in a calm and unified manner.
by Felicien | Jan 5, 2020 | Education
25+ Microsoft Excel Shortcuts to Boost Your Productivity
Are you getting your money’s worth out of this productivity tool? Find out how to save insane amounts of time and frustration with these 25 Microsoft Excel Tips
When it comes to processing data, Microsoft Excel is everything to everyone. But because it’s a vast tool, many people never take the time to discover the Excel shortcuts relevant to them.
Obviously, these Excel shortcuts aren’t really secrets. No one’s hiding them from you. But because we don’t learn them, we waste a lot of time in an otherwise very streamlined and powerful productivity tool.
Franklin Covey, the author of the bestseller business classic, 7 Habits of Highly Effective People, said we need to take the time to “sharpen the saw”. Are you working with a dull blade by not using Excel to its fullest? Check out these Excel tips that will instantly sharpen your skills.
Learn Navigating Shortcuts
Ctrl+End moves you to the bottom right-hand corner of your worksheet. Because this stays within the cells in which you currently have data points, shortcuts like this let you quickly move from one side of the sheet to the other. You don’t have to endure the frustration scrolling too far.
Similar navigation shortcuts include:
Ctrl + Home – Go to upper left-hand corner.
Ctrl + Down Arrow – Go to lowest cell in the currently highlighted column.
Ctrl + Up Arrow – Go to the top cell in the current column. But keep in mind that if you have a blank cell in the column, it will stop there whether you’re going up, down, left or right.
Ctrl + Right – Go to the far right of the current row.
Ctrl + Left – Go to the far left in that row. Home key also does this.
Use the Go To Box
In the upper left-hand side of Excel, above your worksheet, you’ll find a Go To box. Simply point and click into the box. Then you can type any coordinates to go directly to a cell. For example, G102. If you’re working with a large sheet, Microsoft Excel tips like this are indispensable.
Keyboard shortcuts will always save time once you know them. But it’s when you’re on devices that have difficulty with point and click systems that you’ll save the most time.
Use F5 or Ctrl + G to pull up the Go To box automatically. Then type, press enter and go.
Use this same shortcut to select ranges of cells.
You can further use Go To Special, which is in the bottom right of the Go to Screen. This takes you directly to cells that meet a particular requirement. For example, if several cells on a spreadsheet should have a formula, this gives you a visual of which cells are missing formulas to help you validate your data.
From here, while the cells are highlighted, you might choose to add special formatting to make your sheet more understandable at a glance.
Highlight Cells Without the Mouse
Once again, your mouse is a terrible way to navigate in Excel. As you try to highlight groups of cells across columns, you inadvertently select other cells and can’t seem to get the right ones selected.
Yes, there are some better ways to select large numbers of cells with Excel shortcuts.
Ctrl+A highlights all cells with data points in them. Press Ctrl + A again to highlight the whole sheet.
Or highlight a specific section with this keyboard-mouse combo. Just start at the top-left cell of the part you want to select. Then Shift + click into lower right cell with the mouse. This highlights everything vertically and horizontally in between those cells.
You can accomplish the same thing without the mouse if needed. Simply move to the starting cell (always top left) for your highlighted area. Then hold the shift key and use the arrows to highlight across a row, down a column or across columns/rows.
You can also keep holding shift and move the arrows until you get it just right. Or use the mouse plus keyboard technique first. Then fine-tune what you select by pressing shift again and then using the arrows.
This is perfect for erasing large sections or formatting areas of your sheet.
But let’s say that the cells you want to highlight aren’t all next to each other. You can still highlight them together. But you will need the mouse for this one. Hold select while clicking the various cells, you’d like to highlight.
Once you’ve highlighted these cells, use Microsoft Keyboard shortcuts like:
Ctrl + B – Bold
Ctrl + I – Italic
Ctrl + U – Underline
And know that even if you’re using Excel on a Mac, you still have similar shortcuts. In most cases, the Command key replaces CTRL.
Improve Cell Data Entry Speed
Data entry is the centerpiece of Excel. But there are definitely some right and wrong ways to do it when treating Excel like the productivity tool it is. Check out these Microsoft Excel tips for faster and more accurate data entry.
Highlight an occupied cell and start typing to replace the data. There’s no need to delete or backspace first. But be careful. You could accidentally erase a cell this way.
Edit more detailed cell data from the formula bar instead of in-place. This is especially effective if you have formatted your sheet to not show all the data in a particular cell because it’s long. Just click the cell and then click into the appropriate place in the text to start typing within that bar.
Use in place editing when small amounts of data in a cell. Simply double click to open the cell for editing.
Excel Shortcuts & More
We’ve only scratched the surface. So practice these 20+ tips and you’ll be eager to learn more. For more ways to increase your individual and corporate productivity, follow our blog.