Have any question?
Call (516) 403-9001
Call (516) 403-9001
Potential data breaches are increasingly problematic for organizations, and the most common way that data is stolen is through phishing attacks. Phishing attacks are currently one of the most pervasive threats on the Internet, and you need to understand them to thwart their effectiveness against your users. Let’s explore what exactly a phishing attack consists of and some best practices you can use to defend your network against them.
Phishing is a pervasive threat nowadays, with businesses of any size or industry serving as prime targets. Understanding phishing and implementing effective prevention strategies is crucial for your entire team.
Let's explore how to reduce the effectiveness of phishing schemes against your business—in other words, how to prevent phishing from having an impact.
We often advise people to steer clear of clicking on suspicious links, but distinguishing between a legitimate URL and a dubious one has become increasingly challenging. Not only have malicious tactics evolved to the point where everyone has to stay on top of their game to not be fooled, these threats are almost pervasive so they are coming at people from all types of directions. We thought we would focus on a single punctuation mark that can make all the difference in whether a link is legitimately safe or potentially dangerous.
Imagine a fictional company that rises to become a global retail and multimedia giant, a household name—let's call it TallMart.
Our entirely fictional TallMart offers an extensive array of products and services. Users engage in buying and selling, managing payments, running ad campaigns, customizing personal profiles, watching exclusive movies from TallMart Studios, handling TallMart Web Hosting accounts, and now, accessing telehealthcare from licensed TallMart medical professionals.
Our motto is simple: TallMart: Why Go Anywhere Else?
Given TallMart's status as the world's most trusted online retailer, akin to giants like Facebook, Amazon, and Google, it enjoys widespread trust. However, like other major platforms, TallMart's massive success attracts cybercriminals attempting to scam its users for money and sensitive information. With so many transactions, the opportunity to separate users from money is there; and hackers are nothing if not opportunists.
TallMart users receive numerous emails about products, account notifications, receipts, transactions, and offers. Cybercriminals can easily mimic these emails, adopting TallMart's branding and employing technical spoofing to make them appear legitimate. They may include links that seem to lead to TallMart but redirect users to similar-looking URLs under the cybercriminals' control.
Creating a deceptive webpage is inexpensive and quick, allowing cybercriminals to register domains like Talmart.com or TallMartcustomerservice.com. It's crucial for users to stay vigilant and recognize potential warning signs to avoid falling victim to scams.
While methods may vary across applications, hovering your mouse over a link typically reveals its destination. Most email clients and web browsers display the link destination at the bottom of the page.
While checking for misspellings and unofficial URLs, an effective way to identify a suspicious link is by observing periods after the domain name. For example:
Safe: https://www.tallmart.com/gp/help/customer/account-issues
Safe: https://support.tallmart.com/
Suspicious: https://support.tallmart.com.ru
The truth is that some legitimate URLs may have periods toward the end of them, indicating file types like .html, .pdf, .doc, etc. are connected to the link or attachment. It’s best to remain cautious with direct links to files in every situation, as malware could be embedded and all it takes is a simple interaction to execute the malicious code. It’s best to avoid clicking on suspicious email attachments. Ultimately, exercising caution with clickable content is the most prudent practice to keep yourself from becoming a victim.
You should always hover over links to inspect their destination. If you find that there is a period in any abnormal place, be skeptical and either avoid it altogether, or verify that it is from a legitimate source.
If an email urges urgent action, such as logging into your account, refrain from using the provided links without first making certain that any link or attachment is completely legitimate. You can do this in several different ways, but clicking through without considering the potential consequences could turn out to be a nightmare for you and for your organization.
Please share this with others because the more people know about how to stay safe online, the safer we all are.
Cybercriminals fight dirty, whether it’s attacking small businesses, large enterprises, or individuals who just want to watch Netflix. It doesn’t matter who you are or what you do for the community; you’ll always be a target for hacking attacks. To save time and effort, hackers will use low-tech attacks and social engineering attacks to target individuals. Hackers aren’t developing new threats all the time; if anything, they largely use existing exploits, purchasable software, and social engineering to take advantage of people.
Let’s look at some of the more common types of attacks you might see.
Let’s say you’re expecting a bill from one of your vendors. A hacker could impersonate that vendor through the use of email spoofing. Cybercriminals can usually take a pretty close guess at what an invoice might look like and use it to worm their way into your inbox.
For example, if you register your domain through GoDaddy, this information is available to the public. A cybercriminal could make an official-looking phishing email stating that your account is up for renewal or that your hosting bill is overdue. They can use this email to steal your website credentials and cause a lot of chaos in the process.
Now imagine what the hacker can do with these credentials. They could take over your website, send emails from your company’s email domain, and even impersonate your company to steal even more information from your clients. You effectively become the bad guy in a situation like this, and it doesn’t take a rocket scientist to crack an email account that isn’t using complex passwords or multi-factor authentication.
When a cybercriminal gets a chance to mimic a legitimate organization, they have opportunities to take advantage of others who will use your good name as a reason to trust them. Don’t let them drag your business through the mud in this way!
Depending on the configuration, hackers can exploit solutions like Microsoft Teams, Skype for Business, Slack, Zoom, and Discord against you. For example, back in September, a cybersecurity firm called Truesec announced they would be investigating a cybercrime campaign that used Microsoft Teams to send phishing messages and malware-infected attachments. This is hardly the only instance of this type of attack, as there was another back in 2020 that targeted 18,000 SolarWinds customers with malware distributed during a software update. This attack is thought to have originated in Microsoft Teams.
These types of solutions aren’t necessarily insecure; they’re just easy to trick people with, which is how hackers get your business and its employees into trouble.
More likely than not, you’re already aware that social media can be used for cybersecurity attacks, so we won’t waste our breath here… but again, cybercriminals can and will use social media vectors that take advantage of the constant shifts in policy and procedure of websites like Facebook. You can never be too careful that the messages pretending to be from a social media authority are authentic, and if you get an urgent message claiming that you have violated community guidelines or some other nonsense, never trust it outright. Don’t click any links, or hand over your security credentials.
I was talking to some colleagues the other day about cybersecurity and its relationship with modern everyday scams, like phone scams and similar things. In my opinion, it’s worth bundling these two topics together, and we found some interesting statistics that we’d like to share.
When I say scam, I’m getting into some pretty broad territory. I’m talking about efforts to trick a person into giving their time, energy, money, or something else of value to someone who is trying to earn it through trickery, fear, or emotional manipulation.
In other words, we’re not going to talk about computers very much in this blog post.
Here are just a few examples of some common scams:
There are countless more, but this just shows you the scope that we are dealing with.
Scammers use a wide variety of communication methods to trick you, including phone calls, text messages, mail, email, physical meetings, television ads, website ads, social media, or altering legitimate signage and publicly accessible information.
The biggest thing to look out for with any sort of scam is an inflated sense of urgency. The scammers want you to act without thinking, and the most abhorrent scams above, like grandparent scams and imposter scams often make victims believe that a loved one is in danger in order to bypass any common sense one might have.
You probably already know this, but it’s easy to drown it all out. How often does your phone ring and say “Scam Likely?” Most of us just sort of ignore it now. Huge portions of the population just simply don’t answer phone calls from people who aren’t in their contacts unless they are expecting something, because most personal phone calls are scams.
What about email? While we’ve come a long way with spam protection, how many emails do you instinctively scroll past because you simply know it’s unsolicited or toxic or some sort of scam? We’re just all conditioned to see these things every day… and then I found some statistics that blew my mind.
It’s estimated that older adults, particularly baby boomers and seniors in general, observe an average of at least one scam every hour of their lives.
That’s a wild number, and while we couldn’t find a report for younger people, those of us who work on computers for eight or nine hours a day or more likely have a similar experience.
Some other things about age and demographics were interesting—Gen Z (people born in the late 1990s through the early 2010s) have reported higher rates of victimization when it comes to online scams. Growing up with the technology doesn’t necessarily mean you are less prone to being victimized while using it.
It’s also believed that older generations, again, baby boomers and seniors, simply don’t always report it when they fall victim to a scam. When people are asked why, they usually say they wanted to take responsibility for their actions, or that they didn’t want to be shamed for it.
Let’s make this totally clear. If you look at the numbers, the sheer barrage of constant scams and attacks the average person just simply wades through in a day, it’s an incredible feat that we aren’t all going out of our minds.
Every single one of us has experiences in life where it’s the first time you have dealt with something, and you don’t know what to expect, and this puts you in a vulnerable state.
For instance, if you are a first time home buyer, and someone is mailing you some official-looking information about paying for access to your deed, it’s very possible that it could slip past your fraud-detecting radar. Is this a normal part of the process? Should I just do it? Should I contact my lawyer or my broker or at least ask other homeowners?
The problem is, the home-buying process is exhausting, and now you are in the middle of moving in and wrestling with your Internet service provider, your electric company, your former landlord, a moving company, all while your neighbors are telling you that the last owner always let them pick the apples from your new apple trees. Your fraud-detecting radar is shot and drained at this point, and it’s easier to fall for a simple scam.
The same goes for a grandparent scam—if you get a phone call from a loved-ones phone, and you hear their voice, stressed and tear-filled, pleading to help them, and then a lawyer gets on the phone and says your son/daughter/grandson/granddaughter was in an accident and are being kept in jail and you need to pay bail, your emotions will kick in. As a human being, you are doing the right thing by having an emotional response and reacting with compassion, but the people on the other end of the phone know this and are taking advantage of it.
Being a victim of a scam isn’t your fault. You should always report it, and tell your story so that others can learn from it. You aren’t dumb for being a victim. I’m not going to tell you that being more mindful of these things would have prevented it. If you were scammed, you already know this. You’ve learned your lesson, and like all of us, you’ll continue to be targeted and you’ll continue to avoid 99% of the scams that target you.
The best thing you can do is tell others about it. Turn your story into a warning for others.
Scam artists follow a very effective playbook that wouldn’t be so effective if everyone was aware of it. They are incredibly good at covering their tracks and making it nearly impossible to get caught, so the best way we can combat these threats is by making the public more aware so that everyone knows what to look for.
Yes, there are cybersecurity measures to help with the online stuff, and that’s incredibly important. I can tell you to make sure you are using strong, secure passwords, and using unique passwords everywhere, and using multi-factor authentication, and making sure your business is secure, etc. Those are critically important, but no cybersecurity protection is going to stop Pam in HR from getting a text message that looks like it comes from the CEO’s phone, asking her to buy a few thousand dollars worth of gift cards to mail out. The only thing that stops that is awareness.
That’s all. Those are just some thoughts we had. This is important stuff, and I can’t stress enough how commonplace it is. Stay vigilant, and don’t hesitate to simply call and ask us if you get something that raises your suspicions. We’re here to protect local businesses, and we hope that we can serve our community at the same time. If you’d like to talk about cybersecurity and how we can protect your business and its people, give us a call at (516) 403-9001.
It is so important to keep your business secure nowadays. Statistics show this to be the case. Don’t believe us? We can share a few of these stats and explore what they mean, just to prove it.
With an estimated 400 million or so small and medium-sized businesses around the world, that breaks down into $20,000 of damage to each. Of course, in the real world, cybercrime isn’t divided up so equally. Many companies will be impacted less, and others will be impacted a lot, lot more. Speaking of which…
That’s quite a jump, especially when you update the impact to each of the 400 million SMBs around the world. Instead of about $20,000 damage each, this figure equates to $26,250… which, again, would not be evenly distributed.
This makes it all the more clear that cybersecurity not only needs to be seen as a priority for the world’s SMBs (including those around New York) now, but also and even more so in the future.
Phishing—or the use of fabricated communications to illicitly gain access to a resource—is a huge threat nowadays, simply because of its use as a kind of delivery system for other forms of attack. When four out of five attacks involve phishing in some way, you can’t afford not to be prepared to spot and stop it.
If you’d like to learn more about your business’ potential protections and what we can do to ensure them, make sure you give MSPNetworks a call at (516) 403-9001.
Passwords are one of the most important parts of keeping any account secure, and if you were to gain access to these accounts, you’d have access to personal data, subscriptions, money, and even the victim’s identity. Today, we want to show you just how easy it is to steal a password and gain access to an account.
All it takes is a little spare cash to gain access to any account, and it’s remarkably easy to pull off. We can’t show you exactly how to do it, but we want to emphasize that literally anyone can do this to your business. Let’s look into some of the intricacies of how stealing a password works.
We’ll use Homer J. Simpson for our example, a name with a singular entry in the United States census from 1940. Simpson was born in 1914, and we are confident that there have not been any babies born with the name since the 90s. That said, we’re making everything up from here on out. If we want to make Simpson’s life difficult, it’s pretty easy to do so, even if we don’t know anything about him.
Imagine that Simpson had a MyFitnessPal account in 2018, which he used to track his health metrics. MyFitnessPal is one of the services that suffered a data breach back in February of 2018 in which 144 million accounts had their emails and passwords compromised. These types of data breaches happen all the time, and users need to be aware of the risks associated with trusting this information to any online accounts, whether it’s Sony, Wendy’s, or even Doordash.
Thanks to the MyFitnessPal breach, Simpson’s password is on the Internet and available to criminals on the dark web. Because of this, we know his name, his email, and the password he likes to use. That’s plenty of information to work with.
From here, you go on Simpson’s social media accounts to find things like his date of birth, the town he grew up in, and his mother’s maiden name. You can also use LinkedIn to find information about his job and his social network. It’s easy to do this in as short a time as 10-15 minutes. You can find out about his kids, his dog, his wife, and potentially even his address. This is also helpful information to know when cracking a password.
Most individuals use information close to them for their passwords, and while we always advocate that it’s just not a good idea, well, it’s easier for people to remember credentials in this way. You can make a lot of educated guesses as to the user’s password simply by knowing a little bit about them.
This is where the fun begins. Using software found on the dark web, hackers can crack even sophisticated passwords. If the user’s password isn’t very complex, maybe 9 or 10 characters long, or without some special characters, it could be cracked in a matter of minutes or maybe a day or two. If the user has an actually random password, though, it will take longer, but the fact that these systems can be cracked is concerning to say the least. Complex passwords will naturally take longer to crack, but most of these tools will try the more common renditions first, just to check if the victim is skimping on their password security.
No use beating around the bush; just use phishing attacks to steal the password and let the victim do all the work for you. Around 95 percent of modern cyber breaches are caused by a phishing attack, and it’s such a high rate of success that there’s no reason not to try using it.
All you have to do is send them an email claiming to be their bank. You might make up an excuse like there is something wrong with their account. This is usually enough to elicit some sort of strong response, as people’s money is generally a soft spot. Whatever you do, make the problem important enough to require immediate attention.
Next, send them to a webpage that you built to look like their bank’s website. You can then have them offer up their login credentials on a silver platter as they attempt to log into their account. This happens all the time, and you might be surprised by how easy it is, but the fact remains that it’s simply far too easy to pull off to not take it seriously.
Now that you know how easy it is for someone to crack a password, or even steal it for that matter, you should remain vigilant and always try to stay ahead of hackers through the use of multi-factor authentication tools and other security solutions. MSPNetworks can help you stay ahead of hackers! Call us today at (516) 403-9001 to learn more.
There is no denying that Quick Response codes—better known as QR codes—are a handy little invention. Just a few years ago, many businesses heavily adopted these contactless communication tools, allowing customers with a smartphone to access menus, documents, and more with ease. Having said that, we unfortunately can’t deny that cybercriminals are taking advantage of how handy QR codes are, too.
Let’s talk about the rise in QR code fraud, as well as how you and your team can avoid it.
First developed in 1994, a QR code is a two-dimensional version of a barcode, meant to adjust for the limitations of its predecessor. A traditional barcode is limited to 20 alphanumeric characters due to it only being able to be scanned horizontally. The QR code was then developed to hold exponentially more information in its combination of vertical and horizontal data as well as allow this data to be accessed at any angle.
While this makes the QR code a very appealing option for businesses, it also gives cybercriminals a relatively easy means of sharing malicious links and malware that has become largely trusted by people everywhere.
After all, if major brands are now displaying QR codes in their advertisements, they must be safe, right?
Unfortunately not. The utility offered by a QR code also applies to cybercriminals and scammers, who can use them to augment their attacks in numerous ways.
Phishing is one of the most unpleasant cyberthreats out there today, largely because it requires a user to be engaged and aware about their own cybersecurity at all times. It relies heavily on the target to not see it coming.
Now let me ask you this: would you hesitate to scan a QR code on a poster or a menu if prompted? If you’re like most people…probably not. It just isn’t how most people see a threat coming in.
This makes us vulnerable. This is why many of these threats have been spotted that pose as parking tickets, or as offers or loyalty programs attached to storefront doors.
Making this bad situation even worse, these attacks often don’t go into effect immediately. Instead, malware can be uploaded to the device that scans the malicious code where it will lie in wait until the opportune moment to strike arises. Many of these attacks will simply take notice if you use your device to access an account and record the credentials you use to access it, giving the attacker the keys to the castle.
Alternatively, some QR phishing tools will send users to a phishing website—one that poses as a legitimate one to fool the victim into handing their credentials over willingly. Some scams cover what were once legitimate codes with their own, diverting payments to their own accounts.
Whether you’re talking about your business or your personal life, QR code scams need to be avoided. Fortunately, there are a few somewhat familiar steps that you can follow to help ensure that you do so:
MSPNetworks is here to help protect your business from all types of threats, like this one and others. Give us a call at (516) 403-9001 to learn more about what we can do for you.
It doesn’t take much to get us to start ranting about the dangers of phishing, and it’s a topic that we won’t stop talking about for some time. Unfortunately, phishing comes in enough forms that it isn’t always so simple to spot. For this week’s tip, we just wanted to run through the different formats phishing can take, focusing on how to identify each type.
First, let’s briefly review what phishing is.
To sum up phishing, it’s effectively the attacker trying to hack the user, instead of the network. This approach just makes sense. Let’s say you were trying to illegitimately access a business’ network—does it sound more challenging to develop the technical skills and know-how to break past today’s cyberdefenses, or to fool someone into giving you the keys to the castle?
Exactly.
So, attackers come up with phishing schemes, either targeting people on a wide scale or crafting specific attacks with a certain target in mind, and share them through various means of communication. Let’s go over these methods, and the warning signs you need to look out for.
By sending an email that is purportedly from a trustworthy source or authority, phishers are able to extract sensitive information from their targets. As such, phishing emails currently feature a few hallmarks:
Smishing is a form of phishing that is sent via text message, and as such, offers its own warning signs. For instance:
Vishing is a form of phishing where a scammer will call their intended victim directly, seeking to extract personal details from the call’s recipient. Watch out for these red flags:
Phishers will also utilize social media to their advantage, hijacking accounts and again, stealing personal information. To avoid this, keep an eye out for:
Hopefully, this will help you better spot phishing attacks in the future. For more assistance with your business’ IT and cybersecurity, give us a call at (516) 403-9001.
Phishing is a remarkably dangerous tactic used by hackers to take advantage of those who might not be quite as in-the-know about security practices. Phishing attacks can be carried out against both businesses and individuals alike, and due to the many different forms these attacks can take—including email, text message, and even fraudulent websites—they can be quite problematic.
Let’s go over how you can train your team to avoid phishing attacks and how to appropriately respond to them when they are inevitably encountered.
Have you ever received an unsolicited email asking you to perform specific tasks, like filling out a form or downloading an attachment? Oftentimes hackers will use these methods to get the user to download a file or perform an action under the guise of someone else. If you think anything sounds suspicious within the email, then there probably is something suspicious with the email. Look for typos, misspelled words, poor grammar, and otherwise dead giveaways that the sender is not legitimate, especially in the professional environment.
The old phishing link is one of the oldest tricks in the book. The attacker might include the link to something supposedly innocent or important in the body of an email or a text message, only to hide something far more sinister on the other side. You should be cautious of any suspicious links you receive in an email or text message, as it is very easy to hide malware, phishing forms, or other types of attacks within a malicious link.
Also, be very careful of the links and the characters they use in general. It’s easy to substitute the character in a link with one that might look in place, but is really not, like a zero instead of an O or something similar.
The types of phishing attacks you might receive will come from routes where it will be difficult to verify the identity of the person on the other side of the line. This is intentional; hackers don’t want you to be able to thwart their efforts easily. Whenever possible, you should try to get in touch with the sender through alternative means, like walking to their office or contacting them on the phone or social media. This can help you determine if the user is really who they say they are.
The best way to protect your business from phishing attacks is to implement a comprehensive network security plan, including spam blocking and content filtering, as well as training your team on the best practices for how to detect and avoid attacks. To get started with either of these, contact MSPNetworks at (516) 403-9001.
Phishing is a common issue that businesses of all kinds can experience, whether they are a small startup or a large corporation. Hackers are always trying to extol information from your employees, including account credentials, remote access to your systems, and in some cases, funds directly from a bank account. It’s up to you to teach them how to identify and respond to phishing attacks.
Here are some strategies you can teach them for how to address phishing attacks against your infrastructure.
Chances are you’ve seen the messages you get in your inbox about confirming special offers or doing certain tasks, like clicking on a link or downloading an email attachment. More often than not, these types of unsolicited emails are phishing attempts designed to get you to act in a specific way. If you think a message looks suspicious, then it probably is, and you should flag the message as such so your IT can handle it. You might look for unprofessional language, misspelled words, or other similar telltale signs when you are making your decision.
Although they are not necessarily anything new, phishing links are still quite dangerous because they take almost no time at all to put together. A phishing link can come in the form of an email, social media message, or even a text message. Hackers will use every trick they can think of to get you to click on the link, and if you’re not careful, you might actually do it. Links can look legitimate even if they are not; for example, a zero could easily be slotted in the place of a capital “o.”
Let’s say you get a message that you are truly 50-50 on. It could be real, or it could be a scam. If there is even a shadow of a doubt as to the authenticity of the message, you should consider reaching out to the other party through an alternative means, just to confirm that the sender is who they claim to be. For example, if it’s GoDaddy support, contact GoDaddy support through the phone number on their actual website rather than the one in the email message. If it’s an internal message, like one from your supervisor or your IT department, reach out to them with the contact information you have on-hand to verify their identity. In all cases, it’s better to be safe than sorry.
You can help your business stay protected against phishing attacks by working with MSPNetworks. We can equip your organization with the tools to protect itself and the support your team needs to identify such messages. To learn more, call us at (516) 403-9001.
It’s the holiday season, and you know what that means: lots of gift-giving and online shopping. Regardless of what you and your family celebrate this holiday season, you should be prepared to handle the influx of phishing attacks which always surface around this time every year, including both the usual methods and the more sophisticated ones.
Here are three strategies you can use to avoid phishing attacks and effectively navigate the holiday season without putting your financial or personal information at risk.
Sometimes you might receive an email claiming that there is something wrong with an order. Maybe it’s your financial information, or maybe it’s your shipping information. In any case, these kinds of phishing tricks are using the commercialization of the holiday season to convince you to hand over your sensitive information.
If you receive an email or a text about an order that needs to be updated, then we recommend you go directly to the website in question and log in through their official login portal—especially not through any links contained in emails or text messages.
The same advice that works for untrusted links also applies during the holiday season, when emails and texts are being received by the dozens to ensure that orders are confirmed, payments are processed, and shipments are arriving. Don’t get so caught up in receiving these notifications in your email and on your smartphone that you forget to keep security in mind, though. It’s easy to send a text that looks like it is from some random retailer asking you to plug in your payment information again or to confirm a shipping address, only the message isn’t from a retailer and it’s instead coming from a hacker or other cybercriminal to either infect your system with malware or steal credentials from you.
Again, when in doubt, check your order information on the retailer’s official website, not from a link received in an email or to your smartphone.
This tip is more of just a “be careful of where you shop” caution. During the course of the holidays, people are browsing the Internet all over to find the perfect gifts for their loved ones. Sometimes this search might take them to corners of the Internet they didn’t know existed, where niche online shops thrive. While we are all for supporting small businesses, we just want to raise awareness of how you go about choosing who to trust for online purchases.
The basic premise of it is to only plug your card information into secured portals hosted by trusted retailers. Look at the company’s history, location information, support and other contact numbers, and so on to ensure they are an authentic and trustworthy person to purchase gifts through.
Stay safe this holiday season, and MSPNetworks hopes you enjoy the time spent with your friends and family!
We often talk about scams and cyberthreats, and lately our advice for dealing with a potential phishing threat is to simply avoid it altogether.
That is, when you get any kind of email or text message with a link you weren’t expecting, whether it’s from someone you know or from your bank, just don’t click it. Instead, log into the account in question the way you normally would, and verify the information there, or confirm with the sender through some other means to make sure what they are sending is valid. While this is still a good practice, sometimes you need to click on a link. Here are a few tools you can use to check if a link is safe, before you click.
First of all, why wouldn’t you want to trust a link that someone you trust sends you?
There are a lot of reasons. Even if it looks like a video message from your dear sweet Nana, or a virtual Christmas card from your youngest niece, there is a chance that the sender has been compromised and is trying to spoof their contacts.
You want to know when it’s probably not a scam or a threat? When your dear sweet Nana or your niece calls you up on the phone and asks you to look at it.
That simple two-step confirmation makes all the difference in the world. Otherwise, you should consider the risks that maybe, just maybe, the sender was compromised and that the link you are being sent is malicious.
The same goes for the business end of things.
Your coworker, business partner, vendor, or client might have no reason to do anything malevolent to you. If they fall for a trick themselves, though, a part of that trick might include spreading to all of their contacts.
A malicious link could contain malware that infects your computer, tries to steal your data or access your online accounts, and also spreads itself as quickly as possible to anyone in your contacts list. Not only will you be the victim, but your friends, family, and colleagues will be YOUR victim, and so-forth.
Before we get into the tools, let’s quickly run through what we mean by a link.
Basically, any text or graphic that is clickable and takes you to another page in your browser is a link. Sometimes, that link will be written out, with the https:// and the full URL.
For example, if it is a link to PayPal, it might look something like this: https://www.paypal.com/us/smarthelp/PAYPAL_HELP_GUIDE/getting-started-with-paypal-icf29
Links could also just be text that is clickable. So instead of writing out the URL, the link might be something like this: Get Started with PayPal
Now here’s the thing. If you’ve been paying attention, we’ve already proven to you just how easy it is to trick a user into thinking they are going to one website, and taking them somewhere totally different. Both of the links above don’t actually go to PayPal. We assure you that they are safe, but they are taking you to goofy fake mustache glasses on Amazon.
Sometimes, links are graphics, like buttons, icons, pictures, or virtually anything else. If you can click or tap it and have it take you somewhere, it’s a link, and any links can be spoofed very easily.
If you want to tell where a link is going to take you, you need to copy the actual link:
On a Desktop or Laptop:
-Hover the mouse over the link.
-Right-click on the link.
-Select “Copy Link” or “Copy Link Address” or “Copy Hyperlink”
Now you have the link copied, and you can paste it into one of the following tools with CTRL+V (or right-click and select Paste)
On a Tablet or Smartphone:
-Be careful not to accidentally just tap the link to open it!
-Hold your finger over the link for a few seconds to pop up the context menu.
-Select “Copy Link” or “Copy link address” or “Copy Hyperlink”
Now that you have the link copied, you can paste it into one of the following tools by holding your finger down over the URL field within the tool and selecting Paste.
You can use the following tools to check the safety and legitimacy of a link. Keep in mind, this won’t protect you from one hundred percent of all scams, as these tools can only check for known threats. It’s also a good idea to use multiple tools to cross reference, in case some of the tools just haven’t been made aware of the link you received.
Use Norton Safe Web to Check a Link
Norton Safe Web is a free online tool that lets you paste a link to check to see if it’s safe.
It will give you a quick rating on the link. If the link is untested in Norton, it’s a good idea to try a few of the other tools. If Norton states the link is dangerous, it’s a pretty safe bet you should avoid it.
Check the Link With PhishTank
The cleverly named PhishTank site will tell you if a link you received has been reported as a phishing scam. Phishing links tend to look pretty similar to legitimate web pages. For instance, a phishing link for PayPal might look almost exactly like the regular login page for PayPal. The problem is that it won’t log you into PayPal, but it will send your PayPal credentials to someone else.
Google’s Transparency Report Might Tell You If a Link is Unsafe
Google’s search engine works by crawling the Internet and indexing everything it finds. Sometimes, it might run across dangerous content such as malware or phishing risks. Google’s Transparency Report tool will tell you if a link you’ve been sent is found in their massive database of unsafe content.
https://transparencyreport.google.com/safe-browsing/search
Scan the Link with VirusTotal
Finally, there’s VirusTotal. This tool takes a little longer to give you an answer, but it can be a little more thorough than the others. This is a good last-ditch effort if you aren’t happy with the results from the other tools.
https://www.virustotal.com/gui/home/url
It’s important to keep in mind that a phishing scam or malware attack could still sneak through these tools, especially if the URL was just generated and you are among the first people to get it. These tools are designed to spot known phishing attacks and malware that has already been reported. With that in mind, it’s still a good idea to err on the side of caution.
If you feel like you’ve received a suspicious email, text message, or other correspondence, and you would like us to take a look for you, don’t hesitate to reach out to us at (516) 403-9001.
How often do you get emails from individuals claiming to be working with a business who wants to do business with yours or sell you a product, completely unsolicited and even perhaps a bit suspicious? These types of messages can often land small businesses in hot water, as it only takes one phishing email landing in the wrong inbox at the wrong time to put your business in jeopardy.
The biggest problem with phishing emails is one that you might not expect. It’s certainly problematic enough that phishing scams are increasingly more common, and it’s definitely a challenge to ensure that your infrastructure stays secure under such circumstances. However, you’ll find that the major challenge that cybersecurity professionals face in regard to phishing scams is that hackers are just too crafty with how they continuously adjust their tactics.
Phishing attacks can come in several different manners and tactics, each of them focusing on the fact that the weakest points of your security infrastructure have to do with the human elements of your cybersecurity strategy. They might come in the form of an unsolicited email, or they could come from a phone call asking for sensitive information. No matter what, though, they are going to find ways to circumvent your security protections somehow simply because hackers realize that their best chance of getting through to your organization is through your employees.
And this is not even taking into account the scam emails that are so convincing that even the spam filters cannot capture these potentially dangerous messages. If a hacker takes the time to research your organization and make their message seem like an authentic message, there is a chance that it can bypass your spam filters entirely and become a very real threat to your business. These types of messages can be difficult to identify, especially if your users have not had any formal training about phishing messages.
Simply put, you absolutely cannot rely on your spam filter to keep you safe from the countless threats out there. Messages that don’t automatically get caught by the software’s filters could very well still be phishing emails that have been tailor-made to strike your organization with a social engineering attack.
We always recommend that businesses implement not only enterprise-grade spam filtering to keep the majority of threats out of your employees’ inboxes, but also to train your employees to identify potential threats. This is a type of preventative approach that all businesses should implement, and it’s one that is often overlooked. It’s easy to think that technology can solve all of your problems, and while it’s pretty likely to make improvements to your security infrastructure, it’s only as effective as the people who work for you.
It might be impossible to guarantee that your employees never see a phishing message, but you can optimize the chances that they will act appropriately if you provide them with the correct training and IT resources. MSPNetworks can help fulfill both for your business. We can equip your business with enterprise-grade solutions to keep threats off your network while also providing the training needed to inform your team’s security practices.
To learn more, reach out to us at (516) 403-9001.
Ransomware is devastating as a cyberthreat, but some industries are hurt by it more than others. One such industry is education, and universities and schools are struggling to keep up with these cyberthreats. Most even do the unthinkable in response to attacks: they pay the ransom.
Sophos reports that cybercriminals are increasingly going after the networks of universities and schools with their ransomware, seeing these targets as extremely profitable victims. If you think about it, it makes sense, as institutions of education tend to store immense amounts of personal data that could be valuable to hackers who might want to sell it on the black market. According to Chester Wisniewski, principal research scientist at Sophos, “Schools are among those being hit the hardest by ransomware. They're prime targets for attackers because of their overall lack of strong cybersecurity defenses and the goldmine of personal data they hold.”
The average ransom paid by schools suffering from a ransomware attack is $1.97 million, an absolutely astounding number. The average victim from the higher education industry, however, pays on average $905,000. One can see how these types of attacks would be tempting to pull off for ransomware hackers.
The large reason behind why schools and universities are paying up in response to these ransomware attacks is because these organizations cannot function without access to their data. With school records and networks being encrypted, many of the functions involved with their operations cannot occur. For example, many schools have intranets set up where resources and services can be accessed, and if networks are locked down by ransomware, they cannot be accessed, making things like attending class or accessing services impossible.
Sophos indicates that only 61 percent of the data stolen from schools and universities is recovered after paying the ransom; so, in addition to paying the ransom, cybersecurity professionals need to spend even more time and resources recovering the rest of the data.
These kinds of ransomware attacks cannot be taken lightly. Schools and universities are not exclusively vulnerable to ransomware. All organizations, including your business, can potentially become victims of ransomware attacks.
The best way to keep ransomware from affecting your business is to take a two-pronged approach. Implementing preventative measures and training your staff can go a long way on its own, but we also recommend proactively monitoring your infrastructure for potential vulnerabilities and threats. As long as you keep tabs on what is going on with your network, you won’t have anything to fear—especially if you work with a security provider like MSPNetworks.
MSPNetworks can help your business prepare for ransomware attacks through a combination of preventative measures and proactive monitoring. With the right technology solutions on your side, you’ll have all the protections in place to ensure that there is minimal chance of ransomware affecting your operations. To learn more, reach out to us at (516) 403-9001.
Phishing attacks can be scary to deal with, especially since it is not unheard of for staff members to not even know they are looking at one. To make sure your staff can identify and respond to phishing attacks in an appropriate way, we’ve put together this short guide to help you along the way.
First, let’s go over what makes a phishing attack.
Phishing is one of the most common forms of cyberattacks used by criminals with goals ranging from stealing data to gaining access to an infrastructure. Essentially, a phishing attack is an attempt by a cybercriminal to communicate with your team members in hopes that they will give away important information or allow access to critical systems. Phishing attacks are a natural evolution of cyberattacks that rose in popularity due to the advancement of security standards; while solutions have grown stronger and more difficult to crack, the human mind remains ever-vulnerable.
Phishing emails are the most well-known type of phishing attack, but they also come in other forms, like online forms designed to harvest credentials, SMS messages with infected links, phone calls, and other means of communication. Since phishing attacks can take so many different forms, it’s important that your team knows what to look for in these attempts, as well as how to report them to your trusted IT administrator.
Let’s go over some of the ways your team members can identify a potential phishing attack.
There are plenty of warning signs you can use to identify a phishing attack. Here is a short list to consider, but if you have any concerns at all, we hope you will reach out to us at (516) 403-9001 to learn more about them:
It’s incredibly important to know what these warning signs are so you can actively keep a lookout for them. If you don’t, who knows what could happen?
If you feel you could use some help keeping your business safe from phishing attacks, we are happy to help. To learn more, reach out to us at (516) 403-9001.
If you are a frequent reader of our blog, you know all about phishing scams. They are emails and messages sent that are designed to extort money and gain access to computers and networks for nefarious purposes. The popular IT support company Geek Squad, a subsidiary of Best Buy, is the latest company caught up in such a scam. Let’s take a look at how the scam works and how you can avoid becoming its next victim.
The scam starts benign enough: users will get an email that tells the user that their Geek Squad membership has been renewed. Typically the people that receive this email aren’t members of any recurring Geek Squad service, so they call the toll-free number listed in the email to find out what the deal is. The operator on the other end of the line then agrees to refund the money, but demands access to your online banking account to quickly refund the money. They ask for remote access to your computer to show you how to securely do this.
Then things go completely sideways.
The technician then tells the user that something has gone wrong and tells the user that they mistakenly sent a large amount of money to their bank. Using intimidation and accusations, they get the user to then withdraw money from their bank account and send it to an address to settle up. These fake technicians (fraudsters) will then try to extort more money out of users by saying that the parcel containing the money was never received. It has cost hundreds of people hundreds of thousands of dollars over the first half of 2022 alone.
So, you don’t think you could fall for such a thing? That’s what every victim thinks until they are thousands of dollars lighter in their bank account. Last year, it was Norton Antivirus and during the height of the pandemic it was the IRS and Amazon. These scams never stop, so you should know how they operate so that you can do your best to stay secure. These scams:
If you think a message you’ve received could be a potential phishing attack, you should ask yourself these three questions:
Phishing scams aren’t ever going to stop, so knowing how to identify and thwart attacks before you are out money or your organization deals with a data breach is extremely important. Check back soon for more great cybersecurity content.
The holiday season is a time for merriment and good cheer, but hackers have historically used it to take advantage of peoples’ online shopping tendencies. Phishing scams are always on the rise during the holiday season, so you need to take steps now to ensure that you don’t accidentally put yourself at risk—especially with voice spoofing emerging as a threat for Amazon orders.
This particular threat involves an email scam in which users are encouraged to call a number listed to confirm an order, usually one with a large price tag associated with it. This tactic is used to harvest phone numbers and credit card credentials that can be used in later attacks. Security researchers at Avanan have found that the contact number listed on the email is not Amazon’s; instead, it’s a scammer who records the phone number with Caller ID. The user is then contacted by the scammer who requests further financial information, claiming that they are to cancel the order.
Anyone familiar with Amazon and how it works will immediately be suspicious of these practices. First, most people who use the service will know how to cancel an Amazon order. All they need to do is log into their account and do it from there. Second, if you ordered something, Amazon should technically have your financial information already on record, so why would it need to be confirmed once again? It just sounds fishy. All one needs to do to avoid these threats is slow down, take a step back, and don’t go looking for problems that may not even exist.
These scams revolving around online retailers are not a new concept, but this one is notable because the emails are able to get past spam blockers and content filters. It manages this by using legitimate links within the body of the email, so your email solution might not flag it as spam or a threat.
We offer the following advice to you:
MSPNetworks can help your business stay safe this holiday season with advanced security solutions. To learn more, reach out to us at (516) 403-9001.
Hackers have often used email to trick users into clicking on fraudulent links or to hand over important credentials through phishing scams, but these are usually blocked by an enterprise-level spam blocker. However, hackers have learned that there is indeed a way around these spam blockers, and it’s through popular social media websites.
One of the big reasons why spam blockers are so successful is because it examines the content of the messages you receive and makes a determination about its authenticity. One way that it does so is by looking at links within the email body itself. If the link is legitimate and seems to go to a normal, recognized source, then the message can be considered “legitimate,” even if it is not necessarily safe.
Hackers are now attempting to use social media websites to subvert this weakness in spam blockers; they use the sites as a middle-man of sorts, using the social media website to write a post which includes a suspicious link, then using the social media platform’s sharing capabilities to effectively mask the suspicious link behind that of the social media platform.
This is a particularly crafty approach that should not be taken lightly, and it’s already in use at this present moment. Take, for example, a recent campaign using Facebook as the delivery mechanism for phishing threats. In this scenario, hackers send victims an email message suggesting that they have violated Facebook’s terms of service on their page. When the victim clicks on the link in the email, they are brought to a legitimate Facebook post further detailing the issues that must be addressed. The post prompts the user to click on a phishing link, and the rest is history.
The moral of the story is that you can never trust links in your email inbox from unknown users, even if they appear to be legitimate. Phishing can happen anywhere, especially where you least expect it, like on social media websites and even support forums. If the links look a little too suspicious, then you should wait to take action until you have consulted a security professional like those at MSPNetworks. Our technicians are happy to review the contents of messages and make determinations on their authenticity, particularly for situations like the above one where it’s not clear if the link is legitimate or not.
Now, if you don’t have a spam blocking solution in place, we can help you out with that, too. With a unified threat management tool, you can take full advantage of great security solutions designed to keep you protected from the majority of threats. To learn more, reach out to us at (516) 403-9001.
Learn more about what MSPNetworks can do for your business.
MSPNetworks
1111 Broadhollow Rd Suite 202
Farmingdale, New York 11735