Tag Archives: Employee Education

Defend Against Romance Scams

It’s Valentine’s Day and Love is in the Air!  So too are romance scammers looking to take advantage of people feeling lonely or longing for affection.  Read on to learn some tips on how to prevent becoming a victim of these online scams. 

Romance scammers often target victims through social media and dating websites.  Scammers will create a fake profile using stolen photos and information and use that to lure their victims into a relationship.  Once they have an emotional connection with their victim, they will often request money.  The ask may come with a sob story, promises of a benefit, or claims of an emergency situation. 

In 2020, the FBI reported that victims of romance scams in the United States lost more than $600 million, with an average loss of $15,000 per victim. But the financial loss is just the beginning. Victims may also experience feelings of betrayal, shame, and embarrassment, as well as damage to their self-esteem and trust in others.

How to prevent becoming a victim of Romance Scams:

Here are a few tips to challenge a romance scammer:

  1. Schedule an online video-conference meeting.  Scammers using stolen photos in their profile cannot look the same on camera.  If they make excuses about why they cannot appear, they are likely not who they claim to be.
  2. Never share private information or money to someone you haven’t met in person.
  3. Requests for nudity can result in extortion as scammers will threaten to post or share those photos with the victim’s friends or family if they don’t pay. Be wary of sharing photos that may embarass you later.
  4. Take a breath.  Get to know the person and verify their identity before you get too involved. 
  5. Consider a background check on anyone you date online. 
  6. Ask a relative or trusted friend to meet your new online companion. 
  7. If you have been scammed, report it to law enforcement and the dating site or social media platform. 

Common Lies Told By Romance Scammers:

The FTC has compiled a list of the most commonly used lies told to victims during a romance scam. To learn more, visit the FTC article.

In conclusion, stay vigilant and know that romance scams are a serious threat to online users looking for love and companionship.  By following these simple tips, you can protect yourself from loss of money and feelings of victimization. 

A Better Choice Network Solutions offers cybersecurity training for business professionals and their employees. Reach out at 813-605-7251 ext 1 or email us at info@abcnetfl.com for more information.

How to Prevent a Cyber Attack! Part 2

5 Ways To Prevent a Cyber Attack! – Part 2

The threat of phishing, spam, and scams is always changing. So we’re offering a series of tips to protect you and your business. Here’s part 2.

  • Multi-Factor Authentication
  • Computer Updates
  • Dark Web Research
  • SIEM/Log Management
  • Web Gateway Security

Learn the details. Download our PDF info graphic.

How to Prevent a Cyber Attack! Part 1

5 Ways To Prevent a Cyber Attack! – Part 1

The threat of phishing, spam, and scams is always changing. So we’re offering a series of tips to protect you and your business. Here’s part 1.

  • Security Assessment
  • Security Awareness
  • Spam Email
  • Passwords
  • Detection & Response

Learn the details. Download our PDF info graphic.

Pop up stating Your Files Are Encrypted. Hackers will encrypt your files with Ransomware and charge you to buy an encryption key to restore access to your data.

3 Ways to Avoid Phishing Attacks

By all accounts, phishing attacks are the favorite tool of hackers. Phishing is the internet equivalent of throwing bait out and waiting for someone to bite. Phishing attacks can be utilized to gather protected information like bank accounts, dates of birth, passwords and social security numbers, or to deliver malware and viruses to your device. Learning how to identify and respond to phishing attacks will help you and your employees protect your data, your profits and your productivity.

Here are 3 ways to avoid phishing attacks to yourself and your business.

1. Knowledge is Power

Educate your employees and yourself.

Trained employees can identify threats and avoid clicking on dangerous links. Employees must know why and how hackers access their data. Training on the latest hacker techniques arms your employees with the tools to defend your data.

Phishing emails are often topical. At the time of this blog, COVID-19 dominates the headlines worldwide. Hackers have responded with phishing emails about stimulus checks, how to prevent or cure the virus, offers for relevant items and charities requesting donations on behalf of victims. Additionally, they have sent emails spoofing the World Health Organization (WHO) and Centers for Disease Control (CDC).

Phishing scams also rely on hot-button issues like political trigger points. They might provide topics such as “Trump Locks Up Hillary” or “Trump’s Tax Returns Released.” They could promise sensational riches such as “Click here to learn how we made millions while working from home.” They could entice using the sex sells method: “Taylor Swift laptop hacked. Click here to see her sex tape.” Additionally, hackers often impersonate well known and trusted entities such as Amazon (like the pictured example below), Microsoft, UPS, FedEx and common banking institutions.

In addition to training, you should test your employees with phishing simulators. All it takes is one employee. You should know who in your organization is the weakest link, and help strengthen them.

The right cyber-security training can benefit anyone in both their personal and professional lives.

An example of a phishing email designed to look like it came from Amazon with markings to indicate the identifiers that differentiate it from a regular email.
An example of a phishing email with notations

2. No Target Too Small

Don’t assume you’re a small target. Unlike actual fishing, hackers don’t care how small their catch is. Your data has a value. Small businesses and individuals that believe they are too small are playing right into the hands of the hackers.

For a moment, imagine that you logged into your computer this morning and found all your sensitive data encrypted. A few minutes later, you receive an email demanding money for the encryption key to get your data back. How much is that worth to you? How much will you pay? Normally, hackers will only give you a limited amount of time to respond before the price rises or other consequences occur.

In addition to the threat of losing your data, ransomware hackers in recent weeks have started threatening to release stolen data to friends of the victim or the public. Consequently, this has added an additional urgency to the decision to pay a ransom.

Ask yourself what data do you have in your computer that you are willing to lose?

  • Wedding photos? Photos of the birth of your baby?
  • Private selfies?
  • A medical history form you completed for your doctor?
  • Drug use?
  • Sexual history, or orientation?
  • Prior criminal record?
  • Your viewing history?
  • Pictures of family members that have died?

Hackers don’t care how small your business is. They know the value of your data. Therefore, you should too.

3. Don’t click or forward

If you or an employee suspects an email or message is “phishy,” don’t click any links (including the unsubscribe button) or open any attachments. If necessary, look up the phone number of the sender and contact them to verify that the email is valid. Also, don’t forward the email to a co-worker to ask for their opinion. Finally, don’t reply to hackers. Hackers will attempt to convince you that their email is valid.

Conversely, when notified after an employee has already clicked on a link or opened an attachment, contact your IT provider and notify them immediately. In many cases, malware hides to spread to other devices in the network. The faster an IT person can investigate and abate the threat, the more likely they can prevent further damage.

As a side note, C-Level Administrators, please be patient with employees that report clicks. Phishing attacks are getting much more difficult to spot since the days of the “Nigerian Prince” emails. Making timely notifications to supervisors and IT personnel should be considered a positive response.

Conclusion

In conclusion, Phishing emails are the most common forms of attack. Approximately 90% of phishing attacks arrive via email. Having a spam filter can reduce the amount of emails that have to be evaluated by employees and subsequently reduce risk.

Finally, backup your data. Employees make mistakes every day. Having the ability to recover quickly from an attack is invaluable. If your cyber-security budget is limited, start with backup.

5 common myths about malware

5 common myths about malware

Dispelling myths and misconceptions about malware and cyber-crime is necessary to help business owners and managers better understand their network environment, their employee’s use of company assets, and the threats to their network that can severely limit productivity and cut into profit margins.  Here are 5 common myths about malware that can help your business avoid the mistakes other companies have made.

1. I don’t need an IT person.  I only use MAC computers!

Apple products are still vulnerable to attack by cyber-criminals.  Many businesses preferred PC’s because they were more customizable.  Attacks on Apple products are on the rise.  The first case of Ransomware on a Mac occurred in 2016.  Cyber-criminals don’t care what type of computer you buy or what type of operating system you have.

2. My employee’s computer has malware.  Bet they were on an adult website!

The prevalence of malware is so incredibly high that it is virtually unavoidable.  According to Kaspersky Labs, there are 323,000 new samples of malware found every day!  The only way you can avoid malware is to use an “air-gapped” computer.  Air-gapped means that the computer has never been connected to the internet.  The internet is a great resource for sharing information at light speed.  Most businesses are dependent upon the reliable flow of information that the internet provides.  Think not?  Turn off your router when you go into work tomorrow and let me know how it works out for you.  The presence or absence of malware is not a reflection of bad or inappropriate behavior.

Psst…as an aside, the adult website is probably safer than the website of your business, your favorite restaurant and your church.  Adult websites invest in cyber-security because (1) they can’t afford downtime, and (2) their entire income is reliant on staying up (Oh no, he didn’t!).

3. My business is too small.  Cyber-criminals aren’t interested in me.

Criminals don’t operate that way.  A criminal doesn’t examine your P&L before deciding whether to target your business.  The cyber-criminal likely doesn’t even know anything about your company.  Cyber-criminals operate differently.  They attach their malware to an email and send it out a million times across the world.  If they get a click rate of 1%, that’s 10,000 victims.  The average Ransomware demand has been on the rise lately, but for the sake of argument, let’s make it $500.

10,000 * $500 = $5,000,000.

$5 million while sitting at their computer with none of the worries that many street criminals face.  Many operate in overseas countries with no extradition treaty, so they are well outside of the reach of the FBI.  No risk of prison.  Considering that this process is mostly automated and requires very little technical knowledge, they can make $5 million incredibly quickly with minimal skill!

4. Only $500?  Paying the ransom is cheaper than paying you to secure my network!

If you factor in only the amount of the ransom, it is probably cheaper just to pay it.  If that were the only factor, I would tell you myself to pay the ransom.  There are some other factors that you need to weigh before you dole out that money though.

a. Paying the ransom doesn’t guarantee that you will get your data back.

How much is your data worth to your business?  What if you pay the $500 and they won’t or can’t give you the data back?  How well can your business operate without your Quick-books or other financial files, your business contacts, and your customer information?  Last year, 25% of business owners paid the ransom and never recovered their data.

b. Paying the ransom isn’t a simple process.

Most of the cyber-criminals want payment in crypto-currency like Bitcoin because it is untraceable.  Setting up a bitcoin account and purchasing the necessary amount to pay the ransom is not a simple process.  It might take days just to complete the bitcoin purchase.  How many of your employees rely on their computers and data to be productive?  Multiply that times the average hourly wage of those employees.  Now, multiply that times the amount of time it takes to get your computer back in service.  Factor in the loss of revenue for notifying your customers of a data breach and providing them with credit monitoring.  Now you are getting a better idea of the true cost of Ransomware.

c. Who are you paying for your data?

The people that are engaging in this activity are foreign government agents and multi-national corporations.  These cyber-attacks, while easy to do, are not being carried out by the pimply teenager in his Mom’s basement.  Our nation’s enemies are funding, ordering and carrying out these attacks.  (In all fairness, we are probably doing it to them also.)  When you think about giving $500 to a cyber-criminal, think about donating the money to Vladimir Putin, China, and members of the ISIS (or ISIL). Does it still sound like a good idea?

5.  The biggest threat to my network is malware.

The biggest threat to your network are actually your employees.  A 2015 study estimated that employee cyber-security training can reduce threats by anywhere from 45-70%.  Of course, the training must be good quality, and should be followed up with regular testing.  The end result, however, is invaluable.  I can work with you to build layered security designed to protect your network, but what good is it if one click by an employee can bypass it?  Educating employees is a relatively inexpensive endeavor, and they can use what they learn to avoid problems on their personal IoT devices.  So, a win/win!  Companies such as KnowBe4 provide online training and testing resources to help you at very affordable prices.  As reseller partners of KnowBe4 training, we can manage the training and testing for you and still save you money on their normal pricing (limited to the Tampa Bay area).

Investing in cyber-security is one of the few things that our politicians agree on as a need.  While they are fighting over the details, why leave your business vulnerable?  Call A Better Choice Network Solutions at (813) 605-7251 today to schedule a free, no obligation consultation.

Data Breach Malware Cyber-security

PowerPoint Malware Phishing Hack

The threats in cyber-security are constantly changing. Cyber-criminals are finding new delivery methods to defeat your cyber-security methods. Now, hovering over the power-point attachment in a phishing email can infect your computer with malware.

Power-point attack changes the game.

Here is a reminder that you need to be on alert for phishing emails that contain malicious attachments.

Currently there are emails going around with a malicious PowerPoint file attached. If you simply open this attached file, your computer can become infiltrated with Ransomware, and your computer and even your organization’s network can be taken hostage.

Here is the worst part: if you move or hover your mouse over a link in the attachment without even clicking on it, your computer can instantly be compromised. The subject lines of these emails can vary greatly, but some of the reported emails have had subject lines similar to ‘Purchase Order #130527’ and ‘Confirmation’.

These short tips will help you prevent infection:

  • Were you expecting the email? If not, don’t open it.  If you do open it, never hover over or click the attachments!
  • Does the subject line of the email seem like something you weren’t expecting, out of the ordinary, or irrelevant to the message content?
  • Have you ever talked to the sender of the email? If you weren’t expecting an attachment, call them to determine if they intended to send you this attachment. The email could be from a hacker spoofing their email address or sending malicious attachments from their email account.

Currently, this is only relevant to power-point attachments.  It would not be surprising to see it evolve to all Office apps in the future.  Stay safe by staying aware!

Our partner, KnowBe4, must be acknowledged for contributing to this blog.

Be sure to follow us on Facebook, Twitter, Google+, and LinkedIn for updates on cybersecurity and technology. Contact us with any questions or concerns you have about your technology! 

new docusign phishing emails scam

Scam of the Week: Docusign

The latest DocuSign threat information from KnowBe4, who we partner with to provide education and updates…

Forget WannaCry.  It’s time to prepare for the next threat…

Hackers have stolen the customer email database of DocuSign, the company that allows companies to electronically sign documents. These criminals are now sending phishing emails that look exactly like the real ones. However, they try to trick you into opening an attached Word file and click to enable editing.

If you do that, malware may be installed on your workstation. So if you get emails that look like they come from DocuSign and have an attachment, be very careful. If there is any doubt, pick up the phone and verify before you electronically sign any email. Remember: Think Before You Click.

Let’s stay safe out there.

 

Be sure to follow us on Facebook, Twitter, and LinkedIn for updates and news on cyber-security and technology. 

scam of the week: google docs phishing scam

KnowBe4 Scam Of The Week: Massive Google Doc Phishing Attack

Think Before You Click On Random Google Doc Invitation Links!

A very convincing Google Docs phishing scam raced through the internet last week. The scam spread almost as fast as a real computer worm, but it was driven by social engineering instead. It appears that a million people fell for it in less than an hour. It was so effective that even if you didn’t receive this email, you probably know someone who did.

The email appeared to be someone you know sharing a Google Doc with you. If you clicked the link in the message, it would have asked you for access permissions to your Gmail account, which the actual Google Docs links would not need.

If you had agreed to give permissions, it would have allowed a malicious third-party web app named “Google Docs” to access your email and address book. It would have spammed everyone in your contacts with the same link to that bogus Google Docs file. Your contacts, in turn, would email everyone in their contacts, and so on, like a human-powered computer worm. All of the emails included the same recipient email address of @mailinator.com. The actual recipient was blind carbon copied (BCC’ed) on it.

Below is an example of what the email looked like:

phishing attack example
A person who is watching out for red flags in emails would have decided that this email was unexpected and suspicious. Were you expecting a Google Doc invitation from this person? Provided you were expecting something, is the name of the shared file relevant to what you were expecting? If not, hit that delete button, or report the message to your IT team.

If you’re unsure about whether it is safe or not, contact the person who sent it through a different method (other than email) to ensure it is legitimate. Be vigilant and keep yourself and your organization safe. Always Think Before You Click!

 

Be sure to follow us on Facebook, Twitter, and LinkedIn for updates and news on cyber-security and technology.