Customer Accounts Drained Through Starbucks App

Security, ,
16
Jul 2015

coffee_on_computer_key

A recent security loophole has affected Starbuck’s customers thanks their mobile app. Read more on this story to learn how it happened and how to avoid it.

For some unlucky coffee lovers, it was not a great morning when they found that hackers were draining their bank accounts through Starbucks mobile app. Starbucks were not the prime target as many would think. The sneaky attack was aimed at users who were directly impacted by the latest Starbucks hacking incident.

Point of entry

It seems that the attacker had spotted vulnerability in Starbucks’ app that permits multiple attempts to guess the correct password.starbucks-tb

Not only did user’s passwords become compromised, the attack exposed some users with the same ID and password for logging into other existing accounts. In theory, this could give an attacker the keys to access and “drain” your online banking accounts and other significant accounts where shopping transactions are permitted.

Considering that 18% of Starbucks’ total transactions are made via their app, its imperative for Starbucks to take corrective measures to handle this issue.

The dirty deed

It’s estimated that $2 billion dollars were made in transactions via mobile payments alone in 2014. Yet, it was incredibly easy for the hackers to carry out this hacking attack.

  • The attackers managed to acquire stolen passwords and ID’s from “black-hat” sources.
  • The attackers used a program to test out combinations of stolen ID and password on the Starbucks app until they successfully gain access into an account.
  • These programs are believed to be sophisticated and efficient enough to process thousands of ID and password combinations every second.
  • Once the attackers were able to access an account, they’d add a gift card to it.
  • After adding the gift card, hackers would then typically transfer all the money from the user’s main account on the app to the gift card itself.
  • The gift card is then managed entirely by the hackers who pocket all the funds.

The real danger lies on what other accounts the hacker may have access to once they’ve compromised an account through the Starbucks App. PayPal account or Credit Card details are also at risk as these can be linked to Starbucks accounts. All this can lead to unimaginable financial damage in both the short and long run.

The “Gift” card

Ever wondered what happens to the money transferred to the gift cards?

Hackers or thieves, whichever way you look at it, will sell or resell these gift cards for their face value. They sometimes fetch less on the internet, churning real dollars out of Starbucks dollars. It may be worth holding on to your real wallet for a little longer!

635671531553796731-star

The whole Starbucks hacking ordeal was first reported by consumer journalist, Bob Sullivan. In fact CNN-Money was able to interview many who had experienced same scandals in the past. The interviews reveal Starbucks slacking on security procedures by not having enough secure authentication processes in place for transactions. For instance, transactions involving those who deposit money onto gift cards or initiate money transfers from bank accounts.

How to stay protected

If ever you’ve been a victim of such a scam, then we suggest you put in a complaint about it to Starbucks ASAP. They will most likely investigate the matter; however you may be prompted to take it up with you bank or PayPal.

Also be sure to update, cycle and change your passwords at your earliest convenience. If you suspect your account details were stolen, your old account credentials may have been sold under scheming “underground” trade sites that buy lists of user credentials.

Many customers have uninstalled the Starbuck’s app and have started to pay with cash or with credit/debit cards. We suggest you follow this advice too until tighter security measures are put in place.

For more ways to safeguard your personal data, contact your local IT professionals.

Read More

How to spot phishing emails and avoid malware infections

Security, ,
14
Jul 2015

Phishing

Do you know how to spot a phishing email? Phishing emails are not only a nuisance, but can also lead to theft. Our guide will show you how to spot them.

The term “phishing” is likened to the word fishing, which sounds almost the same and is used with the same notion to reel in some information such as a username/password or to hook you into taking some action via an unsolicited email. The aim of a phishing email is to “phish” a user by having them fall for the bait without initially realizing it.

Convincing phishing emails work well for the originator without raising too much suspicion to the end user.  So how does one avoid this? First, let’s understand the damage a phishing email can generate before we delve into how to spot one.

What harm can phishing emails cause?

There are two major risks that can result from opening up links or attachments from phishing emails.

  1. Many email authors aim to trick users into believing that they’ve been contacted by a legitimate company that may prompt them to visit a link which can lead to a fake website. This site may be a copy-cat site of a legitimate one, for instance a banking site, complete with a login screen. The spoof site then captures and records login credentials which can be used again by the originator of the dummy site.
  2. The email itself may pretend to pose as the legitimate company, such as a bank, prompting their targets to take action through their link. Usual email wording triggers the user to prompt some action such as “your account is suspended”, “update your information”, or even that an account has had “unauthorized access”. Anything which triggers panic or confusion is enough to get a user to follow through the phishing email’s instruction.

Such scams can lead users to give away their credentials, passwords, and private information, which can be used to steal their identity and money.

Many phishing emails also attempt to infect systems with malware. This is a common entry point for a large majority of infections at companies leading to infecting one’s computer system and network with nasty malware. The worst case scenario includes the malware holding a user’s data hostage in exchange for a ransom.

How to spot phishing scams

Below are usual signs of phishing email to watch out for.

  • Unrecognized sender. This is usually a big giveaway. If you don’t recognize the sender, treat it with suspicion. Even if the recipient appears with the same domain, always question this as clever phishing attacks can use the same company domain to trick users.
  • Unexpected emails. Unless you’re expecting an email from a company i.e. a delivery shipment notification, or a lottery win, treat this with suspicion. If unsure about a delivery shipment, contact the official company – acquiring their contact details through their official website.
  • Prompts to open up attachments. Avoid clicking any links or opening attachments.
  • Odd looking website addresses. Another clue to phishing emails are links in the email having suspicious website addresses, which can redirect you to a dodgy website.
  • Odd looking or out of place emails. If you’re able to look at the sender’s details, see what email address it displays. Most of the time their email domains will not match the company they claim to be from. For instance, an email claiming to be from your bank could have @yahoo.com domain. This is an obvious giveaway!
  • Impersonating institutions and companies. As mentioned earlier, be suspicious of so-called emails posing to be Banks, the IRS, Social Security Office and so forth. They rarely contact users through email. If in doubt, contact them directly and not through any telephone numbers given in the message.
  • Poorly written English and grammar. Many phishing emails contain poorly structured sentences and grammatical mistakes which sound like they’ve been written by a ten year old or a non-native English speaker.

Anatomy of Phishing-1

If ever you’re in doubt, don’t hesitate to notify your IT administrator who can help to block as many phishing emails as possible. Even if some manage to filter through, which does happen, put this guide into practice.

For more ways to secure your business systems and networks, contact your local IT professionals.

Read More

Can you reuse IT equipment?

hardware,
12
Jul 2015

recycle_keyboard

Do you want to reuse IT equipment? There are good reasons to reuse old computers, servers and printers.  Here’s what you need to check before discarding old equipment.

With IT equipment having a recommended life cycle implied by vendors and manufacturers, many businesses wonder if its best to scrap IT equipment altogether or to put it to good use elsewhere.

Since throwing out computer equipment contributes to producing a surplus of waste, which has detrimental effects on both the environment and on life itself, we’ve decided to write this article for ideas on how to re-purpose computer equipment.

The first thing we suggest is to have a list of all the IT inventory, making sure the make, model and specifications are noted down. Then check our ideas below for reusing specific types of equipment.

Reusing desktops or laptops

Fun-Ways-You-Can-Recycle-Your-Old-Computer-10

Check to see what operating system (OS) is on the computer or laptop. For instance, if it runs on a recent OS, such as Windows 7 or 8, it’s still good enough to use.

Some laptops can be reused to provide colleagues with a way to work more flexibly, especially for those who move around a lot, work from home or work on the road.

It’s even worth checking to see if older machines can be re-purposed to be used in a test environment, as a dummy server or to host company files and information.

A computer could also be repurposed to be used as a locked-down guest machine that connects through a guest Wi-Fi network for clients or visitors to use.

Unless there’s already a backup of some sort in place, it’s even possible to set up backup services for a primary server by re-purposing an old computer. For instance, crucial network services such as DNS and DHCP are light to run. Say that a primary server with such services fails; it’ll bring down the network. This is one of many potential examples available.

Reusing a printer

Fun-Ways-You-Can-Recycle-Your-Old-Computer-2

Is your printer a modern one? If so, we suggest checking the ink toner, cartridge and drum prices, to see if how affordable it is. This could result in sparing expenses on a different printer that could cost more to run in the long term.

Even if the ink is expensive, it may be worth connecting the printer to a computer that often prints confidential documents to keep it close to the user.

Reusing networking equipment

It’s worth keeping networking equipment that’s capable of gigabit speeds and at least Wireless-N speeds. Anything slower could be repurposed on a test network or on a home network that doesn’t rely on high  speeds, if needed.  To determine if your networking equipment is capable of gigabit speeds, check for keywords such as GigE, Gigabit, 1000mbit, or cat 6.

A lost cause?

We understand that not everything will be fit for purpose once it’s been worn out or broken, for instance peripherals, mice, keyboards and cables. This is when a reputable recycling company should be contacted to responsibly recycle broken equipment. Now-a-days it’s possible for recycling plants to melt down plastics and metals into molds that can be reused in manufacturing other goods within, but not limited to, the electronics and computer industry. This helps to reduce the demand for mining raw materials in the earth and reducing the carbon foot print generated by such extraction methods and processes.

Be careful!

A final note, be sure to wipe all data from old hard drives/ disks and any removable media that may contain important data. Dumpster diving is still a risk that has the potential for a company’s data to leak, especially when gained from disposed office equipment. This applies to whether the equipment is given away, thrown out (not recommended) or repurposed.

By adopting the practice of reusing IT equipment, this will help make an impact on reducing waste on our landfills.

For more ways to repurpose your IT equipment, contact your local IT professionals.

Read More

Latest Ransom Malware: TeslaCrypt

Security,
10
Jul 2015

teslacrypt1-680x400

A newly discovered ransomware called Teslacrypt is on the loose encrypting victim’s media files. Learn what it is and how to protect against it.

TeslaCrypt will lock up to 185 types of files comprising of data related to the most popular PC games played online. For instance, Assassin’s Creed, BioShock, Call of Duty, Diablo, World of Warcraft and many others are examples of games that have been affected.

The ransom

Once the files have been encrypted, the victims are prompted to pay either $1,000 through PayPal My Cash cards or $500 in Bitcoin to acquire the private encryption key to unlock their files. Criminals will prefer Bitcoin as the preferred method of payment to make them harder to track down. They’ll also use a scarcity tactic by giving those affected three days to pay the ransom.

Risk and vulnerability

According to Vadim Kotov from security firm Bromium, the vulnerability for this attack exists within Opera and Internet Explorer web browsers that visit compromised sites such as WordPress based websites. However it was Fabian Wosar from Emsisoft, an Austrian based security firm, who had discovered TeslaCrypt.

Reports show that a malicious video using Adobe Flash would play on the compromised website, which then redirects the user to a number of dodgy sites until it finally lands into its intended destination- a bundle of malware. This bundle is considered to be an exploit kit, dubbed “Angler”.

Angler plays a part towards helping computers become infected with TeslaCrypt Angler’s mission is to launch a relentless number of attacks whilst the user browses through the malicious sites with the hopes of one of them leading to its goal- to infect the system.

Once Angler gets onto a system it’ll check for two things:

  • One is to verify whether the machine is a physical or a virtual one. Virtual machines are likely to be used by security firms.
  • The second check detects the type of antivirus programs running alongside with the web browser.

adobe flash player hacked

After verifying the two checks, Angler executes attacks based on a recent Adobe Flash vulnerability (that has a patch available since last January) and a slightly older Internet Explorer exploit (security patch released in 2013).  Angler preys on those who do not regularly update and patch their software, therefore it’s crucial to stay on top of updates and patch management.

What files are affected

Teslacrypt will sweep through 185 types of computer files to encrypt them.  Files aren’t only limited to gaming files, it’ll also encrypt all iTunes music in .m4a format, as well as images, video, compressed files and office documents. Once those file are encrypted, they’ll change to  a “.ecc” file extension.

To make things worse for unsuspecting victims, TeslaCrypt then wipes out all of the Windows restore points from the target PC to prevent restoring the files that had just been encrypted from an earlier point in time.

The three most realistic options for victims are:

  • Pay the ransom, although file recovery is not guaranteed
  • Run a full scan with your antivirus to remove it and then restore the locked files from a protected backup drive.
  • A system reformat may be your only choice, counting your losses.

TeslaCrypt can also reach your PC through infected file attachments or a link sent through email. This includes the possibility of unsolicited private messages reaching users from social platforms such as gaming sites, which once executed, can also unravel the attack.

.update

How to stay protected from TeslaCrypt

Zero day vulnerabilities are an ongoing cat and mouse game making it important to have security measures in place. Unaffected backups, staying up to date, and running Anti-Malware can really help save the day with ransomware such as TeslaCrypt.

For more ways to protect your business systems, contact your local IT professionals.

Read More

Does the Speed of your Computer Matter?

hardware,
08
Jul 2015

fast-computer

Computer processor speed helps determine how fast your system performs. We’ll help you answer: does the speed of your computer really matter?

We’ll be providing you with a guide, along with example scenarios for the different processor speeds available today. However, let’s first look at what processor speed is.

What is Processor Speed?

The speed of a processor is measured in hertz, which relates to how many cycles they run per second.  Nowadays processors are measured in Ghz (gigahertz), which means billions of cycles are processed per second.

Not all computers are designed to respond to tasks as quickly as you may be led to believe when a store sales rep tries to sell you a computer. Even with a decent processor, such as a quad core, one needs to be wary of dwarfed speeds that will limit how fast a processor carries out tasks.

It’s no use having a multi core processor that responds to tasks slowly, when one can purchase a cheaper quad core with higher speed capacity. For instance, a 2 Ghz quad core is slower than a 3 Ghz dual core.

Processor Speed Scenarios

website-speed

Below 2.0 Ghz:

Processors with this speed will only manage to cope with basic email and web browsing activities. It’ll also be able to process light document writing. However any other types of demanding software, such as for graphic editing and video creation, will make it struggle and fall flat on its face. Here are some budget systems on Amazon.

2.0-3.0 Ghz:

This range of speed will cope well with web browsing, working with emails, running business programs such as patient management systems and general multi-tasking.  This category works well for the average office computer.

Above 3.0 Ghz:

If you need to run demanding graphic and video systems, then you’ll need to have a computer that comes with a processor of at least this speed. This range is also very good for heavy multi-tasking and creating multimedia such as high resolution graphics and videos.  This category also works well for running many programs, documents, and browser tabs at once.

Having considered all of the above scenarios, a higher speed processor will only work to its potential if it’s supported with enough computer memory. You’ll also need to consider purchasing at least a dual core processor to get speedier and decent PC performance.

For more ways to optimize your business systems systems, contact your local IT professionals.

Read More
1 4 5 6 7 8 14