4 Ways to Tell If You’re Being Phished

Cyber Attack, Hacking, malware, Password Security, Phishing, Phishing Email, Ransomware, Security, Security Threats, , , , ,
25
Sep 2018

Phishing is big business for hackers and you can rest assured that it’s a niche they’re keen to exploit, but how do you know when you’re being phished?

Kaspersky Lab reported around 246 million phishing attempts being executed in 2017, so it’s fairly clear that phishing is taking place on a monumental scale. And, to provide a little perspective, those 246 million phishing attempts are only the ones that were picked up by Kaspersky’s software. If you factor in all the other security providers’ data then you’re left with a staggering amount.

Phishing, therefore, is something that you’re likely to encounter and, the truth is, your organization is likely to receive a significant number of phishing emails every day. Thankfully, protecting your business from the dangers of phishing emails is relatively easy. And, to help boost your defenses, we’re going to show you four ways to tell if you’re being phished.

1.  Analyze the Email Address

While it’s straightforward to mask an email address with a false one, many hackers simply don’t bother. And that’s why you’re likely to find that most phishing emails are sent from unusual email addresses. Say, for example, you receive an email from your bank asking you to provide sensitive information regarding your account, it’s not going to come from a Hotmail address, is it? However, many people fail to check the sender’s email address and, instead, become distracted by the seemingly genuine contents.

2.  How’s the Grammar?

A tell-tale sign of a phishing email is poor grammar and even worse spelling. Hackers, after all, aren’t too bothered about honing their command of the written word. All they want to do is hack and hack big. Accordingly, their emails will fail to contain the type of language you would expect to receive from a work colleague or another organization. So, remember: if they can’t spell your name in their opening introduction then you should be highly suspicious.

3.  Did You Ask For Those Attachments?

Hackers love to catch their victims out with attachments that contain a nasty payload, so any attachments should always be treated with caution. Sometimes these attachments can be easily identified as malicious, but it’s not always simple. First of all, ask yourself whether the attachment is relevant to your job. If you work in the service department and you’ve been sent a spreadsheet relating to company finances then there’s no need for you to open it. Secondly, keep an eye out for file extensions you don’t recognize as opening these could easily lead to executing malware.

4.  Deceptive Links

One of the main objectives of a phishing email is to take the recipient away from the security of their PC and onto dangerous websites which are riddled with malware. And the best way they can do this is through the use of a deceptive link. While a link may look genuine on the surface, it can easily direct you somewhere else altogether. The best way to verify a link’s true destination is by hovering your mouse cursor over the link to reveal the true URL address.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

How Did the DNC Get Hacked by Phishing Emails in 2016?

Cyber Attack, email links, Hacking, malware, Password Security, Phishing, Phishing Email, Security, , ,
18
Sep 2018

You may think that political parties understand the need for good security, but back in 2016 the DNC suffered a major hack due to phishing emails.

Thanks to a sustained attack, Russian hackers were able to infiltrate email accounts of those involved within Hilary Clinton’s campaign to become president of the United States. And, as you know, the rest is history. However, not many people are aware of exactly how the DNC got hacked so extensively that highly sensitive information was obtained and then leaked to the public.

Although not every single detail has been revealed, we know enough that the hack was, in relative terms, a fairly simple execution. Naturally, you’re unlikely to be targeted by the same people who are involved in political attacks, but their methods are likely to be similar. Therefore, we’re going to take a look at how the DNC was hacked by phishing emails, so you can understand how to avoid it.

Phishing for DNC Secrets

The hack began on March 10th, 2016 and involved a batch of heavily disguised emails, which appeared to be sent by Google, being sent to key members of Hilary Clinton’s campaign team. These emails purported to be advising the recipients that their passwords needed changing in order to strengthen their security. However, the links contained within these emails sent users to a malicious website where strengthening security was the last thing on their mind. With these email accounts compromised, the hackers were then able to access private contact lists held within them.

Within a day, the hackers had access to confidential email addresses for key targets within the DNC campaign. And, almost immediately, the hackers began to send phishing emails to these email addresses in order to work their way higher up the chain of command. Despite the presence of two-factor authentication, the hackers’ persistence paid off as they eventually managed to breach the defenses of John Podesta, chairman of the DNC’s campaign. This email account, alone, provided access to 50,000 confidential emails.

This assault is believed to have been organized and orchestrated by the Russian cyber-espionage organization known as Fancy Bear. Despite accessing such a huge amount of emails from Podestra, Fancy Bear intensified their hacking campaign and this led to security experts becoming suspicious of methods being employed to dupe Google’s spam filter into accepting malicious emails into the inboxes of DNC targets. The clean-up operation, however, was too late and Podestra’s breached emails were soon published on Wikileaks.

Be Clever, Don’t Get Phished

The 2016 attack on the DNC is probably the most famous, and damaging, phishing attack in cyber-history. Simply due to a few members of staff clicking malicious links, an entire election campaign was brought to its knees. Reinforcing good email security, therefore, remains a crucial practice for any organization in modern business. Even with millions of dollars of security in place, the DNC fell victim to a simple phishing scam and, next time, it could easily be your organization.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

What Should You Do When You Receive a Phishing Email?

Hacking, malware, Phishing, Phishing Email, Security, Security Threats, , , ,
11
Sep 2018

Phishing emails are the scourge of our inboxes and there seem to be more and more each week, so what should you do when you receive a phishing email?

The aim of phishing emails is for the sender of said emails to obtain sensitive information from the recipient. This goal is realized by cleverly disguising the email to make it look as genuine as possible and, therefore, gain the recipient’s trust. Data targeted by phishing emails usually relates to sensitive details including login details and passwords. And this data leakage can cause serious harm to businesses with the average cost of a phishing attack on a medium sized business costing around $1.6 million.

No organization that wants to remain productive and competitive wants to deal with the chaos of a phishing attack, so we’re going to take a look at what you should do when you receive a phishing email.

Do Not Open Phishing Emails

The best way to avoid the dangers of phishing emails is very simple: Don’t open them! This, of course, is easier said than done as phishing emails have become incredibly sophisticated over the years e.g. spoofing email addresses. However, if for any reason whatsoever you do not recognize an email address or there’s something unusual about the email subject then it’s always best to err on the side of the caution. Instead, move the cursor away and get your IT team to investigate it before going any further.

Leave Links Well Alone

Opening a phishing email isn’t enough, on its own, to activate the malicious payload, but it’s very simple to do so. Phishing emails often contain links which, once clicked, send the user to malicious websites where malware is automatically downloaded to the user’s PC. This malware is usually very discreet and is able to run silently in the background where it is able to log keystrokes or even take control of the user’s PC. So, remember: if you don’t recognize the sender of an email, it’s crucial that you never click their links.

Don’t Respond

Phishing emails will often try to gain your trust by establishing a connection, so you need to be mindful of these deceptive tactics. By hitting the reply button, for example, you’re demonstrating to the hacker that not only is your email account active, but that you’re willing to engage. And, if a phone number is provided, never ever ring it as it will involve further social engineering and potentially a very high phone charge to a premium member. It may be tempting to respond, but always say no and move away from engaging.

Report the Email

Any form of hacking represents a serious threat to the security of your organization, so it should be every employee’s duty to report a phishing email as soon as possible. This allows your IT team to analyze the email and its contents before taking action. This could be as simple as deleting it securely or telling you that, actually, it’s safe to open. Ultimately, shared knowledge allows your entire organization to stay on top of phishing emails, so, even if you’ve clicked something you shouldn’t have, report it immediately.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

5 Things to Consider When Upgrading Your Servers

PC Server, Tower, Updates, upgrade hardware, Windows Server, ,
04
Sep 2018

Your server is the backbone of your organization’s IT functionality, but what do you need to consider when it’s time to upgrade?

Purchasing and installing a new server is a massive move for any organization. Install the best server for your needs and your productivity should skyrocket. Choose one that doesn’t quite fit with your business and it will seriously harm the way you’re able to operate. Therefore, choosing the correct server is important if you value your organization’s future.

Moving forward, though, isn’t always straightforward due to the complexity of such an upgrade. To help simplify matters, we’re going to share five things to consider when upgrading your servers.

  1. The Right Performance

First and foremost, you have to make sure that any potential new server is able to meet the needs of your organization’s IT needs. The main reason that an organization looks to upgrade is because the current technology isn’t able to fulfill their existing needs. Consulting with various department heads and IT professionals is essential to gauge the necessary requirements, so start by compiling this information and work from there.

  1. Is Integration Possible?

You’ve more than likely got an existing server in place, but upgrading doesn’t mean that you need to chuck your old one out with the trash. In fact, it’s possible that you’ll be able to integrate vast sections of your existing server into your new server. Not only does this potentially save you costs on new technology, but it also provides a level of consistency in terms of staff knowledge on the existing technology.

  1. Costs?

Performance, of course, is paramount, but price is equally important as all organizations work to a strict budget. Once you understand your performance needs, the next step is to evaluate which available servers meet this most closely. Technology, after all, can be costly, so you shouldn’t be paying for any technology that won’t be of use to your organization’s output.

  1. Factor in Maintenance

A brand new server is fantastic, but even the most up to date technology needs to be maintained. Any length of downtime is disastrous for any organization which understands the basics of productivity, so the shrewdest move with servers is to ensure that some form of maintenance cover is put in place. Often, there will be a warranty included with new technology, but this will always have an expiry date, so make sure you start asking about extended warranty options from an early stage.

  1. Future Upgrades?

It may seem counter-intuitive to consider future scalability as you upgrade, but looking to the future is vital when it comes to working with IT technology. The rapid pace at which technology expands means that you may need to consider growing your server a lot sooner than you expected. Discussing expansion options is crucial to safeguard against being lumbered with huge costs in the future when your existing technology is unable to expand further to keep pace.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

How to Plan for Better Disaster Recovery in IT

Backup and Recovery, Best Practices, Cloud Backup, Disaster Recovery, IT Best Practices, , ,
28
Aug 2018

Due to our reliance on data technology, good disaster recovery processes have never been more vital. However, how do you plan for better disaster recovery?

It may be a challenge, but you don’t need to feel apprehensive when trying to tackle this complex problem. And when it comes to disaster recovery, planning is the most important factor. If your IT systems fail then you need to start your recovery process as soon as possible and ensure it’s as effective as it can be. The sooner you can restore normal operations, the less your productivity is affected.

So, if you want to make sure your disaster recovery procedures are finely tuned, make sure you incorporate the following tips. They could be the difference between no IT infrastructure and one that can keep your organization functioning.

Have a Plan

The first step towards having a better disaster recovery plan is to have a plan. Unfortunately, many organizations find themselves too busy to worry about potential disasters and, instead, concentrate purely on the present. While this may help you with your immediate business objectives, it’s not going to help you in the case of an emergency. Therefore, starting work on a disaster recovery plan needs to be sooner rather than later.

Cost isn’t Everything

It’s understandable that budgets are essential when it comes to good business, but disaster recovery plans for IT infrastructure are a little different. Without a fully functioning IT service, it’s unlikely your organization is going to be able to trade at its full potential, if at all. And this is why you need to be careful when looking at the technology and services required for your data recovery. Naturally, you shouldn’t spend an exorbitant amount of money that could cripple your margins, but you also need a data recovery plan which can recover your IT infrastructure quickly and effectively.

Understand Your Recovery Objectives

Key to a good recovery process is understanding what data is crucial and how soon it’s required in the case of a data outage/loss. Objectives, of course, need to be achievable, so don’t burden yourself with unattainable goals such as ‘every worker to have access to emails within 10 minutes of a data disaster’. The best way to test your objectives and measure how attainable they are is through regular testing. This should prepare you for any future scenarios and guarantee that you know how to manage their impact.

Update Your Recovery Plan

If you’re lucky, your organization will manage to operate for a long time without experiencing any data disasters. However, this can lead to a dangerous sense of inertia creeping into your recovery processes. And, as we all know, technology moves at a rapid pace. Software and hardware can be replaced on a yearly basis and these new developments may not chime harmoniously with your existing recovery plan. Accordingly, your disaster recovery plan needs to be regularly reviewed to ensure that it’s current and matches your existing IT landscape.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 54 55 56 57 58 116