Beware of Online Tax Scams

Hacking, Ophtek, Phishing, Phishing Email, Security, Security Threats, Tax Scams, , , ,
05
Jan 2021

Many of us will have started preparing our tax returns and hackers are well aware of this. Therefore, it pays to be aware of the numerous online tax scams.

Nobody likes completing tax returns due to the vast amount of data involved. However, they’re essential for organizations to remain operating. And that’s why we spend hours and hours collecting receipts and details for transactions; this is where all the data builds up. Hackers, of course, like nothing more than getting their hands on huge amounts of data. This data can be used for both financial gain and damaging an organization. Accordingly, tax season is their hunting season.

Tax Scams to Look Out For

Countless tax scams are currently circulating in the digital wild, but these are the most common ones you will encounter:

  • Automatic Tax Payment Deduction: A number of emails have been discovered which claim to originate from the Income Tax Department. These emails falsely claim, in order to generate anxiety, that a tax payment has automatically been deducted from their bank account. An attachment is included which masquerades as a receipt for this transaction. Hackers hope that the recipient’s anxiety and confusion will cause them to open this receipt. Unfortunately, contained within this ‘receipt’ is a slice of malware named W32.Golroted. 
  • Fake Government Websites: A popular method for scamming victims out of money is by designing Government websites which look authentic, but are fake. Using information which has usually been stolen through malicious files or social engineering, these fake websites inform victims that they have received a tax fine. The only way to pay this fine is by wiring payment or purchasing general purchase reloadable cards. However, there is no fine to pay and all the victim will be doing is bankrolling the hackers. 
  • IRS Tax Return is Locked: The last few years have seen the emergence of a phishing email which claims that access to the recipient’s tax return has been restricted. The email is designed to look as though it has been sent by the IRS or, sometimes, the manufactures of the popular TurboTax software. The truth is that the email is fake and has been sent by hackers. The email will urge recipients to click on a link which will take them to a malicious website where their personal information will be stolen.

Staying Safe During the Tax Season

Despite the number of online tax scams it’s easy to stay safe during the tax season. All you have to do is follow these best practices:

  • Remember that the IRS will never contact you by email to discuss the nature of your tax return or your personal details.
  • Verify the true identity of any suspicious links by hovering your mouse cursor over the link. A popup will then display where the link will send you.
  • Never send personal documents to unsolicited email requests as it is likely that a hacker is trying to harvest your details
  • Emails that claim to be from official organizations, but do not use your name are to be treated as highly suspicious and should be deleted.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Five Signs That You’ve Been Hacked

Hacking, malware, Ophtek, Security, Security Threats, , , ,
29
Dec 2020

Having your organization’s network breached is a major cyber disaster, so identifying a breach quickly is crucial. But how do you know you’ve been hacked?

Protecting your organizations networks and data is essential, but with the huge number of hacks taking place it’s not easy. And if a breach occurs this can cause multiple problems for your business such as data theft, ransomware demands and damaged networks. When it comes to these attacks then there’s one factor which is essential: speed. The sooner you realize you have been hacked, the sooner you can set about cleansing your system. Hackers may be evolving their methods to become even stealthier, but there are still certain tell-tale signs that you’ve been hacked.

You may not be aware of these indicators, so we’re going to share five signs that you’ve been hacked.

What Are the Signs of Being Hacked?

The most obvious indicators of your PC being hacked are the following:

  1. Password Not Working: One of the simplest signs of falling victim to a hack is when your password isn’t working. Sure, there’s a chance that you’ve mistyped it or simply forgotten it, but alarm bells should start ringing if you’re convinced you’ve got it right. And, if you have activated two-factor authentication and this is also not working, it’s likely your login credentials have been breached. 
  1. Your Browser Keeps Redirecting: If you discover that your internet browser is behaving strangely then this is a sign you have been hacked. Your browser should, for example, open up with either your company home page or Google, but a hacked browser is likely to take you straight to a malicious website. Such a website will prompt you to download files in an attempt to infect your PC with malware. If this happens then you need to close the browser as soon as possible and advise an IT professional. 
  1. Your Anti-malware is Disabled: It’s unlikely that you will ever need to disable your anti-malware software, so any indication of this being disabled could signal a hack. After all, hackers want to make their life as easy as possible. Therefore, if they take control of your PC, the simplest way to download malware undetected is to disable your defenses. Make a point of regularly checking the status of your anti-malware software to stay safe. 
  1. A Mouse Cursor With a Mind of Its Own: Your mouse cursor should, if you’re not moving the mouse, stay still. You may occasionally get a small amount of movement from hardware issues, but any significant movement indicates a hack. If your PCs defenses have been breached then hackers can easily take control of your PC. And this can be evident from unauthorized activity taking place on the screen. So, if you find that applications are being launched without your permission, power off your PC and immediately get it investigated. 
  1. Your PC is Slowing Down: A PC can slow down when it’s processing multiple tasks at once, but one which is slowing down for no particular reason is one to be suspicious of. It could be, for example, that your PC has fallen victim to a botnet and your PCs processing power is being harnessed for attacks elsewhere. If, after restarting your PC, it continues to lag then it’s critical that you take the necessary measures to isolate that PC before looking deeper.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Beware of Fake Resumes Packed with Malware

Hacking, malware, Ophtek, Security, Zloader, , , ,
23
Jun 2020

Hackers are keeping busier than ever and evolving their strategies almost daily; their latest method for attack is to target the humble resume.

Ask any HR professional to tell you how many resumes they receive in a week and they will be able to show you a mountain of them. Even in a business landscape which has changed dramatically over the last 20 years, a resume remains a crucial calling card for employment. And this is why hackers are keen to exploit them. It’s not just that a resume can easily be loaded with malware, it’s more that organizations are so familiar with them they are unlikely to suspect them.

Hackers, of course, thrive on complacency, so it’s time to take a look at what could be lurking inside that next resume.

Malware Laced Resumes

Resume themed scams are on the rise in the US and this latest installment centers around the use of the ZLoader malware. As with many strains of malware, ZLoader is designed to steal credentials. These credentials can include stored passwords and browsing histories, but also banking credentials. And what’s most concerning is that many of these infected resumes are being sent to financial institutions.

But what exactly do these compromised resumes look like? And how are they activated? Well, this is what happens:

  1. Recipient receives an email with a title along the lines of “Job Application” or “Advertised Job”.
  1. Upon opening the email, the recipient is encouraged to open an attached Excel document which claims to be a resume.
  1. If the Excel document is opened, the recipient is then prompted to activate a macro to enable the content.
  1. Unfortunately, activating the macro will only enable a download of the ZLoader malware to the recipient’s PC.
  1. One of ZLoader’s main attack strategies is to infect systems with a malicious app called Zeus which can record keystrokes and steal banking information.

How to Tackle Suspicious Resumes

ZLoader is a form of malware which has been around for several years now. And, thankfully, this means that many anti-malware tools are effective at identifying it and eliminating it. However, if ZLoader is only active for a few minutes it can steal valuable and damaging information. Therefore, it’s always advisable to practice the following:

  • Be Wary of Attachments: Even the most trusted source can be compromised and at the mercy of digital attacks. Say, for example, you receive a resume from a friend – does this mean you should open it without a second thought? The answer is no and this is because your friend’s email address could easily have been hacked. All email attachments should, as a result, be scanned with anti-virus software or checked by an IT professional. 
  • Never Enable Macros: A macro can be very useful for automating certain processes and features in an Office document. But this also makes them perfect for launching malware attacks. If you are ever prompted to enable a macro within an Office document you should verify that it is safe to run. And, again, this should be verified by an IT professional who will have more experience with malicious macros.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Government Websites Compromised in Armenia

anti malware, Cyber Attack, Cyber Security, Hackers, malicious websites, Plugins, Security Threats, , , ,
07
Apr 2020

You would like to think that governments know a thing or two about cyber security. But a recent hack in Armenia has proved otherwise.

European security experts ESET have confirmed that numerous websites belonging to the Armenian government have been targeted and compromised by hackers.   The compromised websites have been infected with malware and pose a nasty security risk to visitors. It’s suspected that the hackers behind this attack are Turla, a Russian hacking group.

We’ve discussed malicious websites before, but this latest attack is a little different. Therefore, it’s crucial that you understand the unique methods behind the infection.

What’s the Story?

The suspected hackers have targeted several websites that come under the control of the Armenian government, but the same fingerprints have also been found on a few non-government websites. Regardless of which website is infected, the methods employed are the same. However, where this attack differs from normal is its selective nature. Rather than attacking every visitor that accesses the infected websites, the malware only targets high-ranking visitors. So, for example, a civilian visitor is likely to remain uninfected, but a government official will not be so lucky.

It’s intriguing that the malware is only interested in high-ranking officials and indicates that there could be a political angle to the attack. Speculation aside, what is known for certain is how the attack unfolds. Once a visitor has been established as ‘high-value’ a command-and-control server generates a malicious JavaScript code. This code is used to deliver a popup window prompting the user to download a Flash update. But while this does, in fact, install a genuine version of Flash, it also contains PyFlash. And this backdoor application allows hackers to gain full access to the infected PC.

How Do You Protect Yourself?

Naturally, the security risk of compromised government PCs is considered high. And, while it is unlikely to affect smaller organizations at present, the selective nature of the attack is troubling. Therefore, it’s important that you safeguard your business against similar attacks. This can be achieved by following these best practices:

  • Use Website Filters: One of the best ways to protect your organization from infected websites is by integrating website filters into your IT setup. These filters are backed up by huge databases, which are regularly updated, and will prevent your users from accessing websites considered a security risk. 
  • Prevent Software Installation: The majority of applications that your employees will want to install are likely to be genuine and safe. But, as with fake Flash updates, this is not always the case. And this is why it makes sense to enforce a complete blanket ban on unauthorized installs. Accordingly, any install requests should be submitted to an IT professional who can evaluate the risk of each proposition.
  • Block Popup Adverts: It’s rare that any PC user welcomes the appearance of a popup advert. And, with the risk of malicious popups so prevalent, it’s the last thing that an IT professional wants to see as well. Therefore, it makes sense to minimize this risk by installing a popup blocker. Not only will this reduce the risk of malware being installed, but it will also provide your PC users with an enhanced experience.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

WordPress Sites are Quietly Downloading Malware

Hacking, Ophtek, Security, Security Threats, WordPress, , , ,
10
Dec 2019

WordPress is a popular platform for building websites, but this popularity has made it a target for hackers. And it’s now being used to launch hacks.

It’s estimated that around 75 million websites use WordPress as the backbone for their content. But not even the largest and most profitable tech companies are immune from hacking. Vulnerabilities are present in almost every piece of software ever designed. And when these vulnerabilities are discovered they will be exploited almost instantly by hackers. WordPress has fallen foul of this all too common scenario and, as a result, 100,000 web users have felt the attentions of these hackers.

Due to the ubiquity of WordPress websites it’s likely that your organization engages with them on a daily basis. It may even be that your organization’s website is hosted through WordPress. Either way, the threat presented is one you want to avoid, so let’s take a look at it.

How were the WordPress Sites Compromised?

Security experts Zscaler were the first people to identify that WordPress sites had been compromised. The nature of the hack is sophisticated, but relatively simple to pull off. After discovering a vulnerability in the ‘theme’ plugin, which is included in WordPress sites, the hackers were able to infect the sites with malicious scripts. These scripts were a form of code which redirected visitors to a Flash Player update alert. However, this urgent update was fake and all that would be downloaded was a malicious file.

The file in question was a Remote Access Trojan (RAT) which allowed remote access to the infected PC. And, with unrestrained access, the hackers were granted the opportunity to download and distribute malware as well as the chance to compromise data. But this isn’t the only way in which the malware infects PCs. Those using the Chrome browser faced an additional threat. Upon visiting the infected WordPress sites, Chrome users were prompted to download an update for the ‘PT Sans’ font. Again, this is a deceptive request and downloads the RAT.

Protecting Against the WordPress Hack

If you own a website which is built on the foundations of WordPress then it’s crucial that you update the associated content management system. This will instantly prevent your website from cultivating the hack and protect your visitors.

Unfortunately, it’s not always possible to tell when a website is using the WordPress system, so you should make sure you practice the following:

  • Scrutinize all Popups: The sheer range of dangerous popups means that they should always be scrutinized. Fake updates tend to stress an extreme urgency which is designed to tempt users into clicking them without checking. Instead, users need to take a second and consult with an IT professional to verify the update is genuine. 
  • Install Anti-Virus Software: It’s vital that your organization uses anti-virus software. Not only can it identify threats such as the WordPress hack, but they are regularly updated. This ensures that your organization is protected from all the latest threats. 

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 2 3 4 5