How to Protect Yourself against Social Engineering

Hacking, Ophtek, Phishing, Phishing Email, Security Threats, social engineering, , , ,
04
Aug 2020

 

Hackers thrive upon deception and the result of this endeavor is social engineering. It’s a powerful tactic and one you need to protect yourself from.

Social engineering has been used to deploy attacks such as the Coronavirus malware and the recent attack on high profile Twitter accounts. The method is intriguing due to its sophistication and its human element. Rather than relying on complex coding techniques to outwit computer systems, social engineering takes advantage of human naivety. More importantly, however, is the sheer destruction that it can cause.

The world is a perilous place at the best times, but now more than ever we need to make sure we protect ourselves and our businesses. One of the best ways to get started is by reinforcing the barricades against social engineering.

What is Social Engineering?

Manipulation is, in a word, exactly what social engineering is. But you’re going to need a little more information than that, so let’s take a closer look.
Social engineering is a process in which one party seeks to deceive individuals into revealing sensitive information. When it comes to the world of IT this sensitive data tends to relate to login credentials, but can also involve transferring sensitive documents such as employee records. These attacks are commonly executed through the use of phishing emails, but this is not the only technique. It’s possible for hackers to carry out social engineering attacks over the telephone and even face to face.

The Best Ways to Protect Yourself

Protecting yourself against social engineering takes a concerted effort. You can’t rely on software alone to protect you. Luckily, you can strengthen your personal defenses by practicing the following:

Take Your Time: Social engineering relies on a lack of caution on the victim’s part. Therefore, it’s crucial that you always take your time when it comes to any form of communication. A social engineer will do their best to force you into making a quick decision e.g. clicking a link or disclosing your password. To counter this, evaluate all requests and press for answers if you feel even slightly suspicious.

Use Email Filters: There have been great advances made in email filters over the course of the last 20 years. Where these junk filters once had relatively little use they are now highly intelligent. Enabling your email filters will enhance your security and prevent the majority of phishing emails making their way into your inbox. This reduces your risk and stops you from engaging with a social engineer.

Too Good to Be True: As with all areas of life, if something sounds too good to be true then it makes sense to be suspicious. After all, it’s unlikely that a representative for an African prince wants to deposit millions of dollars into your bank account. And, if they did, why would they require your social security number? And your workplace login credentials? As a rule of thumb, if it sounds like a scam then it probably is and should be deleted.

Is the Source Genuine: If an email says that it’s from your bank then this doesn’t mean it’s from your bank. Likewise, a phone call from your HR team isn’t necessarily genuine. Hackers specialize in trickery and deception, so they won’t shy away from such blatant and direct approaches. Always check every request for details such genuine URL details (by hovering over a link) and only transmitting sensitive data to internal email addresses.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Major Spyware Risks Found Within Google Chrome Add-ons

extensions, Ophtek, Security, Security Threats, , ,
07
Jul 2020

Google’s Chrome is the most widely used browser on the internet, but this dominance also makes it a major target for hackers.

The popularity of Chrome means that it’s a vital asset for PC users and this applies to both domestic and business settings. One of the major advantages of Chrome is that it’s supported by a vast database of add-ons. These add-ons, which are coded by official developers or third-party coders, can be installed within seconds and provide an enhanced browsing experience. But the ease with which these add-ons can be released makes them a security risk.

This risk has been brought into sharp focus by a security lapse which has led to 32 million downloads of malicious spyware. And this startling figure is why we’re going to take a closer look at the situation.

What is a Chrome Add-on?

You may be wondering what a Chrome add-on is and it’s a good question which we will quickly cover. Add-ons, also known as extensions, allow users to modify Chrome in a way which adds extra features and accessibility e.g.  Save to Google Drive. The add-ons are built using web technologies such as JavaScript and are embedded into the user’s browser where they can be turned on and off.

How Has Spyware Infiltrated Chrome Add-ons?

Security researchers have discovered that a number of Chrome add-ons have not been delivering the benefits they promise. These particular extensions, available for free, advertise themselves as providing services which include converting files to different formats and warning about malicious websites. However, these add-ons contain a nasty surprise in the form of spyware. And this spyware has been used to record browsing data and login credentials. Around 70 suspicious add-ons, all uploaded with fake contact details, have been identified and since removed by Google.

How Can You Protect Yourself Against Malicious Add-ons?

The busy digital age we live in means it’s easy to lose focus with what’s happening on our screens. But vigilance is crucial when it comes to threats such as malicious add-ons. Therefore, it’s important that you practice the following when working with extensions:

  • Check Permissions: Whenever you install an add-on it will detail the permissions that it requires to run. These could range from asking for permission to access your hard drive through to analyzing your browsing data. An add-on which asks for a large number of permissions should immediately ring alarm bells. Most important, however, is the nature of these permissions. Anything which feels too invasive should be declined and an alternative sought. 
  • Audit Your Add-ons: It’s always a good idea to monitor the add-ons you have installed in your browser. Any that you deem as no longer necessary should be removed; auditing your add-ons should be carried out every month. This will ensure that your browser does not become bloated with add-ons and minimizes the risk of rogue extensions being present. 
  • Ask a Professional: If in doubt, always reach out to an IT professional before installing an add-on. Their experience of identifying malicious software will allow them to quickly determine whether it is safe or not. And, don’t forget, only ever consider an add-on which provides an invaluable benefit. Otherwise it is recommended to continue without it.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Beware of Fake Resumes Packed with Malware

Hacking, malware, Ophtek, Security, Zloader, , , ,
23
Jun 2020

Hackers are keeping busier than ever and evolving their strategies almost daily; their latest method for attack is to target the humble resume.

Ask any HR professional to tell you how many resumes they receive in a week and they will be able to show you a mountain of them. Even in a business landscape which has changed dramatically over the last 20 years, a resume remains a crucial calling card for employment. And this is why hackers are keen to exploit them. It’s not just that a resume can easily be loaded with malware, it’s more that organizations are so familiar with them they are unlikely to suspect them.

Hackers, of course, thrive on complacency, so it’s time to take a look at what could be lurking inside that next resume.

Malware Laced Resumes

Resume themed scams are on the rise in the US and this latest installment centers around the use of the ZLoader malware. As with many strains of malware, ZLoader is designed to steal credentials. These credentials can include stored passwords and browsing histories, but also banking credentials. And what’s most concerning is that many of these infected resumes are being sent to financial institutions.

But what exactly do these compromised resumes look like? And how are they activated? Well, this is what happens:

  1. Recipient receives an email with a title along the lines of “Job Application” or “Advertised Job”.
  1. Upon opening the email, the recipient is encouraged to open an attached Excel document which claims to be a resume.
  1. If the Excel document is opened, the recipient is then prompted to activate a macro to enable the content.
  1. Unfortunately, activating the macro will only enable a download of the ZLoader malware to the recipient’s PC.
  1. One of ZLoader’s main attack strategies is to infect systems with a malicious app called Zeus which can record keystrokes and steal banking information.

How to Tackle Suspicious Resumes

ZLoader is a form of malware which has been around for several years now. And, thankfully, this means that many anti-malware tools are effective at identifying it and eliminating it. However, if ZLoader is only active for a few minutes it can steal valuable and damaging information. Therefore, it’s always advisable to practice the following:

  • Be Wary of Attachments: Even the most trusted source can be compromised and at the mercy of digital attacks. Say, for example, you receive a resume from a friend – does this mean you should open it without a second thought? The answer is no and this is because your friend’s email address could easily have been hacked. All email attachments should, as a result, be scanned with anti-virus software or checked by an IT professional. 
  • Never Enable Macros: A macro can be very useful for automating certain processes and features in an Office document. But this also makes them perfect for launching malware attacks. If you are ever prompted to enable a macro within an Office document you should verify that it is safe to run. And, again, this should be verified by an IT professional who will have more experience with malicious macros.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

How to Work Safely on your Home PC

coronavirus, IT Best Practices, Ophtek, PC Server, Security, Tech Support, Updates, , , ,
09
Jun 2020

Workplace PCs tend to be more protected than those found in our homes. Therefore, you need to make sure you always work safely on your home PC.

With remote working on the rise, due to the coronavirus pandemic, it’s important that we don’t take our eye off the ball when it comes to security. Organizations, naturally, have more finances to invest and enhanced IT expertise, but it’s still easy to stay safe at home. All you need to do is know how to protect yourself. And, to get you started, we’re going to share some fantastic ways to make sure you remain safe.

Working Safely on your Home PC

Safety on your home PC can be achieved quickly and easily by following these best practices:

  • Implement All Updates: Software and hardware updates are crucial when it comes to getting the best IT experience. And, of course, they maximize your security. This is why you need to install all updates as soon as possible. Sometimes these updates will be automatic, but they will often need direct authorization from the user. Either way, the install process is simple and requires little more than a short wait. 

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

The Best IT Home Checkup for Your PC

Network, Ophtek, pc checkup, Security, working from home, , , ,
21
Apr 2020

Millions of workers are now self-isolating and that means working from home for many people. But how do you make sure that your PC at home is healthy?

The luxury of working from an office is that the equipment there is regularly maintained and fairly new. However, when you have to work from home you will soon realize that your own equipment isn’t in the same shape. We’re all guilty of being a little lazy when we get home and IT maintenance certainly isn’t at the top of most people’s lists. But a little effort goes a long way when it comes to maintaining a PC.

And, best of all, you don’t need to be a fully trained IT technician to carry out a home checkup. In fact, it’s quick and easy as we’re about to show you.

 

How to Maintain Your PC with a Home Checkup

Working from home on your own PC is convenient, but it also puts you and your organization at risk. Therefore, make sure you maximize your productivity and safety by carrying out the following:

  • Install all Updates: We have a habit of ignoring PC updates at home as they get in the way of loading up Netflix. However, it’s important that complacency doesn’t creep into your IT activities at home. You need to make sure that all your software is up to date with the latest patches and firmware. Not only will this ensure that your software is secure, but it will enhance the functionality of your software. Most software will have an auto-update feature, so it’s crucial that this is activated. 
  • Check Your Router: The internet is vital when it comes to remote working. Without an internet connection you won’t be able to connect to your organization’s network. And this will leave you without any of the resources you need. So, it’s essential that your router is working and secure. A good connection is paramount, so you may need to adjust your router position to maximize the signal. And, to safeguard the security of your router, remove any default passwords and create something unique. 
  • Use Security Software: If you haven’t already got security software in place then this needs to be made a priority. It will protect your PC and, if you’re working remotely, strengthen the security of any connections to your business. There are a wide range of options when it comes to security software, so it can be daunting choosing one. It’s recommended that you stick to the industry leaders, so make a beeline to software developed by Kaspersky, McAfee and AVG. And you can rest assured that they provide plenty of free software.

Final Thoughts

The challenges of working from home are likely to be new for many employees. Thankfully, advances in technology mean that this is easier than ever. But you need to make sure that your PC at home is in excellent shape. It is, after all, your most valuable tool when it comes to working remotely. So, to guarantee a PC that is firing on all cylinders, you need to take note of the tips above.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 10 11 12 13 14 48