cyber scams

7 tips to avoid scams on Black Friday or Cyber Monday

Black Friday and Cyber Monday are expected to draw in over 3 billion in online sales. With that much money as a target, its no wonder that cyber criminals have setup their own scams to help them cash in on the holiday season.

We have compiled a quick list of tips that you can use to protect yourself from online scams this holiday.

7 ways to protect yourself from online scams

1. Make sure you have a good anti-malware software software installed that offers website protection. A good example is Malwarebytes This will protect you in case you accidentally land on a site you shouldn’t be on. Also make sure the software is fully updated. A good anti-malware software can help catch scams before they do any damage to your computer.

2. Don’t use search engines like Google to find the best deals. Go directly to the websites of the stores themselves.

3. Don’t fall for great deal scams on Facebook. With all the hubbub about fake news on Facebook, the same goes for fake deals. If its too good to be true, it probably is. Go look for the deal on the actual company’s website and if you see it there, then you’re safe.

4. Use credit cards instead of debit cards when shopping online. Credit cards offer fraud protection and doesn’t actually touch your personal finances. However, a debit card is a direct connection to your bank account. It allows cyber criminals direct access to your account. While there is some level of fraud protection, the money is already gone and make take some time for the bank to replace it.

5. Make sure all sites that you purchase on are using HTTPS. This means that the sites are encrypted and your personal purchase details like your credit card information and address will be protected.

6. Do not open any Cyber Monday emails that you receive. Just go directly to the website of the company that you want to shop from. Emails can be phishing scams designed to lure you to an malicious site so that your computer can be infected with a virus.

7. Don’t click on online ads. An increasingly large amount of attackers are using ads as the main method of infecting users.

If you follow these steps, you will go a long way in protecting yourself against online attacks this holiday season.

 

mobile security

Are you suffering from security overload? New study suggests you are

First we had information overload because of the internet. There is so much information coming from so many sources that we got covered over in the avalanche of information. Now, according to a new study by Symatec, it seems consumers are suffering from security overload. the study found that 79% of consumers that they needed to protect the computers and other devices like mobile phones and tablets, 44% of them felt overwhelmed by the amount of data that they actually need to protect.

For example, its not as simple as protecting just your phone or computer. Do you use social media sites like Twitter and Facebook? What about online picture hosting sites like Instagram and Pinterest? many people put very personal and private information on these types of sites and don’t give a lot of thought to how it is protected. That’s because the security our personal data is now far more than just protecting our computers and phones. Our data can reside on dozens of services in the cloud. This is what is causing the security information overload – the sheer number of places we need to watch to protect our own information.

The report indicates that consumers tend to be naïve about what their devices are doing and what services they are connected to. Most believe that the devices already contain with security that is good enough to protect them. However, most consumer level devices have very poor levels of security for the purpose of making it easy for the consumer to use.

We have put together a list of recommendations that will help simply some of this for you.

  1. Use an online password security service like Lastpass. This will help you create very secure passwords for all of your online accounts like Facebook, your bank, email etc. This will also help you not to use the same password for multiple sites. That is a huge security weakness that is easily corrected.
  2. Secure your router at home. Make sure you change the default password and you use a strong password for your wireless network. You should also check to see if there are any updates available for your router from the manufacturer’s website.
  3. Be on the lookout for phishing emails. This is the most common form of attack for hackers today. This is when you receive an email that looks very official or real in some way. Examples may be emails from your bank or credit cards. The idea is that the email wants you to click on a link it provides. When you do, you will likely be infected with some form of virus and could also be taken to a bogus site where you will be instructed to change your password etc. This is a trick and most people fall for it. Be on the look out. The study found that 84% of consumers have likely already faced this threat.

You can read the whole report at Symantec’s site here.

If you are feeling overwhelmed with securing your device, give us a call at 770-506-4383 and we would be happy to show you just how you can make all of this a much easier process.

 

social engineering

These 5 social engineering tactics are how hackers trick you

No matter how advanced our computer security  technology is, the weakest point is still us, the users. Hackers can often bypass the best scrutiny with our help using our kindness, willingness to help and other parts of just being humans against us. This is known as social engineering and its one of the most difficult attacks to protect against.

What is social engineering?

Wikipedia defines social engineering as ” psychological manipulation of people into performing actions or divulging confidential information.” That means using low tech methods to get us to do things we wouldn’t normally do.

Here are some examples:

Your building uses key cards to access doors to the building. Someone will approach you as you enter carrying boxes and say they can’t reach their card and asking you to hold the door for them. The average person would be willing to help in situations like this, we’ve all been carrying boxes and needed help with the door.

You receive an email from the tech support at your company informing you of new password policies and asking you to click on a link to update your password to make it more complex. The email is addressed to you directly and appears to come from the correct email address for text support.

You receive a phone call from someone who claims to be from your bank informing you that there has been some suspicious activity on your bank account. They ask you to confirm some purchases that you don’t recognize. They tell you that they will be sending you an email with a link for you to change your online banking password.

These are all examples of how attackers can use social engineering to get you to do something you wouldn’t normally do.

 

The top 5 ways hackers use social engineering

  • Pretexting
  • Quid pro quo
  • Phishing
  • Tailgating
  • Baiting
Pretexting is where the attacker will pretend to be someone else and make contact with the victim. This may be via the phone or email. The attacker may pretend to be a representative of the government or authority so that the victim feels pressured to comply. They may pretend to be from your phone or internet company, or even your bank. Regardless, the focus of this attack is pretending to be someone from somewhere else in an effort to gain your trust so that you will reveal the information that they are seeking.

Quid pro quo is Latin for “this for that”. It means to offer you something, an incentive, in exchange for your help.

Phishing is becoming the most common form of attack and uses some of pretexting to be effective. It is the use of very carefully crafted emails that are sent to a target and gets the victim to click on links that in turn, will infect the target’s computer with malware.

Tailgating is following someone into a secured area, such the person carrying the boxes mentioned above. They use our willingness to help and to be kind as a way to get around security procedures.

Baiting is where an attacker will leave infected USB flash drives around in the hopes that a victim will plug them into a computer to see what is on them. They computer will then be infected and the attacker can begin his work.

We’ve outlined the most common forms of social engineering that an attacker will use to go after us, the users. By being on the look out for these types of attacks. you can help prevent yourself from being taken advantage of.

If you have any questions on this or want to make sure your own organization is protected from the most common attacks, please contact us at 770-506-4383 to schedule your free assessment.

 

How to tell if you have a computer virus

You may be thinking your computer is infected with a computer virus. Maybe your computer is slower than it used to be or you are seeing strange popups. Regardless, you’re concerned and want to know what to do. You’ve come to the right place. This article will give you a quick overview of just what an infection may look like and then how to diagnosis it for yourself.

Symptoms of a computer virus

There are many possible symptoms of a computer virus being on your computer. Here are a list of the most common ones:

  • Your computer is much slower than it used to be
  • There are lots of popup windows, some may even be for pornographic material
  • Your internet connection is very slow or even intermittent
  • Your files may be missing
  • Applications won’t start on your computer
  • Your antivirus software may have been disabled or even uninstalled
  • You see windows or applications using a language different than your own as if they have been changed
  • You lose control over your system and it starts to do things on its own. Sending emails, visiting websites etc.
  • You may receive very specific popup windows telling you that your computer is infected and offering to help you clean it

Steps to diagnose a computer virus

If you have any of the symptoms above and want to find out if you are indeed infected with a computer virus, follow these steps.

  1. Go to the Bitdefender Quickscan online site
  2. Click on the “Start Scanner” button
  3. Select “Scan now”

online-computer-virus-scan

 

 

 

 

 

 

 

 

 

 

 

 

 

 

We do not recommend Bitdefender products here. However, the reason we are recommending it for the purpose of diagnosing your computer is that it is one of the few online computer virus scanners that do not require you download anything.  It wills can your computer completely online. Most modern computer viruses would lock files form being downloaded and thus, prevent the scanner from working.

If you find out you do have a computer virus, its best to contact a computer virus specialist. Modern viruses can be very nasty and damaging to remove. h

computer virus

Computer virus forces hospitals to shut down systems and cancel operations

A computer virus attack forced three hospitals to shutdown their computer systems and go completely offline. This caused the cancellation of all routine operations and outpatient appointments.

A “major incident” was reported by both the Northern Lincolnshire and Goole NHS Foundation Trust. The cause was listed as a “computer virus” which infected its electronic systems this pas Sunday, 30 October 2016. To rid themselves of the virus attack, the hospital made the choice to take all of its computer offline. This allowed each computer and server to be cleaned of the virus.

Dr. Karen Dundersale, the chief executive of the Goole NHS Foundation Trust said, ” virus infected our electronic systems [on Sunday] and we have taken the decision, following expert advice, to shut down the majority of our systems so we can isolate and destroy it.” The BBC reports that this led both hospitals to completely cancel all operations. As of now, both hospitals  have yet to restore full operations to all departments.

Because of the attack, all outpatient appointments and diagnostic procedures that were scheduled at the infected hospitals on Monday and Tuesday were forced to be cancelled.  Medical emergencies such as  major trauma and women in high-risk labor were being diverted to neighboring hospitals.

At this time, we don’t have any information on the type of virus or malware that was used in the attack. We also don’t have any information on how it entered the internal systems of the hospitals. However, as the hospitals were both using a shared system, it was possible for both to be infected.

Hospitals becoming targets of virus attacks

This is similar to an incident in March of 2016 where MedStar Health Inc, a large hospital chain in the Washington DC area, was also forced offline. This case was more about ransomware and the hospital was forced to pay the attackers $17,000. But the end result was that attacks were able to force a hospital chain completely offline.They were denied access to their patient charts and couldn’t access anything including lab results, x-rays, or other procedures results.

Hospitals have become hot targets for hackers because they haven’t kept up with the times when it comes to security. While spending on technology has increased, especially in the area of electronic medical records, security has taken a back seat.

Steps to protect your practice or business from virus attacks

These types of attacks show just how vulnerable a hospital or doctor’s office is. When they are knocked offline and are denied access to medical records, that has massive implications. No longer is it just a computer system issue, lost revenues or time, now its people’s lives.

You can greatly reduce the chances of these types of attacks by controlling the main entry points of these types of attacks. They are:

  • Email phishing attacks – can be greatly reduced by educating employees and by using a strong spam filters
  • Infected USB drives – having anti-malware software installed that scans in real time can reduce this risk
  • Browsing unsafe sites or clicking on infected ads – anti-malware software usually also includes web surfing protection. But you can also obtain lists of dangerous sites and configure your firewall to block access to these types of sites or to filter malicious advertisements.

If you need help with any of these options for your own practice or business, please contact Iron Comet at 770-506-4383 or email us at support@ironcomet.com.

 

hacked

Your internet connected devices can be hacked in under 3 minutes

According to research done by Gartner, there are nearly 6 billion Internet of things (IoT) devices connected to the Internet today. Many manufacturers are sacrificing ease of use for security. These devices, in turn, are easy to hack and can be used to attack other devices. According to a recent report by Forescout, they can often be hacked in under three minutes. That creates two problems for the end user. The first issue is that criminals can access the device for their own reasons. And the second is that these devices can be used to attack parts of the Internet.

The attack on the Dyn DNS system a few weeks ago by over 10 of millions of these hacked devices, we are seeing a new wave in computer security.

But what does that mean for you and what types of devices are we talking about?

What are these hacked devices?

Most of these devices were internet cameras, digital video recorders for security systems, mobile phones, televisions, kitchen appliances, and other types of devices. Manufactures left default passwords in place and did not require the end user to change it. That made it easy for attackers to easily take over so many to use in these massive attacks. In addition, most of the devices were using outdated firmware, the software that actually runs the devices, and had many bugs and flaws in them.

Its not just the no name, unknown Chinese manufactured devices, its also some big names like Panasonic and Xerox.

The bad news for end users is once these devices are hacked, they often can’t be fixed by without sending the device back to the manufacturer. There the device will be formatted and reset.

Fortune magazine has an interesting article on the liability these companies be facing in the coming weeks and months since their poorly designed devices were used to do millions of dollars in damage.

What can you do to protect your own devices?

The first thing you need to do is to update your device’s firmware. These are usually available from the manufacturer’s website. Install the most recently available firmware for your device. After that, reset your default user name, if that is possible for your device. Lastly, the most important thing to change is the password. Doing these three things all but guarantees your security for now.

mobile security

Mobile security – Is your mobile phone being used to attack the Internet

Sometimes we get the question of why does my mobile phone need protection? Its just a phone right? Why do I need mobile security? Sometimes people also believe the same about their internet connected devices such as TVs and video cameras. But what many people might not realize is that any device that is attached to the Internet can be hacked into and used to attack other devices or computers on a network.

A recent attack on web hosting company Akami was performed using 145,000 web connected devices such as routers, phones, and cameras. Hackers had broken into networks world wide to take over these devices. Once they had built up and enormous collection, they were able to use the devices to attack Akami. Akami is a very large web hosting company and has enormous bandwidth resources of its own. But even they weren’t able to defend against such a massive attack that these hackers were able to perform.

So that’s the technical explanation of what happened. Here is what that means. hacker s broke into home routers like the kind you use for your DSL or cable connection. They took over these devices and then used them to send large amounts of random data to the Akami’s network. These devices also included mobile phones, network cameras, and network attached storage such as backup drives (not the USB kind). So once the attackers had taken over enough devices, in this case, 145,000 such devices. they were able to send enormous amounts of random data to Akami. Akami wasn’t able to block all of this data and eventually, it was knocked off the Internet. To be specific, it was a particular website that was being hosted by Akami that was being attacked.

How does this relate to mobile security and your personal phone?

Mobile phones are becoming much more complicated devices and now are basically tiny computers in our pockets. Add to that the fact that most are always connected to the Internet either via a WiFi or data connection and you can begin to see why this is an important issue. A device that is always on the Internet, lacks the protection software that almost all computers have installed, and gives no warning of when it has been infected? It’s a target too tempting for hackers to pass up. Its far easier to take over an unprotected mobile phone or internet camera than it is to take over a computer.

Mobile Security the easy way

This isn’t device specific, so I won’t be discussing iPhones vs Androids. Most of these tips will be useful for both devices.

  1. Install an antivirus package software. Most mobile security products will include antivirus, a firewall, and even a location service for your device. Install it and let it handle keeping your mobile phone secure.
  2. Never install software from sources that you don’t know. Generally this isn’t an issue, especially on Apple. But its still possible for people to get around this and install bad software. Make sure you only install software from either the Apple store or Google Play.
  3. Make frequent backups. Just in case something happens, you can always reset your phone to factory standards and then reinstall your data. This is more of a “Worst case mobile security” but its always best to have a plan B.

As we get more and more dependent on our phones, mobile security will become increasingly important. If you follow these basic steps, then you will go a very long way to making sure your phone is protected.

You can read all the details here at Healthcare IT news.

 

 

computer virus

Employees download viruses every four seconds

A new study released by internet security firm Checkpoint found that virus (malware) attacks increased a staggering 9 fold in 2016. At the current rate, virus outbreaks occur at a rate of 971 per hour. In 2015, it was 106.

Researchers discovered an amazing 12 million new variants of malware – each month. They have discovered more viruses in the last two years than in the previous 10 years. Employees are downloading new malware every 4 seconds onto corporate networks the study found.

The biggest target to attackers was healthcare records. These have the highest current value on the black market. They are currently valued at 10 times the value of credit cards or other financial data. The report found that 9% of all healthcare or insurance organizations had experienced a data loss as defined by HIPAA. For healthcare organizations, there was a 60 percent increase in security incidents in 2015. In the last year, the cost of these security incidents rose 282 percent.

The most common method of attack was found to be email. The virus would be allowed onto the network by employees clicking on links in malicious emails. 75 percent of the attacks used this form of entry to find there way into the corporate networks. Using this method, attackers were able to bypass corporate firewalls a whopping 39 percent of the time. In 85 percent of those cases in the study, the breach wasn’t even discovered until after the organization was already compromised.

The study found that most organizations weren’t keeping up with security updates for the anti-virus software  and other software like Windows and electronic medical records.

 

How can you protect your business from virus attacks?

The first step is keeping all of your software fully updated. This includes Windows and all other critical software such as electronic medical records and accounting packages. These updates fix bugs and holes that have been found in the software. That’s why its so important to download and install them.

Install a virus protection software the scans in real time. This will protect against attacks like malicious email attacks. Most free anti-virus software doesn’t offer this feature. The anti-virus software must also be kept up to date.

Lastly, you can educate your employees about clicking on links in email that they aren’t sure about. If they are in doubt, don’t click it. Better safe than sorry.

 

If you need any help on this or have questions, contact Iron Comet at 770-506-4383 and we can give you a run down on how you can protect your company, free of charge.

 

 

 

 

500 MILLION Yahoo accounts stolen

yahoo-hacked

What happened?

Yahoo confirmed late Thursday that they had been breached. Data from 500 million accounts was stolen. Yahoo claims it was a victim of a state sponsored attack, or a foreign government was responsible for the theft. Here is the part that is so terrible. The breach occurred in late 2014 but Yahoo is just now releasing the information.

 

What does this mean to you?

“The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers,” Yahoo said in a statement.

This means a good deal of your personal information has been stolen if you have a Yahoo account. The good thing is that no financial data like credit card numbers or banking information was stolen.

 

What do you need to do now?

Log into your Yahoo account and immediately change your password. Make sure it’s a complex password using both upper and lower letters, numbers, and special characters like !@#$%%.

Also change your security questions. These are the questions that you can use to reset your password if its lost. Changing only your password won’t be enough. You must also change these questions since the those that stole the data could just use these questions to reset your changed password.

If you  use the same security questions and answers for other online accounts, you will need to change those as well.  With that information, hackers could use the information taken from Yahoo to gain access to your other online accounts. These accounts could contain even more sensitive information.

Don’t choose obvious questions and don’t use answers that are easily found about you during an online search like Google, social media sites, etc.

Here are step by step instructions on how to do this from Yahoo.

You can also enable two-factor authentication. A password alone isn’t a strongest defense you can have for your accounts. Most services like Google, Facebook, and Yahoo offer two-factor authentication. This is a second code that is generated only once and can only be used at that moment to log into your account. The code will usually be sent to your mobile phone via text message. Yahoo is

Yahoo has recommended that everyone enable two-factor authentication using the Yahoo Account Key. Using this will eliminate the need to memorize your Yahoo account password.

 

If you’d like more information on what may be the largest data breach of all time, head over to CNN for all the details.