With holiday’s right around the corner, this makes for a scammer’s perfect opportunity to conduct phishing scams. Researchers have stated that this year, phishing scams are going to increase significantly. More phishing scams are done via mobile devices, making it easier than ever to have your information stolen. But how do we protect ourselves during this vulnerable time?
Phishing Scams
Phishing scams are intensified during the holiday season due to the high traffic of online shoppers and the urge for people to look for deals. One popular way scammers do this is by sending emails or text messages about an offer that is too good to be passed up. For example, they list a popular technology device for cheap. Most people would just look at the price and proceed with the scam. Another scam is when they mimic bigger companies online to get credit card information or being able to log onto the device when a certain URL is clicked. These mainly happen through emails. They might send an email about a recent fake purchase to get you to click on the URL. These scams are going unnoticed and can do lots of harm. It is important to know how to prevent these scams and protect your information.
Prevention
It is inevitable that these scams will make their way to you. One way to identify a scam is to check the grammar of the message. Usually scams will be misspelled or the message came from a third party source. This is the easiest way to quickly identify the scam.
Be cautious about providing personal information such as phone numbers or credit card numbers. Make sure before you provide information that it is a reliable and trustworthy source.
If a phishing scam is sent to you, it is best to not respond. A response to these scams lets the scammer know you are a ‘real’ person and will likely be targeted again. If this does happen, there is an option to report the scam to the Spam Reporting Service.
Holidays make for a great time to buy gifts for loved ones, but this also means it is more likely to come across a phishing scam. It is important to know how to identify the scam and how to prevent and protect yourself.
Scams can be irritating and hard to effectively prevent them. WesTec services can help you in any way. We offer skilled expertise in all technologies and are ready to help. Contact us for any further information on phishing and how to protect yourself.
As we make new advancements in internet technology, hackers are getting smarter! Therefore, it is crucial that you stay informed on emerging cybersecurity threats. WesTec Services has compiled a list of cybersecurity threats to be aware of:
Cloud Jacking
As remote work has become more popular and necessary as a result of COVID-19, cloud jacking has become more prevalent. Cloud jacking occurs when a hacker gains access to your cloud server. Often, hackers will hijack cloud accounts to steal identities and conduct unauthorized or illegal activities. Cloud jacking should not be taken lightly, especially if you store sensitive, confidential information on your cloud server.
Endpoints
In the past, centralized security measures were enough to protect a network from security breaches. However, the introduction of mobile phones and laptops posed new security threats — and brought awareness to security vulnerabilities (or “endpoints”). Using encryption, endpoint security seals any vulnerabilities in a network’s connection. This additional layer of security protects against threats if an infected device connects to the network. However, with the rise of remote work, we are seeing an increase in endpoint interception, as many are using mobile devices and laptops on networks that are not secure.
Phishing
Phishing is still alive and well in 2020! Hackers are now targeting small businesses with spam emails. These emails will appear to be from companies that sell a product or service that may be of interest to small businesses — and of course, upon the user clicking a link or downloading a file, their computer has been infected. Furthermore, some emails will provide a link that prompts the user to enter their log-in credentials for a familiar website, while even displaying a reCaptcha security pop-up to appear more credible and secure.
It is important to use the internet with care. Cybersecurity threats can cause a variety of issues for your business, ranging from system failure to productivity loss. At WesTec Services, we believe there is power in educating yourself. As a business owner, you should familiarize yourself with potential threats and educate your employees on internet safety. Have questions about cybersecurity? Contact us today!
Are you sure that email came from a real company? Individuals are commonly targeted by cybercriminals claiming to be a large organization, copying the format legitimate companies and phishing for personal information.
This poses a real security threat to recipients but thankfully, there are steps you can take to spot phishing attempts:
Recognize
When it comes to identifying phishing attempts, there are a few important things to learn. Scammers are constantly switching tactics and creating new ways to trick email recipients.
Upon receiving a possible phishing email, check the sender for a domain email. If you have received an email from the person before, check to make sure alterations have not been made to the spelling of the name or email domain. Many scammers adjust a number or letter in the email to trick the recipient.
Real companies will not ask you for sensitive information over email. Most legitimate companies will call you by your name in the email, redirect you to a secure webpage, and ask you to log in before asking for or updating sensitive information.
Protect
Install proper security measures on your personal computer. While spam filters attempt to sort legitimate emails in your inbox, cybercriminals try new methods to slip through the cracks and outsmart this system.
If your email account or other websites offer a multi-step authentication option to prove your identity before accessing your information, always take advantage of this. Take any extra opportunities to better secure your data and ensure it cannot fall into the wrong hands.
In cases where you are unsure about the legitimacy of a message and files or hyperlinks are included, do not click on or open them. These often contain malicious software that attack your computer and gain access to information.
Report
If you find yourself in a situation with what you believe to be a phishing scam, contact the company using an email or number you know to be real. The company could confirm if that email was truly sent by them or not.
If you have received a phishing email, forward it to the Anti-Phishing Working Group at reportphishing@apwg.org. You may also report the phishing attack to the FTC at ftc.gov/complaint.
For your business technology needs, WesTec Services is here to provide the security and support you need. Contact us by phone at (713) 682-4000 or by email at sales@westecservices.net to discuss what we can do for you.
As we discussed in a previous article, phishing is an attack that uses disguised emails as weapons aimed at masses of people. However, spear-phishing is a targeted attempt to steal sensitive information from a specific victim, such as account credentials or financial information.
During a spear-phishing attack, the perpetrator attempts to acquire personal details on the victim’s friends, hometown, employer, hang-outs, and their recent online purchases. This is typically done by disguising themselves as a trustworthy friend or entity through email, social media, phone calls, or text messages.
Because spear-phishing is the most successful form of acquiring confidential information online, it is important to practice how to avoid an attack. 1. Beware what you post: Review your online profiles. How much personal information is available for potential attackers to view? If there is something you do not want the public to see, delete it, or ensure your privacy settings are properly configured. 2. Use smart passwords: It is not wise to use the password for every account you own. In this case, if an attacker has access to one account, they effectively have access to all of your accounts. Passwords with random phrases, letters, and numbers are secure. 3. Use logic with emails: If an organization sends you a link in an email requesting a specific action or sort of personal information, go directly to the organization’s site rather than clicking on the link. Calling the organization can also help clarify the issue. Real businesses will not email you asking for your username and password. 4. Update your software: Software systems include security updates that should help protect you from spear-phishing attacks, as well as others. If you receive notice of a new update, be sure to take advantage, or enable automatic updates.
To learn more about how you can protect your data or sensitive information, contact the experts at WesTec.
Phishing is defined as a cyber attack that uses disguised emails as weapons. Hackers try to trick email recipients into clicking links or attachments they designed to steal personal information.
What is Phishing?
Here’s an analogy to better understand: Imagine a fisherman baiting a hook and tossing it into a lake in hopes of getting a bite. If a fish bites, the fisherman reels it in. But, if it doesn’t, the fisherman fails and the fish keeps swimming.Phishing is the same way. A cybercriminal can only gain access to your accounts or information if you fall for the bait. For example, a hacker might design an email disguised as your bank telling you your account has been compromised. They ask you to click on a link to verify your identity. If you click on the link and fill out the information, you have now provided them with the information to access your finances.
Types of Phishing
Hackers attempt to get victims to do one of two things to get what they want. Some cybercriminals try to trick you into giving up your information. This is similar to the bank example above. Other hackers prefer to have you download malware. Often, these types of emails will include a download attachment, often a .zip file or Microsoft document, embedded with malicious code.
How to Prevent Phishing Attacks
If you know how to spot a phishing attempt, you can avoid compromising your data and report it to the Federal Trade Commission. Here are the steps you can follow to confirm the identity of an email sender:
Always check the spelling of URLs in email links before you click
Watch out for URL redirects, where hackers sent you to a different website with identical design
If you receive a suspicious email from a source you know, contact them with a new email, rather than replying
To learn more about how you can protect your data and sensitive information, contact the experts at WesTec.
Anglers catch fish by dangling bait in front of their victims, and hackers use the same strategy to trick your employees. There’s a new phishing scam making the rounds and the digital bait is almost impossible to distinguish from the real thing. Here are the three things to watch out for in Office 365 scams.
Step 1 – Invitation to collaborate email
The first thing victims receive from hackers is a message that looks identical to an email from Microsoft’s file sharing platform SharePoint. It says, “John Doe has sent you a file, to view it click the link below…”
In most cases, the sender will be an unfamiliar name. However, some hackers research your organization to make the email more convincing.
Step 2 – Fake file sharing portal
Clicking the link opens a SharePoint file that looks like another trusted invitation from a Microsoft app, usually OneDrive. This is a big red flag since there’s no reason to send an email containing a link to a page with nothing but another link.
Step 2 allows hackers to evade Outlook’s security scans, which monitor links inside emails for possible phishing scams. But Outlook’s current features cannot scan the text within a file linked in the email. Once you’ve opened the file, SharePoint has almost no way to flag suspicious links.
Step 3 – Fake Office 365 login page
The malicious link in Step 2 leads to an almost perfect replica of an Office 365 login page, managed by whoever sent the email in Step 1. If you enter your username and password on this page, all your Office 365 documents will be compromised.
Microsoft has designed hundreds of cybersecurity features to prevent phishing scams and a solution to this problem is likely on the way. Until then, you can stay safe with these simple rules:
Check the sender’s address every time you receive an email. You might not notice the number one in this email at first glance: johndoe@gma1l.com.
Confirm with the sender that the links inside the shared document are safe.
Open cloud files by typing in the correct address and checking your sharing notifications to avoid fake collaboration invitations.
Double check a site’s URL before entering your password. A zero can look very similar to the letter ‘o’ (e.g. 0ffice.com/signin).
Third-party IT solutions exist to prevent these types of scams, but setting them up and keeping them running requires a lot of time and attention. Give us a call today for information about our unlimited support plans for Microsoft products.
Published with permission from TechAdvisory.org. Source.
Mission: WesTec will be a “turn-key” solution for all of its clients’ business connectivity needs. It will offer efficient and effective solutions, directly and with strategic partners, that create tangible value for its clients at every point of contact. Westec will serve all people and entities with a servant’s heart.
Get in touch
2916 West TC Jester Blvd.,
Suite 104
Houston, TX 77018