Phising, Vishing & Smishing: Don't be a Victim

The title of this article may sound like a bad Dr. Seuss book, but the topic is far from child’s play. Since the beginning of time there has never been a shortage of criminals looking to dupe some unsuspecting person out of their money or belongings. While this tragic story never changes the methods that criminals use has evolved at the same pace of technology. The internet is very much like the early wild west and policing it isn’t an easy business for any country.

Never in human history has the world been so connected as it is today. Information is shared at the speed of thought which can be both a good and bad thing. All this connectivity makes it much easier for criminals to locate, pilfer, steal or extract vast amounts of personal information like email addresses, phone numbers and more. Social media platforms like Facebook and Instagram make it easier for thieves to find person data if your account isn’t properly protected or restricted.

The best attitude to adopt is one of suspicion when dealing with an unexpected email, phone call or text telling you that “you must take immediate action” or face penalties or imprisonment. If it seems fishy - go with your gut and don’t give these low-lives the time of day. They are very skilled with manipulating people into a false sense of trust to gain personal and financial information. Don’t be a victim!

Some of the latest trends include phishing, vishing and smishing. Arming yourself with knowledge on these latest threats can help keep you from becoming the next victim.

Phishing

The fraudulent practice of sending emails purporting to be from reputable companies/organizations to trick individuals into revealing personal information, such as passwords, bank accounts and credit card numbers.

Yes, people still fall for these type emails. Why? Hackers do their homework and have become very sophisticated in their attack methods. They will research an organization, many times from that organization's own website, figure out the chain of command and then attempt to send a spoofed email from what appears to be the CEO or top management to someone in the accounting department requesting a money transfer or credit card information. Many times, the email is so convincing that even the accounting folks miss the fact that it isn't legitimate.

How do you protect yourself from these type threats? In a word: Validation. If you receive an email and it seems to be an out of the ordinary request from a CEO or someone in management, simply pick up the phone and verbally confirm whether the request is legitimate or not.

Enhanced spam filtering is also an excellent way to help filter out deceptive emails. While there is no spam filtering solution that can catch every possible phishing email on the internet taking additional steps to help filter the junk out does reduce the chances of you or someone else in your family or company from being the next victim in line.  Keep in mind that hackers are constantly changing their phishing methods to circumvent spam filtering protocols.  Solutions like logimail can greatly reduce the chances of a scammer's email making it into your inbox.

Vishing

This is a form of phone fraud where a criminal will call you directly or indirectly using a robo-dialer, disguising themselves as a representative of a legitimate company/organization like Apple, Microsoft, the IRS, etc. in the hopes of fearing you into disclosing your personal information. They create a false sense of urgency as if your life or freedom literally depend on it.  It doesn’t.

Let’s face facts: The IRS will never call you stating you owe them money. They will always send a letter via snail mail. Microsoft is never going to call you directly about an infection on your PC.  Apple is never going to call your cell number and tell you that someone is trying to hack your account. You get the point. If you receive an unsolicited call from someone and can’t validate who is on the other end - just hang up! No one is coming to arrest you.

Be smarter than the criminals. If someone calls you saying they are calling for a family member that is in the hospital and needs cash transferred right away for an operation, your scam meter should be going off like crazy. Hang up and call that family member to make sure they are OK.  Trust me…they are OK.

If you are ever prompted to “Press 1 for an agent” or “Press to be removed from our call lists” - don’t press anything and hang up. Pressing a button can act as verification to a robo-dialer that it has reached a legitimate number. It can also act as a trigger for something other than what is being verbally stated (i.e., pressing 2 verifies that you want a certain service activated on your phone account). Simply hang up.

Don’t forget you can easily block a number on your connected device.  Below are links for doing this on an Apple or Android device.

How to block calls on an Apple device

How to block calls on an Android device

Smishing

This is a type of phishing attack be instead of targeting victims via email the scammers instead target mobile phone users by sending text messages that contain a website hyperlink. If clicked, it can deliver a payload/Trojan horse that can infect a mobile phone much the same way that a virus can infect a computer.

Criminals will also send text messages stating they are with a credit card company and that you are being penalized for late fees. Other will say “Congrats! You’ve just won blah, blah blah - just reply to this text…”. In short, the texts are used as bate to trick someone into clicking, replying or divulging personal information either directly or indirectly via an infection.

The simple rule to follow is that if you don’t know the text sender - delete the text. If your credit card company needs to reach you they will contact you via snail mail or via a verifiable phone number. If an offer seems too good to be true it is almost always is too good to be true.  Don’t forget you can also block the sender’s phone number.

Be wise. Be vigilant. Be smart.

Logical specializes in protecting our clients through managed services, spam filtering, antivirus solutions, backups and more. Give us a call at 615-446-9140 for a free, no obligation consultation on how we can help protect you from the bad guys.

 

Ransomware:  Your Only Proven Defense is a Good BDR Plan

You may be wondering what the heck "ransomware" is and why it should concern you.  Most folks using the internet these days are familiar with the term but may not realize how it can affect them personally or take their business network down.  The only thing worse than a ransomware attack are the criminals that perpetrate these acts and hold your data hostage for their personal gain.

Since 2012 there has been a significant rise in the number of ransomware attacks resulting in billions of dollars in damages and lost revenue.  Predictions show that ransomware related attacks will top $11.5 billion by 2019.  While the financial impact alone is staggering, what is even more alarming is the utter lack of regard for the consequences of these criminal acts against personal or even life threatening events.  News reports over the past few years about hospitals and police departments being hit with ransomware infections and their ability to not provide their services could have resulted in loss of life.

Ransomware is not just a simple, one type infection.  It is a consortium of viruses with the purpose of encrypting data on a computer and then the attempt to extort money by the deplorable theif from the victim to "purchase" the decryption key.  As antivirus/anti-malware makers like Webroot, Symantec and others attempt to combat ransomware from taking over a computer and preventing the infection from encrypting files, criminals are evermore at work on variants of their infections to circumvent antivirus/anti-malware programs.

Recent studies have shown that an estimated 29,000 new ransomware variants are released each month.  The sheer numbers alone make it hard for any antivirus/anti-malware maker to keep us with these ever changing threats.  The deployment of these variants can come in the form of email from a trusted source, infected USB thumb drive, an infected website - even employee's searching the internet for legitimate information and being redirected to an infected website, social media sites, etc.  The list of entry points for the infection is endless.

So how do you protect your personal or business data from these type infections?  The simple but crucial answer is through a good backup, disaster and recovery (BDR) plan.  The only definitive way to ensure you can recover your data after an attack is to restore from a backup.  Yes, this requires careful planning, a proper backup solution, test restores, etc.  Relying on a criminal to provide the decryption keys even if you pay the ransom is not a strategic recovery plan.  After all, these are crooks with no morals or ethics so relying on them to "do the right thing" after paying the ransom is haphazard at best.

Want to ensure you are protected with a good BDR and business continuity plan? No problem!  Logical can assist with implementing a proper solution that protects your data, ensures you can recover quickly from an attack if it becomes necessary and prevent you from becoming a victim of data and revenue loss.  Give us a call today at 615-446-9140 and ask how we can help protect you.  You can also send us request from our Contact page.

What's All This "Cloud" Stuff About?

So you are asking yourself what all this cloud mumbo-jumbo is that you've been hearing about lately.  To be honest the concept is not a new one.  All of us have been working in the cloud in one way or another for many years now. 

The term "cloud" is just a fancy way of saying "internet".  Anyone that has used Hotmail, Gmail, etc. has already been using cloud computing.  Even Facebook is considered a cloud based application.  Although cloud computing is an emerging field of computer science, the idea has been around for a while now. It's called cloud computing because the data and applications exist on a "cloud" of internet based servers.

 Of course, cloud computing has become much more than just email or social networking.  Entire companies are moving their once locally hosted servers to cloud based servers.  The reasons for moving one's data and sharing infrastructure to the cloud include:

  • Instant availability: Information can be accessed from anywhere in the world with an internet connection.
  • Reduced cost of ownership: Instead of owning the server equipment you instead lease a portion of a server to host your data.
  • Flexibility: Easy add additional storage and features whenever necessary.
  • Data redundancy: Your data is stored across multiple servers to ensure maximum uptime.

While cloud computing has gained a lot of momentum over the past few years it is important to remember that the cloud isn't a one size fits all solution.  There are some draw backs to letting your data live in the cloud to include: 

  • High speed internet availability: You must have a reasonably fast and reliable internet connection.  This is not always a possibility in rural areas where T1 lines or extremely expensive fiber line are your only options.
  • Internet connection redundancy: Since all of your data will be stored in the cloud a redundant internet connection from a separate provider will be required to ensure your data is always available.
  • Loss of control: Hosting your data on cloud based servers means that you are relinquishing direct control of your data and servers.
  • Hidden cost of cloud computing: While cloud pricing models appear simple on the front end there are many considerations to take into account including how much storage you will need, how you are billed for accessing your stored information, active directory security needs, etc.

Living in the cloud, like any technology solution, has it pros and cons.  Careful planning and consideration must be given when contemplating a move to the cloud.  In many instances an on-premise/cloud hybrid solution makes the most sense for both local network security and offsite accessibility and redundancy.

If you're considering a move to the cloud then you need to give us a call.  We can help formulate the best success strategy for living in the cloud and assist with putting a solution into place that makes the most logical, economical and functional sense for your business.

Give us a call today at 615-446-9140 for a free, no obligation cloud consultation.