14
Aug, 2017
phishers_man_400.jpg

Someone’s Trying To Phish You… Do You Play Along?

phishers_man_400.jpg

Phishing scams have been popping up for years–their most infamous attack vector has even become a punchline: some long-lost relative stuck in a far-off country suddenly reaches out, offering riches, but only if so-much money is provided first. People from all walks of life have been duped by these scams, and while not all of them are this transparent, most are pretty easy to spot.

There may be some temptation to strike back in retribution against the criminal who targeted you, in the form of driving them crazy by wasting their time. Unfortunately, as tempting as such activities may be, they are not a good idea. Take it from the cyber security researchers who have tried–cybercriminals do not take well to mockery, or having their time wasted. A researcher from Malwarebytes, Jerome Segura, found out firsthand when he used a virtual machine to follow a scam to see where it would lead.’

With his device recording everything that played out, Segura first interacted with a female who claimed to have found many, many issues on his device that needed to be resolved before his system was corrupted. Not only that, but Segura was told that his software warranty had recently expired, and he would have to pay the $299 renewal fee to another representative.

Of course, Segura didn’t supply the correct payment credentials, which tipped off the hackers. The hackers then seized control of Segura’s computer, deleting all of his files and his Ethernet adapter driver before calling Segura a rude word and disconnecting.

While these sorts of stories may seem comical in hindsight, they are no laughing matter. This is especially true when things get much more serious.

Take Jakob Dulisse’s story. The wildlife photographer received a call to his home in British Columbia from “Windows Technical Support” in Los Angeles. Coming to the conclusion that this was an attempt to scam him, Dulisse played along before accusing the caller of being “a scammer, a thief, and a bad person.”

The person on the line did not react well at all. Describing himself as a killer, the caller claimed that his group had people in Canada who would cut their victims into pieces and dispose of them in the river.

Other scammers will simply install remote access software as their target decides to mess with them, opening the door for them to come back later, as other cyber security professionals have found.

It is important to remember that these are, in fact, professionals, which means they are better equipped to deal with such threats. It is their job to discover what means of attack cyber criminals are using, and share the best response. This is not how the average business user should handle this situation, the business owner should file a report with the authorities and alert both their Internet service provider and their managed service provider.

An MSP can help make sure that you are fully prepared to handle any cyber security threat that darkens your business’ door. Give NuTech Services a call at 810.230.9455 today.

1
May, 2017
employee_misuse_causes_problems_400.jpg

Study Finds Social Media Phishing Scams to Be the Most Dangerous

employee_misuse_causes_problems_400.jpg

Ordinary fishing, where you hope for a simple-minded fish to latch onto your hook, relies on using a proper lure. The same can be said for the virtual method of phishing, where a hacker will use a similar type of “lure” to convince the target to bite. These phishing scams are especially useful for hackers who want to take advantage of social media to find new targets. A recent study has shown that this is a surprisingly effective method of phishing.

A report from phishd by MWR InfoSecurity orchestrated a simulated phishing attack that attempted to target a million users. ITProPortal told of their findings: “Almost a quarter of users clicked a link to be taken to a fake login screen. Out of that number, more than half (54 percent) provided user credentials, and 80 percent downloaded a file.”

This means that about 10 percent of users fell victim to the first two stages of the simulation and gave up their account credentials. Now, compare this rate to how often a normal scam, like spam, accomplishes its goal. While the typical spam message will only have a fraction of a percentage point rate of success, social media provides a substantially larger chance of success to hackers.

James Moore, the Managing Director of phishd by MWR InfoSecurity, states: “More concerning is that out of those targeted with a social media request or a promotional offer, more than 10 percent downloaded a potentially malicious file via their corporate email accounts.” This is especially a problem, as there are so many people who connect their social media accounts to their work accounts–risky business for any organization that wants to avoid a critical data breach.

If anything, this study shows why your business needs to keep data safe. This includes being capable of identifying phishing scams and responding to them properly, but also the implementation of security tools like antivirus, spam blocking, and content filtering. If you’re very concerned about social media phishing, you can go so far as to block social media websites completely on your network. Additional measures such as comprehensive training can help your users identify phishing attacks both in and out of the office, on a variety of platforms. Often times, the lures used by hackers can be so tantalizing that they’re able to bypass your security, so the only thing standing between you and a data breach is the knowledge you’ve imparted to your users.

You can’t trust anyone on the Internet, be it a new friend on social media, a new entry into your address book, or a seemingly-legitimate website. You have to be ready for anything, but this can be a daunting task. Thankfully, you don’t have to endure it alone. With NuTech Services by your side, you’ll be prepared to handle any cyber threat. To learn more about what we can offer your business, reach out to us at 810.230.9455.