PhishingScams Archives

New phishing scam is smarter than ever… here’s how to protect your business

Lindy / 25 November 2024

November 25th 2024 By Matthew Phillips New phishing scam is smarter than ever… here’s how to protect your business Microsoft is warning business owners about a new type of phishing scam (where cyber criminals pose as a trusted source to trick you into giving away login info), which uses popular cloud services like SharePoint and OneDrive. Although these platforms are usually safe, scammers have figured out how to trick privacy settings to get past security checks. The scammers hack your cloud storage by stealing your login details or buying them on the black market. Once they get inside, they upload a file that is designed to look authentic – like a fake Microsoft 365 login page. They set the file to “view-only” or limit access to specific people, such as you and your team. https://player.vimeo.com/video/1024781817? Opening these files or following any links inside the emails could cause serious damage to your business. Scammers can use your information to access your systems, or they can install malware (malicious software) that lets them cause disruption and steal information. Recovering from these kinds of attacks can be expensive and time-consuming – not to mention the damage it could do to your business’s reputation. Make sure your employees are aware of this new threat and know to be cautious when opening emails, even if they appear to come from a trusted service. Before opening any shared files, double-check the sender’s identity. If something feels off, contact the sender directly to verify it. Make sure you use multi-factor authentication (MFA) across all your team’s devices. This adds an extra layer of security by requiring a second piece of information (like a code sent to your phone) along with your password. Also, keep your security software up to date so that it’s always ready to block the latest types of attack. Would you like our help protecting your business with added security, training, and monitoring? Get in touch. Published with permission from Your Tech Updates.

Uncategorised

Beware this malware: It “annoys” you into handing over login details

Lindy / 4 November 2024

November 4th 2024 By Matthew Phillips Beware this malware: It “annoys” you into handing over login details How cautious are you and your team with online security? You know about phishing scams, dodgy downloads, and not clicking suspicious links, right? But an even sneakier new malware (that’s malicious software) wants to frustrate you into giving up your Google login details. https://player.vimeo.com/video/1021770204? The malware doesn’t have a catchy name yet, but it’s part of a larger threat known as “Amadey”, and it’s been on the rise since August. It forces your PC into something called “kiosk mode” (a setting often used on public computers that only lets you access one window). This allows it to lock your browser in full screen mode, hiding all your usual navigation buttons like the address bar and menus. Then you get sent to a fake Google password reset page. Normally, you’d just hit the Esc or F11 keys to get out of full screen mode, right? Well, not this time. It won’t work if the malware has infected your PC. It wants to confuse you into thinking you must enter your password to solve the problem. The password reset page will look like a real Google page. But the second you type in your details, they’ll be stolen by a second piece of malware hiding in the background, falling right into the hands of cyber criminals. Pretty scary stuff. But here’s the good news: You can break free without giving up your details. If your browser gets stuck in full screen mode, try hitting ALT+TAB to switch tasks, or ALT+F4 to force the window to close. Otherwise, try closing it through your task manager (CTRL+ALT+DELETE). If all else fails, just restart your PC by holding down the power button or unplugging it, then get an expert (like us) to look at the malware. Prevention is always the best approach, though. Be wary if your computer starts behaving strangely, especially if your browser suddenly goes into full screen mode and won’t let you navigate away. Avoid clicking on suspicious links or downloading attachments you aren’t sure about. And as tempting as it might be to get past an annoying screen, never enter your password unless you’re 100% sure the website is legit. If you’d like us to teach your team how to avoid the latest scams, we can help. Get in touch. Published with permission from Your Tech Updates.

Uncategorised

Is this the most dangerous phishing scam yet?

Lindy / 8 April 2024

April 8th 2024 By Matthew Phillips Is this the most dangerous phishing scam yet? Picture this: You’re going about your day, checking your emails, when suddenly you see a message from a company you trust. You think, “Great! That’s safe to read”. But hold on just one minute… this email is not what it seems. It’s part of yet another scam created by cyber criminals to trick you into clicking malicious links or giving up sensitive info. It’s called “SubdoMailing,” and it’s as dangerous as it sounds. What’s the deal? Just like regular phishing attacks, cyber criminals pretend to be trusted brands. But here’s how it works: These cyber criminals scour the internet for subdomains of reputable companies. You know those extra bits in a web address that come before the main domain? Such as experience.trustedbrand.com. That ‘experience’ bit is the subdomain. They find a subdomain that the brand is no longer using and is still pointing to an external domain that’s no longer registered. Then they buy the domain and set up the scam website. So, you believe you’re clicking on experience.trustedbrand.com… but you have no idea it automatically redirects to scamwebsite.com. https://player.vimeo.com/video/925100727? The criminals are sending out five million emails a day targeting people in businesses just like yours. And because these emails are coming from what seems like a legit source, they often sail right past usual security checks and land in your inbox. Here’s our advice to keep you and your data safe and sound: Be wary of any emails that seem even remotely suspicious. If something looks fishy, it probably is. Before clicking on any links or downloading any attachments, take a moment to verify the sender. Look for red flags like spelling mistakes or unusual email addresses. Make sure your employees understand the latest phishing tactics and know how to spot a scam. A little knowledge goes a long way in keeping your company safe. Consider investing in top-notch security software to keep the cyber criminals at bay. It might seem like an extra expense, but trust us, it’s worth it. As always, if you need help with this or any other aspect of your email security, get in touch. Published with permission from Your Tech Updates.

Uncategorised

Cyber-attacks: Stronger, faster and more sophisticated

Lindy / 25 March 2024

March 25th 2024 By Matthew Phillips Cyber-attacks: Stronger, faster and more sophisticated A new security report has revealed some alarming trends. First off, cyber-attacks are becoming faster than ever. Breakout times (that’s the time it takes for a criminal to move within your network after first getting in) have dropped significantly. We’re talking an average of just 62 minutes compared to 84 minutes last year. This is not good news. Not only are these attacks faster, but they’re also becoming more common. The report has identified a whopping 34 new cyber-criminal groups, bringing the total to over 230 groups tracked by the company. https://player.vimeo.com/video/922457618? And guess what? These cyber criminals aren’t sitting around twiddling their thumbs. They’re getting smarter and more sophisticated. The report highlights a new record breakout time of just two minutes and seven seconds. That’s barely enough time to grab a coffee, let alone mount a defence. But here’s the real kicker: The human factor is increasingly becoming the main entry point for these cyber-attacks. They will try to get your people to click a link in a phishing email, which will take them to a fake login page. Once your employee enters their real login details, they have inadvertently handed them over. Or they pretend to be someone your team trusts. This is called social engineering. So, what can you do to protect your business from these cyber threats? Educate your employees Make sure your team is aware of the latest cyber threats and how to spot them. Regular training sessions can go a long way in preventing costly mistakes. Implement strong password policies Encourage the use of complex random passwords generated and remembered by password managers. Use multi-factor authentication for an added layer of security (this is where you use a second device to confirm it’s really you logging in). Keep your systems updated Make sure all software and systems are up to date with the latest security patches. Cyber criminals often exploit known vulnerabilities, so staying current is key. Invest in cyber security software Consider investing in reputable cyber security software that can help detect and mitigate threats in real-time (we can help with this). Back-up your data Regularly back-up your data and store it in a secure location. In the event of a cyber-attack, having backups can help minimise downtime and data loss. When it comes to cyber security, it’s better to be safe than sorry. If we can help you to stay better prepared, get in touch. Published with permission from Your Tech Updates.