Apple plans to announce their newest models of the iPhone on September 10, which has millions eager to see their newest offering. Among those millions are cyber criminals looking to take advantage of the latest trend.
As Merianne Polintan writes for TrendMicro, phishing emails promising free, new iPhones have already begun to show up in some users inboxes. Most of these early occurrences were spotted in SouthEast Asia, but users in the US should also be on the lookout.
The iPhone phishing email looks like it’s sent to you from the Apple Store. The message tells you that your email has won in a drawing and you’re entitled to a new iPhone 5S. You’re then asked to log in at the link provided to claim your prize.
If you look closely at these emails, you’ll notice the tell-tale signs of a scam. For example, there are a number of spelling or grammatical errors. You’ll also likely find that although the sender is identified as “Apple Store”, the actual email address is probably not “@Apple.com”.
So, unfortunately, you didn’t win a new iPhone. By avoiding this scam, however, you will at least keep your identity from being stolen.
To improve the spam filter on your email or improve the security on any of your devices, contact Geek Rescue at 918-369-4335. We keep you safe from malware, viruses, phishing scams and spam emails.
You’ve probably heard of phishing and even spear phishing. But have you heard of smishing?
Criminals are using text messages, or SMS, to send phishing scams directly to your smartphone. Dubbed smishing by some, it’s another way for hackers to steal your money, information or monitor your activity.
Just like phishing and spear phishing, smishing relies on social engineering to play on your fears. Most smishing messages offer you money or gift cards, or claim to be your bank or credit card company.
About.com’s Andy O’Donnell published some tips to help you avoid becoming a victim of a smishing scam.
Know Your Bank’s Texting Policy
If your bank sends you a text regularly, it might be harder to decide when it isn’t legitimate. However, if you’ve never received a text from your bank before, you should be extremely wary when a text from a bank shows up on your phone. This goes for any accounts you have with any company. If a text comes to you, don’t respond to it. Instead, look up the customer service number for that business and contact them directly.
Beware 4-digit Numbers
When an email-to-text service is used, a 4-digit number will usually be shown as the sender. Not all email-to-text users are malicious, but criminals use them to mask their actual location. If you get a text from someone without a typical phone number, be extra cautious.
Use The Text Alias Feature
If you seem to be getting a lot of spam texts, or just don’t want to worry about them, your phone provider likely offers a text alias feature. This allows you to use an alias number to send and receive text messages and you can then block texts from coming to your actual number. This alias will only be known to those you give it out to, so scammers won’t have access to it.
Block Internet Texts
As mentioned earlier, email-to text and other internet text relay services help scammers mask their identity and allows them to send a high volume of messages. Your cell phone provider will allow you to block all texts coming from these services. This will reduce the number of smishing texts you receive, but you might also miss out on legitimate texts from companies using these services.
Putting additional security on your mobile device is another great way to ensure your safety. To find out more about mobile security, contact Geek Rescue at 918-369-4335.
Most everyone has heard of a firewall, but few really know what it is and what it does. The first thing you need to know is that you need one.
A firewall is a line of defense that monitors and filters data entering and leaving your network or computer. Andy O’Donnell describes a firewall for About.com as a “network traffic cop”.
It’s simple to understand that there are criminals outside of your network that want to get in and steal your data. Keeping them out is important, just as keeping criminals out of your home is important. A firewall is the first line of defense for keeping the criminals out and your data safe.
The other job of a firewall is ensuring that outbound traffic of a malicious nature is also blocked. This is a little harder to understand. Outbound data usually refers to what you are sending out of your own network, so why would you want to limit that direction of traffic? Well, if you do get a malware infection or allow access to your network to a malicious program, data can be sent from your computer to download more malware. A hacker is much more limited if the data sent from the infecting malware is limited by your firewall.
There are hardware-based firewalls that exist outside your computer. It would be a dedicated piece of hardware you add on to boost security. Many people already have a hardware firewall contained in their wireless router. To make sure it’s active, you’ll want to check the router’s settings.
There are also software-based firewalls. Most operating systems, like Windows for example, come with a standard firewall that is active by default. There are also a number of antivirus programs that also include software-based firewalls.
If you don’t have an active firewall, your operating system has probably alerted you to that fact. To improve your system’s security, contact Geek Rescue at 918-369-4335. We have a variety of security solutions to keep all of your devices safe.
You’ve likely heard how cyber criminals can hack your smartphone and gain access to your accounts, or even take over functions of your phone. But do you understand why your smartphone is such a coveted target?
Marshall Honorof, of TechNews Daily, writes that “your smartphone contains as much sensitive information as your wallet” and is always on, connected to the internet and vulnerable.
Your smartphone has a number of vulnerabilities, which makes it a challenge to protect. You’re probably always logged into social media and email accounts on your phone. This means that anyone who gains access to your phone also gains access to all of these accounts. With the information gained from social media and email, an intelligent hacker is able to gain access to almost any account you have online.
Smartphones also present the unique problem of text messaging vulnerability. A text message is practically impossible to block since phones open them as soon as they’re connected to a network. This means text messages containing malware are a near-perfect weapon.
There have even been demonstrations of infecting iPhone’s with malware through charging. Once a phone is infected with malware, any number of bad outcomes is possible. Your data could be collected, activity monitored, accounts hacked and phone functions hijacked.
When Bluetooth, Wi-Fi and GPS are activated, phones broadcast a shocking amount of information. Your location and the model number of your phone are available to anyone who cares enough to look for it. Retailers are actually beginning to use this information to tailor ads to you.
Turning off functionality like GPS and Wi-Fi when you’re not using it not only grants you more privacy, it also saves your battery. Experts also suggest uninstalling social media and email apps from phones. These apps are less secure than the websites they represent and keep you logged in at all times.
In addition to better usage habits, you’ll need robust security software to keep your phone safe. Contact Geek Rescue at 918-369-4335 to find out how to improve the security on any of your devices.
Explore more infographics like this one on the web’s largest information design community – Visually.
Phishing scams are producing some unbelievable statistics. 500-million phishing emails are sent every day. 250 computers are hacked each minute. These statistics are why it’s important to protect yourself not only with the latest security software, but also with an understanding of how to avoid the scams.
Phishing emails are attempts to gain access to your accounts or steal some information a hacker deems valuable. They often appear to be from reputable businesses and will ask you to respond with your account information or personal identifiable information. The best thing to do is not respond. Mark the email as spam and delete it.
Many phishing emails will end up in your spam folder. So, the first step in avoiding these scams is to trust your spam folder. Unless you find an email you were expecting to receive in the spam folder, it’s best to leave them alone. Even emails from your contacts could be malicious. There are numerous cases of an individual’s email being hacked and a malicious email being sent to their entire address book.
If a phishing email does end up in your inbox, be aware of the sender’s usual behavior. For example, your bank probably only sends out emails for specific reasons and never asks for your account information over email. If you receive a message that seems out of the ordinary from a company you do business with, it’s always better to call them to find out what’s going on. Be sure to look up the number for yourself also. Many times, a false number will be included in the phishing email.
Links and attachments are a popular way to attempt to infect your computer with malware, which then allows hackers to gain access to your accounts. Be wary of any links and attachments sent to you from unknown sources. If you’re expecting a file to be sent to you by a friend or coworker, it’s probably safe. But, if someone you don’t know sends you an email with an attachment, or even a friend sends you a link you don’t recognize, it’s better not to open them.
For help keeping phishing scams out of your inbox, call Geek Rescue at 918-369-4335. We offer state of the art spam filters and the latest in security software to keep you safe.
The growing trend of BYOD, Bring Your Own Device, means that more and more employees are using their personal smartphones on company networks. The initial concern surrounding BYOD is that sensitive and valuable information will be stored on personal devices and potentially lost or stolen. But, as Sam Narisi points out for IT Manager Daily, there’s another significant threat to consider.
A security researcher for Tripwire recently demonstrated how a single compromised Android device could be used to hack into a company’s IT infrastructure. This is possible through Google apps, which many companies use for cloud computing and email.
Android uses a “single sign-on” feature, which means that users aren’t asked to continuously authenticate their Google account with a password. Instead, the Android device stores a cookie the first time you authenticate your account and remembers that your device and your account are linked.
The problem is similar to forgetting to log-out of your email or social media account on a shared computer. For example, if you’ve ever checked your Facebook page at a computer lab or library and forgotten to sign-out when you left, you probably ended up with some joke statuses on your account. College students know exactly what we’re talking about.
For this Android flaw, when an employees device is lost or stolen, their accounts remain active. Whoever holds that device has access to everything stored in Google apps, including the employee’s email account.
An intelligent hacker, however, doesn’t even need to physically hold the Android to access Google apps. If they are able to infect the device with malware, they could also gain similar access to Google accounts.
The simplest fix for this security flaw is to keep anyone from accessing corporate Google apps with their Android device. Failing that, keep from downloading any extraneous apps, especially outside of the Play Store. That will go a long way in keeping malware off your smartphone.
For more help keeping your smartphone or other device safe and secure, contact Geek Rescue ta 918-369-4335. We offer a variety of security solutions for both home and business.
Windows 8 offers users a unique password option when users sign in. Rather than a text password, users are able to use an image from the Pictures folder to keep their PC secure. Although this is an interesting idea that personalizes a user’s device, it is proving to fail in the security department.
As Thomas Claburn reports for Information Week, a group of researchers created a method for breaking the Windows 8 picture passwords. Their model was successful in hacking a password 48-percent of the time during one test.
To set a picture password, users choose an image, then draw circles, lines or tap different places on the image. When they log-in, they just need to take the same actions in the same order. It’s similar to smartphones that lock with a pattern, rather than a pass code.
Windows 8 does take some precautions to make this method more secure. Most notably, a user is limited to 5 log-in attempts. After a fifth failed attempt, the device is locked down. This means hackers can’t launch a purely automated attack, or brute force attack, that tries every combination possible. During testing, a purely automated attack was only successful about 1-percent of the time.
That is still a significant number of users at risk, and researchers suggested that a higher success rate is likely with a little training. Beyond the technical capabilities of picture passwords, what makes them insecure is how most people use them. When manipulating an image, most people will circle, or tap the eyes and draw a line on the mouth. These tendencies make it much easier for a password to be hacked.
What’s lacking from picture passwords is a strength meter. When you make a password for an online account, most sites will tell you if the password is strong, weak or unacceptable. Windows 8 included no such meter for picture passwords.
Since this is a new log-in method for most people, users won’t know what a strong picture password consists of. A password meter could help ensure that users have a password strong enough to hold up to a hacking attempt.
To keep your machine more secure, contact Geek Rescue at 918-369-4335. We have a variety of security solutions to keep you safe.
The instances of phishing attacks is on an aggressive rise. Over the past 12-months, the number of users who have experienced a phishing attack has risen 87-percent, from 19.9-million to 37.3-million.
During that time, there have also been multiple high-profile attacks, whose victims have included Twitter and the New York Times. Anyone can be a victim to a phishing attack and the rise in victims seems to indicate an increase in the number of threats online. It also suggests that more users need to understand the risks and how to avoid them.
Brian Clark Howard delved into this topic for National Geographic to help educate users so they may be able to avoid phishing attacks in the future.
A phishing attack refers specifically to an online scam use social engineering to coerce users in giving up personal information like social security numbers, bank account information and phone numbers. The most common means of phishing comes through spam emails. These emails are sent to hundreds or thousands of recipients and made to look like official correspondence from banks, service providers or even government agencies. Some include the threat of termination of service, while others will promise money or deals.
Spear phishing is an attack specifically targeting an individual or organization. By using information gleaned from other places, a hacker will put together an email that seems more legitimate because it will include information about you that a random person shouldn’t know.
This is usually how large-scale enterprises get hacked. They’re specifically targeted and employees are tricked into giving out their log in information, which opens the door for hackers to access the company’s network.
Anyone using email is at risk of a phishing scam. Trusting your spam filters helps to avoid many of the lazier phishing attempts, but you’ll also need to be wary of unsolicited emails asking for information you wouldn’t feel comfortable giving out to just anyone. Attachments, links, misspelled words and bad grammar are all signs that the email isn’t legitimate. In nearly every case, it’s better to contact a company by phone instead of replying to an email with personal information.
If you do fall for a phishing scam, you should immediately take action to change your passwords and monitor accounts closely for strange activity.
For help keeping your email secure and beefing up spam filters, contact Geek Rescue at 918-369-4335. We’ll help keep hackers out and your information secure.
Recognizing that an account that you use often has been hacked is fairly easy. Recovering from a hack is much more difficult.
Matt Cutts, head of Google’s Webspam team, recently tackled this issue on his blog. As he notes, not only do you need to make sure the hacker no longer has access to any of your accounts, but you also need to safeguard for the future.
In the event that you have a hacked account, here’s what to do.
Change your password
Take this opportunity to make passwords stronger using numbers, symbols and both upper and lowercase letters. If you’re changing multiple accounts, make sure you’ve secured your email address first. Otherwise, a criminal could have access to emails from other accounts informing you about your new passwords.
Check log-in details
For Google accounts, and most email and social media accounts, you should be able to see when your account was last active. If you’re being told that someone accessed this account within the hour and it wasn’t you, you know there’s still a problem. You should also be able to find out where other users are logging in from.
Check settings
For email accounts, a hacker may have set your address to forward to his. For other accounts, check to make sure your email address is still the one associated with the account.
Consider two-factor authentication
This method is available for most accounts and requires both your log-in and password in addition to a code the website send you, usually over text message. This adds another layer of security and throws in an additional pass code that outsiders shouldn’t know.
Unfortunately, even if you’re careful you run a significant risk of a hack. Knowing how to recover quickly and re-secure your account is important so you don’t lose more than you have to.
For help with security at home or the office, contact Geek Rescue at 918-369-4335.
Is your organization the target of a cyber attack? Almost definitely, yes.
John P. Mello reports for CIO that “about half of global organizations have suffered a cyber attack in the last year”.
What you should take away from that statistic is that every organization is at risk, regardless of size, who they cater to and what industry they’re in.
Here’s why an attack is such a major concern for any business. About 65-percent of attacks result in a loss of revenue because of system and employee downtime. About 19-percent result in the loss of potentially valuable data. If you aren’t protecting yourself properly, you’re inviting criminals to affect your bottom line.
Many of the cyber attacks that affect businesses worldwide are not of the targeted variety. A targeted attack implies that an individual hacker or group specifically came after your company for a reason. That reason can be because they wanted specific data, or just because they don’t like your company.
If an attack isn’t targeted, it’s usually the result of bad surfing practices by employees or lax security. Hackers unleash malware on the public with no specific target in mind and wait for their tactics to pay off. Clicking a bad link, opening spam email or downloading a file all opens the door for these attacks.
Detection of these attacks is key. Just as stopping a virus attacking a human body is easiest when detection is early, early detection of a cyber threat makes stopping the threat and closing the gap in security much easier.
To improve your company’s security, call Geek Rescue at 918-369-4335. We offer a customized approach to safeguard your data and network.