LetMeIn101: How the Bad Guys Get Your Password

by

Passwords are essential to your cybersafety. You know it, but if you’re like the rest of the digital society, you probably have dozens of passwords to remember. It’s a lot. So, you might take shortcuts. Taking advantage of your laissez-faire attitude is one way bad guys access your passwords.

Incredibly, there are still people out there using “password” or “123456” in their access credentials. Some people don’t change the default passwords on their devices. So, anyone can pick up a router, look at the sticker identifying the password, and access that network.

Tip: Avoid obvious passwords! When you have to create a password, make an effort. When it’s time to update a password, do so. Steer clear of simple, easily guessed patterns.

Cybercriminals can also guess your password. With a little bit of research about you online, they can make some informed guesses. Common passwords include pet names, birthdays, and anniversaries. These are all easy to find via your social media accounts.

Tip: Be careful what you share on social media! Don’t befriend strangers, as you are giving them access to a goldmine of info for personalizing an attack on you.

If that doesn’t work, criminals may try brute force. They might script an automation bot to run thousands of password permutations until they get a hit. The software will try a long list of common passwords and run through dictionary words to gain access.

Tip: Use a complex password with numbers, letters, and symbols or a passphrase. A passphrase is typically at least 19 characters long but is more memorable, as it’s unique to you.

The criminal may also be working with info from a data breach. In early 2019, a security researcher found more than 2.7 billion email/password pairs available on the Dark Web. Criminals accessing that database could use the data as a starting point, as many people duplicate their passwords across accounts.

Tip: Use a unique password for each site. Yes, that’s overwhelming to remember, and that’s also why you should use a password manager to keep track of it all for you.

Criminals can also access your account if you’ve used a hacked public computer. The bad guys may have installed a key logger on the computer. The logger records every key you press on the keyboard. Or they might have compromised a router or server to be able to see your information.

Tip: Be cautious about your online activity on computers or networks you don’t trust.

Of course, there’s one more method of getting your password that we haven’t addressed yet. It’s the familiar phishing attack. For instance, you get an email that looks like it was sent by your bank. Phishing typically has an urgent message and a link that directs you to what looks like a credible page.

Tip: Pay attention to who is sending the email and hover the mouse over the link to see where it goes. If you are concerned about your bank account, for example, open up a browser and type the URL manually rather than clicking the link.

These tips can help you to protect your valuable passwords. Still, setting up a password manager and amping up your internet security can help too. Need support getting ahead of the cybercriminals?

N-Line Technologies has been helping small businesses just like yours in Midland, Odessa, and across the Permian Basin keep the bad guys out.  We can help.

Contact us today! Call us at 432-279-0671

The Dark Web and Its Impact on Your Business

by

Business owners today know the internet is not only a force for good. Some people exploit the Web for ill intent. They congregate on the Dark Web, and small businesses need to understand the risks.

What is the Dark Web?

You and your employees spend time daily on the Web. They’re researching clients, checking out competitors, and searching for information. They are not accessing the Dark Web. The Dark Web houses dangerous, often illegal activity. This includes black-market drug sales, illegal firearm sales, and illicit pornography.

The Dark Web’s collection of websites is inaccessible using standard search engines or browsers. Users employ a Tor or I2P encryption tool to hide their identity and activity, and they spoof IP addresses.

To go into the Dark Web, you also need to be using the Tor or I2P service. Plus, you’d need to know where to find the site you are looking for. There are Dark Web directories, but they are unreliable. The people on the Dark Web don’t want their victims to find them. Ultimately, it’s not somewhere you or your employees need to be.

So, why do you need to know about it? Because Dark Web users can buy:

  • usernames and passwords
  • counterfeit money
  • stolen credit card numbers or subscription credentials
  • software to break into people’s computers
  • operational, financial, or customer data
  • intellectual property or trade secrets

The Dark Web is also where someone can hire a hacker to attack your computers.

The Dark Web business risk

The Dark Web itself isn’t illegal, and not all its traffic is criminal. It is also visited by journalists and law enforcement agencies, and it’s used in countries prohibiting open communication.

Yet the number of Dark Web listings that could harm your business is growing. A 2019 research study found that 60% of all listings could harm enterprises, and the number of those Dark Web listings has risen by 20% since 2016.

Business risks from these Dark Web listings include:

  • undermining brand reputation
  • loss of competitive advantage
  • denial-of-service attack or malware disruption
  • IP theft
  • fraudulent activity

With media attention on data breaches impacting millions, it’s easy to think a small business is not at risk. However, bad actors don’t target a business for its size; they look for ease of access.

Dark Web information is up to twenty times more likely to come from an unreported breach. Privacy specialists told a Federal Trade Commission Conference victims included medical practices, retailers, school districts, restaurant chains, and other small businesses.

Reduce your risk

If your information ends up on the Dark Web, there’s little you can do about it. The bright side, at least, is that you would know that your business security has been compromised. Be proactive instead. Keep your security protections current, and install security patches regularly.

Consider a unified threat management (UTM) device, or UTM appliance. The UTM plugs into your network to serve as a gateway and protect your business from malware, illicit access, and other security risks.

Your UTM security appliance can provide:

  • application control
  • anti-malware scanning
  • URL and content filtering
  • data loss prevention
  • email security
  • wireless and remote access management

Or let a managed services provider (MSP), like N-Line Technologies, take care of all aspects of protecting your business. Pay a consistent monthly fee for us to handle all your technology, patching, monitoring, and assessment needs.

Let us help you stay on top of the latest cybersecurity threats with managed services from N-Line! We have been protecting businesses in Midland, Odessa, and the Permian Basin from the dangers of the Dark Web since 2001.

Click HERE or Call us today at 442-279-0671!

Has Your Email Been Hijacked?

by

A common complaint by many users in recent months has been spam emails appearing to come from their own accounts. Despite not knowing why, reports of friends, family, and contacts receiving spam email that appears to come from them has worried many people.

Some have had their accounts suspended or shut down by their service providers as a result. For many, this experience can be highly disruptive. It’s a problem that can cause many issues in both your professional and personal life.

The key to defense is learning how these attacks happen, and figuring out what you can do to protect yourself and your contacts against them.

Hackers Using Your Email Against You

Scammers that send out spam messages are continually looking for ways to make the process faster, cheaper, and more efficient. It’s the best way in which they can make more money every day by scamming unsuspecting victims for even more cash.

One of the most efficient ways they do this is by hijacking ready-made trusted email accounts like your own. Hackers have several tools at their disposal to attempt to hijack your accounts.

Some of the principles which make email fast and easy to use means that details, such as those in the ‘from’ field, are easy to fake. A hacker might change the information supplied to make it appear as if the email comes from anyone.

There’s not much you can do to defend your email against such an attack. However, you can work to verify that an email, even one you expect to receive, does come from the person you believe it to be. If your email provider flags up an incoming email as ‘suspicious’, or ‘untrustworthy’, it may well be.  A good spam filter service like our N-Line Spam Control can filter out many fake emails before they get to your inbox.

Stolen Credentials

Hackers often buy large bundles of email addresses and passwords from the dark web. Leaked emails are often put up for sale following hacks of major companies and service providers.

The value of these details comes from passwords being unlikely to have been changed, the details attached to them are trusted, and often give hackers access to additional services too.

How To Detect an Email Intrusion

It can take a long time before you’re aware that malicious hackers are using your details. You might even be the last person in your contacts to know.

The first sign to look out for is a large number of unexpected emails in your inbox. These are likely replies to emails you never sent in the first place. Out of office, automatic responses, people complaining about spam, and people responding to the email as if it were genuine may all come to you first.

Keep a close eye on unexpected emails appearing suddenly in either your inbox or outbox. A hacker may be spear-phishing someone that you do business with or trust. By acting as you, using your address and details, they may be able to divert payments or confidential information to their accounts instead.

Protecting Yourself Against Hackers, Attackers, And Hijackers

Sometimes your computer might have been compromised to give hackers access to your services. Malicious software may have infected your machine to steal data and infect your contacts.

Take extra care to change your passwords if you believe your email has been accessed by a hacker. Use a different, more secure password for your email than you do for every other service. Your email account is often the key to accessing many of the services you use most.

Run a virus scan and maintain security updates if you think your computer could have been infected. Have your machine and services looked at by a professional if you believe there is a risk your data is being used?

N-Line Technologies is here to help you protect your email with business-grade email solutions from Microsoft Office 365.  If you think your email could have been hijacked, or your details used elsewhere, click HERE give us a call at 432-279-0671 to clean up today.

We have been serving Midland, Odessa, and the Permian Basin since 2001!

Don’t Get Hooked by Spear-Phishing Attacks

by

Phishing attacks have been around for a long time in IT.  Designed to steal your credentials or trick you into installing malicious software, they have persisted in the IT world precisely because they have been so devastatingly simple and effective.  Today, a more modern and more effective version of the same attack is commonly used.

A typical phishing attack involves an attacker sending out a malicious email to hundreds of thousands, if not millions of users.  The attacker’s email is designed to look like it comes from a bank, financial service, or even the tax office. Often aiming to trick you into logging in to a fake online service, a phishing attack captures the login details you enter so an attacker may use them to enter the genuine service later.

By sending out tens of thousands of emails at a time, attackers can guarantee that even if only one half of one percent of people fall for it, there is a lot of profit to be made by draining accounts.  Spear phishing is a more modern, more sophisticated, and far more dangerous form of the attack.  It’s typically targeted at businesses and their staff.

A Convincing, Dangerous Attack

While a traditional phishing attack throws out a broad net in the hope of capturing as many credentials as possible, spear phishing is targeted and precise.  The attack is aimed towards convincing a single business, department, or individual that a fraudulent email or website is genuine.

The attacker focuses on building a relationship and establishing trust with the target.  By building trust and convincing the target that they are who they are pretending to be, the user is more likely to open attachments, follow links, or provide sensitive details.

They do this by carefully researching your company and its key officers.  Often using Google, Facebook, LinkedIn, and other online sources of information so that they can successfully imitate someone you or your employees will trust such a key vendor or business partner, or even a fellow employee.

Consider how many times you have followed a link or opened an attachment just because it has come from a contact you have trusted before.

A Trusted E-mail

The malicious email can appear to come from a vendor you deal with regularly.  It may even look like an invoice you are expecting to receive.  Often attackers can simply substitute the vendors’ banking details for their own, hoping the target will not notice the difference.

Such an attack is very difficult to detect.  It takes a keen eye, strong working knowledge, and constant awareness to keep your company protected.  Even a single small mistake by an unaware member of staff can compromise your business accounts.

Defending Your Business

The key to stopping a spear phishing attack is education.  Learning attack techniques, and how to protect against them is the single biggest thing you can do to enhance business security.

Whenever you deal with a vendor in a business transaction, you should always consider important questions before proceeding.  Are you expecting this email?  Is the vendor attempting to rush you into a quick decision or transaction?  Have you checked all the details are correct and as you expected?  Sometimes a simple query to the vendor can protect you against worst-case scenarios.

In many cases, a phishing attack can be halted in its tracks with a strong IT security package.  Web and spam filtering can prevent malicious emails and links from entering the network, shutting attacks down before any damage can be done.

Good Security Practice

As with many types of IT threats, good security practices help mitigate damage.  Locking down security to ensure employees only access the systems they need helps to prevent damage from spreading across the network.

Enforcing unique and strong passwords prevents leaked credentials from affecting systems related to the one that has been compromised.  Getting employees set up with a password manager and good security policies can do the world of good to boost your security to the level it needs to be.

N-Line Technologies has the tools and know how to help protect your company from sophisticated Spear-Phishing attacks. 

Don’t wait until they attack.
Contact us today at 432-279-0671 to audit your security practices.

Privacy Policy