People are busy, working fast, tired, and overly trusting. Cyber crooks are targeting people's preoccupation and fears around the coronavirus. IT can do its best, but one bad click can breach a system. Learn about current COVID-19 related IT threats in our latest ebook.
LetMeIn101: How the Bad Guys Get Your Password
Passwords are essential to your cybersafety. You know it, but if you’re like the rest of the digital society, you probably have dozens of passwords to remember. It’s a lot. So, you might take shortcuts. Taking advantage of your laissez-faire attitude is one way bad guys access your passwords.
Incredibly, there are still people out there using “password” or “123456” in their access credentials. Some people don’t change the default passwords on their devices. So, anyone can pick up a router, look at the sticker identifying the password, and access that network.
Tip: Avoid obvious passwords! When you have to create a password, make an effort. When it’s time to update a password, do so. Steer clear of simple, easily guessed patterns.
Cybercriminals can also guess your password. With a little bit of research about you online, they can make some informed guesses. Common passwords include pet names, birthdays, and anniversaries. These are all easy to find via your social media accounts.
Tip: Be careful what you share on social media! Don’t befriend strangers, as you are giving them access to a goldmine of info for personalizing an attack on you.
If that doesn’t work, criminals may try brute force. They might script an automation bot to run thousands of password permutations until they get a hit. The software will try a long list of common passwords and run through dictionary words to gain access.
Tip: Use a complex password with numbers, letters, and symbols or a passphrase. A passphrase is typically at least 19 characters long but is more memorable, as it’s unique to you.
The criminal may also be working with info from a data breach. In early 2019, a security researcher found more than 2.7 billion email/password pairs available on the Dark Web. Criminals accessing that database could use the data as a starting point, as many people duplicate their passwords across accounts.
Tip: Use a unique password for each site. Yes, that’s overwhelming to remember, and that’s also why you should use a password manager to keep track of it all for you.
Criminals can also access your account if you’ve used a hacked public computer. The bad guys may have installed a key logger on the computer. The logger records every key you press on the keyboard. Or they might have compromised a router or server to be able to see your information.
Tip: Be cautious about your online activity on computers or networks you don’t trust.
Of course, there’s one more method of getting your password that we haven’t addressed yet. It’s the familiar phishing attack. For instance, you get an email that looks like it was sent by your bank. Phishing typically has an urgent message and a link that directs you to what looks like a credible page.
Tip: Pay attention to who is sending the email and hover the mouse over the link to see where it goes. If you are concerned about your bank account, for example, open up a browser and type the URL manually rather than clicking the link.
These tips can help you to protect your valuable passwords. Still, setting up a password manager and amping up your internet security can help too. Need support getting ahead of the cybercriminals?
N-Line Technologies has been helping small businesses just like yours in Midland, Odessa, and across the Permian Basin keep the bad guys out. We can help.
Contact us today! Call us at 432-279-0671
Has Your Email Been Hijacked?
A common complaint by many users in recent months has been spam emails appearing to come from their own accounts. Despite not knowing why, reports of friends, family, and contacts receiving spam email that appears to come from them has worried many people.
Some have had their accounts suspended or shut down by their service providers as a result. For many, this experience can be highly disruptive. It’s a problem that can cause many issues in both your professional and personal life.
The key to defense is learning how these attacks happen, and figuring out what you can do to protect yourself and your contacts against them.
Hackers Using Your Email Against You
Scammers that send out spam messages are continually looking for ways to make the process faster, cheaper, and more efficient. It’s the best way in which they can make more money every day by scamming unsuspecting victims for even more cash.
One of the most efficient ways they do this is by hijacking ready-made trusted email accounts like your own. Hackers have several tools at their disposal to attempt to hijack your accounts.
Some of the principles which make email fast and easy to use means that details, such as those in the ‘from’ field, are easy to fake. A hacker might change the information supplied to make it appear as if the email comes from anyone.
There’s not much you can do to defend your email against such an attack. However, you can work to verify that an email, even one you expect to receive, does come from the person you believe it to be. If your email provider flags up an incoming email as ‘suspicious’, or ‘untrustworthy’, it may well be. A good spam filter service like our N-Line Spam Control can filter out many fake emails before they get to your inbox.
Stolen Credentials
Hackers often buy large bundles of email addresses and passwords from the dark web. Leaked emails are often put up for sale following hacks of major companies and service providers.
The value of these details comes from passwords being unlikely to have been changed, the details attached to them are trusted, and often give hackers access to additional services too.
How To Detect an Email Intrusion
It can take a long time before you’re aware that malicious hackers are using your details. You might even be the last person in your contacts to know.
The first sign to look out for is a large number of unexpected emails in your inbox. These are likely replies to emails you never sent in the first place. Out of office, automatic responses, people complaining about spam, and people responding to the email as if it were genuine may all come to you first.
Keep a close eye on unexpected emails appearing suddenly in either your inbox or outbox. A hacker may be spear-phishing someone that you do business with or trust. By acting as you, using your address and details, they may be able to divert payments or confidential information to their accounts instead.
Protecting Yourself Against Hackers, Attackers, And Hijackers
Sometimes your computer might have been compromised to give hackers access to your services. Malicious software may have infected your machine to steal data and infect your contacts.
Take extra care to change your passwords if you believe your email has been accessed by a hacker. Use a different, more secure password for your email than you do for every other service. Your email account is often the key to accessing many of the services you use most.
Run a virus scan and maintain security updates if you think your computer could have been infected. Have your machine and services looked at by a professional if you believe there is a risk your data is being used?
N-Line Technologies is here to help you protect your email with business-grade email solutions from Microsoft Office 365. If you think your email could have been hijacked, or your details used elsewhere, click HERE give us a call at 432-279-0671 to clean up today.
We have been serving Midland, Odessa, and the Permian Basin since 2001!
Don’t Get Hooked by Spear-Phishing Attacks
Phishing attacks have been around for a long time in IT. Designed to steal your credentials or trick you into installing malicious software, they have persisted in the IT world precisely because they have been so devastatingly simple and effective. Today, a more modern and more effective version of the same attack is commonly used.
A typical phishing attack involves an attacker sending out a malicious email to hundreds of thousands, if not millions of users. The attacker’s email is designed to look like it comes from a bank, financial service, or even the tax office. Often aiming to trick you into logging in to a fake online service, a phishing attack captures the login details you enter so an attacker may use them to enter the genuine service later.
By sending out tens of thousands of emails at a time, attackers can guarantee that even if only one half of one percent of people fall for it, there is a lot of profit to be made by draining accounts. Spear phishing is a more modern, more sophisticated, and far more dangerous form of the attack. It’s typically targeted at businesses and their staff.
A Convincing, Dangerous Attack
While a traditional phishing attack throws out a broad net in the hope of capturing as many credentials as possible, spear phishing is targeted and precise. The attack is aimed towards convincing a single business, department, or individual that a fraudulent email or website is genuine.
The attacker focuses on building a relationship and establishing trust with the target. By building trust and convincing the target that they are who they are pretending to be, the user is more likely to open attachments, follow links, or provide sensitive details.
They do this by carefully researching your company and its key officers. Often using Google, Facebook, LinkedIn, and other online sources of information so that they can successfully imitate someone you or your employees will trust such a key vendor or business partner, or even a fellow employee.
Consider how many times you have followed a link or opened an attachment just because it has come from a contact you have trusted before.
A Trusted E-mail
The malicious email can appear to come from a vendor you deal with regularly. It may even look like an invoice you are expecting to receive. Often attackers can simply substitute the vendors’ banking details for their own, hoping the target will not notice the difference.
Such an attack is very difficult to detect. It takes a keen eye, strong working knowledge, and constant awareness to keep your company protected. Even a single small mistake by an unaware member of staff can compromise your business accounts.
Defending Your Business
The key to stopping a spear phishing attack is education. Learning attack techniques, and how to protect against them is the single biggest thing you can do to enhance business security.
Whenever you deal with a vendor in a business transaction, you should always consider important questions before proceeding. Are you expecting this email? Is the vendor attempting to rush you into a quick decision or transaction? Have you checked all the details are correct and as you expected? Sometimes a simple query to the vendor can protect you against worst-case scenarios.
In many cases, a phishing attack can be halted in its tracks with a strong IT security package. Web and spam filtering can prevent malicious emails and links from entering the network, shutting attacks down before any damage can be done.
Good Security Practice
As with many types of IT threats, good security practices help mitigate damage. Locking down security to ensure employees only access the systems they need helps to prevent damage from spreading across the network.
Enforcing unique and strong passwords prevents leaked credentials from affecting systems related to the one that has been compromised. Getting employees set up with a password manager and good security policies can do the world of good to boost your security to the level it needs to be.
N-Line Technologies has the tools and know how to help protect your company from sophisticated Spear-Phishing attacks.
Don’t wait until they attack.
Contact us today at 432-279-0671 to audit your security practices.