No More Phish! Three Scams You Need to Spot in 2023
5 Tips To Improve Your Digital Security in 2021
Watch Out for iCloud Phishing Phone Calls!
Beware Microsoft Office 365 Phishing Attacks!
We’re seeing an uptick in email phishing attacks purporting to come from Microsoft about Office 365. They’re quite convincing messages that tell users that their credit card payment has failed, that an account needs renewing, or that a password needs to be confirmed. Needless to say, they’re all complete scams, and clicking a link in them takes you to a malicious Web page that will try to steal your password or credit card details. As we noted in “Gone Phishing: Five Signs That Identify Scam Email Messages,” large companies never send email asking you to click a link in order to log in to your account, update your credit card information, or the like. Hover over links to see where they go before clicking anything, and stay safe out there!
Block Telemarketing Calls Automatically on Your iPhone
Junk calls are one of the great annoyances of the modern world. You’re minding your own business when your iPhone vibrates in your pocket. You pull it out, curious as to who’s calling, but don’t recognize the number. You may notice that it’s in the same exchange as your phone number, suggesting that it’s a neighbor. But no. When you answer, it’s “Heather,” a pre-recorded voice wanting to sign you up for a resort vacation, give your business a loan, or help with your credit card debt. Angered by the intrusion, you tap the red hangup button, wishing you had an old-style telephone receiver to slam down.
There’s no way to retaliate against these scum-sucking bottom feeders, and the best option is to hang up immediately. For quite a few versions of iOS, you’ve been able to block a caller manually—just tap the i button next to the call in the Recents screen in the Phone app, scroll to the bottom, and tap Block This Caller. But that’s seldom worth doing since telemarketers often spoof the numbers they call from, so it’s unlikely you’d get a second call from the same number.
Instead, we recommend taking advantage of a feature Apple introduced in iOS 10 that enables apps to block calls for you. Quite a few of these apps have appeared, with some of the best reviewed being Hiya, Mr. Number, RoboKiller, and Truecaller. Hiya and Mr. Number are both free and from the same company—Mr. Number is a stripped-down version of Hiya—whereas RoboKiller and Truecaller require an in-app purchase for a monthly membership.
In general, these apps work by receiving caller ID information from iOS and comparing it against both your local contacts (to identify good calls) and a constantly updated database of numbers used by telemarketers (bad calls). Calls from your contacts ring through normally, as do calls from phone numbers not in either of those sets. That’s key, since your doctor might call back from a secondary number, or your kid’s new teacher might call to talk about an upcoming snack day. But if you receive a call from a number known to be used by a telemarketer, the app can either identify it on the incoming call screen or block it automatically, sending it to voicemail.
To enable one of these apps, after you download it from the App Store, go to Settings > Phone > Call Blocking & Identification and enable its switch. You’ll probably also have to do some setup in the app itself, providing your phone number, perhaps creating an account, and determining what should happen with different calls (Mr. Number is shown below, right).
With Hiya and Mr. Number, you can copy a number from the Phone app’s Recents screen (tap the i button for a call, and then press the number to access a Copy button) and then look it up to learn more and see comments other users have made. And if you get a telemarketing call from a number that the app doesn’t recognize, you can submit it to protect others.
RoboKiller claims that it wastes the telemarketers’ time by playing pre-recorded “Answer Bots” conversations to keep them on the line, preventing them from calling more people.
Details vary by app, but the only real downside to using one of these apps is that it may ask for information about you or your contacts to improve its services. If that feels intrusive, investigate one of the apps that requires a membership, like RoboKiller, to see if it better answers your concerns.
In the end, it comes down to how many telemarketing calls you receive each day, week, or month. If you’re lucky and get only one or two per month, it’s probably not worth messing with a call blocking app—maybe just send unidentified (and unexpected) calls to voicemail. But if you’re interrupted by multiple junk calls per day or week, give one of these apps a try and let it reduce the onslaught.
Gone Phishing: Five Signs That Identify Scam Email Messages
Don’t Freak Out If You Get Blackmail Spam Containing an Old Password
Have you gotten an email message whose Subject line says something like “Change your password immediately! Your account has been hacked.”? If not, it may be only a matter of time before you do. It’s a scary message, especially because it contains one of your passwords, some threats, and a demand for money. Worse, the password is likely one you’ve used in the past—how could the hacker have discovered it? Has your Mac really been taken over?
Relax. There’s nothing to worry about.
This “blackmail spam” has been making the rounds on the Internet recently—we’ve heard from several clients who have received it, and we’ve gotten copies too. The message purports to be from a hacker who has taken over your Mac and installed spyware that has recorded you visiting Web sites that aren’t exactly G-rated. The hacker also claims to have used your Mac’s camera to photograph you while you’re browsing said non-G-rated sites and threatens to share those pictures with your contacts and erase your drive unless you pay a ransom using Bitcoin.
This blackmail spam has raised so many pulses because it backs up its claims by showing a password that you’ve used in the past. Hopefully, it’s not one that you’re still using, because it was extracted from one of the hundreds of password breaches that have occurred over the past decade. Impacted Web sites include big names such as Yahoo, LinkedIn, Adobe, Dropbox, Disqus, and Tumblr—thieves have collectively stolen over 5.5 billion accounts. It’s all too likely that some old password of yours was caught up in one of those thefts.
Concerning as the message sounds, all the details other than your email address and password are completely fabricated. Your Mac has not been hacked. There is no malware spying on your every move. No pictures of you have been uploaded to a remote server. Your hard drive will not be erased. In short, you have nothing to worry about, and you should just mark the message as spam.
However, if you’re still using the password that appeared in the message, that is cause for concern. It means that any automated hacking software could break into the associated account, and it must be a weak password if the bad guys were able to decrypt it from the stolen password files. Go to Have I Been Pwned and search for your email address. If it shows up for any breaches, make sure you’ve changed your password for those accounts.
As always, we recommend that you create a strong, unique password for each of your Web accounts. The easiest way to do this is to rely on a password manager like 1Password or LastPass to generate a random password. Then, when you want to go back to that site, the password manager can log you in automatically. It’s easier and more secure.
If you’re still concerned about your passwords, call us and we can help you get started with stronger security practices.
Watch Out for Phishing Attacks Hidden in Your Email
One of the most important things you can do to stay safe on the Internet is to be careful while reading email. That’s because online criminals know that we’re all busy, and we often don’t pay enough attention to what we’re reading or where we’re clicking.
To take advantage of our inattention, these Internet information thieves forge email messages to look like they come from the likes of Apple, Facebook, and Amazon, along with well-known banks, payment services, retailers, and even government agencies. Even more dangerous are messages that appear to come from a trusted individual and include personal details—these messages are often targeted at executives and company managers. Generally speaking, these attacks are called phishing—you can see examples here.
The goal? Get you to click a link in the message and visit a malicious Web site. That site usually continues to masquerade as being run by a company or organization you trust. Its aim is to sucker you into revealing confidential information by asking you to log in, pay for a product or service, or fill out a survey. The site—or an attachment in the email message—might also try to install malware. Although macOS is quite secure, if you approve security prompts, it can still be infected.
Although phishing is a huge problem that costs businesses hundreds of millions of dollars every year, you can easily identify phishing messages by looking for telltale signs:
- Be suspicious of email messages, particularly from people you don’t know or from well-known companies, that ask you to click a link and do something with an online account.
- Look closely at email addresses and URLs (hover the pointer over a link to see the underlying URL). Phishing messages don’t use official domains, so instead of paypal.com, the addresses and links might use paypa1.com—close enough to pass a quick glance, but clearly a fake.
- Watch out for highly emotional or urgent requests. They’re designed to make you act without thinking. Take any such messages with a grain of salt.
- Channel your inner English teacher and look for poor grammar or odd phrasing, which are red flags for phishing messages. Email from real companies may not be perfect, but it won’t have multiple egregious errors.
So what do you do if you get a message that may be phishing for sensitive information? Most of the time you can just ignore it. If you’re worried that it might be legit, instead of clicking any links in the message, navigate to the site in question manually by typing the organization’s URL into your browser—use a URL that you know to be correct, not the one in the email message. Whatever you do, do not open attachments that you aren’t expecting and never send confidential information via email.
If you think you’ve fallen prey to a phishing attack and given away a password, you’ll want to change passwords on any affected accounts. If you’ve opened any attachments or approved any installs, run anti-malware software to determine whether your Mac has been infected. Contact us if you need help. And remember, regular backups protect you from a multitude of sins.
Twitter: Can you tell if you’ve been targeted by a phishing attack? Read on to learn how to identify malicious messages!
Facebook: Phishing attacks—email containing links that try to get you to reveal usernames, passwords, or credit card details—are all too common these days. Follow our advice to learn how to identify malicious messages.
4 Emails You Should Never Open
Cybercrime is an ever-present threat to modern businesses.
Without up-to-date and varied IT security measures, successful hacks can compromise your customers’ and employees’ sensitive data and harm your systems, resulting in costly downtime, and worse.
Email is the primary tool that companies like yours use for daily communications in the modern business world. It’s simple, it’s easy, and it’s effective, but it’s also the main source of malware and spam that could threaten your business. If you’re not careful, your email could be the key for cybercriminals that are trying to exploit you:
- Viruses and malware disguised as regular attachments from familiar sources.
- Phishing schemes from cybercriminals posing as familiar companies and contacts in an attempt to convince employees to give up sensitive information.
- Spam and junk email clogging up your inbox and blocking real, important emails from your clients and partners.
So what can you do? One of the surest ways to protect your business from a range of threats is to learn about them!
Need To Speak With An Email Security Expert Right Away?
Call In Your Local Email Security Experts at {company} For A No Cost Consultation Of Your Email Systems.
Call {phone}.
No matter how “bomb-proof” we make your network, you and your employees can still invite a hacker in if you click on a link or open an attachment in an email sent by a cybercriminal. Some spam is obvious, but others are very cleverly designed to sneak past all the filters and trick the recipient into opening the door.
Known as a “phishing” email, this still is the #1 way hackers circumvent firewalls, filters and antivirus, so it’s critical that you and your employees know how to spot a threatening email.
Here are four types of email ploys you should be on high alert for:
The Authority Email
The most common phishing emails are ones impersonating your bank, the IRS or some authority figure. The rule of thumb is this: any email that comes in where 1) you don’t personally know the sender, including emails from the IRS, Microsoft or your “bank,” and 2) asks you to “verify” your account should be deleted. Remember, ANY important notification will be sent via old-fashioned snail mail. If it’s important, they can call you.
The “Account Verification” Email
Any email that asks you to verify your password, bank information or login credentials, or to update your account information, should be ignored. No legitimate vendor sends emails asking for this; they will simply ask you upon logging in to update or verify your information if that’s necessary.
The Typo Email
Another big warning sign is typos. Emails coming from overseas (which is where most of these attacks come from) are written by people who do not speak or write English well. Therefore, if there are obvious typos or grammar mistakes, delete it.
The Zip File, PDF Or Invoice Attachment
Unless you specifically know the sender of an email, never, ever open an attachment. That includes PDFs, zip files, music and video files and anything referencing an unpaid invoice or accounting file (many hackers use this to get people in accounting departments to open emails). Of course, any file can carry a virus, so better to delete it than be sorry.
The good news is that there are many steps a small business owner like yourself can take to secure their business’ IT. Some of the most effective ways to combat security breaches are simple tasks that you can perform without having to hire a security expert.
Keep the following in mind:
- Keep Link Clicking to a Minimum: Clicking on links that appear in random emails just isn’t safe. Hyperlinks are commonly used to lead unsuspecting employees to phishing and malware websites. Be sure to only click links when they’re from a confirmed, expected source, and when they aren’t part of a sales pitch, or an attempt to get information from you.
- Manage A Safe Sender’s List: No matter how new, or costly, or flashy your current spam filter is, it won’t keep unwanted spam out of your inbox forever. Whenever you see that a spammer’s email has made it past your filter, take a moment to block it so that it won’t happen again.
- Do Not Open Unsolicited Email Attachments: This is a crucial email security practice. Suspicious email attachments from unknown or untrustworthy senders are the most common source of malware, ransomware, and other digital threats. Even if it’s from a friend or colleague, consider the message they send along with it; is it worded properly? Does it sound like it’s from them? It’s always a smart move to call the sender or speak in person if possible to confirm that they sent the email. Otherwise, simply delete it until you can be sure of its authenticity.
- Diligently Scan for Viruses and Malware: Another way to double check a suspicious email is to run a malware and virus scan on it. Even though you may have to do so more often than is convenient, it’s always better to be safe than sorry.
Reach out to our team to find out more about the most effective email security practices that can help you keep your business safe. Contact {company} and our IT security professionals at {phone} or {email} today.
From Telegraphs to USENET and How to Protect Yourself from Spam
When someone thinks of spam they typically think of unsolicited bulk commercial email they receive in their inbox. However, the concept of spam started a little earlier than you might think. How far back? How does 1864 sound? Spam in 1864 you say? Yes, in the form of a telegraph, advertising a local dentistry actually. The Telegraph was so much news that the local paper even reprinted the telegraph that was sent to many households, further propagating the message.
More recently, people consider the first spam email coming out of Digital Equipment in 1978 which went to a total of 393 people promoting their latest computer model. You can thank a Monty Python sketch based on a cafe that only served the canned spiced ham SPAM for the origin of the name. Another early spammer was the lawyers Canter and Siegel posting their “Green Card Lottery” message to USENET, a shared messaging system.
What does all this have to do with today? You don’t want to be known as a spammer. There are three ways to attack the spam problem. First off, you don’t want your marketing emails to be classified as spam. Secondly, you don’t want your mail server to be abused where someone sends spam through your hardware. While this wasn’t sent to you directly, your hardware could be blacklisted, thus affecting your own emails. Lastly, you don’t want your employees to respond to spam. There are ways to filter this at the mail server to prevent them from seeing the messages, or at least classify messages as fishy before their opened. Our company {company} can help you to protect your business from being labeled a bad apple in the email business.
Starting with the most important avenue, ensuring your marketing messages get through, there are some best practices to know about. For starters, don’t just send emails directly to your clients. Putting everyone’s email in the “To:” field of a message is bound to cause problems when someone does a reply-all. If you absolutely have to send a message to LOTS of people, it is better to use the BCC (for blind carbon copy) field of a message. Better yet, rely on a mailing list management package like that offered by Constant Contact. Typically, you don’t want to add people to the mailing list yourself. Instead, people should opt-in. More importantly, with each message you send, there should be unsubscribed instructions.
Protecting your mail server is not an easy task. There are some simple steps you can do like requiring that users are authenticated before sending a message, but someone can just spoof the email headers to make it appear messages came through your server. To best protect your server, in 2012 DMARC, or Domain-based Message Authentication, Reporting, and Conformance was introduced. Combined with the earlier introduced SPF, Sender Policy Framework, this makes sure that any messages appearing to come from your mail server actually came from your mail server. {company} can help you keep up with the latest ways to protect your email servers and thus getting your marketing messages through.
Lastly, it is important to look at the inbound side of spam. With all the talk of Russians hacking servers and the release of inappropriate celebrity photos, most of these attempts are triggered by phishing attacks of targets. You still need to worry about viruses being sent through email, but phishing involves fraudsters sending what look like real emails in the attempt to reveal personal information like passwords and bank account info. You don’t want your employees giving away the farm so that others can then get into your company network or your employees worried about identity theft. {company} can help protect your mail servers from letting these unsolicited emails through.
Contact us at {email} or {phone} to learn more about how we can help you.