Here is how the scam works: Suppose you want to look up a company online named Super Duper, so you type the store’s name into your favorite search engine. An attacker might have purchased the top result to take you to the website superduperco.com. However, if you knew to scroll down past the paid-for-results, you would have seen that the real website is superduper.com. Attackers set up a website and named it superduperco.com.

Their deceptive site might contain malicious advertising, ask you to enter credit card numbers during checkout, or tempt you to download malicious programs and apps. They might ask you to login or reset a password, and they capture the password you type in.

If you look up a retailer in a search engine, skip past the ads and paid results. Scroll down to see real search results. Even then, be skeptical in case attackers used SEO techniques to appear at the top of the actual search results.

Please forward this to your friends to alert their users that top search engine results can be a trap.

The post Beware: Attackers Buy Top Search Engine Results to Trick You appeared first on Foster Institute.

USB: A new ploy is bad actors mailing USB devices, appearing to be from your company to your users. Once plugged in, they can open up a channel that permits unauthorized remote control and capturing keystrokes, including passwords.

Fake Login Prompts: Remind your users to beware of login screens when they don’t expect them. Attackers create persuasive prompts that ask your users passwords for their logon, VPN, or Microsoft Office 365 login, and more. Sometimes the windows tell the user that their connection dropped, and to provide credentials to reestablish their link. Your Users must ignore those prompts and notify your IT team immediately.

Fraudulent websites and apps: Sites may have useful coronavirus information, but they also contain malicious attack software that strives to infect computers. Attackers create bad apps offering online statistics, tracking of the virus spread, and more.

Please forward this to your friends so they can alert their users too.

The post Alert Your Team – USB Devices, Login Prompts, and Apps appeared first on Foster Institute.

You may have heard that Netflix agreed to reduce the picture quality of movies in the UK to reduce the load on the Internet. What’s that have to do with your company? Prepare a contingency plan now. Something easy to change is to instruct your workers to ask their family members to please download their movies at night rather than streaming the videos during work hours. That way, their family can watch their downloaded movies during the daytime without using up your workers’ remote network speed.

If your remote workers use VPN connections, and they experience slow speeds, your IT team can enable something called split tunneling. Then, if they aren’t already, your workers’ computers take a shortcut directly to the Internet without going a long way around through your primary office location’s firewall first. That trades speed for security, so executives have to make the decision, but the change might be worth it if your workers cannot work otherwise. There are other strategies too. Know that recorded video and audio conference calls will make it through even when a real-time conference is so slow it fails.

Other customers explain that the cellular towers in their area are so overloaded that phone calls get dropped, and voices are sometimes garbled beyond understandability. That’s when text messages, though less convenient, will be your plan B. At least text messages will usually go through even with weak or slow connections.

Please forward this message to your friends so they can have a plan in place at their company in case an Internet or cell phone traffic jam interferes with their business.

The post Plan Now for Slow Internet and Dropped Phone Calls appeared first on Foster Institute.

The post Warn Your Workers about Attacker Decoy Tactics appeared first on Foster Institute.

The bad actor immediately took over the network and started performing highly illegal activities that appeared to come from the victim’s systems.  User training is not enough. It is essential to take additional steps to help protect your network when an attacker is crafty enough to trick a user.

Firewalls, almost universally, have a feature called web content filtering. There is a possibility that your IT professional configured the firewall to block known gambling, gaming, and sites with people with no clothes.

Unless you do business with every country in the world, tell your IT team to block the firewall from permitting traffic from all countries except those where you do business.

It is possible that some of your third parties use sites in other countries to handle your sensitive data, and this is a great time to find out by blocking other countries to see what happens. Your security is only as good as the security of your third party providers, and they need to disclose to you any risks they take with you, and your customers’ confidential data.

If you want to be super cautious, rather than block everything at once, you can ask your IT professional to dump the contents of your web filter’s log into a spreadsheet, or some other database, that will identify traffic trends, sources, and destinations.

Now is an excellent time to ask your IT professionals, even if you outsource IT, to devote time to tuning your web content filtering to be restrictive.

You can even update your routers at home if they support web content filtering, and they might. An excellent place to start is at the device manufacturer’s website. There will be instructions to download and install the most recent firmware. Look at the support site about ways you can enable supported security features in your home devices, including web content filtering.

Please forward this to everyone you know so they can ask their IT professionals to turn up your web content filtering to help protect against social engineering attacks.

The post Protect Your Network Even when Attackers Trick Your Users appeared first on Foster Institute.

If you want to find out if your passwords were released, visit his site called https://haveibeenpwned.com. If you elect to enter your email address, he will tell you if it is in the collection and give you more details.

What do you do if you are on the list? Reset your passwords. Use a password manager that will remember your passwords for you to make your life easier when you use a different password at each website from now on.

Now is a great time to enable two-step verification. A basic form of two-step verification is when you enter a username and password, and you receive a text message code to type in. Enable two-step verification on PayPal, LinkedIn, Dropbox, Facebook and every other web service you use. On each website, look for Settings > Security. You may need to dig down, but more reputable sites now support two-step verification, but you must enable the feature.

Some bad news is that, about a week ago, a tool called Modlishka shows how to break two-step verification so it isn’t that secure, but two-step verification is still more secure than a simple username password combination. If it allows, have a website use some other method than texting you a password. Using an app on your phone or calling you via a voice call are options that are often more secure than the text message. Microsoft, Google, and a service called Duo offer these options and more. Having a hardware key is even better unless your laptop users leave the key stored in the laptop case, and their password written on the bottom of the laptop.

The post 773 Million Passwords Exposed – Were You Exposed? appeared first on Foster Institute.

Encourage and provide time to your team to keep your systems up to date with all critical security patches for operating systems, Office, browsers, Flash, Java, and Reader. Ask them to show you a list, not a pie chart, of missing critical security patches. If they haven’t checked lately, this is an excellent time for them to be sure the firmware is up-to-date in the firewall and other infrastructure devices.

Thank you for all you are doing to protect against ransomware and all types of cyber threats. You are helping make the world a safer place to live and work!

The post Happy Computer Security Day! appeared first on Foster Institute.

Then, the unexpected happened. Some of Nick’s business associates, customers, and friends complained, “Hey Nick – Why haven’t you replied to that email message I sent you last week?” His associate named Tony felt snubbed because Nick stopped replying to his messages. Nick had no idea Tony was sending messages because Nick never received any of them.

The cause of this problem is that, unbeknownst to most people, when a bad actor sent the fake email with a made up email address, the recipient’s computer stores the phony email address to be used in the future to auto-fill the “To:” address field.

Check your computer. When you start to compose an email message and begin typing the name of the person to whom you are sending the message, does their name show up automatically on a list before you finish typing?

A bad actor might have impersonated you by spoofing your email address with a fake one: Nick Stark <Nich0las @yahoo.com>. But your real email address may be Nick Stark <NStark @yourcompany.com>. While your name is the same, the addresses are different.

From now on, when someone sends an email to you, their address book will auto-fill “Nick Stark” as they type your name into the “To” box in the email message. Unless they pay special attention, their email program may send the email message to the fraudulent email address. You will not receive the email, and the sender expects that you will.

One way you can solve this is to alert people that, when they send you an email message, to verify that, as they fill in your name as the recipient, the email address that shows up is Nstark @yourcompany.com. If they see your name with the wrong email address in their auto-fill list, they should click the option to delete the record with the fake address.

If you have ever been the victim of spoofed email messages sent in your name, you should notify your contacts. If people complain that you do not receive email messages they send you, you should advise your contacts as well.

The auto-fill feature is helpful when sending email messages, but it can come back to bite you if an attacker ever impersonates you in an email message.

Send this message to your friends, especially if anyone ever fakes their email address, so they can help ensure that they receive legitimate email messages.

The post You Might Stop Receiving Essential Email Messages, and What to Do About It appeared first on Foster Institute.

Now, what affects you directly whether you own a Tesla or not. Many IT Professionals, consultants, and outsourced IT firms access your network remotely using tools designed to help them help your users solve technical issues. Example programs include GoToMyPC, TeamViewer, LogMeIn, VNC, and Splashtop. Some outsourced companies use a product called Agent Tesla to support their customers. If you visit the website agent tesla dot com, you will see that the product has additional features including stealing keystrokes, breaking passwords, and spreading itself like a virus through a network. It appears that some bad actors have been using this tool to infect computers at companies without the company’s permission. And the tech support representatives at Agent Tesla were more than willing to assist the bad actors.

A key takeaway is that user-friendly tools can permit non-technical people to hack your network without needing any technical know-how.

What if a disgruntled or unscrupulous worker in your company installs GoToMyPC, LogMeIn, or similar easy-to-use software on computers in your private offices? They could overhear private conversations without anyone knowing. One of our clients experienced millions of dollars of embezzlement because a trusted worker used one of those programs on the computer that was in the conference room. The embezzler was not technically savvy at all, and he heard enough confidential information to embezzle millions and wreak all kinds of havoc. He did not need to use the additional user-friendly features that Agent Tesla provides including password cracking and automatic infection of other computers, but he could have.

Visit with your IT professionals. What are you, as an organization, doing to protect yourself from someone intentionally utilizing a readily available program, such as Agent Tesla, to infect your network, spy on your workers, steal information, and break your passwords?

The CEO, Owner, President, and other chief executives suffer the most when an attack devastates an organization. Most of them wish they’d have taken more of an active role in security. Learn from their mistakes, before it is too late.

The post Stealing Tesla Cars, and Stealing Your Network with Agent Tesla appeared first on Foster Institute.

Their program already installed on your computer should be able to give them all the information that they need. Even if the tech support person does require you to install another program, there is a possibility that the diagnostic program has an undiscovered security vulnerability.

If you do decide to install the program, at least make sure that the file location they offer you is on their main website, not a misspelled version such as qickbooks.com or abode.com.

Additionally, refuse to permit tech support to log in to your computer, even if you were the one who called them. Do you want to trust the security of your computer to a stranger?

Ask if there is some other way to provide them with the information they need.

Beware of imposters asking you to provide remote access or asking you to download diagnostic software.

The post Can you Trust the Kindness of Tech Support Strangers? appeared first on Foster Institute.