The Enemy Within

Phishing

No doubt there are nefarious actors who might try to breach your network by launching external attacks. However, I would argue that the greatest enemy of your IT security is most likely you or your employees. From not practicing good technology hygiene to lazy password management, for most people the enemy truly lies within your organization or home.

Practicing good technology hygiene begins with being careful where you click in the web browser certainly, but you should pay special attention to email. A staggering 91% of cyber attacks begin with a phishing email. As that statistic reveals, people are already falling for pretty obvious phishing emails but as people become more informed, these criminals are becoming even more crafty to appear legitimate. An angry email appearing to come from someone’s boss is very likely to get their attention and worse, their click!

What you can do:

  1. Use unique passwords. In other words, do not reuse passwords! We are all guilty of this poor decision, but it cannot be stressed enough. Once an account is compromised, criminals can access your other accounts if you reuse the same password. Come up with unique passwords that have a combination of upper and lower case letters, special characters, and numbers. The longer, the better. A lengthy, nonsense phrase of some kind with a special character at the end is a good option.
  2. Password management is a must. If you follow number 1, then you will have to have a reliable way of knowing what your passwords are for each account. A card file box or Roladex with a card for each account’s information works well if kept in a secure place in an office. At a residence that is not as much of an issue. For business environments, a highly-rated password manager application such as LastPass is a great option. LastPass is also an excellent option for home use. I also offer password management options for my Well Managed Office clients.
  3. Think, think, think before you click on links or attachments in emails. Phishing emails are the number one mechanism for cyber attacks, and email is the number one business communication method, so it creates a perfect storm for rogue actors. Remember, the attackers are becoming more crafty, and phishing emails may contain personalized information to seem legitimate. They may seem urgent to get you to respond quickly without thinking.
  4. Find out if your organization’s credentials are for sale. The “Dark Web” refers to websites that intentionally keep their location information anonymous so that they are not searchable through the standard search engines and often can only be accessed through special software. Why the anonymity? These sites are generally engaged in less than savory, and often illegal activities. There are “stores” on the dark web that look like any other online store except that the products offered are user credentials and credit card information. Your login and password credentials are valuable on the dark web, and since most people reuse passwords, one that works for one website will very likely work on another! A security analysis can reveal which of your or your organization’s credentials are currently being offered on the dark web (scans available for individuals as well). Contact me to get a security analysis, and if breaches are found, you have the option to subscribe to monitoring so that you can be notified when information from your organization has been compromised.
  5. Implement a Phishing Training and Testing program in your organization. My Well Managed Office clients have the option to add this service. These programs provide the critical training needed to prevent users from falling for phishing scams and then randomly send out fake phishing emails to test users and given them either encouragement or more training depending upon their response. This type of training can be a fun and effective way to keep users’ credentials safe, not only in the workplace but at home as well. Organizations can offer prizes and incentives to make it even more enjoyable.
{ 0 comments }

Cox Phishing Email Alert

There are so many phishing scam emails floating around that it would be impossible to send an alert out for all of them. This one is a particular threat for my local customers because Cox is a major internet service provider in our area and because at first glance it appears fairly legitimate. Either way, I want to help people spot these scams and avoid becoming a victim of this billion dollar crime “industry”.

Let’s take a look at this email and see how you can know it is a scam:

  1. The “from” address Cox “mynotification880 @cox.net” doesn’t make sense as a legitimate email address that Cox would use. It would be something like “accounts@” “security@” and it wouldn’t have numbers in it. Keep in mind scammers can be creative so a legitimate looking email address here is certainly not the only thing to consider.
  2. Since many of these scams are actually coming from other countries, many times the grammar or phrasing of the verbiage of the email is wrong or just strange and there will often be typos.
  3. Another giveaway that this is a phishing scam is that the footer words at the bottom of the email do not have a link when you HOVER (not click) your mouse over them. On a legitimate email those words would be website hyperlinks. Again, this part is not the only thing to consider. I have seen many phishing scams where legitimate links have been added in the midst of the dangerous ones to help the email appear safe.
  4. Another less obvious element that might help a user recognize this as a scam is the branding. Cox has recently made a change to the look of their digital communication and website. This email still has their old branding look.
  5. Finally, the money link: the place where the scammer wants you to click to either download malware or be fooled into entering your login credentials or banking information. If you HOVER (not click!) your mouse over the link it displays a shortened website link to hide it’s real identity. Shortened links are used when the number of characters need to be shorten as in social media posts or for other marketing purposes in legitimate ways as well. But, if we analyze the shortened link in this email using checkshorturl.com, it obviously does not lead to Cox, as seen by the picture below. Do not go to the displayed site even for curiosity’s sake. As a technology expert, I will be reporting it to malware experts so that they can add this website to their threat lists.

What You Should Do

The most effective way you can protect yourself from an email phishing scam is to NEVER click on a link or attachment in an email. The best practice is always to go directly to the website that is associated with the email you receive directly through your web browser. For this email, rather than clicking on anything in the email, I would open my web browser and type www.cox.net in the address bar, log into my account and see if Cox has information I need or action to take. If the email is asking you to do something for your an account you have, you should already be somewhat familiar with getting to that website. A web search may be required to figure out the correct web address for a company you need to go to, but pay close attention that in your search you find the correct one.

What You Can Do

What you can do is report the email to your service provider. If you know how to forward it as an attachment to your provider’s reporting email address (usually provided on their website) their security team appreciates it and will take appropriate action. For Cox users, it is abuse@cox.net. Gmail provide a way through the gmail user interface shown below:

Scammers have been around since the beginning of time, but technology is giving them new tools. It is important to maintain a healthy degree of skepticism to stay safe.

{ 0 comments }

Attn: Carbonite Users

As a reseller of Carbonite Online Backup, I typically tout what Carbonite WILL do to keep your data from being lost in a hard drive failure or other disaster. However, this post is about what Carbonite will NOT do BY DEFAULT. After Carbonite is installed it will scan your computer to find the data file areas that most users want to back up. These folders and files include Documents, Pictures, Music (except during free trial), Microsoft Outlook .pst files, internet favorites, Quicken and Quickbooks financial data files. See this page from the Carbonite website for more details about what is included in their automatic selection.

There are however, several folders and file types that Carbonite will not include by default because they could be larger than average files or ones that, if restored to a new system, could cause problems. See this page from the Carbonite website for a complete list of every file type and folder that is not included automatically in your backup. The most important files that are not included which could be a concern for most users is Videos. Video files can be extremely large so they are not included by default. Windows users who wish to have a file included in the backup that was not included by default, can simply navigate to the file in File Explorer, right-click, choose Carbonite from the menu, then choose “Back up this file”. See the video below for more detailed instructions or contact me if you need assistance.

{ 0 comments }

Stickers!

Sticker Mule is now my favorite resource for stickers, magnets and the like. Not only do they run great specials and have top notch quality, but the ordering process, including text alerts for proof approval, is smooth and fast. The stickers pictured above were from a $1 promo they ran in the fall. Today I ordered similar stickers and magnets to give to customers that will include my phone number and website and they should arrive in about 8 days. The price was very reasonable because of the promotions and multiple item discounts they offer. See my resources page for a link to their website including a $10 discount offer.

{ 0 comments }

Backup Reminder

This is a picture of a standard hard drive (not the newest SSD technology). My father has a degree in industrial engineering and the hefty part of his career was spent with companies that manufactured hard drives. So, I’ve heard stories of how they are made, the clean rooms and how an invisible speck of dust can make one inoperable. This video tells the tale:

Fascinating, huh? I hope you enjoyed learning about hard drives. Now, please, please make sure you have a good back up of the important files that are on yours! See this older post about backups if you need advice for the best methods. I am a reseller for Carbonite Online Backup, if you would like the “set it and forget it” method! Contact me to get started with Carbonite today!

{ 0 comments }

Bad Keyboard Causes Big Problem

You turn on your computer only to see it freeze at the manufacturer’s splash screen (Dell, HP etc. logo) and some boot options with the progress bar only at the very start. Nothing happens after that no matter what you do with the mouse or keyboard. The same thing happens even after you decide to do a hard shutdown and turn it off as a last resort. Your thoughts go between the dread of lost data and the price tag of a new computer.

As it turns out, the problem was a faulty keyboard which is a very easy and inexpensive fix for what seemed to be a pretty bad computer situation. If you end up with the frozen screen described above, try unplugging the keyboard from the computer and try rebooting again. (or better yet, plug in another keyboard if you have one) If your computer moves further in the booting process and then shows a message that says “keyboard error” then there is a good chance that your issue is simply a faulty keyboard because that error message now means it is looking for a keyboard and cannot find it where before it was freezing before it got to that point. Plug in a working keyboard and if the keyboard was the issue it will boot normally now.

{ 0 comments }

50% off on CCleaner Professional

CCleaner is a very helpful product that I have used and recommended for years. It is the best way to easily rid your computer of the unnecessary junk files that build up over time as you browse the internet and install and uninstall programs or updates. This junk that builds up can drastically slow down your computer if you don’t delete it. CCleaner helps you do that easily and regularly. It also includes the only registry cleaner that I trust. CCleaner has a free version, but the pro-version of CCleaner takes out the guess work out of knowing when you need to run it and automatically updates itself, so that is an option many people prefer. Right now the Pro-version is being offered 50% off the normal price. It normally sells for $24.95, but until October 4, they are offering it for $12.50. Click here or on the graphic to the left to purchase CCleaner today!

{ 0 comments }

The Computer Monkey is an authorized reseller of Malwarebytes Premium. Malwarebytes Premium is an outstanding product for preventing and removing malware infections. Go to the bottom of this page for purchasing information. If you have completed your purchase of malwarebytes, the following instructions show how to change or activate your product using your new license key.

  1. Open Malwarebytes using the icon on your desktop or in the notifications area of your computer desktop. Or use Finder to locate Malwarebytes on a Mac.

2. Click on “My Account” which will take you to the Account Details tab. Then click “Change License Key”. If your license has already expired you may have to close a window and choose “Activate License”.

3. Accurately enter your new license key and click “Activate License” and you are finished. You can now close Malwarebytes.

Purchasing Malwarebytes Premium

Customers who purchase Malwarebytes Premium directly from The Computer Monkey, receive free remote support of the product as well, but if you would rather purchase it directly from Malwarebytes a link is available through our resources page.

{ 1 comment }

I am a big fan of Anker products. They have reliable products that meet a variety of charging needs at decent prices. The prices today, however, are especially nice as is detailed in this article from PC World.

Forget about Christmas in July. This year, you can save big with Black Friday in July. Amazon Prime Day kicks off on July 16 , and the retailer’s warming up for the blowout by offering some steep deals leading up to the event. Today, you can snag all manner of Anker’s popular chargers, cables, and portable batteries at mostly unheard-of savings.

Source: Anker’s fast-chargers and portable batteries are on sale for unheard-of prices for Amazon Prime users

{ 0 comments }