Cyber Security Phishing Simulation & Training Program

Recently, we have seen a sharp increase in CEO scams that request a check or wire transfer payment. It is alarming how much time and effort the criminals put into creating the fraudulent request. We have seen many variations in the deployment, but common to all successful attacks is that the recipient does not verify personally with the requestor before sending the funds. If that is surprising to you, you are not alone. How do you protect yourself and your company? Implement a procedure that requires anyone sending checks or wire transfers to personally confirm with the requestor via method other than email. Do not allow any exceptions to this rule. Conduct a cyber training for your employees that includes ways to spot spoofing, phishing and other scams. We have a presentation with real examples and exercises that we will conduct for you as part of your managed service … [Read more...]

Cyber Safety for Employees – Petya and WannaCry Update

Petya . . . the latest in encrypting Ransomware Petya, WannaCry and variants have attacked thousands of computers, hundreds of companies and is causing havoc in cyberspace. It seems there is no end to the mischief these outbreaks have caused. Adding insult to injury, victims cannot pay the ransom because the email address to confirm payment has been shutdown by authorities. But, you can avoid the disaster by using some common and computer sense. Separating truth from hype It is so hard to know what is real. You can read all the available information and still have no idea how to protect your computer. Often it seems the best thing to do is just turn off all your electronics, but there must be a better way. There is if you take precautions. Update your operating system If you are still using XP and Server 2003, update your operating system. Unless you have a compelling reason, like … [Read more...]

Cyber Security for Employees – CEO Fraud

The CEO asks you to wire $28,000 immediately . . . what do you do? The first thing you do is call the CEO. Don’t use the email as a validation of the instruction. It is so easy to spoof an email address and make it look like it is coming from a different destination. Second, identify the real sender. Below are instructions for determining who is behind the email. Third, take all necessary precautions with your financial institution to be sure that you are protected. Fourth, report the culprit. It is not easy to report this type of attack and you may find it to be too cumbersome to seem worthwhile. If you decide not to report, the important point to remember is that you avoided the attack and are armed with the tools to avoid being a victim. The CEO Fraud scam is growing exponentially. Rarely does a day go by that we don’t hear about another close miss or successful hit. … [Read more...]

Cyber Security for Employees – Phishing

Phishing . . . any number of scams that want to hook you and steal from you Phishing can be an email, IM, phone call or website that tricks you into doing something that gives up your personal information or grants access to your computer. As you can imagine, the name comes from fishing. You bait a hook and see what you get. It is not surprising that so many people are taken in by phishing scams. The scams are quite plentiful and the bait looks like the real thing. Phishing is the number one way of delivering ransomware. And with Ransomware as a Service (RaaS) on the rise, you must protect yourself. In this article, we look at the most common phishing attempts, how to spot them and avoid being a victim. Remember, just like learning anything, it takes practice to spot phishing and other online scams. Keep your eyes open and be vigilant. Phishing emails with malware They are so cleaver. … [Read more...]

Cyber Security for Employees – Spoofing

Spoofing . . . Masquerading as someone or something else Spoofing is pretending to be someone or something to obscure your real identity. It could be a website, email address, Caller ID or credit card number that is being duplicated. Spoofing isn’t all bad and there are circumstances where it is a legitimate technique. For instance, if you have a tele-marketer call on your behalf, they may spoof your number so your information is displayed on Caller ID. In the early days of the Internet, email spoofing was often used especially for system-to-system communications. The basic mail protocols that we continue to use today are open and easy to spoof. That’s why you should take a closer look. Phone number spoofing Spoofing a phone number can be done for legitimate or diabolical reasons. With the availability of Caller ID technology came the ability to fool the system. Tele-marketers will … [Read more...]