scammers

What is Spear Phishing and How To Avoid It | Fraser Valley IT Consultants

anonymous-4165613_1920.jpg

You have probably already heard of phishing – after all, it is everywhere, these days - from the good old-fashioned Nigerian prince email all the way through to the CRA phone scam (also known as voice-phishing or vishing). The scammers cast a huge, wide, net as far as they can, and wait to see if anyone bites. However, there is another, more-complex level of phishing, that you may not have heard of, called Spear Phishing.

media-998990_1920.jpg

Spear phishing is different in that they target a specific person – usually someone in a large company with access to valuable data or finances. Before they are contacted, the scammer will take the time to do some research on their intended victim, mostly online through social media accounts etc.

Using the personal information that they have gathered, they will then contact this intended victim, making their email as personal and legit looking as they can. It may be as an application to a job that they know they are recruiting for, or a faked email from a friend claiming to have a link to a new menu from a favourite restaurant. Of course, this link or document will contain a malware-infected link or document.  Once clicked, the hacker either gains access to company data, or can plant a crypto-locker virus for ransoming.

silhouettes-81830_1920.jpg

Most spear phishing is aimed at mid-tier employees. However, there are a few brave spear-phishers who will sometimes target someone at the top of the company tree, like a CEO, CFO or senior manager. When this happens, it is called whaling.

So, how can you prevent this kind of phishing?

  • Education is a key one here. Making employees aware that this can happen will go a long way! Advise them to keep their social media content as private as possible (after all, that is as much for their own personal benefit as yours!).

  • Make sure all employees know what to look for in fake emails (such as poor spelling and grammar, or checking link addresses before clicking them by hovering the mouse pointer to see a pop-up box of the address. If you get a link claiming to be from a certain bank or company, open a browser window and go to the bank/company website directly and compare their actual address to the one you see on the email.

  • Limit data to the people who need it. If you keep data on shared drives, make sure sensitive data is housed on separate drives (eg a drive for Accounting only, a drive for customer lists only etc) and only give people access to the areas/drives they need to work.

  • Keep all software, anti-virus programs and firewalls up-to-date.

  • Back-up, back-up, back-up!! Back-up your data well and back-up often!!

If you are worried about your company’s potential vulnerabilities, give our team a call at 778-771-0184 or email info@wildfrogsystems.com, and talk to us about scheduling a Tech Health Check-Up.

Is Tech Fraud Getting Worse? | Abbotsford & Chilliwack Tech Security Consultants

email fraud stats

Tech Fraud IS on the rise and no-one is safe! A quarterly report was recently released that looked at who tech scams are targeting… and the results were both interesting and a little scary.

Overall, the summer saw a 25% rise in the number of email fraud attacks on targeted companies, but what is scarier is that also meant a whopping rise of 85% on the same quarter last year!

DANGEROUS EMAILS ON THE RISE

The amount of malicious emails, appearing in inboxes rose by 36% on the previous quarter. Among all that nasty stuff, 11% were ransomware emails.

WHAT IS RANSOMWARE?

It is a particularly devious scheme where you will be sent an innocent looking email containing a link or file. That file, when clicked, releases a virus that locks you out of all your data. You then receive an email demanding payment for your data’s release – often in bitcoin or other electronic funds. The ransom amount can vary, but typically costs a company thousands of dollars.

fake tech support stats

TECH SUPPORT FRAUD IS GROWING FAST

One of the most famous forms of tech fraud, is (surprisingly) now also the biggest growing one – the good ‘ole Technical Support Fraud! (The one where you receive a call from a thick-accented individual in a noisy call-centre, claiming to be something like Microsoft Windows). Given the amount of publicity and public education that this form of fraud has attracted (not to mention a slew of YouTube videos with people winding up these scammers), it is surprising to see it is still growing, but it is. This quarter’s attacks jumped by 36%... which gives an astounding 400% increase on the same period a year ago!!

social media fraud security stats

SOCIAL MEDIA IS NOT SAFE

The report also showed that attacks are now coming from more directions than just email and your phone. Social media is gaining its fair share, with the most popular being from “angler phishing”. This is where fraudsters create fake accounts that mimic famous brands. Then when someone has a legitimate customer service requests, they swoop in and pretend to be that brand in order to gather the customer’s information.

Overall, all types of fraud were on the increase, with no discrimination in who they targeted (all career levels) or where they targeted (all industries and all company sizes, with retail and government hit hardest).

HOW CAN WE PROTECT OURSELVES AGAINST TECH FRAUD?

The burning question is how can you protect both yourself and your staff? Preparation is your biggest weapon! Here are a few things to help to get you started…

  • TRAINING - Knowing what to look for and educating all of your staff on what to spot, is the best plan. You can check out one of previous blog posts to see what the telltale signs of a scam email are.

  • BLOCKERS – up-to-date spam filters and virus software can help filter out most of the threats before ever reaching your inboxes.

  • BACK-UPS – a regular back-up of all your data means far less downtime (if any) and huge cost savings in the case of a ransomware attack. You don’t have to buy back that information if you already have another copy somewhere else!

You can see the rest of the report, including more stats on the different targeted departments and industries, here. If you would like more information on how to protect your company’s systems, whether it is a good virus software and back-up solutions or staff awareness training, you can contact us at Wild Frog Systems, and we will be happy to help! Email info@wildfrogsystems.com or call 778-771-0184.

How to Spot a Phishing Email | Chilliwack Computer & Network Support

fisherman frog.png

Once upon a time, not so long ago, it was easy to spot one of those scary “phishing” emails. They were very plain looking (only text), full of spelling mistakes, and a total field day for anyone who loves to correct basic grammar! So, the email-receiving public got better at spotting them. Yay for us!

However, the “phishermen” didn’t just go away. They have kept going, frantically casting their lines, sending millions of messages, to whatever addresses they can find, in the hope that they will still get just a few bites. And since we’ve got smarter, the “phishermen” have upped their game!

Now their emails come with all the bells and whistles – logos, officially-looking names and titles, and well-written, official-looking text. So how do you spot the fakes from the legit emails? How do you know if it is a “phisher”, or someone has genuinely tried to change your PayPal password and it’s time to do a security update??

Well, here are a couple of flags, that may help, next time you receive a suspicious email…

EMAIL ADDRESS

The first thing you can check is the email address of the person who sent it to you. Sometimes, they will cleverly try to disguise it, by adding an official-looking display name, so at first glance it actually looks like it is from Microsoft Tech Support (or something similar). You need to look beyond that display name and look carefully at the actual email address part. Does it look legit? For example, is it from something like  customersupport@microsoft.com (using the company’s official URL) … or something a little more random like fred@randomblahblahweirdtext.br (clearly, this dude does NOT work at Microsoft!).

Email1-check.png

If it’s the latter, delete and move on!

WEB LINKS

So, you think the email address looks ok, but you are still not completely sure. What else can you do?

Well, the next part you can check is to look at the link they want you to click… but WITHOUT CLICKING IT! Sounds a touch dangerous, I know… a little like looking into a Lion’s mouth! However, there is a way of seeing the link address without ever clicking it.

If you just hover your mouse (or touchpad) pointer over the link location, on your screen (NO CLICKING!), you will see a preview of the link address appear in 2 places – one will be in the bottom left corner of your window… and the second will be on a little pop-up by the link itself.

Email3-link-1024x375.png

If that link is shortened to something that just looks like random letters, or any address other than the official URL of that business, delete and move on!

That should pretty much cover it, but if you are still in any doubt, do feel free to contact us and check first, before you get caught hook, line and sinker!