How to Know You Are the Victim of Email Phishing.

Have you ever received an email that looks just a little bit different than all the others? Or maybe you have recently received an email from a sender that looks out of the ordinary or that you are not familiar with. If this has happened to you, we at N-Tech Consulting suggest that you DO NOT proceed with clicking any links, replying, or any other action the email asks you to do. Our suggestion is to immediately contact us or your technology provider and follow their guidelines to ensure you and your technology ecosystem are protected.

In a previous post we discussed What is Email Phishing, to educate on a technique used heavily by cyber criminals to attempt to gain access to sensitive business information, passwords, and even credit card information. Not to be confused with actual fishing, a cyber criminal uses the same technique by putting out bait and seeing who will bite and fall into their trap. 

We at N-Tech want to make sure you are never lured into the trap of Email Phishing. In this post you will find early insight on how to detect if you are at risk to becoming the victim of an Email Phishing attack, and how to prevent these attacks from happening.


Below are questions to ask yourself if you feel you are the victim of an email phishing attempt.

Does the sender look suspicious, or is an address you don't recognize?

Many times a phishing attempt will replicate someone you have previously been in contact with via email, that is why is is very important that you check the actual domain of the sender, to further understand who is actually sending you that email.

EmailPhishingBlog_From

Does the subject line require an action or perceive as a threat to you?

It is important to pay close attention to what the subject line reads. If the subject line reads anything that may seem persuasive, demanding, or aggressive think twice about opening the email and taking action. This is especially true if the subject line reads something that you have no previous knowledge of. More times than none if your boss or supervisor wants to inform you of important information there will be some kind of precursor or they will tell you in person.

EmailPhishingBlog-Subject

Is the greeting generic and and not particular to you?

Typically someone who is attempting a phishing attack will send a multitude of emails out at one particular time. This strategy results in efficiency of time on the end of the phisher, but increases the likelihood of a victim from preforming action on the attack. There are also phishers who will personalize the greeting. If this is the case, refer to the other guidelines to determine a phishing attempt. 

EmailPhishingBlog-Greeting

Are there grammatical or spelling errors within the email?

With texting being a consistent form of communication comes the use of abbreviated grammar and acronyms. If you see within the copy of the email the usage of 'u', instead of 'you', or the word 'send', where the word 'sent' should be, then this should raise question as a potential phishing attempt. Other inconsistencies include extra spaces in between words, and the use of symbols to attempt a clickable action by you, the user.

Are there links within the email?

Before clicking any link within an email use this helpful tactic to justify the legitimacy of the link. Place your mouse cursor on top of the potential threatening link, (it is important to note NOT TO CLICK the link upon doing so). After holding the cursor on-top of the link for a few seconds, the actual destination of the URL will appear. If the destination of the URL is different than what is shown in the email, there is a great likelihood this is an attempt at phishing.

EmailPhishingBlog-Links

Is there an attachment that requires a download?

Does the suspicious email you just received have an attachment included, and you are eager to open it to see what it could potentially be? As tempting as it may be to open that attachment we at N-Tech urge you to hold off, as that attachment may house the vulnerable link within the attachment instead of the email body itself. 

EmailPhishingBlog-Attachments

Should I be worried about an email that looks branded by a reputable company as being a phishing attempt?

The answer is YES, you should absolutely be wary of branded emails, especially if it is a service that you may have never heard of before or are not a user of. If you are on the fence on if that branded email is legitimate or not, please refer to the above areas of emphasis to determine if you should proceed or not with that email. As always if you are unsure reach out to N-Tech or your technology provider.

To see a real life example of a phishing attempt that replicated an email from Netflix, visit What is Email Phishing and How Do I Prevent it?

EmailPhishingBlog-Images

Not sure if that email from your boss is legitimate or not? Well, press that shiny new button installed in your Outlook application to report it for review. Security awareness platforms like Ironscales (which happens to be the one we use) also provide IT staff the ability to launch their own fake phishing campaigns. These are designed to present end users with real-world examples, without the risk, of course, and can act as a method to direct them to train if needed.

What is Ransomware?

Millions of people use a computer every day. What users don’t know is that they could be at risk of being a victim of ransomware. Ransomware is a type of software that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files unless a sum of money is paid. Ransomware is considered “scareware” because it forces people to pay a fee by scaring or intimidating them. Recently, ransomware was responsible for the biggest cyberattack the world has ever seen. The threat can be encountered by users through a variety of means.

Ransomware can reach your computer many ways. It can reach users when they unknowingly visit malicious or compromised websites. Imagine surfing the web and going onto a site that is infected with ransomware. It would be awful. Ransomware can also reach you by being dropped or downloaded by other malware. Some are known to be in attachments from spam email, dropped onto vulnerable systems, or through advertisements that are used to spread malware. Once ransomware is in your system it can either lock the computer screen or it can encrypt predetermined files. In the first scenario, an image or notification will pop up preventing victims from using their systems. In the second scenario, the ransomware prevents access to critical or valuable files.

To get your files back you will have to pay whoever encrypted it. Sometimes there may be ransomware help desks, where they will give victims a few files back for free, so they know they are not being completely conned. The price of ransomware vary varies; it depends on the ransomware variant and the price or exchange rates of digital currencies. The average cost is $300, and the hackers usually prefer the payment in bitcoins. Three hundred dollars doesn’t seem like a large amount, but having an affordable price means the hackers are more likely to get paid. Recently, alternative payment options such as iTunes and Amazon gift card have been listed. It is important to remember that even though you may pay the ransom, that does not guarantee users will be able to regain access to their system or files.

Ransomware attacks are not a recent threat. The first attack happened in 1989 and the payment demanded was $189, according to Symantec. It turned out to be unsuccessful because very few people had personal computers and the internet was mainly used by science and technology experts. Looking at how things are today, a large amount of data is stored on computers, people are on the internet via various devices, and sending money internationally is common. The use of computers and the internet is what makes a ransomware attack so painful. Everyone would panic if they got locked out of their computers, companies would lose productivity, and hospitals would be locked out of patient files.

N-Tech can help prevent this issue by recommending security options to clients based on their needs. No one wants to pay for files that they took hours working on or photos that they cherish. To protect yourself from a ransomware attack, you want to make sure that you are always staying alert. Make sure you do not click on links that you are unfamiliar with. You also need to avoid downloading files from people you do not know. In addition, start getting into the routine of backing up files and to regularly saving the copies. This is to be safe in case your device does get infected, then you won’t have to worry about losing the files. It’s better to be overprotective of your files than it is to lose them all because of a compromised website or spam emails.

What is email phishing and how do I prevent it?

What is Phishing?

Phishing, not to be confused with actual fishing, is a common form of internet scam designed to gather information from its recipients. Cybercriminals use social engineering, often in the form of fake emails or pop-ups, to bait and lure people into giving up sensitive information such as passwords and credit card information.

While many of these phishing campaigns come in the form of low effort emails telling you that an account you don’t even have has been compromised, a growing number of phishing campaigns come in forms that are almost indistinguishable from companies legitimate communication. Phishing is on the rise. The FBI estimated that in 2019 US citizens lost a whopping $57 million to phishing attacks, so it’s easy to see the importance of being able to identify these attacks.

What does a phishing campaign typically look like?

While they can come in many forms, some of the most commons forms are:

  1. netflixscreenshotFake invoices
  2. Claims of an account problem (ex. Netflix needs to verify your payment information)
  3. Suspicious Activity Claims (ex. A suspicious login was detected, update your password now!)
  4. Offers that are too good to be true (ex. You’ve won a free TV! Act now to claim your prize.)
  5. Government communication (ex. The IRS has discovered an issue with your tax refund.)

Often these attacks come littered with grammatical errors, generic greetings, and questionable links, but as mentioned earlier, sometimes a phishing attack isn’t always apparent. 

Here are a few ways that you can identify a phishing attempt before getting lured in:
  1. Is the email address recognizable? Before taking any action, take a quick look at where the message is coming from. Make sure the domain matches the sender, a legitimate email from Netflix would most likely be from something like example@netflix.com, not netflixsupport@gmail.com.
  2. The email includes a link, but does it match a site associated with the sender? For example, an email that is supposed to be from the government is leading to an unrelated site. Pro tip: hover your mouse over the link before clicking on it; this will expose the entirety of the linked address.
  3. Does the message look legitimate? Take a quick look at the message you have received and be skeptical. Does this look like communication you have received from the sender before? Have you ever received communication from them?
  4. If a link has been clicked and is asking you to login, does the login page match the site? An Amazon link almost certainly won’t bring you to an Office 365 login page.

While it is important to know a few quick ways to identify phishing attacks, the most crucial aspect of prevention will always be training. Training presented by your IT provider is a great way to get users in your business aware of the dangers and common patterns in phishing campaigns. Often these training platforms come with useful tools to help end-users identify and report phishing attacks before they become a real problem.

Not sure if that email from the CEO is legitimate or not? Well, press that shiny new button installed in your Outlook application to report it for review. Security awareness platforms like Ironscales (which happens to be the one we use) also provide IT staff the ability to launch their own fake phishing campaigns. These are designed to present end users with real-world examples, without the risk, of course, and can act as a method to direct them to train if needed.

What is Multi-Factor Authentication and why should you care?

What is Multi-Factor Authentication, or MFA?

Well, it certainly doesn't have to be complicated, and it will help secure your systems.

MFA is an authentication method in which a user is granted access only after successfully presenting two or more pieces of information to authenticate. Passwords are not enough security in today’s digital age. Email Phishing, Spear Phishing, Data Breaches, Malware, and Trojans are all trying to steal your passwords and gain access to accounts, ultimately trying to compromise your Dental Security.

N-TechBlogImage_MFA
What does it do?

MFA, when properly implemented, allows almost to eliminate those risks. In the first half of 2019 alone, 4.1 billion records were exposed. With those kinds of numbers, your information will likely be exposed at some point.

It is no longer a question of if, but when you will be affected.

If you have been lucky enough not to be affected by one of these breaches yet, do not think you are out of the woods. Do you use a different password for each system you access? Or are you one of the almost 52% of people that re-use passwords across services? MFA solutions, like DUO, let you sleep at night knowing your accounts are protected.

Oh, and do not settle for SMS based MFA if you do not have to. Security experts have been warning SMS based MFA has serious security implications for years now. It is not as hard as you would hope to intercept an SMS message, and your MFA has been effectively bypassed. With DUO’s Push technology, you can be assured the request is only going to the device you want it to. It even works with your Apple Watch, if that is your thing. I am still waiting for my Garmin to catch up!

With 80% security breaches involving password compromise, you need to have another layer of protection for your Dental Office Technology solutions.

Let us help you get it setup today!

Why SentinelOne is the best antivirus for your practice

Technology advances more rapidly with each year, and traditional signature based anti-virus programs just don’t cut it anymore. In the day of big data breaches, cloud connectivity, and network vulnerabilities a better solution is called for.

Traditional anti-virus programs were basically reactive. They would sit watching your computer for a known action or file to be found and THEN try to stop it. This is fine, if you already know about all the attacks taking place.

In 2017 there were 360,000 new malware threats released every day, and it’s not going to slow down anytime soon...

If even just one percent of those new threats aren’t in your anti-virus signature, infection isn’t a matter of if, but when. Utilizing a next generation anti-virus like SentinelOne you can be proactive, not reactive. By evaluating activity in both kernel and user space, machine learning, and things like out of band monitoring you get ahead of the bad guys.

Virus and Malware protection is one game where rapid strike capability is huge. Pundits will discuss things like “dwell time” or the number of days a threat stays active until detection and resolution. With SentinelOne real-time monitoring and forensic analytics those threats are “zapped” as soon as they occur.

Business detections of malware rose significantly in 2018, by 79% over prior years, primarily  due to backdoors, cryptominers and spyware.

Detection alone isn’t enough anymore, you need automatic remediation too. SentinelOne allows for automatic rollback of any threats. That’s one of the major reasons we selected it actually. Well that, and their first ever industry Cyber Threat Protection Warranty.

SentinelOne’s cyber threat protection warranty provides customers with up to $1 Million per company if they’re unable to block or remediate the effects of a ransomware attack.

Let us help you protect your business from these ever increasing attacks!

WDA Cyber Security 2020

Just because we, as business owners, are following government guidelines doesn’t mean the Cybercriminals are following them too.  While we are working to protect our businesses, employees, friends and family from COVID-19, Cybercriminals are utilizing the global crisis to target businesses. From posing as resources for COVID-19 news and information, to calling/emailing business owners and pretending to be government officials offering assistance, we all need to be ready to protect ourselves. 

Are you and your team watching for malicious emails? 

Is your remote access solution secure? The two easiest ways for Cybercriminals to get access to your servers/systems is by stealing your passwords from unsuspecting staff via phishing or by attacking an improperly configured / unsecured remote access solution.

Ask yourself, have you done these things to protect your office? Has your technology provider?

Backups

  1. Is ALL of your critical data being backed up?  Servers, Cloud Storage, Email?
  2. Does your backup solution automatically backup off-site?  If not, are you taking a copy offsite regularly? Have you checked the off-site copies?
Remote Access
  1. Does your remote access solution require Multi-factor Authentication (MFA)?  Eg. You have to provide a code from an authenticator app when you login. Not just a username and password.
  2. Are the computers you’re using to remotely access the office patched and running anti-virus?
  3. Is your business using Remote Desktop aka RDP for remote access?  Make sure your technology provider clearly understands how to secure remote desktop and that access is behind a secure gateway or VPN.
  4. Are you using strong passwords or multi-word passphrases AND MFA on as many applications/systems as you can?
  5. Avoid open wi-fi hotspots and only utilize wi-fi networks with WPA2 or WPA3 security.
  6. Don’t let your children or other family members use your work computer or the computer you use for connecting to the office.
  7. When you walk away from your computer, make sure you log out or lock the screen. Hitting Ctrl-Alt-Delete and Selecting Lock Screen or Hitting the Windows Key + L will lock it quickly.
Phishing Attacks or other Social Manipulation

As always, Cybercriminals are leveraging current events to manipulate and swindle business owners.  If you receive emails about COVID-19, business relief loans, tax returns or other related items, be very cautious and do your best to verify the authenticity of the emails. These types of phishing attacks are crafted to manipulate you into clicking links or opening attachments that look safe but are in fact malicious. 

A COVID-19 or related Phishing Email may include:

How can you identify a phishing email?
  1. Place your cursor over the link and a pop-up should show the URL the link actually goes to.  Make sure it matches up with where the link says it is going.
  2. Carefully check the FROM email address to verify the name on the email and the address is from a known sender.
  3. Once you click a link, make sure it takes you to the site you expected by checking the URL bar at the top of your browser.
  4. If you click on a link and it asks you to login, think twice before entering your credentials. Is this an Office365 login on a random site?  Does the information the site is asking for make sense?  Don’t just blindly login.