Phishing for your data

Phishing for your data

 

Phishing is rife, and they’re only getting smarter

Hackers are badgering away via a number of routes to get access to your personal details. Email is by far one of the simplest means of access for cyber criminals into a computer network.

You can of course spam filter your emails, but only to a slight degree – otherwise you’d never receive any ever again!

Phishing is the act of tricking an email recipient into inadvertently sharing their data. The tactics by which these sorts of ‘cyber attacks’ are conducted are getting smarter all the time.

In turn, users need to get sharper – Scoping out fraudulent emails on a day to day basis.

 

How do they do it?

Faking email addresses as though they were sent from someone else’s mailbox is unfortunately quite easy to do.

The email itself, (in most cases), isn’t really dangerous. You can simply delete it from your inbox.

The damage comes from clicking any link embedded within or opening the attachment from the email. From this link or attached file, a virus, malware or malicious software will download and install itself to your PC – quite often without the user being aware that anything has happened.

See an example below, (with the victim sender’s details omitted), to which we refer to through this blog article.

 

Phishing Email

What does it look like in my inbox?

The emails are very cleverly hidden. They will appear as any normal email would, with a real email address and could possibly contain an email signature & disclaimer from a real business. The contact may well be known to you and the sort of content contained within the email, may be something that you would generally expect to see from that person. Tricking you as the recipient into a false sense of security.

The email itself, however, is most likely to contain a suspicious link or unrelated attachment, which is the lure to draw you into their grasp, by which they can enter your PC & steal your credentials. This hopefully would differ from the sort of communication you would normally expect to receive (if at all) from this particular email address – helping it stand out as an email to be wary of.

 

What should I look out for?

When you receive any new emails there are a few key things to check straight away, even if you know & trust the sender.

  1. The sender’s name & email address. Is it someone you know? Could you call them and check they meant to send you this particular email?

 

  1. Does the email contain an attachment?

If it is a PDF document, there’s a strong chance that you’re safe.

If it is a Word or Excel document, it may well contain a virus hidden in a script that will run automatically once you open the file.

One thing to keep in mind is that you can’t tell from looking at the file whether it is genuine or malicious before you open it. If you do open it and it’s malicious, it’s usually too late.

 

  1. Does the email contain any links?

Links are fairly simple to check. Hover over the link and your computer will show the website destination where it will actually take you.

If the link appears to be the real website, or where you would expect to land, like in the example below, then it may well be genuine, but that is no guarantee!

Phishing Email

 

With this example, the link takes you to a file hosted in a Microsoft OneDrive account. The email makes it look like this user did actually want to send you this file, which is stored in a reputable place. If the link appears to be of an untrusted source, it would naturally appear to be more suspicious, but on face-value this particular example link appears to be legitimate.

Clicking the link to visit the website, which appears to be a real Microsoft OneDrive file share, you can see an overview of the document, which is apparently a PDF.

Phishing Email

 

Upon further inspection however, hovering over the preview shows the Microsoft notification box with the “Open” button is actually entirely fake – it’s just an image, not a real notification box at all. Hovering anywhere over the open screen shows the entire image to be hyperlinked to a shortened url, (via tinyurl), cleverly and simply masking a malicious website.

Had the “Open” button been genuine and the document was able to be viewed within the browser it would have likely been entirely legitimate.

However on this example, clicking this link does actually take you through to a virus riddled website, leading to the recipient’s email accounts vulnerable to being hacked.

Phishing Email

 

In Conclusion

Always double check. Even if you believe to know the person that sent you the email.

Follow our straight-forward 3-step check list – sender’s name & email address, attachments and links. Checking these three key things before taking any action with the email will help you remain protected.

 

Want to get the best of cyber security for your business?

Here at ITeam, we specialise in studying our clients’ business and best applying security technology to match their needs.

If you would like a free brief discussion about your operational challenges & to explore the threats to your business, please get in touch today – 0117 944 4949 or drop us a line info@iteam.co.uk

Creating a Secure Password

We get asked a lot of questions about passwords and why when we change them people think they might be somewhat obscure. Hopefully I can answer a few of these questions with the information below:

What is a secure password?

Simply put a secure password is difficult/impossible to guess, unique to the system it is protecting and not shared with anyone.

What makes a password secure?

There are a number of things that can make a password more secure some general rules are:

  • Make it at least 8 characters long, longer if you are happy to do so!
  • Make sure it includes a mix of the following:
  • Does include upper and lower case letters.
  • Does include numbers.
  • Does include special characters (e.g. ? ! # @)

Why use a secure password?

People are trying to access your data, FACT, and those people using poor passwords will have their data compromised at some point, another FACT, using a secure password decreases the chances of you data being compromised. It is as simple as that!

What is an example of a secure password?

A good way to create a strong and memorable password is to use three random words. Numbers and symbols can still be used if needed, for example 3redwaTerMonkeys27!

Be creative and use words memorable to you, so that people can’t guess your password. Your social media accounts can give away vital clues about yourself so don’t use words such as family names or favourite sports team which are easy to guess.  Cyber criminals know many of the simple substitutions we use such as ‘Pa55word!” which swaps numbers for letters so there is no point in doing that.

Never use the following personal details for your password:

  • Family members’ names
  • Pets’ names
  • Place or date of birth
  • Favourite holidays
  • Something related to your favourite sports team

If you are not speaking to your IT Support provider about this, why not give us a ring?

James Reed
Technical Director

Windows 7 – End of Support

Microsoft will end support of the Windows 7 operating system on 14th January 2020. This means that after that date they will no longer provide technical support and automatic updates, including security patches, for Windows 7. 

Their recommendation is that anybody still using a Windows 7 PC should move to Windows 10 before that date. 

By continuing to use Windows 7 after 14th January 2020 you will be making your PC, network and therefore your data vulnerable to cyber security risks.  

What are my options? 

  • Upgrade using an existing licence. Some PCs came with disks for both Windows 7 and Windows 8, some came with Windows 10 as well. If that is the case, it is possible to rebuild the PC with either Windows 8 or Windows 10 without having to buy a new licence. 
  • Upgrade using a new licence. If you don’t have disks that came with your PC for Windows 8 or 10 you could buy a licence for Windows 10 and have the PC rebuilt with that. Unless you are a charity and can get the licence cheaply this is likely to be an expensive way to extend the life of an old PC. 
  • Replace the PC. You can plan to replace your Windows 7 PCs with new hardware that will come with Windows 10. Windows 10 together with new PC hardware will start up and run faster and is designed to be secure. 

The move away from Windows 7 could be a bigger project even than the move from Windows XP five years ago. According to netmarketshare.com who report on IT statistics, the number of people using Windows 10 eventually overtook Windows 7 in late 2018, but as at January 2019 37% of people are still using Windows 7. The problem, as ever, is that people using Windows 7 don’t see what’s wrong with it. However, it was released in 2009 and will be over 10 years old when support is withdrawn. Since then the cyber threat landscape has changed immeasurably and Microsoft are promoting the move to Windows 10 as the best step. 

Make sure the requirement to remove all Windows 7 PCs from your network by 14th January 2020 does not come as a surprise by taking the following steps: 

  • Know your PCs – make sure you know how many Windows 7 PCs you have in your network 
  • Know your options – can you upgrade or will you have to replace. You might have some or all of the older PCs already planned to be replaced due to their age. 
  • Plan the project – Don’t leave it until December. Budget for it and plan to start as soon as you can. 

Remember that after January 2020 there will be no security updates for Windows 7. You now know that and so do all the hackers. February 2020 will be a busy month for them. 

If you are not speaking to your IT Support provider about this, why not give us a ring? 

David Hewett
Managing Director