Contact Us For A Demo

Posts Tagged ‘computer hackers’

How to Avoid Spear Phishing Cyber Attacks

Thursday, October 4th, 2012

Is your computer information secure?

According to Fox News, White House sources “partly confirmed” an alarming report that U.S. government computers—reportedly including systems used by the military for nuclear commands—were breached by Chinese hackers earlier this month.

“This was a spear phishing attack against an unclassified network,” a White House official assured FoxNews.com. “These types of attacks are not infrequent and we have mitigation measures in place.”

Although a law enforcement official who works with members of the White House Military Office confirmed the Chinese attack to FoxNews.com, as of the writing of this blog post, it remains unclear what information, if any, was taken or left behind in the attack, which occurred through an opened email.

TechTarget.com defines a “spear phishing attack” as “an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing attempts are not typically initiated by “random hackers” but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information.”

While we have devoted previous Allied Universal blog space to discuss cyber security as it relates to password encryption and security software, we have yet to share information to help our clients and friends take precautions with technological protection as it pertains to email. So, today, in an effort to continue providing helpful information for disaster preparation, let us take a few minutes to offer a few helpful hints which, if observed, should keep your computer running smoothly and safeguard proprietary information.

First, it is worthwhile to note that routine email phishing schemes differ from spear-phishing attacks in that spear phishing messages appear to come from a trusted source such as a large and well-respected company or website with a broad membership base, such as eBay or PayPal. On the other hand, with spear phishing, the source of the email is constructed to look as though it came from within the recipient’s own company…usually a person of authority within the organization.

The Computer Crime Research Center reports that a West Point teacher and National Security Agency expert named Aaron Ferguson emailed a message to 500 cadets asking them to click a link to verify their grades. Ferguson’s message appeared to come from a West Point colonel. More than 80% of recipients who received the message clicked through, receiving a notification that they had been duped and their failure to exercise caution before clicking could have resulted in downloads to the West Point computer system of spyware, Trojan horse and/or other malware.

Although most people have learned enough about computer use to proceed with caution when opening emails from unknown sources and in responding to unexpected requests for confidential information. We’ve all heard horror stories about Nigerian emails asking for large cash deposits to “help rescue loved ones from African prisons.” We’ve also learned, by and large, to avoid divulging personal data inside email messages—which can be hacked or clicking on links in messages unless we are positive about their source.

However, the average person is ill-equipped to recognize forged emails that seemingly come from people we trust because spear phishing is sophisticated. That’s how employees of Sony managed to unwittingly give away private information regarding their PlayStation Network, Epsilon data was recently breached, and several credit card companies and financial institutions have had to mail apologetic notices to their customer base.

The success of any spear phishing scam generally depends on three things:

  1. The apparent source must appear to be known and trusted.
  2. The information within the message supports its validity.
  3. The request makes sense.

So what can you do to avoid being caught unaware?

  • The FBI recommends that you keep in mind that most companies, banks, agencies, etc., don’t request personal information via e-mail. If in doubt, give them a call instead of clicking through the email link. (But don’t use the phone number contained in the e-mail which is usually phony.)
  • Do not provide personal information, such as a password, a credit card number or any data that can be used to unlock an application or network, in reply to an email.
  • Use a phishing filter. Many of the latest web browsers have built-in security software or offer the utility as a plug-in.
  • Learn to recognize what your security software warning messages look like. If you get something that looks similar but appears to be a bit “off,” delete the email and block the sender.
  • Never follow a link to a secure site from an email. Instead, enter the URL manually into the address bar of your web browser.
  • Report suspicious emails to your tech department on a regular basis. Tell employees to call security about anything suspicious and train them not to forward bogus emails.
  • Do not open suspicious attachments. When it doubt, block it out.
  • If your firm is ever victim to a successful spear phishing attack, assess the damage and recover. Eradicating the malicious software won’t be easy. You will have to backtrack to a clean starting point of your system before it was corrupted.

When a disaster of any kind strikes, prior planning and clear decisive action can help save lives. For the latest emergency management training for facility/building managers, contact Allied Universal, Inc. Our new Version 3.0 system offers the best emergency training system.

Public Wi-Fi Use Best Practices

Monday, July 11th, 2011

Take steps to guard the security of information located on your computer.

You’re on the road to the next sales meeting and absolutely need a coffee. You pop in for 20 minutes and use your laptop to browse the Internet. Everything is copacetic until you later hear about a breach to your company’s back-office financial data. Are you to blame?

A source called an “ethical hacker” by CBS News says, “Information you’d send to and from your bank, information coming off of your credit card—any of those types of information you’d rather people not have, goes over WiFi.” Also according to CBS, security experts estimate hackers can easily take $1,000 worth of data from just one hacked computer.

Unfortunately, little exposes your work to greater security risks than latching onto a public Wi-Fi service. The problem is that most people don’t realize the risks. And even fewer have the ability to perform the necessary tasks that would fix it. So what’s a modern business person to do?

Here are some tips on browsing safely:

  • Just say no. While this might be unreasonable for road warriors who need to access the Internet at airports and hotel lounges, infrequent users are better off avoiding the temptation to hop on unsecured networks.
  • Use a firewall to ensure protection from incoming threats.
  • Conceal your files using encryption, so important documents are not accessible by others who are snooping or phishing on the open network.
  • Turn off your wireless connection when not in use. Perhaps you are at a coffee shop working on a document but you don’t need to check your email. By turning off the wireless connection, unscrupulous individuals will be cut off from gaining prolonged access to your computer files.
  • Don’t enter your Social Security Number or credit card information while using a public network. If you encounter an emergency and need to purchase something, use only the sites that show the padlock symbol and third-part security verification.
  • Find the “S”! On sites such as Facebook, you can change your security settings to only login on “https” enabled pages. While these might run a shade slower than regular connections, they prevent all but the most sophisticated hacking attempts. So check website settings to restriction enabling to this higher security setting.
  • Ask IT to show you how to disable your computer so it won’t actively search for hotspots. Windows is too user friendly at times, and will look for wireless networks wherever you take your laptop…whether you are trying to log online or not.
  • The Allied Universal Online Training System encrypts all password information, for the safety of all of our clients.

Beyond public Wi-Fi risks, there are myriad other ways your personal or business information can be comprised through carelessness or bad practices. Additional tips for keeping data safe:

  • Be careful using USB “thumb” drives, which can be easily misplaced. They also are the perfect carrier for viruses and malware. USB drives were the culprit for the spread of the damaging Stuxnet virus which infiltrated industrial computers, including some at nuclear facilities.
  • Use passwords. Protecting access to both the laptop and individual files and folders can slow down or discourage hacking attempts. Every week you hear stories about possible data breaches from stolen or lost or laptops that were unprotected.
  • Mobile devices can be protected with security apps that can remotely lock and “wipe” your device.
  • Train employees how to spot phishing and scam emails that might distribute viruses. Some scammers will even spoof their emails to look like they are coming from a company’s HR department.

Using public Wi-Fi properly requires some technical know-how and common sense. When feasible, only look at public non-identifying sites on the public network, and purchase items or do banking when you are at work or at home. While 24/7 access is nice, you can ask yourself “Do I have to do this now?”  If you follow the tips on using public networks and best practices for portable drives and laptops, you will greatly increase your protection from malicious hackers.

When a disaster strikes, prior planning and clear decisive action can help save lives.  For the latest emergency management training for facility/building managers, contact Allied Universal, Inc. Our new Version 2.0 e-based training system offers the best emergency training system with automated and integrated features. Visit rjwestmore.com for more information and remember to BE SAFE.