Cybersecurity

This would be an example of a page subtitle

The reality of security threats is that EVERY business faces them – even yours.  And frankly, even ours.  The security protection we provide is effective, but new threats continue to evolve.  Some of our clients have decided that the risk and exposure is just too great and that a higher level of security and sophistication is now needed.  You may also be considering an addition level of security.  In this issue, we discuss some of the new threats and an enhanced solution.

ed.  You may also be considering an addition level of security.  In this issue, we discuss some of the new threats and an enhanced solution.

Cybersecurity

This would be an example of a page subtitle

Hackers will often send spam messages that are phishing for user’s Office 365 username and password. The email may come in many forms asking you to sign into your account online. It may say your account is going to expire, it may say you have a message waiting for you, it may say there is suspicious activity on your account. It provides a link that takes you to a website that looks almost identical to the Office 365 sign in page. Below is an example going to web address hxxps://www.rsl.org.bd which is definitely not a Microsoft website.

Cybersecurity

This would be an example of a page subtitle

Recently, a local church was the victim of a wire fraud scheme that resulted in a loss of $1.7 million. Unfortunately, I do not have the technical details of this particular scheme, but I am pretty confident I know what happened. Over the years, I have investigated many of these wire fraud or payment diversion schemes.

Cybersecurity

This would be an example of a page subtitle

Hackers will often send spam messages that are phishing for user’s Office 365 username and password. The email may come in many forms asking you to sign into your account online. It may say your account is going to expire, it may say you have a message waiting for you, it may say there is suspicious activity on your account. It provides a link that takes you to a website that looks almost identical to the Office 365 sign in page. Above is an example going to web address hxxps://www.rsl.org.bd which is definitely not a Microsoft website. The sign in page for Office 365 is https://login.microsoftonline.com.
If a phishing victim were to enter their email address and Office 365 password on one of these fake Office 365 sign pages, it essentially gives the hackers access to the victim’s mailbox.

Cybersecurity

This would be an example of a page subtitle

Below is a classic example of Scareware. This malicious software is used to scare the user into calling for help due to their fake problem. The telltale sign that this is fake is the tech support phone number. Do not trust tech support from unknown entities.
If you have a computer problem at work, call Keystone. At home, call the most tech savvy friend or family member you know. Scareware may also include loud alert noises from your computer speakers. The pop up will not go away by simply closing the internet browser. Logging off the computer session and then logging back in will typically makes this pop up go away.

Cybersecurity

This would be an example of a page subtitle

Below is a screenshot of a spam message that has been making the rounds lately. It is especially alarming to recipients because it is made to appear like it was sent from the user’s email account AND the password that is referenced is one that was used somewhere in the past by the owner of the email account. The spam message goes on to say they have incriminating information about the person and that they will release all this information, as well as compromising photos, to everyone in this person’s email contact list…..IF they do not pay the Bitcoin ransom within 48 hours. On the surface, all this can be very concerning to a recipient because much of it appears real to them….ESPECIALLY the familiar password.

Cybersecurity

This would be an example of a page subtitle

This article will discuss a tactic that has been utilized in different ways by hackers for over 10 years. Microsoft Office products have functionality built in to run programs called macros, which are programs that can be embedded in Word, Excel, and PowerPoint. Let’s say you want Excel to carry out some background calculations to modify specific cells based on the data set specified, a macro could be created and clicked upon to allow this to occur in a split second. This is a legitimate use of macro code.

Cybersecurity

This would be an example of a page subtitle

Email is a very common means of communication inside and outside of the organization; it is so routine, we just read and reply quickly. Sadly, it is also a common way attacks occur. The screenshot below is an example of a very well-crafted attack message. The attacker used a common technique called “Display Name Spoofing,” in which they made it look like I came from someone the receiver would trust. Spoofing is defined as a situation in which a person or program successfully masquerades as another by falsifying data