alt tag

Posts from April, 2015


Know Your Enemy: These New Phishing Schemes are Hard to Spot

Thursday, April 16th, 2015

Information technology phishing schemes to be aware of SF Bay Area.

A friend called me recently to gripe about his personal email account. His ISP has done a pretty good job of virtually eliminating the annoying spam he used to receive (remember your inbox way back when?), but now he’s the target of two particularly relentless phishing schemes I’d like to share with you.

“Unsubscribe” with Caution

The first involves multiple emails supposedly selling products he’s not interested in—life insurance, home security systems, new tires, and more. Of course, the sender hopes that if my friend prefers to quit receiving these unwanted “offers,” he’ll click the prominently-placed “Unsubscribe” link. But hovering his mouse over the link reveals a bogus-looking URL—that with one double-click could infect his computer or smartphone with troublesome or dangerous malware.

My friend is obviously smart enough not to take the bait, but that isn’t stopping the scammer. They send multiple clusters of these emails several times a day. His ISP offers a Blocked Senders List to exclude unwanted emails, but this sender always uses a different return address made up of gibberish (such as “eirithtnydkr@prmdjentod.edu”) to evade blocking. He hopes this jerk will soon be arrested or just get tired of bothering him. Good luck with that.

Unfriendly “iTunes” Updates

The second scam involves Apple’s iTunes. My friend receives new music “updates” from “itunes@new.itunes.com” that include logos, fonts, and graphics very similar to genuine marketing emails from Apple. While he does often download music from iTunes, he’d rather not get these emails and was about to click that boldfaced “Remove Me” link—until he noticed the URL likewise had nothing to do with Apple or iTunes. Go to a phony iTunes website, input your username and password, and you’ve walked into a massive headache.

Why would iTunes be an inviting target for a scam? Because their customer service is notoriously bad, and without talking to a live customer service rep, an emergency—say, an unexpected $5,000 charge to your account—would be very difficult to fix. (In Apple’s defense, manning an efficient call center for the volume of iTunes customers around the world is nearly impossible). In the meantime, Apple warns the public to ignore all likely “spoof” emails that aren’t sent directly from “@apple.com.”

Everyone is a Target

My friend considers himself reasonably web-savvy and isn’t sure how he got on a mailing list of potential “suckers.” His best guess is that he’s been sending out resumes for quite a while and probably replied to a bogus online want-ad meant to collect email addresses.

As you know, at MPA we pride ourselves on the comprehensive email services we provide our customers and do everything possible to protect them from malicious phishing.

But crooks will never quit trying to find new ways to sneak past email security, and we’ll never be able to completely prevent human error—i.e., a careless click on the wrong link. Make sure your employees are always on guard.

Uncle Sam Won’t Stop Cyber-Crime—It’s Up To You

Wednesday, April 1st, 2015

lock-143616_640

You probably know President Obama recently hosted a high-profile cyber-security summit at Stanford. The basic idea was to discuss how to expand the federal government’s role in combating cybercrime against American businesses—from simple theft to outright corporate terrorism.

As you’d expect, most of the local tech giants were represented—Apple, Google, Intel, Microsoft, and Yahoo, among others. Our invitation was evidently “lost in the mail.” But had we been there, I would have told the President that our government’s power to combat internationally-based cybercrime is actually quite limited—about as effective as playing a carnival “Whack-A-Mole” game.

Obama’s summit was another classic case of the government trying to promise more than it can possibly deliver. As long as unscrupulous hackers lurk in every corner of the world, the ugly reality is that cybercrime is here to stay. If the government can’t stop it at its source, it’s up to you to protect yourself and your business from inevitable cyber-attacks.

Many Small Business Clients, Same Pattern of Security Lapses

Part of our business here at MPA Networks is conducting technology assessments for small companies throughout the Bay Area—law firms, financial services, real estate management, and other businesses. For every company we assessed this past year, we routinely uncovered the same glaring security lapses:

  • Anti-virus software was not installed on 100% of the firm’s computers.

  • Where anti-virus software was installed, it often wasn’t updated regularly to include the latest virus signatures—particularly newly-released “zero day” viruses which can spread through cyberspace like wildfire before they’re detectable and containable.

  • No automated system was in place to download and install critical, updated manufacturer security patches—leaving servers, workstations, and laptops vulnerable to the latest viruses and malware.

  • The firm’s firewall was inadequate—or simply wasn’t properly set—to block employee access to malicious websites (a common tactic delivered via links in email spam).

When we present our findings to each firm’s management, we usually get the same response: “We thought we were covered.” Unfortunately, as the old saying goes, a chain is only as strong as its weakest link.

A single unprotected computer invites disaster for your entire business.

“Not Rocket Science”: Hacking Is Hacking

The major corporate security breaches grab the headlines—Target, Home Depot, Sony—but they’re hardly the result of “sophisticated cyber-attacks” as described by the news media. It’s usually just a determined foreign hacker who relentlessly probes a company’s network until they’re lucky enough to find an exposed weak spot.

The nuts-and-bolts structure of a small business’s computer system isn’t very different from a Fortune 500 corporation’s, yet it’s relatively easier to defend, with fewer moving parts and fewer “open windows” for a hacker to infiltrate. There’s no new “magic bullet” the government can offer to fend off cyber-attacks; it’s about businesses re-dedicating themselves to effective protective measures that have already existed for years.

Just as government regulations can’t prevent you from leaving your house unlocked or your keys in the car, the responsibility of protecting your business’s computer network from cyber-crooks will always lie squarely with you. It’s just common sense.

So let’s get the word out and keep our doors locked…

Michael Price, President, MPA Networks