alt tag

Posts Tagged ‘malicious email’


An Expert’s Guide to Avoiding Phishing Scams

Tuesday, January 24th, 2017

hacker-1944673_640

Unlike most IT security threats, phishing scams attack the human element instead of the machine element. Phishing scams try to bait a person into exposing confidential information by posing as a legitimate, reputable source, typically by email or phone. Most often, the culprits seek users’ account login details, credit card numbers, social security numbers, and other personal information.

By properly educating your employees and following a handful of best practices, your business can significantly reduce the threat of phishing scams.

Here’s how:

1. Treat every request for information—whether by email, phone, or Instant Message—like a phishing scam until proven otherwise.

Meeting any request for confidential information with skepticism, regardless of how trivial it sounds, is your employees’ best defense against phishing scams. Even innocent information like a person’s first car, pet’s name, or birthday can be used to steal accounts through password recovery. Generally speaking, no professional organization or company would ever ask for personal information when contacting you—so any information request of this type is more likely to be fraudulent than real.

2. Familiarize your staff with scheduled emails for password resets.

Many companies use regularly scheduled password reset policies as a security measure; however, hackers can exploit this system to get people to hand over account login information. Your company’s best protection in this case is to familiarize employees with which services actually send out these requests. If possible, enable 2-step verification services, or avoid scheduled password changes altogether.

3. Never click a “reset password” link.

One of the easiest ways a hacker can steal information is to include a spoofed link claiming to be a password reset page that leads to a fake website. These links typically look exactly like the legitimate reset page and will take the “account name” and “old password” information the person enters. If you need to reset an account or update your information, navigate to the site manually and skip these links.

4. Never send credentials over email or phone in communication that you did not initiate.

Many sites utilize legitimate password reset emails and phone calls; however, a person has to go to the site and request it. If someone did not request a password reset, any form of contact to do so should be met with extreme skepticism. If employees believe there is a problem, they should cease the current contact thread and initiate a new one directly from the site in question.

5. Don’t give in to fear.

One common phishing scam emulates online retailers, claiming they will cancel an order because a person’s credit card information is “incorrect.” These scams rely on a sense of urgency to get a potential victim to hand over information without stopping to think. If the account really is compromised, chances are the damage is already done.

6. Report suspected phishing attempts.

Phishing attacks like this typically target more than one person in an organization, whether it be from a “mass-scale” or “spear” phishing attack. Therefore, it’s safe to assume that if one person receives a phishing email, others will, too—so contact both your company’s IT department and the organization the hackers were imitating.

If your business is looking to improve its IT security practices and avoid falling victim to phishing scams and other attacks, contact the experts at MPA Networks for help today.

The Best Way to Check Your PCs for Malware—Fast and FREE

Tuesday, April 12th, 2016

antivirus-154669_640

A couple months back, we touched on the story of our normally tech-savvy friend who got tricked into allowing his desktop PC to be infected with obvious malware. At first, he had the sickening feeling that comes with a virus-infected computer—but thanks to some quick thinking and online research, he downloaded several popular free anti-malware apps to isolate and remove the malware programs before they could inflict real damage (identity theft, or worse). He figured that by running multiple anti-malware apps, his computer would be effectively “cross-checked” and his hard drive would once again be clean and secure—fingers crossed.

Running the Gauntlet of Anti-Virus Scan Engines

Running more than one anti-malware app was indeed a wise idea. But what if you could scour your system for malware using as many as 57 different name-brand anti-virus scan engines—in less than a minute, and all for free?

It’s a terrific one-stop Windows utility few users know about, but we’re happy to share it with you today with step-by-step instructions:

  • From the Options menu in Process Explorer (in the upper menu bar), choose VirusTotal.com > Check VirusTotal.com. VirusTotal by itself is a free site that will scan suspicious files and URLs. But linked through Process Explorer, it will analyze your entire operating system using at least 50 proprietary malware detection engines, including those from leading anti-virus brands like AVG, Bitdefender, Kaspersky, McAfee, and Symantec. A cybercrook may be able to write malicious code that eludes a few anti-malware apps—but over 50? That’s quite a comprehensive gauntlet, if not virtually impossible.
  • A Virus Total column will appear to the far right of the dashboard, with a ratio listed for every open application and process. A zero ratio (0/55) means all scanning engines concur the program is safe. A tiny ratio (2/55 or 3/55) is most likely a “false positive” (probably no real threat), while a heavy ratio (10/55 or higher) indicates multiple engines target it as likely malware.

“Less Is More”… But Not When It Comes to Cyber Safety

Learn more about uncovering malware via Process Explorer from InfoWorld security columnist Roger Grimes in the embedded video here. As a free utility direct from Microsoft, we highly recommend it as a simple yet comprehensive supplement to your current anti-virus software. Whenever you discover possible malware lurking on one or more of your company’s PCs, contact us immediately to help quarantine and safely remove it.

Fake Phishing: The Ultimate Security Training?

Tuesday, January 5th, 2016

no-entry-909933_640

What is the current state of your company’s IT security training program—if you have one? Many companies settle for an annual group training session to broadly review the major types of cyber-threats—viruses, malware, and phishing.

The problem with once-a-year “standardized” training is that once employees go through it the first time, they may not fully pay attention in the future, thinking they’ve “heard it all before.” That’s when they’re most vulnerable.

“It Won’t Happen To Me”—Until It Does

Recently, a friend of ours—who normally prides himself on being “smarter than the average bear” when it comes to computer hygiene—confessed he finally got duped into downloading malware directly to his desktop PC. He tried updating to the latest version of CCleaner, a popular, trusted freeware utility which removes temporary files, cookies, and other unwanted clutter from a hard drive. But the page he was directed to had two different “Download” buttons… and he clicked the wrong one. After ignoring dire warning screens from his anti-virus program (“It’s only CCleaner,” he reasoned), he discovered he’d actually just downloaded several unfamiliar programs, masquerading as system processes in his Windows “Task Manager.”

The first consequence: an uncloseable pop-up window requesting payment to remove multiple “detected threats” (which he of course declined to pay). Fortunately, he immediately deleted all the “scamware”—via several malware-removal apps—before hackers could unleash more havoc. He was reminded to stay reasonably skeptical of almost everything online—and to never again let his guard down.

Time For Some “Tough Love”?

You can warn someone of looming cyber-dangers until they’re tired of hearing it… but sometimes the best education is simply “learning the hard way.”

A handful of security contractors are helping companies actually test their employees by providing fake phishing emails—which mimic the sophisticated tactics of genuine scams (offering bogus apps, phony “updates,” and more). When they click on a deceptive link, they’re quickly informed they’ve dodged a bullet:

“Oops! You’ve just fallen for a fake phishing email test. Luckily, your computer remains unharmed for now, but keep in mind this is how hackers regularly trick victims into compromising network security…”

One strong proponent of fake phishing is the Department of Homeland Security—which recommends federal employees who repeatedly fail such tests should have their security clearances revoked.

The point of fake phishing tests isn’t to anger or shame employees who unwittingly take the bait. The goal is to prove that cyber-threats are definitely real, and they should take security very seriously. Nobody wants to be the real victim.

For management, the overall “conversion rate” of a fake phishing test is a true metric of an IT security training program. If too many employees allow themselves to be conned by a simulated phishing scam, their existing training isn’t working.

For more ways to boost security measures within your business, get in touch with a local MSP.

The Importance of Being Proactive: Why You Need A Breach Response Plan

Thursday, August 6th, 2015

attention-297169_640

Each month, Microsoft releases a new security bulletin. In May of 2015, forty-six vulnerabilities had been identified and fixed, spanning products such as Windows, Internet Explorer, and Office. In June, it was even more. While some of these vulnerabilities were low-threat, others were more critical, like the numerous Internet Explorer weaknesses that would allow attackers easy access to execute very harmful activity.

As vulnerabilities like these are not always exploited, many companies take a lax approach to security.

Is every single one of your firm’s computers and servers—whether in your office or in a data center—updated with these recent patches? How about the patches from last month? And those from last year?

Implementing effective security measures takes up time, energy, and resources, but cutting corners can be even costlier—and sometimes downright catastrophic. To avoid the detrimental effects of an attack, it’s essential to maintain an updated breach response plan.

Strengthening Your Incident Response Plan

In the Digital Age, the occasional technology breach is inevitable. A well-developed breach response plan can help curtail damage in the event of an attack, natural disaster, or other unforeseen event. Here are a few things to consider when creating your plan:

  • Review your security plan at least twice a year. This will allow for any additions or adjustments as necessary.
  • Compose a list of clients, their appropriate contacts, and proper notification protocol for each.
  • Assign responsibilities to individual parties where detailed action is required. Leave nothing to chance. If it’s a crucial matter, be sure you know exactly who is responsible for handling the task at hand.
  • Compile a guidance list of “proper responses” to execute based on the nature and severity of the breach.
  • Devise a restoration plan in which backups and other necessary files are recovered.
  • Managed Service Providers can help develop well-designed response plans. Their knowledge of malware, virus prevention, and disaster recovery is priceless when a serious threat emerges.

Post-Breach Measures

After a breach, you have to clean up. This can involve following your disaster recovery protocols, using tools to clean up the mess, and notifying your clients and business partners.

Your data may be damaged, and you may need to shut down your company operations while you recover data, software, and operating systems from your backup system (assuming that system has not been damaged too).

You will need to figure out how the breach occurred and implement improved security measures to keep it from happening again. Why clean up the mess, only to get hit again with the same problem? A breach can indicate a security lapse, like ignoring updates and patches for servers, workstations, anti-virus, and anti-malware software.

In some states and some industries, you are legally required to notify your clients, employees, and business partners of the breach.

Traffic Monitoring Tools

Traffic monitoring tools can detect hidden malware and communication traffic between your network and the Internet that might indicate a breach. One of these tools is Unified Threat Management (UTM) software that can be implemented inside your office’s firewall as part of a service program.

With the plethora of managed service providers and security tools available, it’s easier than ever to start creating your incident response plan. Getting ahead on your security is a smart business move that could save you a great deal of time and money in the long run.

Preventing Breaches in the First Place

Be smart. Save labor. Save money.

Hackers are growing in number, not shrinking, and they are being paid more and more for their efforts in ransom, extortion, fraudulent advertising, and other areas. The problem isn’t going to get better—so you need to be prepared.

It’s a real pain to recover from a breach. It’s time-consuming, and it can be embarrassing for your firm’s reputation. Your company’s leadership may even come into question by customers and staff.

That’s why the smartest move is to prevent security problems before they happen.

Ask yourself these questions:

Are your anti-virus and anti-malware systems up to date? (In other words, have you made updates in the last day?)

Is each and every one of the workstations, laptops, and servers in your organization patched and protected against viruses?

Do you have a service program that assures patches are up to date—and if an installation is missed or fails, is someone in charge of fixing the problem?

Do you scan your emails for malware and viruses before they come to your email server, wherever it’s located (in your office or in a Cloud data center)?

Do you scan your emails for malware and viruses repeatedly as they lie in storage on your email server? A virus identified today may not have been known to anti-virus manufacturers a month ago, when you first received an infected message.

Does your firewall have UTM? (See above.)

Does your firewall prevent your employees from visiting a sketchy site or being directed, without their knowledge, to a malware-infected website in an innocent-looking email link?

Lastly, do you have a service program or service procedures that manage all of the above? You can’t “load it and you’re done,” and you can’t “set it and forget it.” These services must be actively managed by your own firm or a skilled Managed Services Provider.

Who Does All the Work?

In large companies, these types of proactive security management are carried out by internal IT staffers, outsourced security experts, or a combination of both.

In small businesses, this type of work is best performed by an outsourced Managed Services Provider. It’s becoming too complicated for internal resources to effectively handle proactive security management without outside advice and services. It’s also too complicated and time consuming, in many cases, for a small IT service shop or a single “IT Guy” to keep up with the rapid evolution of network security threats and barriers.

How Do You Know If You’re Protected?

Simple. Hire an IT consulting firm, an IT consultant, or a Managed Services Provider to perform an audit of your company’s computer network. You want to test at least four things:

  • Your internal network security
  • The security between your internal network resources and the outside Internet (outward flow)
  • The security between the Internet and your inside resources (inward flow)
  • Compliance with any regulatory security that applies to your type of business

After almost every virus attack or security breach we hear about, the affected company’s managers say, “I thought we were covered.”

Last month at MPA, we heard this from the manager of a furniture distribution company in the East Bay after ALL of their data and backups were destroyed by a virus. If that happened to your business, could you survive?

Don’t wait until you have a catastrophe on your hands to find out whether your current coverage is enough. Order a Technology Assessment/Security Audit today.

Malvertising: The Next Big Cyber Threat

Thursday, July 16th, 2015

road-sign-579554_640

We’ve spent plenty of time here talking about safeguarding your company against phishing and other forms of cyber-attack. As we’ve discussed, the first line of defense against phishing is to make sure your employees remain vigilant by avoiding email links and shady websites. But there’s a bigger threat on the horizon for anyone who simply surfs the Internet. Hidden malware delivered via online ads, or malvertising, is rapidly spreading across the web—including the most trusted news and entertainment sites millions of us visit every day.

Via banners, pop-ups, and animated ads, cybercrooks can embed hidden lines of code that instruct a web browser to automatically retrieve and install malware programs from an unseen URL—literally a “drive-by download,” undetectable by most common anti-virus programs. Some malvertising scams entice viewers to click on an ad (most often pop-ups offering “software updates”). Others infect a computer simply by loading the page.

Successful malvertising immediately renders a computer susceptible to any of the following:

  • Outright theft (identity, financial, or data) or extortion via ransomware, such as CryptoWall or CryptoLocker, a high-encryption virus which can’t be removed without paying off the crooks—usually in untraceable Bitcoin or wire transfer.
  • The computer can be hijacked into a botnet, a ring of “zombified” computers which are silently manipulated for criminal activities, such as repeatedly clicking on bogus pay-per-click ads, bilking websites out of artificially inflated profits.
  • The malvertising can leave behind a browser exploit kit, malicious code that constantly probes a computer for vulnerabilities within the browser as well as standard plug-ins including Adobe Flash Player, Java, and Microsoft Silverlight. When a weakness is found from the inside—as little as missing the latest security update—the door is open for even more lethal malware.

No Sheriff in Town

Most high-traffic websites outsource their advertising to third-party networks who sell space to advertisers—usually simply accepting ads from the highest bidder—and directly insert ad applets into a web page. You’d think these ad networks would bear the responsibility for screening ads against malvertising, but they’re simply not responding fast enough. Like so much of the Internet world, the frenzied volume of online advertising grew much faster than anyone’s ability to regulate it.

Everyone still assumes law enforcement can effectively police criminal activity in cyberspace… but there’s literally no sheriff in town.

How Can You Protect Yourself?

There are a number of measures you can take right now to defend your company against malvertising:

  • Keep your anti-virus and anti-malware software up to date, and make sure the software continues to update on a regular basis. Some manufacturers update their software daily to combat new threats.
  • Use a Firewall with an activated subscription service for UTM (unified threat management). UTM is a service should provide at least two forms of protection:
  1. Filtering out some viruses and malware as they attempt to pass through the Firewall into your office or home network (whether in an email or on a website).
  2. Prohibiting you and/or your users from visiting sketchy websites—the kind a phishing email might direct you to, with or without your knowledge, in an attempt to infect your computer.
  • Regularly check your browsers for the latest security patches.
  • Modify your browser settings to prevent Flash and Java-based animated ads from running automatically, as well as to flag suspicious website content.
  • Create multiple user accounts for each computer, including a “web surfing” account without administrative rights to install or modify software, and to block malicious exploit kits. Some firms have all desktop accounts for their employees configured without administrative rights for this reason.
  • Consider signing up with a Managed Services Provider (MSP) for a Managed Services Program that supplies anti-virus, anti-malware, and security patching, keeps these systems up to date, and manages the process for success—so you can focus on actually using your technology.

To learn more about the dangers of malvertising and other emerging cyber threats, contact us.

 

Uncle Sam Won’t Stop Cyber-Crime—It’s Up To You

Wednesday, April 1st, 2015

lock-143616_640

You probably know President Obama recently hosted a high-profile cyber-security summit at Stanford. The basic idea was to discuss how to expand the federal government’s role in combating cybercrime against American businesses—from simple theft to outright corporate terrorism.

As you’d expect, most of the local tech giants were represented—Apple, Google, Intel, Microsoft, and Yahoo, among others. Our invitation was evidently “lost in the mail.” But had we been there, I would have told the President that our government’s power to combat internationally-based cybercrime is actually quite limited—about as effective as playing a carnival “Whack-A-Mole” game.

Obama’s summit was another classic case of the government trying to promise more than it can possibly deliver. As long as unscrupulous hackers lurk in every corner of the world, the ugly reality is that cybercrime is here to stay. If the government can’t stop it at its source, it’s up to you to protect yourself and your business from inevitable cyber-attacks.

Many Small Business Clients, Same Pattern of Security Lapses

Part of our business here at MPA Networks is conducting technology assessments for small companies throughout the Bay Area—law firms, financial services, real estate management, and other businesses. For every company we assessed this past year, we routinely uncovered the same glaring security lapses:

  • Anti-virus software was not installed on 100% of the firm’s computers.

  • Where anti-virus software was installed, it often wasn’t updated regularly to include the latest virus signatures—particularly newly-released “zero day” viruses which can spread through cyberspace like wildfire before they’re detectable and containable.

  • No automated system was in place to download and install critical, updated manufacturer security patches—leaving servers, workstations, and laptops vulnerable to the latest viruses and malware.

  • The firm’s firewall was inadequate—or simply wasn’t properly set—to block employee access to malicious websites (a common tactic delivered via links in email spam).

When we present our findings to each firm’s management, we usually get the same response: “We thought we were covered.” Unfortunately, as the old saying goes, a chain is only as strong as its weakest link.

A single unprotected computer invites disaster for your entire business.

“Not Rocket Science”: Hacking Is Hacking

The major corporate security breaches grab the headlines—Target, Home Depot, Sony—but they’re hardly the result of “sophisticated cyber-attacks” as described by the news media. It’s usually just a determined foreign hacker who relentlessly probes a company’s network until they’re lucky enough to find an exposed weak spot.

The nuts-and-bolts structure of a small business’s computer system isn’t very different from a Fortune 500 corporation’s, yet it’s relatively easier to defend, with fewer moving parts and fewer “open windows” for a hacker to infiltrate. There’s no new “magic bullet” the government can offer to fend off cyber-attacks; it’s about businesses re-dedicating themselves to effective protective measures that have already existed for years.

Just as government regulations can’t prevent you from leaving your house unlocked or your keys in the car, the responsibility of protecting your business’s computer network from cyber-crooks will always lie squarely with you. It’s just common sense.

So let’s get the word out and keep our doors locked…

Michael Price, President, MPA Networks

Surprising New Study: Email an Essential Cross-Generational Business Asset

Thursday, February 12th, 2015

email-297068_640What was cutting-edge in the 1990s is still relevant today — at least, when it comes to Email technology. According to a new PewResearch report, 61 percent of office workers say Email is “very important” to their work productivity. That same study placed the Internet and landline phones at 54 and 35 percent, respectively. Gadget enthusiasts may be surprised to learn that only 24 percent of office workers consider cellular and smart phones very important, making mobile devices even less important than landlines. And just four percent of workers view social networking sites like Facebook, Twitter, and LinkedIn as essential.

If there’s one indispensable takeaway from this study, it’s that you need to establish and maintain an adequate and reliable Email system if you want to keep your business operating efficiently.

Email continuity equals business continuity, especially when dealing with customers and clients.

Invest in Your Email Service (or Wish You Had)

Despite being contingent on the second most popular office tool (the Internet), Email is a single web service you can spotlight within your IT strategy. Consult with your Managed Services Provider (MSP) to identify the best possible setup to meet your business needs and keep your Email running at top speed. Since your Email service is essential to your operation, it’s crucial to employ a quality, business grade Email service on a reliable server. After all, you’re likely to spend more money on lost payroll from a slow or out-of-service Email system than you would on simply upgrading it.

Whether you’re a law firm, an investment advisor, or a logistics company, your employees require swift communication channels to reach your clients.

Email Continuity

Consider using an Email continuity system to keep things running if you lose power, drop Internet connectivity, experience a server crash, or encounter an Email service disruption. There are now excellent Email continuity systems available that kick in instantly when your Email system or your Email provider goes down or breaks — so you won’t miss a beat. These systems work with workstations, laptops, tablets, and smart phones. Ask your MSP for more information.

Multiple Internet Connections

You can work around Internet outages by using multiple Internet connections at your office. For example, a dual-Internet system setup with two service providers can bail your office out of trouble when your main service provider experiences a local outage. Since ISP availability varies between areas, and since all of the tech you rely on is unlikely to break at the same time, you could use (for example) a Comcast Business cable connection as your main provider, and an XO copper over Ethernet as your backup connection. These are two distinct and independent technologies with different supply routes under the streets to your office.

Your Managed Services Provider (MSP) can even configure a Firewall so that both Internet connections can be used simultaneously and balance each other. When one breaks, the other one keeps working. This is the new way to reliably handle Internet access when “it can’t be down.”

Accessing Email via mobile Internet is a good continuity fallback plan. Just make sure in advance that your Email system is configured on the mobile devices. Also, this does not work if the Email service goes down — only if your office’s Internet access goes down. For true Email continuity with mobile devices, you should investigate Email continuity systems instead (see above).

Build Your Email System Up — and Then Out

The technical aspect is just part of a successful Email business strategy. Training your employees on proper Email procedures and practices is important for establishing a professional and efficient operation.

Implement a standardized Email signature block across your entire firm — including both your company name and logo — to help set a consistent, unified brand tone in the eyes of your customers and clients.

And don’t overlook the importance of keeping your contact databases organized — it’s easy to find yourself wasting time digging up a client’s Email address if your “books” or CRM databases aren’t regularly tidied.

For more information on building a reliable Email system, click here.

‘Tis the Season—for Small Business Cybercrime. Here’s How to Protect Your Company

Wednesday, January 7th, 2015

security

The holiday season means more than shopping and gift giving. It also now marks prime season for cybercriminals and hackers around the world — and they’re coming after small businesses in the U.S.

“Targeting” Target—via Small Businesses

You may have seen a segment on the November 30 broadcast of 60 Minutes which looked at today’s record levels of data security breaches among large national retailers. They spotlighted the credit card nightmare at Target stores, which occurred a little over a year ago. It’s now known that sophisticated hackers in Eastern Europe pulled off that massive caper not by directly “targeting” Target, but by seeking out smaller vendors who were doing business electronically with the company. They finally found a small HVAC contractor in Pennsylvania who had been performing work in nearby Target locations. Bypassing comparatively weaker IT security, the hackers located the contractor’s sign-in credentials for Target’s vendor interface. Once inside the Target network, they unleashed viral malware which attached itself to point-of-sale terminals in Target stores coast-to-coast. The result: roughly 40 million American consumer credit card numbers (including yours?) were suddenly up for grabs on the international black market.

Enabling a nationwide consumer panic is not how any small business wants to be remembered.

The holidays, and the post-holiday sales season, are particularly attractive to the cyber underworld because of the higher volume of commercial activity across our modern digital economy. And they know hacking into a Fortune 500 company — with vast security resources — is about as promising as trying to hop the fence at Fort Knox. They’d rather look for smaller companies with vulnerable security flaws, such as weak data protection policies, obsolete or unpatched security software, or careless employees.

The consequences hackers can inflict on a small company can range from compromised customer records to virtual extortion through “ransomware” and outright theft of cash. And unlike the generous fraud protections offered to those credit card customers at Target, unauthorized withdrawals from a commercial account may take weeks to resolve — or longer, pending investigations by banks and law enforcement. And unlike credit card fraud, in many cases you may never get your money back!

Now is an excellent time to review your company’s defenses against hacking and cybercrime.

Start with the Basics

Remind your employees to choose difficult company passwords (and periodically change them). Better yet, have your administrator set your password policy to require changes once a quarter or even once a month. Yes, users don’t like it — and yes, your security will improve and your business will be protecting itself.

Have your employees remain on the lookout for phishing emails — particularly “spoof” emails made to resemble notices from trusted websites like Amazon, Facebook, or your bank. One click on a phony link can quickly spread malware throughout your company and disrupt your business fast. To educate your employees, you might have them read this.

One malicious email could cost you thousands of dollars. Get the facts. Here’s how to identify a malicious email.

If your employees think they’re good at picking out a malicious email vs. a real one, have them take this quiz. And even if they don’t think they’re good, have them take the quiz anyway. Then have them review the quiz answers. Your employees may be surprised. (Hint: we’ve been told this quiz is a good educational tool — and can save frustration, money, and downtime.)

Security, and Then Some

Talk to your IT service folks and make sure your workstations, laptops, and any servers you might have in your office or in the Cloud are continually being patched for security flaws, and that your anti-virus systems are being constantly updated (as often as multiple times a day is recommended).

Next, consider a comprehensive security audit to identify likely weaknesses a hacker could exploit. Then patch those holes with state-of-the-art IT safeguards, including the latest enterprise-grade malware protection suites, hosted email security, extended encryption for Cloud applications, and optimal firewalls.

Cybercrime is out there, and growing by the day. To learn even more about precautions you can take against these threats, click here.

Quiz – Can you Find the Malicious Email?

Thursday, December 12th, 2013

Can you Spot the Malicious Emails/s?!

email-threats

After reading through our Cryptolocker and Ransomware blog series and learning how to identify a malicious email, it’s time to put your new virus sleuthing skills to the test.

Read through the list of email subject lines and from names below.  Which email/s  are scams, and which are safe? Please feel free to comment below. We will post the answers in our next blog post.

Note: These are all real emails we have either seen, received, or that have gotten stuck in our firewall – we did not make them up.

Warning: This is more difficult than you think!

(more…)