alt tag

Posts Tagged ‘virus’


Mac- and Linux-Based Malware Targets Biomedical Industry

Tuesday, March 14th, 2017

virus-1920629_640

The malware infection, discovered in late January, that’s been hiding out on Mac and Linux devices for more than two years doesn’t mean the security floodgates are open, but it is a reminder that these devices aren’t invincible. Apple is calling this new malware “Fruitfly,” and it’s being used to target biomedical research. While not targeted for Linux devices, the malware code will run on them.

This attack may hit a little too close to home for those industries MPA Networks specializes in protecting, including healthcare and biotech. That makes this a good time to reexamine security best practices for devices that aren’t commonly targeted for attacks.

Attacks Are Rare, But Not Impossible

Broadly speaking, any device that isn’t running Windows has benefited from a concept called “security through obscurity,” which means hackers don’t bother going after these devices because of a smaller market share.

Mac OS X and Linux provide more secure options than Windows for various reasons, but neither is an invincible platform.

Every so often, hackers strike the Mac community with malware—and when the attacks are successful, it’s typically because users don’t see them coming. The lesson here, of course, is to never let your guard down.

You may not need an active anti-virus program on a Mac, but occasional anti-malware scans can be beneficialAccording to Ars Technica, “Fruitfly” uses dated code for creating JPG images last updated in 1998 and can be identified by malware scanners. Anti-malware programs like Malwarebytes and Norton are available for Mac devices. MPA Networks’ desktop support and management can also improve user experiences on non-Windows devices.

Keep Your Macs and Linux Machines Updated

The old IT adage that says “keeping your programs updated is the best defense against security exploits” is still true when it comes to Mac OS X. While Mac OS X upgrades have been free or low-cost for years, not everyone jumps on to the latest version right away. For example, less than half of Macs were running the latest version of the OS in December of 2014. This means all the desktop and laptop devices running older versions of Mac OS X are exposed to security holes Apple patched with updates.

Typically, Apple only supports the three most recent versions of their operating system, which usually come in annual releases. Your workplace computers should, at the very least, be running a version still supported by Apple. The good news is that Apple quickly issued a security fix to address Fruitfly. The bad news? This isn’t the first Mac OS vulnerability malware has managed to exploit, and it won’t be the last.

The IT consulting experts at MPA Networks are ready to help your company find the right tools to increase productivity and improve security on all your office devices. Contact us today to get started.

Cybercrime Begins Over the Phone, Too—Don’t Let Your Employees Forget

Tuesday, April 19th, 2016

phone-388838_640

If you’ve been a regular reader of our blog, you know we’ve spent plenty of time discussing phishing, malware, and other cybercrime. It’s all part of our modern online world, and we know it will never really go away.

We’ve talked about the tricks scammers use, from links in bogus emails to simply visiting the wrong website. But don’t forget crooks are still stalking victims via good old Ma Bell.

Chances are you’ve received a phone call pitching one of these common scams—more than once:

  • The promise of a lower credit card interest rate or a reduced electric bill… provided you give the caller your existing credit card number(s).
  • A call on behalf of one of your family members, requesting wired money to bail them out of a foreign jail. With “people search” sites all over the web, it’s disturbingly easy for a scammer to not only obtain your phone number, but also the names of your loved ones.
  • And perhaps the most devious phone scheme: the service tech from “Windows” who warns that your PC has been detected with a dangerous virus, which he can immediately remove remotely—for a nominal service fee, of course—or guide you in removing via a removal tool download (which is the actual malware)!

Hopefully, you’ve learned to recognize such obvious schemes. But businesses large and small are also targets of sophisticated electronic con artists, and it only takes one employee’s slip-up to rob a company of anything from confidential information to simple cash.

When to Hang Up the Phone

  • Suppose one of your senior executives is speaking at an out-of-town industry conference (information freely available on the conference’s website). Your receptionist receives a call from an “event manager” saying they urgently need their email password changed in order to download their PowerPoint presentation within the next half-hour. If it’s actually a cyber-crook on the other end of the line, they’ll have successfully hijacked that email account—inbox, address book, archives, everything.
  • If your accounting team gets a call from an angry “vendor” demanding payment for a mysterious invoice that’s suddenly 90 days past-due—for something as innocuous as bottled water or toner cartridges—might they be directed to a bogus payment site to collect a quick payment? Banks usually won’t forgive such voluntary gaffes, and if the culprits are outside the U.S., that money is almost surely gone.

We’ve discussed the necessity of a comprehensive employee security training program. Don’t forget to include your employees on the lookout for phone scams as well. Also consider a policy of no password changes without alerting top-tier support of your managed service provider, or supplement usernames and passwords (or even replace them) with two-step verification.

Questions? Contact us today.

New Ransomware Good Reminder to Practice Thorough Data Backup

Wednesday, February 17th, 2016

close-159133_640

A new combination of a sophisticated password-stealing Trojan, powerful exploit kit, and content-encrypting ransomware is making its way around the Internet infecting Windows users. If it hits your business, you’re looking at a considerable loss of time and finances.

It’s estimated that businesses worldwide spent around $491 billion in 2014 managing the blowback from data breaches and malware infections. Making sure your business is ready to minimize the amount of damage a ransomware attack can do is the best course of action for dealing with cyber threats like these.

Ransomware Refresher

Ransomware has taken system-disabling malware to a whole new level by trying to extort money in exchange for returning control.

Ransomware that employs data encryption programs like Cryptolocker and CryptoWall uses a complex encoding algorithm that locks off important data on the computer—so removing the ransomware will not restore the data.

In many cases, paying the $24 to $600+ demanded to decrypt the information ends up being practical, because restoring the lost data would end up costing more. However, it is possible that even after you’ve paid the ransom the hackers will not restore access to your system. So pay at your own risk.

Kicking You When You’re Down

The new malware fusion doesn’t just lock a user out of their computer or try to steal login credentials; it does both, and tries to use some of that stolen information to hijack websites the user has admin access to (and propagate itself across more systems). According to PCWorld, the new disastrous malware mix uses the “Angler” exploit kit, the credential-stealing “Pony” Trojan, and the “CryptoWall 4” ransomware. If any of your business’s computers are hit with this malware campaign, you’ll have to deal with compromised account login information, possible FTP and SSH website access breaches, and all the data on the infected computer is as good as lost. So you’re not only looking at the expenses for changing passwords, locking down websites, and replacing lost information, but also the dozens of hours redoing lost work.

The Best Defense

Even though malware finds new ways to compromise systems, it is still a best security practice to keep your antivirus and system software up to date to protect your information. However, keeping everything updated can be problem for some companies, as vital software may not work correctly following an update. Additionally, businesses should avoid using computers running old, outdated operating systems like Windows XP that are no longer receiving security updates.

Making sure your important information is also saved in off-device storage (like an external hard drive or on a cloud service backup) is one of the best things your business can do to minimize the amount of damage caused by a system-disabling malware attack. If the system is infected, the backed up data will still be up to date—and instead of losing months of work, you’re looking at a few hours or days instead. Moving work to cloud-based applications with online storage is another good way to prevent loss from malware. If an employee’s computer gets hit with ransomware, any work they’ve been storing or working on through a cloud service is still safe and secure.

Need advice on backing up your data? Get in touch with a local MSP today.

Fake Phishing: The Ultimate Security Training?

Tuesday, January 5th, 2016

no-entry-909933_640

What is the current state of your company’s IT security training program—if you have one? Many companies settle for an annual group training session to broadly review the major types of cyber-threats—viruses, malware, and phishing.

The problem with once-a-year “standardized” training is that once employees go through it the first time, they may not fully pay attention in the future, thinking they’ve “heard it all before.” That’s when they’re most vulnerable.

“It Won’t Happen To Me”—Until It Does

Recently, a friend of ours—who normally prides himself on being “smarter than the average bear” when it comes to computer hygiene—confessed he finally got duped into downloading malware directly to his desktop PC. He tried updating to the latest version of CCleaner, a popular, trusted freeware utility which removes temporary files, cookies, and other unwanted clutter from a hard drive. But the page he was directed to had two different “Download” buttons… and he clicked the wrong one. After ignoring dire warning screens from his anti-virus program (“It’s only CCleaner,” he reasoned), he discovered he’d actually just downloaded several unfamiliar programs, masquerading as system processes in his Windows “Task Manager.”

The first consequence: an uncloseable pop-up window requesting payment to remove multiple “detected threats” (which he of course declined to pay). Fortunately, he immediately deleted all the “scamware”—via several malware-removal apps—before hackers could unleash more havoc. He was reminded to stay reasonably skeptical of almost everything online—and to never again let his guard down.

Time For Some “Tough Love”?

You can warn someone of looming cyber-dangers until they’re tired of hearing it… but sometimes the best education is simply “learning the hard way.”

A handful of security contractors are helping companies actually test their employees by providing fake phishing emails—which mimic the sophisticated tactics of genuine scams (offering bogus apps, phony “updates,” and more). When they click on a deceptive link, they’re quickly informed they’ve dodged a bullet:

“Oops! You’ve just fallen for a fake phishing email test. Luckily, your computer remains unharmed for now, but keep in mind this is how hackers regularly trick victims into compromising network security…”

One strong proponent of fake phishing is the Department of Homeland Security—which recommends federal employees who repeatedly fail such tests should have their security clearances revoked.

The point of fake phishing tests isn’t to anger or shame employees who unwittingly take the bait. The goal is to prove that cyber-threats are definitely real, and they should take security very seriously. Nobody wants to be the real victim.

For management, the overall “conversion rate” of a fake phishing test is a true metric of an IT security training program. If too many employees allow themselves to be conned by a simulated phishing scam, their existing training isn’t working.

For more ways to boost security measures within your business, get in touch with a local MSP.

Macs Are Here to Stay. How Well Are You Managing Them?

Wednesday, December 16th, 2015

apple-691282_640

Before you take your teenage kids to see the new Steve Jobs biopic, ask them what Jobs’ first successful product was. Don’t be surprised if they answer “the iPod”! For most of their generation, the original Macintosh is ancient history.

Today’s Mac computers don’t command prime Apple Store floor space dominated by trendy gadgets like iPhones and the Apple Watch. But decades after Microsoft was generally crowned victor of the landmark “Windows-Mac war,” Macs still hold a solid 17% share of the desktop computer market.

The powerful top-end Mac desktops are widely preferred by graphic designers and other “creatives,” while the sleek MacBook is a popular BYOD choice among users for whom the premium price tag is no big deal—from top executives on down.

Does Your IT Team “Speak Mac”?

While Apple devotees insist on sticking to Macs in their workplace wherever possible, many IT departments actually have a hard time managing them within their company networks—simply because they’re not Mac experts. Their day-to-day “comfort zone” revolves around Windows-based systems, from server-level architecture to standard software. The Macintosh operating system, Apple’s OS X, is a completely different language from Windows, requiring different skills and expertise. It’s literally a case of apples vs. oranges.

Mac Security: The Weakest Link?

In this age of relentless hacking and cybercrime, IT managers deploy every defense they can find, from anti-virus software to heavy-duty firewalls. But when they’re generally less familiar with Macs and OS X, how safe is the overall network?

A recent study released by identity management software maker Centrify uncovered some startling statistics regarding “unmanaged” Macs:

  • While 65% of Macs in the workplace regularly access “sensitive or regulated customer information,” only 35% utilized any type of data encryption methods—including simply activating the FileVault option which is built into OS X.
  • Over half have no software enforcing strong hack-resistant passwords.
  • 72% of Apple devices (Macs plus iPhones) used for work-related activities have no company-supplied device management software whatsoever.

At the same time, cyber-threats specifically targeting Mac OS X are on the rise.newly released report by security firm Bit9 + Carbon Black reveals that strains of OS X malware detected in 2015 have rocketed to five times the number recorded in the past five years combined. Meanwhile, Patrick Wardle, director of research at another security company, Synack, just delivered a widely publicized presentation at the Virus Bulletin 2015 conference in Prague detailing major vulnerabilities in Gatekeeper, OS X’s built-in frontline defense against trojans and other attacks. Once Gatekeeper is compromised, a Mac is a sitting duck for malicious hackers everywhere.

How many of your employees prefer Macs, and how do they affect the efficiency and security of your company network? Share your concerns with us here.

Treat Your Network As If It’s ALREADY Been Hacked

Thursday, November 5th, 2015

sherlock-holmes-147255_640

Weak IT security generally revolves around the following theory: “We’ll keep hackers out of our network—everything’s okay until something bad happens.”

But strong security operates from an assume breach mindset: The hackers have already infiltrated our network, probably for a while now—where and how do we find them?

Paranoid? Probably. But in today’s ever-evolving threatscape, absolutely necessary.

Antivirus Software Will Never Be Enough

The ugly reality is that even the best antivirus programs will always lag a step behind those worldwide legions of malicious hackers who can often disguise the detectable “signature” of malware with a just few altered lines of code.

While antivirus vendors diligently try to update their products regularly with the latest virus signatures, a new version of malware can infect a network within hours of the last update. Or a virus can simply—and silently—disable those updates or completely shut down firewalls, allowing an attacker free reign over the entire network—unleashing even more trouble.

Hacking and Malware: Hidden Clues

A single virus-infected PC is usually easy to spot; the user can immediately see that something’s wrong. But intrusive malware hidden inside a network can lay dormant for days or months before wreaking havoc. Have you experienced any of these network malware symptoms recently?

  • Your company bandwidth slows down during certain periods of the workday for no apparent reason. There may be something on the network that shouldn’t be there—and combing through your sensitive data.
  • Your inbound network connections spike at odd overnight hours. Your users are probably home asleep at 3:00 a.m., but hackers on the other side of the globe are wide awake.
  • One or more workstations—or the entire network—make a lot of outbound connections that don’t make sense. A firewall normally ensures your mail server exclusively handles STMP (email) traffic, while other network traffic is limited to your DNS servers. Seemingly “illogical” STMP/DNS connections—such as STMP connections to an unfamiliar IP address—signal the network may have been hacked. Your company data is in danger, or spam may be discreetly spewing from your hijacked email server.

Detective Work? Where to Begin

So if you treat your network as if its security has already been compromised, where do you look for the evidence? Start with establishing comprehensive audit logs to record telltale clues within your network, such as:

  • Abnormal incoming/outgoing network activity, focusing on unusual connections among workstations’ TCP ports.
  • Suspicious network traffic at odd hours (when one cyberattack is detected, it establishes a timeframe for similar attempts).
  • The sudden appearance and locations of strange new files, including malicious rootkits.

Hacking and cyberattacks are no longer a question of if, but when. And you can’t limit the damage until you know what to look for. For more ideas about cutting-edge network security, contact us.

The Importance of Being Proactive: Why You Need A Breach Response Plan

Thursday, August 6th, 2015

attention-297169_640

Each month, Microsoft releases a new security bulletin. In May of 2015, forty-six vulnerabilities had been identified and fixed, spanning products such as Windows, Internet Explorer, and Office. In June, it was even more. While some of these vulnerabilities were low-threat, others were more critical, like the numerous Internet Explorer weaknesses that would allow attackers easy access to execute very harmful activity.

As vulnerabilities like these are not always exploited, many companies take a lax approach to security.

Is every single one of your firm’s computers and servers—whether in your office or in a data center—updated with these recent patches? How about the patches from last month? And those from last year?

Implementing effective security measures takes up time, energy, and resources, but cutting corners can be even costlier—and sometimes downright catastrophic. To avoid the detrimental effects of an attack, it’s essential to maintain an updated breach response plan.

Strengthening Your Incident Response Plan

In the Digital Age, the occasional technology breach is inevitable. A well-developed breach response plan can help curtail damage in the event of an attack, natural disaster, or other unforeseen event. Here are a few things to consider when creating your plan:

  • Review your security plan at least twice a year. This will allow for any additions or adjustments as necessary.
  • Compose a list of clients, their appropriate contacts, and proper notification protocol for each.
  • Assign responsibilities to individual parties where detailed action is required. Leave nothing to chance. If it’s a crucial matter, be sure you know exactly who is responsible for handling the task at hand.
  • Compile a guidance list of “proper responses” to execute based on the nature and severity of the breach.
  • Devise a restoration plan in which backups and other necessary files are recovered.
  • Managed Service Providers can help develop well-designed response plans. Their knowledge of malware, virus prevention, and disaster recovery is priceless when a serious threat emerges.

Post-Breach Measures

After a breach, you have to clean up. This can involve following your disaster recovery protocols, using tools to clean up the mess, and notifying your clients and business partners.

Your data may be damaged, and you may need to shut down your company operations while you recover data, software, and operating systems from your backup system (assuming that system has not been damaged too).

You will need to figure out how the breach occurred and implement improved security measures to keep it from happening again. Why clean up the mess, only to get hit again with the same problem? A breach can indicate a security lapse, like ignoring updates and patches for servers, workstations, anti-virus, and anti-malware software.

In some states and some industries, you are legally required to notify your clients, employees, and business partners of the breach.

Traffic Monitoring Tools

Traffic monitoring tools can detect hidden malware and communication traffic between your network and the Internet that might indicate a breach. One of these tools is Unified Threat Management (UTM) software that can be implemented inside your office’s firewall as part of a service program.

With the plethora of managed service providers and security tools available, it’s easier than ever to start creating your incident response plan. Getting ahead on your security is a smart business move that could save you a great deal of time and money in the long run.

Preventing Breaches in the First Place

Be smart. Save labor. Save money.

Hackers are growing in number, not shrinking, and they are being paid more and more for their efforts in ransom, extortion, fraudulent advertising, and other areas. The problem isn’t going to get better—so you need to be prepared.

It’s a real pain to recover from a breach. It’s time-consuming, and it can be embarrassing for your firm’s reputation. Your company’s leadership may even come into question by customers and staff.

That’s why the smartest move is to prevent security problems before they happen.

Ask yourself these questions:

Are your anti-virus and anti-malware systems up to date? (In other words, have you made updates in the last day?)

Is each and every one of the workstations, laptops, and servers in your organization patched and protected against viruses?

Do you have a service program that assures patches are up to date—and if an installation is missed or fails, is someone in charge of fixing the problem?

Do you scan your emails for malware and viruses before they come to your email server, wherever it’s located (in your office or in a Cloud data center)?

Do you scan your emails for malware and viruses repeatedly as they lie in storage on your email server? A virus identified today may not have been known to anti-virus manufacturers a month ago, when you first received an infected message.

Does your firewall have UTM? (See above.)

Does your firewall prevent your employees from visiting a sketchy site or being directed, without their knowledge, to a malware-infected website in an innocent-looking email link?

Lastly, do you have a service program or service procedures that manage all of the above? You can’t “load it and you’re done,” and you can’t “set it and forget it.” These services must be actively managed by your own firm or a skilled Managed Services Provider.

Who Does All the Work?

In large companies, these types of proactive security management are carried out by internal IT staffers, outsourced security experts, or a combination of both.

In small businesses, this type of work is best performed by an outsourced Managed Services Provider. It’s becoming too complicated for internal resources to effectively handle proactive security management without outside advice and services. It’s also too complicated and time consuming, in many cases, for a small IT service shop or a single “IT Guy” to keep up with the rapid evolution of network security threats and barriers.

How Do You Know If You’re Protected?

Simple. Hire an IT consulting firm, an IT consultant, or a Managed Services Provider to perform an audit of your company’s computer network. You want to test at least four things:

  • Your internal network security
  • The security between your internal network resources and the outside Internet (outward flow)
  • The security between the Internet and your inside resources (inward flow)
  • Compliance with any regulatory security that applies to your type of business

After almost every virus attack or security breach we hear about, the affected company’s managers say, “I thought we were covered.”

Last month at MPA, we heard this from the manager of a furniture distribution company in the East Bay after ALL of their data and backups were destroyed by a virus. If that happened to your business, could you survive?

Don’t wait until you have a catastrophe on your hands to find out whether your current coverage is enough. Order a Technology Assessment/Security Audit today.

Malvertising: The Next Big Cyber Threat

Thursday, July 16th, 2015

road-sign-579554_640

We’ve spent plenty of time here talking about safeguarding your company against phishing and other forms of cyber-attack. As we’ve discussed, the first line of defense against phishing is to make sure your employees remain vigilant by avoiding email links and shady websites. But there’s a bigger threat on the horizon for anyone who simply surfs the Internet. Hidden malware delivered via online ads, or malvertising, is rapidly spreading across the web—including the most trusted news and entertainment sites millions of us visit every day.

Via banners, pop-ups, and animated ads, cybercrooks can embed hidden lines of code that instruct a web browser to automatically retrieve and install malware programs from an unseen URL—literally a “drive-by download,” undetectable by most common anti-virus programs. Some malvertising scams entice viewers to click on an ad (most often pop-ups offering “software updates”). Others infect a computer simply by loading the page.

Successful malvertising immediately renders a computer susceptible to any of the following:

  • Outright theft (identity, financial, or data) or extortion via ransomware, such as CryptoWall or CryptoLocker, a high-encryption virus which can’t be removed without paying off the crooks—usually in untraceable Bitcoin or wire transfer.
  • The computer can be hijacked into a botnet, a ring of “zombified” computers which are silently manipulated for criminal activities, such as repeatedly clicking on bogus pay-per-click ads, bilking websites out of artificially inflated profits.
  • The malvertising can leave behind a browser exploit kit, malicious code that constantly probes a computer for vulnerabilities within the browser as well as standard plug-ins including Adobe Flash Player, Java, and Microsoft Silverlight. When a weakness is found from the inside—as little as missing the latest security update—the door is open for even more lethal malware.

No Sheriff in Town

Most high-traffic websites outsource their advertising to third-party networks who sell space to advertisers—usually simply accepting ads from the highest bidder—and directly insert ad applets into a web page. You’d think these ad networks would bear the responsibility for screening ads against malvertising, but they’re simply not responding fast enough. Like so much of the Internet world, the frenzied volume of online advertising grew much faster than anyone’s ability to regulate it.

Everyone still assumes law enforcement can effectively police criminal activity in cyberspace… but there’s literally no sheriff in town.

How Can You Protect Yourself?

There are a number of measures you can take right now to defend your company against malvertising:

  • Keep your anti-virus and anti-malware software up to date, and make sure the software continues to update on a regular basis. Some manufacturers update their software daily to combat new threats.
  • Use a Firewall with an activated subscription service for UTM (unified threat management). UTM is a service should provide at least two forms of protection:
  1. Filtering out some viruses and malware as they attempt to pass through the Firewall into your office or home network (whether in an email or on a website).
  2. Prohibiting you and/or your users from visiting sketchy websites—the kind a phishing email might direct you to, with or without your knowledge, in an attempt to infect your computer.
  • Regularly check your browsers for the latest security patches.
  • Modify your browser settings to prevent Flash and Java-based animated ads from running automatically, as well as to flag suspicious website content.
  • Create multiple user accounts for each computer, including a “web surfing” account without administrative rights to install or modify software, and to block malicious exploit kits. Some firms have all desktop accounts for their employees configured without administrative rights for this reason.
  • Consider signing up with a Managed Services Provider (MSP) for a Managed Services Program that supplies anti-virus, anti-malware, and security patching, keeps these systems up to date, and manages the process for success—so you can focus on actually using your technology.

To learn more about the dangers of malvertising and other emerging cyber threats, contact us.

 

Know Your Enemy: These New Phishing Schemes are Hard to Spot

Thursday, April 16th, 2015

Information technology phishing schemes to be aware of SF Bay Area.

A friend called me recently to gripe about his personal email account. His ISP has done a pretty good job of virtually eliminating the annoying spam he used to receive (remember your inbox way back when?), but now he’s the target of two particularly relentless phishing schemes I’d like to share with you.

“Unsubscribe” with Caution

The first involves multiple emails supposedly selling products he’s not interested in—life insurance, home security systems, new tires, and more. Of course, the sender hopes that if my friend prefers to quit receiving these unwanted “offers,” he’ll click the prominently-placed “Unsubscribe” link. But hovering his mouse over the link reveals a bogus-looking URL—that with one double-click could infect his computer or smartphone with troublesome or dangerous malware.

My friend is obviously smart enough not to take the bait, but that isn’t stopping the scammer. They send multiple clusters of these emails several times a day. His ISP offers a Blocked Senders List to exclude unwanted emails, but this sender always uses a different return address made up of gibberish (such as “eirithtnydkr@prmdjentod.edu”) to evade blocking. He hopes this jerk will soon be arrested or just get tired of bothering him. Good luck with that.

Unfriendly “iTunes” Updates

The second scam involves Apple’s iTunes. My friend receives new music “updates” from “itunes@new.itunes.com” that include logos, fonts, and graphics very similar to genuine marketing emails from Apple. While he does often download music from iTunes, he’d rather not get these emails and was about to click that boldfaced “Remove Me” link—until he noticed the URL likewise had nothing to do with Apple or iTunes. Go to a phony iTunes website, input your username and password, and you’ve walked into a massive headache.

Why would iTunes be an inviting target for a scam? Because their customer service is notoriously bad, and without talking to a live customer service rep, an emergency—say, an unexpected $5,000 charge to your account—would be very difficult to fix. (In Apple’s defense, manning an efficient call center for the volume of iTunes customers around the world is nearly impossible). In the meantime, Apple warns the public to ignore all likely “spoof” emails that aren’t sent directly from “@apple.com.”

Everyone is a Target

My friend considers himself reasonably web-savvy and isn’t sure how he got on a mailing list of potential “suckers.” His best guess is that he’s been sending out resumes for quite a while and probably replied to a bogus online want-ad meant to collect email addresses.

As you know, at MPA we pride ourselves on the comprehensive email services we provide our customers and do everything possible to protect them from malicious phishing.

But crooks will never quit trying to find new ways to sneak past email security, and we’ll never be able to completely prevent human error—i.e., a careless click on the wrong link. Make sure your employees are always on guard.

The Single Most Reliable Method for Preventing a Ransomware Attack

Tuesday, December 3rd, 2013

RansomwareLast week, we wrote about the rise of Cryptolocker and Ransomware viruses, the new breed of malware virus infecting host computers through malicious email attachments, and spreading rapidly through its use of commercial-grade RSA encryption and Bitcoin, a universal, virtual currency. Unfortunately, it looks as if the problem will continue to get worse before it improves, and the security industry does not yet have viable solutions to stop every one of the malware’s many variants from infiltrating networks. As the crooks hire the world’s top programmers to create hundreds of new variations on a daily basis, fighting back may seem like a truly daunting task.

(more…)