Monthly Archives: January 2018

The Technology Blog

What is a Social Engineering Attack?

By | Business Network Security, Cyber Security, Email | No Comments

What is Social Engineering?

In a social engineering attack, a cyber-criminal uses human interaction (social skills) in email messages, phone calls, or unannounced personal visits. This cyber attacker may be respectful and seem to be perfectly legitimate but will use psychological manipulation to trick victims into making security mistakes or giving away confidential information. He or she might claim to be an employee, repair person, researcher, or sales representative, and may even offer credentials. Regardless of how they contact you or who they pretend to be, this type of cyber-criminal has one goal: to obtain or compromise sensitive information about your organization or its computer systems.

Social Engineering Attacks Leverage Human Error

Social engineering attacks are especially dangerous because they rely on human error, not vulnerabilities in operating systems or software programs. By asking what may seem to be innocent questions, the cyber-criminal may be able to piece together enough information to infiltrate your organization’s network. The attacker will be persistent! If unable to gather enough information from the first source, he or she may contact another source within your organization, then use information obtained from the first source to bolster his or her credibility and build trust.

Social Engineering Attacks leverage human error to gain access to sensitive company information | Pros 4 Technology Blog

Social engineering attacks leverage human error to gain access to sensitive company information.

Social Engineering Attacks – Do’s and Don’ts

To avoid being the victim of a social engineering attack:

  • DO be suspicious of unsolicited email messages, phone calls, or visits from individuals asking about employees or other internal information.
  • DO try to verify the identity of an unknown individual. Directly contact the company the individual supposedly represents using a phone number or email address you know to be valid.
  • DO install and maintain anti-virus software, firewalls, and email filters to cut down on questionable traffic.
  • DO take advantage of anti-phishing features offered by your email server and web browser.
  • DO pay attention to website URLs. Though a malicious website may look identical to a legitimate site, the URL may use a variation in spelling or a different domain.

If anything at all about individuals or their questions seems suspicious:

  • DON’T respond to requests for personal or financial information.
  • DON’T click on links in email messages.
  • DON’T use contact information that’s provided on a website connected to the request.
  • DON’T send sensitive information over the internet before checking a website’s security.

Find more information on how to avoid being a victim of a social engineering attack on the U.S. Homeland Security Website.

I Think I’m the Victim of a Social Engineering Attack – What Should I do?

If you think you have revealed sensitive information about your organization:

  • Report it to network administrators and other appropriate personnel so they can be alert for suspicious or unusual activity.
  • Contact financial institutions immediately if you think accounts may have been compromised.
  • Promptly change any passwords you may have revealed. If you used the same password for multiple accounts, change it for each account. Don’t use that password in the future.
  • Close any accounts that may have been compromised.
  • Watch for unexplainable charges to accounts.
  • Report the attack to the police or government agency responsible for cyber-crimes, such as:

Advanced Fee Fraud – The Oldest Internet Scam

By | Email | No Comments

What is Advanced Fee Fraud?

Advanced fee fraud is a con. Scammers who employ this tactic (typically from foreign countries) promise you’ll receive a payment, but only after you pay a fee. For instance, you might receive an email saying you’ve won a new house, but before you can claim the prize, you need to pay taxes on it. You’d be wise not to believe this, but unfortunately, many people do. The cost to the many victims of this con is billions of dollars each year.

Advanced Fee Fraud: An Evolving Threat

This variety of scam has gone through many phases. It started with “snail mail,” a letter arrived in your postal box. Next, messages arrived by fax; today they arrive by email, and that includes your smartphone. Other varieties of this type of scam might include:

  • Fake lottery winnings
  • Inheritance notices
  • Job offers
  • Financial legal help
Advanced Fee Fraud is the oldest internet scam.

Advanced Fee Fraud is the oldest internet scam.

What Are Advanced Fee Fraud Victims Asked to Do?

The scammer will ask a potential victim to provide bank letterheads, account numbers, or other confidential identifying information. Initial requests for money will be followed by new requests for money, and it will only stop if the victim refuses. It’s possible for a scammer to acquire enough information to result in bank fraud. Advanced Fee Fraud scammers tend to work tirelessly for hours at a time to rack up payments.

Advanced Fee Fraud: Don’t be a Victim!

Pay a Fee So You Can Receive a Payment? Don’t Do It! Be suspicious of emails that:

  • Tell sob stories
  • Use poor English grammar
  • Contain spelling errors
  • Promise big money payoffs
  • Make appeals for financial help

Protect yourself! Never send money to strangers, provide personal information or account numbers to unknown persons or companies via email, and never try to retrieve lost money independently.

USB Drives & SD Cards Are a Security Threat

By | Business Network Security, Cyber Security | No Comments

Take Precautions With USB Drives and SD Cards

USB Drives and SD Cards: Small, quick, easy to use, AND RISKY!

The convenience of USB drives and SD cards makes them increasingly popular for transferring data from one computer to another. However, they can just as easily be lost, stolen, or infected with viruses or malware. Sadly, anyone can lose personal or otherwise sensitive information if they don’t take precautions when using these convenient devices.

A USB Drive Can Easily Infect Your Computer

USB Drives and SD Cards can infect computers by using malicious code (malware) which detects when a USB drive is being used. Once the infected drive is in use, the malware goes to work, and it’s likely you won’t even realize your computer has been infected. The stealthy malware runs behind the scenes while you use your computer, harvesting sensitive data such as passwords, encryption keys, and other information stored on your computer’s memory.

USB drives and SD cards are a security threat to your computer Pros 4 Technology Blog

USB drives and SD cards can infect your computer with viruses or malware.

How can I protect my data from an infected USB drive?

The good news is, there are many precautions you can take to make your computer less vulnerable to attacks.

  • Never use a USB drive you did not purchase yourself, especially on a computer containing private or sensitive data, and any machine you use for work.
  • Use a password or encryption on your USB drive as soon as you purchase it.
  • Keep personal and business USB drives separate.
    • Don’t use personal USB drives on computers owned by your organization.
    • Don’t plug USB drives containing corporate information into your personal computer.
  • Use a firewall!
  • Be sure to use and maintain security software and keep it up to date.
  • Use anti-virus and anti-spyware software and keep virus definitions up to date.
  • Disable auto run, which allows removable media (CDs, DVDs and USB drives) to run instantly when inserted into a drive. Disabling this feature can prevent malware on an infected device from opening automatically.

These precautions can go a long way in protecting your sensitive data while allowing you to benefit from the convenience USB drives provide.