All posts by Carrie Kost

The Technology Blog

Time To Upgrade Your Wallet

By | Cyber Security, Identity Theft, Scams | No Comments

Time To Upgrade Your Wallet

We’ve all seen the commercials of people zooming through the checkout line with a simple “tap” of their credit card. You don’t have time to waste with swiping, inserting, and pin numbers. A simple “tap” and you’re on your way. It may make your shopping experience a breeze, but like all new banking technology scammers have found a way to exploit it.

How-To-Protect-Your-Identity & Credit Card

How To Protect Your Identity & Credit Card

The Traditional Pickpocket

In the 2015 film, Focus, there’s a great scene that shows a team of pickpockets easily separating people from their possessions. When we think of a “pickpocket” we probably think of some slight-of-hand work, misdirection, or an impish character straight out of a Charles Dickens novel. In today’s tech-savvy age, pickpockets don’t need any of these refined skills. All they need is a high-tech radio scanner and to be close enough to you to pick up the radio frequency emitted by your “tap and go” credit card. The technology of “tap and go” credit cards is known as Radio Frequency Identification Detection or RFID.  

How Radio Scanner Pickpocketing Works

It’s really quite simple and almost undetectable when it happens, making it a low-risk operation for a criminal. Your “tap and go” credit card emits a radio frequency that communicates your card information, this is how your card information passes to the credit card reader at the store. What criminals have discovered is that by using a radio frequency scanner they can steal your credit card information; card number, expiration date, security code, and the name on the card. All they have to do is have the scanner hidden on their person and get close enough for the scanner to pick up the frequency of the card.

How To Protect Your Identity & Credit Card

If you’ve ever read a travel guide book, one of the top ways they give for avoiding pickpockets is to conceal your documents, cash and checks in a travel belt wallet that can be hidden inside your shirt or pants. Essentially, it’s the same concept when it comes to protecting your identity and “tap and go” credit card from electronic pickpockets. There are several brands and styles of RFID blockers including wallets, purses and individual holders. Simply keep your “tap and go” credit in a RFID blocking case and criminals will not be able to electronically pickpocket you.

Not sure if your card is RFID enabled? The next time you’re in a store that is set up for “tap and go”, give it a try, but tP4he best way to be sure is to call your credit card company or bank and to ask.  

Defend Your Business Against Phishing Attacks

By | Business Network Security, Cyber Security | No Comments

Defend Your Business Against Phishing Attacks

We face cyber phishing attacks everyday. Most of us can spot the emails that come through our personal email accounts. The rich relative we never knew about, but wants to leave us “millions” if we only pay a small legal handling fee. The “too-good-to-be-true” sales and coupons that we need to download. But what about in our work and business life? What threat is posed by phishing attacks?

How-To-Defend-Your-Business-Against-Phishing-Attacks

How To Defend Your Business Against Phishing Attacks

Sophisticated Cyber Phishing Attacks

Phishing Attacks are one of the most common ways cyber-criminals infiltrate businesses. When it comes to gaining access to company information or using ransomware (malicious software that is used to hold a business network hostage until a ransom is paid), cybercriminals use advanced, sophisticated methods that aren’t easy to spot. These types of attacks are known as Advanced Persistent Threats, or APT.

What Are Advanced Persistent Threats?

Advanced Persistent Threat is the methodology behind sophisticated cyber-criminals. It is cyber-criminals playing the “long game.” Most of these types of attacks focus on particular businesses or entities and are not random. They are a culmination of research and the victim’s ability and willingness to pay. The best way to understand all the different facets of Advanced Persistent Threats is to talk about protecting your business from them at the same time.

How To Avoid Becoming A Victim of Business Phishing Scams

  1. Know Your Information – Do your employees know what information they can and cannot access? Do they know the value of the information? Do they respect current policies and procedures? Performing routine Risk Assessments will help you better understand the nature of the information your employees have access to and help you develop policies and plans to protect it. If your company handles large quantities of personally identifiable information or financial information of clients and customers, cyber-criminals will know it and makes your business more of a target. Make sure your employees know what your company policies are and the consequences for not following them.
  2. Keep Your Network Strong – You have all the bells and whistles you need to keep your network safe, or so you think. When was the last time you had your system tested? Having your network and its security tested by an expert can help find weaknesses that need to be addressed. Know which employees have access to what information. Audit positions and roles on an ongoing basis so that employees have access only to the information they need to do their jobs. By controlling and monitoring these access points, you’re adding layers of protection against phishing attacks.
  3. The Human Side of Network Security – With these Advanced Persistent Threats, cybercriminals are researching you, your employees, and your business. They’re looking for a way in. Oversharing on social media sites is one common way cyber-criminals gain information about your company structure and possible ways of constructing a successful phishing attack. Make sure your employees, especially upper-management, are aware of the threats posed by sharing company information on personal social media accounts. Training your employees on proper information sharing is key.
  4. Cyber Security Rules Everyone Should Follow
    • Check links and double check before you click. Take time to be sure of the source and the download. When people rush through tasks mistakes happen.
    • If you receive a phone call, text or email scam, report it! By reporting it you are making sure your colleagues and coworkers are on the alert.
    • Don’t be afraid to double check a request. Always err on the side of caution and make sure an information request is coming from a legitimate person who is authorized to receive the information.
    • Always have policies and procedures that are clear and concise. Too often business fall prey to phishing attacks because of personnel not following or understanding what company policy is.

Keep your business is safe from cyber phishing attacks. Contact us today to learn how we can help.

Vishing Scams

By | Scams, Smartphones & Tablets | No Comments

Vishing Scams

There are so many different types of cyber-scams out there. Over the last few months we’ve made it our mission to keep you safe by providing you with tips on avoiding cyber threats. This week, we continue our mission with the subject of Vishing Scams.

How-To-Avoid-Vishing-Scams

Vishing Scams

What Are Vishing Scams

Vishing (voice-phishing) scams or phone fraud scams are a very common form of fraud and identity theft. Vishing is low-tech, but it is one of the most successful types of scams because it targets the weakest link in the IT and cyber security chain – the human element. The scam doesn’t depend on sophisticated malware, but rather advanced social engineering tactics. Criminals and fraudsters use vishing scams to target individuals or businesses in order to obtain personally identifiable information, fraudulent payments, or other information that can be sold or used to commit other crimes.

Vishing Scams On Individuals

When targeting individuals through a vishing scam, scammers impersonate a representative of a business such as a bank, the police, or insurance company. They typically use information they obtained from a previous data breach so that they have just enough information about you to make the phone call seem legitimate. For example, the fraudster impersonates a representative from your bank. They call and tell you they just need to verify some information because they noticed irregular transactions. They then tell you a list of fake purchases and ask if it’s you. When you say “no” they ask you to confirm your account info so they can decline the transactions and just like that they have access to your bank accounts. The fraudster has used your fear of identity theft to commit identity theft against you.

The best way to protect yourself from Vishing Scams is to ask the caller to provide company info, their name and title, case number, and telephone number. After you have the caller’s information, hang up and confirm the information provided. Call back only if everything checks out.

Vishing Scams On Businesses

When scammers target a business using a vishing scam, they typically assume the identity of an account holder with the purpose of gaining access to the individual’s account. The account holder information has usually been obtained through identity theft or a previous data breach. Using their social engineering skills, the scammer calls the business and provides a believable backstory and gains access to the account. For example, they might tell the customer service representative that either they were recently in a car accident, their apartment or home was broken into or that they experienced a birth or death in the family and that they can’t remember their password or login info. Whatever the story, it will be emotionally charged and designed to create sympathy so that the representative doesn’t follow company policy. Next thing you know, the business representative has given temporary login information to a fraudster and criminal. In this case, the fraudster has used a sympathy play to get an employee to ignore company policy and procedures putting the account holder and the business at risk.

For businesses, no matter what size, the human element of IT and cyber security is one of the most critical. Most scams, from BEC Scams to Phishing Scams, are successful due to human error. Making sure your employees have the proper training and are fully aware of company policy and procedures are just as important as keeping your IT systems up to date and secure.

Protect your business with proven IT solutions. We provide system analysis, employee training, and Managed IT Services. Contact us to schedule a No-Cost Network Audit today!       

CEO Fraud Scams And Why They Are Successful

By | Business Network Security, Email, Scams | No Comments

CEO Fraud Scams And Why They Are Successful

Everyone want to keep the boss happy. Staying in their good-graces means promotions, job security and, usually, a stress-free work environment. When an email comes through from the boss marked “Urgent” our hearts race and we play through different scenarios before we even read it. Turns out they’re extremely busy and need our help getting something done. Perfect, a chance to prove how valuable we are! In today’s world of sophisticated cyber fraud this scenario is ending poorly for more and more businesses.

CEO-Fraud-Scams-And-Why-They-Are-Successful

CEO Fraud Scams And Why They Are Successful

Why CEO Fraud Scams Are So Successful

CEO Fraud Scams, also known as CFO Fraud Scams or Business Email Compromise Scams (or BEC), are a type of cyber phishing scam performed by sophisticated cyber criminals that are skilled in social engineering tactics. Just two months ago, November of 2018, it was reported that the European cinema chain Pathé had fallen victim to a BEC scam that cost them over 19 million euros! That’s roughly $21.5 million U.S.! In the case of Pathé, cyber criminals impersonated company headquarter officials and convinced the CEO and CFO of their Dutch branch to transfer the funds over a series of money transfers. You may be asking yourself, how could business or upper management fall for such a scam? Well, the cyber criminals had done their research and had even created emails that almost exactly resembled the official Pathé domain. And, they did they used social engineering and convinced the Dutch branch CEO and CFO that the funds were for a confidential acquisition and that they couldn’t discuss the transfer with anybody in the company.

This is an extreme example of a CEO Fraud or BEC scam, but it shows the extent to which fraudsters and cyber criminals will go and the tactics they use to get at your business. Cyber criminals research, plan, impersonate upper-level management.

Don’t Become A Victim of CEO Fraud Scams

With over $12 billion dollars (FBI global estimate), odds are you and your business will be the target of a BEC scam. Protecting your business is a must! Developing IT security strategies for business is our specialty. Contact Us discuss implementing a plan to protect your business from advanced cyber security threats.

How To Avoid Fake Warrant Scams

By | Scams | No Comments

There’s A Warrant For Your Arrest!

The other day I received a call from an unknown number and let it go to voicemail. With all the political and scam phone calls lately it’s become my standard practice. It’s easier to listen to the voicemail. This time, however, the voicemail was quite disturbing and left me calling my local sheriff’s office. The caller claimed to be with my local sheriff’s department and that there was a warrant for my arrest! Luckily, after calling my local sheriff’s office, it turned out to be a malicious scam.

How-To-Avoid-Fake-Warrant-Scams

How To Avoid Fake Warrant Scams

How The Warrant Scam Works

Sadly, these types of threatening phone call scams are becoming everyday occurrences. What’s even worse about Warrant Scams is that scammers and criminals typically target specific groups of individuals: the elderly, recent immigrants, people whose second language is English, and persons with past convictions.

The caller identifies themself as someone with your local sheriff’s office or police department. They may have a false badge number or other fake info to make it sound official. They then tell you that they are calling you because there is a warrant for your arrest due to a minor charge such as missing a Jury Duty summons. Now that they have you legitimately worried, they will tell you they are authorized to handle the matter in two ways, “Criminally” and “Civilly.” “Criminally” means they will come and arrest you at your home or workplace, which no one wants. “Civilly” means they will forego criminal charges if you pay a fine. Now that they’ve fooled you, they ask you to purchase a prepaid debit card and provide you with a number to call back in order to process your payment.

How To Avoid Fake Warrant Scams

The best way to avoid warrant scams and to not be a victim of scammers is to know that Sheriff’s Offices, Police Departments and Law Enforcement Agencies will not ask or demand payments to avoid arrest! If you receive a phone call from someone claiming to be with law enforcement demanding payment get as much information from the caller then call your local police department or sheriff’s office it report it or simply hang up!

Remember, scammers are criminals. Even if they know you are on to them, they will use intimidation tactics to get you to comply or give them your personal information. When receiving any unsolicited phone call, if you are suspicious of the caller in anyway, hang up and call the business, banking institution or law enforcement agency directly. It’s better to be safe than sorry!

Cardless ATM Banking Scam

By | Email, Scams | No Comments

Cardless ATM Banking Scam

During the holiday shopping season we’re thinking about finding the perfect gift. When we do find the perfect gift for that special someone, whether online or in a store, we don’t need the experience ruined by our credit or debit card not working. Scammers and fraudsters know it too and they’re not taking the holiday season off!

Cardless-ATM-Banking-Scam

Cardless ATM Banking Scam

Scammers Use Fake Mobile Banking Alerts

Many of us, myself included, use mobile banking apps to quickly, easily and safely access our banking account information. So what do you do when you get a text or email saying your account has been “locked” with instructions to “unlock” it? Scammers are using this type of banking alert scam to rob unsuspecting victims at an alarming rate. So, before you begin to panic, take a deep breath and call your bank or credit union directly. Don’t use the number provided or click on any links in the text or email!

How Banking Scams Work

The first step the scammer takes is to convince you that your account is locked with an official looking text or email. Once you take the bait, they ask you to confirm your bank account and debit card information either on a fraudulent site (a website that they have created and appears to be your banks official site) or over the phone with a number they provide you. They ask you to confirm your card numbers, account numbers, passwords, PIN numbers, security questions and your personally identifiable information. After they have all your information they use it to withdraw money from Cardless ATMs. In some cases completely draining your accounts!

What Are Cardless ATMs?

Like the name implies, Cardless ATMs are ATMs that don’t require the user to use their debit or credit card to access their account and withdraw money. They aren’t common throughout the United States, but most larger banks and financial institutions are using them in more and more locations. While they are secure, no financial institution would knowingly use a risky device, scammers will always find a way to exploit new technology.

Avoiding Bank Scams

The best way to avoid these types of scams is to know what your bank or financial institution’s policies are. Know why your account would be locked, i.e. too many failed login attempts or suspicious account activity, and how they go about contacting you. If you do receive an email, text or phone call from someone claiming to be from your bank hang up or ignore it, then contact your bank directly.

Shop With Confidence This Holiday Season

By | Cyber Security, Smartphones & Tablets | No Comments

Shop With Confidence This Holiday Season

The 2018 holiday shopping season is off to a great start with online sales leading the way. Cyber Monday far exceeded estimates with nearly $8 billion in sales! All of the ease and convenience of online shopping can quickly become offset by the added risk of identity theft. Every year during the holiday season, cybercriminals ramp up their efforts.

Shop-With-Confidence-This-Holiday-Season

Shop With Confidence This Holiday Season

We want you to shop with confidence this holiday season and enjoy your time with family and friends, not worrying if your credit or debit card has been compromised or someone has gotten hold of your social security number.

Quick Tips To Secure Online Shopping

  • Don’t buy on public WiFi.  Sitting in your favorite coffee shop and searching for the perfect gift you may be tempted to buy right there while you have wifi. Don’t do it! Public WiFi users are prime targets for scammers and criminals.
  • Make sure the door is locked. Make sure the site your buying on has the proper security to safeguard your personal information and payment information. Always check for the little lock symbol and “https” to the left of the url. If you don’t see it, don’t enter in any of your information since the site is not secure and hackers could get their hands on your information.
  • Go to the website. Many of us get emails from our favorite online stores telling us of great deals and sales. During the holiday season phishing scams rise dramatically because scammers know people are looking for those deals more than ever. If you see a deal you want to take advantage of, go directly to the site. If it is a legitimate sale it will be advertised on their site.
  • Keep those updates coming. Make sure you’re computer and devices are getting the proper security updates so they stay secure. With the increase of scams and online shopping during the holiday season it’s more important than ever to keep your devices up to date.

Businesses Keep Your Customers Safe

For many businesses, the holidays are their busiest season, especially retailers. Providing the best customer service and a warm, welcoming environment for your patrons is important. Don’t let a technology and cyber security issues bring a blue christmas. Pros 4 Technology can assist you in providing confidence in your cyber security and IT. Contact us to schedule a consultation and to discuss your tech needs.   

Finding The Best Tech Support For Your Small Business

By | Business Network Security, Cyber Security, Scams | No Comments

Finding The Best Tech Support For Your Small Business

Business of all sizes use devices of all types to run and operate. From accounting and payroll to invoicing and selling products online, in today’s fast paced world if you don’t run your business online you’re behind the times. Unfortunately, with so many things for business owners to focus on, IT and tech support often go overlooked.  

Finding-The-Best-Tech-Support-For-Your-Small-Business

Finding The Best Tech Support For Your Small Business

Why IT & Tech Support Are Important

You’re running your business, you don’t have time to think about tech support. But what happens when computer issues occur and your ability to conduct business comes to a grinding halt? You do an internet search for IT support to get your computer issues resolved and hope your back to focusing on the important aspects of running your business. You want your problems fixed and fixed fast. Hackers and scammers know it too and it’s why every year small businesses fall prey to a wide array of scams.  

Tech Support Scams

There are some of the common ways that scammers try and take advantage of small businesses.

  1. One way that cyber criminals target small businesses is by setting up fake tech support companies. The scammer then takes out an add so when you search for a tech support company, their “tech support” webpage shows up near the top of the results. When you contact them they request access to your computer and a fee for their services. After taking your money, they may fix the problem, but they also access your business info.
  2. Scammers use popups saying that your computer or device has been infected by a virus. Usually they claim to be from a trusted IT security company or computer company. They provide a phone number for you to call in hopes that you fall for the scam and give them access to your computer.
  3. Scammers will also use old fashioned cold-calling claiming to be representatives from a tech support company. They tell you your computer has been affected by malware or a virus and that they can remove it for a small fee. 

Find A Trusted Local Tech Support Company

Many small business believe that they either don’t need tech support or that it will be too expensive. If you have company information stored on a computer or do online transactions, you need to protect your business. The best place to look for tech support is from a trusted local company. Local tech support companies typically offer a variety of options and will know which is best for your business needs. It’s not a question of IF computer issues will occur, but WHEN computer issues occur. Don’t wait, contact Pros 4 Technology today to discuss your business’ cyber security.

How To Create Strong Passwords

By | Business Network Security, Cyber Security | No Comments

How To Create Strong Passwords

In the world of internet security and prevent cyber crimes one of the most important things to do is to create strong, unique passwords. Just doing an internet search for “preventing identity theft” or “protecting against cyber crimes” will bring up countless sites offering advice. At or near the top of every list of how to protect yourself will be, passwords. In this week’s post we’ve combined our years of experience and the latest expert advice from tech experts on the best practices for personal passwords.

How To-Create-Strong-Passwords

How To Create Strong Passwords

Why a Strong Password is Needed

A strong, unique password is your first line of defense against identity theft and cyber criminals. Hackers and cyber criminals use many techniques to gain access to your online accounts, including programs that will keep guessing passwords from a predetermined list until one is successful. Once they have access to your account they will try and use the same password to gain access to your other accounts.

Unique Password

The vast majority of people come up with one or two passwords that they use for multiple or all of their online accounts. It might be a very difficult password to guess, something like “Jtk34Nm!78.” They think that because the password is so hard to randomly guess that it is a strong password and use it for all their accounts, thinking they can’t be hacked. However, if a hacker does figure out your password they now have access to all your accounts. Creating a unique password for each online account is essential.

Using Passphrases

The old standard advice when creating a password was to use a combination of letters (both upper and lower case), numbers and symbols. We were told to start with a word and then substitute numbers and symbols to create the password. So what started as the word “elephant” would be El3P@n# by the end. Not very easy to remember. Instead of relying on complex, hard to remember passwords, try using passphrases. Passphrases are long, complex passwords without all the numbers and symbols. Instead of writing “elephant” as “El3P@n#” using a passphrase you would use “elephantsgocrazy.” Complex, long, and unique.

Password Manager Programs

Since we all have multiple online accounts, remembering and managing passwords can be a monumental task. Using a password manager removes the hassle. Just remember, make sure the password for the password manager is strong and unique (and write it down in a safe place if you’re afraid of forgetting, don’t store it on a device!).

Multi-Factor Authentication

When possible use multi-factor authentication to secure your devices and accounts. The type of multi-factor authentication depends on the service or device. Some, like emails, will text you during the sign in process with a confirmation number. You can set your smartphone to require your thumbprint before purchases. Check your accounts and wherever possible set up multi-factor authentication for added protection.

iTunes Gift Card Scams

By | Scams | No Comments

A Warning About iTunes Gift Card Scams

The most important thing for you to learn from this week’s blog post is this: Apple support personnel will never ask you to pay for anything using a gift card! Now here’s why.

iTunes-Gift-Card-Scams

iTunes Gift Card Scams

How Gift Card Scams Work

The Set Up: You’re busy Tweeting, Snapping, texting emojis or binging your favorite show on Hulu when it all comes to a crashing halt! Your internet freezes. Before you can even bring up Settings you receive a text from someone claiming to be with Apple support. The text conversation may go something like this.
Scam Text: Hello, I’m from Apple Support. There is an issue with your phone’s ability to connect to the internet. Call Apple Support to get the issue resolved.
Your Text: Thank you, I am having issues. I’ll call right away.
Scam Text: Glad I can help. My direct line is 1-800-555-1234.
Little do you know that it’s the scammer that has managed to freeze your phone and is now hijacking it to rob you of money.

The Scam: You call the 800 number and everything seems legit. The scammer is friendly and acts like they’re looking into things. They tell you they’ve found the issue and you can purchase something to fix the issue. They may say it’s an upgrade, downloadable software or that your account has an outstanding balance. Next, the scammer tells you how much it will cost and that you’ll need to use iTunes gift cards for payment and to call back once you’ve purchased the gift cards. You run to the nearest store, buy the iTunes gift cards and call back. The scammer has you read the gift cards numbers and says they will be processing processing your payment and fixing the issue.

One of two things happen after the scammer has removed the funds from the gift cards:
The scammer ends the phone call and it’s not until later when the issue is unresolved that you discovered you were scammed
After “running” your payment, the scammer tells you the issue is still unresolved and you’ll need to purchase something else to fix it hoping you’ll buy more gift cards.

Spot & Stop The Scam

The most important thing to spot the scam is to remember that Apple support personnel will never ask you to buy anything with a gift card! The second most important thing is to keep your phone up to date with updates. Apple has regular updates for all their products that help protect them from scammers and hackers’ attempts to gain control of your phone.