Category Archives: Email

The Technology Blog

A New Year’s Resolution Fail

By | Cyber Security, Email, Uncategorized | No Comments

A New Year’s Resolution Fail

So your New Year’s resolution didn’t go as planned, don’t feel bad. When making or breaking a habit most people will stumble along the way. But what do we do after it goes from New Year’s resolution to New Year’s bust?

A-New-Year’s-Resolution-Fail

A New Year’s Resolution Fail

The Automatic Monthly Payment Catch

“Getting in shape” or “losing weight” are two common resolutions. Starting in December fitness clubs and gyms start their advertising campaigns to attract members, they know that the vast majority of new members will sign up in the next two months as they plan their New Year’s resolution. In the ads you’ll notice that more time is spent talking about rates, sign up fees, and easy monthly payments than there is about the services of the gym. With low or no sign up fee and easy automatic withdrawal payments of $10-15, gyms make it incredibly easy and affordable to join. But what happens after the initial fire to get in shape burns out? We miss one day, then another. A week goes by and we tell ourselves “next week I’ll go.” One week leads to another, leads to another, and the next thing you know a month has gone by and our resolution has been forgotten till next year. You may have stopped going, but that doesn’t mean you’ve stopped paying for it.
Did you know most people don’t remember to stop an automatic payment until one to two payments after they’ve stopped using the service? Remember to cancel automatic payments when you decide not to use the service. People lose money by paying for unused services all too often.

First Month Free Catch

While we’re on the topic of automatic monthly payments, it’s a good time to review “first month free” and “free trial” ads. Companies often use these ads to get people to use and then stay with their services. Usually when you sign up for the these free or trial periods you have to hand over your personal information and credit card number. Be Careful! Read the fine print before you enter you information! Many companies will automatically charge you after 30 days, whether or not you used their program or services during the free trial period. Set a reminder in your calendar to cancel or continue with the company after the free trial period. Rarely will the company send you a reminder that your free trial is coming to an end.

Look Before You Click

As always, check links and websites before clicking on them and entering any personally identifiable information. Cybercriminals know that people are looking to “lose pounds quickly” and for the “best home workouts” and set up fake ads to trick you into giving them your information.

Your first New Year’s resolution may not have gone the way you wanted. Make “being cybersecurity savvy” your new resolution.

CEO Fraud Scams And Why They Are Successful

By | Business Network Security, Email, Scams | No Comments

CEO Fraud Scams And Why They Are Successful

Everyone want to keep the boss happy. Staying in their good-graces means promotions, job security and, usually, a stress-free work environment. When an email comes through from the boss marked “Urgent” our hearts race and we play through different scenarios before we even read it. Turns out they’re extremely busy and need our help getting something done. Perfect, a chance to prove how valuable we are! In today’s world of sophisticated cyber fraud this scenario is ending poorly for more and more businesses.

CEO-Fraud-Scams-And-Why-They-Are-Successful

CEO Fraud Scams And Why They Are Successful

Why CEO Fraud Scams Are So Successful

CEO Fraud Scams, also known as CFO Fraud Scams or Business Email Compromise Scams (or BEC), are a type of cyber phishing scam performed by sophisticated cyber criminals that are skilled in social engineering tactics. Just two months ago, November of 2018, it was reported that the European cinema chain Pathé had fallen victim to a BEC scam that cost them over 19 million euros! That’s roughly $21.5 million U.S.! In the case of Pathé, cyber criminals impersonated company headquarter officials and convinced the CEO and CFO of their Dutch branch to transfer the funds over a series of money transfers. You may be asking yourself, how could business or upper management fall for such a scam? Well, the cyber criminals had done their research and had even created emails that almost exactly resembled the official Pathé domain. And, they did they used social engineering and convinced the Dutch branch CEO and CFO that the funds were for a confidential acquisition and that they couldn’t discuss the transfer with anybody in the company.

This is an extreme example of a CEO Fraud or BEC scam, but it shows the extent to which fraudsters and cyber criminals will go and the tactics they use to get at your business. Cyber criminals research, plan, impersonate upper-level management.

Don’t Become A Victim of CEO Fraud Scams

With over $12 billion dollars (FBI global estimate), odds are you and your business will be the target of a BEC scam. Protecting your business is a must! Developing IT security strategies for business is our specialty. Contact Us discuss implementing a plan to protect your business from advanced cyber security threats.

Cardless ATM Banking Scam

By | Email, Scams | No Comments

Cardless ATM Banking Scam

During the holiday shopping season we’re thinking about finding the perfect gift. When we do find the perfect gift for that special someone, whether online or in a store, we don’t need the experience ruined by our credit or debit card not working. Scammers and fraudsters know it too and they’re not taking the holiday season off!

Cardless-ATM-Banking-Scam

Cardless ATM Banking Scam

Scammers Use Fake Mobile Banking Alerts

Many of us, myself included, use mobile banking apps to quickly, easily and safely access our banking account information. So what do you do when you get a text or email saying your account has been “locked” with instructions to “unlock” it? Scammers are using this type of banking alert scam to rob unsuspecting victims at an alarming rate. So, before you begin to panic, take a deep breath and call your bank or credit union directly. Don’t use the number provided or click on any links in the text or email!

How Banking Scams Work

The first step the scammer takes is to convince you that your account is locked with an official looking text or email. Once you take the bait, they ask you to confirm your bank account and debit card information either on a fraudulent site (a website that they have created and appears to be your banks official site) or over the phone with a number they provide you. They ask you to confirm your card numbers, account numbers, passwords, PIN numbers, security questions and your personally identifiable information. After they have all your information they use it to withdraw money from Cardless ATMs. In some cases completely draining your accounts!

What Are Cardless ATMs?

Like the name implies, Cardless ATMs are ATMs that don’t require the user to use their debit or credit card to access their account and withdraw money. They aren’t common throughout the United States, but most larger banks and financial institutions are using them in more and more locations. While they are secure, no financial institution would knowingly use a risky device, scammers will always find a way to exploit new technology.

Avoiding Bank Scams

The best way to avoid these types of scams is to know what your bank or financial institution’s policies are. Know why your account would be locked, i.e. too many failed login attempts or suspicious account activity, and how they go about contacting you. If you do receive an email, text or phone call from someone claiming to be from your bank hang up or ignore it, then contact your bank directly.

Protect Your Company From Phishing Scams

By | Business Network Security, Email, Scams | No Comments

Protect Your Company From Phishing Scams

Phishing scams affect hundreds of businesses each year; compromising your company’s information and negatively affecting your reputation. Phishing is one of the most used and successful types of attacks on business because they target a company’s employees.

Protect-Your-Company From Phishing Scams

Protect Your Company From Phishing Scams

How phishing works

Typically, the cybercriminal sends an email to an unsuspecting employee that appears to be from a legitimate source: a coworker or IT support personnel, government agency, bank, a social media or networking site, even a friend or family member in an attempt to get them to click on an embedded link or open an attachment. If they click on the link they are often directed to a false website that appears to be legitimate in an attempt to get them to enter information that can be used to gain access to the company’s information.

What are cybercriminals after

When cybercriminals target a business through a phishing attack they rarely have a specific target employee. What they’re after is information that can be used to commit future crimes or that can be sold: client information, credit card numbers, usernames and password, and sensitive company information.

How to protect yourself and business

  1. Watch for impersonal greetings. Emails from “coworkers” that misspell your name or don’t address you by name should be confirmed with a supervisor. Generic greetings like “Hi” or “Dear Customer” are often red flags because a cybercriminal may not know your name or is sending out a bulk email.
  2. The use of threatening or intimidating language in an attempt to get you to perform an action such as following a link or sending personal information.
  3. Don’t open attachments! Phishing emails will contain attachments that contain malicious software. Attachments may be PDFs, zip.files, Microsoft Word or Excel.
  4. Check the link before you click. If in doubt of a link, scroll your mouse over the link to see the destination of the link. If the destination ISN’T from the website or company that sent the email, DO Not click on it!
  5. Make sure your employees know what to do if they receive a suspicious email and what company policy is in regards to private email use.

If you are a business owner or manage IT for your company, contact Pros 4 Technology to learn more and how to protect your business from phishing scams and threats.

How to Avoid Loan Fee Scams

By | Email, Scams, Social Media | No Comments

How to Avoid Loan Fee Scams

Everyday thousands of people research and apply for loans. You may be looking to buy a new car or house, get student loans to pay for college or refinance your home to consolidate debt. Whatever the reason for the loan, you need to borrow money and want the best interest rate and terms you can find. That’s just good financial sense. Unfortunately, fraudsters and scammers know it too!

shutterstock_1095874271-OPT 2

How to Avoid Loan Fee Scams

How Loan Fee Scams Work

If you’re looking for a loan, scammers know how to reel you in. They use emails, phone calls, online ads and even flyers posted in public spaces. They promise “guaranteed” low-interest rates, great repayment terms or that you qualify for a special program. They target new mortgages and home refinancing loans, student loan consolidation, debt consolidation loans, car loans, and government loans and grants. There are as many versions of this scam as there are loan types, which make them very effective. Once they have your attention with their too-good-to-be-true loan, they tell you that you need to pay a “processing fee” to secure your loan or a “one-time payment” to lock in your rate. You make your payment thinking you have the loan, only to discover that the vendor has vanished along with your money.

Tips on Spotting and Avoiding Loan Fee Scams

  • Real lenders post loan fees! If you’re applying for a loan be prepared to pay fees: application fees, credit report fees, appraisals, closing costs, etc. If there are fees that need to be paid they are only charged after you have secured the loan. Scam lenders try to get you to pay fees before you secure the loan. Any up-front fees are a cue to walk away and find a new lender.
  • Real lenders don’t offer guarantees! Real banks and lenders never guarantee a loan in advance of an application or credit analysis. Lenders will ask for financial records, job and salary info and pull credit reports before providing an interest rate and loan amount.
  • Real lenders don’t accept unusual payments! Real lenders never ask you to pay loan fees with Green Dot MoneyPaksiTunes cards, or by wiring money. This is a big red flag that the “lender” you’re talking to is a fraudster!
  • Research the lender! Scammers will pretend to be from an official organization or a known and trustworthy lending institution. They may even know enough about you and try and convince you that they are your current lender! Research the lending agency and check if the loan program that is being offered is real and legitimate. In the United State and Canada, all lenders and loan brokers must register where they do business. In the U.S. call your Attorney General’s Office  or your state’s Department of Banking or Financial Regulation. Report scams to the BBB. In Canada, visit the Canadian Securities Administrators website and perform a National Registration Search. Report scams directly to the Canadian Securities Administration.

Stop Cyber-Snoops & Peeping Toms

By | Cyber Security, Email | No Comments

Stop Cyber-Snoops & Peeping Toms

When you hear Peeping Tom, an image of someone hiding in bushes peering through windows probably comes to mind. A shadowy figure that preys on people and destroys their sense of privacy and security. What if, as you’re reading this, someone was watching you…

Stop-Cyber-Snoops-and-Peeping-Toms

Stop Cyber-Snoops & Peeping Toms

Hacking Your Webcam

In today’s world of smart phones, tablets, laptops, smart TVs and all manner of internet-enabled video and audio recording devices, the reality of someone hijacking your device is all too real. They’re Cyber-Peeping Toms, cybercriminals using your device’s built-in camera and microphone to spy on you and steal your personal information. It may sound like a conspiracy theory, but the threat to your personal information and privacy is real. In January of this year an Ohio man was charged and sentenced to 13 years in prison for hacking and remotely spying on people!

How Cybercriminals Take Control of Your Device

Cybercriminals use remote access Trojans, or RATS, which are a type of malware. RATs create a “backdoor” to your computer, providing the cybercriminal access to your device’s camera and microphone, files, and the ability to record keystrokes. Cybercriminals either create or purchase the malware online. The malware is then hidden in other applications that can be downloaded or attached to emails or embedded in an email link. Criminals will also attempt to by-pass your computer’s firewall to gain access to your webcam.

Why Cybercriminals Hack Your Webcam

The reason why a criminal hacks a database or an individual’s computer is to access private or personal information that they can use or sell. By hacking your webcam the criminal is spying on you during your most private and sensitive situations. If your using your computer for work or personal reasons, cybercriminals can gather information from watching, listening and recording that can be sold or used to blackmail you.

How to Protect Your Identity

  1. Know your devices’ features. From TVs and phones to doorbells and vehicles, more and more products are being made with micro-sized built-in cameras.
  2. Keep your devices safe! Use strong passwords and make sure antivirus software is up to date.
  3. Know what your security software covers. Not all security software is created equal, make sure yours protects against malware intrusions.
  4. Cover the lens. Use a small piece of electrical tape to cover the lens while not in use.
  5. Don’t click that link. When you receive an email from an unknown source, delete it! Don’t be tempted to open it or click on any links.
  6. Only download from a trusted site. Make sure your downloading from websites that you know and trust.

Cybercriminals are always looking for ways to steal your information and identity! They want to watch and listen in on your private moments when you think no one is watching. Don’t let them in! Contact Pros 4 Technology today to keep your network private and secure!

7 Ways to Protect Your Company Against BEC Scams

By | Business Network Security, Cyber Security, Email, Scams | No Comments

7 Ways to Protect Your Company Against BEC Scams

You receive an email from a supplier notifying you of an unpaid invoice and asking you to verify your account info so they can withdraw funds. As a responsible business owner, you immediately verify the info so you’re back in good standing with your supplier. You call your supplier rep to let them know you’ve paid the invoice and you hear the words “you don’t have an outstanding invoice.” By the time you call the bank the money is gone and there’s no way of getting it back.

protect-againstbusiness-email-scams-pros-4-technology

Protect Your Company Against BEC Scams

The Growing Threat of BEC Scams

This scenario is becoming all too familiar in today’s world of wire-transfers and automatic withdrawals. Business Email Compromise Scams, or BEC Scams, target businesses of all sizes. Scammers target business owners and employees, trying to get them to perform an action that sends money to the scammers account or send sensitive information that can be used for other crimes, like Identity Theft.  BEC Scams have become so problematic that the FBI has started to warn about them. The FBI assess total damage of BEC Scams at over $3 Billion and counting! In June of 2018, over 70 people were arrested in one coordinated, international BEC Scam investigation!

Why are BEC Scams So Effective?

People and businesses fall prey to BEC Scams because they’re sophisticated and start with gathering intelligence. Scammers typically compromise a CEO or upper management personnel’s email account and study the business and company procedures. Scammers figure out the best way to attack a company before striking. They target all aspects of a business, but typically focus on:

  • HR Departments – Scammers can gain access to employees’ personal information and W-2 forms
  • Accounts Payable – Scammers try and access company accounts and scam employees into transferring money
  • Upper Management & Owners – They’re the initial “in” for scammers. They have all the info and clearances with the least amount of checks and balances

Seven Ways to Protect Against BEC Scams

  1. Verify all changes or updates for account info and payment instructions to vendors and suppliers. 
  2. Maintain hard-copy files and contact lists! In today’s digital world it’s easy to overlook the need for paper. But keep a printed record of vendor contact information and discuss with your supplier representative how accounts payable will be handled.
  3. Train your finance and HR team. Write and implement an action plan for the handling of sensitive information and who is authorized to request it.
  4. Limit the number of employees that have access and authority to use sensitive information or transfer money.
  5. Use two-factor authentication methods wherever possible. It may seem like a hassle but spending a little extra time could save you thousands!
  6. For larger companies and wire-transfers, use out-of-band authentication to verify any and all wire-transfer requests.
  7. Foster open communication in the work place. Make sure your employees know that if they receive non-verbal requests to do something out of the ordinary, that they should question it! Double or even triple-check requests to send money or sensitive information, even if comes their direct boss or upper management!

Pros 4 Technology Can Help

Your business faces cyber threats every day! Let Pros 4 Technology assist you and your company. We want to make sure your company and data is safe from BEC scams and other threats. Contact us  today!

Four Ways to Secure Your LinkedIn Profile

By | Cyber Security, Email, Social Media | No Comments

Network Safely Online – Secure Your LinkedIn Profile

LinkedIn is the top name in professional networking and deservedly so.  Users have found jobs by posting their resume, expanding contacts and reaching out to obtain that dream job.  It’s Facebook for business professionals.

Many people forget, however, that it’s still an online network that requires personal identification information (PII) to form a profile.  LinkedIn is just as susceptible to security breaches and identity theft as any other social media platform. As recently as 2016 the site was hacked, affecting users with weak profiles and inadequate privacy settings.

The job search is stressful enough.  Using job search tools shouldn’t be. Four key actions can be taken to help secure your LinkedIn profile.

Secure your LinkedIn profile to network more safely online

Secure your LinkedIn profile and be wary of unusual connection requests and emails.

 1. Beware of Fake LinkedIn Connection Invitations

It’s flattering when a CEO wants to connect with you.  But if you don’t know the person, don’t connect.  Hackers create fake profiles to impress and connect with you so they can steal your PII. These things should make you suspicious of a connection invitation from someone you don’t know:

  • Spelling and/or grammatical errors
  • A name or photo of someone you don’t recognize
  • Job profile that doesn’t fit with the timelines on their job history

Bottom line, read their profile carefully and consider searching for the company’s website before accepting their invitation.

2. Be Wary of Phishing Emails

Those emails LinkedIn sends you notifying of job changes, job recommendations and connection invites? Most are real.  But hackers can fake those too. Never click an email link before verifying the sender. Also, take note of the following red flags:

  • Spelling and/or grammar issues
  • Your familiarity with the sender – is their identity questionable?
  • Links – Hover your cursor without clicking over links in the email. This shows you where the link actually goes. If it’s not what they say it is, its a scam. Don’t click!

3. Create Strong Passwords for Your Social Media Accounts

Creating and regularly updating strong passwords is essential for ALL of your online profiles.  LastPass is a password manager app that automatically generates strong passwords, and only requires you to login once. It fills in the specific, unique password for each of your online network profiles so you don’t need to remember them.  Repeatedly using a single password for all networks is a common security mistake that opens you up to hacking across all your online profiles.

4. Use Two-Factor Authentication

LinkedIn offers two-factor authentication for all users – you simply need to set it up. This is the single most important step in securing your account. Use the following steps to add this security feature to your profile:

  • Access your profile and scroll to the bottom.  Click the link that says ‘Manage your account and privacy.’
  • Under the ‘Login and security’ section, click ‘Two-step verification’ and enter a mobile phone number where LinkedIn can send you a security code by text message.  Enter this in at the prompts to turn the Two-step verification on.

These few extra steps can dramatically improve your profile security. You can make professional networking and the job search less stressful knowing that your identity is more secure in your online profiles.

What is a Social Engineering Attack?

By | Business Network Security, Cyber Security, Email | No Comments

What is Social Engineering?

In a social engineering attack, a cyber-criminal uses human interaction (social skills) in email messages, phone calls, or unannounced personal visits. This cyber attacker may be respectful and seem to be perfectly legitimate but will use psychological manipulation to trick victims into making security mistakes or giving away confidential information. He or she might claim to be an employee, repair person, researcher, or sales representative, and may even offer credentials. Regardless of how they contact you or who they pretend to be, this type of cyber-criminal has one goal: to obtain or compromise sensitive information about your organization or its computer systems.

Social Engineering Attacks Leverage Human Error

Social engineering attacks are especially dangerous because they rely on human error, not vulnerabilities in operating systems or software programs. By asking what may seem to be innocent questions, the cyber-criminal may be able to piece together enough information to infiltrate your organization’s network. The attacker will be persistent! If unable to gather enough information from the first source, he or she may contact another source within your organization, then use information obtained from the first source to bolster his or her credibility and build trust.

Social Engineering Attacks leverage human error to gain access to sensitive company information | Pros 4 Technology Blog

Social engineering attacks leverage human error to gain access to sensitive company information.

Social Engineering Attacks – Do’s and Don’ts

To avoid being the victim of a social engineering attack:

  • DO be suspicious of unsolicited email messages, phone calls, or visits from individuals asking about employees or other internal information.
  • DO try to verify the identity of an unknown individual. Directly contact the company the individual supposedly represents using a phone number or email address you know to be valid.
  • DO install and maintain anti-virus software, firewalls, and email filters to cut down on questionable traffic.
  • DO take advantage of anti-phishing features offered by your email server and web browser.
  • DO pay attention to website URLs. Though a malicious website may look identical to a legitimate site, the URL may use a variation in spelling or a different domain.

If anything at all about individuals or their questions seems suspicious:

  • DON’T respond to requests for personal or financial information.
  • DON’T click on links in email messages.
  • DON’T use contact information that’s provided on a website connected to the request.
  • DON’T send sensitive information over the internet before checking a website’s security.

Find more information on how to avoid being a victim of a social engineering attack on the U.S. Homeland Security Website.

I Think I’m the Victim of a Social Engineering Attack – What Should I do?

If you think you have revealed sensitive information about your organization:

  • Report it to network administrators and other appropriate personnel so they can be alert for suspicious or unusual activity.
  • Contact financial institutions immediately if you think accounts may have been compromised.
  • Promptly change any passwords you may have revealed. If you used the same password for multiple accounts, change it for each account. Don’t use that password in the future.
  • Close any accounts that may have been compromised.
  • Watch for unexplainable charges to accounts.
  • Report the attack to the police or government agency responsible for cyber-crimes, such as:

Advanced Fee Fraud – The Oldest Internet Scam

By | Email | No Comments

What is Advanced Fee Fraud?

Advanced fee fraud is a con. Scammers who employ this tactic (typically from foreign countries) promise you’ll receive a payment, but only after you pay a fee. For instance, you might receive an email saying you’ve won a new house, but before you can claim the prize, you need to pay taxes on it. You’d be wise not to believe this, but unfortunately, many people do. The cost to the many victims of this con is billions of dollars each year.

Advanced Fee Fraud: An Evolving Threat

This variety of scam has gone through many phases. It started with “snail mail,” a letter arrived in your postal box. Next, messages arrived by fax; today they arrive by email, and that includes your smartphone. Other varieties of this type of scam might include:

  • Fake lottery winnings
  • Inheritance notices
  • Job offers
  • Financial legal help
Advanced Fee Fraud is the oldest internet scam.

Advanced Fee Fraud is the oldest internet scam.

What Are Advanced Fee Fraud Victims Asked to Do?

The scammer will ask a potential victim to provide bank letterheads, account numbers, or other confidential identifying information. Initial requests for money will be followed by new requests for money, and it will only stop if the victim refuses. It’s possible for a scammer to acquire enough information to result in bank fraud. Advanced Fee Fraud scammers tend to work tirelessly for hours at a time to rack up payments.

Advanced Fee Fraud: Don’t be a Victim!

Pay a Fee So You Can Receive a Payment? Don’t Do It! Be suspicious of emails that:

  • Tell sob stories
  • Use poor English grammar
  • Contain spelling errors
  • Promise big money payoffs
  • Make appeals for financial help

Protect yourself! Never send money to strangers, provide personal information or account numbers to unknown persons or companies via email, and never try to retrieve lost money independently.