Categories
Cloud Services IT Security

Red Flags: How to Spot a Business Email Compromise Scam

Simplicity and high returns—these sum up why Business Email Compromise schemes are attractive to cybercriminals. True enough, this attack vector has been greatly exploited, as evidenced by the amount of money that victims lost to it in 2016. According to a report by the FBI released in May 2016, victims lost $3 billion to BEC scams. In 2017, we predict that BEC will remain a prominent threat and will be used in more targeted scams.

One of the types of BEC scams is CEO fraud, wherein the perpetrators spoof or hack into the e-mail of an organization’s executive in order to initiate a fund transfer to their own accounts. While, it’s not technically sophisticated, organizations should step up their defenses against this type of scheme, and one of the ways is being able to identify the signs that an e-mail message is being used in CEO fraud. Here’s what you should watch out for to keep the threat at bay:

bec-red-flags

A spoofed sender domain

CEO fraudsters usually register a domain similar to its target. If the target e-mail is name@company.com, a scammer may use a variation such as name@company.au.net or slightly change the spelling into name@cmpny.com.

An urgent e-mail subject requesting immediate fund transfers

Based on our detections, BEC scams typically use subject lines that imply urgency regarding payment inquiries or fund transfers such as:

  • Payment  – Important
  • Payment Notice
  • Process Payment
  • Quick Request
  • Fund Payment Reminder
  • Wire Transfer Request
  • Bank Transfer Enquiry

Position of the e-mail sender

Cybercriminals employing CEO fraud typically pose as someone influential in an organization. Based on our data, e-mails used in BEC usually appear as if they came from the Founder and President, COO, CEO, and Chief Executive.

Body of the E-mail

In CEO fraud, scammers make it appear as if the fund transfer is urgently needed and should be executed as soon as possible. In addition, pay attention to e-mails asking for fund or wire transfers to an account that’s different from ones normally used for that specific transaction.

A message may appear out of place or it may be timely as BEC scammers use social engineering tactics in order to create believable messages, hoping to persuade victims to just act on the supposed request without verifying it. That’s why it’s always important to err on the side of caution, especially when corresponding over e-mail regarding matters involving funds, payments, transfers, and other crucial information.

BEC Safety Tips

While these red flags seem obvious, in most cases, they are harder to identify. BEC perpetrators design emails to be as realistic as possible. For instance, email domains may be spoofed to mimic the ones used by the target organization or those used by legitimate companies. Scammers also use social engineering and other information gathering methods to be more familiar with the ins and outs of an organization.

Aside from being on the lookout for these signs, here are tips on how you can further protect your organization from BEC:

  • Always verify. It always pays to confirm details with the parties involved, especially when it comes to messages that involve fund transfers. It’s also important to note that some BEC schemes are employed using a hacked account, which further stresses the need for protocols that include verification other than email. Non-email methods may include communicating via phone, text messaging, and chat programs or applications.
  • Instead of clicking on Reply, use the Forward feature and type in or select from your contacts list the e-mail address of the person you’re replying to. This is to ensure that you are not replying to a spoofed address.
  • Have mail security solutions in place. The tricky part with e-mails used in BEC scams is they don’t necessarily carry a malicious payload. With that being said, it’s advisable to go for solutions that not only detect dangerous attachments but also have social engineering correlations and a context-aware approach to email detections.

The naked eye can only do so much in trying to spot a BEC e-mail, and having email security solutions can help greatly in thwarting BEC schemes.

Credit: Trend Micro https://www.trendmicro.com/

Categories
Security

Unlocking the Digital Treasure Chest: The Magic of Password Managers

Ah, the modern age – where technology has granted us access to a treasure trove of information and online experiences. From streaming our favorite movies to shopping for that pair of shoes we’ve had our eye on, the digital world is our oyster. But, there’s a catch: every virtual door comes with a lock, and those locks, my friends, are called passwords!

In a world where even our pets have Instagram accounts (well, some of them do), managing passwords can become quite the circus act. But fear not, because we’ve got the backstage pass to the greatest show on the web: password managers! Strap in, folks, as we take you on a rollercoaster ride through the colorful world of these digital doormen.

1. Password Managers: The Unforgettable Memory Masters

Let’s face it, folks – we’ve all been there. That moment when you realize you’ve forgotten yet another password. Your brain resembles a sieve, and you’re left desperately trying to recall whether your first pet’s name was Mr. Whiskers or Sir Fluffington. With a password manager, you can finally let your brain off the hook. These nifty apps remember your passwords so you don’t have to! So, now you can spend less time on forgetful trips down memory lane and more time doing what you love online.

2. Fingerprint? Facial Recognition? Bah, We’ve Got Master Passwords!

Remember when you could only access secret lairs in spy movies with a retinal scan or fingerprint? Well, guess what? Password managers have upped the ante. They use a master password, and suddenly, you’re the secret agent of your own digital life! Just remember to make your master password a tough nut to crack – using “password123” just won’t cut it.

3. The Quest for the Holy Grail: Strong, Unique Passwords

We all know that using “123456” or “password” as your password is as secure as a cardboard lock on a bank vault. Password managers whip up strong, unique passwords for each of your accounts. Say goodbye to easily guessable passwords and hello to cryptographic, alphanumeric masterpieces that only a computer could create. Plus, you don’t have to worry about remembering them all – the password manager does it for you!

4. Cross-Platform Magic

Password managers don’t discriminate when it comes to your devices. They work seamlessly across your computer, smartphone, and tablet. It’s like having your own magical wizard who can unlock any door in any realm!

5. Autofilming, Not Auto-tuning

Have you ever autotuned your password? If so, we’re impressed – and a little worried. With a password manager, you don’t have to do that anymore. They can automatically fill in your login credentials for you, ensuring you never have to sing your passwords again.

6. Less Stress, More Security

Remembering a multitude of strong, unique passwords for all your online accounts is like juggling flaming torches while riding a unicycle on a tightrope above a pool of hungry crocodiles. Password managers make it all a lot less stressful. You can rest easy, knowing your accounts are safe and sound with ironclad passwords.

7. The Great Synchronization Show

Password managers offer synchronization, so your passwords travel with you wherever you go. Whether you’re traveling to a remote island or simply from your home office to the living room couch, your passwords are there, waiting to unlock your virtual adventures.

In conclusion, password managers are like your trusted digital butler, ensuring your online experiences are secure, stress-free, and downright enjoyable. They transform the treacherous world of passwords into a whimsical, organized circus that you’ll want to visit time and time again. So, give one a try and embark on a magical journey through the digital realm, where every door opens with a wave of your master password.

Categories
Cloud Services Security

Common security issues from fake emails

CEO Fraud Scams and Invoice Redirect Scams are two common types of cyber scams that have been on the rise in recent years. These scams can be particularly damaging to businesses, as they can result in significant financial losses. In this blog post, we will discuss these scams in more detail and provide tips on how to prevent them, specifically in the European or Irish market.

CEO Fraud Scams: CEO Fraud Scams, also known as Business Email Compromise (BEC) scams, involve criminals impersonating a CEO or another senior executive of a company to trick employees into making fraudulent payments. These scams can take many forms, including fake invoice requests, requests for wire transfers, or requests for employee payroll information.

To prevent CEO Fraud Scams in the European or Irish market, businesses should:

  • Train employees: Educate your employees on the dangers of these scams and how to identify them. Teach them to verify requests through a separate channel before making any payments.
  • Implement strict verification procedures: Implement strict verification procedures for all payment requests, including requiring multiple levels of approval and verification by phone or in person.
  • Limit access to sensitive information: Limit access to sensitive information, such as employee payroll information and financial records, to only those who need it to perform their job duties.

Invoice Redirect Scams: Invoice Redirect Scams involve criminals impersonating a supplier or vendor and sending a fake invoice to a business, requesting payment to a different bank account. These scams can be particularly effective as they appear to be legitimate and often use realistic-looking logos and branding.

To prevent Invoice Redirect Scams in the European or Irish market, businesses should:

  • Verify all payment requests: Before making any payments, verify the authenticity of the invoice and the payment instructions by contacting the supplier or vendor directly using a known phone number or email address.
  • Implement two-factor authentication: Implement two-factor authentication for all online payments, requiring an additional verification step to prevent unauthorized access to payment systems.
  • Monitor financial accounts: Regularly monitor your business’s financial accounts for any suspicious activity, such as unauthorized payments or transfers.

In conclusion, CEO Fraud Scams and Invoice Redirect Scams are two common types of cyber scams that businesses in the European or Irish market should be aware of. By implementing the prevention tips outlined in this blog post, businesses can protect themselves from these scams and prevent financial losses. Remember to stay vigilant, educate your employees, and verify all payment requests to keep your business safe.

Categories
Security

Secure Your Data: Why Backing Up Office 365 is Crucial for Businesses

In today’s digital age, data has become an integral part of our lives, both personal and professional. With businesses relying heavily on cloud-based services such as Office 365 for their day-to-day operations, it has become crucial to ensure that their data is secure and backed up. In this blog post, we’ll be discussing the importance of backing up Office 365 and some of its key benefits.

Why is backing up Office 365 important?

Office 365 is a cloud-based service that provides users with access to various applications such as Word, Excel, PowerPoint, and Outlook. The data stored in these applications includes emails, documents, contacts, calendars, and other important information. While Microsoft provides a robust security system to protect this data, it is still susceptible to data loss due to various factors such as accidental deletion, cyber-attacks, and malicious insider threats.

Accidental Deletion:

Employees may accidentally delete important emails, documents, or contacts, resulting in data loss. While Office 365 has a recycle bin that retains deleted items, it only keeps them for a limited time. Once the items are purged from the recycle bin, they cannot be retrieved, leading to permanent data loss.

Cyber-Attacks:

Office 365 is a popular target for cybercriminals due to the sheer volume of data stored in it. Cyber-attacks such as phishing, ransomware, and malware can result in data loss, corruption, or theft.

Malicious Insider Threats:

Internal employees with malicious intent can also cause data loss or theft. They may intentionally delete or corrupt data, steal confidential information or leak sensitive data.

Key benefits of backing up Office 365:

  1. Data Recovery:

The primary benefit of backing up Office 365 is that it ensures that your data is recoverable in case of accidental deletion, cyber-attacks, or insider threats. A backup solution provides multiple recovery options, enabling you to restore your data to a specific point in time, thereby minimizing data loss.

  1. Compliance:

Many organizations are bound by legal and regulatory requirements to maintain data backups. A backup solution ensures that your organization complies with these requirements and avoids penalties for non-compliance.

  1. Cost-Effective:

Data loss can be expensive for businesses, with estimates suggesting that it can cost up to $3.9 million per incident. Backing up your data is a cost-effective way to protect your business against data loss and minimize the associated costs.

  1. Peace of Mind:

Backing up your data provides peace of mind, knowing that your data is secure and recoverable in case of any unforeseen events. This allows you to focus on your business operations without worrying about the loss of critical data.

In conclusion, backing up Office 365 is critical to ensuring the security and recoverability of your data. A backup solution provides multiple benefits, including data recovery, compliance, cost-effectiveness, and peace of mind. By implementing a robust backup solution, businesses can safeguard their critical data and avoid the potential costs and reputational damage associated with data loss.

Get started today with a Free Trial of Office365 or Google Workplace backup
Categories
Security

Phishing emails, your likely to get one!

Phishing is one of the most common and dangerous types of cyber attacks, and it’s important that we all know how to protect ourselves from these threats. If you want to avoid falling victim to a phishing attack, here are a few tips to keep in mind:

  1. Be cautious of emails from unknown sources: If you receive an email from someone you don’t know, be careful before opening it or clicking on any links it may contain. Hackers often use phishing emails to trick people into revealing sensitive information or downloading malware.
  2. Look for signs of authenticity: If you do receive an email from a source you’re familiar with, be sure to check for signs of authenticity. Is the sender’s email address spelt correctly? Are the logos and branding consistent with what you’d expect from the company? If anything seems off, it could be a phishing attempt.
  3. Don’t reveal personal or sensitive information: One of the main goals of a phishing attack is to trick you into revealing sensitive information, such as your login credentials or financial information. Be sure to never provide this type of information in response to an email or online request.
  4. Use a reputable antivirus program: Antivirus software can help protect you against phishing attacks by identifying and blocking malicious links and downloads. Make sure to use a reputable program and keep it up to date.
  5. Enable two-factor authentication: Two-factor authentication adds an extra layer of security to your accounts by requiring you to enter a code sent to your phone or email in addition to your password. This makes it much harder for hackers to gain access to your accounts, even if they manage to obtain your login credentials.

By following these tips, you can help protect yourself and your sensitive information from phishing attacks. Stay vigilant and always be on the lookout for suspicious emails or online requests, and you’ll be well on your way to avoiding these dangerous threats.

Categories
Security

10 Tips for a Secure and Successful Work-From-Home Setup

Are you one of the millions of people around the world who have transitioned to working from home due to the pandemic? If so, you know that while it has its perks (hello, pajama days), it also comes with its own set of challenges, including maintaining a secure and productive home office.

Fear not! Here are 10 tips to help you stay safe and get things done while working from home:

  1. Use a VPN: A virtual private network (VPN) encrypts your internet connection, helping to protect your data from cybercriminals.
  2. Enable two-factor authentication: This adds an extra layer of security to your accounts by requiring you to enter a one-time code (in addition to your password) to log in.
  3. Keep your software and devices up to date: Regularly updating your operating system, antivirus software, and other important programs can help protect against vulnerabilities and malware.
  4. Use strong and unique passwords: Don’t reuse passwords, and use a password manager to generate and store strong, random passwords for all of your accounts.
  5. Secure your Wi-Fi network: Use a strong, unique password for your Wi-Fi network and consider using a secure protocol like WPA2.
  6. Be cautious with emails and links: Don’t click on links or download attachments from unknown or suspicious sources.
  7. Protect your device: Keep your devices physically secure and consider using a security solution like a webcam cover to prevent spying.
  8. Avoid public Wi-Fi: Public Wi-Fi networks are often unencrypted and can be a prime target for hackers, so avoid conducting sensitive tasks on them.
  9. Use a firewall: A firewall helps to protect your device from incoming network traffic that could contain malware or other threats.
  10. Disconnect when you’re not using your device: When you’re not using your device, disconnect it from the internet to help reduce the risk of cyberattacks.

By following these tips, you can help keep your home office setup secure and focus on getting your work done!

Categories
Security

How to create a successful bring-your-own-device (BYOD) policy

Are you tired of constantly being tethered to your work computer? Want to be able to check your work emails from the comfort of your couch (or beach, no judgment here)? If so, a bring-your-own-device (BYOD) policy might be the perfect solution for you and your organization.

But before you start bringing in your personal devices willy-nilly, it’s important to have a solid BYOD policy in place to ensure everyone is on the same page. Here’s how to create a successful BYOD policy that will keep your company’s data secure and your employees productive:

  1. Define the scope of the policy: It’s important to clearly outline which devices and types of data are covered by the policy. Will employees be allowed to use their personal laptops for work purposes? What about tablets and smartphones? Make sure to specify which devices are acceptable and which ones aren’t.
  2. Establish guidelines for device security: Your company’s data is only as secure as the devices it’s stored on. Require employees to use strong passwords and enable device-level security features such as screen locks and biometric authentication.
  3. Set rules for accessing company data: Clearly outline the acceptable ways for employees to access and share company data on their personal devices. Can they download company files to their personal laptop? Are they allowed to access company emails through their personal smartphone? Make sure to set clear guidelines to protect company data.
  4. Communicate the policy to employees: Make sure all employees understand the expectations and guidelines outlined in the BYOD policy. Hold a training session to go over the policy and make sure everyone is on the same page.
  5. Monitor and enforce the policy: Use device management tools to monitor compliance and enforce the policy as needed. It’s important to make sure everyone is following the rules to keep company data secure.
  6. Review and update the policy regularly: As technology and employee needs change, it’s important to regularly review and update the BYOD policy to ensure it remains effective and relevant.

Implementing a BYOD policy can be a game-changer for both your employees and your organization. Just make sure to follow these guidelines to create a successful policy that keeps everyone happy and productive. Happy device-ing!

Categories
Security

A beginner’s guide to cybersecurity: tips and best practices

Are you new to the world of cybersecurity and feeling a little overwhelmed? No need to panic! We’ve got you covered with this beginner’s guide to cybersecurity tips and best practices.

First things first: what is cybersecurity? Simply put, it’s the practice of protecting your devices and online information from cyber threats such as hackers, viruses, and malware. In today’s digital world, cybersecurity is more important than ever to keep your personal and financial information safe.

So, where do you start? Here are some basic tips to get you on the right track:

  1. Use strong passwords: One of the easiest ways to protect your accounts is by using strong, unique passwords. Avoid using personal information like your name or birthdate, and mix in numbers, symbols, and upper and lower case letters to create a secure password.
  2. Enable two-factor authentication: Two-factor authentication adds an extra layer of security by requiring you to enter a code sent to your phone in addition to your password when logging in to certain accounts. This helps prevent hackers from accessing your accounts even if they manage to guess your password.
  3. Keep your software and devices up to date: Cybercriminals are constantly finding new ways to exploit vulnerabilities in software and devices. By keeping your software and devices up to date with the latest security patches, you can help protect yourself against new threats.
  4. Be careful what you click on: It’s easy to fall victim to phishing scams, which are emails or websites that look legitimate but are actually designed to trick you into giving away personal information or downloading malware. Be wary of links in emails and texts, and double-check the web address before entering sensitive information on a website.
  5. Use a reputable antivirus program: Antivirus programs can help protect your device from malware and other online threats. Make sure to choose a reputable program and keep it up to date to ensure maximum protection.

Remember, cybersecurity is a constant battle, but by following these basic tips and best practices, you can help protect yourself and your personal information online. Stay safe out there!

Remote Support

Remote Access to your PC
60
00
+ VAT
  • Inital Check
  • Up to 40 mins
  • List Item #3
Popular

Remote Support

Remote Access to your PC
90
00
+ VAT
  • Inital Check
  • Up to 80 mins
  • List Item #3

Remote Support

Remote Access to your PC
120 + VAT
  • Inital Check
  • Up to 120 mins
  • List Item #3
Popular

Remote Support

Remote Access to your PC
160
00
+ VAT
  • Inital Check
  • Up to 40 mins
  • List Item #3