Hurricane Harvey

Hurricane Harvey hit hard and especially Houston, TX got badly flooded. The death toll is rising and you can also count on low-life cyber-scum exploiting this disaster.

Disgusting.

Scammers are now using the Hurricane Harvey disaster to trick people in clicking on links on Facebook, Twitter and phishing emails trying to solicit charitable giving for the flood victims.

Here are some examples:

  • Facebook pages dedicated to victim relief contain links to scam websites.
  • Tweets are going out with links to charitable websites soliciting donations, but in reality include links to scam sites or links that lead to a malware infection.
  • Phishing emails dropping in a user’s inbox asking for donations to #HurricaneHarvey Relief Fund.

Previous disasters have been exploited like this, and the bad guys are going at it again will all guns blazing. Be wary of anything online covering the Hurricane Harvey disaster in the following weeks.

I suggest you send employees, friends and family an email about this Scam Of The Week, feel free to copy/paste/edit:

“Heads-up! Bad guys are exploiting the Hurricane Harvey disaster. There are fake Facebook pages, tweets are going out with fake charity websites, and phishing emails are sent out asking for donations to #HurricaneHarvey Relief Funds that they keep for themselves. 

Don’t fall for any scams. If you want to make a donation, go to the website of the charity of your choice and make a donation. Type the address in your browser or use a bookmark. Do not click on any links in emails or text you might get. Whatever you see in the coming weeks about Hurricane Harvey disaster relief… THINK BEFORE YOU CLICK.

3 Types of Cyber Crimes

Cyber criminals can compromise your computer system in different ways. Many people are left feeling powerless after having their privacy infringed by cyber criminals through hacking, malicious malware, and identity theft. The effects of cybercrime can be quite upsetting and daunting for victims including organizations, corporations, national/federal governments and individuals. The best defense against acts of cyber criminality is through awareness and education of different types of cyber crimes and how they are carried out.

The 3 most common types of cyber-crime are;

  1. Cyber-bullying

This is one of the most common cyber crimes in the World. Cyber-bullying is responsible for causing catastrophic effects on victims including death. Many people including international celebrities, business moguls and politicians have fallen victim to cyber-bullying in one way or the other. Cyber-criminals don’t hesitate to engage in offensive behaviors such as stalking, hurling insults, posting hurtful posts/images/videos on victims’ timeline, or even sending abusive texts/emails/messages online. Stalkers can make an individual’s life miserable due to their tendency of intimidating, instilling fear, offending or harassing their victims. As a matter of fact, there have been cases whereby people commit suicide after being cyber-bullied on their social media accounts.

  1. Identity theft

Criminals are becoming smarter with the advancement of technology. They are using all manner of tricks including celebrity deaths scams, hacking, phishing and malware to engage in identity theft for financial benefits, vengeance against personal vendetta or even taint people’s reputations. Identity theft is a major global menace. Cyber criminals use their computers and skills to gain unauthorized access to your personal information including name, date of birth, photographs, address, bank accounts, pin numbers, or national social security details in order to execute their evil plans. Resultantly, they use your personal information to commit all sort of crimes including fraud, intimidation, wiping out your bank accounts, claim government benefits, acquire property or lodge fraudulent claims in your name. Identity theft can be quite distressing both emotionally and financially for victims.

  1. Online scams

The internet has become a hub for hackers, tricksters, and fraudsters. Cybercriminals are quick in taking advantage of different social media platforms to fleece their unsuspecting victims. They always come up with new online scams including dating scams, celebrity deaths scams, job opportunities scams, prize scams, money making scams and threats & extortion scams among many others. Regrettably, millions of curious people across the globe keep losing money to these dishonest online scams.

Other common types of cyber crimes include; Email spam, phishing, hacking, Denial of Service (DOS Attack), Computer Intrusion, Social Engineering, Masquerading,  Smurf Attack, Fraggle Attach and Email Bombing among others. In order to protect yourself against such cyber crimes, desist from responding to unexpected celebrity deaths scams hyperlinks or try to subscribe/unsubscribe from suspicious emails, text, or even calls.

IN ALL THREE EXAMPLES – THINK BEFORE YOU CLICK!

For more information and security awareness training contact support@cloudplusservices.com or call 888.871.6584

7 Urgent Reasons For Creating A Human Firewall

Employees are your last line of defense and need to become an additional security layer when (not if) attacks make it through all your technical filters.

1. Ransomware heads the list of deadly attacks

SANS’ Ed Skoudis said the rise in ransomware was the top threat. “We’ve seen this can bring down a whole network of file servers and we expect many more attacks”. His advice is that companies practice network security “hygiene” and limit permission for network shares to only those jobs that require it. And of course train your users within an inch of their lives.

2. Phishing leads the IRS dirty dozen of scams

The Internal Revenue Service rounded up some of the usual suspects in its annual look at the Dirty Dozen scams you need to watch out for this year. It should come as no surprise that the IRS saw a big spike in phishing and malware incidents during the 2016 tax season because the agency has been very public about its battle with this scourge.

3. CEO Fraud / W-2 Scams is their close second

Just this month the IRS issued another warning about what it called dangerous, evolving and very early W-2 scams that are targeting a widening swath of corporations, school districts and other public and private concerns. High-risk users in Accounting and HR need to be frequently exposed to simulated attacks using email, phone and text to inoculate them against these attacks.

4. Phone Scams

Your users need to be trained that when they pick up the phone, the person on the other end might be a criminal hacker that tries to manipulate them into getting access to the network. They impersonate “Tech Support” and ask for a password, or pretend to solve technical problems and compromise the workstation.

5. Your Antivirus is getting less and less effective

We all had the nagging suspicion that antivirus is not cutting it anymore, but the new Virus Bulletin numbers confirm your intuition. Virus Bulletin (VB) is the AV industry’s premier “insider site”, and shows how good/bad endpoint detection rates are, but VB also covers spam filters, and tests them on a regular basis.

Both antivirus (aka endpoint protection) and spam filter tests are published in quadrants graphing the results. What most people do not know, is that participants in this industry all share the same samples, and it’s often just a matter of who gets the definition out first, because soon enough everyone else has that malware sample and blocks the hash.

The problem? Proactive detection rates have dropped from about 80% down to 67-70% over approx 9 months.

Now you might think that if AV does not catch it, your spam filter will. Think again.

One in 200 emails with malicious attachments makes it through. That puts the potential for malware making it in your users’ inbox into the millions… every day.

6. The Internet Of Things

Your users need to understand the nature of connectedness. Both consumer and commercial devices are using wireless protocols to connect to each other and the internet, with vendors rushing products to market without proper security features.

Your employees need to be trained to change the default passwords and disable remote access. If your organization has anything to do with critical infrastructure, users need to be aware of the risks and do fire drills so they are prepared for any kind of attacks against the IoT.

7. Over-reliance On Web Services

This break down in two different flavors. First, shadow-IT where employees completely bypass the IT department and create their own storage and services: an invitation to a host of vulnerabilities and data breaches that IT cannot control. Employees need to be enlightened about the dangers of shadow-IT and understand the risks.

Second, web-apps and mobile apps are increasingly vulnerable to attacks while talking to third-party services. There’s no actual certainty that apps are connecting to the expected entity, or if a man-in-the-middle stepped in, stealing data, and possibly returning false information. This is a problem that developers need to solve with industry-strength handshaking and encryption protocols.

_________________________________________________________________

If you are not a Cloud Plus Services customer yet. I strongly suggest you get a quote for new-school security awareness training for your organization and find out how affordable this is. You simply have got to start training and phishing your users ASAP. If you don’t, the bad guys will, because your filters never catch all of it. Get a quote now and you will be pleasantly surprised.

https://www.cloudplusservices.com/security-technology-training.html

Scam Of The Week: Tech Support Claims Your Hard Disk Will Be Deleted Warn your employees, friends and family…

Symantec warns that tech support scams are getting more sophisticated by the month: “These scams remain one of the major and evolving forces in the computer security landscape. Between January 1 and April 30 this year, the Internet Crime  Complaint Center (IC3) received 3,668 complaints related to tech support scams, which amounted to adjusted losses of almost US$2.27m.”

So, what is this new scam?

A warning that a victim’s hard drive will be wiped of all data… unless, of course, they call the fake customer support number. This scam kicks off when a user visits a compromised website. Immediately, it tries to scare the victim with an unusual tactic, Symantec explains:

“The web page displays a fake ‘hard drive delete timer’ that warns the user that their hard drive will be deleted within five minutes. A warning audio tone is also played in the background, which again warns the user that their system is infected.”

The scam also displays a pop-up alert in the browser that the user’s computer has been infected by a virus and that they must call a support number to resolve the issue.”

I suggest you send this to your employees, friends and family. Feel free to copy/paste/edit:

“Bad guys are coming up with new ways to scam you out of your money all the time. Their latest trick is a Tech Support scam that puts a big warning screen on your computer, claiming that if you do not call the support number, your whole hard disk will be deleted in 5 minutes.

There are variations of this scam, that claim they are your Internet Service Provider, or claim to be Microsoft and you need an urgent update you need to call in for, or they show you a blue screen that claims your computer needs to be repaired. There is always a number to call, and these scammers will try to put hundreds of dollars on your credit card.

Don’t fall for it! If you see error messages on the screen, follow policy and contact the person in your organization responsible for IT problems. If you see this on a computer at the house, ignore these messages and do not call the fake tech support number!”

From January 1 2016 through October, Symantec’s IPS blocked more than 157 million tech support scams. Their figures also showed that the countries targeted the most by tech support scams were the US, UK and Canada.

Think Before You Call with this resent scam! To sign up for Security Awareness Training and information go to www.cloudplusservices.com.

Scam Of The Week: Insidious New IRS Social Engineering Attack

“There is an insidious new IRS scam doing the rounds. They send you a phony IRS CP 2000 form and claim the income reported on your tax return does not match the income reported by your employer. This is meant to get you worried. To confuse you further, the bad guys claim this has something to do with the Affordable Care Act.

You might receive emails with attached phony forms, text messages and even live calls to your phone about this! You need to know that the IRS will never initiate contact with you to collect overdue taxes by an email, text message or phone call.

If you get any emails, text messages, old-time snail mail or even live calls about this, do not respond and/or hang up the phone. If you receive a “CP 2000” form in the mail and doubt this is legit, you can always call the IRS at 1-800-366-4484 to confirm it is a scam.”

October Cyber Security Awareness Month!

Today’s threats are more sophisticated then ever before.  All types of organizations and information are being targeted.  Attackers exploit vulnerabilities in software and use malware to further their attack objectives.

Cybercrime is big business, by many estimates, cybercrime is now a US$1 trillion dollar industry. Every organization with digital asset is vulnerable to attack, and the growing sophistication of cybercriminals and their evolving tactics only increases the change of a security breach involving the theft of sensitive data.

This entire month I will be posting current threats that could possibly impact your business, family and lively hood.  And here is your first head’s up:

A new Ransomware that pretends to be from a fake organization called the Central Security Treatment Organization has been discovered.

When the Central Security Treatment Organization, or Cry, Ransomware infects a computer it will encrypt a victim’s files and then append the .cry extension to encrypted files. It will then demand approximately 1.1 bitcoins, or $625 USD, in order to get the decryption key.

Think Before You Click!

If your considering Security Awareness Training contact me via email @ support@cloudplusservices.com 

 

Welcome to Cloud Plus Services

Hello my name is Tina Louise Penn, CEO of Cloud Plus Services established in 2005. I opened my  consulting business providing state of the art technology by assisting small and mid-size business to migrate to the cloud in healthcare, legal,financial,construction, manufacturing and high-tech.

From assessment, planning and implementation we are committed that our clients discover newly that their business will expand in ways they never experience before and get excited as they were the first day they opened their business.

I am an advocate of educating my clients and audience in security training, effective and productive environments that will increase their revenue.  It is my desire that you find my posts insightful , I look forward to getting to know you and your needs as you powerfully grow your business and obtain new insights for your personal use in the world of technology.