Cyber Security Tips Over The Holidays

Cyber Security Tips Over The Holidays

Cyber Security Tips Over The Holidays

cyber-security-laptop

What should you be doing over the holiday period to keep yourself safe in cyber security? We outline a few simple tips to follow.

Shop smart with online purchases

  • Avoid purchasing from sites you don’t know; can you really trust that they aren’t selling your data elsewhere?
  • Avoid using links in emails to shopping sites advertising specials, instead navigate to main site yourself. These links could be redirects to dodgy versions which will harvest your passwords and other data.
  • Always relevant but particularly during the spending season; monitor your bank card statements for any suspicious activity (They might be easier to miss with all the spending for holidays).

Shared Wi-Fi networks

When travelling avoid using public Wi-Fi unless necessary. Free Public Wi-Fi is a particular problem for travellers as attackers know they are likely to connect to anything that is available (as often there is no other option).

Downloading Unknown Apps

During the holidays you have plenty of free time, right? Well careful what apps you download and ensure you only download from official sites like Google Play Store and App Store. Avoid free hotel apps as these often just subscribe you to more spam emails or maybe worse.

Two Factor Authentication

Although this is a trend that should definitely be implemented all year round (it involves setting up your phone as a confirmation when logging into an online service) it’s particularly important if you are travelling on the holidays as you will be notified immediately by the two-factor app or any unexpected login. This allows you to quickly login to the account and change the password, if it’s been compromised.

Don’t post about holiday times or locations on social media

Attackers knowing where you are at any particular time is definitely not good thing, and although it might be very tempting to notify friends on where you are, this makes you an easy target for which the data can be used in many unexpected ways.

Phishing Email Scams

Again, this occurs all-year-round but during the holiday season crafty email phishers may be able to use your Out of Office reply message to their advantage. For instance, knowing when you’ll be out of the office until is valuable information that can be used in a phishing attack. For example – you’re not contactable so the attacker sends a ‘sense of urgency’ email asking a staff member to change payment details.

Need more help or information?

Click the link below to contact us at Plus 1.

Open Hours

Monday to Friday
8:00am to 5:00pm

Closed Public Holidays

plus-1-logo

If you need to get us documents quickly, access remote support, or the MYOB Portal click the button above.

Contact Us

27 Welsford Street
Shepparton, VIC 3630

T: (03) 5833 3000
F: (03) 5831 2988
Email Us

Email Scams – 8 Ways to Avoid Them!

Email Scams – 8 Ways to Avoid Them!

Email Scams – 8 Ways To Avoid Them!

Spam emails make up approximately 45% of all emails every day, that’s 14.5 billion messages (spamlaws). This means it’s a large issue for almost all internet users, business and personal.
Below we will go over the best tips for picking out those pesky emails so you can best protect yourself and your business. The biggest key to defeating spam emails are education of users, you can have the best spam filter in the world but it’s not guaranteed to block all scam emails without blocking legitimate emails.

1. Don’t Trust The Display Name

Email addresses can be ‘spoofed’ and what I mean by that is they can be altered to make it appear like they have come from a legitimate source even though it has come from the scammer. The email address might even appear to be exactly the same!

For example, look at the below from address in a scam email we received;

The email appears at first to be a legitimate email from a Xero email address but they have actually spoofed Xero’s domain and the actual email is from stephen@aetherworkbooks.com.

2. Hover Over Links Within The Email

A key part of scammers emails are malicious links within emails. Often, they will make it appear like a legitimate link, maybe it has the correct logo or the wording is exactly the same as NAB’s for instance but the link will very often redirect to site where the criminals can capture your data. Sometimes there is only very small differences in the URL address of the fake links compared to the real link.

 Have a look at the below example taken from the same scam email as shown above;

When I hovered over the INV-7309009 link it shows clearly that it doesn’t go to a Xero address but this unknown aetherworkbooks address. A standard rule to follow is if you don’t recognise the link’s address don’t click it.

3. Email Is Not Personalised

The salutation of the email can often be a giveaway, scam emails a majority of the time will not address the recipient personally (as the are sent in bulk by nature) and will say something similar to “Dear Client” or “Dear Valued Customer”.

4. Grammar Mistakes

Email scammers are getting better at these mistakes but its an easy way for us to pick out a good chunk of illegitimate emails. Often these scammers don’t have a native English language so their vetting process of emails isn’t great. Remember these scam emails can come from organised groups too, so they can also be quite close to the real thing.

5. Sense Of Urgency

Scammer like to use a fear tactics where they make you think you are in immediate danger, for example a particular software has expired or your Microsoft account has been hacked. This aims to make you act irrationally without thinking through the situation and follow the scammer’s requests to resolve the issue quickly.

6. Time The Email Was Sent

Ever notice how you receive a lot of junk mail at night? Well this is a key sign the email isn’t legitimate, how many contacts do you know that would email you at 4am in the morning? 2 out of the 3 biggest country spam sources are the United States and Russia (Spamhaus), obviously being in completely different time zones to Australia.

7. Asking For Personal Information

This might seem like an obvious point but many people continue to get tricked into giving their details to strangers claiming to ‘help’. Remember legitimate companies will never ask for your personal data over email and even if it looks like a trusted organisation like the NAB or Government you should never give personal information out. If the scammer doesn’t use your personal details you give them, they will often sell your details on the black market for other illegitimate organisations to pickup and abuse.

8. The Sender Doesn’t Know The Addressee

One of the key things to think about with any suspicious email whether it be yourself or someone you know; is whether the recipient is expecting and email from this person and/ or do they know the sender’s address? So many scam emails can be eliminated by simply asking yourself that question. Although this doesn’t cover all bases and as mentioned above email addresses can be spoofed to make it look like an address you know, it still gives you a good starting point and gets you in the frame of mind to question these scam emails.

All of these tips can be followed quite easily by anyone, and honestly the biggest hurdle to continually beating scammers is awareness and education which I hope this article has provided!

Open Hours

Monday to Friday
8:00am to 5:00pm

Closed Public Holidays

plus-1-logo

If you need to get us documents quickly, access remote support, or the MYOB Portal click the button above.

Contact Us

27 Welsford Street
Shepparton, VIC 3630

T: (03) 5833 3000
F: (03) 5831 2988
Email Us

The Rise of Ransomware – Are you Protected?

The Rise of Ransomware – Are you Protected?

The Rise of Ransomware – Are you Protected?

Ransomware has become an increasing problem particularly for small to medium businesses in the last few years with ransomware attacks being increased by 97 percent of the last 2 years (Source Phishme). Ransonware generates over $25 million in revenue from hacking organisations every year (Source Business Insider) and proves that this isn’t a problem that will just go away. Businesses in particular, need to act to ensure they have a clear understanding and action plan if effected by ransomware. A number of Preventative measures are available and will be outlined further in the article.

What is Ransomware?

Ransomware by definition is a form of malware/virus that prevents users accessing their systems or data until a some of money is paid to the attacker.
Below is an example of what the program looks like when the attackers have taken access to your data;

Notice that Bitcoin is the only used payment method, this is due to Bitcoin being incredibly hard to be traced and is therefore is the primary payment method for cyber criminals.

How Does Someone Become Infected by Ransomware?

Similar to any other malware, ransomware can often be prevented by proper protocols and procedures on the user’s end.

  • It can infect systems via email – when an unsuspecting user downloads a malicious link off an email which may run an executable program.
  • Ransomware can also be spread by an infected website where a drive-by downloading occurs when the user loads the page.
  • Social media is also another culprit when links are shared and opened by unsuspecting phone users, without thinking a lot of the time.

 

How can I / We Prevent Ransomware?

  • Make sure you have a strong anti-virus and firewall installed for each computer and this is kept up-to-date. Firewalls will prevent users opening sites that can cause harm, anti-virus software will scan for any infected files on your computer.
  • Install content filtering on your mail servers (Spam Filter), this will prevent a large portion of the inbound scam emails.
  • Regularly make sure all software and systems are up-to-date. A key way attackers can get attackers can get access is through out of date software.
  • Train users to be more aware of what dangerous emails and website look like so they can avoid dangerous links. Be sure to contact your IT specialist if you are unsure of any emails or links before opening them. There are also a number of great user training programs out there to help with this, Knowbe4 is one of the best.
  • Be aware that most financial brokers now offer cyber insurance which can cover a range of things including ransomware.

 

What About if I Become Infected by Ransomware?

For a start it is highly recommended that you do not pay the ransom, it only funds and encourages these attacks further when they are paid. Also, there is no guarantee you will get your data back even if you do pay (it is quite common for this to happen).

Make sure you keep regular backups of all necessary/sensitive data on your system. Although it can be pain to restore backups for a whole system (and some data may lost) it is the easiest method to getting around ransomware if your become infected.

If you need more information of help regarding ransomware to don’t hesitate our team at Plus 1 on 03 58333000 or via email to plus1@plus1group.com.au

Open Hours

Monday to Friday
8:00am to 5:00pm

Closed Public Holidays

plus-1-logo

If you need to get us documents quickly, access remote support, or the MYOB Portal click the button above.

Contact Us

27 Welsford Street
Shepparton, VIC 3630

T: (03) 5833 3000
F: (03) 5831 2988
Email Us

Bank Details Scam

Bank Details Scam

Bank Details Scam

SCAM ALERT – Changes to bank details sent by email

Fraudsters are now monitoring websites or emails and using tricks to mimic usernames & signatures.  These spoofing tools to make it appear as if the email has come from you/your business.
They then send emails out advising that the bank details have changed and that the customer needs to update the records urgently.

There have been a number of cases locally where businesses have been caught up in these scams. The emails appear legitimate and may even have the name of a company employee, Director or Owner.

We strongly recommend that you always verify any information sent in this way. The most secure way to do this is a quick phone call to the supplier asking them to confirm their details. Often, they may not even be aware their emails have been compromised in this way.

Scammers now changing business invoices containing bank details

Fraudsters are constantly making their crimes sophisticated. Their latest efforts involve phishing emails allowing them to hack your personal or business email accounts.

They then monitor your email account for an opportunity to intercept an invoice. For example, when you are purchasing goods and awaiting on an invoice or email, or if your business is sending an invoice by email.

The scammers intercept the email, change the bank details on the invoice and send it on for payment. In many cases, they use spoofing to make the email address seem credible and trustworthy. Spoofing changes a letter or domain in the email address to make it appear legitimate.

The recipient pays the invoice thinking it comes from a legitimate source, when in fact the money is paid into the scammer’s account.

Advice from Plus 1 Group regarding bank details

Please be aware that should our banking details change we will NEVER communicate this via email.

Should you ever receive any email announcing a change in bank details or notice that our details have changed on our invoice, please contact us immediately to verify you are sending payment to the correct bank before you pay.

We have taken this step to secure our business and strongly recommend to our clients that they do likewise. One of the simplest steps your business can take is to always verify any change of bank details for employees, customers or suppliers by phone. If you reply to the email sent to you to verify the request, you would just be sending it back to the scammers.   

If you would like any further information, please contact our office on 5833 3000.

Open Hours

Monday to Friday
8:00am to 5:00pm

Closed Public Holidays

plus-1-logo

If you need to get us documents quickly, access remote support, or the MYOB Portal click the button above.

Contact Us

27 Welsford Street
Shepparton, VIC 3630

T: (03) 5833 3000
F: (03) 5831 2988
Email Us

Cyber Security Tips

Cyber Security Tips

Cyber Security Tips

Below are some tips for making you and your business safer and more secure when it comes to cyber security.

Password Security

Set long and complex passwords, these days your passwords should at the very least be 8 characters in length, include special characters, number and upper-case and lower case letters.
Ensure you change the passwords for the accounts you regularly use.
Don’t use same password for different sites/ logins.
Use a password management program for lots of passwords if you are struggling to remember them all. Good examples include LastPass for cloud storage and KeePass for locally stored passwords.

Two Factor Authentication

Setup two factor authentication on important accounts. This provides an extra layer of defence against attacks by ensuring you need a separate form of authetication (usually a phone app request or email). If for some reason your email password gets hacked you’ve still got the last line of defence of denying the login requests from your phone or other email account. Almost all email providers and banks have two factor authentication as standard and you should expect that feature when signing up.

Insecure Sites & WiFi

Be careful connecting to insecure sites, for example does it have the lock symbol in the left-hand side of the address bar (see below)? If not make sure you know the site otherwise it could be harmful.
Also, be wary of open WiFi networks (e.g. free McDonalds WiFi). Free public networks are quite easy for hackers to take advantage of as these often have little to no security. If you do need to use them, make sure to forget the network by going into your settings and removing the connection once you are finished so your phone doesn’t automatically connect again when it’s in range.

Awareness Training

Whether you employ staff or not it is worthwhile investing time into making yourself and those around more you educated on scam threats. Suspicious email requests and phone calls are particularly common so being aware of the common ‘tells’ as this makes a lot of difference in guarding yourself and business.
You can check out the below government links to keep abreast of the latest scams;
https://www.ato.gov.au/general/online-services/identity-security/scam-alerts/
https://www.consumer.vic.gov.au/resources-and-tools/scams
https://www.scamwatch.gov.au/

Policies and Procedures

Update policies & procedures to have a set process for changing key data (such as bank account payments). This is particularly key against scam emails and phone calls that attempt to make you act irrationally in panic by stating “You’ve been hacked! click here to change your bank details”.
A good plan is to have multiple people to go through when changing details, this way if one person doesn’t pick up on the scam the next person does. Also confirming whether these scams are legitimate by contacting the alleged sender and verbally confirming the change (e.g. calling the NAB if the email appears to have been sent as coming from them).

Software Updates

Ensure your applications and operating systems are kept up-to-date with the latest patches. Software developers often release patches for their software that has become vulnerable to security flaws and these are necessary to keeping you and your data safe.

Backups

Ensure you are running some form of backup for your company data. Your backup strategy will vary depending on the size of your company and the type of data being backed up. The more sensitive the data the more often it should be backed up, smaller businesses may only need to backup once a week whereas larger organisations should be backing up daily. All businesses should ensure they are taking offsite backups, and test their backups every 6-12 months to ensure they are in working order.

Open Hours

Monday to Friday
8:00am to 5:00pm

Closed Public Holidays

plus-1-logo

If you need to get us documents quickly, access remote support, or the MYOB Portal click the button above.

Contact Us

27 Welsford Street
Shepparton, VIC 3630

T: (03) 5833 3000
F: (03) 5831 2988
Email Us