Blog

top feature image

Phishing Email – What to look for

I just received this email today and it is a typical example of how you should be diligent about checking the validity of any email from unknown or suspicious sources before you consider clicking on anything but delete. See below a screen shot of an email that I received this morning from “Apple Service” and some pointers to call out a few of the obvious errors that would indicate that this email is not actually from Apple. Since we know that Apple is meticulous about its image and branding, it makes it easier to detect anomalies that would not meet their high standards and therefore obviously fraudulent. It is a clear case of a phishing email that is designed to create a sense of urgency to entice the end user to react quickly by clicking on the link to get this “resolved” before they lose access to their precious Apple services. Unfortunately, every day people ignore the signs of deceit and fraud and take the bait. Nothing good happens after clicking a malicious link and many people never fully recover.

Let’s have a look at this phishing email in more detail:

Phishing Email Example
  1. The email is From: [Icloud]Apple Service <admin@centplasticmfg.com>
    1. All of Apple’s iSeries of products use a convention of lower case “i” followed by the product - iCloud, iPhone, iPad etc. This is not the case in the friendly name in the email address where they use Icloud. Apple is very particular about their marketing and would never allow this to go out to their customers.
    2. The email address is coming from <admin@centplasticmfg.com> which is not an Apple domain and would not be used by Apple. This is likely a legitimate email address from an unsuspecting company that the hackers are using to hide their tracks and get around email relaying restrictions so they can deploy the phishing email.
    3. It may not be as obvious to some, but a company would never use an admin account to send out a general-purpose email to customers. All admin accounts have a specific purpose, which typically involves elevated access rights, so industry best practices would prevent any legitimate organization from using it in this situation.
  2. Subject: account blocked!!!
    1. While the 3 exclamation points at the end of the phrase are convincing and generate a sense of urgency, nothing here looks legitimate. Apple would never send out an email with a subject line like this.
  3. Apple logo
    1. Apple is very image conscious and would never allow a distorted Apple logo, like the one shown in this email, to be sent to its customers. This is a bad copy/paste job.
  4. Email body
    1. I’m not a grammar expert but this is awful. My English teacher would have whacked me with a ruler if I handed in anything that read like this. Often foreign attackers will use translation software to create these emails and fortunately for us they fall well short of doing a convincing job. This is usually the easiest area to detect a phishing email.
  5. The Call to Action Button – Check your account
    1. This is how they get you. By clicking on this link, you will be directed to a malicious website that is designed to suck you into giving up your private and financial information. These sites can also be programmed to infect your computer with malicious code and anything is possible at that point. Ransomware is quite popular these days and can be very costly.
    2. If you hover your mouse over a call to action button or link, you can see where the link will send you. Again, in this case it will take us to a website that is not owned by Apple or any affiliate. (http://getsitebost.com//images/icons/redi.html) (I change the link slightly to prevent any accidental clicking!). Taking a deeper look into this address it looks like a legitimate site may have been compromised and is now being used for malicious purposes. This is common and will be discussed in more detail in a later blog.

As you can see, without being a phishing expert there are many indicators that should trigger you to flag this as a phishing email. Delete this email immediately. If this occurs at your place of employment, contact your IT department for further instructions. Phishing emails are on the rise and the best form of defense is end user education and awareness. Please share this with your friends and colleagues to help spread the word and keep everyone safe.

Dream Technology Solutions

https://dream-techs.com

top feature image

Phishing not fishing!

From huge financial corporations (looking at the recent news from Desjardens and Capitalone) to small local business, nobody is immune to the potential of a breach in security.  What motivated me to write this post was the loss of services experienced by INSYNQ recently.  The company provides cloud computing services for companies to run accounting software on VDI platforms that it hosts and was recently “brought down” by ransomware called MegaCortex.

Phishing scams are nothing new. In fact, we’ve all heard about the “Nigerian prince” phishing emails that have been showing up in inboxes for years.

Unfortunately, phishing attacks continue to increase exponentially in volume, and are considered a serious threat to both companies and individual internet users, as they can result in devastating financial losses. In addition, phishing emails can be much harder to recognize than many business owners think.

Cybercriminals have resorted to increasingly sophisticated phishing strategies as of late to get recipients to open, click, and share malicious code. And these tactics are paying off handsomely. Business email compromise (BEC) scams are more successful than ever, with losses reaching $2.7 billion in 2018.

Here are some common phishing trends that business owners should know about and tips for educating employees about them:

What are phishing scams?

Phishing scams typically consist of emails that seem harmless but are intended to trick users into sharing sensitive information. This can be accomplished by encouraging the user to click on a malicious link or attachment. Phishing emails get their name because the hackers are “fishing” for your personal information.

Most phishing emails appear completely legitimate, often by imitating a company’s logo using high-quality graphics and including opt-out instructions. For this reason, it’s quite common for recipients to be fooled, and even large companies have fallen prey to these scams.

Common phishing trends and techniques.

There are many techniques hackers use to launch a phishing attack. A few of the most common ones are:

  • Invoice phishing: Invoice phishing emails claim the recipient has an outstanding invoice from a well-known company, bank, or vendor. The email instructs the recipient to click on a link to pay the invoice. But when they click on the link and access the site, the hackers steal their personal information and gain access to their bank accounts.
  • The virus or compromised account: Viruses and compromised accounts cause users to receive an email from a third-party company claiming one of their accounts has been compromised. The email instructs the user to log in to reset their password or to download a form, fill in their personal information, and return it. However, a legitimate company would never request your personal information through email in this manner.
  • Payment and delivery scam: This tactic involves sending emails from what appears to be a legitimate vendor, asking for a user’s credit card information. They typically claim your payment information needs to be updated before they will deliver your order. Be careful with these emails, especially if you haven’t purchased anything from the vendor.
  • Downloads: Download scams send an email instructing recipients to click on a link. These emails often contain hyperlinks that could download a malicious file onto the user’s computer. Never click on an email link unless you are absolutely sure the sender is who they claim to be.

Tips for spotting phishing emails.

Although phishing emails often mimic actual companies and vendors, there are ways to detect them. All small-business owners and employees should be aware of the following red flags that indicate a possible phishing email:

  1. The email contains links or URLs that direct you to the wrong website or try to get you to access a third-party site that is separate from the email sender.
  2. You receive an email from a company requesting sensitive information such as a social security number, bank account information, or credit card numbers. Consider these emails suspect and never share your personal information without checking with the company first.
  3. You find an unexpected email in your inbox from a person, vendor, or company that you rarely or never deal with. If this happens, the safest thing to do is delete the email without opening it, as there’s a good chance it’s a phishing email.
  4. The email has obvious errors like typos, poor grammar, or incorrect information. A legitimate email from a company is very unlikely to have these kinds of errors.
  5. The email address of the sender is incorrect, although it is close to the actual email address. This is another common sign of a phishing email.

Phishing scams remain a very common type of cybercrime and can cause major financial losses to individual users and companies. And phishing emails are much more sophisticated these days, making them harder to detect. If you’re a business owner, it’s essential to be aware of phishing techniques and red flags, and to educate your employees on them. By doing so, you can help protect your company from financial losses and other serious consequences.

Please use MFA!

Having recently attended a security presentation from Cisco, one of the speakers (by all accounts a Jedi) made the comment, “if you are not using MFA you are crazy!”. 

So what is MFA?

The premise is, at its base level, details “something you know, something you own and something you are”.  Sometimes called two-factor authentication it adds a second level of authentication to an account log-in. When you have to enter only your username and one password, that’s considered a single-factor authentication.

Its 2019 and the concept that “passphrases-will-save-us”, and so on seems a distraction, you should be using more than one of the following methods to authenticate;

  • Something you know, such as a personal identification number (PIN), password or a pattern.
  • Something you have, such as an ATM card, phone, or fob (Yubikey).
  • Something you are, such as a bio-metric like a fingerprint or voice print.

Because here’s the thing: When it comes to composition and length, your password probably doesn’t matter.

Here are some ways passwords are broken today;

Credential Stuffing, is one of the most common methods because passwords are hard to remember (62% of users admit to reuse).  Essentially the tools are out there for a surprisingly low cost. Very easy: Purchase credential lists gathered from breached sites with bad data at rest policies, test for matches on other systems.  There are even list cleaning tools are readily available.

 Phishing or man-in-the-middle attack makes up 0.5% of all inbound email.  How does this play out? Let’s say you received an email that appeared to be from your bank, asking you to log in to your account to confirm your contact information. You click on a link in the email and are taken to what appears to be your bank’s website, where you log in and perform the requested task.

In such a scenario, the man in the middle (MITM) sent you the email, making it appear to be legitimate. (This attack also involves phishing, getting you to click on the email appearing to come from your bank.) He also created a website that looks just like your bank’s website, so you wouldn’t hesitate to enter your login credentials after clicking the link in the email. But when you do that, you’re not logging into your bank account, you’re handing over your credentials to the attacker.

Keystroke logging, password spray and brute force methods are lower on the spectrum but if you are not considering the security of your data and IT systems a priority, it’s easy to see how hackers can make a good living.

What can I do?

Organizations can help by implementing stringent password policies with Single Sign On (SSO) to mitigate the problem of users having to remember more than one set of credentials, or you could just enable MFA. Ultimately, passwords can be hacked and at that point MFA is your safeguard.

Given the likelihood that your password gets guessed, intercepted, phished, or re-used.

Your password doesn’t matter, but MFA does! Based on Microsoft studies, your account is more than 99.9% less likely to be compromised if you use MFA.  In-fact Microsoft are announcing the public preview of FIDO2 security keys support for passwordless sign-in to Azure Active Directory (Azure AD).

Here at Dream Technology Solutions we have the experience and expertise to ensure you are working to best practices when it comes to the security of your people and IT systems.  Drop us a line if you are interested in exploring how we can help you to secure your business.

top feature image

Grow

Grow or die as they say, but is your infrastructure ready? Often a CEO’s expansion plans are hindered by technical debt and aging systems. We will help you proactively get ahead of these types of issues and set you up for successful growth of any scale. 

top feature image

Protect

Businesses are constantly exposed to potentially catastrophic events such as cyber attacks, viruses/malware, data breaches as well as technology failures and human error. Not all can be prevented but the severity and impact can be minimized with proper planning. We will do a comprehensive assessment and arm you with the proper tools and information necessary to guard against these dangers. 

top feature image

Stabilize

People rely on technology and there’s an expectation that systems will work when they are needed. Unfortunately, this isn’t always the case. We will work with your staff to identify opportunities to stabilize your IT infrastructure and ensure your operations run smooth, are pro-actively monitored and fully redundant to ensure your business is working 24/7.