phishing

Who’s the Phish? Shark Tank’s Barbara Corcoran, it Turns Out


How phishing affects businesses?

Imagine you’re on the finance team for a mid-sized business, with regular duties that include accounts payable. Your boss sends an email instructing you to pay Client XYZ today and includes full wiring instructions, details with what the payment is for, etc. What do you do?

You might send that wire with no questions asked.

Problem is, the situation described above is becoming increasingly common, as Shark Tank’s Barbara Corcoran discovered recently:

“This morning I wired $388,000 into a false bank account in Asia,” the real estate mogul tweeted a couple of weeks ago. Here’s what happened:

Corcoran’s bookkeeper Christina received what appeared to be a routine invoice from Corcoran’s assistant Emily to approve a $388,700.11 payment to a German company called FFH Concept.

The bookkeeper replied asking, “What is this? Need to know what account to pay out of,” and the cybercriminal posing as Emily was able to give a credible, detailed response that FFH was designing German apartment units that Corcoran had invested in. Corcoran does invest in real estate, and FFH is a real company in Germany. (full article)

Poof! Money gone.

Now, in this case, there’s a happy ending, as you may have read a few days later: Corcoran Gets Her $400k Back

That said, such positive outcomes are rare – usually, the funds are not recoverable. Indeed, are you confident you can put the kind of pressure on a bank that Barbara Corcoran can?

And don’t just shrug your shoulders and decide it won’t happen to you. Hackers target smaller businesses precisely because their security is less sophisticated. Plus, scams are like these are pretty slick, as she explains:

“I lost the $388,700 as a result of a fake email chain sent to my company,” Corcoran told the outlet. “It was an invoice supposedly sent by my assistant to my bookkeeper approving the payment for a real estate renovation. There was no reason to be suspicious as I invest in a lot of real estate.”

How can you avoid such pitfalls?

First, better practices: have a process in place for confirming such requests with your team, usually by a live phone call. It’s time well spent.

Further, train your team to be better at spotting such phishing scams – in this case, there was a missing ‘O’ in the sender’s email address which should have provided the clue.

The best news is this: anti-phishing employee training from Cynexlink is very affordable and provides incredible bang for the buck.

Click here to learn more about the valuable service and don’t get caught off guard – it can happen to anyone!

Read more
Cybersecurity training Tips for Employees

6 Cybersecurity Training Tips For Employees


Cybersecurity Training is very important for employees to survive in an industry dominated by growing virtual crime.

Have you read the WEF2019 Global Risks Report?

The report has listed cyber-attacks among the top five global threats over a decade. Data incident has been listed on the fourth spot.

But if you think your organization is too small to be attacked, here is another spooky survey that says that 43% of online attacks are now aimed at small businesses.

Cyber-threats not only destroy your data but also lead to financial losses, tarnished reputations, and downtime.

No matter what the size of your business, you should make your cybersecurity strong; it all starts with your employees.

This is because employees are often the largest security vulnerability.

They can click on malicious links, exposing your information to cybercriminals. They can use infected devices that can inject the virus into your systems. And above all, they can pose as insider threat or your ex-employee can sell your information to your competitor.

Therefore, there is a need for cybersecurity training for your employees which can be built around the key points given below.

6 Cybersecurity Training Tips For Employees

1. Don’t Blame Your Employees:

In the event of a serious data breach, many employers are likely to blame their ill-fated employees that clicked on the malicious stuff. While it’s true they were the ones to get trapped, accusing an individual of lacking the knowledge is a way to avoid the organization’s responsibility to ensure its employees keep its information protected.

The organization should have a plan to ensure their employees have the knowledge they require making the right decision and knowing whom to ask if they have any security-related questions.

You need to be clear about what to do if anyone has security concerns. It prompts you to create the infrastructure required to share new threats as they occur and get everyone involved in data security.

2. Plan and Create a Solid Security Policy:

You need to create and plan a security policy to cover the appropriate topics and secure the use of the company’s system. Make sure your IT security policy covers everything.

Besides, keep it clear and accessible to everyone in your organization. One more thing—your IT security policy should define the roles and responsibilities for control, enforcing, training, controls, and maintenance.

3. Educate on Password Management:

Password Management is a necessary evil for most business owners. With the IT team failing to remind employees, there needs to be a huge change in attitude if you want to fortify your cybersecurity. Moreover, encourage your employees to use strong passwords. This is important because nearly 81% of security incidents are caused by weak ones.

You can simplify their password management by sharing the tips given below:

  • Use a combination of letters, special characters, and numbers. Get creative with passwords
  • Don’t use simple passwords like ABCD, date of birth or house address
  • Don’t share your passwords with anybody
  • Set different password for every device
  • Change your passwords frequently

4. Make it Mandatory for All:

Fire safety isn’t taught to selected employees, right?

Cybersecurity should be treated in the same way. It should be made a top priority and mandatory for everyone. Your employees should be aware of all old-new threats, no matter if they are into accounts, IT or at the front office. Anyone using a computer should be familiar with basic password security and safe internet browsing practices. Share cybersecurity news regularly.

5. Conduct Regular Cybersecurity Sessions:

Admit it. Documented policies are likely to be read once and never looked at again. Therefore, encourage your employees towards cybersecurity with frequent seminars and quick bursts of training. It will keep them informed, engaged and interested.

These small cybersecurity sessions can be built around the use of passwords, safe use of devices and other security concerns. Make sure to test their knowledge regularly. For example, you can check if they are practicing essential cybersecurity protocols. Do they follow the guidelines? Testing their knowledge and vigilance from time to time is important.

Practice this mock drill:

Send them a fake email to see how many clicks it will get. The results can be shown in the seminar or training session, without revealing the names of the employees who clicked these fake phishing emails.

6. Train Employees to Recognize Phishing Threats:

As we have reviewed, some of the vicious cyber-crimes are caused by human error. Cybercriminals can trick the users into something malicious by using fake email addresses and domains. For example, they might pose themselves as a reputed bank in their emails asking for personal information or bank account details.

In this scenario, employees are required to be taught how to identify such malicious links.

Bottom Line:

There are many more tips on cybersecurity training. However, practicing these key measures will provide overall protection to your data. With improved cybersecurity, you can minimize the risk of cyber-threats across your organization.

It not only secures your system and data but also adds to the reputation of your organization.

What do you think? Let us know by commenting below.

Read more
Phishing

Best Ways to Prevent Phishing Attacks


Given the soaring rise in phishing attacks over the years, your site can be the next target. Have a proactive approach now by opting for these anti-phishing measures.

Phishing sounds like fishing. Right?

Well, both have a similar meaning to some extent. But here we will talk about phishing. Fishing means catching the fishes by luring them with bait. Phishing is the same thing, but with a slight difference. While it doesn’t lure the fishes, it tricks web users into fraudulent activity—just like trapping the fishes.

Let’s dig deeper.

Phishing is a malicious practice to steal personal information, login credentials, and credit card numbers from an individual by trapping them through offers or posing as a trustable entity. For example, an attacker will send you an email claiming to be from recognized sources and ask you to provide your account or credit card information.

According to one report, nearly 80% of all malware attack comes from phishing. Sadly, 97% of people, according to another study, are not able to recognize a phishing attack. And phishing scams cost American business 500 USD million a year.

Therefore, keep your website safe from such malicious attacks. All you need is to practice these things:

8 Fays to Prevent To Phishing attacks

1.) Use SSL Certificate:

SSL certificates provide critical security, data integrity and privacy for both your website and user’s personal information. Having an SSL certificate ensures both you and your customer’s information is properly encrypted and can’t be easily decoded by anyone. No wonder most customers like to visit SSL secured websites. If a site protected by SSL, then it begins with “https” instead of “HTTP”.

2.) Use Strong FTP Passwords:

FTP stands for File Transfer Protocol. As the name suggests, it allows you to send or receive files (transferring) over the internet. For example, you can share your files with other users over the Internet by uploading it through your computer. Make sure to use strong passwords for your FTP. Otherwise, it would be a cakewalk for a hacker to access your data.

3.) Check Your Account for Malicious Files or Folders:

Make sure your folders and files are server related files with an extension like phpinfo.php file. If you notice a lot of text files in a folder that you hadn’t seen the day before, it is an indication that your site is under threat. Contact your web hosting vendor as soon as possible in case of having such folders or files with unknown origin.

4.) Remove the Signs of Phishing:

Web Hosting Hub plays an important role to detect phishing attempts from your servers. In some cases, you are required to remove the files on your own as you will be notified directly.

5.) Block Access to Restricted Sites:

Not all websites are safe to visit. Some websites contain malicious content to gain access to your data. These sites lure visitors by showing them porn content or offer to win attractive prizes.

But how will you stop your employees from clicking such site links? You should restrict those sites from being able to be opened over your network. It can be done by making a few changes in your network. Also, stay updated with the list of blocked sites in your nation.

6.) Set the Number of Login Attempts:

Generally, a hacker is likely to make several attempts to crack your website password. He just needs one successful attempt to make it into your data. So, reduce the number of login attempts to keep such risk at a bay.

By default, WordPress lets users try different passwords as many times as they want. This feature is known as a brute force attack. You need to install the Login Lockdown plugin to restrict several login retries. If the number of failed attempts exceed the login retries limit, then your site will lock the user’s IP address for a temporary period (based on your settings).

7.) Change Admin Login URL:

Does your website login page open up by putting wp-admin at the end of the URL? If so, you are giving an easy route to the hackers. This minor mistake can lead to a huge setback to your website.

Therefore, make it secure by changing this to something less predictable like wp-login.123? ordu_login.php etc.

8.) Encrypt your Wireless Network:

Anyone can use your wireless network without your permission, no matter if they are outside your office or living in the building next to you.

It will not only increase your Internet bill but also allows hackers to access your data using your Wi-network. In such a scenario, you need to encrypt your Wi-Fi. It is very simple to do.

Just go to your router’s settings and find security options. You will find WEP, WPA, and WPA2 which are encryption methods. Choose the one and enable it.

In this way, these simple yet effective things help you save your website from phishing. Stay Safe. Stay Aware.

Read more

Email Phishing


Hackers can be referred to as cyber” con-artists”. They trick others by influencing them to see something not true, as true. This method is called Phishing. Hackers use it to make you provide your personal or private information such as your password, account numbers, and credit card numbers thereby having access to sensitive data.

Email Phishing, therefore, is when hackers use electronic mail as the means of breaching the security of your business.

Businesses and individuals receive emails that are made to look like it was sent by a legitimate bank, government agency or organization. These emails look beneficial to the receiver and often include a call to action.

In some instances, the hacker impersonating may ask the receiver to click on a link that will redirect to a page where they can confirm personal data, account information due to a false technical error or even ask the recipient to fill out a survey and attach a prize for doing so.

On the other hand, the hacker may alert you of an unauthorized activity taking place with your account. You may be informed that a huge transaction has been made and are asked if you can confirm the payment involved in the transaction. If you reply that the transaction was not from you, the hacker will request you confirm your credit card or bank details. Sometimes the hacker may already have card number information and probe you to confirm your identity by quoting the 3 or 4 digit security code printed on the back of the card.

However, there are some pointers to look for in an email to avoid falling victim to email phishing.

  • Authentic companies call you by your name:

A phishing email usually use generic salutations like “Dear valued member,”, “Dear account holder” or “Dear customer”. A legitimate company will address you by name. In the case of an advertisement, hackers completely avoid a salutation.

  • Authentic companies have domain emails:

It is important to check the email address of the sender. Ensure there are no alterations, either in the form of letters or numbers. The moment you doubt the legitimacy of an email address, make sure to verify the authenticity instead of assuming.

  • Authentic companies do not misspell words:

One of the easiest ways to identify a phishing email is a misspelling of words and/or bad grammar. A legitimate email will be well written. Individuals who are not observant often fall prey.

  • Authentic companies do not ask for sensitive information via email:

Most companies will not ask for vital and sensitive information via email. In situations where this happens, ensure you contact the bank, service providers, organization or government agency for adequate confirmation.

 It is necessary to always be a step ahead of hackers, therefore to avoid falling victim to phishing via email, a company like CYNEXLINK will be of great help!!!

Cynexlink is a technology company that provides services that include Cybersecurity Solutions, Software-Defined WAN (SD-WAN), Managed IT Services, Cloud Vendor Selection & Consulting, Cynexlink VoIP, and CCPA.

For more information, visit our website at www.cynexlink.com NOW!!!

Read more