Unleash Your Geek

Cyber Security Technology Solutions

Category Identity Theft Protection

Email Phishing Scams – Keep Your Eyes Open before Clicking

The rules are simple.
When you drive a car you get a license and take classes to understand the rules of the road.
Using a computer and using the Internet require a minimum attention span to help individuals protect themselves..
Beware of email phishing scams that lure you into a site or other link where you think there is something legitimate to find. In this case I am sharing a random email from a collection I receive on a daily basis. This one is disguised as a voice mail message from an online messaging service.
When I hold my mouse over the links though I can see that they point to .php scripts, or otherwise Non safe locations.

WeTransfer.com Account Hijacking Alert

If you get an email from an email address you recognize that directs you to download something from WeTransfer.com then there is a big chance it is a scam if you normally don't receive these.
We just received one here and by checking the URL of where it asks to login using a social media account it is then easy to tell that it is coming from a rogue website.

This is the Link that is stealing your Login information

Website Security Audits with Ongoing Scheduled Assessments Revisions

Do we design websites? No.
Do we design solutions that include websites? Yes.
The website is like a hammer and nails in construction. It’s tough to build a business with an Internet presence if you don’t have a website. A website however isn’t just a simple design that gets launched and is suddenly successful.
A website is an extension of a business that gets customized over time based on the way that its users are going to use it most productively.
This is where designing a website is also an intervention by someone who can assess the way a business functions and help the website function in a way that will be easiest to manage by the staff and management.
Let’s say for example you want to have profiles of your employees online. What if you have high turnover and those employees have a presence in multiple parts of your website? For this you want to have a centralized profile system that is easily managed by a middle income staffer. This small task alone will save your company money and hassle when simple adjustments can be done by someone other than a high paid programmer.
Building a business that will utilize the potential of the internet can have a lot of surprises. Building your website can involved 100s of scenarios like the one above and are usually only implemented by someone who sees that a simple task might have a more economical long term solution during the building process.
With so many things that need to be considered the design process becomes an evolution of contributions by the people who use the website. One way to attack this is to focus on getting all of the live information on the website, providing the most critical functions to run the business (online) and then make adjustments in a system that can be made over time. This allows a website to evolve fluidly and become a more secure, high performance, asset to the company, it’s users and it’s owners.
Will the average person with even the highest level of intelligence be prepared for things that are avoided by those with applicable experience? Share the journey into the unknown with a Cyber guide. Someone who can point out the things that are waiting in the shadows.
Every project has surprise expenses because there will always be something that can be done to modify a plan that is already in action. Even changing the same transmission on the same car 10 times can introduce a few variants to a simple task.
You are not indestructible and neither is your business but you can make your business more safe by making smart and educated choices.
What’s our point? Leave it to the pros.
Security Audits
During this building process there will be areas that should be addressed which can produce security holes in primary and secondary processes. A primary process would be something like a contact form or simple interaction on the website which does not have a secure connection or somehow creates a security hole.
A secondary process is when someone created a secure connection to your website but is using a company email address that has vulnerabilities that allow someone else to use a weak email due to low password standards. A weak authentication system can go all the way back to a person’s desktop/laptop in their home behind a VPN that is connected to the company’s home server. Every step of this usage process has to be examined and installed in a way that even the users who are the least tech savvy can handle meeting the minimum system requirements for security without the need to study computer science. This responsibility goes back to the person building the site and who will make sure all of these things are considered. They will also need to be taught to staff and rules of the security requirements have to be enforced.
Enforcing rules will be the least common denominator to the security vulnerabilities not the cool SSL certificate on your website.
For the average company a typical security audit and implementation with training or supporting documentation can take 3-12 months depending on cooperation and level of complication.
Website Performance

Google Doc Spoof – Phishing Alert – Possible Identity Theft Risk

We did not log in to see the consequences but due to the link in the browser when clicking on the link we were able to determine that this email is a Spoof.
If you get an email that has a link like this (the sender’s name I have blocked out) then hold your mouse over the link to make sure it is actually what it says it is.
Phishing Warning1
Until you login using your Google account you are not at risk. This program is attempting to grab your Google/Gmail login and quite possibly more. This message was sent at 10:39 CST today and any emails you receive from anyone suggesting that you click on Google Docs should be considered risky and we recommend verifying with the sender first that it is legitimate before continuing.
This is the browser window after I got past the Google Phishing Alert which did not want to let me continue.
Phishing Warning2