Breach

COVID-19 Themed Templates for Hackers

Hackers use COVID-19 Themed TemplatesNew, Sophisticated Hacking Techniques in the Age of COVID-19

Hackers are using new methods to create very credible looking, fake websites to steal login credentials. Security firms are seeing an increase in the use of website templates to create phishing websites that look and feel like the real thing. These templates, available on underground forums and marketplaces, are a quick and easy way for criminals to create convincing, fake websites to steal information. The known templates mimic websites from the World Health Organization (WHO), Internal Revenue Service (IRS), Centers for Disease Control (CDC), the United Kingdom government, the government of Canada, and the government of France. Many of these templates have multiple working pages to make them look more realistic. The template that mimics the government of Canada even has English and French segments.

More than half of the phishing campaigns recorded since January are using these new spoof templates to fool consumers. Hackers are using normal phishing techniques, creating urgency by claiming recipients will lose benefits, or reporting a breakthrough on the pandemic. The difference is the use of these templates to create very convincing fake websites. This change in strategy has been effective, resulting in an increase in successful phishing attacks.

Below are some examples of the fake phishing site templates:

This fake CDC site is asking user to authenticate with an email service to generate a vaccine ID.

Fake IRS Page

This fake IRS website created from an available template goes a step further, asking users to enter SSN, DOB, and other private identity information.

Avoid falling prey to these new phishing campaigns by being aware of the links you click on in emails. If an email is creating urgency or preying on emotion (click on this link now or you will lose your vaccine benefits!), the email is probably a scam. Instead of clicking the link, go to the known government website and look for the information. The criminals are making it more difficult to differentiate the fake websites and using emotion to get users to click. Stay informed and think before you click.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business

Feature Newsletter

Quanexus Q-News

This week we are featuring our current newsletter. In this newsletter we focus on Security Awareness Training, Long Term Digital Photo Storage, How Data Security Resonates with Customers, and What We Learned from the Equifax Breach.

Click here for the Newsletter

You can also subscribe to our email list and receive the newsletters when they are published. Read previous Newsletters and subscribe to our email list by clicking here.

Quanexus IT Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business, Wireless

More Tips for Working Remotely

Working Remotely DeskAs more employees are working from home during this pandemic, it’s a great time to review basic IT Security knowledge across your company. In this break from office life, many are finding down time between tasks that was not there before. This presents an opportunity for personal development, and a good review of IT Security best practices should be at the top of that list.

 

  1. Beware of phishing emails in times of crisis. Criminals use times like these to prey on our emotions. When there is news of a large security breach, other criminals will send phishing emails pretending to be a credit monitoring service. When there is a natural disaster in the news, criminals will use that news to solicit fake aid packages. Now with the Coronavirus, hospitals are already seeing phishing attacks pretending to be from the CDC. With the government response, and aid packages, we look for hackers to also prey on citizens trying to access the stimulus.

 

  1. Now is a good time to change the default password on your home Wi-Fi router. The password should follow our password guidelines below. Also, avoid using public Wi-Fi while working remotely. Public Wi-Fi opens up many more unknown variables than your home Wi-Fi network.

 

  1. Use this time to update passwords on critical accounts. Remind employees they should not re-use passwords, or worse, use passwords also used on personal services. This would also be a good time for businesses to require more complex passwords for business accounts. Quanexus recommendation for password management:

Passwords should be 25 characters long and contain at least one letter, one number, and one symbol. The words used in passwords should not be in the dictionary. Users should not re-use passwords on other platforms.

 

  1. Make sure systems are patched and updated. If your employees are working from home on company laptops, this is a critical time to make sure all systems are up to date. Working from home opens up more security risks than normal, patching and updating is the first line of defense against those threats.

This is the time to stay vigilant, and remind employees that criminals are trying to use this change to take advantage of people and businesses.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business, Virtualization

Business Decisions – Work from Home?

A single, infected home computer connected to your business network can infect and cripple the entire business network.

Being a business owner means making hard decisions. With the recent COVID-19 pandemic, many owners wrestled with alternative ways to keep their businesses operational. Obviously, work from home is a great solution, but this option presents many risks.

Typically to work from home, there are two choices- use a company owned computer that is controlled and managed by the company or let employees use their personal computers.  Allowing personal computers on the business network represents a high risk. Personal computers are unknown devices, raising the following concerns:

  • Are they running a supported and properly patched operating system?
  • Are applications and programs on the computer patched and updated (Adobe, Java, Office, etc.)?
  • What kind of threat protection is on the home network?
  • Who in the family has access to the machines?

While there are mitigating controls that can be put in place to bring the inherent risk down, the risk cannot be eliminated.

If you are fortunate enough to be working from home, I cannot stress the importance of keeping your guard up. The criminals are aware of the great opportunity they have. They will be working harder than ever to exploit your home system, hoping that you are connected to a business network. If you suspect or experience anything that seems abnormal, you need to notify your office immediately of a potential incident.

Quanexus IT Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Cybersecurity, Information Security, Recent Posts, Small Business, Virtualization