email

3 Posts to help up your password game

Having a strong password is one of the easiest ways to keep your information out of the hands of the bad guys but what does a strong password consist of? What steps should you take in safeguarding your passwords?

We have written several posts on the subject previously but have combined them all in one place for easy reference.

Can you remember all of your passwords?
This post discusses the recent changes and recommendations regarding easier to remember passwords.

Password Reuse
In this article the dangers of reusing a single password are covered, as well as reliable password managers.

Don’t use personal passwords at work
It’s important to make sure your employees understand why they should use different passwords at home versus at work.

If you would like more information contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Recent Posts

Cybersecurity News – CEO Fraud and BEC

Cybersecurity newsWhat is CEO Fraud/ BEC?

Our most recent white paper discusses email takeover, but it is becoming such a common email attack we felt it necessary to go touch on the subject again.

An evolving email attack called CEO Fraud or Business Email Compromise (BEC) is a growing problem. Cyber attackers take the time to research their targets and use tactics to trick their victim into doing something they shouldn’t.

How is it successful?

Because this tactic does not utilize attachments or malicious links, typical security technologies cannot catch them, which is why informing yourself and the people within your organization is that much more important.

For an attacker to be successful he must first research his intended victim and the people they interact with. For example, the people within your office or organization. They then create an email disguised as one of these people and convince you that it is urgent you take the action stated in the email.

Common Scams

Wire transfer is a common way cyber attackers get a victim to send them money. In the email, they pressure their victim into transferring money by telling them there is an emergency and they must send it right away to a new account, when actually they are sending money to the criminal.

Another common scam attempts to access the tax information of the employees of a company. This email tactic is usually sent to someone within Human Resources and appears to be from a senior executive who urgently needs the tax information of all the employees. HR believes they are sending the requested information to the executive when they are really sending it to a cyber criminal.

Related: Read more stories in our white paper

How do you protect yourself?

Learn what to look for. Here are some of the most common clues:

– the message is short
– the signature includes it was sent from a mobile device
– there is a strong sense of urgency, usually pressuring you to ignore company policies
– the email appears to be from a personal email address, not a work-related one
– the tone of the email is out of character for the person whom it is said to be from
– in respect to payments, the instructions differ from normal procedure

If you are suspicious of an email, do not reply to the sender but report it to your supervisor immediately. If a transfer has already been made alert the bank, then law enforcement.

Related: How to identify a phishing email

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

 

Posted by Jack Gerbs in Recent Posts

What is a Phishing Email?

Have you heard about phishing emails but you aren’t quite sure what they are?

Phishing emails attempt to get you to reveal sensitive information by disguising themselves as someone you can trust, such as a reputable company, your employer, or maybe your bank. The message usually has a sense of urgency to it to try to get you to act quickly or induce a feeling of panic.

The links they try to get you to click on typically contain malware meant to damage or disable your computer, which is why it is so important to think before you click.

Related: Get Your Copy of Our White Paper

Here is a list of a few ways to identify a phishing email.

  1. MISSPELLING OR WRONG VOICE If something just seems off about the way the email is written, or if you notice misspellings and bad grammar, this should be the first sign something is amiss.
  2. INTIMIDATION TACTICS It is common among these types of emails to use threatening phrases such as “your account will be closed” or “your payment is due today” in an attempt  to get an emotional reaction that will result in you falling for the scam.
  3. SUSPICIOUS LINKS If there is a link within the email you are not expecting, or seems strange, or is misspelled, just don’t click on it.
  4. NAME CHECK Is the email from someone you don’t know? Definitely don’t click on any links, or supply any information that is asked for from someone you aren’t familiar with.

What do you do if you suspect an email is a phishing attempt? Here are a few suggestions.

  1. JUST ASK In some cases, the easiest thing to do is to contact the person, or company the email is said to have originated from to attempt to verify its credibility.
  2. DON’T FALL FOR THE PRESSURE Take a minute to think before you click. Is this email legitimate? Does it make sense? Go through each of the points above before clicking on anything.
  3. HOVER If you are suspicious of a link within an email you can hover your mouse over the link to reveal the address it will direct you to. If is doesn’t match, or is a strange mix of characters, it may be malicious.
  4. MAKE THE CALL If you really can’t determine if the email is legit, or you accidentally click on the link, make the call to a professional, like Quanexus, for help.

Related: Consider Security Awareness Training for your whole team

How to spot phishing email infographic

Phishing email infographic

It is always safer and smarter to think before clicking than to get caught up in the urgency of the scam and risk infecting your computer.

Quanexus offers suggestions on other ways you can strengthen your security posture, along with real life stories of examples of what can happen, in our white paper. Download your free copy.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

 

 

Posted by Jack Gerbs in Recent Posts