You’ve may have heard that cybercriminals keep one step ahead of the “good guys” tasked to catch them or thwart their schemes. The picture gets even more bleak when you think about the implications of that statement. Crime fighters are always a step behind—and they are supposed to be the pros, the experts whose job it is to control cyber crime.
What does that say about the rest of us, the folks who depend on the internet and our digital devices to power our businesses? Let’s face it, we’re even further than merely one step behind, and lately, I’ve noticed some schemes are so well crafted, even if you consider yourself fairly savvy, you might fall for them.
Malicious emails
Friends recently received a spate of emails that seem to come from their own email addresses. The cyber “bad guy” said he had taken control of their email accounts and gained access to all sorts of account information, including their computers. In one email, the criminal threatened to expose embarrassing photos and demanded that a cryptocurrency payment be made to a certain account. When that was done, the criminal would abandon the email account and the victim could go on his or her merry way.
With all the publicity about ransomware, this scheme really pushes quite a few hot buttons, but fortunately, the ones I’ve seen so far have just been bluffs and just variations on the phishing technique. Most of us are familiar with phishing emails that attempt to look like they’re from a bank or other institution, but we’re less aware of phishing emails that appear to come from ourselves!
If you receive one of these emails, you need to dig into the email header. Check the domain name and IP address in the “Received” field—it won’t be from your email provider or web host. If you still have questions, check the IP address at Whois.DomainTools.com; if you don’t recognize it as being your provider—which you won’t—simply delete the email.
Other Articles From AllBusiness.com:
- The Complete 35-Step Guide for Entrepreneurs Starting a Business
- 25 Frequently Asked Questions on Starting a Business
- 50 Questions Angel Investors Will Ask Entrepreneurs
- 17 Key Lessons for Entrepreneurs Starting A Business
This scam has especially hit professionals who do business under their own name, such as joe@joesmith.com. The criminals look for these name-based domains and spoof the logical email address.
Related to this are the “info” email addresses that are so common, and if you have a WordPress site and use an “info” email address you may be targeted for a cPanel phishing scam. This scheme sends you a spoofed email from your account—allegedly from your cPanel—warning you that you’ve gone over some internal file size limit and you need to reset parameters or take some other action. The goal is to get you to log onto a counterfeit cPanel page and steal your username and password.
Both of these scams reveal the increased danger you’re exposed to when you use a generic and easily-guessable email address. Of course, there are also a lot of benefits to using such an email address. I’ll leave you with the advice to be super careful when you receive any type of red-flag warning email that looks like it has come from your own email account.
VPN security
Could you have imagined, say five years ago, that radio advertising for VPN (virtual private network) services would be common? With the rise of smart phones, tablet devices, and coffee shops acting as office space, VPNs have become big business.
You probably assume that since you’ve signed up for a VPN service and are paying a small monthly fee, you are safe. Right? Not so fast.
It turns out even VPNs don’t always provide you with the ironclad security you think you should be receiving. Paul Ducklin of Naked Security says, “A VPN doesn’t magically improve security. All it really does is to make your VPN provider into your new ISP—your ‘first hop’ on the internet. That first hop is the one place where a single provider gets to see all your traffic, whether it’s encrypted or not. You need to trust your VPN provider. A lot.”
In a review of VPN CyberGhost, James Herrin of VPN Review touches on two of the main security threats you might be exposing yourself to when you use a VPN: IP and DNS leaks, and foreign spies. The way to think about IP and DNS leaks is unless your VPN has taken measures to combat the problem, your computer or browser may reveal your IP (your specific address) or DNS request (where you want to go on the web) if someone is snooping on you. This can just about defeat the whole purpose of signing up with a VPN.
The Department of Homeland Security recently warned about foreign spies using VPNs to gather intelligence. This means it’s even more important to find a VPN provider that is taking measures to protect against spies, especially if you are concerned about your intellectual property.
Memory attacks
We’ve all been reminded ad nauseum to never download files whose origin, authenticity, and safety aren’t fully vetted. However, not all malware comes from files we download. Malware can sneak into our RAM (random access memory), bypassing our hard drives, and also bypassing much of the anti-virus software available today.
The FBI recently issued a warning about a banking Trojan horse that loads and executes malicious code directly into RAM. It initially uses a phishing or spear phishing scam to get onto computers. Another way “fileless” viruses gain access to computers is with the Flash plugin. System administrators, therefore, need to be on the lookout for unexpected or unusual behaviors on their networks.
Finally, I also want to stress the importance of updating your operating system whenever an update or patch is distributed. The cost of laziness can be high.
RELATED: What Does Your Business Stand to Lose in a Cyber Attack?
The post 3 Digital Security Threats Your Business May Be Overlooking appeared first on AllBusiness.com
The post 3 Digital Security Threats Your Business May Be Overlooking appeared first on AllBusiness.com. Click for more information about Megan Totka.
from neb biz feed 1 https://ift.tt/2UYdvCC
via Nebula Biz Local Loans
No comments:
Post a Comment