The past few years have seen some of history’s greatest data breaches. For instance, the most notorious of these attacks, the Equifax breach, Yahoo, and Marriott-Starwood, resulted in a combined total of 3.5 billion accounts breached.

This means, statistically speaking, you would have a pretty good chance of picking a data breach victim of the past few years by randomly selecting two human beings from the entirety of planet Earth’s population.

Crunching the numbers, there has been an increase of security breaches of 67 percent since 2014.

What Does this Mean? Is Anything Secure Anymore?

Interestingly, there is a plus side to these enormous data breaches happening in the public eye, thanks to a few key points:

• It brings attention to these kinds of crimes - Thanks to disasters like the Equifax breach, more Canadians are aware of the impact of cybercrime. This kind of awareness is crucial to encouraging improved security.
• There is too much data for cybercriminals to practically use. This one can be chalked up to statistics… the more data that a given cache has, the less of a chance that your data is pulled up in an attack.

To clarify, we aren’t trying to sugarcoat the severity of a data breach, but having said that, the past few years’ cybersecurity threats have really given us all an example to consider. With new compliances, regulations, and other mandates being put into play, businesses are certainly considering these threats.

What About Small Businesses?

There is a tendency to overlook small businesses when discussing data breaches. After all, the ones that have struck large targets (like Yahoo, Target, eBay, Sony, and many others) almost always get a headline, along with the attacks that focus on municipalities, like the ones that targeted Wasaga Beach, Ontario and Midland, Ontario with ransomware.

What aren’t heard about so much, unfortunately, are the attacks that lead to much smaller companies shutting their doors for good… a side effect of the limited number of victims per attack, and the relatively casual approach that many have towards security. Unfortunately, a Verizon survey shows just how misguided the assumption that a smaller business size will protect it from threats, when 43 percent of businesses breached would be classified as small.

Security Needs to Be a Priority

Fortunately, there are ways that you can reinforce your business’ cybersecurity, especially with the help of Coleman Technologies and our experienced cybersecurity professionals. Call (604) 513-9428 to get in touch with us, so we can help evaluate and fulfill your business’ needs.

What is Social Engineering?

Think of it like this: online, you have some type of social currency. Your personal information, your data, your interactions, your profiles, they all add up to your online life. If someone were to use that information to trick you into providing them access to your secure online accounts, you would be the victim of a social engineering attack. 

Basically, a hacker uses what amounts to the fundamentals of human psychology to gain unauthorized access to an account. Rather than exploiting a vulnerability within a system’s technology, a social engineer will take advantage of the human resources to gain access through relatively simple psychology.

Successful social engineering can be the result of many different actions. Some include: carelessness by an individual, perceived kindness, reaction to fear, and business as usual. Let’s take a look at these actions and how social engineering schemes work as a result.

Individual Carelessness

When there is a lack of diligence carried out by an individual, there are openings for a social engineering attack. This includes trash thrown out with information on it, keeping login credentials out in the open, and other careless actions. It’s important that you and your staff understand that the best practices of password protection, such as using a password manager, are crucial to maintaining the integrity of your company’s network and infrastructure.

Perceived Kindness

Many people won’t think twice about helping someone that asks for help. Social engineering attackers take advantage of the better angels of our nature, by using people’s helpfulness to gain access to secure computing resources. Any person can fall for this type of attack. This is why we stress that in order to keep your digital and physical resources secure, a critical eye for potential intrusion works. That doesn’t mean you have to be a jerk, but if a situation is presented to you that’s out of the ordinary, take anyone’s helplessness with a grain of salt.

Business as Usual

When we picture a hacker, we all tend to think about them the same way. They are brooding people sitting in a dark room typing away at a computer. In social engineering attacks, this couldn’t be further from the truth. A popular social engineering tactic is to gain physical access to a large business--where there are often a lot of moving parts--and then spend time at the business looking for ways into secure digital environments. This could also include straight hatchet jobs, where your employees would help people outside of your business sabotage your access control systems. 

Reaction to Fear

Finally, fear is one of the best motivators. By striking fast and threatening all types of negative consequences if a worker doesn’t help them get into a secure computing system, this kind of cyberattack can be a major problem. 

Coleman Technologies Can Help Protect Your Business

If you are looking to secure your network from cyberattacks, including social engineering, the IT professionals at Coleman Technologies can help. Call us today at (604) 513-9428 to learn more about how we can help you with the training you need to keep social engineering from causing problems for you.

What Exactly Is Phishing?

The practice of phishing is not new. It has been used for much of the past decade. The strategy goes like this: hackers use deception to get a user to provide their own credentials, thus giving them unknowingly to the hacker. The hacker then accesses the account legitimately (as the user) and has free reign over the entire account. Sometimes they will go in and siphon data and sometimes they will hijack the entire account, but regardless of the hacker’s intentions a successful phishing attack is a successful transfer of power over an account. 

What’s worse is that you can get phished in multiple mediums. Email is the predominant channel where phishing attacks are carried out, but people can (and do) get phished over social media, instant message, or via text message. There are even phone-based or snail mail phishing attacks that direct users to go to a fake website where they would provide their credentials and/or personal information. 

There are even different forms of phishing based on their intended targets. The general strategy behind traditional phishing attacks is to send emails out to as many people as possible, hoping to snare unwitting recipients into their phishing nets. Today, with more personal information available about people, there is phishing that targets individual people. This is called a spear phishing attack. Then there are spear phishing attacks that are carried out against business and organizational leaders. These are called whaling attacks. The intended imagery aside, phishing attacks are getting more direct, more deceitful, and more serious. 

Spotting Phishing

For all of the bad news surrounding phishing attacks, there is some undeniably good news: with a critical eye, you can tell when you are being phished. You aren’t going to fall for these types of attacks if you know what to look for. Today, we’ve put together a short guide on how to determine if you are dealing with a phishing attack and how to proceed when you are.

Look for Warning Signs

There are a litany of warning signs that will help you spot a phishing attack. Most of them are pretty obvious, and some of the more subdued ones come with telltale signs. 

Does the message have spelling and grammar mistakes? 

Not many businesses will send out official correspondence with grammar and spelling mistakes. This should be the first sign that something is amiss. Most phishing messages come from supposedly-reputable organizations and while a spelling or grammar mistake does happen from time-to-time, several mistakes won’t happen.  

Does the message deal with curious circumstances? 

One of the biggest telltale signs that you are dealing with a phishing attack is the tone of the message that is received. Does the message reference immediate situations that need to be remedied? Does it mention money or illicit a sense of fear or anxiety? If it has these elements, it’s probably not legitimate. Think about it: most organizations that need you to act immediately will have specific ways of contacting you and that correspondence will make it clear that you are dealing with a legitimate organization.

Does this message have a trusted URL?

Most phishing attacks will redirect to a website that is set up by the hacker. You probably shouldn’t be clicking on any links sent to you in an email unless you are sure who sent the email. One way to determine whether or not a link is from a reputable source is to mouse over the link and see where the link goes. If you get an email from Amazon and the link goes to amazorn.com, you are staring at a phishing email.

Protecting Your Assets

There are a couple simple ways to ensure that you or a member of your staff doesn’t fall for phishing attacks:

• Use technology. A spam blocking filter on your email will go a long way towards removing unnecessary and potentially-malicious emails from hitting employee inboxes in the first place.
  
  
• Training. Make sure your employees are trained to spot and properly handle attempts that may come through. By starting with the end user, you’re taking away a lot of the power that phishing has.

At Coleman Technologies, we appreciate the importance of secure workplace practices. If you’d like to learn more about phishing, and how we can help stop it from hurting your business, reach out to us at (604) 513-9428.

1. There’s an Unexpected Attachment or Link

It’s one thing to get an unexpected email from someone, it’s completely another thing entirely to get an email from someone that includes an unexpected attachment or link. Neither of these is a good thing. Attachments can easily contain hidden malware files, and links can be disguised with very little effort.

Don’t believe me? Try visiting google.com. Go ahead!

Not exactly what you were expecting, eh? Keep in mind that you can double-check links by hovering your cursor over them, and if you weren’t anticipating an attachment, don’t click it unless you have confirmed its legitimacy through some other means.

2. The Sender’s Email Seems Off

It isn’t uncommon for scammers to disguise a fraudulent email address by making it look at lot like a legitimate one would. For instance, let’s say that you normally worked with a business vendor, hypothetically named “Super Business Supplies.” A scammer might send you an email from “sales (at) superbusinessupplies.com.” Looks pretty okay, until you notice that there’s one fewer ‘s’ than there should be. Scammers can get downright devious with these replacements, replacing “Amazon” with “Arnazon” and other blink-and-you’ll-miss-it tricks.

In short, read carefully.

3. There are Other Questionable Elements

While that may be a very vague tip, it is only because there is such a wide variety of warning signs that an email is actually a phishing attempt. For instance:

• Spelling and grammar errors. Look at it this way: would you anticipate a company like Microsoft, or Google, or the likes of such to send you an email riddled with mistakes? Of course not, so if you receive an email that purports to be from a company of high repute, but features these kinds of errors, red flags should be going up.
  
  
• Time-sensitivity. One of a scammer’s go-to tools is to put their target off-balance, especially by pressuring them into immediate action. If you receive an email that offers you a great deal by acting right now, or threatens to shut down your account unless you act right now, the first thing you should do is pick up the phone and call up the organization or individual that sent the email.
  
  
• Requests for personal information. Similarly to any messages that rely on cultivating a sense of urgency, you need to look at any emails that request personally identifiable information, access or financial credentials - really, any data that you and your company rely on - with a critical eye. This is another case where calling to confirm is probably your best bet.

Email can be an extremely helpful business tool, but it can also be an equally useful tool for cybercriminals looking to victimize your business. Coleman Technologies can help you secure it, with best practices and practical solutions to lock it down. To learn more, reach out to us at (604) 513-9428.

Here, we’ll review the basic experiences that this scam subjects a user to as it sets the trap… and, of course, what your business can do to avoid these threats.

How Users Can Be Scammed

Put yourself in the shoes of a targeted user for a moment: just like any other day, you access your Gmail account and discover what looks like a Google Calendar invite. The invite is apparently for some kind of company-wide meeting (probably to discuss the company’s trajectory, policy changes, or something like that) to take place at the end of the workday. The message includes a link to the complete agenda, which can be accessed once a user confirms their credentials. You do so… and in doing so, fall for a scam.

This scam can be pretty safely categorized as “brilliant in its simplicity,” much like other phishing attacks can be nowadays. By using Google’s own convenience-based features, a fraudulent calendar event can be automatically added to a user’s Google Calendar, notifying the user. Fraudulent links send the user to a faked Google login page, where the user’s credentials are stolen as they attempt to log in. Alternatively, the link just begins installing malware directly to the targeted system. This scam has also proved effective against private users - informing them of some fabulous cash prize they’ve “won” through these fake Calendar entries.

How the Scam Was Uncovered

As it turns out, the details of this scam were reported to Google by an IT security firm in 2017, but Google has not made any steps to resolve it until recently.

The firm stumbled upon this discovery when a coworker’s flight itinerary appeared in an employee’s Google Calendar. From there, the researcher realized the implications of this accidental discovery, and quickly determined that users just don’t anticipate phishing attacks to come in through their Calendar application.

Can This Scam Be Stopped?

Now that Google has acknowledged the issue, a fix is currently being developed as of this writing. Until the point that a successful fix is deployed, you need to make sure your users are protected against this vulnerability.

The first thing they need to do is ensure that no Gmail events are automatically added to their Google Calendar. Under Settings in the Google Calendar application, they need to access their Event settings. From there, they need to deselect the option to Automatically add events to my calendar from their Events from Gmail.

To disable invitations to events from automatically adding themselves to the Google Calendar, a user needs to go through the same process, this time switching the Automatically add invitations option to the much safer “No, only show invitations to which I have responded.”

With any luck, this - combined with a little vigilance from your users - will protect your business from a phishing attack via its schedule. To learn more about how to protect your business against a variety of threats, subscribe to our blog, and give Coleman Technologies a call at (604) 513-9428.

Any data you collect, you must protect. You might not think your business is big enough (or noteworthy enough) to be targeted by hackers, but the truth is, those are the reasons you are a target. It is estimated that by 2020, more than 24 billion devices will be connected to the Internet, so it is imperative that you follow simple, yet crucial, steps to ensure your data and information are kept safe.

Here are some variables you--and the other people on your network--need to be aware of. 

Phishing

Phishing attacks are some of the most prevalent attacks being made in 2019. Basically, users will send you an email that seems to be from a user the recipient might know. If a user interacts with that email by clicking on a link or downloading an attachment, the phishing scam is a success. A successful phishing scam is a huge problem for your business. 

You will want to train your staff on how to spot and avoid phishing attacks. Phishing attacks have been developed to be subtle and admittedly easy to miss. There are, however, several tell-tale signs that an email is legitimate. Hackers know that the weakest link in any business or organization is the employees. Do your employees know how to recognize an out of place email? It is crucial that you take the time to train your employees the art of phishing identification. 

Secure Passwords

Passwords are the standard in which most people use to keep files secure and to authenticate access to devices, platforms, programs, etc. Understanding what makes a strong password can go a long way toward securing your IT resources. Some best practices include:

• Creating strong, unique passphrases
• Changing passwords frequently
• Using Upper and Lowercase letters, numbers, and symbols

Multi-factor Authentication 

Multi-factor authentication, often rolled out as two-factor authentication, puts an additional step between you, and potential threats to your network or data. You use a password to unlock a 2FA/MFA platform that requires you to get a randomly-generated code from a third-party device to gain access. Since you need a third-party device/account to open the application, account, or device protected by 2FA/MFA, that account is more than twice as secure. 

Applications and Software Updates

In order to say ahead of security attacks, the software you use cannot have vulnerabilities. As a result, patching and updating software is essential to comprehensive security. If you are going to remain secure you will want to be sure to stay up-to-date on your updates. 

How Do I Know If My Systems are Safe?

So, you want to know if you are safe from a cyberattack? To put it lightly: nobody is. By associating security preparedness with cybersecurity and routinely taking proactive, preventative measures to enhance your security position, you reduce the chance that your organization will have to suffer from downtime, data loss, and reputation damage that a data breach would bring your company.

If you would like more tips; or, if you would like to talk to one of our experts about network security, call us today at (604) 513-9428.

Give Me the Short Answer - What’s Phishing?

Phishing is where you get an email that looks like an actual legit email. The goal that a cybercriminal has is to trick you into giving them a password or access to an account (like to PayPal, Facebook, or your bank) or to get you to download malware.

The problem with phishing emails is how real they can seem. A phishing attempt for your PayPal information can look just like an everyday email from PayPal.

Even worse, often phishing emails try to sound urgent. They make you feel like you have to take action quickly, or that a bill is overdue, or that your password has been stolen. This can lower the user’s guard, and force them into a sticky situation.

How to Spot a Phishing Attack

Like I said, it’s not always going to be obvious when you get phished. Even careful, security-minded, technical people can fall victim because phishing is just as much of a psychological attack as it is a technical one.

Still, there are some practices you and your staff should use:

Always Use Strong, Unique Passwords

This can solve a lot of problems from the get-go. If your PayPal account gets hacked, and it uses the same password as your email or your bank account, then you may as well assume that your email and bank account are infiltrated too. Never use the same password across multiple sites.

Check the From Email Address in the Header

You’d expect emails from Facebook to come from , right? Well, if you get an email about your password or telling you to log into your account and it’s from , you’ll know something is up.

Cybercriminals will try to make it subtle. Amazon emails might come from or emails from PayPal might come from . It’s going to pay off to be skeptical, especially if the email is trying to get you to go somewhere and sign in, or submit sensitive information.

Don’t Just Open Attachments

This is nothing new, but most malware found on business networks still comes from email attachments, so it’s still a huge problem. If you didn’t request or expect an email attachment, don’t click on it. Scrutinize the email, or even reach out to the recipient to confirm that it is safe. I know it sounds silly, but being security-minded might build security-mindfulness habits in others too, so you could inadvertently save them from an issue if they follow your lead!

Look Before You Click

If the email has a link in it, hover your mouse over it to see where it is leading. Don’t click on it right away.

For example, if the email is about your PayPal account, check the domain for any obvious signs of danger. Here are some examples:

• Paypal.com - This is safe. That’s PayPal’s domain name.
• Paypal.com/activatecard - This is safe. It’s just a subpage on PayPal’s site.
• Business.paypal.com - This is safe. A website can put letters and numbers before a dot in their domain name to lead to a specific area of their site. This is called a subdomain.
• Business.paypal.com/retail - This is safe. This is a subpage on PayPal’s subdomain.
• Paypal.com.activecard.net - Uh oh, this is sketchy. Notice the dot after the .com in PayPal’s domain? That means this domain is actually activecard.net, and it has the subdomain paypal.com. They are trying to trick you.
• Paypal.com.activecardsecure.net/secure - This is still sketchy. The domain name is activecardsecure.net, and like the above example, they are trying to trick you because they made a subdomain called paypal.com. They are just driving you to a subpage that they called secure. This is pretty suspicious.
• Paypal.com/activatecard.tinyurl.com/retail - This is really tricky! The hacker is using a URL shortening service called TinyURL. Notice how there is a .com later in the URL after PayPal’s domain? That means it’s not PayPal. Tread carefully!

Keep in mind, everyone handles their domains a little differently, but you can use this as a general rule of thumb. Don’t trust dots after the domain that you expect the link to be.

Training and Testing Go a Long Way!

Want help teaching your staff how to spot phishing emails? Be sure to reach out to the IT security experts at Coleman Technologies. We can help equip your company with solutions to mitigate and decrease phishing attempts, and help educate and test your employees to prepare them for when they are threatened by cybercriminals.

What Makes Spear Phishing Different?

As a rule, spear phishing is a much more precise and personalized process. To keep to the “fishing” analogy, a generalized phishing campaign casts a wide net, trying to snare as many victims as possible with their scam. Utilizing vague and generic language, the ‘typical’ phishing attack is made to appear to come from a large organization, informing the user of some need for the user to take action, resulting in the hacker gaining access to the user’s information. This methodology makes the typical phishing attack fairly effective against many people, while simultaneously easier to spot if one knows the warning signs.

By comparison, spear phishing is far more precise. Instead of trying to find value in the quantity of targets snared in a trap, spear phishing takes the opposite tack. Using a highly targeted approach, spear phishing attacks are directed toward a specific individual within an organization.

This specified approach means that the generic messages that many phishing attempts leverage simply won’t be enough to fool the intended target. Instead, the hacker has to play investigator, seeking out as much information as they can about their intended target. Where do they work? What is their position in the company? Who do they frequently communicate with? Once the hacker has collected enough information to create a convincing message, they will typically spoof an email to their target. This email will usually contain some reference to a known contact or some in-progress project to make it more convincing and will request that the recipient download a file via a provided link.

However, while the link will direct to what appears to be a Google Drive or Dropbox login page, it is just another layer to the deception. Entering credentials into this page will give them right to the hacker for their use, breaching the user’s security and putting the entire business at risk in one fell swoop.

What Methods Do Spear Phishers Use?

Due to how spear phishing works, the messages sent by hackers need to be as convincing as possible. Combining extensive research with some practical psychology, a hacker has more ammunition to power their attacks.

As mentioned above, spear phishing is far less generic than the average phishing attempt. By referencing specific people, things, and events that mean something to the target, or appearing to come from an internal authority (a manager, perhaps, or even the CEO), the hacker can create a message that is less likely to be questioned. If the hacker writes their messages without any spelling or grammatical errors, as many spear phishers do, it only becomes more convincing.

These hackers are so reliant upon their target being fooled; many will purchase domains that strongly resemble an official one. For instance, let’s say you owned the domain website-dot-com. If a hacker decided to pose as you to launch a spear phishing attack, they might purchase the domain vvebsite-dot-com. Without close inspection, the switch may not be noticed - especially if the hacker creates a good enough lookalike website.

Am I A Target?

Of course, the research that a hacker has to do to successfully pull off a spear phishing attack is extensive - not only do they have to identify their target, they also have to figure out the best way to scam this target. Generally speaking, a hacker seeking to leverage spear phishing will focus their efforts on anyone in an organization who could potentially access the information that the hacker wants but isn’t high up enough in the organization to question an assignment from above.

Or, in more certain terms, a business’ end users.

In order to minimize the chances that a spear phishing attack will be successful against your company, you need to make sure that everyone subscribes to a few best practices. For example:

• Pay attention to the finer details of an email. Is the message actually from , or does the email address actually read ? Did Christine/Kristine include any attachments? As these can be used to spread malware via email, you should avoid clicking on them unless you are certain the message is legitimate.
  
  
• Is the message written to sound overly urgent? Many phishing messages, especially spear phishing messages, will try to push an action by making it seem as though inaction will lead to a critical issue. Another warning sign to look out for: any deviation from standard operating procedures. Don’t be afraid to question a sudden switch from Google Drive to Dropbox - it may just be the question that stops a spear phishing attack.
  
  
• Speaking of questioning things, don’t hesitate to make sure that any messages you suspect may be spear phishing aren’t actually legitimate through some other means of communication. A quick phone call to the alleged sender will be well worth avoiding a data breach.
  
  

While spear phishing is a considerable threat to your business, it is far from the only thing you need to worry about. Coleman Technologies can help your business secure its IT solutions and optimize them for your use. To learn more, subscribe to our blog, and give us a call at (604) 513-9428.

What Is Phishing?
Phishing scams can be considered any digital attempt against your organization to extort credentials or other important information. The method doesn’t really matter, though it does change the way that phishing is identified. For example, more targeted attempts at specific individuals are called “spear phishing,” whereas impersonating a company’s CEO is considered “whaling.” Either way, the end result that the phishing attempt hopes for is that someone will fall for their tricks.

Vectors for Attack
The first thing to remember about phishing attempts is that they don’t happen exclusively through email. They can come in a variety of ways, including through social media applications, phone calls, and other outlets that you might not suspect without a little predisposition toward them. Here are some of the most common ways you might encounter a phishing attack:

• Email messages, where senders spoof addresses and try to convince users that they are someone important to your organization.
• Phone calls, where callers impersonate someone you know or someone of authority, like a government official or business leader.
• Social media messaging is a more personal method of phishing in which identity thieves try to impersonate people you know in your personal life.

The Giveaways
A good rule to keep in mind is that phishing attacks tend to be rather suspicious in nature. For example, if someone who doesn’t normally send you messages suddenly reaches out, and it’s seemingly uncharacteristic of them, be a little suspicious--particularly if they are using language that seems unlikely. Here are some other tips to identify phishing attacks before they have enough of a chance to be dangerous:

• Spelling and grammar errors: More often than not, spelling and grammar errors in phishing messages are quite commonplace, and they signify that something is not as it seems. If you see lots of these errors, you need to be very careful about navigating the messages.
• Immense sense of urgency: If the message prompts you to take action immediately, either out of fear or because it tries to convince you it’s in your best interest, approach it with an extra side of caution. Phishing attempts try to get users to take action as soon as possible; this means that users aren’t thinking things through or discovering that the message isn’t legitimate.
• Suspicious account activity: On social media, if you have a friend who you haven’t heard from in a very long time, chances are it’s not actually the friend reaching out to you if they need money or want you to click on a link. In cases like this, always use discretion.

To limit the damage done by phishing attempts, consider the following measures:

• Implement a spam blocking solution. While it might not help with more specialized phishing attempts, it should limit the most generic ones.
• Educate your employees--this point speaks for itself. If users know what to watch out for, they will be less likely to make mistakes that expose sensitive data.

Does your organization need a way to protect itself against phishing attacks? We can provide your business with the training required to best secure itself. To learn more, reach out to us at (604) 513-9428.

As a result of this increase in phishing attacks, endpoint security has grown much more focused, but the issue with phishing isn’t necessarily an issue with the strategies surrounding your technology--rather, it’s an issue relating to your organization’s users and their tendency for failure. Now, we know this sounds a little harsh, but it’s been proven time and again that employees need security training on how to handle credentials and other sensitive information. Let’s take a look at a couple different types of attacks you can be exposed to, and what you can do to keep your organization from becoming just another company that has suffered from a data breach.

Deceptive Phishing
Deceptive phishing is one of the most common types of phishing scams, and it aims to fool unsuspecting users into handing over sensitive information. This happens when the hacker sends a message to users that impersonates an actual person or company that the organization has some sort of relationship with. These hackers use deceptive phishing to convince users to hand over information like passwords, usernames, account numbers, etc. Since official credentials are being used to access these accounts, it doesn’t immediately become a security concern.

For the most part, these deceptive phishing messages are either ignored by the users, caught by filtering technology, or disregarded when they’re accessed. Unfortunately, the handful that actually do fool the end user are worth the hundreds-of-thousands that are sent to others. To keep your business from making this fatal mistake, you need to focus on increasing awareness of what makes phishing attacks so much different from your average legitimate email.

Some of the telltale signs of phishing messages include misspelled words, problems with sentence structure, and suspicious attachments or URLs. Always hover your mouse over a link before clicking on it to determine its location, and never download an attachment unless you know who’s sending it. Another thing to look out for is any financial institution or vendor demanding payment or access to your account--there are other, more official methods of outreach for methods such as these; and no bank or similar institution will ever, ever ask you for passwords.

Spear Phishing
Spear phishing attacks are targeted attempts against a specific user. For example, someone who sees a message from a coworker might let their guard down, but this doesn’t necessarily mean the message is safe. It just means that some hacker managed to find a way to mimic the sender in a way that is extremely convincing. Spear phishing attacks will often know the target’s name, title, company, work phone number, and much more--all to seem as authentic as possible so the user will click on a malicious attachment or URL.

Even social media isn’t safe from this trend. LinkedIn, for example, is one of the most common places where spear phishing is leveraged. It might be used for connecting with other business professionals, but it’s not hard for a hacker to imitate a business professional. We aren’t saying that you need to avoid social media like the plague, only that you should approach it with some sensible caution.

Pharming
That being said, more people are learning about these attacks by the day, meaning that some hackers have ceased these types of attacks for fear of their efforts being for naught. Instead, they turn to a practice called pharming, which is using an organization’s DNS server to change the IP address associated with the website name. This gives them a way to direct users to malicious websites to steal their legitimate credentials.

To prevent this from happening, it’s very important that you tell your staff to be sure they are entering their credentials into a secured site. The best way to make sure this happens is to look for the “https” in the hyperlink, as well as a padlock icon next to the address. It also never hurts to have an antivirus solution on each endpoint within your organization.

Coleman Technologies can help your business stay as secure as possible. To learn more, reach out to us at (604) 513-9428.

The Basics: Viruses and Malware
Your computer depends on software to run, whether it’s the operating system or the software solutions on the device itself. Viruses are created to make changes to this code, and the results can vary in scope and scale. They can go from being minor annoyances to major time wasters. Malware is a bit more dangerous in scope. It stands for “malicious software,” and its intentions are right in the name. Hackers develop malware for various purposes, but for the most part, it’s with the intention of stealing, altering, or destroying data, depending on what nefarious plot the hacker is using it for.

The More Dangerous: Ransomware and Spyware
There are other more specialized types of malware that are designed for specific purposes. Ransomware, for instance, is designed to extort money from unsuspecting victims. It encrypts files located on the infected device, only decrypting them when a ransom has been paid to the hacker responsible. These kinds of threats are quite popular with hackers as they can be used to target a considerable number of victims in a short amount of time. Spyware is also a popular threat that allows hackers to steal information in a covert manner through various means, including backdoor infiltrations, keyloggers, and so much more. This is particularly dangerous to your business’ intellectual property.

The Vehicle: Spam and Phishing Attacks
Cybersecurity threats are the most dangerous when they can be concealed. After all, you never hear in the news about how a brute-force attack exposed millions of health records or passwords to the world. No, the most devastating data breaches are typically those that occur over an extended period of time, shielded from the eyes of security professionals and network administrators. Spam and phishing attacks that deceive users into clicking on links or downloading suspicious files play a key role in allowing threats into a network. It’s more important than ever before to be cautious while online, as there is no telling who might try to trick you into exposing your network to threats.

Protect Your Business with Proactive Tools and Best Practices
Thankfully, while it’s easier for threats to make their way through your defenses, the defenses put into place by businesses are much more substantial than in previous years. A Unified Threat Management (UTM) solution is easily the most comprehensive security tool on the market today, combining well-known methods of cybersecurity into an easy and accessible package. This includes a firewall, antivirus, spam blocker, and content filter to minimize the chances of threats manifesting on your network in the first place, as well as solutions to mitigate threats that do make it through your defenses. This can be further augmented through industry best practices that dictate how and when to share data.

To learn more about how your organization can take advantage of security solutions, reach out to us at (604) 513-9428.