Fake Email Security Alert:

by

Attacks on Business Email Accounts Are Surging

Emails have become an essential tool for any successful business, but as the saying goes, “with great power comes great responsibility.” For Phoenix-based businesses and beyond, fake emails are a growing concern. As a business owner, it’s crucial to ensure your emails are secure. This is one of the key ways to prevent your business data from falling into the wrong hands.

Understanding Business Email Compromise (BEC)

What is a BEC Attack?

Business Email Compromise (BEC) is a growing threat where scammers pose as high-ranking business individuals like CEOs, executives, or IT staff. Their goal is to trick employees into sharing sensitive information or sending money. Research shows that nearly 90% of BEC attacks occur this way.

Why Are BEC Attacks Dangerous?

  1. High Trust Levels: Employees trust emails from their bosses or IT department.
  2. Quick Response: In a fast-paced work environment, employees might not think twice before responding.
  3. Huge Financial Impact: Falling victim to a BEC attack can be extremely costly.

The Rise of Fake Emails

BEC attacks have spiked dramatically this year, especially in the third quarter. Researchers analyzed 1.8 billion emails worldwide and found 208 million malicious emails among them. More than half (58%) were BEC attempts. The figures make it clear: BEC scams are now the biggest email threat to businesses.

Targeting the Vulnerable

Most BEC scams target lower-level employees who are less likely to question authority or be aware of cyber threats. These employees might:

  • Quickly act on an email from a trusted source.
  • Lack training in identifying suspicious emails.
  • Be less aware of the latest phishing and scam tactics.

Other Common Email Threats

While BEC attacks are prevalent, scammers also use other methods like:

  • Commercial Spam: Unwanted promotional emails.
  • Phishing Attacks: Emails designed to trick people into sharing personal information, such as login details.

The combined effect of these scams now overshadows traditional ransomware and malware attacks.

Taking Action to Protect Your Phoenix Business

Simple and Cost-Effective Measures

Protecting your business from fake emails doesn’t have to be complicated or expensive. Here are some steps you can take:

  1. Employee Training: Ensure all team members are trained to scrutinize every email they receive.
  2. Verification Protocols: Encourage employees to verify requests for sensitive information or financial transactions by checking directly with the sender through a different communication channel.
  3. Email Filters and Tools: Use email filtering tools to detect and block phishing attempts.
  4. Regular Updates: Keep your email security systems up to date.

Best Practices for Email Security

  • Strong Passwords: Use strong, unique passwords for email accounts.
  • Two-Factor Authentication: Implement two-factor authentication for added security.
  • Regular Backups: Ensure regular backups of important email data.

Conclusion

Attacks on business email accounts are on the rise, especially targeting Phoenix businesses using fake emails. It’s essential to act now to secure your business communications. Train your employees, verify suspicious requests, and utilize security tools to defend against these threats.

If you need help ensuring your business is secure, get in touch with MicroSupport. We’re here to support your success with expert, friendly, and professional IT solutions.

Contact MicroSupport Now!

Cybersecurity Basics Every Small Business Should Know

by

Discover key cybersecurity essentials for small businesses.

Why is Cybersecurity So Important?

In our world today, almost every business relies on computers for day-to-day operations. From keeping track of orders to communicating with customers, technology is at the heart of modern businesses. But with the incredible benefits of technology come risks, specifically in the form of cybersecurity threats. Cybersecurity is all about protecting your computer and data from people who might want to steal or damage them. It’s like having a strong, secure lock on your front door, but for your digital house.

Think about all the information your business stores digitally. Customer information, financial records, and confidential emails are just the tip of the iceberg. If this information were to fall into the wrong hands due to poor cybersecurity, it could harm your customers, damage your business’s reputation, and even lead to financial loss.

Protecting Against Intruders

Similar to how a security system protects a home from intruders, network security safeguards your business’s IT infrastructure. Network security includes tools and practices that prevent unauthorized access to your networks and data. It’s as critical as locking your doors at night.

Stopping Data Breaches

Data breach protection is another layer of cybersecurity that focuses on protecting sensitive information. When data breaches occur, confidential information is exposed to people who shouldn’t see it. Imagine if someone found your diary – except your diary contains your customers’ credit card information. Protecting this data isn’t just about preventing theft; it’s about preserving trust.

Fighting Off Malware

Malware defense concerns itself with fighting against software designed to harm your computer system. Malware can sneak in through unsuspecting email attachments or downloads, acting like a termite infestation in the wooden beams of your business’s digital home, weakening it from the inside.

Practical Steps to Boost Your Cybersecurity

So, what can you, as a small business owner, do to improve your cybersecurity? Luckily, there are straightforward steps you can take without having to become an IT expert overnight.

Update Your Systems Regularly

Keeping your computer software up to date is like getting a flu shot; it helps you fight off infections. Software updates often include fixes for security issues that have been discovered since the last update.

Train Your Team

Make sure everyone in your business understands the basics of cybersecurity. Simple practices such as not clicking on suspicious links in emails, using strong passwords, and not sharing sensitive information can significantly reduce your risk.

Back-Up Your Data

Having backup copies of all your important IT data is like having insurance. If something goes terribly wrong, you can recover your data from these backups instead of starting from scratch.

Monitor Your Network

Keep an eye on your network security. Use tools that can alert you to any unusual activity that might suggest a security breach. Being vigilant is key.

Let’s Wrap It Up

Cybersecurity might seem complex, but with the right practices in place, even small businesses can protect themselves effectively. Remember, the goal of cybersecurity is not just to protect your digital assets but also to ensure the trust your customers place in you remains unbroken.

Whether you’re just starting to think about cybersecurity or looking to improve your existing strategies, a solid first step is making sure you cover the basics. And there’s no better way to do that than with a comprehensive guide.

Don’t leave your business vulnerable. Secure your operations by tapping into expert advice. Get your Free IT Security Checklist here: Free IT Security Checklist. This checklist, crafted precisely for small businesses by MicroSupport, is filled with critical measures tailored to protect your digital infrastructure. It’s an invaluable resource that could save your business from future headaches and losses. Secure your technology today!

Boosting Your Digital Security: The Easy Guide to 2-Factor Authentication

by

When it comes to daily news, cyber-attacks and data breaches are becoming as common as morning brew headlines. Have you ever heard about eminent websites being vulnerable, leading to data leaks containing your email and password details? Your desktop may fall prey to malware that can sneakily capture your bank or credit card details. The most distressing cases lead to identity theft – a crime that’s easy to execute with hefty outcomes for cybercriminals.

Gone are those simpler days when we trusted passwords to keep our data safe. Currently, cyber attackers employ advanced methods like phishing, pharming, and keylogging to snatch away your password. Some cyber thieves can even bombard your account with billions of password combinations.

Like most users, if you have the habit of using identical passwords for multiple websites, you are at an elevated risk. Anyone who cracks your password doesn’t just gain access to one account, but all that you’ve used it for. Alarmingly easy to access personal trivia like your first pet’s name or your high school mascot merely adds to this vulnerability.
Think of a jewelry store. Do they only depend on a lock and key to protect their precious items? Not at all. They would have multiple layers of security such as alarms, motion detectors, and sometimes even reinforced windows. Your data is just as precious and needs more than one security layer for effective protection.
That’s where 2-Factor Authentication (2FA) comes in – consider it the digital equivalent of an extra protective layer for your valuable data. Also known as multiple-step or multi-factor verification, it is an extra step to confirm a user’s identity. Depending on your security settings, this could be activated every time you sign in or only under specific conditions, like signing in from a new device or location.

You will find 2FA options across many services you may use already, like Facebook, Gmail, and Xero Accounting among others. If you’ve ever received a unique verification code via text or email from your bank before gaining access, you’ve utilized 2FA. It can also take the form of a smartphone app or a physical electronic token.
2FA is especially crucial for online banking, email, online shopping (Amazon or PayPal), cloud storage services (Dropbox or Sync), password managers, communications apps, and productivity tools. This importance multiples if you frequently use the same passwords for different websites and applications.
While some may perceive social networks as relatively safe, weak security for these accounts can compromise many connected apps and websites. A lot of websites and apps offer sign-in options through your Facebook or Twitter account for convenience. Strengthening the security of these networks ensures that someone who cracks your password doesn’t gain sweeping access to all linked accounts.

The essence of implementing 2FA is to set up daunting hurdles for hackers, making it harder for them to gain unauthorized access to your personal data.
Navigating the realm of online security can be daunting. At Microsupport, our seasoned technicians simplify this process, ensuring seamless security for all your digital needs. With over 10 years of experience building solid, secure IT infrastructures, we’re here to safeguard your digital life.
Don’t leave your digital security to chance. Establish your 2FA protective layer now and let Microsupport secure your online presence. Contact us today – we’re just a call away at 602-692-7300.

Should you use Full Disk Encryption (FDE)?

by

Image result for disk encryptionWe get asked this often, usually after a client has attended a seminar on computer security. The answer is… it depends. Mostly it depends on what your expectation is. Most people are looking for something that “will protect them”, and should be “automatic”. Well, keep looking, because FDE is not the panacea you’re looking for.

Full Disk Encryption essentially locks a disk, so it can’t be looked at, or booted, unless a password is entered. If you enable FDE on a computer’s primary disk, it will prevent the computer from being turned on without a password. If you enable FDE on a flash drive or other removable media, you won’t be able to look at that drive until the proper password is entered.

Unfortunately, FDE does NOTHING to protect you once the password has been entered. That means that once you’ve entered your password and booted up your computer, you are still vulnerable to viruses, malware, infected attachments, dangerous web-links and illicit remote access. In fact, FDE pretty much only protects you from the theft of your computer or portable USB media.

Don’t get me wrong, FDE does provide an extra measure of security, but its benefit is best used on laptops and flash drives containing sensitive data.

Full Disk Encryption also has some downsides worth mentioning:
⦁ FDE is not available in all versions of Windows and will not operate on all chipsets.
⦁ FDE may make your system “non-standard” and could interfere with some programs or utilties.
⦁ FDE may slow the performance of the hard drive.
⦁ FDE may render your hard drive useless if it develops corruption or bad sectors.
⦁ FDE may interact with some virus/malware to make the hard drive useless.

By all means, use FDE if you want extra security and can deal with the downsides… but just don’t think FDE solves all of your security issues. In the grand World of Security, FDE is the answer to maybe 1% of your potential problems.

BTW – FDE is known as “BitLocker” in Windows. Other popular FDE products are TrueCrypt, VeraCrypt, CheckPoint, and DiskCryptor

Warning – Email attachments are not secure!

by

Image result for email danger attachmentsMicroSupport is reminding our law firm and CPA clients of the dangers of Email attachments.  No, this has nothing to do with malware, viruses, or phishing.  This reminder is about legitimate emails containing authentic attachments coming from (or going to) your clients.  These attachments are NOT SECURE and may expose private, sensitive, information to the criminal underworld.  Names, birthdates, account numbers, financial data, SSN, credit card numbers or other information that can lead to identity theft.  Or sensitive, proprietary information relating to your clients’ businesses or private lives.

Email attachments are not only insecure while they are being transmitted, they represent a point of exposure while they are sitting in your mailbox, often for years.  From anywhere in the World, a hacker can wreak havoc if they get into your mailbox.

We recommend that you stop receiving insecure Email attachments from your clients… Instead, set up a secure file transfer system, for as little as $20 a month.

Also, we recommend that you turn on 2 factor authentication for your Email.  This way, even if a hacker has your Email login and password, they can’t get into your mailbox.

Call us at MicroSupport (602-692-7300) if you’d like help with either of these important security protections

 

Beware the Fake Tech Support Scam

by

BEWARE – It happens every day… scammers are after your money or personal information. It usually happens one of three ways:

  • They call you on the phone – pretending to be from “MicroSoft”, “Windows”, Dell, or a generic techie sounding name.
  • They tell you to call a phone number – via an annoying pop-up or voice on your computer.
  • You call them – thinking you’ve found a legitimate tech support company via a Google search.

In each case, they’ll tell you a great story that has been honed by thousands of calls to other people. They’ll attempt to convince you there is something very wrong with your computer, or that you’ve been hacked and are at risk of identity theft or worse. In most cases they will get into your computer remotely to “fix things”. Of course, things are worse than they thought, and they will need money to fix things. They’ll scare you in many ways and may even run programs that generate false error messages.

These bad guys will take every opportunity you give them. One of our clients admitted to giving them 3 different credit card numbers, as the crooks kept saying “oh, that one was declined”. Another read them the routing numbers from the bottom of a check. And another realized something was up as she found herself driving to Target to buy $1500 worth of iTunes gift cards!

It doesn’t stop at taking your money. While they are in your computer, the crooks can find names, numbers, account information, passwords, birthdays, and banking information.

A recent Microsoft survey showed 15% of the people surveyed had received fake tech support calls. Of those, 22% admit to falling for the scam, including letting the bad guys into their computers, and even giving them money. The average financial loss was $875, plus over half reported subsequent computer problems.

The bad guys are hard to catch, but thanks to efforts from companies like Google and MicroSoft and Federal authorities, they are being taken down every day. Unfortunately, it seems two pop up for every one taken down.

Don’t become a victim! Don’t fall for the Fake Tech Support Scam!

The Spectre Meltdown CPU issue

by

By now you’ve heard the news… there is a basic design flaw at the heart of many computer chips (CPUs) that leave systems using them open to attack.  It’s bad and there is not much you can do.  There are really at least two flaws, which can affect Billions of devices currently in use… computers, smartphones, and countless other devices.

Perhaps the only good news is that there haven’t been any widespread attacks, and the industry is scrambling to patch things up.

What can you do??? Not much.  Keep your computers and anti-virus/anti-malware products updated, update your hardware (firmware), and be extra careful with your use of the Internet.   The bad news is that the cyber criminals will undoubtedly take advantage of the hysteria, and will be creating fake updates.  And there’s the occasional problems caused by legitimate updates themselves… Buying a new computer won’t help, as all existing chip designs contain the flaw.

The problem and fix is quite complex, and will take years to sort out.  The only things we have right now are a couple of free tools, created by Ashampoo and Steve Gibson, that tests your system and reports on your status.  Neither tool actually do anything to fix the problem.

Ashampoo tool:  https://www.ashampoo.com/en/usd/dld/1304/spectre-meltdown-cpu-checker/

Steve Gibson’s tool: https://www.grc.com/inspectre.htm

Computer Viruses, Malware, and Data Security… Yours and Your Clients’

by

It usually starts with a client saying “I assume we’re protected”. The hairs go up on the back of my neck, and my pulse quickens. They don’t get it… those 4 words tell me some serious education is necessary.

We’re talking about computer viruses or malware and protecting your computer system. The danger of those 4 words is that they insinuate that some outside force or mechanism is responsible for protecting you from disaster, and it couldn’t be farther from the truth. The truth is that 99% of the protection comes from you and your staff, since most of the infections result from personal attacks against YOU. Computer hackers seldom directly attack computers, operating systems, or browsers any more. They’ve discovered it is far easier to trick you into attacking yourself. And if they can cause you to click on something, your antivirus/antimalware products cannot protect you.
Does that mean you can get rid of your antivirus or antimalware software? Probably not, as they might protect you from older viruses, or maybe new ones. And since the “standard of care” is still antivirus programs, it might be considered negligence if you didn’t have one.

Your best protection against infections and data breaches is education. Understanding that YOU are the first line of defense, and staying educated on the current nature of attacks. For instance, education would alert you to the fact that the attacks have recently been tailored for specific industries. CPAs get pop-ups or email links that seem appropriate for the accounting profession, like Emails saying they have tax information, invoices, or banking information. There are even malware scams embedded in fake messages from the IRS. Lawyers are now getting supposed bankruptcy notices, or fake messages about legal seminars.

The scams are continually evolving, but the target is still the same: Your money or your data. Most recently, they’ve combined into an attack called “Ransomware”, where you pay money to get your data back. It starts with one simple click in an Email message. The next thing you know, you can’t open files stored on the computer or even the firm’s server. All of your data, documents, spreadsheets, PDFs, pictures, videos, music, and even accounting data is encrypted and held for ransom. Pay $300-$1500 immediately or lose everything. And the price goes up as the deadline approaches, usually 24-48 hours.

These ransomware programs can also wreak havoc on systems that make use of “synchronizing” systems like DropBox or OneDrive. Now a local disaster can be spread, or synchronized, to other computers in the firm, city, or across the Country. An infection in the office can now affect home, and visaversa.

And here’s a chilling thought… As long as a bad guy is going through your data  to encrypt it, what’s to stop him from stealing information about you or your clients? Names, addresses, account numbers, Social Security numbers, passwords, birthdays, you get the idea. If they don’t use it themselves, they’ll sell it to the highest bidding identity thief.

Which brings up the topic of backups. Depending on the infection, backups may be your only source of recovery. Therefore the importance of backups cannot be overlooked, and having backups that are “off-line” is essential. Some of the infections actually target your backups, too! Those 4 scary words “I assume we’re protected” are also applicable to backups, too. It is your duty to make sure backups are adequate and actually running. Never assume “someone else” is responsible. You need to know what is being backed-up, to where, and how to check the backups. Just because a person setup the backup routines, it doesn’t mean they are responsible for checking on them… make sure you know who is responsible for making sure the backup system is working.

How Security Breaches Affect YOU

by

Have you noticed that many entities, Worldwide, have requested that users reset their passwords?  You’ve probably heard about the countless security breaches involving major companies and government offices. Sure, they might involve credit card numbers, or even personal information… but, perhaps more important, HUNDREDS OF MILLIONS OF LOGINS AND PASSWORDS HAVE BEEN STOLEN. Many hundreds of millions more have been stolen from smaller organizations that you’ll never hear about.
Initially, these logins/passwords may be used directly by the thieves, or sold around the World. Eventually, the information is available, for free, through hacker websites.

Recently, major companies (like GoToMyPC, Carbonite, & LogMeIn) have started reviewing some of the stolen login/passwords that have been circulating in the criminal World. To their horror, they’ve found that many of the stolen login/password combinations work on their websites and, in fact, are noticing specific attacks that are utilizing this stolen information.

Because of these widespread and increasing attacks, many companies are ramping up their security and asking all users to change their passwords immediately. In many cases you have no choice, as you will not be able to access your account without a password change.

Unfortunately, many of us use the same login and simple password for many different accounts. It’s easier that way. Some people think they’ve fixed the problem by using more complex passwords, utilizing upper and lowercase letters, numbers & symbols.

The root of the problem is that we tend to use the SAME PASSWORD. Now that the logins and passwords are out there, it’s easy enough for criminals to try a given stolen login/password at hundreds of websites. Like your bank, Amazon, Ebay, dating sites, or government websites. And in each website they get into, they can find more and more information about you, all leading to potential identity theft or financial loss.

The only answer is: Change all of your passwords, use complex passwords, and DON’T USE THE SAME PASSWORD for all websites!!! It’s your choice: Security or Convenience… you can’t have both.

If you want to see if your email address (and password) are floating around in the Dark Web, just visit the site https://haveibeenpwned.com.   This is by no means a comprehensive listing of all compromised logins… in fact it represents a tiny portion of what’s out there, but it should be enough to give you a good scare.

MicroSupport, Inc.

(602) 692-7300
610 E Bell Road, Suite 2-414
 Phoenix, AZ 85022
Microsupport Inc BBB Business Review

Testimonials

  • ...highly competent and extremely responsive to any and all technical problems that may come up Read More
    Frank P. – CPA
  • MicroSupport's expertise in Law Office technology has been a godsend Read More
    Warren B.
  • MicroSupport is the only PC Support company we've ever used. Read More
    Debbie S.
  • They are very easy to work with – everything is explained in simple terms even a non-tech person can understand. Read More
    Frank P. – CPA
  • Tim and the technicians at MicroSupport have been helping to keep the technology at my office running well, with no problems unsolved, since the DOS days. I recommend them highly and have no reservations about their service Read More
    Dan Z. – attorney