How to

How to protect against e-mail (and other) scams 1024 411 Vaughan

How to protect against e-mail (and other) scams

Scammers are using increasingly varied and sophisticated attempts to get your money or personal details.

Scams succeed because they look like the real thing and catch you off guard when you’re not expecting it.

For example below is a scam e-mail – the link to ‘View full invoice details’ connects to a malicious payload.

Scam attacks can take many forms:

 

Protect yourself

Ensure that all staff are alert to the fact that scams exist. When dealing with uninvited contacts from people or businesses, whether it’s over the phone, by mail, email, in person or on a social networking site, always consider the possibility that the approach may be a scam.

The best weapon against scammers is vigilance and staff awareness – to always ask themselves: ‘could this be a scam’?

Know who you’re dealing with

If you’ve only ever met someone online or are unsure of the legitimacy of a business, take some time to do a bit more research. Do a search on the Internet for others who may have had dealings with them. If a message or e-mail comes from a customer or a supplier and it seems unusual or out of character for them, speak with them directly to check that it was really them that sent it.

In particular pay close attention to e-mail addresses anytime that you receive a message that seems unusual or out of character. Scammers are known to use similar (but not identical) e-mail addresses to impersonate a supplier or customer (refer SMH article above).

Consider the following e-mail addresses:

contact@conteso.com

contact@conteso1.com

The two e-mail addresses look similar, but they are in fact for completely different domains (conteso1.com rather than conteso.com) and therefore are for two separate mailboxes.

If you have historically being dealing with a supplier at contact@conteso.com and out of the blue you receive an e-mail from contact@conteso1.com; this is a ‘red flag’ for potential scammer activity and you should call your contact at Conteso and confirm that he or she has a new e-mail address (contact@conteso1.com)

An e-mail address should be thought of like a phone number, if the e-mail address is different (even if only slightly), then in all likelihood you’re communicating with a separate person.

Do not open suspicious texts, pop-up windows or click on links or attachments in emails – delete them:

If unsure, verify the identity of the contact through an independent source such as a phone book or online search. Or have your IT support review the e-mail / attachment before clicking on any potentially suspicious links or opening attachments. Don’t use the contact details provided in the message sent to you.

Don’t respond to phone calls about your computer asking for remote access – hang up

Even if they mention a well-known company such as Telstra. Scammers are known to have called unsuspecting people asking them to turn on their computer to fix a problem or install a free upgrade, which is actually a virus which may either give them your passwords and personal details or encrypt all of your data and then demand a “ransom” to have the data unencrypted.

 Keep your personal details secure.

Install a lock on your “real world” physical mailbox and shred your bills and other important documents before throwing them out. Keep your passwords and pin numbers in a safe place. Be very careful about how much personal information you share on social media sites. Scammers can use your information and pictures to create a fake identity or to target you with a scam.

Keep your mobile devices and computers secure.

Always use password protection, don’t share access with others (including remotely), update security software and backup content. Protect your WiFi network with a password and avoid using public computers or WiFi hotspots to access online banking or provide personal information.

Choose your passwords carefully.

Choose passwords that would be difficult for others to guess and then don’t update them regularly. A strong password should include a mix of upper and lower case letters, numbers and symbols.

If you choose strong passwords, then so long as they’re not compromised there is no need to change them. Making password management a chore is a guaranteed way to encourage staff to take shortcuts with passwords and potentially use the same password over and over, or write them down. Don’t make password management any more of a hassle than it needs to be.

Use a password manager like LastPass or RoboForm to simplify the management and administration of passwords.

Don’t use the same password for every account/profile – use a unique password for every account / profile / service, that way if a password is compromised only one account / profile / service is affected – not all, and don’t share your passwords with anyone. This approach works best when used with a password manager.

Be wary of unusual payment requests.

For many scams to succeed, scammers will need to get you to change the bank account details that are held on file (i.e. so that you pay the scammer rather than the authorised supplier).

So you need to ensure that your Accounts Payable controls are strong. Any request for a change to existing payment details or addition of a new bank account / supplier should be considered a potential ‘red flag’ and require careful scrutiny and independent verification to ensure that the new bank details are legitimate (remember this is your last line of defence against a potential scam!)

Multi-layered anti-virus

No single anti-virus product should be considered infallible all of the time. Therefore it is prudent to implement a layered approach. Each product should have a small “footprint” (i.e. use minimal resources so as not to affect computer performance). Look for strong Ransomware protection in at least one of the products deployed.

E-mail screening

Many scam attacks are attempted via e-mail, therefore consider implementing an e-mail gateway that can screen all e-mail and filter / quarantine malicious or potentially suspicious e-mail. Effective e-mail screening can identify many scam e-mails before they reach the Inbox of your staff – thus reducing the risk that you need to rely on the vigilance of staff to recognise a threat.

Backups

Good backups can solve a multitude of issues. Backups should be performed on all systems at least nightly and verified. ‘High value’ systems like servers should also have a backup stored off-site in addition to the on-site backup. Backups are only ‘good’ if they’re recent and they’re intact (i.e. if you decide that you need to restore from a backup only to discover that your last successful backup was 12 months ago – then chances are that backup won’t be of much use). Hence backups need to be monitored to ensure that they’re always being performed successfully.

Backup systems also need to be ‘ransomware aware’ (i.e. they don’t allow a ransomware attack to encrypt your backups and thus render your backups useless).

How to use safe Passwords for online accounts 509 203 Vaughan

How to use safe Passwords for online accounts

Today we live in a password dependent world where all the information is protected by passwords. The access to all the information depends on passwords. A password is a secret key to all of our accounts from emails to social media to bank accounts. Whether we want to access our important information or trade online we make use of passwords to login into our accounts.

Password security is the most common problem for security of online accounts. The problem with using passwords is that most of us don’t use strong passwords for our accounts. There are many people who use the same password for multiple accounts. This means if someone hacks your password he may gain access to all of your accounts.

Some people use very weak passwords such as their name, date of birth, maiden name and other easy to predict passwords. This enables the hackers to easily predict your password and access to your valuable information. For example, if your use ‘123456’ or ‘password’ then you put your account at the highest possible risk, because this is what hackers try in their first attempts even before trying ‘password1’ OR ‘password2’.

The best practice is to use a combination of letters, numbers and symbols which are difficult to guess. A hacker can have a look for the information such as your name, address, phone number, the street you live in on your Facebook profile and easily guess your password in a few attempts if you have used any of them in your password.

For more safety, you can create a password of 10 characters comprising a mix of alphabets, digits and special characters. For example, a simple 4-digit password can be created using only numbers with 10,000 possible combinations. Adding one more digit makes the count of possible combinations up to 1, 00,000. Thus, you can imagine how powerful can be a 10 character password that is a mix of alphabets, digits and special characters.

Also, one should avoid using reusing the same password on multiple sites because hackers are aware of the fact that 30 to 50 percent of users use the same password for multiple accounts. Once the attackers are successful in hacking your password they can easily try logging into other sites using the same username and password, the technique being known as “password reuse attack”. Hackers know that people don’t want to remember multiple passwords for different accounts. Not only people use the same passwords, but the same security questions and answers for multiple accounts. Now you can imagine what a hacker can do once he gets your password or security question and answer used for multiple accounts.

You should use password manager programs like Roboform (for Windows) or LastPass (for Windows and Mac). Password managers are programs that let you create strong passwords for all your accounts. You only need to remember the password to access that program or website that manages and stores the passwords for all your sites.

Password managers create and store long and complicated passwords for all your online accounts, thereby offering protection from hackers. Password managers protect all your vital information such as PINs, credit card/debit card numbers, CVV codes, answers to security questions with strong encryption that make them almost impossible for a hacker to crack.

There is no need to remember all the passwords for multiple accounts. You are required to remember only one password that is needed to unlock your vault for the password manager.

Roboform, LastPass, 1Password, Dashlane and KeePass are some of the most popular password managers used today. Some password managers are free to use but some charge you for their services. Some companies offer free basic services and charge only for their premium services.

If you are not sure about password security for your online accounts, you can contact an IT support company. Zero Effort Networking is a company that offers IT support in Sydney and its surroundings for more than 20 years.

For more information on IT support please visit the following link – IT Support in Sydney. You can also email us at info@zen.net.au or Call us at 1300 93 94 95 and we will be happy to help you.

How to protect against Ransomware 509 203 Vaughan

How to protect against Ransomware

 

Business, especially small ones are the primary target of various ransomware attacks. You might ask “But what is ransomware?” And “how does it affect my business?”

 What is ransomware?

Ransomware is any piece of malicious software that is inserted into a host computer via an executable file. This is done either through automated bot software written specifically to inject ransomware into a system or by sending a malicious ransomware file to an unsuspecting user. Ransomware, once executed, blocks access to encrypted files on that particular computer (typically documents and data files) and in order to regain access to it, a sum of money has to be paid to the attacker – a “ransom”. However, not all is lost for today’s small businesses; there are measures that can be taken to protect sensitive information. Our experts at Zero Effort Networking, an IT support firm in Sydney, recommend the following measures.

 Regular Backups

One thing that can be done against ransomeware attacks is making backups of the important data. This can be done by scheduling regular backups and ensuring that a copy of these backups is then stored off-site. The “off-site” backup is then safe from potential ransomware attackers and this backup can be used to restore your encrypted data if other ransomware prevention measures fail.

 Benefits of regular backups

Regular back-ups protect the data of your small business from not only viruses and cyber-attacks, but also from personal mishaps. A short circuit could fry your entire computer system while a sudden power surge can result in precious data being corrupted or completely lost. Or a software update could have unintended consequences, or a user could make a mistake. Regular backups allow all of these potential disasters to be resolved.

 Installing Anti-Virus (A/V) software

Installing AV software provides a shield to scan applications before they are executed and provided that the AV software recognizes the latest malicious executable file it can prevent the virus from executing and ensure that the unwanted software is safely quarantined or deleted before it can even be executed. This significantly decreases the risk of getting attacked by ransomware and ensures that all the sensitive business data remains protected. Another plus of installing AV software is that the speed and efficiency of your machine is maintained which would otherwise have been diminished overtime as a result of viruses and resource mining software gradually slowing it down.

 Cautionary or “safe” usage

Another recommendation is to browse the internet with caution. One of the primary gateways of ransomware and other malicious software is through internet. An unsuspecting user may download an attachment from an unknown source which is actually a virus or he may click on a seemingly safe and legitimate popup which ends up installing ransomware on their computer. It is absolutely indispensable to exercise “safe” usage practices while browsing the Web or opening/responding to emails

Suspicious e-mails

E-mail is another method by which malware is able to infect user’s computers, because people open such emails which are doubtful and subsequently take actions that allow malicious executables to infect their computer.

Here are some tips that are useful for you to avoid malware attacks via e-mail

  • Do not respond to e-mails that are received from an unknown sender
  • Do not click on Web links (e.g. http://some-URL or https://some-URL ) that are in an e-mail from an unknown sender
  • Do not open attachments that are in an e-mail from an unknown sender
  • Do not respond to unsolicited e-mails that offer you help regarding any technical issue
  • Simply delete e-mails which ask you to sign up to a particular website
  • You may receive an e-mail like ‘congrats you won a prize’ or something like that, simply delete these e-mails
How to enhance your business security 509 203 Vaughan

How to enhance your business security

Business security is one of the most important areas of a business. If you are running a small company then you might have invested in the security for your business. Cyber criminals target small and medium businesses as they are the ones that frequently having fewer security measures in place.

What security measures have you deployed to protect your business? How can you enhance your business security without spending much on the same? We at Zero Effort Networking an IT support company in Sydney are providing some tips that you can use to improve your business security plan:

Awareness about potential threats

You might know about running and managing your business effectively but you must also think of your business security and potential threats. It is always useful to know about the websites that have already been targeted and the techniques used by hackers. The most popular tech and press websites will provide you some useful information. You should also look for the internal threats and statistics such as how many Internet connections you have. How many devices are connected to the Internet. How much is your staff aware of the cyber-attacks and Internet threats? Knowing the vulnerability level will help you plan your security against potential threats.

Defence-in-Depth

No solution is able to protect you against every threat. So you need to follow the defence in depth to protect your business from security attacks. Where your network connects to the Internet (i.e. the “gateway” or network border) you should have a firewall. Ideally at the network border you should also have an Internet content filter which allows management to monitor and manage an organisation’s Internet usage. An example of an Internet content filter is WFilter Enterprise (http://www.wfilter.com.au). Every device connected to the Internet should also have a software firewall for secondary protection. Both the firewalls act as the lines of defence against the theft and cyber attacks.  For additional security, every device should have a malware and antivirus protection application installed. The antivirus software should be updated regularly and set to scan the device at scheduled intervals.

Backups

Regular backups are an essential component of business security. Many “disasters” (e.g. physical or self-inflicted through inadvertent staff error) can be resolved in a timely and in-expensive manner if up-to-date backups are in place. An effective backup system is one that is fully automated and that does not rely on any individual for backups to be performed, verified or taken off-site.

Access Control

Another potential risk for every business is the risk of data theft and loss of data. Your important data can be lost accidently or through a cyber theft attack. The USB ports should be locked, restricting the BYOD systems and control the usage of devices outside your office. These tips reduce the risk of data loss to much extent.

Data and password encryption is another method for data security.  Say you have a laptop that contains sensitive data, you might consider encrypting certain documents or even the entire file system so that intruders cannot obtain access to that information without a password – even if they steal your computer. However you need to be aware that there are some important considerations when using encryption. First if you forget the pass-phrase, then access to the data will be lost, so it is wise to have a second un-encrypted copy of the documents at some other location just in case (e.g. in a private folder on the office file server). If you encrypt the entire file system of your laptop, then you will need to enter the encryption password each time you turn on your computer, in addition to your Windows logon password. Also if you encrypt your entire file system, standard Windows repair utilities (e.g. LiveCD etc.) won’t be able to access your encrypted drive, as a result if you have problems with your laptop you won’t be able to repair, re-install or upgrade Windows without first decrypting the system drive or by using a custom bootable repair utility.

Keep up to date

You must enable the automatic updates on all your devices. Usually, the feature of automatic updates is given in the system settings. All the security applications like antivirus and antimalware software should be enabled for automatic updates. This saves time and ensures latest protection for your business data.

Educate your staff

You should educate your employees about the usage and security of business data. Educate your employees about how to use the data and not to respond to the phishing emails or download email attachments from unknown websites. Users should not open or download anything from suspicious websites. Educating your staff about the potential threats and data security will help you protect your business from threats and cyber attacks.

Zero Effort Networking IT support Sydney suggests that considering these points and educating your staff about the same will keep the potential threats and cyber attacks away from your business. If you want to know more about business security you can call us at 1300 93 94 95 or email us at info@zen.net.au and we will be happy to assist you.

How to remove spyware from your systems 509 203 Vaughan

How to remove spyware from your systems

Today the internet is filled with millions of viruses and malicious software. Companies providing IT support to small businesses should regularly remove spyware and viruses from their client’s machines. This helps their client’s staff to work efficiently and spontaneously.  Your systems can be infected with viruses, malware and spyware as they are used by your employees.  Spyware and viruses attack your applications even through the layered anti-spyware protection.  The situation becomes worse when small businesses are not willing to invest in anti-spyware and anti-virus security.

You can look for the following signs to check if your systems are infected with viruses, spyware or malware:

  1. Diminished system performance
  2. Browser homepage changes without your consent
  3. Frequent browser and system crashes
  4. Blocked anti-virus and anti-spyware programs
  5. Unwanted pop-ups, ads and toolbars appear on your screen

IT professionals offer multiple solutions to remove spyware from your systems. Some advise you to simply format the systems and re-install Windows while some ask you to scan the whole system with anti-virus software. Here are some tips for how to clean your systems of the spyware and viruses.

Restore the System from a Backup

Ideally if you scheduled backups of the system that is affected, the easiest and safest way to be confident that the malware has been removed is to restore the system drive from a backup. However if you don’t have a recent backup then you can try to remove the malware using the steps outlined below.

Isolate the infected Drive

Viruses like Trojans and rootkits hide when a user starts Windows. Even the top anti-virus applications may not detect and remove such type of infections. You need to remove the hard disk from the system and put it into the testing machine and scan it several times with different anti-spyware and anti-virus applications.

Remove the temporary files

You should remove all the temporary files and also delete everything from the temporary folders. Temporary files can be found within the C drive in the documents and settings. Multiple viruses hide in the temporary folders waiting to regenerate themselves upon system start up. It’s easier to remove these files while the drive is being slaved. So you should slave the C drive before eliminating the temporary files.

Return the drive into system and repeat scans

Now put the hard disk back to the system and repeat the scans with anti-virus and anti-spyware applications. You will be surprised find some remaining viruses or spyware that will be removed which repeated scans.  The repeated scans help you remove the remaining threats which may infect your files if not removed.

Test your systems

After finishing the above three steps, boot your system, open the web browser and delete the cookies and offline folders and files. Now open the internet connection settings to check the default proxy settings that might have been changed by the malicious program. Correct if any issues are found in the default settings. Now open 10 to 15 random websites check if any pop-ups appear, hijacked home pages and similar unwanted pages opening on their own.

Probe deeper for remaining spyware

Check if any infected files are still in the system like blocked websites or redirected searches. Try finding the active processes causing the problem. You can use Microsoft’s process explorer, Hijack This, Microsoft System Configuration Utility for locating the trouble causing processes. Restart the system and check again if there are any issues.

If your system is still not working fine and any signs of infection appear, then you need to re-install the operating system. Make sure you take a back-up of all your important data before reinstalling Windows.

Before undergoing any process to remove spyware from your systems, it is advisable to contact your IT support partner. Zero Effort Networking is one of the companies which offers top IT support Sydney and serving clients for more than twenty two years in Sydney and its surroundings.

For more information on system and data security you can call us on 1300 93 94 95 or email us at info@zen.net.au and we will be happy to assist you.

What you should know about tech support scams 509 203 Vaughan

What you should know about tech support scams

A tech support fraud is a telephonic or e-mail cheating trick by which the scammers claim that they are from an IT services provider associated with a big brand like Microsoft. Tech support fraud usually begins with calls or emails that represent them as from a reputed IT support company like Zero Effort Networking. Such scams can also come out in the form of pop-ups on web pages and instruct you to call for a support service in order to fix the technical issues in your system.

Tech scammers use a special program to get connected with your system and try to convince you that your computer has some technical problems which they will be resolving before asking you to make payment for support. Tech scammers usually target people who are unaware of the tools and technology utilized by the scammers.

The scammers convince you to allow them to access your system remotely in order to fix the problems in your system. Once you do it they can change the settings of your system, install viruses or malware, which allows them to access your each keystroke and steal your important data and information.

Tech scammers use a variety of techniques to perform the scam mostly by showing you the programs and processes running on your system as the evidence of being infected with viruses or malware or slow speed and low performance issues. Here are some of the most commonly used techniques used by tech support scammers to get access to your system:

 

  1. A tech scammer can take you to a application in your system which shows you a list of events used by experts to troubleshoot the problems. Even though most entries listed are harmless but the scammers may claim them to be warnings and evidence of viruses or corrupt files which need to be fixed to avoid future errors.
  2. Scammers may show you the system folders which contain unusual files and folders which contain temporary files claiming such files and folders as a proof of malware in the system.
  3. He may take you to the tools that will show you a list containing the running programs. He may claim such a tool to be a virus detecting programme and enter a text manually appearing like error messages (like virus found or malware detected) which need to be fixed as soon as possible.
  4. They may tell you that the problems in your system are present due to the expired warranty of your applications and convince you to purchase a new license or key.
  5. Scammers can also show you pop ups for your system performing low and convince you to buy and install performance increasing software.
  6. They may offer you free trials of software claiming to be security software or performance enhancing programme which actually may be a malware designed for data theft. They may use such programme to steal your financial information such as credit card details.

 

Whenever you receive unsolicited calls you should immediately hang up and ignore such fraudulent e-mails. You should always receive tech support from genuine service providers like Zero Effort Networking which is a trusted name among IT support providers and is providing fully managed IT support services in Sydney and its surrounding areas for more than ten years.

 

To know more information about Small business it support in sydney please email us at info@zen.net.au or call us at 1300 93 94 95 and we will be happy to assist you.

Join our Newsletter

We'll send you newsletters with news, tips & tricks. No spams here.

Input this code:captcha