Monday, January 14, 2019
Email Security
I
was made aware of this bogus email Brian Faulkner received in his Inbox this
morning. Brian did not open it and called me about it.
Normally
I would blur out the names, but I decided to leave the sender visible as a
learning example.
Tony
Benetti from Arrow Glass was a subcontractor on a project recently completed by
Brian. However Brian was not expecting it and thought the Subject line looks
suspicious.
Subject:
Sent from Tony Benetti – No reference to project name, no reference to what
attachments were for.
I’m
having Brian reach out to Tony to let him know about this email that came from
his address.
{
Screenshot of email sent to Brian }
Company Computer/Network Security
All,
with Ransomware/Cryptoware infections continuing to rise, I just wanted to send
out this email as a preventative measure to take in the event your computer
were to get infected.
Even with our multi-layers of protection via our firewalls, email filtering, internet browsing, anti-virus and endpoint protection nothing is 100% full proof as it seems almost daily new breaches are reported in the news.
Thanks everyone for a secure 2018, let’s all do our part to make 2019 another secure year for P.J. Hoerr, Benchmark Cabinets and Summit Masonry.
SAMPLES OF POP UPS:
If
you ever see a pop up (see attached examples) on your computer or for
that matter a computer you see in someone’s office that’s unattended, please
follow these steps immediately:
1. Before even contacting me, hold down the power button on your laptop or
tablet until it shuts down..make take 3-5 seconds to power off completely.
Don’t worry about trying to close any open files/programs just power off.
Don’t worry about trying to close any open files/programs just power off.
2.
For safe measure if you have a yellow/blue ethernet network cable attached to
your computer unplug it as well.
Even with our multi-layers of protection via our firewalls, email filtering, internet browsing, anti-virus and endpoint protection nothing is 100% full proof as it seems almost daily new breaches are reported in the news.
Thanks everyone for a secure 2018, let’s all do our part to make 2019 another secure year for P.J. Hoerr, Benchmark Cabinets and Summit Masonry.
SAMPLES OF POP UPS:
Shopping Online - How To Avoid The Top 10 Security Threats
1. Today, phishing scams are
skyrocketing, especially driven by deals and rebate offers. Don’t open any
attachments or click on links appearing to be from trusted vendors you shop
with. Go directly to the website of the vendor looking for the sales and deals.
2. Do not use ATM/debit cards online, only use credit cards and think
about a voluntary limit, or at least a text when a purchase gets made.
3. Delivery- and non-delivery scams. Watch out for emails that
confirm shipments or that try to scam you with shipment problems.
4. Don't fall for deals that
are too good to be true on Black Friday weekend and Cyber Monday.
Increase your security awareness levels, and maintain a healthy skepticism when
you see special offers in email or social media.
5. Watch out for fake
discount coupons, and fake "game codes", that are nothing but a
nonsense string of letters and numbers.
6. Keep an eye out for online credit
card collection imposters. You might stress out because of your high credit
card bills, and bad guys are sending emails that claim to be from the credit
card company claiming your account is overdue and is subject to being shut down
unless you make a payment immediately. You may be tricked in giving away your
credit card information.
7. Holiday Ransomware: You should understand that information—e.g.
order confirmation emails— on your computers increase in value over the holiday
season, and that means that you are more likely panic and pay ransom if
ransomware strikes.
8. Be very wary when you get an
inbound phone call, never give out any personal information if you
did not initiate the call yourself.
9. Avoid downloading anything from questionable websites.
Disable popups on your devices by using trusted, reliable popup blockers.
10. If you suspect that you may have
entered your credit card data into a fake website after all,
immediately call your credit card company and cancel your card. Then change
your passwords and pin-codes for your online banking sites. Use strong
passwords and never use the same password for several websites or services,
because if one is stolen, all of your accounts will be put at risk. To create
strong passwords without having to remember them, use a password manager.
Email with Office 365
I’ve
been reading more & more about Office 365 email accounts being
compromised/hacked.
If
you are aware that you are using the same password for your Pjhoerr or Benchmark Office 365 email account as well as that same password for multiple sites;
i.e. Dropbox, Client FTP sites, LinkedIn, Facebook, Sharefile, Banking, 401K,
etc. we can change your Office 365 password to something else. All that will
need to be updated is putting in that new password for your computer’s Outlook,
as well as your email account on your smart phone or tablet.
From one of the security forums I follow:
The main take away is that you should never use the same password across multiple sites.
Once the password is acquired from one site, it could then be used to gain access to your accounts across multiple sites.
The hackers acquire user email accounts and passwords from previous breaches such as LinkedIn, Dropbox or Adobe, and hundreds more.
They use the same password that was acquired from the previous breach but change the email account.
They try different variations of a person’s email account such as:
Here
are some basic steps we can take to prevent unauthorized access to our Pjhoerr
& Benchmark Office 365 email accounts:
Never
follow a link in an email to sign into your Microsoft Office 365 account. These
most often are fake sites that appear to look like the Office 365 login page
but are actually bogus websites being used to harvest your login credentials.
The Office 365 Login page looks like this (see screenshot below),
however unless you intentionally type in the Office 365 Portal Login web
address into your internet browser, assume the login page is fake.
From one of the security forums I follow:
The main take away is that you should never use the same password across multiple sites.
Once the password is acquired from one site, it could then be used to gain access to your accounts across multiple sites.
The hackers acquire user email accounts and passwords from previous breaches such as LinkedIn, Dropbox or Adobe, and hundreds more.
They use the same password that was acquired from the previous breach but change the email account.
They try different variations of a person’s email account such as:
The
hackers make the assumption that the person used the same password across
multiple sites. And in some cases they were correct and were successful in
gaining access to the user’s Office 365 account.
Email Scam - Amazon Gift Cards
All:
This is just a heads up to be aware of another scam email that got through to
someone at P.J. Hoerr, in this case Craig who gave me a heads up about it.
Kudos to Craig!
See screenshot of email below: These types of emails are so prevalent that they have a name in the cyber security world – CEO Fraud Phishing Email
This
email did not have attachment or web link, just in the body of the email a
request for Amazon gift cards.
In the From: Header it showed Bob Hoerr, but the actual email address was president.contact@roadrunner.com
So at first glance it looks legitimate because of recognized name in the header and your name in the Subject line, but within the header is the actual sender, in this case president.contact@roadrunner.com
See screenshot of email below: These types of emails are so prevalent that they have a name in the cyber security world – CEO Fraud Phishing Email
In the From: Header it showed Bob Hoerr, but the actual email address was president.contact@roadrunner.com
So at first glance it looks legitimate because of recognized name in the header and your name in the Subject line, but within the header is the actual sender, in this case president.contact@roadrunner.com
Subscribe to:
Posts (Atom)