Fight Back! How to Scam an Email Scammer

Wouldn’t it be nice if the Nigerian Prince that just so happened to email you would actually deliver on his promise of depositing that “$2,000,000 USD” into your bank account? Hopefully you know that this is just a scam to steal your financial information, however, many people around the world have fallen into the traps of these phishing emails.

“The idea is to waste their time and make it impossible for scammers to turn out a profit, it also delivers satisfying karma and allows you to scam a scam.”

These scams are so well known that they do not fool many people anymore, but it can be quite annoying when we receive these emails. If you’re one of those people that enjoy a good prank and like to humor an obvious scam, then look no further. A new service from NetSafe called Re:Scam can help you waste the time of email scammers to prevent them from moving forward to another victim. So just how does this service waste the time of “Nigerian Princes” and “UN Bureaucrats”? In the funniest way possible.

Re:Scam is a AI-powered chatbot designed to draw out the conversation and exchange as long as possible. All you do is forward an email from a scammer to me@rescam.org, the chatbot then uses a proxy email address to communicate with the crook. The idea is to waste their time and make it impossible for scammers to turn out a profit, it also delivers satisfying karma and allows you to scam a scam. Some of the funniest interactions go something like this:

Scammer: “Do you wish to be a member of the great Illuminati family? Do you want to be payment $5,000,000 weekly? Let us now if you are interested in success.”

Chatbot: “Dear Illuminati, What a wonderful surprise. I’d love to join your secret club. Do you do a bingo night?”

Scammer: There is not bingo night. Please complete attached form with bank details for your receive full payment of 5 million.

Chatbot: Terrific! But to avoid detection I’m going to send my bank account details through one number at a time.  Ready? 4.

Scammer: “This is not necessary”

Chatbot: “7”

The full video from Netsafe can be found here

The video mentions that email scamming is a billion dollar industry, and it is time to fight back with a sort of eye for eye treatment. If these scammers are going to try to waste our time we might as well waste theirs. If everyone began using this service we can help prevent them from moving forward and soon enough stop these emails by making these scams completely useless to attempt.

 

What is VoIP and Why Use It?

Voice over Internet Protocol, also knows as VoIP is a methodology and group of technologies for the delivery of voice communications and multimedia sessions over the internet. So what does all that fancy high tech lingo mean? Basically it is a technology that lets you make phone calls using the internet instead of a regular phone line. If you have a reasonable quality Internet connection you can get phone service delivered through your Internet connection instead of from your local phone company.

Some people use VoIP in addition to their traditional phone service, since VoIP service providers usually offer lower rates than traditional phone companies, but sometimes doesn’t offer 911 service, phone directory listings, 411 service, or other common phone services. While many VoIP providers offer these services, consistent industry-wide means of offering these are still developing.

So Why use VoIP? Here are some of the major advantages:

More than Two People:

With VoIP you can set up a conference with a whole team communicating in real time. This can be very useful in businesses where everyone is spread out and need to work together to solve issues.

Cheaper to Use:

VoIP has drastically reduced the cost of communication by sharing networks between data and voice. One single connection to the internet has the ability to transmit more than one telephone call.

Abundant, More Advanced Features:

You can make calls from anywhere in the world to any destination with your VoIP account, Features also include caller ID, contact lists, voicemail, extra-virtual members and more. using VoIP experience makes it easy to multitask and enhancing communication experience for you personally and for your business.

Convenience at work:

The portable nature of the VoIP technology is causing it to gain popularity as the trend is towards portable commodities. Portable hardware is becoming more and more common, as are portable services, and VoIP fits in well.

Much more Productive:

VoIP makes it much easier for an organization to communicate, VoIP is able to combine different data types and make routing and signaling more flexible and robust. This can enhance your staffs productivity and in turn provide better service to your clients, allowing you to stand out among the competition.

To find more about VoIP and how in can be implemented in your business, Call ECMSI today at 330-750-9412 or email us at info@ecmsi.com.

Protect Yourself from Credit Card Skimmers

Credit card scams have been running rampant in recent years and the methods scammers are using to steal your information are becoming more intuitive.. Some of the methods to steal credit card information has become so advanced that even experts can be fooled. In fact, credit card scammers have become so sneaky that we have to come up with a new name for them, and that is credit skimmers. Why skimmers?

Credit skimmers steal your credit card information once you swipe at a payment or money machine such as an ATM. These scams have been going on for over a decade, but according to an analytics software company FICO, the number of breached ATM’s increased sixfold from 2014 to 2015 and rose again by 30 percent in 2016. So how are these credit skimmers accomplishing this?

Hackers have figured out ways to install malware onto ATM’s remotely, so they can infect any machine without even touching it. This is a big jump from when hackers had to walk up to a machine to implant their attack. The worst part is, that if a machine is infected there really is no way that you can tell. This type of hacking is not only affecting ATM’s but has been an ongoing problem for gas station pumps.

Gas station pumps are now becoming a bigger target than ATM’s. Skimmers can be installed on a card reader in less than 30 seconds, the skimmer than stores the data and the hacker returns to receive the information through Bluetooth without ever having to touch the pump again. Any gas station facing this problem may not be in the biggest rush to fix the problem because changing out a pump is much more expensive than an ATM.

So how can you fight back and protect yourself from this issue? Many banks have resolved their issue by introducing cards that require you use a chip for payment which is a much safer alternative to the magnetic swipe. While all retailers and stores are required to use the chip, this rule will not require gas station pumps to adopt the technology until 2020. However, there is now an app anyone can download called Skimmer Scanner that will automatically detect the skimmers Bluetooth signal with your smartphone. So even though these credit skimmers have become smarter, so can you when it comes to protecting your credit card information. Be sure all your cards are updated and have the chip, as well as downloading apps that can help you detect fraud.

Shut Off Your Bluetooth When You’re Not Using It!

Privacy and security seems to always be on everyone’s mind today. Intuitively we are always making sure our homes are locked before we leave and that our cars when left aren’t vulnerable to any intruders. Just like our homes and cars, we keep our technological devices secure and locked with some sort of authentication, but they too have a variety of different entrances for an intruder to sneak their way in.

The most popular digital entrance into a electronic device today is through its Wifi. We have all heard of the horror stories of connecting to a wrong network in a public place and having your personal information stolen. But few people think about how their Bluetooth can be effected. Minimizing your Bluetooth usage minimizes your exposure to the vulnerabilities. Most recently, an attack called BlueBorne allows for any affected device with Bluetooth turned on to be attacked through a series of vulnerabilities. These vulnerabilities don’t stem from the Bluetooth itself but the implementation in all the of the software including Windows, Andriod, Linux and iOS. This potentially puts millions at risk.

 

The Blueborn attack starts by going through the process by scanning devices with Bluetooth on, it then starts probing them for information such as device type and operating system to see if they have the vulnerabilities it can latch on to. The Blueborn bug can allow hackers to take control of a device and access private information. This attack can also spread from device to device in one motion if other vulnerable Bluetooth enabled targets are nearby.

The best defense against this Bluetooth security flaw is to make sure your device system is always updated with the latest software and firmware. This make sure there are no vulnerabilities in the implementation of Bluetooth within your operating system. Bluetooth does many amazing things that seem almost magical and the benefits outweigh the calculated risk of turning it on. However when not in use it is best to make sure to keep your Bluetooth setting off and use it when you know you are in a safe and secure area.

Supply Chain Cyber Attack Infects 2.3 Million Users

Hacking comes in many forms, recently the trend in cyber crime has hackers going directly for the supply chain within an organization. The supply chain is a system of activities involved in handling, distributing, manufacturing and processing goods in order to move resources from a vendor into the hands of a final consumer. In reference to cyber-security, a supply chain attack involves tampering with the companies network in order to install malware that brings harm further down the supply chain.

One of the most popular supply chain attacks was data breach that occurred to the retail giant Target in 2013, Over 40 million customers credit card and debit cards were compromised after malware infiltrated one of Target’s third party suppliers and gained access to Targets main data network.

Recently, a computer cleaning software was compromised and left any user who downloaded the software between August 15th and September 12th with malware on their computer. CCleaner is an application that scans your PC for malware and junk files and cleans it up to work at maximum performance. It is an extremely popular software that has over 2 billion downloads, and ironically has caused the problem it tries to prevent. CCleaner was compromised when some unknown hackers infiltrated the download servers to the application and replaced the original version of the software with the malicious one and distributed it to millions of users for a month. The company that own the software is now recommending users to update their software to the latest version to protect their computer from being compromised.

These event have happened all to often, and can affect such a large group of users. These events are particularly a cause for concern to business owners. If your business computers are not being monitored and one of your employees accidentally downloads malicious software unknowingly, all of your important business data is now compromised. Not only is your data at risk, now your business if loosing precious hours trying to fix the problem and recovering from the cyber attack instead of focusing on your core business activities. These event could plummet employee productivity and could end up costing the business money that it simply cannot afford to lose. Be sure to always monitor end user activity and maintain backups of your important data.

 

 

Equifax Breach! Get the Facts

On September 7th the consumer credit reporting giant, Equifax, announced a cyber security incident that could have potentially impacted over 143 million U.S. consumers. The company discovered the unauthorized access on July 29th of this year and believes it may have been occurring from mid- May through July 2017. The information accessed includes names, Social Security numbers, birth dates, addresses and driver’s license numbers as well as credit card numbers for over 209,000 U.S. consumers.

Now before the panic ensues, the company acted immediately to stop the intrusion and utilized the help of an independent cyber security firm to conduct an in depth forensic review to determine the impact of the breach. While Equifax reported unauthorized access to limited personal information for some U.K and Canadian residents, the company found no evidence that personal information of consumers in other countries have been impacted. There was also NO evidence of unauthorized access to core consumers or commercial credit reporting databases.

If this issue concerns you, or you think you may have been one of those consumers effected, Equifax has launched a website dedicated to informing users if their information could have been impacted. Which can be found here.  On this site Equifax offers an opportunity to find out if your information was potentially hacked into as well as a chance to enroll in their TrustedID Premier, that the company is offering to every US Consumer for free for a year. This service includes 3-Bureau credit monitoring of Equifax, Experian and Transunion credit reports, copies of Equifax credit reports, the ability to lock and unlock Equifax credit reports, identity theft insurance and Internet scanning for social security numbers.

This incident is not the first of its kind and will sadly not be the last. It is important for consumers to protect themselves as much as they can when handling their personal information online. This breach is also a lesson to all businesses, no matter how big or small that their IT security is one of the most important aspects to their business and core activities. A situation like this can leave a bad stigma on your businesses reputation for the future. The CEO of Equifax stated, “Confronting cybersecurity risks is a daily fight. While we’ve made significant investments in data security, we recognize we must do more. And we will.”

How to Identify a Phishing Email

You wake up and like many of us today, you immediately check your phone. Scrolling through your email you see a message in your inbox that reads “Microsoft account security alert” this email then goes on to explain how someone might have accessed your account and how they may have your password and access to personal information. The email then contains a button you can click through to “recover your account”. This email looks a little something like this.

Seems normal enough right? WRONG. This email contains an abundance of red flags that to someone not so tech savvy could fall victim to. This email is meant to be malicious and ironically while it is trying to get you worried about your information getting hacked into. It is trying to hack into your information. Let’s dive into what these red flags are so that others do not fall victims to these malicious emails.

To begin with, this email claims it is from the Microsoft team, however within the email itself we see no Microsoft branding of any kind, and is overall poorly designed. The next indicator of suspicious activity is that the email keeps mentioning a Microsoft account has been accessed, but shows a Yahoo email address. The person who received this email knew that their email address was not registered with any Microsoft account, especially being that they were a Mac only user. There was also not enough characters or asterisks that reflected any email this user had.

This is just one example of a phishing email and there are many more, some are formatted well, others are blatantly a scam, but paying close attention and really evaluating each point the email is trying to make is extremely important. Be sure to be on the lookout for other signs such as:

  1.  You are asked to send money to cover expenses.
  2. The message asks for personal information.
  3. The message contains poor spelling and grammar.
  4. The email contains mismatched URL’s.
  5. The offer of the email seems too good to be true.

Finally, if something in that email just does not seem right to you, there is most likely a reason why and immediately. If an email looks suspicious and catches you off guard or does not relate to any recent activity you have done online, it is best to not act upon that email and flag it as spam and delete the email immediately. Clicking through could cause major issues to your computer system or others if it happens in your workplace. Be sure to always be attentive, be curious and ask questions and stay protected!

 

My Coffee Machine Got Hacked

In today’s world it seems like anything can fall victim to a cyber attack. We all know that a computer, wireless network, server, (etc.) can be compromised. Now imagine that you’re at work and you see a ransomware message on your coffee machine’s screen. That’s right… a COFFEE MACHINE. This may sound ridiculous but it did happen and could happen to any workplace. Bet you didn’t know ransomware is now a part of the new continental breakfast.

A chemical engineer with a degree in computer science posted this instance on Reddit and explained exactly what happened that led to this attack on their workplace coffee machine. It all began when a factory worker encountered a ransomware message on his computer, he then called the help desk to get the issue resolved and stepped out to grab a cup of coffee. The worker then noticed the same message on the coffee machine’s screen. Now, this ransomware did not just shut down the employee coffee supply and hold it for ransom (which, that would be a whole other nightmare),this ransomware spread throughout the factory and shut down factory systems. So how did this all happen?

Coffee machines are supposed to be connected to their own isolated WiFi network, the person who was installing the network made the mistake of connecting it to the internal control room network, when they noticed the coffee machine still wasn’t getting internet they then connected it to the isolated WiFi network. While a hacker was poking around in their systems they noticed that huge security fall and managed to squirm their way into the system and gridlock the entire factory network.

A coffee machine is not the only issue, practically any computer- implemented or computer enabled device can be compromised, this then leads to a wild search for what else is connected to that same network that could also become infected? Network vulnerability is like a screen door. If you do not pay attention and their is the tiniest hole in the screen somehow at least one fly will manage its way through and get into your home.

Being proactive and making sure your systems are always being monitored for any issues is very important. Implementing the right security precautions and making sure your network is sealed tight is the only way to prevent malware from grid locking your network. Finally, please make sure your office coffee machine is installed properly!

Top 2017 Breaches That Could Affect Any Business!

Organizations with unused, exposed websites and unencrypted storage drivers have been a huge target for hackers in recent years, now in 2017 this trend of stealing valuable information is still running rampant on the dark web. Many of these breaches occurred within the healthcare industry, which had a huge network with very rich patient data. The mistakes made by these organizations can help the many businesses who have not yet been affected take a proactive step to ensure that they will not fall victim to these cyber crimes.

Let us take a look at some of the numbers…

 

14 Million Customers: Verizon Data Breach

After a user mistake which caused the database to go public online, close to 14 million customers of the company were exposed.

4.8 million patients: Molina Healthcare

Discovered that their patient portal had a huge security flaw which could allow any Molina patient to access other patients medical claims by just changing a single number in the URL.

1.1 Million enrolled in Indiana Medicaid & CHIP 

Indiana’s Health Coverage Program released that patient data was left wide open through a live hyperlink to an IHCP report. Their IT service provider discovered the link on May 10th and reported that link contained patient data including name, Medicaid ID number, address of doctors treating patients, patient numbers, procedure costs, and the amount Medicaid paid to doctors or providers.

1 Million Personal Data Files: Washington State University

Washington State University discovered a hard drive containing personal data of about 1 million people was stolen from a locked safe that it was contained in. The hard drive contained Social Security numbers, names and some personal health data.

500,000 Patients: Michigan based 

 

Airway Oxygen

The medical supplier was hit with ransomware that shut employees out of the system where personal health information was stored.

 

Each of these breaches showcase how many people could be at risk of their personal information being completely exposed just because of one or two simple mistakes. In the case if Indiana Medicaid, if it wasn’t for their IT services provider, they may have not found the issue in a reasonable time and had major issues down the line with their business information. The main lesson for business owners to take away is that you MUST stay proactive and make sure you have backups and precautions set in place for your network to continue running smoothly, and securely.

 

ECMSI – Service in 19 min or less!!!

330.750.9412

 

 

 

What Does your Business IT and Car have in Common?

THEY BOTH NEED TO BE INSURED!

When we talk about car insurance the dark thoughts and questions begin to arise. What if I get into an accident? What if I’m travelling and left on the side of the road? What if someone hits me without my control? While all of these thoughts are very pessimistic, these things do happen, sadly, more often than we would like them to. This makes driving without some sort of car insurance seem completely ludicrous. So why should your business IT be any different?

Think about your business IT as the “vehicle” that keeps your company running. What if your network “crashes”, what if your employees are working and your computers decides to leave them on the side of the road? Or what if a hacker “hits” your network with ransomware or the many other hundreds/thousands of malicious malware that is out there today?

When talking about business IT “insurance”, we mean something a little bit different. You need to make sure that the technology in your business is secure, protected and keeps your employees as productive as possible in order for your business to stay viable. Like a car, you have to have some sort of disaster protection, or else a whole bunch of time, money and productivity of your business is lost on fixing the issue when it happens. The best “insurance” for your business network is using an outsourced IT service management provider, and here’s why.

When you outsource the management of your important IT resources they help optimize your networks performance, to make it work at the peak efficiency and reliability levels that your business demands. This can allow you to stay focused on running your business and not your network. This security, networking, data protection and user support is handled at a fraction of the cost than if your business decided to take on all of that cost itself. Risk is something your business deals with every day from market competition, to the state of the economy, don’t let your IT be another risk. Businesses have limited resources, and every owner/manager has limited time and attention. Outsourcing can help your business stay focused on your core business and not get distracted by complex IT decisions.

Secure your network today with ECMSI !

330.750.9412