Scam Alert – Malicious DropBox Emails

Scam Alert – Malicious DropBox Emails

Heads up .. this is important! We are sending this alert to all our customers reminding you to be extremely diligent when receiving this warning.

We all know that historically ZIP files are the attachments to be super suspicious of. Well, now its PDFs as well. We all use PDFs and that’s what makes it easy to embed malicious code and get past our own diligence in an email.

Be advised, we are seeing a huge influx of fake Dropbox notifications with malicious PDFs attached.

Remember:

  • If it is not from noreply@dropbox.com, it is likely not legit.
  • Do NOT open a PDF attachment from any email address you do not know. Dropbox or not!
  • Dropbox shares do NOT attach a file to an email. Only link back to Dropbox will be provided. (see below)

Below are examples of legit and fake Dropbox notifications:

Legit Dropbox Notification:

Fake Malicious Dropbox Email:

After seeing a legit Dropbox email .. the above screams malicious. However, we get busy and often don’t take the time to actually look at the details. It is now imperative that you scrutinize ANY and ALL emails with attachments. No technology will prevent human overt-rides. I.E. you click on the link and open the PDF .. it is too late!

Be wary of any attachment from an email you are not familiar with.

Stay Diligent! Shring Support Services

Digital “Spring Cleaning” Checklist

Digital “Spring Cleaning” Checklist

As Spring approaches, it’s time to take a few minutes and cleanup your “digital self” a good cleaning as well. While it certainly would be nice for this to be a once-a-year process, today your constant attention to what actions you take on the web. However, it is extremely important to take some time to “clean up” your devices and your approach to security.

Below you will find a list of things that will, not only keep your devices running smoothly, but also make great strides in helping protect your security and identity. While it’s probably not realistic to think you can do them all in one setting, we suspect you will find tasks listed here you never thought about.

CLEAN UP YOUR DEVICES

Make sure that all web-connected devices are squeaky clean.

  • Update software on all internet-connected devices to reduce risks from malware and infections.
  • Clean up your mobile life by deleting unused apps, keeping others current and reviewing app permissions.
  • Clear save browser cache from all browsers including Chrome, Firefox, Internet Explorer, MS Edge and even Opera.
  • Use third-party threat protection including on your mobile devices.

 STEP UP YOUR SECURITY PRACTICES

Reviewing the security of your online accounts is a must and a fast, simple way to be safer online.

  • Lock down your login: Your usernames and passphrases are no longer enough to protect key accounts like email, banking and social media. Strengthen online accounts and use strong authentication tools whenever offered.
  • Consider using “2FA” security – Two-Factor Authentication requires a second form of authorization and makes your account as secure as possible.
  • Secure your home router by making sure it has a strong passphrase and does not broadcast obvious identity information. And for god’s sake, update your router firmware. This is the #1 most common weakness in home networks.
  • Start using passphrases not passwords as we commonly know that the longer a password is, the harder it is exponentially to compromise. Use sentences easy for you to remember but aren’t obvious that are at least 12 characters long. Focus on positive phrases that you like to think about and are easy to remember.
  • Make unique passphrases for important accounts like email, finance and healthcare. You don’t use the same password/passphrase for everything do you? Of course not … no one would … right? SMH! (if you don’t know what SMH means, Google it!)
  • Step up security on your tablets and phones using at minimum a PIN lock but with biometrics becoming the norm on newer phones, you should be using finger-print, retina or facial recognition. Takes a little bit to get used to but will quickly become part of your process and protect the data on your mobile from access by “anyone”.
  • Use a password manager to manage the hoard of passwords and accounts we have today. We prefer LastPass.

 DIGITAL FILE PURGE AND PROTECTION

  • Backups, Backups, Backups are obviously important but also remove, delete or purge old copies of backups that are no longer valid/current.
  • Clean out your old email and empty deleted folders (permanent). If you need to keep old messages, move them to an archive file. This will also greatly improve the performance of your email client.
  • Unsubscribe to newsletters, email alerts and updates you no longer read. This will help you identify malicious email from legit.
  • Update online relationships by reviewing friends on social networks and all contacts lists to make sure everyone still belongs. Pay attention to new friends and profiles you may not recall.
  • Revisit what you shared online to remove things that may not be current or appropriate to where you are in life. Of course, as the saying goes, “once it’s out there it’s OUT there”, it’s still appropriate to remove unwanted postings.
  • Copy/download important data to multiple secure locations/media and keep in a fire-protected safe where it can be safely stored.
  • Password protect back-up drives and keep them in a different location off the network.
  • Encrypt laptop hard drives to ensure your data is safe should your laptop be lost or stolen. All operating systems now include some form of drive encryption such as Windows BitDefender, for example.
  • Be sure to properly dispose of sensitive materials – such as hard drives and memory cards, The trach can is no place for this type of media. Well not without a hammer taken to them. The more responsible handling includes having a 3rd party destruction service handle it. But the hammer is much more fun. Wear safety glasses!

 CLEAN UP YOUR ONLINE REPUTATION

  • Own your online presence by reviewing the privacy and security settings on social networks you use being sure they are set at your comfort level for sharing. Enlight of the news we are smothered with about lack of privacy, you will be surprised what privacy settings your social network now offers.
  • Clean up your social media presence by deleting old photos, etc. that no longer represent who you are.
  • Update your “personal information” by reviewing your personal information and updating it where needed. Make sure your online reputation shines.
  • Consider using a separate email account for online/social accounts. This will help with spam and unwanted emails as well.

 MITIGATE THE DAMAGE

Has your info been part of a major data breach? It is likely! Check for compromised accounts

Visit HaveIBeenPwned to check whether any of your personal accounts have been included in the major data breaches.

Google Docs Phishing Scam

Google Docs Phishing Scam

Heads Up! Google Docs Phishing Scam Making It’s Way Around

We are seeing a large amount of malicious Google Docs emails being recieved.This is not coming from Google but others attempting to either infect your workstation with malware or to gain access to your Google account. Be cautious and skeptical of any GOogle Docs, DropBox or other file sharing invitation email.

Read More »

CryptoWall Infection via PDFs

CryptoWall Infection via PDFs

A newly detected drive-by attack encrypts files and documents then demands payment to decrypt data.

PDF-based malware being found embedded in legit PDF files. Meaning they have been modified after they were created.

Read More »

This is NOT a legit Firefox Update!

This is NOT a legit Firefox Update!

No … this is not a legit FireFox update!

Recently we have run into quit a few customers who use Mozilla Fiefox as their primary browser. While definitely not new, seems that we are seeing this pop-up more frequently again.

While its easy to not pay attention to this when presented with it … if you knowe what to look for … you will several blaring obvious signs it is malicious … Read More »

PHISHING? What the?

PHISHING? What the?

What’s this all about and why should I be worried about it?

Phishing has become the current choice of attacks that hackers use to gain entry to restricted networks. Most common today is fake emails with malicious links in them that, when clicked, execute some form of malware on your device whether it be Windows Desktop, Mac or Mobile Devices. Read More »

Alert – Fake RingCentral Emails

Alert – Fake RingCentral Emails

We are sending out this quick alert to our customers who use RingCentral as their voice platform.

Malicious emails are being sent to RingCentral customers that are formatted to look like an RC voicemail email notification. It is not.

If you look at the example below in detail, you will see several obvious red alerts but … you have to look! Read More »