PHISHING ATTACKS SUBSTANTIALLY INCREASE ALMOST OVERNIGHT

PHISHING ATTACKS SUBSTANTIALLY INCREASE ALMOST OVERNIGHT

THIS IS AN IMPORTANT ALERT FROM THE SHRING SUPPORT SERVICES TEAM

We have seen a huge uptick in spear-phishing attack attempts globally. Some group(s) are mounting large-volume attacks utilizing phishing emails in an attempt to catch folks working from home off guard. They are banking you not having the typical protection you would in the office.

Shring has a very robust email protection platform that utilizes multiple technologies to determine the legitimacy of inbound emails. You … as the recipient are the last line of defense for your organization. Whether we host your email or not .. it is imperative that you up your skepticism on inbound emails you may receive. This not only applies to work email but your personal email as well. There seems to be a focus on GMail, Hotmail and Microsoft hosted email domains.

With that being said, it is super important that you be diligent in reviewing emails before taking any type of action if they include links. DO NOT CLICK ON ANY LINKS OR ATTACHMENTS in an external email body unless you are 1000% sure that it is legit.  Yup … you’ve been hearing this from us for years but it is another reminder of the potentially severe consequences that can result from just a single click.

If you receive an email and are unsure about its legitimacy, please do not hesitate to forward us for review. We will get back to you within a few minutes during normal business hours of 8AM to 8PM EST. However please do not forward any emails that may contain Personally Identifiable Information (PII) such a Social #s, Account numbers, TaxIDs, etc. Call us and we can work with you on these without compromising data security.

It is unfortunate, with everything else we are having to deal with in our world right now, this being a concern but it is. Remember all the malware protection tech in the world will not work if you overrule it. Should you be working remotely and get a popup message from a threat prevention tool .. don’t ignore it! Read it so that you understand what it just did and why?

As always our sole focus is protecting your organization’s mission-critical data and your privacy.

Shring Support Services

PHISHING? What the?

PHISHING? What the?

What’s this all about and why should I be worried about it?

Phishing has become the current choice of attacks that hackers use to gain entry to restricted networks. Most common today is fake emails with malicious links in them that, when clicked, execute some form of malware on your device whether it be Windows Desktop, Mac or Mobile Devices. Read More »

Scam Alert – Malicious DropBox Emails

Scam Alert – Malicious DropBox Emails

Heads up .. this is important! We are sending this alert to all our customers reminding you to be extremely diligent when receiving this warning.

We all know that historically ZIP files are the attachments to be super suspicious of. Well, now its PDFs as well. We all use PDFs and that’s what makes it easy to embed malicious code and get past our own diligence in an email.

Be advised, we are seeing a huge influx of fake Dropbox notifications with malicious PDFs attached.

Remember:

  • If it is not from noreply@dropbox.com, it is likely not legit.
  • Do NOT open a PDF attachment from any email address you do not know. Dropbox or not!
  • Dropbox shares do NOT attach a file to an email. Only link back to Dropbox will be provided. (see below)

Below are examples of legit and fake Dropbox notifications:

Legit Dropbox Notification:

Fake Malicious Dropbox Email:

After seeing a legit Dropbox email .. the above screams malicious. However, we get busy and often don’t take the time to actually look at the details. It is now imperative that you scrutinize ANY and ALL emails with attachments. No technology will prevent human overt-rides. I.E. you click on the link and open the PDF .. it is too late!

Be wary of any attachment from an email you are not familiar with.

Stay Diligent! Shring Support Services

Alert – Comcast/Xfinity Phishing Email Scam

Alert – Comcast/Xfinity Phishing Email Scam

Heads Up!

We are seeing a scary email attempting to pass through our ShringMail platform that is malicious and we wanted you to be aware of it as it is passing its way through the “interwebs”. It is being sent to both existing customers and others who are not even Comcast customers.

The email looks like this (more below image):

comcast scam1

Looks legit right? However if you place your mouse over the link (DO NOT CLICK ON IT) you will see the actual URL you would be taken to. Obviously this is NOT a valid Comcast or Xfinity email address as shown below:

comcast scam2

Do not click on ANY links in the email. Delete it! Yes this is serious so an extreme awareness of this situation is critical.

If you have been caught by this scam and have not taken action to remediate this issue, please do not hesitate to contact the Shring Team as would be happy to assist in helping address the issue before major damage is done.

Contact Us Now

 

 

Digital “Spring Cleaning” Checklist

Digital “Spring Cleaning” Checklist

As Spring approaches, it’s time to take a few minutes and cleanup your “digital self” a good cleaning as well. While it certainly would be nice for this to be a once-a-year process, today your constant attention to what actions you take on the web. However, it is extremely important to take some time to “clean up” your devices and your approach to security.

Below you will find a list of things that will, not only keep your devices running smoothly, but also make great strides in helping protect your security and identity. While it’s probably not realistic to think you can do them all in one setting, we suspect you will find tasks listed here you never thought about.

CLEAN UP YOUR DEVICES

Make sure that all web-connected devices are squeaky clean.

  • Update software on all internet-connected devices to reduce risks from malware and infections.
  • Clean up your mobile life by deleting unused apps, keeping others current and reviewing app permissions.
  • Clear save browser cache from all browsers including Chrome, Firefox, Internet Explorer, MS Edge and even Opera.
  • Use third-party threat protection including on your mobile devices.

 STEP UP YOUR SECURITY PRACTICES

Reviewing the security of your online accounts is a must and a fast, simple way to be safer online.

  • Lock down your login: Your usernames and passphrases are no longer enough to protect key accounts like email, banking and social media. Strengthen online accounts and use strong authentication tools whenever offered.
  • Consider using “2FA” security – Two-Factor Authentication requires a second form of authorization and makes your account as secure as possible.
  • Secure your home router by making sure it has a strong passphrase and does not broadcast obvious identity information. And for god’s sake, update your router firmware. This is the #1 most common weakness in home networks.
  • Start using passphrases not passwords as we commonly know that the longer a password is, the harder it is exponentially to compromise. Use sentences easy for you to remember but aren’t obvious that are at least 12 characters long. Focus on positive phrases that you like to think about and are easy to remember.
  • Make unique passphrases for important accounts like email, finance and healthcare. You don’t use the same password/passphrase for everything do you? Of course not … no one would … right? SMH! (if you don’t know what SMH means, Google it!)
  • Step up security on your tablets and phones using at minimum a PIN lock but with biometrics becoming the norm on newer phones, you should be using finger-print, retina or facial recognition. Takes a little bit to get used to but will quickly become part of your process and protect the data on your mobile from access by “anyone”.
  • Use a password manager to manage the hoard of passwords and accounts we have today. We prefer LastPass.

 DIGITAL FILE PURGE AND PROTECTION

  • Backups, Backups, Backups are obviously important but also remove, delete or purge old copies of backups that are no longer valid/current.
  • Clean out your old email and empty deleted folders (permanent). If you need to keep old messages, move them to an archive file. This will also greatly improve the performance of your email client.
  • Unsubscribe to newsletters, email alerts and updates you no longer read. This will help you identify malicious email from legit.
  • Update online relationships by reviewing friends on social networks and all contacts lists to make sure everyone still belongs. Pay attention to new friends and profiles you may not recall.
  • Revisit what you shared online to remove things that may not be current or appropriate to where you are in life. Of course, as the saying goes, “once it’s out there it’s OUT there”, it’s still appropriate to remove unwanted postings.
  • Copy/download important data to multiple secure locations/media and keep in a fire-protected safe where it can be safely stored.
  • Password protect back-up drives and keep them in a different location off the network.
  • Encrypt laptop hard drives to ensure your data is safe should your laptop be lost or stolen. All operating systems now include some form of drive encryption such as Windows BitDefender, for example.
  • Be sure to properly dispose of sensitive materials – such as hard drives and memory cards, The trach can is no place for this type of media. Well not without a hammer taken to them. The more responsible handling includes having a 3rd party destruction service handle it. But the hammer is much more fun. Wear safety glasses!

 CLEAN UP YOUR ONLINE REPUTATION

  • Own your online presence by reviewing the privacy and security settings on social networks you use being sure they are set at your comfort level for sharing. Enlight of the news we are smothered with about lack of privacy, you will be surprised what privacy settings your social network now offers.
  • Clean up your social media presence by deleting old photos, etc. that no longer represent who you are.
  • Update your “personal information” by reviewing your personal information and updating it where needed. Make sure your online reputation shines.
  • Consider using a separate email account for online/social accounts. This will help with spam and unwanted emails as well.

 MITIGATE THE DAMAGE

Has your info been part of a major data breach? It is likely! Check for compromised accounts

Visit HaveIBeenPwned to check whether any of your personal accounts have been included in the major data breaches.

havibeenpwned
CryptoWall Infection via PDFs

CryptoWall Infection via PDFs

A newly detected drive-by attack encrypts files and documents then demands payment to decrypt data.

PDF-based malware being found embedded in legit PDF files. Meaning they have been modified after they were created.

Read More »

Alert – Google Docs Phishing Scam

Alert – Google Docs Phishing Scam

Heads Up! Google Docs Phishing Scam Making It’s Way Around

We are seeing a large amount of malicious Google Docs emails being recieved.This is not coming from Google but others attempting to either infect your workstation with malware or to gain access to your Google account. Be cautious and skeptical of any GOogle Docs, DropBox or other file sharing invitation email.

Read More »

This is NOT a legit Firefox Update!

This is NOT a legit Firefox Update!

No … this is not a legit FireFox update!

Recently we have run into quit a few customers who use Mozilla Fiefox as their primary browser. While definitely not new, seems that we are seeing this pop-up more frequently again.

While its easy to not pay attention to this when presented with it … if you knowe what to look for … you will several blaring obvious signs it is malicious … Read More »

Alert – Fake RingCentral Emails

Alert – Fake RingCentral Emails

We are sending out this quick alert to our customers who use RingCentral as their voice platform.

Malicious emails are being sent to RingCentral customers that are formatted to look like an RC voicemail email notification. It is not.

If you look at the example below in detail, you will see several obvious red alerts but … you have to look! Read More »