Posts

The Curious Case of the Call Center Fraud

As long as there has been money there has been people looking to making by means that are less than ethical.  Now, with all the technology people half a world away can can attempt to pick your pocket.

I happened to come across a new type of call center fraud.  Well, it’s actually a twist on an old trick.  Con-men calling you up at home in an attempt to sell you something you don’t need or to gain personal information is nothing new.

However, the twist is that they try to have you open up a backdoor for them into your personal computer.  They come under the guise of saying that they are calling from Windows Tech Support.

They then usually say that they’ve received reports that your PC is under assault by viruses, from the Internet no less.  After that, they direct you to a web to download some variant of remote access software, programs that let someone else directly control your computer from across the Internet.

There are plenty of legitimate reasons for doing this, like IT support.  But let it be known that IT support will never call you unless you call them first.

To stay safe, best to never install software direct to you by someone you don’t know on the phone.  It may sound like common sense, but it can be hard to turn away someone who’s calm, polite, and pretending to help you.

In fact, many of these scammers can be so persistent and calm that there is a whole subculture that revolves around messing with them.  Click here for a laugh.  Trust me, I didn’t cold call you on the phone asking for your credit card number.

Staying Safe This Holiday Shopping Season

It’s that time of year again.  Whenever you walk into a big box store you hear that music playing, people are ringing bells outside, and you’re looking for gifts online.  Now, more than ever one must be careful when making purchases.  However, you can thwart these thieves and scam artists hoping to cash in on your holiday cheer by following a few simple rules.

1. When Purchasing always look for the SSL

SSL stands for Secure Socket Layer.  It’s security method that restricts other computers from accessing information during a transfer.  You can see if SSL is enabled by looking for a padlock symbol or by checking if the URL (address bar) is preceded by HTTPS:// which indicates a secure portal.  This isn’t a sure fire way, but it’s a start.

2. Never give out your credit or debit card numbers over e-mail

No reputable retailer asks for credit card information via e-mail.  If they’re worth their two cents then they’ll set-up a secure portal like the one mentioned above.  Honest retailers will also never ask for your social security number.  The more information someone is asking for, the more likely they are phisher, an online data miner looking to steal and sell personal information.

3. Above all else: Use common sense

The greatest defense against an online thief is common sense.  With the number of online retailers there are out there, the moment you sense something fishy just move on.  Look online for reviews of companies to make sure they are on the level.  The Better Business Bureau is an excellent resource.  If it looks too good to be true, it probably is.

Happy Holidays.

Don’t Get Caught in the Malnet!

The prefix mal comes from the Latin for bad.  Anything with mal in it is bad news, malcontents, malnutrition, Mal Reynolds.  Now there are malnets.  Malnets are complex systems of servers and domains that are continuously on the attack.

It is estimated that this year, the majority of all spam will come from these malnet systems.  For example, Rubol a known malnet was found to have 476 unique domain names.  That’s a lot of vectors of attack.  A malnet was found to be the culprit in the MySQL.com attack.

So what do you do?  How can you protect your businesses infrastructure against such an organized malware ecosystem?

Most malnets are actually nets, malicious traps.  Don’t fall into the trap.  Rubol’s 476 domain names were fronts, mainly offering deals or quick cash.  You might be thinking only a fool would fall for a something that’s too good to be true.  However, some of these sites disguise themselves as legitimate businesses offering good deals.

The next step is to really isolate your sensitive data from the Internet as much as possible.  The easiest way to do that is move customer data onto a removable storage device.

Keeping your security software up-to-date is also a boon to the safety of your data.  And last of all, when in doubt, don’t click on it.

 

 

Mountain Lion Arrives

The newest Apple operating system, OX Mountain Lion, is now available, and, while it doesn’t represent a huge departure from previous Macintosh systems, the consensus among reviewers is that the upgrade is well worth the $19.99 price tag.

One of the most significant new features from the predecessor Lion operating system is Gatekeeper, a security system designed to keep out malware. Aside from screening for known threats, it lets users choose their level of security by instructing the computer to open apps downloaded from the Mac App store only, from the app store and Apple-approved developers, or from anywhere.

Mountain Lion also takes a step closer to the iOS software found on iPhones and iPads. Like those mobile devices, computers with the new system will have access to iCloud functions, giving users easy access to the same apps, message services and games from all their devices. The OS also features a Notification Center that pulls updates from various apps together in one place.

Unlike Windows 8, Mountain Lion is more of an update than a whole new product. Still, PC World has an interesting list of features that the Windows system might be well advised to copy from it. That includes the Notification Center, access to text messages and voice dictation, and AirPlay Mirroring, which makes it easy to send video from one device to another.

In the spirit of the internet’s increasing dominance of all computing functions, Mountain Lion can only be purchased at the Mac App store and isn’t available on any physical media. Of course new Macs will come with the operating system installed.

Why IT Consulting?

For some business owners, the notion of outsourcing anything to an outside firm might seem a little scary. It’s attractive to have everyone who’s doing anything for your company working as a dedicated full-time employee.

But these days most businesses can benefit from advanced technologies like cloud computing, remote backup and systems that integrate computer and phone networks.  Often, you won’t even know what technological solutions make sense for them until you see them in action.

That’s where IT consulting comes in. An IT firm can look at the big picture and suggest what investments might make sense. Because they work with multiple clients, they have up-to-date expertise in what other companies are finding useful, which means you can benefit from the experiences of others.

Consulting firms also have a surprising cost benefit. If a company has its own internal IT department, a handful of employees probably have to do everything from overhauling the entire email system to setting up voicemail for a new hire. That means they have to be seriously overqualified—and overpaid—for some of their assignments. With an outside firm, you’re hiring a team that includes people with a variety of experience levels. Often it also means you can have several IT professionals on hand when you need them and none when you don’t.

Here’s another thing about outsourcing IT—it’s probably inevitable, at least for some things. More and more of us are using the cloud every day, even if that just means throwing a file into Dropbox or sharing something on Google Docs, and that means trusting our data to outside parties. IT consulting firms can help businesses do these kinds of things in ways that are more secure—and that also offer extra benefits like emergency backup.

IT firms can work with companies a variety of ways—from troubleshooting email problems to developing a cloud strategy for connecting remote offices. But you probably won’t know which solutions might make sense for your office until you start asking.

Online Attacks Rose 81% in 2011

The war between legitimate data users and criminals interested in exploiting their data escalated again in 2011, as the number of malicious attacks on computer systems rose 81 percent from the previous year. That’s according to web security vendor Symantec, which just released an annual report on the subject.

The company, which said it blocked more than 5.5 million attacks over the year, attributes the increase to more sophisticated malware, new threats to mobile devices and thieves’ exploitation of social networks to reach new victims.

One of the most serious types of online criminality is targeted attacks intended to steal customer data or high-value secrets. While the term “corporate espionage” may conjure up images of huge, sophisticated technology enterprises, the report found that half of all targeted attacks were launched against companies with no more than 2,500 employees. A full 18 percent of the targets had 250 workers or fewer. Symantec said that may reflect attempts to reach high-value targets through their vendors or partners.

The industries most likely to be targeted for attacks were government, manufacturing and finance, and the specific people most likely to be hit were company executives.

Data breaches exposed more than 232.4 million identities during 2011. Health care companies accounted for by far the largest number of breaches, 43 percent of the total, but breaches in computer software and information technology tended to be much more significant, with those two industries accounting for 85 percent of exposed identities.

The growth of bring-your-own-device policies creates a huge new area of concern for companies, which are now more likely to be vulnerable to whatever malware employees picks up by using their social networks or by downloading software for their personal use. Another trend that calls for increased caution is the growing use of cloud computing, which demands data encryption, security around how data can be accessed and attention to the credentials of all IT support firms involved in the system.

The news from 2011 wasn’t all bad, though. The report found that the amount of spam dropped, largely thanks to law enforcement action against Rustock, a worldwide network that had sent huge amounts of spam. The percentage of email that was spa fell from 88.5 percent to 75.1 percent in 2011.

Flashback Trojan Pierces Mac’s Aura of Invincibility

For years, Macintosh computer users have held up their machines as superior for a few reasons: better performance for designers and artsy types, a more intuitive and attractive user interface and—most significantly for many users—freedom from worry about viruses and malware.

Now, Flashback Trojan has changed all that. In early April, a Russian antivirus seller discovered that more than 500,000 Macs had been hit by the malware infection. When users visit certain websites, Flashback can exploit a vulnerability in some versions of Java to install itself on their computers. After that, it can get into the Safari web browser, monitor a user’s web activity and steal passwords and other information.

Macworld reports that Flashback is different from other malicious programs that have affected Macs in the past because it doesn’t require that a user install infected software on their machine themselves—it can climb on your computer the minute you visit an affected site.

Apple has responded with a software update for Macs running OS X Lion and Mac OS X v10.6 that remove Flashback and patch the flaw in Java. For older operating systems, the company advises users to disable Java. Apple says it is also fighting back against the sites that host the malware, “working with ISPs worldwide to disable this command and control network.”

Still, Apple has been criticized in some circles for reacting too slowly to the Trojan. In the past, the company’s freedom from serious malware attacks has been more because it gets less attention from cyber thieves than because of anything it’s done particularly well.

Macworld says the attack should be a bit of a wakeup call for Apple and probably points to a new interest in the company’s computers among destructive hackers. But it also says that Macs are still far less prone to infection than PCs, and if Apple introduces better security measures quickly, its users shouldn’t be forced to seek cybersecurity services to fend off a Trojan invasion very often.

Privacy in the Google Age

Google has launched its new privacy policy which streamlines all of its data collection from its various services. In theory, this will allow Google to have better grasp as to what you want. For example, Google will be able to see what your friends on G+ like and target you with ads appropriately. To put this in perspective, Google won’t know any more than they do now; however, it will be able to use what it knows more effectively. There has been a lot of paranoid in the digital age regarding privacy, but there are some simple thing that you can do to thwart Google’s attempts to learn more about you. Google’s most popular services, its search engine and Youtube do not require you to be signed in to use them. Another thing you can do is to go to your account settings and click on Web History. From that tab you will be able stop the recording of your web search history. Even with all the tricks to avoid Google’s detection, there is still trepidation about privacy on the Internet. What to know more?

Yesica Toscanini, a fashion model from Argentina, is attempting to have exercise her Right to be Forgotten. She’s attempting to get certain pictures removed from coming up in search engine queries. This is not an isolated phenomenon. There are 27 countries in Europe that are creating similar legislation. The whole situation does raise an interesting question: Do we have the right to be forgotten? On the one hand, the right to be forgotten seems like the memory hole in Orwell’s 1984. He who controls the past controls the future. For example, in Germany two convicted murders want their names removed from Wikipedia since they’ve paid their debt to society by serving time in jail. On the other hand, actress Junie Hoang is suing IMDB, owned by Amazon, because she claims that the website went through her credit card information to obtain her birthday. It’s a tricky balancing act between privacy and free speech that is playing out right in front of our eyes.

In the digital age, it seems that privacy is a dwindling resource. IT consultants are at odds about how much information too much or not enough. How do you target consumers with meaningful information without invading their privacy? These are the questions are a matter of ethics and open to interpretation. Ultimately, it will be about how businesses and individuals wish to conduct themselves on the Internet.

 

 

How to close ports using Windows Firewall for Windows Vista/7

If you’re reading this, then you’ve probably just finished the port scan from tools.spirinet.com and have open ports you want to close. Closing ports on your system is relatively easy, and I’ll be walking you through the steps you need to take in order to close them. You will need to make sure that you have administrator privileges before you attempt to do this. If you are not comfortable working with firewalls or are unsure of what it is you’re exactly doing, feel free to give us a call or send us a message.

I’m going to assume you’re running Windows and have Windows Firewall turned on. First, open Windows Firewall. Depending on your operating system, the location to open it at can vary. Generally, it can be accessed through the Control Panel by double clicking on “Windows Firewall”.

After you have Windows Firewall open, click on “Inbound Rules” on the left hand side. Now, right click on “Inbound Rules” again and choose “New Rule”. It will ask you what type of rule you would like to create. In this case, you will want to select “Port”. Clicking next brings up more options for you to choose from. It asks you if the rule applies to TCP or UDP, and you want to make sure you select TCP. Below, make sure you have “Specific local ports” selected and enter in the open ports that you want closed into the textbox.

The next screen presents you with the actual option of blocking the connection or not. If you want the port closed, you will want to select “Block the connection”. If you are on Windows Vista or Windows 7, you will be asked if the rule should apply to Private, Public, or Domain networks. If you’re closing a port, you generally want it closed everywhere, so make sure all types of networks are checked.

The last step will ask you to give the rule a name and description. You may name it whatever you like. Most people tend to name a rule they’re creating something that’s memorable to them, like “Block port 445”. The description is entirely optional and is only to help you remember what this rule does if you come back to edit it in the future and have forgotten why you have created the rule.

That’s it! You’ve just successfully closed a port on your machine. The only other thing you need to make sure of is that Windows Firewall is on and running.