Business Scams on Social Media

The old adage: "If it sounds too good to be true it isn't!" goes for social media too!  Scammers are using Facebook, Twitter, and other social media sites to dupe the unsuspecting.

Scammers try to contact people in many ways. They call, email, put ads online, send messages on social media and more. If you own a small business, they’re trying to contact you, too. 

Lately we’ve been hearing about scammers who reach out to small businesses through Facebook messages. People have reported receiving messages on Facebook telling them that they’re eligible for – or that they’ve won – a business grant. If you get a message like this through your personal Facebook account or on your company’s page, don’t respond. It’s a scam. The government won’t contact you on social media to offer you money.

[More]

Medical Identity Theft - What to Look out for

 

Cybercriminals are giving a new meaning to the term ‘Health is Wealth’. Medical identity theft has victimized over 2.2 million people and that number is growing. Although medical identity theft is not something new, the increasing number of data breaches has increased the number of victims.

What is Medical Identity Theft?
Medical identity theft occurs when someone steals your personal information to get free medical care, medical devices or prescription drugs under your name.

[More]

Steps to Secure your Company's eMail

 6 steps to securing your email

Is your company's email providing a tempting route for cyber criminals to attack your business? Hackers continue to target businesses with phishing attacks. Once opened, these malicious email messages can hijack an entire company's financial information and gain access to funds and personal information. Email is a business essential, but also an easy avenue for hackers to use and abuse. How can you keep your business secure?

The human factor

Businesses of all sizes face vulnerabilities via email. When email accounts are hacked and compromised, cyber criminals can gain access to information including user names, telephone numbers, birthdates, passwords, and unencrypted security questions.

[More]

How to Tell if an eMail is Real or Faked

Last month we wrote about the consequences of having  a small business owner email account stolen.  This article is about an expolit that happens far more frequently.  Phishing attacks happen every day.  Good anti-spam/anti-spyware systems can provide a lot of protection.  We use and recommend Mimecast for our clients.  Still, it's possible for sophisticated fraudulent emails to get through. Here's some good advise for everybody regarding how to check emails, even ones that appear to be from trusted senders.

By now, you’ve heard about phishing – fraudulent emails that masquerade as communications from a legitimate source that trick unsuspecting readers into giving up personal information or compromise their machines with spyware or viruses. Thankfully, email filtering and security has improved a great deal over the past few years. Unfortunately, no matter how effective the security, some phishing emails will always make it to the inbox – that’s where you come in. Here are some tips to help you identify a phishing or spoofing email.

Don’t trust the name

A favourite phishing tactic is to spoof the display name of an email. It’s easy to set the display name of an email to anything – you can do it yourself in Outlook or Gmail. It’s the simplest and most easily detected form of e-mail. Spoofing involves simply setting the display name or “from” field of outgoing messages to show a name or address other than the actual one from which the message is sent. When this simplistic method is used, you can tell where the mail originated by checking the mail header.

You can’t trust the header 

It’s not just the display name that can be spoofed, but also the email header. Emails are built on some very old technology (in internet terms): SMTP, or Simple Mail Transport Protocol. When you send an email, it goes to a SMTP server first, then the message is relayed from SMTP server to SMTP server across the internet. When the message arrives at its penultimate destination, the email is stored in the recipient’s mailbox at a POP3 (Post Office Protocol 3) server. Finally, the message is fetched by an email client so the recipient can read it. While this may seem complicated, the important thing to remember is that SMTP just passes along what it was given. Clever fraudsters can fool the SMTP server into sending along an email that isn’t legitimate.

There are several, technical ways to figure out if this is the case, but the simplest method is to see where the “reply to” section of the full header will lead you to. If it indicates that your reply would be redirected to an address that’s different from the sender’s address, then you have good cause to be suspicious.

[More]

Data Breaches Making the Headlines in 2016

We've written about a small business user and his aftermath of Yahoo 1Billion email address data breach.  There were plenty of others.  Here's a summary of some of the other major data breaches in 2016.

980 data breaches occurred in 2016. That left an approximate 35,233,317 known records exposed. Over the years, data breaches have become more sophisticated, and cybercriminals target both large corporations and small businesses.

2016 saw a string of data breaches that left sensitive information of millions of people at the mercy of cybercriminals. In addition to financial consequences, these data breaches ruined customer trust and the reputation of the companies in question.

As we look back at 2016 here are some of the most impactful data breaches that shook the world.

[More]

More Entries