XSolutions’ Security Post Roundup: Mar 15, 2021

Here are a select few of this week’s security LinkedIn posts by XSolutions:

Ring, Ring! But No One Is There (Posted 03/15/2021)

Your phone rings once. The number looks familiar, same area code, same exchange as your local area, so you pick it up. No one responds. It is likely a scam.

The Federal Communications Commission (FCC) calls this the “one ring” or “Wangiri” scam, and it can cost you hundreds of dollars. The term ‘wangiri’ originated in Japan and means “one (ring) and cut.”

If the victim uses the callback feature to ring back the missed number, they are connected with a number outside of the United States, incurring per-minute charges that can quickly add up to hundreds of dollars.

In some scam versions, victims get a voicemail from a local number, with a message saying that they have a package, etc. This is a new way of getting victims to react without ever actually speaking with someone.

If you are the victim of this one-ring scam, work with your phone carrier to address the charges. Then file a complaint with the FCC.

Bottom line: don’t automatically hit the callback feature when returning calls. Remember, there are mobile apps that allow crooks to spoof any telephone number they desire. You can’t always trust what you see.

Beware! Massive Camera Hack. Are You Being Watched? (Posted 03/12/2021)

I’m sure you’ve already heard about the massive camera hack that compromised 150,000+ internet-connected cameras from Verkada, Inc. by a hacktivist group.

This is significant because there is an estimated 1 billion surveillance cameras worldwide that are documenting, in video, our daily lives. They are ALL vulnerable due to the simple fact that they are connected to the internet.

This particular hack was made possible using compromised “Super Admin” credentials when criminals gained entry to a server operated by Verkada to perform maintenance on their clients’ systems.

Here’s the kicker: the “Super Admin” credentials used in the attack were found because the credentials were publicly exposed on the internet.

Take Away: one single, compromised account gave attackers entry to a company’s client base, putting all at risk.

IT Security is the name of the game! Take it very seriously. If you don’t, as a business, you can lose more than you bargained for.

Beware: Fake Captcha Targeting Company Execs (Posted 03/10/2021)

A KnowBe4 post announced that criminals are targeting the top brass of companies with a combination of phishing emails and phony voicemails.

* Targets get a phishing email from their VOIP tool with a voicemail attachment.

* After clicking the attachment, the victim is taken to a fake Captcha screen, leading to a Microsoft login page.

* Once the target enters their login credentials, they are harvested.

An essential piece of information: phishing webpages use domains such as .xyz, .club, and .online. Observant users will quickly spot that these are fake domains.

Another way to avoid the trap is to NEVER click on email attachments. Instead, open your VOIP tool and see if you have any messages.

The Best Way To Use Security Questions For Online Accounts (Posted 03/09/2021

Many times when signing up for a new service, part of their onboarding is to ask you to complete a few “security questions” so you can still gain access to your account if you’ve lost your password.

Putting truthful answers to these questions is one of the worst things you can do.

You see, whether you like it or not, your personal information is all over the web, on social media, hacked accounts, or on certain databases that specialize in find info on people. You’d be surprised how easy it is to find detailed information on just about anyone.

Instead of putting truthful answers to these questions, try using nonsensical responses, like passwords created by your Password Manager application. Just make sure you record the responses in your Password Manager should you ever need them.

By doing this, even if a thief performs a detailed analysis on you, if they try to access an account by responding to a security question, they’ll be wrong 100% of the time. It’s another layer of security to increase your protection online.

Are You Sure Your Cyber Insurance Will Cover You? (Posted 03/08/2021)

Cyber insurance is now a critical component in business today. But just because you have a policy does not mean you’re covered in all circumstances.

A recent post by KnowBe4 tells the tale of a company that lost a lot of cash in a Business Email Compromise (BEC) attack involving a large credit card payout. The hackers convinced the credit card processor to modify disbursement instructions and send funds to a criminally-controlled bank account.

In the resulting lawsuit brought by the victim against the insurance carrier, the court ruled that since the credit card processor was directly scammed and not the victim, the denial of the claim was upheld.

Lesson: know your policy. Read it and ask your broker questions so you’re clear on what the policy covers.

The best protection against fraud is to install IT security systems PLUS admin policies and procedures to stop thieves from scamming you in the first place.

XSolutions is an Elite Partner of Datto, the world leader in Hybrid-Cloud Business Continuity solutions. We provide Disaster Recovery as a Service (DRaaS), Backup as a Service (BaaS), Cloud Data Protection (CDP), and Managed I.T. Services (MSP). Call (845) 362-9675 for a free consultation. Managed IT Services | Managed IT Security | Backup & Disaster Recovery| Cloud Data Protection