Staying Safe & Secure on Social Media

Did you know that an employee's sloppy social media habits can lead to a compromise that extends beyond the individual’s personal account? Many people don’t realize that their login credentials tie them together with an invisible thread in the dark web. A hacked social account could lead to access to business credentials or more.

Hackers 101

If you've been following our blog posts, you’re familiar with the various ways that hackers work to gain trust. That trust innocently leads to providing information that an individual deems irrelevant, but is not. It could be the one missing answer to a question that provides access to a password. Let’s take a quick look at the different ways that data can be unsuspectingly compromised.

Impersonation

Many of us have been ‘friended’ by someone who appears to be hacked. The victim has provided enough information to have their online profile duplicated. This provides cyber criminals with a chance to connect to you without you realizing they are impersonating someone you know and trust. There is a chance you’ll give up information without realizing this beforehand.

Another danger is that your business profile is hacked or duplicated. This provides an opportunity for a cybercriminal to threaten your good standing in the community or reputation on a larger scale.

Social Engineering

Social engineering is one of the easiest ways to get information. Through online conversations that don’t require in-person meetings, participating in those fun quizzes online, or answering a phone call that is asking for “just a minute of your time” for a survey.

You think you’re merely having fun, or giving your opinion, but in reality, you’re possibly giving them the answer to a security question that protects your account. One of the more prevalent ways to collect data is through an online quiz. Which kind of animal are you? You’re better off just staying clear, the answer won’t turn you into a leopard. But it might give your information to a snake (no offense to all of the snake lovers out there).

Phishing Attacks

Phishing can come at you in many ways. Let’s say that your online social presence indicates that you are a football fan. Some of those fun Facebook quizzes about your football expertise may have provided information to engineer a phishing attack. Or perhaps you start to receive fraudulent contest alerts to win game tickets or a trip to the Super Bowl. It’s all connected. Click here to win your prize, just enter your information so we can send you the tickets!

Phishing attacks are sophisticated. And hackers work in conjunction with data from other breaches to provide a really accurate dupe to fool you.

Stay Safe & Secure

Don’t be fooled into thinking that your identity isn’t valuable. We mistakenly think that a hacker won’t get too far on the funds in your bank account. The issue is with the havoc that can be brought upon your friends, business, family members, or even your own identity if you are falsely impersonated. You don’t have to be what you might consider rich to be a valuable asset in cybercrime.

Staying safe is done by implementing behaviors with training and by enabling security measures in your online activity. These will help to mitigate the risk of being breached or compromised. Always use multi-factor authentication when it is available. At work, train your team to recognize the tactics that hackers will use. Security Risk Assessments will identify the gaps and provide you with the opportunity to fix them.

AllSafe IT is proud to have spent over 15 years providing IT services to hundreds of companies. Our specialized services are uniquely tailored to provide our customers with the reliability, protection, and fast services needed to ensure 100% uptime and maximized data security. From comprehensive and preventative cybersecurity strategies to 24/7 customer support, AllSafe IT understands the unique needs of businesses.

Can Your Mobile Phone Get Infected with Malware?

Can your mobile phone be infected with malware? It sure can. You’re holding a small computer in your hand, and it can be susceptible to malicious software just like your laptop or desktop. Nuisanceware can be problematic when it is downloaded with other applications. Spyware can lead to stolen data, and one step up is stalkerware, which is often the most unethical and malicious of the spyware varieties.

How Does My Phone Get Malware?

If you notice that your mobile phone is getting unusual messages, has modified settings that you didn’t adjust, or is not running optimally, it may be infected.

App Downloads

Hackers spread malware via apps and downloads to your devices. An easy way to do that is via an app that you download. While official app stores usually ensure legitimacy, there are pirated versions that are easier to manipulate. They can appear legitimate but can contain spyware or other malware.

Phishing Emails

Using your phone to check email is convenient. However, beware of clicking on links that may be fraudulent. Phishing is one of the most widely used ways to attack an unsuspecting user.

Non-Secure WiFi

Be aware of automatic connections to wifi networks. Using a VPN can add an additional layer of protection when it comes to gaining access to your phone.

Text Messages or Voicemails

It can look legitimate, and it may sound legitimate, but do not give out personal information over the phone through a text or in response to a voice message request.

Protecting Your Device

Whether you’re protecting your personal or professional equipment, the same rules apply. Do not purchase a jailbroken device or modify your own equipment. This is especially true if it is issued by your employer for work. Always use a VPN instead of a public network. Download apps and software only from reputable sources. Often there are rules against any modifications if it is a work device. That includes downloads. Use encryption for all sensitive data. Ensure that you have multi-factor authentication enabled when possible.

And above all of the methods that you can engage with when it comes to cybersecurity, training is at the top of the list. Human error is the easiest entry point when it comes to illegally accessing your devices which can lead to network access.

If you believe that your device has been compromised with malware, notify your IT team immediately.

We hope the tips above help you feel safer and more confident about your mobile security. AllSafe IT’s comprehensive cybersecurity services are designed to identify, assess, and manage cybersecurity risks. We have aligned with the National Institute of Standards and Technology (NIST) framework for the design of our cybersecurity solutions.

What is a Deepfake?

A deepfake is a portmanteau (more on that in a moment) of “deep learning” and “fake”. What is a portmanteau? It is when you take multiple words and combine them into a new word. For example, smog is a portmanteau of smoke and fog. So how exactly could deepfake affect you and your business?

If you take a photo, audio, or video and replace one person in it with someone else’s image, you’ve created a deepfake. If you create an audio file with a voice that impersonates someone else, you’ve created deepfake content. With today’s technology, this goes beyond cropping your face over someone else’s in a photograph. Current technology allows very realistic and believable content to be created. Content that never actually existed or happened.

Why is it Dangerous?

The dangers and risks of deepfake content are simple. False narratives are created. That means that misinformation is spread, and that then leads to misunderstanding. It can include political content. Imagine if false speeches, behaviors, or more were attributed to candidates or leaders. Not only could that result in interference with elections, but it also could affect existing relations.

A person of authority is in a position to provide guidance, and that then gives us directives. If information is created fraudulently, perhaps it can be corrected at the moment, but it also never goes away online. Remember, if it’s online, it’s out there forever. And a deepfake falls under the same rules. But that’s only one part of the dangers this presents.

Deepfakes can also be used in cybercrime. The FBI warned that they have received and increased number of reports that deepfakes are being used fraudulently to commit crimes.

How You’re Affected

While you might feel confident that you can decipher between real and fraudulent content, or that you would never fall for a scam, statistics say otherwise. And a deepfake can affect you personally. Phishing emails can be accompanied by audio files that ask you to perform fraudulent tasks. You might identify a scam in your email, but what if you receive a voice message as a follow-up to that same request? Suppose you own a business, and someone files a false customer complaint or review of your product. This could have repercussions that you can’t easily prove as false to your customer base.

How To Offset the Risk

Humans are the strongest way to offset cybersecurity risks of any kind. Having strong training programs, enforcing behaviors, and being aware of the latest threats are strong tactics for keeping your business safe. AllSafe IT offers a complete end-to-end solution for keeping your business safe.

What is a Botnet?

You may hear the word ‘bot’ used in conversations, especially around cybersecurity.  But often we use it without really knowing exactly what it means or how it originated.

The Players

The term botnet is short for robot network.  It describes a network of computers that are infected by malware.  This malware is controlled by a single party, known as the bot-herder.  And each computer that is under that control is known as a bot.

How Does It Work?

Every computer on the botnet can be controlled from one central point or location.  Commands are issued for criminal acts to be carried out at the same time.  These botnets are often made up of millions of bots.  This enables large-scale attacks to happen without the effort and coordination of multiple parties.  It also includes the ability to perform simultaneous updates and behavior modifications to the bots as well as attack commands.  Bot-herders can often rent out segments of their botnet to cybercriminals for financial gain.

What Do They Do?

While not limited to the following actions, these are some of the more common criminal activities that bots can perform.

DDos Attacks – A distributed denial of service attack is when an overload of requests is directed at a targeted network or server.  This then renders the network inaccessible to its legitimate users.

Targeted Intrusion – When a smaller botnet targets a very specific high-value part of an organization such as financial data, R&D, or other intellectual property.  It can also target customer information.

Financial Breach – These botnets are designed to target credit card information and directly steal funds.

Email Spam – While this is one of the older botnet attack methods, it is one of the most common.  Botnets will send out phishing and spam messages with malware to large, targeted audiences.  One person clicking on a malicious link can result in financial gain for the criminal.

How To Fight Back

The sophistication and adaptability of bots make them a threat to cybersecurity in many aspects. Being proactive in your approach will provide better results when it comes to keeping your personal identity and the security of your business intact.

AllSafe IT recommends the following best practices to increase your chances of avoiding a breach:

AllSafe IT is proud to have spent over 15 years providing IT services to hundreds of companies. Our specialized services are uniquely tailored to provide our customers with the reliability, protection, and fast services needed to ensure 100% uptime and maximized data security. From comprehensive and preventative cybersecurity strategies to 24/7 customer support, AllSafe IT understands the unique needs of businesses.

Social Engineering in Action

Is social engineering that effective? Ask an Uber or Rockstar Games employee that question and you’ll likely hear a resounding yes. This effective mode of duping people within a targeted group or business was the method that one hacker used to hit both companies with a breach. Just how effective is it? In 2021, the FBI received 323,972 complaints of social engineering attacks. And there are many more that go unreported.

What Happened

A teenage hacker known as TeaPot claimed ownership of these attacks. The Uber network was accessed by convincing an employee contractor that they were part of Uber IT and their credentials were needed. They believe those credentials were first found and purchased on the Dark Web. From there, TeaPot tried to log in but was stopped by multi-factor authentication (MFA). TeaPot then contacted the employee through WhatsApp, a messaging platform. They then claimed to be from Uber IT, saying that they needed the employee to approve the MFA request. With Rockstar Games, it was Slack messages that were breached. It is believed that access was acquired through manipulation there.

Losses from a breach aren’t all the same. We often assume it comes in the form of stolen credentials. While this is often the case, in the Rockstar scenario, it was stolen intellectual property. Content from their upcoming game was released which means a loss of revenue. Additionally, the hacker is threatening to release code that would give access to anyone wanting to create pirated versions of the game.

How to Prevent Social Engineering

Humans are the access point, so it is through ongoing training that they must learn how to avoid succumbing to an attacker’s tactics. Enabling multi-factor authentication can assist with preventing access, but avoiding leaked credentials in the first place is critical. The Uber breach is a case in point.

Educating your workforce to recognize that they can be targeted through online platforms outside of work systems is part of the process. Humans remain the weakest link in cybersecurity. By taking a multi-faceted approach you can strengthen your human firewall and secure your business.

AllSafe IT recommends the following best practices:

AllSafe IT is proud to have spent over 15 years providing IT services to hundreds of companies. Our specialized services are uniquely tailored to provide our customers with the reliability, protection, and fast services needed to ensure 100% uptime and maximized data security. From comprehensive and preventative cybersecurity strategies to 24/7 customer support, AllSafe IT understands the unique needs of small to medium businesses.

Ransomware Attack on Los Angeles Unified School District

The Los Angeles Unified School District (LAUSD) has confirmed that a criminal hacking group was able to access their systems and steal data. The attackers demanded that the school district pay an undisclosed amount to prevent the release of the stolen data to the public. However, the district refused the ransom demands, stating that “Paying ransom never guarantees the full recovery of data, and Los Angeles Unified believes public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate.”

In a tweet Sunday, LAUSD confirmed that the data was published by the hacking group. They also announced that an incident response hotline would be available to assist those who have questions or need support. News outlets report that the leaked data includes “confidential psychological assessments of students, contract and legal documents, business records, and numerous database entries.”

LAUSD Ransomware tweet

LAUSD Ransomware tweet

Last August, we published a blog post detailing that the education sector was one of the biggest targets for ransomware attacks. A little over a year later, it appears that statistic has not changed. AllSafe IT’s takeaway from this incident is to remember that oftentimes, it’s WHEN not IF an organization will be hit with ransomware. While it’s important to take steps to prevent an attack, organizations should also assume they will eventually be hit and have a response plan in place.

What can Education Organizations do to prevent or mitigate an attack?

AllSafe IT recommends the following best practices:

AllSafe IT is proud to have spent over 15 years providing IT services to hundreds of companies—many of those within the education sector. Our specialized services are uniquely tailored to provide our customers with the reliability, protection, and fast services needed to ensure 100% uptime and maximized data security. From comprehensive and preventative cybersecurity strategies to 24/7 customer support, AllSafe IT understands the unique needs of educators.

 

Student Loan Scams

Student Loan Scams

With the launch of the U.S. Student Loan Forgiveness program, there is an opportunity for students and other borrowers to benefit. Any scenario that puts millions of people in a target pool is ideal for hackers. Add to the scenario the list of questions and uncertainties and you have a recipe for risk. The details are not always known at first or readily available and that means that cybercriminals are ready to pounce before you can get your questions together.

What Makes It High Risk?

The questions of eligibility, process, check insurance, deadlines, and requirements remain outstanding for most people. In situations like this, the headlines grab our attention and we either skim the fine print or we miss it altogether. And to further increase risk, the money component skyrockets the likelihood of a target succumbing to a cybercriminal’s efforts. Those who are eligible (or unsure if they are eligible) are going to want to take advantage quickly of the forgiveness option before this program is possibly gone. Are there unlimited funds? Can it be revoked? Those aren’t answers that are readily available and so people often act from a place of fear.

What Can You Do?

Stop and think before you react. That means that emails, advertisements, phone calls – and any other contact that you receive regarding a loan, should be carefully reviewed. Do not click, callback or answer without research. It is understandable that you may want to eliminate what you can from your own student loan debt. But in order to avoid being a scam victim, every item of information should be received with skepticism. If you are asked to provide personal information, credit card information, or required to “log in and update information” you should be wary.

If you are uncertain about any correspondence regarding the loan forgiveness program, you should verify before responding.

 

What To Do When You Have Been Hacked

Cybersecurity has never been more important than it is today. With so many of us working fully remotely online, and so many more of us working in a hybrid capacity, a huge proportion of our workspaces exist solely on the internet. That means that we are ever more vulnerable to the attempts of hackers and spammers.

Putting in place plenty of cybersecurity measures to prevent hackers from accessing sensitive data is important, and well worth doing. But sometimes, despite our best efforts, clever hackers will find a way to access our systems or information in spite of our best attempts at thwarting them.

So what actions can you take once you have been hacked? In this article we will take a look at what to do when you have been hacked, and how you can protect yourself online in the future so it doesn’t happen again.

Getting Your Credit Card Back

In-person and online transactions always run the risk of exposing you to credit card theft. If hackers do access your credit card details and think they can get away with using your card for their own purposes, they can think again. Here’s what to do if your credit card gets hacked.

Contact Your Bank

Email account breaches are actually much more difficult to manage than a credit card hack. Whether it is your personal or company credit card, you just need to get in touch with your bank and alert them that your card has been stolen. They will cancel any fraudulent charges and freeze the account before issuing you a new card.

Freeze Your Credit

When there is a major security breach in a credit card company, experts will advise you to set up a fraud alert and extra layers of verification when you open a new account. They may tell you to freeze your credit and caution against shopping at suspicious retail outlets both online and offline.

Shopping Securely

Perhaps counterintuitively, shopping with mobile pay (ApplePay, GooglePay, or Paypal) is more secure than shopping with a credit card. As long as your smartphone is secured with fingerprint authentication, you will be able to protect your financial details this way.

Another preventive measure you can take to secure both your credit cards and email account is to browse the web using a VPN. A Virtual Private Network, or VPN, anonymizes your online interactions and masks your geolocation, so prying eyes will physically not be able to identify where you are located in the world. They will also not be able to see the content of your interactions, which also means your financial details will be more secure.

Regaining Control Of Your Email Account

If your email account has been hacked, regaining access can be a tricky process. Hopefully you have had the foresight beforehand to create multiple email addresses, activate multi factor authentication, and set security questions that only you would know the answers to.

Get In Touch With Your Email Provider

You will need to get in touch with your email provider to prove to them that you are the actual owner of the email account. If a hacker has accessed your email account and changed your passwords then you won’t be able to use that email to get in touch with your email provider. Instead, try contacting them from a different account. (You should always have a backup email on record for security purposes; if the email provider notices a suspicious login attempt or unusual activity on one account they can then email you on another one to alert you of the possible risk.)

Chain Reaction

Losing access to your primary email account can have other detrimental effects. Since your email is the main source of communication with all of your other accounts, this is the central hub where websites will send password reset links for all of your other logins across the internet.

Whichever sites you have logged into with your email address as your username, those are now easily accessible to the spammer in charge of your inbox. With a simple password reset request they can now access many of your logins, and will therefore have access to your personal, financial, business-related, and health-related details.

Order of Operations

So regaining access to your email account is the first thing you should do once you suspect you have been hacked. After that, go through and change the password of every account associated with that email address.

Invest in a good password manager to help you securely keep track of all of your unique passwords. And always follow good password hygiene. Never use duplicate or easy to guess passwords. Instead, create a unique and random-seeming string of letters and numbers for each separate account. The harder it is for hackers to guess your password, the more difficulty they will have accessing your account in the first place.

Taking Preventive Measures

Learn About the Latest Scams

Protecting yourself against hackers is a matter of constant awareness and knowledge. Hackers will use a number of sophisticated techniques to try to gain access to your accounts, so learning about common phishing or spyware schemes is a good proactive measure to take. If a social media message, email, or website seems suspicious or rings alarm bells, take a moment to plug that name or key phrase into a search on the internet. If it is a common scam scheme then you will find results warning you away from interacting with it.

Update Your Systems

System updates may seem like a bit of an annoyance, but they are essential and should not be ignored. Just as hackers and spammers get increasingly sophisticated in their approaches, so too do IT experts work to improve the security of your apps, devices, and systems. Regularly downloading system updates is a good way to stay on top of the latest technological updates to help keep your system secure.

Use Your Common Sense

Maintaining awareness of what kinds of information you are sharing, with whom, where, and why can go a long way towards keeping your information away from bad actors. Never enter sensitive personal details on any site that does not seem legitimate.

Final Thoughts

If you do not understand why a particular website needs a specific personal piece of information, like your company address, your social security number, or your credit card details, pause, investigate, and don’t act any further until you have verified the legitimacy of the request. Using your common sense and trusting your intuitive sense when something seems off is a smart approach to preventing your accounts from being hacked.
If and when you do get hacked, take steps quickly to regain access to your account, change all your passwords and login details, and freeze any personal or company accounts that may have been compromised. Then take some time to reset all of your security protocols, making sure you have the latest security measures in place to protect your accounts going forward.

AllSafe IT is an IT Services Game Changer on Clutch

Here at AllSafe IT, we’re a team on a mission. Founded in 2016, we are a Los Angeles-based managed IT services company that’s absolutely committed to helping our clients minimize their downtime and maximize their efficiency. Our team takes the time to fully understand the unique requirements and needs of our beloved clients. 

We believe that in order to successfully solve their problems, we need to have a deeper knowledge of every aspect. You can’t innovate without having a complete understanding of the situation. Throughout the years, we’ve worked with a wide range of clients — from small businesses to driven midmarket players. The projects entrusted to us by our clients helped us establish ourselves as an IT services game changer on Clutch.

To help you get up to speed, Clutch is a Washington DC-based ratings and reviews platform dedicated to helping millions of browsers navigate the different B2B spaces. The website showcases insightful and data-driven content such as verified client testimonials, extensive market reports, and agency shortlists. 

The reviews we’ve earned on Clutch helped us make a name for ourselves as game-changers. As of writing, we’ve already earned three stellar reviews that highlight our various expertise such as IT consulting, cloud migration, and managed IT services.

Aside from the range of services, you can also see how well we adapt to our clients’ marketplaces. The in-depth reviews we’ve received are from clients the travel, arts, and real estate industries. If you’d like to learn more about what we’ve done, please feel free to visit our Clutch vendor profile. Here’s a quick snapshot of what our clients think about us and say about our work!

“They’re responsive, adaptable, and more linear. We don’t deal with a large bureaucracy that takes a long time to move. They’re a midsize company, so they move fast and adapt to changing environments.” — CEO, Crews1972

“They are very cost-effective and have helped us cut down our costs in many ways. It is also very impressive that they are able to come onsite to help us with our issues at such short notice.” — Operations Coordinator, Museum

We are genuinely thankful to all our clients, especially those who graciously took the time to review us on Clutch. Your trust and support keep us going. Thank you so much!

See for yourself why we’re game changers. Connect with us at AllSafe IT and let’s work together. Our team is genuinely looking forward to meeting you!

Back to School Cybersecurity

It’s back-to-school time, and no matter the age of the student, or the location of the school, there’s one class that everyone needs to pass. Smart cybersecurity habits need to be on all of our minds, and we can’t afford to fail. We’ve put together some reminders about staying safe online and with your technology.

Before You Start Classes

Make sure that you’re starting off the academic year on solid footing. Update all of your software and hardware to ensure that it has the latest security patches installed. If you are using an outdated version or technology, consider an upgrade that is equipped with stronger defense mechanisms against cybercrime. There are many student discount options available. Some may not be promoted, so ask at the store or do a bit of research online before you shop. Many reputable vendors have student options. When you are downloading software updates, only do it from the manufacturer’s site. Turn on automatic security updates.

Purchase a charging block to avoid the need for public charging devices or stations. These are often the source of detrimental downloads and can easily be avoided with your own equipment.

Password security should be taken seriously. Review your passwords and use a password manager to store your secure login credentials. Review your laptop settings and make sure that the screen locks after inactivity. Enable options that would allow you to locate your device or wipe the data if it is stolen. You can also use security tracking tags on hardware.

Review your banking credentials to have multi-factor authentication and enable alerts for suspicious spending.

Class Is In Session

You’ll be forging many new relationships both academically and socially. Be aware of email phishing scams and fraudulent email addresses. Don’t click on links before verifying that the sender is legitimate and not a spoofed address.

Students are a target demographic. Be wary of “free” offers or job scams that require you to pay for them. You should be paid to work, not the other way around. Consult with your school administration about employment or intern programs in order to verify legitimacy.

Miscellaneous Cyber Safety

While these aren’t hardware related, be aware of cyberbullying and how much you share online. Location services can be a valuable tool if in the hands of people that you trust. And while cyberbullying isn’t something you can prevent with a download, you can be aware of it.