Security

A client of ours arrived at work to discover an email from the IRS in her inbox.  Concerned about it's legitimacy she contacted us.  Below is a copy of the email.

The first hint that this is fake, for those who haven't heard the IRS announcements that they will never email you, is the email was in her Junk mail. Typically important / legitimate emails don't get routed directly to the Junk mail box.  Sure it happens occasionally, but it's certainly an easy first test of legitimacy.

As per their MO we see the scammers are hoping to work on people's fear instead of common sense, with the last line being the threat of "Failure to comply..."

So you're busy shopping on the Internet when for one reason or another, you've clicked on a website link, clicked on a link in an email, etc, and this Paypal page opens. But did you check to see if it's really Paypal before attempting to put in your username and password?

While this website is an awfully good imitation of Paypal the domain name / web address is the giveaway. preinformized.com is most certainly not Paypal.

For reference, here is what Paypal's website currently looks like.  Notably, until very recently Paypal did have the login on the top right of the front page of the site, however as their website is being spoofed frequently it is good to make frequent changes, like this, to help consumers differentiate their site from the fake ones.

You've heard over and over again that you must have a secure backup of your company data, but have you stopped to consider what you'd do in the event of a disaster?  How would that data be restored to a fully functioning office environment?

The answer to those questions hinges on two variables - first what was the nature of the disaster? Second what type of backup do you have?

Put in slightly different terms, having a backup of your company's data merely means that you have a copy stored somewhere, it does not mean you have an instantaneous way to restore your company's network back to full functionality.  This is not what you want to hear and comes as a shock to many business owners who thought they'd done what they needed to do by having a backup of their data.

Welcome to your next parental nightmare!  Boys at one local Reno high school, are reportedly coaxing topless photographs out of high school girls then trading and collecting them like baseball cards. This information has been brought to us by a high school student's parent who says her son informed her of the trading game. It is unclear if the school's administration is aware this game is going on.

As parents we know that sexting is a serious problem and do the best we can to dissuade girls from turning themselves from young women into mere sex objects, but this account takes the issue to a level only seen in a handful of cases, like the Vermont Sexting Ring. Not only are these girls sharing naked photographs with one boy, possibly believing that he will keep it to himself, they are literally sharing it with most of the boys in the school and depending on the true extent of this game perhaps across multiple local high schools.

Have you been locked out of an account due to entering the wrong password too many times? That was rhetorical; unless your password is "password" (and it better not be) everyone has managed to lock themselves out. Even someone using "password" can manage it if they don't realize Caps Lock is on. But here's the real question - why don't hackers get locked out when attempting to get into their victim's accounts?

If you've been watching USA's new serious Mr. Robot you might be under the belief that, like Elliott, hackers research you and then using a well thought out plan they try passwords that include information about your birth date, family, pets, sports teams, nicknames, address/phone numbers, etc until they find the magic combination to your password.  That scenario doesn't hold water when you look at the facts of an account lockout - it doesn't matter if it's you or a hacker if the lockout says 5 tries and you're locked out, that's what's going to happen.  Even the few variables listed above amount to thousands of options.

So how do hackers do it?

Today we did an experiment with an Internet Tech Support Scam that is reportedly being found online by many in the Reno Sparks area.  Below is a screenshot of what first appears when you happen upon the website at online-system-scan.net.

More than likely you were redirected here by a malicious advertisement on another website or a redirect from a fake article; you know all those interesting top 10 articles that look too tempting not to click on, well some of them are not so innocuous.

Late last year Google made an important change in their ranking system that has received relatively little coverage.  Google has added to their search ranking algorithm a query to determine if a site is being served over HTTP or HTTPS. If a site is being served over HTTPS it ranks higher.

Here's an example of HTTP vs HTTPS:

While not in person, this kind of email is as much an attack using social engineering as some unknown tech who shows up saying they are there to repair your copier when you weren't expecting it, but is really there to gain unauthorized onsite access to your network.

The desired outcome is the same - access!  Their weapons is social engineering, cunningly forcing the person in front of them to suspend doubt and allow them access to the building (in the case of the copier repairman) or access to launch an attack on the company's network (in the case of the zip file).

The response to this email is natural, what do you mean my account was declined?!?

And before common sense kicks in the zip is opened the files extracted and wham the malicious content of the zip file is let loose on your company's network.