Blog - - Seattle, Washington

05 Feb 2019

IT Horror Stories: Direct Deposit Redirect


The following is a true IT Horror Story based upon actual events and is distributed for educational purposes.

The Scenario:

Jennifer works in the Finance department of a services firm and is responsible for payroll and direct deposit.

The Scam:

One morning Jennifer received an email that appeared to come from an existing employee stating:

Hello Jennifer,

I have recently changed banks and like to have my direct deposit changed to my new account and effective with this coming payroll.  If you are less busy can you help me update my bank details.  let me know so I can send it to you.


John Davidson

Senior Vice President

ABC Company

The sending email address was spoofed and closely mimicked John’s legitimate company email.  Jennifer fell for it and responded by asking John for updated routing and account info with a friendly reminder that the first check after the change would be live, so he’d have to swing by the office to pick it up.

Our friendly scammer responded quickly, and this time was even trickier.  He thanked Jennifer, sent her the updated routing info for his scammer account, and kindly requested that she skip pre-note so that he can get his next paycheck deposited into the account.  By using financial terminology, he appeared to be even more legitimate.

Jennifer responded enthusiastically that “I updated everything with NO PRENOTE, so your next check will go into that account! 😊”.

The scammer received John’s paycheck at the next payroll and no one was the wiser until the real John complained that he didn’t get paid.

The Lesson:

This scam is 100% preventable by taking one simple step – make a phone call.  In every scenario where money is to be sent, make a phone call to verify the requestor.  EVERY SINGLE TIME.  Jennifer should have looked up John’s phone number in her company records and called him to verify the change request.

Jennifer also missed some clues in the email that should have raised her suspicions.  First, there are grammar errors in the email that are typical of scammers.  For example, there would usually be a ‘would’ in the ‘and like to have’ sentence.  The scammer also asks “if you are less busy” and the ‘l’ in let is not capitalized in the last sentence.  These are small grammatical errors that could be made by the real John if he was in a hurry, but they should raise suspicions.  Lastly, if Jennifer had paid attention to the headers and/or originating email address of John’s emails, she would have noticed that they came from an email address.  Employees typically do not request payroll changes from their personal email addresses.

15 Nov 2017

Security Alert: Fraudulent Phishing Emails with PDF Attachment

We’ve seen an influx of fraudulent phishing “please review” emails this week coming to our own staff so it serves as a good reminder to inform you of these threats that masquerade as legitimate emails.

The emails we are seeing are written so that they appear to come from a person at a legitimate company and contain a PDF attachment asking you to review important information such as invoices or other “important information.”  The emails are sent from individuals who have fallen for the trick and have had their email address compromised.  One of the messages we received from was from a local company in Mukilteo.  This may have been caused by the person falling for the phishing attack and providing their username/password, a weak password, insecure servers or poor malware protection.  They may specifically target people in the compromised account’s contact list as they may be expecting to hear from that person and are more likely to fall for the request.  Here’s an example of the text in one of these emails:


Please review the below FirstName LastName (CompanyName) 11/15/2017 Official Documents

Kindly, click open file using supportive web browser. Document is securely send using PDF scanner. Feel free to contact me if you have any questions.

Note: Open Attached PDF and preview with Existing ID

Upon opening the PDF attachment, it contains a link to “Click Here” or “Sign In” to “unlock the document” or “view the invoice” and you are encouraged to ignore any security warnings and to sign in with your “existing email ID”.  This particular threat does not contain malicious malware within the attachment and preys upon the weakest link in the security chain – the user providing their information of their own free will.  Remember that hackers frequently use social engineering techniques to manipulate users and obtain sensitive data.  If you feel tricked, trust your instincts and don’t do what they’re asking of you.

So what happens if you click on the link?  Possibly nothing in this case, although it’s better not to do so.  So long as you exited the web page and didn’t provide any sensitive information you likely thwarted the threat.  If you did provide your information, you should immediately change your password on your account and any others that use the same credentials.  Contact us ASAP and we can assist with this.  Many phishing sites do contain payloads which attempt to load malicious files onto your PC without your consent so the best course of action is to not take any chances and immediately delete any non-legitimate emails and not to click on any links.

To prevent the success of phishing techniques you should always be leery of emails that are impersonal, from people you don’t know, or do not address you by name.  One trick is to mouse over a link to see where it will take you before you click on it.  Links can sometimes be shortened with bitly URL shorteners so this doesn’t always help but if you don’t recognize where the link is taking you, treat it as suspicious.

27 Apr 2017

Server 2016 VPN bug (Bad patch: KB4015217)

Windows Server 2016 freezes when setting up SSTP VPN in RRAS. First the “OK” button stops responding in properties windows inside RRAS. In particular after attaching an SSL Cert in RRAS, the problems start occurring. Then the RRAS services get stuck in a “Starting” state. Then the server becomes very sluggish and starting basic tasks like opening Task Manager hang. Rebooting the server sometimes results in a blue screen.

Uninstall Server 2016 security patch KB4015217 – released April 11, 2017. Following removal, you may need to reboot several more times and remove and reinstall the Remote Access role before the problem is resolved.

Quick workaround:
Disabling RRAS services and removing the Remote Access role also fix the server slowdown issues.

We spent many hours battling this issue before narrowing the issue down to this bad patch.  We have a support case open and the bad patch has been reported to Microsoft’s product development team to fix the broken patch in a future Server 2016 patch.

17 Dec 2015

Backups versus Intelligent Business Continuity

Traditional backup methods, such as tape, disk, or online only, are no longer sufficient. In fact, leading edge business owners are finding them unacceptable, due to their inability to recover data quickly and mitigate downtime. Technological innovations have established a comprehensive new standard, Intelligent Business Continuity (IBC). Only an IBC solution will ensure data protection, data security, instant recovery, mitigate downtime and ensure continuity.

Traditional Backup

  1. Can take weeks to recover data after a disaster occurs, if the data is recoverable
  2. High risk of failure due to heavy manual administration: 58% of downtime is due to human error
  3. Difficult to test if a backup is working properly
  4. Time consuming and expensive to make a copy of, and store, backups in multiple locations. 61% of SMBs still ship tapes to an off-site location
  5. Backup speeds are slower
  6. Difficult to prioritize important data, files and applications
  7. Physical to virtual conversions can be time consuming and have a high failure rate
  8. Data and backups are at risk when based in only one location, either local OR in the cloud
  9. Limited options for encrypting data, may not pass industry regulations (i.e., HIPAA, SOX)
  10. Tape failure rates can exceed 50%
  11. Potential for theft of loss of media
  12. Perceived cost savings are deceiving–average cost of downtime is $163,674 per hour

Intelligent Business Continuity

  1. Downtime after a disaster is reduced to hours, minutes, or even seconds
  2. Fully automated backup process—very little manual management required
  3. Automated screenshots are taken of each image-based backup, to verify a successful backup
  4. Each image-based backup is automatically saved in multiple loca- tions for redundancy; local appliance and secure data centers
  5. Quick and efficient transfer of files to off-site data centers, even with low bandwidth or busy networks
  6. Critical data can be prioritized, to be transferred offsite first
  7. Instant virtualization in mere seconds, due to both proprietary tech- nology and already saved VMDKs
  8. Avoid risk of downtime from a local disaster, as backups are stored in both local device AND secure cloud
  9. AES 256 and SSL key-based encryption ensures data is safe both at rest and in transit, to meet industry regulations (ie. HIPAA, SOX)
  10. Minimal risk of corrupted backups or data loss
  11. Off-site backups stored in SSAE16 Type II data centers, ensuring security
  12. The ability to keep your business running in the event of disaster has immeasurable value

SisAdmin offers a variety of intelligent business continuity systems, including Datto and ShadowProtect. Give us a call at 425-482-1919 for more information!

10 Dec 2015

3 Easy Steps to Improve Your Battery Life

Here are some tips to make your laptop battery life last longer:


  1. Make sure you unplug you laptop when it is charged. In some cases, overcharging can damage the battery. According to the Battery University, a battery will give you 300 to 500 full discharge cycles or charges, and overcharging can significantly reduce the number of charges a battery is able to produce. Furthermore, Battery University recommends ideally using your laptop between 40% and 80% percent battery life to get the most life out of the battery.
  2. The number one battery drain is the screen brightness, and that goes for any device, including your cell phone. Search for “Power Options” on your machine, and make adjustments. Keep that backlight to a minimum and extend your battery life. While you are in the area of adjusting power settings, you can tell your laptop when to hibernate and sleep. When your machine is not charging or in use, adjust the settings to have the display turn off or dim.
  3. Keeping the vents clear on your laptop will improve your battery life. It is bad practice to set your laptop on a pillow, couch cushion, mattress, or anything soft that hinders airflow. The vents under your laptop will end up drawing up debris and the fans get congested, which in turn makes your machine work harder than it needs to. This will drain your battery very quickly, and over time could do some damage. If your laptop starts to feel very hot or makes a loud buzzing, move it to a hard surface immediately.
10 Dec 2015

Online Security – How Can I Stay Safe?

cyber security

You are sitting at a neighborhood bistro waiting on a friend. They are running late, and so you decide to take advantage of the free Wi-Fi and surf the net on your phone. As you scroll through your emails, you remember you need to pay some bills online and figure now is a perfect time. You log on to your bank and proceed to transfer those funds.

Sound like a familiar scenario? Many people do it every day. While it is a part of daily life, we need to be cautious and know the risks, or you could find your information stolen and vulnerable. How can we protect ourselves, and what can we do to keep our personal information safe?

It is important to make sure you are hooking up to a network that is secure. Their network can be configured to track data going out and being received. Public connections are often unsecured and leave your machine open to outsiders. Be cautious when using free Wi-Fi.

When shopping online, make sure you stick with reputable sites that you know to be legit, such as Amazon or Nordstrom. To ensure that you are on a secure, encrypted part of the webpage, make sure that during checkout you divert your attention to the top of your browser. There should be a padlock symbol or the abbreviation ‘https’ in the address bar at the top of your browser when finalizing your purchases. As always, monitor your banking statements for fraudulent or suspicious activity.

Make sure that you do not click on anything where the source seems suspicious. If a window pops up, do not click on it, and immediately close it. If you received an email from an unknown source, do not follow any links within it.

Another issue to touch on to keep your information safe is password security and keeping your machines locked. When selecting a password, it is better to be complex. They should contain a mix of uppercase and lowercase letters, as well as numbers and symbols. They should be different for each site.  Finally, lock your machine up when it is not in use. This includes laptops, desktops, tablets and phones. A pin or password is ideal, as it is your first line of defense against someone trying to steal information.

02 Dec 2015

Virus Alert: Major Banking Site Redirect + Phishing

Our engineers have reported a Trojan virus that’s floating around that’s utilizing a new phishing tactic that’s worthy of passing along to you.  Internet crooks and scammers are extremely active this time of year due to the massive number of online shopping transactions and they’re constantly coming up with ways to steal your financial information.  Here’s how this particular scenario unfolds:

  1. If your antivirus protection application is out of date, antivirus definitions are out of date, or the antivirus vendor has not included protections against this virus and\or its variants in their most recent definitions release, your machine may be infected by a Trojan virus that allows for this exploit.
  2. You browse to your bank account (this virus is applicable to most major banks).   You put in your username and password and everything appears to work as usual.
  3. If your machine is infected with this virus, the screen may spin for a few seconds or go white for a short period of time, the URL stays the same (your address bar gives the appearance that you’re still on then suddenly, a box comes up saying your account has had some strange activity and they are forcing you to verify who you are.  The page prompts you for personal financial information such as your debit card number, expiration, 3 digit code, PIN or other security questions.  If you were to enter these and click next, it would say ‘thank you’ and take you to the screen for your bank like nothing ever happened when in reality, you just sent all of the personal financial information that you just entered to the bad guys.

This is a sophisticated scam called a “man-in-the-middle” attack.  The technical trickery that is happening in the background is re-routing of DNS over SSL AFTER you type in your pertinent log-in details, which then attempts to phish you for your credit card information.

Please remain diligent when faced with these crafty methods thieves utilize to phish for your personal financial information.  Asking for your personal financial information should always raise a red flag as legitimate financial institutions do not ask for your account numbers, credit\debit card numbers, PIN or Social Security Number to verify your identity.

17 Sep 2015

Virus Alert: Ransomware Diligence

The purpose of this virus alert is to inform and educate you, as well as encourage you to remain vigilant against malware. We continue to experience isolated incidents of CryptoLocker and its variants, a type of virus known as “ransomware”.  To learn more about CryptoLocker and ransomware please reference our previous blog post here:

As mentioned in the above-referenced blog post, here’s steps you can take to protect yourself:

  1. Never open email attachments from unknown senders. Keep in mind that the people who create these emails are crafty. They are often carefully constructed to appear as if they came from legitimate businesses or vendors.
  2. Don’t follow links received in SPAM emails from unknown senders.
  3. Back up your data.
  4. Keep your antivirus and antimalware software updated. We recommend Webroot and MalwareBytes as a solid deterrent. Please be aware that no preventative platform is foolproof.

How do you know if you’ve been infected?

  1. You are unable to open files and/or files appear to be corrupted. This may occur on your local hard drive or on network shares if the infection has spread beyond a local machine.
  2. File extensions are changing from what they should be (.doc, .pdf, .xls) to .encrypted, .cryptolocker, or .[random characters].
  3. A HELP_DECRYPT file has appeared in each folder where files have been encrypted.
  4. A ransom screen may appear informing you that your personal files have been encrypted.

What do you do if you suspect an infection?

  1. Immediately disconnect your computer from your wired and/or wireless network. This will prevent it from further encrypting any files.
  2. Call SisAdmin at 425-482-1919 to report the infection ASAP.
04 Sep 2015

Three Ways to Boost Your Mobile Security


We live a mobile lifestyle. Our mobile devices keep us connected, and we can do anything from our mobile devices – from anywhere in the world. Online banking, hotel reservations, email – all can be accessed with a tap of the finger.

If you forget your phone at a restaurant, at work, or anywhere else unattended – how confident are you that nobody else can access your information?

While browsing the Internet, how confident are you that your information is only being viewed by you?

Follow these steps for a confidence boost in your mobile security:

1. Set a pin or passcode

This is your first line of defense. If someone wants to access your device, they will first need to break this code. This is not an easy task, and can operate as a deterrent against theft. Some device manufacturers have an option to automatically wipe your device after a few unsuccessful attempts at your passcode or pin; so, even if your phone is stolen, your information cannot be accessed.

2. Remote locate and wipe tools

There are thousands of applications out there, and many involve more than just crushing candy or shooting birds at pigs. Certain software can help you locate your lost or stolen device through its GPS. Apple offers a service like this for their mobile devices aptly named Find my iPhone. For Android users, the Android Device Manager offers these services. Windows Mobile users also have this option from the Windows Phone website. Similarly, many third party applications are available in each of the app stores.

3. Keep your device clean

Utilizing an Antivirus and Malware scanner is never a bad idea. Your phones are mini-computers, and just like your “big” computer – they need to be cleaned up from time to time. Malware and Virus threats can compromise information stored on your mobile devices. Malware has a snowball effect, and can continuously pile up until it slows downs or stops your device. Look for an MSP that offers Malwarebytes as a solution to this problem for both mobile devices and computers. It will keep your end points clean and secure from outsiders. Consider Webroot as an antivirus application that scans your downloaded apps and devices for any threats.  Equipped with internet security, this defense will give you a heads up if it detects any malicious activity from your device’s browser.

In the end, the number one security measure on your mobile device is you. Be proactive. Protect yourself and your information using the steps above!

20 Aug 2015

Moving Offices? Watch out for data cabling issues!

There’s many things to plan for when occupying a new office space. Move logistics can be daunting and often your IT infrastructure is the furthest thing from your mind.  The truth is, planning for an smooth transition of your IT infrastructure is one of the most critical aspects of a successful move.  I’ve often jokingly referred to IT being like toilet paper… you take it for granted that it’s always going to be there but when it’s out, you sure do panic!

One critical aspect of IT move planning is your data and voice cabling.  Networks are so commonplace that almost every office space has some sort of existing cabling.  The natural assumption is that you’ll be able to utilize the existing cabling when you move in, and everything will be just fine.  This line of thinking is fraught with peril and you shouldn’t make any assumptions when it comes to cabling.  A typical worst-case scenario goes something like this:

  1. There’s existing cabling in your soon-to-be office space so you say to yourself “I’ll just use what’s there.”
  2. You assume that the vacating tenant will leave the cabling in ‘as is’ condition, or you specifically ask the landlord to make sure the cabling is left intact.
  3. You take occupancy of the space only to find that the cabling has been cut with butcher knife and is rendered useless.  Yikes!

There’s a few reasons this type of thing occurs:

  1. The hard truth is that the vacating tenant often doesn’t give a rip if you inherit functional voice/data cabling (that they likely paid for).
  2. The vacating tenant wants to take their patch panel and/or server rack (that they also likely paid for) with them.  In order to do this, they have to either cut the cables or rip them out of the back of the patch panel.
  3. There are requirements in the lease, or local building and fire codes, that require them to remove the existing cabling.

If you fall victim to this situation, chances are that you won’t find out until you take occupancy of the space, which is often far too late in the game to do much about it.  Remember what I said about IT being like toilet paper?  Occupying a space without data cabling is like being stranded on the toilet without a roll.  Now you’ll need to find a cabling contractor to bail you out in a hurry which is often expensive and highly stressful.

One way to avoid a bad scenario is to assume that you’ll need to deal with cabling issues once you have the keys to the space and allow yourself enough time to deal with them prior to setting your move-in date.  You should also evaluate the cabling situation far in advance of getting the keys.  Make it one of your site evaluation steps to inspect the quality of the cabling and the speeds it can support.  Do your best to protect the cabling when the previous tenant vacates the space and if they do happen to cut it, have a contingency plan in place for how to deal with it.  Having a cabling contractor on stand-by is also a great precaution.

We highly recommend retaining SisAdmin to assist with the IT components of your office relocations.  Cabling is just one of the many things that need to be planned and accounted for during an office move.

close slider

Contact Form

  • This field is for validation purposes and should be left unchanged.