All posts in Cyber Security

15 Nov 2017

Security Alert: Fraudulent Phishing Emails with PDF Attachment

We’ve seen an influx of fraudulent phishing “please review” emails this week coming to our own staff so it serves as a good reminder to inform you of these threats that masquerade as legitimate emails.

The emails we are seeing are written so that they appear to come from a person at a legitimate company and contain a PDF attachment asking you to review important information such as invoices or other “important information.”  The emails are sent from individuals who have fallen for the trick and have had their email address compromised.  One of the messages we received from was from a local company in Mukilteo.  This may have been caused by the person falling for the phishing attack and providing their username/password, a weak password, insecure servers or poor malware protection.  They may specifically target people in the compromised account’s contact list as they may be expecting to hear from that person and are more likely to fall for the request.  Here’s an example of the text in one of these emails:

Hello,

Please review the below FirstName LastName (CompanyName) 11/15/2017 Official Documents

Kindly, click open file using supportive web browser. Document is securely send using PDF scanner. Feel free to contact me if you have any questions.

Note: Open Attached PDF and preview with Existing ID

Upon opening the PDF attachment, it contains a link to “Click Here” or “Sign In” to “unlock the document” or “view the invoice” and you are encouraged to ignore any security warnings and to sign in with your “existing email ID”.  This particular threat does not contain malicious malware within the attachment and preys upon the weakest link in the security chain – the user providing their information of their own free will.  Remember that hackers frequently use social engineering techniques to manipulate users and obtain sensitive data.  If you feel tricked, trust your instincts and don’t do what they’re asking of you.

So what happens if you click on the link?  Possibly nothing in this case, although it’s better not to do so.  So long as you exited the web page and didn’t provide any sensitive information you likely thwarted the threat.  If you did provide your information, you should immediately change your password on your account and any others that use the same credentials.  Contact us ASAP and we can assist with this.  Many phishing sites do contain payloads which attempt to load malicious files onto your PC without your consent so the best course of action is to not take any chances and immediately delete any non-legitimate emails and not to click on any links.

To prevent the success of phishing techniques you should always be leery of emails that are impersonal, from people you don’t know, or do not address you by name.  One trick is to mouse over a link to see where it will take you before you click on it.  Links can sometimes be shortened with bitly URL shorteners so this doesn’t always help but if you don’t recognize where the link is taking you, treat it as suspicious.

FacebookTwitterGoogle+LinkedInTumblrEmailShare
10 Dec 2015

Online Security – How Can I Stay Safe?

cyber security

You are sitting at a neighborhood bistro waiting on a friend. They are running late, and so you decide to take advantage of the free Wi-Fi and surf the net on your phone. As you scroll through your emails, you remember you need to pay some bills online and figure now is a perfect time. You log on to your bank and proceed to transfer those funds.

Sound like a familiar scenario? Many people do it every day. While it is a part of daily life, we need to be cautious and know the risks, or you could find your information stolen and vulnerable. How can we protect ourselves, and what can we do to keep our personal information safe?

It is important to make sure you are hooking up to a network that is secure. Their network can be configured to track data going out and being received. Public connections are often unsecured and leave your machine open to outsiders. Be cautious when using free Wi-Fi.

When shopping online, make sure you stick with reputable sites that you know to be legit, such as Amazon or Nordstrom. To ensure that you are on a secure, encrypted part of the webpage, make sure that during checkout you divert your attention to the top of your browser. There should be a padlock symbol or the abbreviation ‘https’ in the address bar at the top of your browser when finalizing your purchases. As always, monitor your banking statements for fraudulent or suspicious activity.

Make sure that you do not click on anything where the source seems suspicious. If a window pops up, do not click on it, and immediately close it. If you received an email from an unknown source, do not follow any links within it.

Another issue to touch on to keep your information safe is password security and keeping your machines locked. When selecting a password, it is better to be complex. They should contain a mix of uppercase and lowercase letters, as well as numbers and symbols. They should be different for each site.  Finally, lock your machine up when it is not in use. This includes laptops, desktops, tablets and phones. A pin or password is ideal, as it is your first line of defense against someone trying to steal information.

REQUEST A
FREE QUOTE

Contact Form