carbonite-blog-750x442-spot-phishing-email-01-1

everyday-tips-that-help-you-identify-a-phishing-attempt

Everyday tips that help you identify a phishing attempt

Phishing is one of the most common types of cyberattacks aimed at stealing your money or identity by means of obtaining your personal information and using it to access your accounts. This type of cybercrime is present on all popular communication media, ranging from social networks all the way to emails, phone calls or even text messages. Cybercriminals are usually impersonating reputable companies, attorney offices and even family members. They are trying to gain credibility and trick you into revealing sensitive information that can give them access to your financials. This is usually done through a link to a phishing website, a copy of a bank website or online store, which will ask for your banking of credit card information.

How to identify a phishing attempt?

At its roots, phishing is a means to collect your data, so be wary of any requests for personal information. Here are a few helpful tips for guarding yourself against online phishing:
  • Email domain address. Check the sender’s email domain. If the email is not coming from a known email provider (such Gmail, Outlook, or Yahoo Mail) or from an organizational domain that you know, then the email might be spam.
  • Spelling and grammar. Organizations and professional contractors care about the outlook and quality of their communication; therefore, email messages will always be spell checked and proofread. Spelling issues of any kind are a good indicator that the message you have received is a phishing attempt to extract your personal information.
  • A tone of urgency. When phishing, cybercriminals are trying to draw your attention away from the minor details that might expose them, so they are using a tone of urgency or even threats to draw the receiver’s attention away. The email or message will say to click on a link or to open an attachment immediately in order to claim an award, or even urge you to make a payment for avoiding penalties. This type of urgency is always a red flag for a phishing attempt.
  • New or unexpected messages. A message received out of the blue from someone you don’t know is a good candidate for a phishing attempt. There are also times when the message can be genuine, but more often than not, these types of messages are intended by cybercriminals to collect your information. Always examine carefully messages received from a first-time sender and make sure that the message is genuine before sending out a reply.
  • Suspicious links. Be wary of any links you receive in an unexpected email. Links can be deceiving, and while the text of the link points to a real organization, the URL behind the link could point out to a phishing page meant to steal your information. A quick way to check if a link is genuine is to hover your mouse over the text of the link. If the text of the link doesn’t match the real web address display under the mouse cursor, then the link is leading to a phishing page.
  • Unexpected attachments. Also be wary of any kind of attachments that you were not informed of beforehand. Attachments can contain viruses or malware targeting your data, that cybercriminals can then use to access your finances or other valuable resources.
One way to avoid phishing attempts is to contact the sender of the email by phone or to speak to them directly. This way, you can ensure that the message or email is genuine, and any links or attachments provided are safe to use. A better way is to contact the IT security specialist of your organization and get their expert opinion, especially if the email sender is unreachable through other means. As an IT support and security provider, Abtech offers a wide range of resources meant to help you mitigate any phishing or ransomware threats. Here are a few of Abtech’s services, expertly tailored to battle phishing and other similar security threats:
  • Endpoint Security Software, such as ESET or Capture Client.
  • Email Security and Spam Filters, such as Proofpoint Essentials.
  • KnowBe4 Security Awareness testing and training.
  • Datto Ransomware Protection.
  • Internal Vulnerability scans and mitigation.
  • Cloud backup and disaster recovery (Stortrust).
We protect your data and your business. Abtech offers a range of services aimed at protecting you and your users from cyber attacks. If you would like to know more, please click here or reach out to info@abtechtechnologies.com
CONTACT US
ACTIVE-DIRECTORY-2000x1125

Active Directory

Let Abtech resolve your Active Directory problems and update or replace your Domain Controllers to improve your network performance. Click here to learn more about our Active Directory project examples.

Phishing

6 common items that help identify a phishing attempt

What is Phishing?

Phishing is a cybercrime in which a target or targets are contacted by email, telephone, or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. Generally, emails sent as phishing attempts are masked so they appear to be sent by the business, person, or institution who is known by the recipient.

Here are 6 common items that help identify a phishing attempt:

  1. Is the message sent from a public email domain, such as Gmail?
  2. Check the email address. Does the email address match the email address of the sender? Example: Bob – Bob@exxon.com, but shows Bob – bob@gmail.com.
  3. The email domain name is misspelled. (exxon.com is Exxan.com)
  4. The body of the email is poorly written with misspellings, bad grammar, or poor word choice. (However, be careful, the cybercriminal’s grammar is improving)
  5. The message includes attachments or links that are suspicious. The link says it goes to one place but when you hover over it is shows another URL.
  6. The message creates a sense of urgency, such as please change your password or look at this document ASAP.

If you ever have a question about an email and if it is legitimate, you have options: contact the sender via telephone and confirm or ask Abtech and we will provide an expert opinion. And please remember that as a client of Abtech, you have access to resources to mitigate Phishing and Ransomware attacks. Here are a few examples. Your company may already be utilizing some or all of these:

  • Endpoint Security Software such as ESET or Capture Client
  • Email Security and Spam Filer – Abtech Recommends Proofpoint Essentials
  • KnowBe4 Security Awareness testing and training
  • Datto Ransomware Protection
  • Cyberhawk Internal Threat Detection
  • Internal Vulnerability scans and mitigation
  • Cloud backup and disaster recovery (Stortrust)

Abtech offers a range of services aimed at protecting you and your users from cyber attacks.

If you would like to know more, please click here or reach out to info@abtechtechnologies.com

064183c29902981ccc3c70a685b1ba30

Disaster Recovery — Back-up site challenges solved with DRaaS

Disaster Recovery — Back-up site challenges solved with DRaaS

Disaster recovery is a topic that every business should include in their strategic plan. It is an ongoing discussion. We should approach this problem from the point of not if, but when. Today’s business world has a lot to consider and as technology improves, business leaders face greater threats that could easily become a disaster. As grim as this statement is, back-up challenges solved with DRaaS are both affordable and comprehensive.

Disaster Threats that Every Business Faces

Natural Disasters — Earthquakes, floods, hurricanes, tornados, fire, and whatever else the world can throw at us. We’ve lived with these as threats since the beginning of time. They are a viable threat. The question to ask is, “can my business survive if hit with a natural disaster?”

Human Error — Intentional or unintentional, humans make mistakes. They say “to err is human” and from time to time we live up to that saying. There are plenty of examples of disgruntled employees who have destroyed data. Understanding how data theft or mal intent affects businesses allows leaders to safeguard data and reduce the risk of data loss due to human activity.

Cybercrime — Cybercrime is huge. There is the ongoing threat of ransomware, virus, malware, spyware, and hackers. Anyone of those events could take down a small business. One of the questions that every business owner or leader should ask is “Can this business survive data loss.”

Ransomware is very active. In 2015, it became a real pest. In 2016, it grew even larger. In fact, it grew so large that California amended its laws to include ransomware as part of its existing statutes that cover extortion. This is the first law of its kind among the states. The expectation is that ransomware will outshine itself in 2017. The techniques that ransomware uses have evolved. You no longer have to click a link in an email. You can just be shopping at a trusted site and click an image or link for ransomware to lock down your computer. It is very hard to undo ransomware and if you do not pay the ransom, then it destroys your data, files, operating system files, etc.

Virus, malware, and Spyware all evolve at the same rate as technology. Dealing with any of these vectors requires an almost constant attention to updating antivirus, anti-malware, and anti-spyware programs. It also requires that software installed on your system be updated frequently too. It helps to understand how all of these things fit together. With software, hackers and those people who design and write virus and malware use a variety of tricks to cause harm. One of the most common tricks is that they rely on aging software to gain entry into systems. That is why updating software is such a critical part of IT management. Without the security patches issued by software companies, all of these denizens would easily find a way into people’s computers.

Cybercrime seems like a hopeless and endless struggle. While it is endless, it is certainly not hopeless. It just requires the skills and talent to deal with it. That is why data recovery as a service (DRaaS) is important. It opens doors for small- and medium-sized businesses to manage the ongoing threats of data loss caused by natural disasters, human error, equipment failure, and cybercrime. Cybersecurity is difficult. Society has moved past the point where an antivirus program alone will reduce the risk of incident. Cybersecurity involves ransomware, virus, malware, spyware, identity theft, phishing, and a host of other issues.

Outsourcing data recovery gives business leaders access to professionals who live and breathe data recovery. These are the folks who deal with the emerging threats and handle the task of creating defenses that safeguard data.

Ten years ago it was sufficient to install antivirus. Today, you have to consider how time changes technology. We are past the point where we can install a program and then go about our business. Cybercrime has become so sophisticated that those people work to overcome security defenses. Without a constant effort to block them, your data is toast.

Can your business survive data loss?

Dell-EMC-Launches-Dell-EMC-PowerStore-with-Modern-Infrastructure

Swimming to the top in a sea of server offerings

Evaluating server suppliers can be tough.

In considering the Big Four, with similar options from the same chip manufacturers, NICs from the same networking vendors, and the same OEM’s disk and memory options, it can be difficult to look at servers as anything but a commodity.

On the other hand, each server supplier has their own unique messaging around how their server is the only server, and you are foolish to even consider any other option.

Sadly, there is no easy button. Speeds and feeds, if we are keeping it real, can be closely duplicated across brands. If you are looking for a differentiator, consider management tools. They are not all created alike. Here is a quick breakdown.

Lenovo XClarity

First, IT folks seem to expect a pricing advantage when choosing Lenovo. This does not seem to be the case: ‘… the price, for example, for the memory option, does not match other vendors such as HP or Dell.’ peerspot.com XClarity Controller does not monitor other suppliers, which means additional complexity and panes of glass XClarity caps at managing 1,000 servers – a paltry number compared to the other three XClarity files are triple the size, which means more time to execute and reboot Automation: This is the point, right? Not so much with XClarity – automation in response to alerts is not supported. Custom reports are also a no-go in XClarity

HPE OneView

Separate instances of OneView are required to manage Rack and Blade chassis (we live for managing management tools, right?) Because OneView does not recognize Converged (Blade) chassis as a system, management is wound back to the component level – something converged is designed to fix in the first place Automation: pack your coding chops, nothing comes pre-packaged While HPE dubs OneView as all-inclusive, storage management is not comprehensive

Cisco UCS Manager

UCS Manager only monitors Cisco. Is it realistic in 2022 to assume a 100% homogenous environment? Security: Surprisingly, Cisco offers no Silicon Root of Trust, no digitally signed firmware updates, no real-time firmware security scanning – all critical in detecting configuration drift and ensuring secure architecture that takes less time to manage Complexity: A UCS Manager instance is required for each domain. Multiple UCS Managers are managed by UCS Central (manager of the managers?). Cisco, not generally known for simplicity, stays the course here. Complexity in configuration and management costs time. Time is money. No OS deployment Data and management networks are one in the same. If one goes down, the whole thing goes down.

Dell OpenManage

Manage up to 8,000 devices from one, easy to use console, with elastic search for easier and faster navigation to what’s important

Deploy and manage infrastructure (including OS) for any Dell form factor as well as monitoring and creating alerts for 3rd party solutions

Template based automation is easy to get into production

Customizable Reports that are easy to get started and modify for your environment

Certainly, this is a high-level view, and management requirements are as unique as the workloads that drive the infrastructure. In any event, the criteria that really makes for the ‘best’ server go well beyond the experience of ‘that one time I called support in 2007.’

For more information, please contact myself, tfrederking@abtechtechnologies.com, or my AE, Barb Adkison at badkison@abtechtechnologies.com