Phishing Prevention Best Practices

Phishing Detection Is Becoming Harder

Recently I’ve noticed an uptick in very legitimate-appearing phishing emails. One came in as an email from “someone I knew” saying they had a task for me and to send them my personal number so they could reach me. My alarm bells went off because:

  1. The real person already had my phone number.
  2. They had “reached” me just fine through the email – why ask for my phone number?

Upon closer inspection, I could see that the person’s name was there, but the actual email address looked suspicious. One of the reasons we recommend getting an Office 365 or G-Suite account instead of using a free Yahoo or Gmail account is that employee emails are authenticated. We’ve had clients who have accidentally given away private information, mistakenly believing they were giving the information to a co-worker. As you can imagine, this data breach leads to a whole host of headaches.

Phishing Prevention Best Practices

  1. Never give out your email password.

  2. Never send passwords via email.

  3. Never send credit card information via email.

  4. Never send HIPPA or other sensitive information over email.

Email is an insecure platform. Even without hackers being involved, you could mis-type an email address and inadvertently expose sensitive information. Don’t take the risk. The small convenience factor isn’t worth it.

Common Phishing and Malware Scams

Hackers are becoming quite sophisticated, I’ve seen a few good imposters of Microsoft emails lately. Here’s a good example and where to look for clues that the email is not legitimate.

phishing email from microsoft

If you were to open up one of these emails, you expose your network to:

  1. Computer viruses, which are designed to self-replicate by sending an email from YOU to all the people in your contact list.
  2. Ransomware, where the hackers hold your data hostage until you pay them. FYI: Don’t pay them!
  3. Spyware, which will collect information from your computer and send it to the hackers.

How To Identify Phishing Emails

How can you find a phishing email / malware?

  1. Look at the sender’s email address. Usually the sender’s email address will not be a legit email associated with the organization that they are claiming to be from. They may claim to be from a company or a bank or even a friend or coworker, but the email address could have a totally different domain address.
  2. Look at who they are addressing. If they are part of a legitimate company that you work with, they should know your name. If it is a phishing email, it will most likely address you by your email address or a general name such as customer.
  3. Be on the lookout for bad grammar. Many times, there can be small to moderate grammatical errors that could easily be missed when quickly scanning an email.
  4. Be wary whenever someone tries to get you to provide personal information. They may give their own links that do not go where they say they will go, Hover over the link to see the website address. If you’re in doubt, ignore the email. Open a new web browser and login to your account. If a bank, Microsoft, Paypal or other service provider has a special alert, you can get the same information by going directly to their site.

Preventing Phishing and Malware Scams

Anti-virus software, firewalls and other data security solutions can stop most malware attacks, but they’re not infallible. If you open a suspicious email, contact an IT Professional IMMEDIATELY. The longer you wait, the worse the problem can become.

We help clients with data security breach prevention – and post-malware cleanup. Need our help? Give us a call at 586.263.1775 or

Small Business Data Security Breach

Disaster Recovery Planning – IT Lessons from Hurricane Season

disaster recovery planning

Hurricanes. Floods. Fires. Tornados. Natural disasters remind us that we can’t control everything. What we can control is how we prepare in advance and how we respond afterward.

Read more

How to setup a small business VPN

Setup a Small Business VPN

Will ISPs sell your data?

Last week Congress voted to allow ISPs to sell your data.  This news has people in a panic, concerned about what the ISPs can or will share.  Some sites, like Motherboard, predict a data pilfering free-for-all, proposing that information shared may include:

“Financial and medical information. Social security numbers. Web browsing history. Mobile app usage. Even the content of your emails and online chats.”

Other sites give us some reassurances that ISPs would show more restraint and that this rule change was only created to enforce consistency.  Wired magazine’s article, “Big Cable’s Case for Selling Your Data Doesn’t Hold Up” argues that you get what you pay for. Just as Facebook and Google offer free services, but “FREE” comes at the expense of being able to collect information and use it to serve up targeted advertising.  While this measure is flawed, creating consistency and clarity of the FCC rules would actually be a good idea.

In response to this ruling, Minnesota has already voted to pass internet privacy protections and other states will likely follow suit.

Don’t panic. But take data security precautions.

As a consumer, you’ll of course want to protect your personal devices.  But be cautious.  Reports show that up to 38% of Android VPNs on the Google Play store are plagued with malware. According to the Hackread article, the 10 worst VPNS are:

  1. OkVPN
  2. EasyVPN
  3. SuperVPN
  4. Betternet
  5. CrossVPN
  6. Archie VPN
  7. HatVPN
  8. sFly Network Booster
  9. One Click VPN
  10. Fast Secure Payment

Businesses need to take even greater data security precautions.

Businesses have all the same concerns as consumers, PLUS more. Leaking information could reveal:

  • Trade secrets
  • Pricing information
  • Client email addresses and private information
  • and much more!

That’s why many larger businesses (especially those in finance, health and other industries with compliance regulations) insist that remote employees exclusively connect through a VPN.

What is a VPN?

VPN stands for Virtual Private Network.  Basically this technology allows users who are on a public WIFI to create a secure, direct connection between the remote device and the main office server. Think of it like a tunnel, where all of the data that travels through this tunnel is encrypted. No one, except the VPN server IT administrators can see this data, not even your ISP.

How to setup a Small Business VPN

For small businesses, VPNs are frequently setup using software. Larger businesses often use VPN hardware that comes with additional functionality for data load balancing and a hardware firewall.  Whichever you decide – VPN software or VPN hardware – you’ll want to ensure you do all the steps to set up your VPN correctly. Setup is critical, and when done incorrectly will compromise the entire point of having a VPN.

Popular small business VPN software programs include:

·         Windows Server comes with built-in VPN software.

·         Vyprvpn

·         Hamachi VPN [AM8]

·         OpenVPN

All of these VPN software programs are well vetted. Which VPN solution is right for you? Well…that depends – on your IT environment, the number of users you plan to have on the system and the level of security you want to achieve. If you’d like our advice and are interested in having a professional IT team  set your VPN up for you, please schedule a free 30-minute call with one of our technical specialists.

VPN Consultation

Ghosts in the machine

Ghosts in the machina

IT Policies & Procedures

Do you have a tight onboarding / offboarding checklist you use when hiring a new employee or consultant? If not, it’s likely you have “ghosts” – people who can still access your data, even though they no longer have an affiliation with your company.  Read more

Cloudflare Security Breach & Password Security

Cloudflare security breach

Cloudflare, a company that hosts and provides services for millions of websites and cloud-based software applications, announced that user data from over 3400 websites has been leaked and cached by search engines. Read more

Portfolio Items