Phishing attacks nearly doubled in 2020 as compared to the prior year and we’re seeing a similar trend in 2021 with phishing on the rise. This method of attack is by far the most prevalent and it continues to evolve and get more sophisticated all the time.

Without protection against various phishing tactics, companies can face multiple threats to their network security, including ransomware, data breaches, credential theft, and account takeovers. 

Phishing has become more dangerous over the last few years because many attack campaigns are run by large criminal groups or state-sponsored hacking organizations. These groups invest money into making phishing more effective and continue to optimize how much money they can make and how fast they can deliver attacks.

This in turn increases the volume of attacks and the risk level. 

One of the ways to stay one step ahead of phishing attacks is to know what new tactics are being used so you can properly prepare your team. Following are some of the alarming new phishing trends being seen by industry cybersecurity experts around the world.

1. Increased Use of Breach Specialists (Initial Access Brokers)

Initial Access Brokers are hackers that specialize in getting inside a network. They facilitate that first breach, so others can then conduct their attacks. Because this is the main focus of this group of outside contractors, they’re very good at it.

In efforts to optimize the success of phishing campaigns criminal groups are increasingly hiring these experts to launch that initial part of the attack that gets them inside a network. This can be through an elaborate credential theft campaign or a tactic using malware to breach a network device.

2. SMS Phishing is Increasing

SMS phishing (smishing) is on the rise and many employees aren’t aware. They’re used to being careful of unexpected emails and may even be well-trained in tactics like hovering over links to reveal the URL beneath them. However, many aren’t expecting to receive fake text messages that look like the shipping notices they normally get from Amazon and other retailers.

Mobile phone numbers are becoming easier to get, which is why scam robocalls have become such a problem for mobile device users. Cybercriminals are also using these numbers to launch phishing campaigns via text message deploying hidden links that users often can’t roll over in the same way they can on a computer.

3. More Use of Brand Impersonation

Impersonating another company is a common phishing tactic to fool users into thinking a phishing email is legitimate. They’ll use their logo, signature, and make a carbon copy of emails from brands like Microsoft 365, Amazon, and Netflix.

But scammers don’t only impersonate larger companies. Your business needs to watch out for the use of brand impersonation when it comes to vendors you do business with, such as your internet service provider or website host. 

4. Monetization of Business Email Compromise (BEC)

Up until now, ransomware has been one of the most lucrative types of phishing attacks that hackers could launch, which is why ransomware has been exploding in volume in recent years. But now hackers are finding out that compromising a company email address can also rake in the cash.

Once they breach a user email address (preferably someone in a managerial position), scammers can send out emails from that person’s email account to other employees. Those employees will typically not suspect a phishing attack because they recognize the person and see their real email address is used.

BEC is often used with gift cards scams, where the scammer will direct employees to purchase gift cards and reply with the codes.

5. Increased Targeting of Smaller Companies Using Spear Phishing

Smaller companies need to worry about the increased use of spear phishing. This targeted form of attack that uses more personal details used to be saved just for the larger organizations because of the research needed.

But now with the efficiency improvements of phishing attacks, small businesses are also being singled out and targeted in the same way.

6. Disgruntled Employees Are Being Targeted for Their Passwords

You may want to ensure you don’t have any particularly unhappy or disgruntled employees because they could potentially be the source of a breach. In efforts to conduct attacks on company cloud accounts, hackers are phishing for user login credentials.

One of the new tactics they’re using is to outright offer employees cash for their login details. They play the numbers, thinking that most companies have at least one disgruntled employee that might take them up on that offer. If they do a little searching on social media, it may also not be hard to find someone unhappy with their employer based upon the things they are posting.

Are You Due for a Review of Your Cybersecurity Strategy?

Companies must evolve their cybersecurity strategy to keep up with the evolution of phishing and other cyberattacks. BrainStomp can help your business with a full review of your current protections and make suggestions for any areas of risk.

Schedule a free consultation today! Call 260-918-3548 or reach out online.

As of June 2021, Windows has over 72% of the desktop operating system market share, so a majority of companies are having to make the decision of when to upgrade from Windows 10 to the just-released Windows 11.

Upgrading your business technology solutions, especially one as important as the OS that runs employee PCs, is an important timing decision. Companies don’t want to upgrade too soon and face downtime and other issues due to bugs that have yet to be worked out.

But waiting to upgrade also has a downside. Employees can miss out on productivity-enhancing features that could improve their workflows. Additionally, a company could get caught having to rush to upgrade before the older OS loses vital security support or risk increased exposure to a cyberattack.

When it comes to Windows 11, out for a little over 2 months now, many companies are weighing the pros and cons and trying to decide exactly when to upgrade their office devices. 

We’ll go through the pros and cons of upgrading now to help you make a more informed decision on when to roll out your Windows 11 companywide upgrade.

Reasons You May Want to Wait to Upgrade

If Your Company Uses Oracle VirtualBox

The Windows 11 release has been largely well-received with few issues. Nearly all bugs that have been found have already been resolved, according to the Windows health and status page.

However, there is still a confirmed issue with Oracle VirtualBox and its compatibility with Windows 11. Users might be unable to start Virtual machines and may receive an error message. 

The Widgets Panel Needs More Work

While many of the features have rolled out without a hitch, one in particular still needs more work and is minimally helpful right now.

The Widgets panel that is activated from the taskbar is designed to allow you to get quick access to different types of information like your Microsoft To Do list, news, weather, stocks, and email. But it has some problems, that include:

• Email widget is difficult for some users to connect to their Outlook email

• There aren’t that many widgets to choose from

• There are not many productivity-focused widgets

• The panel can be slow to load

Reasons You May Want to Upgrade Now

Easier Multi-Window Workflow

68% of surveyed office workers say that they spend at least 30 minutes a day switching between apps. This is often done because it can be time-consuming to size two or more windows on the screen at the same time and still reach the menu items and scrollbars.

The new snap layouts feature in Windows 11 solves this dilemma. It allows users to quickly snap a group of windows into an optimized view that allows them full access to scroll bars, menus, etc. 

This single feature can save your employees a lot of time and make their multi-window work easier and more fluid.

Snap layouts in Windows 11

Easy-to-Learn Upgrade Without Major Differences from Windows 10

This won’t be an upgrade that has your employees feeling like they’re in alien territory when they get to their upgraded desktop. Windows 11 doesn’t make major changes to the interface or navigation of Windows; it just enhances it to make it less cluttered and reduce the time it takes users to do tasks.

The biggest interface change that users will need to get used to is that the Windows Start Menu button has been moved from the far left of the taskbar to the middle.

Native Teams Integration Promotes Easier Connections

We’ve all known that one person that seems to have a hard time navigating video call applications. For those users and others, Windows 11 is going to make the chat, audio call, and video call experience easier. 

Microsoft Teams is natively integrated with an icon on the taskbar. Users can click to easy message or call anyone from their desktop without needing to open another app. This includes the ability to screen share during a call and to send and receive text messages. The person you are connecting with doesn’t have to be a Teams user to connect with them.

The Upgrade is Free for Compatible Windows 10 PCs

Another reason you may not need to wait to upgrade is that upgrading to Windows 11 won’t mean having to purchase a new operating system for all your computers in most cases.

The Windows 11 upgrade is free for Windows 10 PCs (home and business versions) that meet the minimum system requirements for the upgrade. 

Schedule Your Windows 11 Office Upgrade Today

BrainStomp can help your business upgrade all user PCs (in-office and remote worker) to Windows 11 smoothly without disrupting your normal business operations.

Schedule a free consultation today! Call 260-918-3548 or reach out online.

Phishing attacks have been going through the roof so far this year. In May of 2021, they rose by 281%, and in June, increased another 284%. The quality of phishing emails, in general, is also going up, which makes them harder to spot, even for those that consider themselves tech-savvy.

These phishing scams now automate and personalize emails and the malicious websites that may be used with, tailoring them to the victim. Some attacks using a spoofed Microsoft 365 login page will even display an employee company’s corporate logo and background image.

Once you’ve clicked on a phishing email link or accidentally opened an attachment that could contain malware, it’s easy to panic and make things worse. For example, the thing you do NOT want to do is use your possibly infected device to go searching on the internet for free malware removal tools.

The longer you’re connected online, the more risk there is of other devices and connected cloud storage being infected. Additionally, you don’t want to trust a free antivirus that you found when searching in a rush, because it could also be a scam.

The things you do in the minutes following an accidental opening or click of a phishing email will make all the difference in how bad the damage may be to your business network and security.

If you think you’ve clicked on a phishing link or opened a dangerous file attachment, here are the immediate steps to take to try to mitigate the damage.

Contact IT Support ASAP

The first thing you want to do is contact your IT support provider immediately. We can keep you from making mistakes that will make things worse. 

You don’t know what you may be dealing with when you expose your device to the contents of a phishing scam, so it’s best to have a professional thoroughly review your system to identify and remove any viruses or other types of malware.

Disconnect Your Device 

Most malware is designed to spread rapidly through any connection it can find. This means that it can quickly infect other devices on the same network and syncing cloud storage services.

You should immediately disconnect your device from the internet and any other internal networks. Turn off the Wi-Fi from your desktop and unplug any ethernet cables that may be used for an internal or external network connection.

This isolates the device to hopefully keep any infection confined to just that one computer.

Back Up Files to a Local Drive

There is a chance that you may lose files due to malware infection of your device. Some worms can be destructive and eliminate files one by one. In other cases, to remove a particularly persistent malware, you may end up losing some or all of the data stored on your hard drive.

Use a local (not cloud) external backup to create a copy of your hard drive. You don’t want to use a cloud backup in this case because it would mean reconnecting your device to the internet.x

Also, don’t reconnect to a central server to back up, as this puts that device in danger of being infected. Use a single external hard drive backup that is only connected to your device to copy all the data.c

Scan Your System for Malware

Use any antivirus/anti-malware program that is installed on your device or can be installed without reconnecting to the internet to scan your device for signs of malware. Not all of these applications are equally as thorough, so it’s best to get the help of an IT pro for this.

We know the industry-standard and best antivirus/anti-malware apps to use to ensure that any malicious code hiding in your system is detected, quarantined, and removed.

Change any Login Credentials You Have

It’s best when you’ve had a phishing incident to change all your login credentials. If you had saved those in the browser or elsewhere on your infected computer, then there is a chance they could’ve been compromised.

Using a password manager is a good idea because it will suggest strong, unique passwords for all your logins and you only have to remember a single password to access all the others.

Clear Browser Data

Spyware can take a look at areas of your system where important information is stored, and this includes your browser. A hacker that knows you frequent certain online shopping sites has a roadmap of where to try any compromised passwords.

Clear all your browser data, including cookies and history, so there is less information that an attacker could use to steal your information or compromise your accounts.

Don’t Freeze Up If You Encounter Phishing…Call BrainStomp!

If you interact with a phishing email or social phishing post, call us right away! BrainStomp can help you isolate the infected device and quickly deal with any malware infection with a goal to mitigate your costs and downtime.

Schedule a free consultation today! Call 260-918-3548 or reach out online.

The number of passwords that people have to keep up with continues to increase each year. There are accounts for work applications and personal accounts like online banking. Using retail sites also introduces a whole new slew of account passwords you need to make.

We juggle an average of 100 different passwords for various account logins now. That volume of passwords leads to users reusing passwords, using easy-to-guess passwords, and storing passwords in an unsecured manner.

With most companies moving much of their data and processes to the cloud since the pandemic, password breach has become a major threat to data security.

One way that people try to cut down on the number of new passwords they need is to use their Google, Facebook, Apple, or another major account to create a new account with a 3rd party site.

Sites like Zoom, eBay, and many others allow you to use a “sign-in with…” option instead of creating a unique login credential for their site.

This often takes less time to get started, especially if you’re already signed into the service. Once you’ve connected the 3rd party account to your Google or Facebook ID, you then will be served up that FB or Google login page anytime you want to access that specific site.

This sounds like a great way to reduce the number of passwords you use, but is it a good idea?

It turns out that there are a lot of risks involved when you connect 3rd party accounts to your FB or Google login. So, while, it may be convenient it can also be a worse option than just creating a unique account with a site. Here’s why.

The Data Shared Can Be More Than You Think

When you connect 3rd party accounts to your Google or Facebook account, you’re sharing data between them. This means that accounts like Uber can tap into your Google Wallet, and task sites like Doodle can read your calendar. 

Setting up your Trip Advisor account with Facebook will expose your Friends List, with the 3rd party site using it to tap into your friends’ travel details and reviews.

One trick these services use to lull you into a false sense of security is to initially only ask for permission to share a little data, like your email address and profile information. But then, over time, you’ll get additional prompts to share more data until you end up exposing more than you realize.

One Breach Exposes Multiple Accounts

One of the cardinal rules of good password security is to make unique passwords for all your accounts. When you sign in to other sites with your FB or Google login, you’re breaking that rule.

You’re sharing that one password across all the sites you connect, leaving them all at a higher risk of being breached.

If a hacker gains access to your Facebook or Google account, then they have the keys to unlock other connected accounts as well. And it’s not hard for them to know what they are because they’re listed in the settings of the main account under an area that shows app access.

Downtime Can Impact Your Access

You create a single point of failure when you use your Google or FB account as the authentication process for 3rd party sites. Should one of those major sites go down, you can no longer authenticate to get into other connected accounts.

In early October, Facebook was down for nearly 6 hours due to a network connection issue. This meant that millions of users could not get into their Facebook account nearly all day. But those that had used “Sign-in with Facebook” to set up other accounts were also locked out of those accounts.

All cloud providers can go down and have outages that last hours. Having 3rd party sites rely on your FB or Google ID is setting yourself up for a major account lockout not if, but when, one of them goes down.

It Can Be Harder to Personalize Profile Details

When you use your Google or FB ID to set up an account on another site, your details like email address, phone number, and profile photo are usually shared with the 3rd party site. That site may not even have a way for you to change your profile photo and is just syncing the one in your Google or Facebook account.

That connection can make it difficult to change profile details in the 3rd party site if you want them to be different than the ones in your FB or Google account.

Need Help With Password Management & Security?

BrainStomp can help your business with affordable password management and security solutions to reduce your risk of a major cloud account breach.

Schedule a free consultation today! Call 260-918-3548 or reach out online.

With the end of the year only a couple of months away, the window is closing for making any business moves to reduce your tax bill come next April. One area where you can gain multiple deductions is technology upgrades. 

Whether you’re a small business owner or freelancer working online, you can use the deductions laid out in Section 179 of the IRS tax guidelines to find deductions for many office equipment and technology purchases. 

The guideline also includes a temporary bonus depreciation deduction that allows you to deduct 100% of the depreciation for new equipment all at once, rather than waiting for several years. This could effectively double the tax benefit of purchasing new technology before the end of the year.

Types of purchases that qualify under this deduction include:

• Hardware (computers, servers, routers, etc.)

• Software (“Off-the-shelf”)

• Security and alarm systems 

• Office equipment (printers, copiers, etc.)

• Communications equipment (VoIP desk phones, headsets, etc.)

If you time your technology purchases before December 31, 2021, then they’ll qualify for those tax credits, and you can get a partial payback in just a few short months come tax time.

What types of upgrades are popular right now? Here are several to consider that will improve your business operations, enhance security, and help you boost productivity.

New Mesh Network Wi-Fi

Optimizing your internet connection is one upgrade that positively impacts multiple processes. It enables your employees with faster connections for doing their work, improves video conferencing reliability, and more.

Mesh networks use multiple router units, called “nodes,” that improve signal strength, speed, and reliability. It can also help you reduce problems with Wi-Fi weak spots or dead zones in your building.

Security Cameras & Alarms

Cloud security systems have made physical security more affordable for small businesses. IP security cameras are portable, easily installed, and can be controlled from a smartphone app.

This is an upgrade that you can not only deduct on your taxes but one that can also decrease property insurance premiums.

Digital Door Access System

Another physical security upgrade that’s popular is moving away from key-controlled doors to a digital access system. This is more efficient and removes the need to have doors re-keyed due to employees that leave unexpectedly or a lost key. 

This type of system also gives you the ability to track who is accessing which office at what times, which can be vital should you have a robbery or an incident of missing equipment.

New Windows 11 PCs

With the release of Windows 11, it’s a perfect time to review your business computers to see which ones may be due for replacement.

If you’re operating a PC older than 4 years, it could be costing you an average of $2,736 annually in maintenance and lost productivity costs.

Identify any PCs that are getting old and those that don’t meet the minimum requirements to upgrade to Windows 11. Place your purchases for new replacement PCs with the updated operating system already installed before the end of the year.

AV Equipment Upgrades for Video Conferencing

Video conferencing has taken on an entirely new level of importance due to the pandemic. It has become the default method of meeting with clients and internal teams working remotely.

If you have a low-quality AV system at your office, it can put a hamper on your video calls and be distracting.

Upgrading your AV equipment can improve meetings, make them more time-efficient, and put your company in a positive light when meeting with clients (e.g., if you have your “act together” when it comes to video calls, it improves your reputation.) 

Remote Team Software & Office Equipment

It’s expected that the number of permanent remote workers will double this year. Many companies are adopting hybrid working environments where employees are working either part or full time from home. 

Remote employees need to be enabled with the right equipment, just as employees working in an office. This means providing things such as:

• PCs or laptops

• Headsets

• Filing cabinets

• Printers

• VoIP desk phones,

• Etc.

Office equipment is one of the items you can deduct on your business taxes, which will both help you enable your remote team to do their best and give you a financial benefit come next year.

It’s a good idea to take a survey of employees to find out what they most need to work productively from home before you make purchases. This ensures you’re not supplying unnecessary equipment and that you are providing the things that your team needs the most to optimize their work.

Get Help Planning Your Year-end Technology Upgrades

BrainStomp can help your business make wise technology upgrade decisions that provide the best impact for your investment dollars.

Schedule a free consultation today! Call 260-918-3548 or reach out online.

October isn’t only the month of ghosts, skeletons, and goblins, it’s the month that we are acutely aware of something else that can be even scarier – cyberattacks.

2004 was the first year Cybersecurity Awareness Month was enacted, and for every year since, it’s been a time when we’re reminded of the importance of preventing devastating attacks like a data breach of personally identifiable information (PII), a ransomware attack, or something else. 

The theme for the month is “Do Your Part. #BeCyberSmart,” and we have several tips below to help you do just that.

Each of these adds another important layer of protection that makes your network security stronger and keeps your business safe from a costly cyber incident. 

Treat Business Information as Personal Information

It’s easy for an employee to feel more disconnected when they’re working with business data than when they’re guarding their own debit card number or SSN. But business information can contain highly sensitive information, including:

• Tax ID

• Customer credit card and bank details

• Employee SSN & payroll data

• Trade secrets

• And more

When working with business data, it’s important to treat it just like your own personal information and protect it from being shared or stored in a non-secure manner.

Keep Software & Apps Up to Date

Approximately 60% of data breaches are enabled because a system was left unpatched. When you put off software and app updates, it can mean that vital security patches are not applied.

All your devices should be put on a regular update schedule or have updates automated.

Watch for Phishing on Social Media Too

Most people know to watch out for phishing when it comes to their emails, but they aren’t as suspicious on social media. Social phishing has been growing and it’s often all too easy for scammers to find victims that will click shortened URLs to phishing sites.

Be wary of social phishing and use privacy settings to stop strangers from being able to access your profile information. 

Double Your Login Protection with MFA

Everyone should be using multi-factor authentication (MFA) on all their online accounts. It’s 99.9% effective at blocking fraudulent sign-in attempts. The few additional seconds it takes to log in are well work the big increase in protection.

If You Connect It, Protect It (IoT Security)

IoT devices pose one of the biggest security threats to a network because they’re often left less protected than computers. Yet, they are still endpoints that provide a way into a company network.

Make sure to secure IoT devices with protections like strong passwords, MFA, and keeping the firmware updated.

Keep Your Wi-Fi Connection Secure

That large Facebook outage that happened in early October was a reminder of just how important your network connection is to your business continuity. Facebook, Instagram, and WhatsApp all went down for nearly 6 hours because of a network connection problem.

Make sure you keep your network properly secured with a next-gen firewall and ongoing monitoring for any potential threats.

When on free or public Wi-Fi, it’s important to use a VPN (virtual private network) to encrypt your connection.

Be Careful About Permissions When Sharing Cloud Files

Cloud storage has made file sharing much easier. You can share any file or folder you like by sending someone a link. But if you aren’t careful, you could have an unauthorized intruder compromising your cloud storage account.

Review sharing permissions regularly and use options for time-sensitive links, meaning that after a certain period the link access expires.

Also, if you can share a file rather than an entire folder, that is more secure and can prevent an accidental risk when you add other files to that same folder that you didn’t mean to share.

Double Check All Email Links & Attachments

Phishing remains the top enabler of cyberattacks. Employees clicking links and opening attachments in emails are the most common ways that companies end up with large data breaches of malware infections. 

As a best practice, you should always double-check any links or attachments you receive to ensure it’s not a phishing scam. 

Establish Safe Computer Use Guidelines for Remote Employees

It’s easy for your data security to get out of hand if you don’t provide safe use guidelines for your remote employees. They may not realize that allowing a family member to use their work computer could constitute a violation of a data privacy compliance standard.

Take time to put together requirements for data security, device security, and router security.

Where Are Your Cybersecurity Weak Spots?

Are there some poor cyber hygiene areas at your company leaving you at risk? BrainStomp can help you with a full IT security review and follow-up recommendations to keep your business secure.

Schedule a free consultation today! Call 260-918-3548 or reach out online.

Virtually no company is immune from phishing emails. In 2020, it’s estimated that 75% of companies around the world experienced a phishing attack, and 96% of those attacks arrive via email.

Email scams are always evolving as hackers gain more sophisticated technology and work to keep up with what’s going on in the world. Scammers will often create attacks that tie into world events, such as the pandemic or natural disasters like Hurricane Ida.

Business cybersecurity awareness training also needs to keep up with seasonal scams that come around every holiday or tax season. Then, there are also those scams that continue year-round such as fake password reset scams or shipping notices.

One of the reasons that it’s so important to have ongoing employee awareness training, and not just a one-time training, is because there are always new scams to be on alert for.

Below are several dangerous email scams going around right now that you and your employees need to watch out for. In most cases, the links in these emails take the user to a malicious phishing website designed to steal personal information or infect their device with malware.

Feel free to share and print out this list to help your employees avoid falling victim to one of these.

Fake Shipment That Needs Your Attention

It used to be that packages only arrived in the mail once in a blue moon. But due to the ease of online shopping today and the global pandemic, it’s not unusual for a business or individual to get several shipments a month of different items.

This has led to an email scam related to mysterious shipments that “need your attention.” This scam plays on the facts that:

• People like getting packages

• There are so many things ordered online that someone can easily think a scam email is about a legitimate order

This scam will use the logo and signature of a company like USPS or FedEx and claim that a particular shipment is waiting for instructions. It may even have a small amount due. The “shipment” is just a lure to get the person to click the link and enter credit card details to pay the nominal shipping fee it states is due. The scammer is actually stealing those credit card details.

“Update Your Payment Details” 

Imagine you’re planning on watching that new season of your favorite show on Netflix later and get an email stating that your account is suspended. It’s enough to get you to immediately click the link to find out what is going on.

Scammers that steal Netflix logins can then sell those on the Dark Web, which has led to the rise of this scam that’s commonly used for Netflix, but can also be used for Disney+, Hulu, and other subscription entertainment services.

Image courtesy of the FTC

This email scam claims that you need to update your payment details and that your account is on hold or suspended until you do. This link will take you to a spoofed login page that looks just like that of the Netflix site but is actually a trap.

Vaccine Research Survey

There is a lot of interest in vaccines for COVID-19 right now, and whether someone is for, against, or just waiting, they often crave information. This has led to a rise in various vaccine email scams, one of which is a fake vaccine survey purporting to be from Johnson & Johnson, one of the vaccine makers.

This scam looks like a quick survey that only takes a mere “30-seconds.” That’s all the time a scammer needs to infect your system with malware after you click the link. 

Don’t be fooled by any unsolicited emails related to COVID or any of the vaccines. These are running rampant right now.

Apple ID Purchase Scam

Few things elicit an immediate response as fast as an email that pretends to be a financial alert. This Apple ID scam claims that someone just used your Apple ID to make a purchase. It provides a link to report a fraudulent transaction, which of course will take the user to a phishing site. One that could be designed to steal their Apple ID for real.

If you see any types of alerts like this from your bank or any other online account, go to that account directly through its website or app to check into any potential issue, and do not use any links contained in the email. It’s also a good idea to quickly hover over the link without clicking. This often reveals a fake right away.

Hurricane Ida FEMA Scam

The devastation of Hurricane Ida was barely a week past when FEMA put up a warning on their site about scams related to the disaster.

One email and text message scam going around states that there is a FEMA program that gives people $8,500 in assistance. This is not true.

The goal is to collect personal data from people like their name, address, SSN, etc. that can be used for identity theft and sold on the Dark Web. The promise of immediate assistance often has people providing their personal information before they figure out the whole thing is a scam.

Are Your Devices Scam-Proof?

Some protections can be added to your device, like DNS filtering, which helps protect you from clicks on malicious links. BrainStomp can help you scam-proof your devices to help you avoid a data breach.

Schedule a free consultation today! Call 260-918-3548 or reach out online.

Phishing remains one of the most dangerous threats to individuals and businesses alike. It’s the number one delivery method for malware, spyware, viruses, password theft, and multiple other types of online attacks.

The fake email has been around since the early days of the internet and those “Nigerian Prince” scams. The early forms of phishing would be long rambling emails that spoke of some immediate hardship that the sender needed the recipient to help them out of, promising a huge reward.

Today’s phishing is much more sophisticated and designed to look exactly like emails that come from sites like Amazon, UPS, or your bank. They use the images and signatures of these companies and are designed to fool the recipient into downloading malware or visiting a link to a malicious website.

Phishing has been such a successful way to deliver online attacks or gain access to login credentials, that it continues to increase. In the 2nd quarter of 2021, phishing email volume rose by 281% in May and by another 284% in June.

Of all the IT security solutions your company can take to help ward off the impacts of phishing, employee awareness training is one of the most important. 

Why Employee Phishing Awareness Training is Important

Employees are directly targeted in phishing attacks. The fake emails come into their inboxes and are cleverly disguised.

Phishing emails can look like just about anything, including:

• Request from the HR department for payroll details

• Shipping notification

• Purchase order from a customer

• File sharing request from Microsoft 365 or Google Drive

• Holiday party survey

• Warning from a cloud vendor about an account problem

• Security notification from the bank

• Fake password reset scam

• And many more

Without proper awareness training that’s conducted regularly, employees can often get fooled by phishing emails. Just one click on a phishing link is all it takes for your entire network to get infected by ransomware or your database of customer information to be breached.

Studies show that with proper employee security awareness training, cybersecurity risk can drop by as much as 70%.

One of the most important things to train employees on is how to spot fishing links in an email.

Tips for Spotting Phishing Links

A majority of phishing emails use links instead of file attachments. This is because a link does not contain malware, so it can get past most antivirus applications.

These links take users to malicious sites that can do an immediate injection of malware into their devices. They can also take users to a spoofed login page that looks like a legitimate site. The user enters their password, and the hacker immediately steals those login credentials and uses them on the real site.

Because links are used most often in these types of attacks, users need to know how to spot them. 

Hover Over the Link, But Don’t Click

The quickest way to uncover a phishing link is to hover over a hyperlink with your cursor without clicking on it. This will pop up a small box that contains the actual URL. This works on text links as well as image links.

You can see in the image below that this fake order confirmation that was personalized with the person’s name and company, isn’t actually from Amazon at all. Hovering over the URL reveals an address at bobin-head.com.

Here is another example that is pretending to be from AT&T and uses a convincing email to fake the look of the company’s actual emails. Again, hovering over the link, the words “right here,” shows this is phishing.

Avoid Shortened URLs

When you’re looking at your email or a strange text message on a mobile device, it’s not possible to do the hover action like you can when using a mouse. In this case, you need to look for other signs of phishing URLs.

One of these is the shortened links that use “bit.ly” or another similar form of obscuring the longer URL.

Here is an example that Malwarebytes has posted on their site as a warning.

You should avoid clicking any links from your mobile device that are shortened unless you are 100% sure that the sender is legitimate.

View the Source Code of the Message

Another way that you can spot malicious phishing links in an email is by viewing the message source code in your email application.

This shows the raw code behind the email and will also include the URLs used for any links. It can be more difficult to read through all the code, but you can look for any “http:” or “https:” notations that proceed a link to find them.

Here are the instructions for doing this in Outlook.

Get Help Protecting Your Company from Phishing 

BrainStomp can help your company with several phishing safeguards, including employee awareness training, DNS filtering, and more.

Schedule a free consultation today! Call 260-918-3548 or reach out online.

The most insidious phishing scams are usually those that fold themselves into the flow of the common types of emails we receive every day.

For example, if you get a fake receipt from a retailer that you’ve never done business with, you’re likely to stop and examine that further before taking action. But if you get a request for a password reset, something that people may get a few times a month legitimately, you may be more likely to believe it and click the link.

Phishing scammers are always looking for ways to get past IT security, especially when it comes to cloud accounts. Companies are now keeping most of their data in the cloud and powering their operations through cloud software. 

All a hacker needs to gain access to multiple company resources is one user’s login credentials.

77% of cloud account data breaches are due to compromised passwords.

Credential theft has been on the rise as companies have come to rely more on the cloud, and this had led to one of the most dangerous types of phishing emails – the Password Reset Scam

How Does the Password Reset Scam Work?

In a large company, it’s not unusual for a security policy to be put in place that requires users to change passwords after a certain period. This may be done automatically by an administrator, and users all get a password reset email.

What the fake password reset email scam does is mimic this common activity. Only it sends the user a fake request to reset their password on a specific account in order to steal those login details.

Scammers send these emails for multiple account types and may even have some information from another source that allows them to target you with a particular type of email. For example, if they’ve breached a list of “ABChost” website hosting customers, they may send all those customers the fake password reset for their account on that service.

This is what happens on the user’s side:

• The user receives an email that appears to be from a sender they recognize. It might be their own organization, a SaaS provider, or another type of account.

• The email requests that the user reset their password for some reason or log in to “verify” their account.

• If the user clicks the link, they’re taken to a page that looks identical to the login page they’re used to seeing.

• They’re asked to input their username and password and then may be prompted to put in a new password.

• The form is fake and it’s only designed to steal the user’s login.

• It may be hours or days before the user realizes their account has been hacked.

Types of Password Reset Scams to Watch Out For

Microsoft Account Password Reset

A popular scam email appears to be from Microsoft asking a user to reset or re-validate their Microsoft 365 account. One that’s been going around says:

“Please complete your account verification and re-validate account ownership security. To help keep you safe, upgrade to a more secured outlook account platform.”

The fake email includes a Microsoft support address in the “from” line and a signature that looks legitimate, with links to a privacy notice and acceptable use policy.

Netflix Account Password Reset

Here’s an example of a Netflix phishing scam shared by Mailguard. It looks like a legitimate email from Netflix and will even take the user to a page that looks just like the Netflix login page.

But it’s designed to steal the user’s credentials, just like other scams. Notice how the email itself doesn’t mention password reset. This could be to get past newer spam filters and to keep the user from immediately getting suspicious. Of course, when they click “verify now,” it takes them to a page where they must log in.

Fake phishing email

Social Media Account Password Scams

The password reset scam is also prevalent over social media. Scammers know that most people have at least one social media account, so it’s easier for them to send a message that would be appliable to the user.

They’ll send fake password reset or password verification emails that look to be from Facebook, Twitter, Instagram, LinkedIn, and other platforms.

How to Spot a Fake Password Reset Email

This type of phishing scam can appear to be from any type of account. Your work email account, business SaaS platform, online retailer, bank account, and any other account that you log into online.

Here are some tips to help you spot a fake.

Look for any slight inconsistency: This can include something as small as the word “outlook” not being capitalized in an email purporting to be from Microsoft. A major corporation would not forget to capitalize its application names.

Double-check the email header: Email spoofing is a common trick to get a user to think a fake email is legitimate. Don’t trust what you see on the “From” line. Go into the email header code to see if the address matches what’s shown.

Avoid clicking any links: If you’re unsure about a password reset email, go to the account in question by typing the URL in your browser and NOT by clicking the link in the email. You can contact support for the site to see if you truly do need to do a reset.

You can find more tips for spotting fake emails here.

Looking for Solutions to Combat Phishing & Spam?

Reducing the number of phishing emails that make it into your inbox significantly reduces your risk of an account compromise. BrainStomp can help your business put intelligent email filtering in place to reduce phishing and spam.

Schedule a free consultation today! Call 260-918-3548 or reach out online.

Have you ever had a phone or laptop casing crack even though you never dropped the device? This could be a sign of a dangerous occurrence – a bulging battery. 

Offices are largely relying on mobile technology solutions these days. This includes more reliance on laptops, tablets, and mobile phones. Most of these devices use lithium-ion and lithium polymer batteries. 

Mobile devices make up approximately 60% of the average company’s endpoints. 

A serious problem that these types of batteries have is the possibility of a bulge, where they can get nearly double in size. This bulging is caused by excessive heat that produces a build-up of gas. The gas build-up causes the battery to grow in size and bulge out.

Common causes of this problem include the lack of a “smart charger” on the device which stops the flow of electricity when the device is at 100%. Overcharging is a common cause of bulging batteries.

Another cause is simple overheating which can come from multiple causes. This includes things like exposure to high temperatures (over 95°F), improper cooling due to fan malfunction, using a laptop on a soft surface that blocks vents, etc.

Signs of a bulging battery include the following:

• The screen of your device appears slightly bent

• The device case is coming apart even though it hasn’t been damaged or dropped

• The back casing popping off your phone

• The touchpad or keypad seems to be lifting off the device

• The device rocks even when put on a flat surface

• There is a noticeable bulge on the device

Why is a Bulging Battery Dangerous?

It Can Explode and Catch Fire

If a bulging battery isn’t taken care of right away, the pressure of the gas buildup can cause the battery to burst, exploding and causing a fire. This can be extremely dangerous, especially if you’re holding the device at the time.

The potential for the battery exploding is why you need to get this issue addressed immediately. 

It Can Crack the Device Casing

Bulging batteries are literally swelling in size, so they’re expanding larger than the casing was designed to accommodate. This can lead to damage to the screen, casing, keyboard, and other components of your device.

There Can Be a Dangerous Off-Gassing

If the battery swells enough to crack, there could be off-gassing of the built-up gas, which could be toxic if you have the device nearby. For example, if you’re talking on your phone at the time the gas escapes. 

Performance & Internal Components Can be Impacted

With excess heat build-up comes the potential for the internal components of your device to get overheated and damaged. This will typically impact performance and you’ll notice that your device is no longer working as expected.

Tips for Preventing Bulging Batteries

Don’t Expose Devices to Excess Heat

Don’t leave your mobile device or laptop in a hot car or sitting out in the sun. Lithium-ion batteries don’t like heat, so it’s important to keep that in mind. It’s also not a good idea to charge your devices in direct sunlight or near a heat source.

Ensure Vents Aren’t Blocked

The term “laptop,” in retrospect, might not have been the best name. It’s not advised for laptops to be put on soft surfaces, like your lap or on a blanket because the vents can get blocked, causing heat buildup.

Always use your laptop on a solid surface to prevent this from happening. There are plenty of lap desks out there that can give you the ability to have the device on your lap safely.

Use Only the Approved Device Charger

There are tons of cheap knock-off chargers that you can find online, but all of them may not be built to the same safety standards. The same is true for those “fast charging” stations or batteries you might find.

It’s best to only charge your device with the approved device charger to ensure it’s not being overcharged, which could increase the risk of battery swelling.

Don’t Leave Your Device Plugged in 24/7

While devices with proper safe charging mechanisms will stop charging at 100%, it’s still recommended that you don’t leave your devices plugged in all the time. These batteries are designed to charge and then use the charge, but not be continually charging. 

By unplugging your devices for a while, then recharging when needed, you can also increase battery life and performance. 

Replace Older or Malfunctioning Batteries

If you have a battery that isn’t holding the charge as it should or is malfunctioning in another way, replace it. This will reduce your risk of problems with that battery as it ages, including the risk of gas build-up and bulging.

Need a Check of Your Device Batteries?

Don’t risk the potential of an explosion from a failing battery. BrainStomp can take a look at your device batteries and quickly replace any that are on their last legs.

Schedule a free consultation today! Call 260-918-3548 or reach out online.