Avoiding Cyber Attacks

For many years, hackers attempted to access networks and data with viruses that could automatically move, replicate, and embed themselves on new computers.  Today, network security, firewalls, and anti-virus software have rendered most of these attacks ineffective.  But that does not stop hackers.  They have moved on to the next weakest link -- you.

Most current system attacks trick unwitting users into allowing hackers and malware into the system.  Once embedded there, the hacker can invite in other malware and begin to do real damage to a network.  Therefore we must all be vigilant against potential threats to our network.  There are several issues that everyone should consider:

Email providers have gotten pretty good about preventing dangerous attachments from getting through.  But they are not foolproof.  If you get an attachment that looks suspicious, have someone from IT take a look at it.  Often, you can view a document without opening it.  If the sender or the document itself says that viewing it properly requires granting a permission, or enabling macros, that is a big red flag to stay away.

Because many email providers block dangerous attachments, hackers may include a link asking you to connect to a web site.  That site may be infected.  If a link looks suspicious or is even unfamiliar to you, question whether you should click on that link.  If the link has a "php" in the address, that means it is designed to run a script.  Sometimes this is legitimate, but often not.  It requires closer scrutiny.

Just because you know the sender, that does not mean the message is safe.  Many times, hackers will access the email account of an innocent party, then send emails to everyone in the address book.  We recently had one hacker who remained connected to the account, responding to questions about the email and saying it was legitimate and that the recipient should go ahead and click on the link.  Poor grammar is often a tip off, but not always.  If you are not sure, pick up the phone and call the sender.

If a site asks you to enter any name or password where you do not usually do so, that is a red flag. A Google site, for example, should see you are already logged in and not ask again.  Hackers often create sites that look like a legitimate site, just to steal your name and password.  If you must create an account at a new site, be sure to use a name and password different from what you use for other sites.

If you go to a site and something strange happens, let IT know about it.  Years ago, a hack would be obvious right away as you were bombarded with advertising or had other immediate problems.  Sophisticated hackers today put malware that has little impact on you, but can turn your computer into a "zombie" used for distributing malware to others.  It is often a good idea to have someone run a couple of scans on your PC to make sure all is well.

If you think your home computer or other device (yes, phones and tablets are vulnerable), please don't connect to our network via VPN or use the firm's WiFi.  Your device can act as a Trojan horse, bringing malware inside our firewall to be released on the network.  If you ask, we can recommend several anti-malware programs to run and check out your home computer.

Never give your password to anyone, either via email or over the phone, unless their names are Mike, Mary, Lucy, or Bode.  No one from Google will ever ask for your Gmail password.  No one from Microsoft, Apple, your bank, your broker, or any other outside company should ever request that sort of information. If an outside vendor requests that sort of information, get their name and say you will call them right back, call the company's main number and ask to be transferred to that person.  Do not just call a number that the caller gives you. Do not rely on caller ID, which is easily faked.

In short, stay alert, if something looks suspicious get a second opinion before acting.

Security Reminder - be careful with emails.

I am regularly asked about whether it is safe to open an email.  Today's blog explores what is safe and what is not.

Hackers Think Employees are the Weak Link

A great deal of malware can sneak into a network this way.  Hackers used to try to force their way through firewalls.  But security has gotten so strong there that the new preferred method is luring a gullible employee on the inside to let them in.  Don't be that employee.

Gmail Provides Some Protection

Fortunately, there are a number of things in place to protect you.  With Gmail, you cannot be infected simply by opening and reading an email.  Gmail does not allow any scripts to run in emails.  You also cannot be infected simply by viewing an attachment.  The Gmail viewer prevents scripts and executable files from running in an attachment.  In fact, Gmail even prevents someone from sending you an exe file.

That said, you can receive a dangerous email attachment, download it, run it, and then infect your computer.  Hackers can send attachments with dangerous macros, or scripts, or hide an executable file inside an encrypted Zip file.  Do not download and run attachments unless you are sure of the sender and what is being sent.  Even a Word Document can contain macros that can harm your computer if you download it and try to load it in MS Word. If you have any doubt, run it by the help desk.

Links are Risky

Hackers are nothing if not inventive.  Because it is difficult to infect a users via email, many hackers might send you a link in an email to go to another site. This site could very well be infected by malware that can install itself on your computer.  DO NOT CLICK ON A LINK UNLESS YOU ARE SURE OF WHERE IT LEADS.

If you put your mouse over a link, it will show you the address where it leads.  This may be different from the address in the text of the link.  If it is different, that is a big red flag.  Also, if the address has "php" in the address, that is an indication that the site will attempt to run a script.  Again, that is a big red flag that usually means stay away.  Again, the help desk can check out a link if you are the least bit suspicious.

You may get an email that is what is known as a fishing attack.  This is where a hacker is fishing for information that will help him get into our network through other means.  For example, say you get an email from PNC bank that leads back to a link like this:  

http://www.pnc-support.com/login

You click on the link and see a login for your PNC account.  You enter your name and password.  You have just given the name and password of your bank account to a hacker.  Why?  www.pnc-support.com is not a valid domain.  Notice the hyphen between "PNC" and "support".  That means it is all part of the same word, not broken up by a dot.  Anyone could register such a domain and put a fake clone of the PNC web site there.  You enter a name and password, which is collected, then they say you entered it wrong and re-route you to the real web site.  You log in and are none the wiser. Hours later, or maybe minutes later, someone withdraws all the money from your account and transfers it to Russia.  Good luck getting it back. (The link in this example is one I just made up.  It does not really lead anywhere and will not harm your computer).

This is why email links can be very dangerous.  If you are not 100% certain of the sender, don't click on anything.  Even a sender you know could have its email hacked in order to send you dangerous link.  This does happen regularly. Even if you know the sender, if the wording of the message seems odd, or a link seems suspicious, don't fall for it.

ABA Article on Ransomware

The ABA Journal recently wrote an article about Ransomware, a trend where hackers introduce malware to encrypt all the files on your computer (or the entire network) then demand payment to unencrypt them again.  This is a serious threat.  Many companies have been hit by this.  If you care to read the full article, you may do so at this link.  (I promise this is a valid and safe link.  I'm not trying to trick you).  At the end of the article is a link to a quiz, which you might find interesting.  That link is also valid and safe.