We’ve all been there. You're scrolling through your Facebook feed, and an ad pops up promising to help you grow your business with some AI-powered software…
Sounds tempting, doesn't it? Without giving it much thought, you click to see what it’s about.
Bad news: This is a big 🚩
Cybercriminals have been found creating Facebook ads that promise to supercharge your productivity and revenue. But when you click, there's a catch.
The software they ask you to install is actually malware (malicious software).
And when it’s on your computer it can give the criminals access to your Facebook data, including your ad budget.
You might think, "Who'd fall for such an obvious trick?"
But let's be real. When you're a small business owner juggling a million things at once, it's easy to take the bait. And these hackers are smart. They know how to make their phony offers look legit, and how to hide the malware on your computer so it’s hard to spot.
How do you stay safe? First, be skeptical of offers that seem too good to be true, because they often are. You can verify ads by Googling the advertiser before clicking on them.
And above all, take steps to secure your Facebook account. Use two-factor authentication, where you use a second device to prove it’s really you logging in.
Remember, these cyber criminals might be sneaky, but they're not infallible. For instance, the researchers who uncovered this scheme found several Vietnamese keywords in the malicious script.
This is another stark reminder of the importance of good cyber security. Yes, running a business is a juggling act, and adding another ball to the mix might feel overwhelming.
But think of it this way: Would you rather spend a little time now securing your account or a lot of time later dealing with the fall out of a breach?
As the saying goes, "Prevention is better than cure." So, stay safe, stay alert, and protect what you've worked so hard to build. If you need some help doing that, get in touch.
You’ve checked your pockets, your bag, under pillows … and then it hits you. You left your work phone on the table at the coffee shop.
It's not the device itself that’s got you worried, but all the sensitive business information stored on it. If that mobile ends up in the wrong hands, you’re facing a nightmare.
But that worry could be over. Microsoft and Samsung are joining forces to make your work mobiles safer. This month, they’re launching a groundbreaking solution to help protect anyone who uses a Samsung Galaxy device in the workplace.
With something called on-device attestation. It lets companies see if mobile devices have been compromised, even at their deepest components. Think of it as a security guard for your cell phone.
Samsung brings its software and hardware innovations to the table, whilst Microsoft provides its endpoint management expertise.
And whilst other device attestation tools require a network connection and access to cloud services, this solution works reliably regardless of network connectivity or device ownership model.
This solution will be released alongside Microsoft Intune (previously known as Windows Intune), a unified endpoint management service for both corporate devices and BYOD (Bring Your Own Device). And it will be available to select Samsung Galaxy smartphones and tablets, especially those "Secured by Knox".
So, whether you're working from the office, a busy coffee shop, or a remote cabin in the woods, you can rest assured your device is safe.
In business, your mobile is more than just a communication device. It's a vault of sensitive (and valuable) information. And with Microsoft and Samsung on the case, that vault just got a lot safer.
If we can help you keep any of your devices more secure, get in touch.
You’re no stranger to the endless threats lurking in your email inbox. But have you ever considered that an email that seems to be from Microsoft could end up being your worst nightmare?
Microsoft, the tech giant we all know and trust, has become the most imitated brand when it comes to phishing attacks. That’s where cybercriminals send you an email that contains a malicious link or file. They’re trying to steal your data.
And while Microsoft isn't to blame for this, you and your employees need to be on high alert for anything that seems suspicious.
During the second quarter of 2023, Microsoft soared to the top spot of brands imitated by criminals, accounting for a whopping 29% of brand phishing attempts.
This places it well ahead of Google in second place (at 19.5%) and Apple in third place (at 5.2%). Together, these three tech titans account for more than half of the observed brand imitator attacks.
But what does this mean for your business?
Despite a clear surge in fake emails targeting millions of Windows and Microsoft 365 customers worldwide, careful observation can help protect you from identity theft and fraud attacks.
Whilst the most imitated brands change from quarter to quarter, cyber criminals are less likely to change their tactics.
They use legitimate-looking logos, colors, and fonts. Phishing scams frequently use domains or URLs that are similar to the real deal. But a careful scan of these, along with the content of any messages, will often expose typos and errors – the tell-tale signs of a phishing attack.
One of the latest attacks claims there has been unusual Microsoft account sign-in activity on your account, directing you to a malicious link. These links are designed to steal everything from login credentials to payment details.
And whilst tech firms continue to be popular scam subjects, many cybercriminals have turned to financial services like online banking, gift cards, and online shopping orders. Wells Fargo and Amazon both rounded up the top five during Q2 2023, accounting for 4.2% and 4% of brand phishing attempts respectively.
What can you do to protect your business?
The answer is simpler than you might think. The best course of action when it comes to phishing is to slow down, observe, and analyze. Check for discrepancies in URLs, domains, and message text.
If we can help you keep your team aware of the risks, get in touch.
Are you aware that the rise in global VPN usage has skyrocketed? The reasons are clear as day: Virtual Private Networks offer increased security, anonymity, and allow access to geo-restricted content online.
But here's the million-dollar question: Are all VPNs created equal?
The answer is a resounding no. And that has potential implications for your business.
Free VPNs, although tempting with their zero-cost allure, aren’t always what they promise to be. Why, you ask? Let's take a closer look at free VPN services.
For starters, it's important to understand that running a VPN service comes with substantial costs. Servers, infrastructure, maintenance, staff – these aren't free.
So how do free VPN providers keep the lights on? Some employ tactics that could compromise your privacy and security.
Imagine this: You're sipping your morning coffee, browsing the net through a free VPN, believing your online activities are private. In reality, your sensitive information might be collected and sold to the highest bidder.
Cyber criminals, advertizers, even government agencies could potentially get their hands on your data.
Shocking, isn't it?
Moreover, free VPNs are notorious for injecting unwanted ads and tracking cookies into your browsing sessions. Ever wondered why you're suddenly bombarded with eerily accurate ads? It's probably your free VPN service cashing in on your browsing habits.
Now, consider the potential danger if an employee downloads a free VPN on a company device, or on their personal device that they use for work. Company data could be exposed, representing a significant business risk. Picture a scenario where your company's sensitive data falls into the wrong hands - a chilling thought, isn't it?
So, what's the solution?
It's crucial to educate your employees about the risks associated with free VPNs. Encourage the use of reliable, paid VPN services that guarantee no logging of data, robust encryption, and superior user privacy.
In fact, you may choose to provide one to them. If we can help you find the safest, most suitable VPN for your business, get in touch.
Remember, when it comes to online security, free often comes at a higher cost. Isn't it worth investing a few $$ a month to protect your company's valuable information?
You may think that cyber-attacks only happen to large corporations. But unfortunately, that's not the case.
According to a recent report, almost two-thirds of small and medium-sized businesses (SMBs) suffered at least one cyber attack over the past year. That's a staggering number, and it should serve as a wake-up call for businesses everywhere.
But it gets worse.
More and more businesses are also experiencing repeat attacks, with 87% reporting at least two successful attacks over the past year. And on average, a company suffers almost five successful cyber incidents.
The question is, why are these attacks happening, and what can you do to prevent them?
The most common types of cyber-attacks that businesses face are malware and ransomware.
Malware is malicious software. It invades your system and can cause all sorts of problems, from slowing down your operations to stealing your data.
Ransomware is even more dangerous as it encrypts your data, making it impossible for you to access it unless you pay a ransom fee. This can be devastating for any business and can lead to significant losses and downtime.
What factors are contributing to more successful attacks?
One reason is the rise in BYOD (Bring Your Own Device). This means employees using their personal devices to access company information, which can be risky.
Another factor is the explosion of productivity apps, which can create security vulnerabilities if not properly secured.
Finally, the number of devices we're using now means there are more entry points for cybercriminals to exploit.
The good news is that there are steps you can take to protect your business. Here are five solid security steps you can take.
- Use strong passwords: Passwords are your first line of defense, so make sure they're strong and unique. Better yet, use a password manager that can create and remember randomly generated passwords
- Keep software up to date: Software updates often contain security fixes, so make sure you're always running the latest version. This applies to both your operating system and all applications you use
- Train your staff: Educate your employees on how to identify phishing emails and other scams. You can also run regular security awareness training sessions to keep everyone up to date
- Backup your data: Doing this means if you do suffer a cyber attack, you can restore your systems quickly and with less disruption
- Use antivirus software: This can help protect your systems from malware and other threats. Make sure you're running a reputable and up-to-date solution
Remember, prevention is always better than cure. Take action today to help you stay protected.
And if that seems like a lot of extra work, let us help. Get in touch today.
Have you heard the saying, "A picture is worth a thousand words"? It seems cybercriminals have too, and they're using it to their advantage.
In a new twist on phishing campaigns, cybercriminals are luring victims to click on images rather than downloading malicious files or clicking suspicious links.
Let's dive into the warning signs, so you can keep your business safe from these sneaky attacks.
First things first, what's the big deal about clicking on an image? It might be promoting a killer deal or a one-time offer.
But when you click on the image, you don’t go to the real website. Instead, it’s a fake site designed to steal your personal information.
Imagine being lured in by a cute cat photo only to find out that Mr. Whiskers was actually a wolf in sheep's clothing! Not so cute anymore, right?
So, how can you tell if an image is part of a phishing campaign? Here are some warning signs to look out for:
- Unexpected emails: Did you receive an email from someone you don't know or weren't expecting? Be cautious! It's like accepting candy from a stranger – you never know what you're getting yourself into.
- Too good to be true: If an email promises you a free vacation or a million dollars just for clicking on an image, remember the golden rule: if it sounds too good to be true, it probably is.
- Spelling and grammar mistakes: We all make typos, but if an email is riddled with errors, it could be a sign that something is going on.
- Mismatched logos or branding: If an email claims to be from a reputable company but the logo or branding doesn't match up, assume it’s a scam.
Now that you know what to look for, let's talk about how to protect your business from these image-based phishing attacks:
- Educate your employees: Knowledge is power! Make sure your team is aware of the latest phishing tactics and knows how to spot the warning signs.
- Keep software up-to-date: Just like you wouldn't drive a car with bald tires, don't let your software become outdated. Regular updates help patch security vulnerabilities that cybercriminals might exploit.
- Use strong passwords: It might be tempting to use "password123" for all your accounts, but resist the urge! A strong, unique password for each account can help prevent unauthorized access. Using a password manager is even better.
- Enable multi-factor authentication (MFA): MFA adds an extra layer of security by requiring people to verify their identity through another method, such as a text message or fingerprint scan.
- Backup your data: In case disaster strikes, make sure you have a backup of all your files. That way, you won't be left high and dry if your data is compromised.
Whilst cyber criminals are getting smarter and smarter with their tactics, there's no need to panic. By being aware of the warning signs and taking proactive steps to protect your business, you can stay one step ahead of these digital tricksters.
Remember, not all that glitters is gold – or in this case, not every cute cat picture is just a cute cat picture. Stay vigilant, and don't let the scammers win!
UPDATE: This controversial image enhancement feature now seems to have been removed by Microsoft, following privacy concerns.
Don't be mistaken, we love Microsoft Edge (and think you will too), but lately, something has come to our attention that we wanted to share.
It's always a good idea to be aware of what your browser is doing behind the scenes. And there’s an Edge setting that you might be interested to learn about. It’s one that sends the images you view online to Microsoft.
While this might not seem like a big deal on the surface - it’s done to enhance the images - some business owners might be concerned about the privacy implications. After all, you never know who might be looking at your browsing history.
The good news is that it's easy to disable this setting if you're concerned about it. Here's how:
- Open Microsoft Edge and click on the three dots ("More actions") in the upper-right corner of the screen
- Select "Settings" from the drop-down menu
- Scroll down and click on "Privacy, search, and services"
- Under the "Services" section, turn off the toggle switch next to "Improve your web experience by allowing Microsoft to use information about websites you browse to improve search suggestions or to show you more relevant advertising"
That's it! With just a few clicks, you've disabled the feature that sends images to Microsoft.
Of course, there are other settings in Edge that you might want to explore as well. Like the ones that control your data collection preferences, or the ones that limit pop-ups and redirects.
Why should you take a few minutes to check out your browser settings? Well, for one thing, it can help protect your privacy and security online. By being aware of what your browser is doing, you can make informed decisions about what data to share (and what to keep private).
Plus, exploring your browser settings can be a fun and educational experience in its own right. You might discover new features or hidden gems you never knew existed.
And don't worry, you don't have to be a tech expert to understand these settings. In fact, Microsoft has done a great job of making them simple and straightforward, with clear explanations and helpful tips along the way.
If you ever get stuck, our team is happy to help. Get in touch.
When you replace old computers or external drives, do you delete data and then just… get rid of them?
You could be putting your sensitive data at risk.
A new study by a data recovery specialist shows that millions of deleted files can be recovered from improperly wiped hard drives that are sold online.
It’s not just buyers who can access your old files. Cybercriminals often buy used hard drives and attempt to recover data from them. This could include anything from confidential business information to client details.
It’s easy to forget about old data when you’re excited about shiny new technology. However, it’s important to consider what’s on that old drive before selling it or disposing of it.
Even if the drive is encrypted, it’s still possible for data to be recovered. And if the drive is damaged, there’s a chance that some of the data is still salvageable. It’s better to be safe than sorry when it comes to sensitive information.
Think about it this way: Would you leave important documents lying around for anyone to see? Of course not! Your digital information deserves the same level of protection.
So what can you do to protect yourself?
Don’t let your old hard drives become a liability. Take the time to have them properly wiped or destroyed before disposal. If you’re upgrading hardware, consider hiring a professional to handle the data transfer and ensure that your old devices are wiped clean.
This isn’t just about protecting yourself. It’s about protecting your employees, clients, and anyone else whose personal information you may have stored on that old drive.
It’s a small investment to make for the peace of mind that comes with knowing your data is safe from prying eyes.
Don’t take chances with your data – take action to protect it:
- Properly wipe or destroy old hard drives
- Bring in a professional for your hardware upgrades
- Upgrade your overall security practices
Check out our latest BlueCastle IT Tech Tip Video.
Can you guess which company was most impersonated in financial phishing emails last year? You’ve probably got an account with them yourself.
Watch this week’s tech tip video to find out how to keep your business protected from financial phishing scams.
Check out our latest BlueCastle IT Tech Tip Video.
Cyber criminals have come up with another way to spread malware and ransomware – using the contact form on your business’s website.
Watch our latest tech tip video to learn about this new form of attack, and what you can do to keep your business safe.