qwerty_logo_header_2024
Free Assessment

Scammers love travel season. They know your eyes are peeled for a cheap ticket and have devised convincing ways to get their hands on your money.

Tricked consumers have spent months of their lives dealing with the consequences of these scams and lost thousands of dollars in the process.

In a recent plague of travel scams, criminals are pretending to be “travel agents” selling plane tickets.

There are a handful of tactics travel scammers use to steal your information.

  1. • They create fake websites, pose as travel agents, and send you “confirmation” e-mails that don’t include an airline ticket.
  2. • Some call your phone to “confirm your information” for a flight, asking for your credit card, bank, or personal information.
  3. • Or they use social media ads or e-mails advertising free or cheap tickets.

These are all major red flags to watch out for. Before clicking or booking anything, pay attention to these travel tips to avoid getting scammed out of thousands of dollars of your hard-earned vacation savings.

  1. 1. Always verify that an agent or agency is legit. In the US and Canada, you can use the Better Business Bureau (BBB) or travel associations like the International Air Transport Association to verify agent credentials.
  2. Read customer reviews and look for weird grammar errors in e-mails and on websites.
  3. The BBB recommends booking directly through hotels or airlines.
  4. 2. Check for a ticket confirmation number. If you don’t get a ticket number with your confirmation e-mail, a scammer may have reserved you a seat instead and stolen your money.
  5. 3. Watch out for online deals. Scammers use fake e-mails and ads to boast amazing deals on hotels or flights. If you think they are too good to be true, they are.
  6. 4. Be skeptical of “confirmation calls.” If you get a follow-up call from an agent to verify your personal information, it’s probably a scam.

Here you can find more information about how to stay safe and enjoy the Holiday Season.

Stay informed, pay attention and implement these practical tips for your next adventure. Safe travels!

Dark-Web-Photo-600-x-300

The dark web is a part of the internet that requires special software to access. Often used by individuals who are looking to conceal their identities and activities, it has become the ideal environment for cybercriminals seeking to carry out illicit activities. They can move anonymously in this part of the internet often engaging in criminal activities such as the sale of stolen data, hacking tools, illegal drugs, counterfeit documents, and even illicit services.

Why Should You Be Aware of It?

While the dark web may seem distant and irrelevant to your everyday business operations, it poses serious risks that can have far-reaching consequences. Here's why you need to be aware of it:

  1. Stolen Data Trade: The dark web serves as a marketplace for cybercriminals to sell stolen data, including usernames, passwords, financial information, and sensitive business data. By purchasing this data, hackers gain a financial motivation to launch further targeted attacks against organizations like yours - leading to data breaches, financial loss, and reputational damage.
  2. Credential Stuffing and Account Takeovers: Cybercriminals often utilize compromised login credentials from data breaches to carry out credential stuffing attacks.
    By leveraging automated tools, they attempt to gain unauthorized access to your business accounts. Once inside, they can exploit your resources, compromise customer data, and cause significant disruption.
  3. Sale of Exploit Kits and Malware: The dark web provides a platform for the sale of malicious software, exploit kits, and hacking tools.
    These tools can empower cybercriminals to launch sophisticated attacks against your business, including ransomware, phishing campaigns, and network infiltration.
  4. Insider Threats and Employee Monitoring: Employees with malicious intent may leverage the dark web to collaborate with external criminals or sell sensitive company information. Cybersecurity awareness can help implement appropriate security measures to detect and mitigate insider threats.
  5. Reputational Damage: In the event of a data breach or cyberattack, information about your business may end up on the dark web.
    This can severely damage your reputation, erode customer trust, and lead to potential legal and financial repercussions.

What Can You Do?

To protect your business from the risks associated with the Dark Web, we recommend the following actions:

  1. Strengthen Your Security: Implement robust cybersecurity measures, such as multi-factor authentication, strong password policies, regular software updates, and network monitoring. Conduct security awareness training for your employees to educate them about the dangers of the dark web and how to identify potential threats.
  2. Dark Web Monitoring: Engage with our MSP services to incorporate Dark Web monitoring solutions.
    These services scan the dark web for mentions of your business's critical information and alert you if any compromised data is discovered.
  3. Incident Response Planning: Develop an incident response plan that includes protocols for handling potential Dark Web-related incidents.
    This plan should outline steps for containing, investigating, and recovering from a data breach or cyberattack.
  4. Regular Vulnerability Assessments: Perform periodic vulnerability assessments and penetration testing to identify and address potential weaknesses in your network infrastructure and applications.

We are committed to staying ahead of emerging cybersecurity threats and providing you with the necessary tools and expertise to safeguard your business.

If you are not sure where to start protecting your business against data breaches, why don’t start by knowing the current status of your business’ data?

We can help you protect your business by running an initial dark web scan to see if any of your data is on the for sale on the dark web. After the scan is completed, we will go over the results with you, helping you identify and take action about the data already leaked and also helping you establish a plan to prevent future breaches. Click here to get started with your free dark web scan.

gamification_in_cybersecurity_training_600_x_300

Cyber threats are always on the rise, and businesses are constantly looking for ways to protect themselves.
One of the most effective ways to train your team is through gamification.

What is Gamification?

Gamification is the process of using game design elements and principles in non-game contexts to engage users and solve problems.
It is a powerful tool that can help organizations improve employee training and development.

Gamification can be used to create immersive and interactive learning experiences that are more engaging and effective than traditional training methods.
It makes learning more fun and interactive by incorporating game elements such as points, badges, levels, and leaderboards.
This helps employees stay engaged and motivated to learn!

How is Gamification used in Cybersecurity Training?

We include this approach in our own cybersecurity training program for your team.

It includes phishing simulations and scenarios that replicate real-world cybersecurity threats.
This allows employees to experience and learn how to deal with cyber-attacks in a safe and controlled environment.

This can provide immediate feedback to employees, allowing them to learn from their mistakes and improve their skills.
This can help identify areas where employees need further training or support.

It can also reinforce learning by incorporating repetition and feedback.
This can help employees retain information and apply it in real-life situations.

gamification_in_cybersecurity_training_flow_chart_600_x_300

And the final reason we include gamification in our cybersecurity training program, it’s fun.

Gamification can create a sense of competition and motivation to learn among employees.
This can lead to improved learning outcomes and a stronger cybersecurity culture within the organization.

Gamification sure is an effective tool for training employees and improving cybersecurity.

It is just one component of our cybersecurity training solution.
By making learning more engaging, interactive, and effective, it can lead to a better-trained workforce and a more secure organization.

As cyber threats continue to evolve, organizations must invest in employee training and development to stay ahead of the curve.

We can help your business to achieve a well-trained workforce in cybersecurity, just give us a call at 732-926-0112 or leave us a message here, and one of our cyber security experts will get in touch with you.

smb-cyber-security-mvps-600-x-300

As a small or medium-sized business (SMB) owner, you may not have the same level of resources as large corporations. However, that doesn't mean you should overlook the importance of protecting your business from cyber threats.

Identifying the most critical aspects of your business that need protection and focusing your resources on those areas is a star.
There’s also another component that can protect the business as a whole: your team.

The "MVP" or Most Valuable Player mindset puts your employees at the forefront of defense.

We can help you to make your entire team a roster of MVPs.

We’ll perform a cyber security risk assessment to identify gaps on your current defenses or any potential risks.
This cyber security risk assessment will review the following in your business:

  1. • Digital assets
  2. • Customer data
  3. • Financial information
  4. • And intellectual property

We will identify which of these assets are critical to your business's success and could cause the most damage if they were compromised.

Next, we’ll implement measures to protect those critical assets.

These cybersecurity measures include:

  1. • Using strong passwords
  2. • Multi-factor authentication (MFA)
  3. • And encryption to secure your data.

We will also implement our ongoing cybersecurity training program.
This will help your employees recognize and avoid potential threats like phishing emails or malware.

Then we’ll create a plan in place for responding to a cyber-attack.
This will include clear protocols for reporting and responding to security incidents, and make sure all employees are aware of the steps they should take in the event of an attack.

We’ll reinforce your business cyber-defenses by regularly review and update your cybersecurity measures as new threats emerge.

By taking a proactive approach to cybersecurity and focusing your resources on protecting your most valuable assets, you can help reduce the risk of a damaging cyber-attack on your SMB.
You will also contribute to reducing the costs of insurance and cyber insurance for your business.

If you don’t currently have any proactive cybersecurity plan ongoing or if you want to strengthen the one you currently have, we can help!
Give us a call to 732-926-0112 or leave us a message here, and one of our cyber security experts will get in touch with you.

Learn About Today’s Most Common Types of Cyber-Attacks

cyber-security-awareness-for-business-600-x-300

If you’ve turned on the news sometime during the past few years, you’ve probably heard of more than one instance where a business closed due to a cyber-attack.

You may think your business is small enough and hackers won’t target you, but this couldn’t be further from the truth.
Every business is at risk of experiencing a cyber-attack and should be well-prepared to defend against these threats.

With the right type of attack, a cybercriminal can gain valuable information about your business, customers and employees, which can be used to damage your reputation and hurt you financially.

If you’re a business owner or leader and you want to ensure your business is well-protected, check out the most common cyber-attacks that are affecting companies today.
From there, you can implement cyber security plans and tactics to ensure your business is protected from cybercriminals.

Phishing Scams

Phishing is a type of social engineering where an attacker sends a fraudulent message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious software on the victim’s infrastructure.

Phishing scams can wreak havoc on your business and personal life.

You may have seen an e-mail from someone claiming to be Amazon or your credit card company asking for specific sensitive information.
Often, the e-mail address does not line up with who the person is claiming to be.

When a phishing scam targets your business, they’ll likely request valuable information from your employees such as passwords or customer data.
If your employees fall for the scam, they could give a cybercriminal unprecedented access to your network and systems.
This may also allow the cybercriminal to steal private employee and customer information, leaving your employees vulnerable to identity theft.

Phishing scams can be averted by using common sense and providing cyber security training to your employees.

Most companies will not request private information over e-mail.
That being said, if an employee receives a suspicious e-mail, they should do their due diligence to ensure the e-mail is genuine before responding in any way.

These are some steps that anyone in your company can take to detect a phishing email:

  1. • Check the authenticity of the email address: does the email com from the company’s domain or from a public domain?
  2. • Check for misspelled words or extra letters in the domain name.
  3. • Check for poor spelling and grammar within the email content.
  4. • Usually, scammers use a sense of urgency within the email to generate a quick response from the victim.
  5. • When possible, confirm with person who send the email whether the information request is true

If your business falls victim to a cyber-attack, it could have lasting consequences for you, your employees, and your clients.

Malware

Malware is software installed on a computer without the user’s consent that performs malicious actions, such as stealing passwords or money.

There are many types of malware, including spyware, viruses, ransomware and adware.

You can accidentally download malware onto your computer by clicking on sketchy links within e-mails or websites.

You might not even notice you have malware on your computer right now.
These are a few hints that can help you identify whether you have been infected with malware or not:

  1. 1. Your computer is operating more slowly than usual.
  2. 2. Web browsers are taking you to random sites.
  3. 3. You have frequent pop-ups. 

Prevention is key in stopping malware from affecting your business.

Hiring and utilizing a managed services provider is the best way to protect your business, as they will continually monitor your network for exploitable holes.

With malware, it’s always better to play it safe than sorry.
If a cybercriminal is able to use ransomware on your network, your business could be stuck at a standstill until you pay the ransom.
Even if you can pay the ransom, your reputation will still take a hit, and your business could be greatly affected.

Be careful where you click on your phone, too, since malware attacks on cellphones have become more common over the past few years.

Attacks Involving Passwords

How do your employees access your network or computer systems?
They most likely use a password to log in to their computer, access their e-mail and much more.
What would happen if someone with bad intentions gained access to one of your employee’s passwords?
Depending on the individual’s access, they could obtain sensitive information about your business, customers, and employees.

Your team should be using long, complex passwords for their accounts, and each password for every account should be different.
Encourage your employees to use password managers that will allow them to create the most complex passwords possible and keep track of them more easily. You can also provide a corporate password manager for all your business’ email accounts.

Incorporate multifactor authentication (MFA) to ensure nobody can steal a password and gain access immediately.

All of these password hygiene best practices have to be included in your business’ Password security training.

If your business falls victim to a cyber-attack, it could have lasting consequences for you, your employees, and your clients.

Now that you know the most common types of cyber-attacks, you can start implementing plans to ensure you and your business stay protected.

If you don’t have any cybersecurity training plan in place or if your current training program feels incomplete, we can help you set up a comprehensive annual cyber security training program for everyone in your company.

In yet another phishing email hoax, the New York State DMV is now cautioning consumers against an email "phishing" campaign. This phishing attempt sends a notice to email users stating they must pay a ticket within 48 hours or their license will be revoked. While the notice is made to appear as if it comes from DMV, it is a hoax.

Though the recent press release is from the New York State Department of Motor Vehicles, campaigns for other states may be soon be phishing for personal information as well. The NY DMV advises that the "Email falsely claims to be from New York State DMV". The DMV also advises to "not click on links".

The phishing email hoax targets New York drivers, stating they have 48 hours to pay a fine or have their driver's license revoked. The NY DMV alerted motorists that the scam is just bait to entice them to click on a “payment” link. Once clicked, it will in turn infect their workstation with malware. The DMV does not know how many people have been affected, but Owen McShane, director of investigations at New York State DMV, said calls came in from New York City, Albany and Syracuse.

Olenick also went into more detail stating "The malware being dropped came in two categories. The first simply placed a tracking tool on the victim's computer to see what websites were visited; and the second, more nefarious, attempted to acquire a variety of personally identifiable information, such as names, Social Security numbers, date of birth and credit card information."

What to look for

There are several red flags that show the email is a scam. The supplied links lead to sites without an ny.gov URL, tied to the fact that the state would never make such a request. The hoax email lists a reference number and then reads something like this:

“The Department of Motor Vehicles does not send emails urging motorists to pay traffic tickets within 48 hours or lose your license,” said Terri Egan, DMV deputy executive commissioner, in a statement.

Recommended Action

We suggest you send your employees, co-workers, friends, and family an email about this scam, feel free to copy/paste/edit:

"Here is a reminder that you need to be alert for fake emails that look like they come from your local police or State Dept of Motor Vehicles (DMV) claiming you have a traffic violation. At the moment, there is a local scam in New York that falsely states you have outstanding violations you need to either pay for or refute, and if you don't your license will be revoked. This scam may spread to the rest of America soon. Remember that citations are never emailed with links in them, or sent out with an email attachment, and report scams like this to your local police department."

Obviously, an end-user who was trained to spot these red flags like this would have thought before they clicked. Additionally, email security solutions will likely trap these types of emails before they reach the mailbox.

We strongly suggest you get a quote for email security services for your organization - you'd be surprised how affordable they are. Contact us for a quote, today!

Reference: https://dmv.ny.gov/press-release/press-release-06-01-2017

DocuSign, a major provider of electronic signature technology based in San Francisco, admitted that a series of recent phishing malware attacks targeting its customers and users was the result of a data breach at one of its computer systems. The company stresses that the data stolen was limited to customer and user email addresses. The incident is especially dangerous, because it allows attackers to target users who may already be expecting emails from DocuSign. This form of attack is known as phishing attempts.

DocuSign warned on May 9 that it was tracking a malicious email campaign where the subject line reads, “Completed: docusign.com – Wire Transfer Instructions for recipient-name Document Ready for Signature.” The email contained a link to a downloadable Microsoft Word document. The attachment contains malware, and tricks users into activating Word's macro feature, which will download and install malware on the user's workstation.

The company initially dismissed that the messages were associated with DocuSign and that they were sent from a malicious third party. However, in an update on Monday, DocuSign confirmed that this malicious third party was able to send the messages to DocuSign's customers and users because it had broken in and stolen their list of customers and users.

“As part of our ongoing investigation, today we confirmed that a malicious third party had gained temporary access to a separate, non-core system that allows us to communicate service-related announcements to users via email,” DocuSign wrote in an alert posted to its site. “A complete forensic analysis has confirmed that only email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.”

What to look for with this phishing malware attack

They are advising customers to filter or delete any emails with specific subject lines. These email subjects look something like:

Completed: [domain name] – "Wire transfer for recipient-name Document Ready for Signature"

Completed [domain name/email address] – "Accounting Invoice [Number] Document Ready for Signature"

Subject: “Legal acknowledgement for [recipient username] Document is Ready for Signature”

Since the recent newsworthy security breaches, it is becoming critical to educate employees on identifying and handling potential threats.  Bringing awareness is not enough, however. Due to the human factor, many email solutions, whether they are cloud-based or on-premise, integrate with outside email security services. These that filter and quarantine potential threats before they arrive to the email server and even network. QWERTY Concepts, provides email security services for their cloud platform, office 365, and to on-premise email servers. Click here to receive a free consultation and quote.

The company is asking people to forward suspicious emails related to DocuSign to [email protected].

qwerty_logo_footer_2024
Providing professional IT services to businesses, including managed IT, cloud computing, unified communications, IT consulting, backup & disaster recovery, and internet marketing services - to help our customers operate without walls. 
Ready to start working together?
Contact usFree ToolsSupport Portal Login
Facebook_iconX_iconLinkedln_icon
qwerty_logo_footer_2024
Managed IT services provider for New Jersey and New York City businesses.
Ready to start working together?
Contact usFree ToolsSupport Portal
732-926-0112
371 Hoes Ln, Suite 200-206, 
Piscataway, NJ 08854
Facebook_iconX_iconLinkedln_icon
Copyright © 2024 QWERTY Concepts, Inc.