CyberSecurity – Top Tips

We at RLS Computer Services take cyber-security very seriously and don’t wish our customers to be a victim of fraud.

To help keep yourself safe from fraudsters by reducing their chances of getting hold of your information, we have put together some top tips for you.

  • When using Internet banking or any online service, never share  One Time Passcode (OTP), passwords, security codes or any other form of security information with another person. Not even an employee of that company.
  • Never download software or let anyone log on to your computer or other devices remotely following or during a cold call.
  • Never enter your Internet banking details after clicking on a link in an email or text message.
  • Never follow a telephone instruction asking you to press keys on your keyboard, or run any programmes from a cold caller.
  • Never visit a website given to you by a cold caller, it might contain malware.
  • If you are ever unsure, we urge you to take your time, don’t be rushed. A genuine organisation will never rush you to take action on your account.

To illustrate the point of security and fraud please take the time to watch this witty but to the point video.

Social Share Toolbar

Cyber Attacks – What To Do?

Image

cyber_security_banner_600x140

Cyber-attacks are on the rise; so, what can we do to protect our identity and keep our information safe? Read my action To-Do-List to keep yourself safe online and out and about.

it was only last week when Northern Lincolnshire and Goole NHS Foundation Trust suffered a major incident after systems were infected by a computer virus and now this week Tesco Bank suffered a sophisticated attack which saw monies taken from 20,000 of its customers’ accounts.

Here are my recommendations to keeping you safe online and out and about.

General Rules

  • Use a quality anti-virus solution and keep it up to date. There is no point scrimping on security here, an anti-virus application will provide several security benefits including malware protection, firewall and browsing protection.
  • Always use a strong password, which is a critical factor of preventing access to your  information. It doesn’t have to be overly complicated either, simply take this famous pangram “The quick brown fox jumps over the lazy dog” and ask yourself how many ways can you write just part of this sentence (i.e. “TheQuickBrownFox”, “Th3Qu1ckBr0wnF0x”, or “Th3QBF0x”)? You can use your own sentence and create your own short versions to create your password, there is literally endless possibilities and combinations.
  • Password protect your PC and lock it when you step away, even if you are just visiting the loo.

Safe Browsing

One of the biggest concerns most people have is with safe browsing, but what does that mean? I define it as visiting known websites or searching for information on the Internet. To safely surf the Internet you should follow these simple rules:

  • Never search for a website that you know the address for, always type the fully URL of the website instead of just the name. For example when visiting the BBC website don’t just type “bbc” into a search engine as you are then presented with a mountain of responses to choose from and the first one isn’t always the correct one, instead type “www.bbc.co.uk” which will take you straight to the site.
  • Always use bookmarks for regularly visited websites (i.e. Bank, shopping sites, etc.)
  • Never install browser add-ons, toolbars and extentions when you don’t know what they do, this is one of the major causes of browser hijacking to date.
  • Turn on Pop-up blocker to stop ads and unwanted browser activity and selectively allow only those sites who need them (i.e. your bank might sometimes pop-up a window to present your latest bank statement).

Out and About

Cyber security isn’t just about what you do at home and work on your computers, it is also about what you do when you are out shopping, visiting friends and using your mobile devices. Here are my recommendations to reducing your chances of being cyber attacked when you’re out and about.

  • Check that cash machines haven’t been tampered with, credit card fraud can happen if a criminal has skimmed your card directly from a machine that has been altered to read your card and capture your PIN.
  • Always make sure no one can see your PIN number when typing it in, this should always be observed in shops and cash machines. Don’t be afraid to ask people to step back if they are too close.
  • Lock you mobile devices with a PIN in case you loose it and enable track and trace.
  • Don’t keep PIN numbers written down and if you absolutely have to don’t keep them in the same place as your cards.
  • Never let your card out of your sight, even at your friendly supermarket
  • If someone asks to use your mobile phone in an emergency just ask for the name of the person they want to call and the number and call it yourself, only handover the handset once you are assured you are dialling a legitimate number and talking to real person.

My last piece of advice I want to share with you is this, DATA is KING, after all cyber crimes are not just about stealing your money, it’s about stealing your information and the more detailed the information the better. So we must back it up and back it up with a quality backup solution. It is admiral to watch someone backup their data to a USB pen drive or external hard drive only to then loose it or break it. If you get hit with ransomware, lose your mobile device or simply delete your data (accidentally or by malware) the chances of recovery has been increased significantly when correctly backing up your data.

Further Reading

For more help with securing your IT systems, why don’t you give us a call on 0844 334 2020 or email support@rlscomputers.co.uk

Social Share Toolbar

Can I Trust Emails From HMRC?

Can I Trust Emails From HMRC?

Recently and after our previous blog http://www.rlscomputers.co.uk/news/?p=300 we have been asked “Can I Trust Emails From HMRC?

The answer is not as simple as it might seem, we have already highlighted the root cause of Phishing emails and why fraudsters send them. Therefore it is highly probable using the guides in my previous blogs that someone will attempt to defraud you at some point claiming they are from HMRC.

Okay, so what to look out for:

  • If the email is from a legitimate source they would normally point you to the web address both visually and as a hyperlink. For example see my link above “http://www.rlscomputers.co.uk/news/?p=300″ instead of using just “How to Spot a Phishing Email” as the link. This gives you the choice to type the link in opposed to only clicking the link.
  • Language, if the email is written responsibly then the language would make sense. You woodn’t find bad landwich and granma from the hmrc (exaggerated example, but you get the point).
  • Fake images, alot of HMRC Phishing uses fake or forged images, normally grabbed from Google images. This is NOT a sign of genuine origins so ignore it.
  •  Greed, we all like money and want more of it, however don’t succumb to emails from HMRC telling you that you have received a TAX refund / rebate. HMRC will never contact you about these via email.

These are a few of the key notes you should remember before opening, clicking, acknowledging emails from HMRC, if you follow them it will keep you safe and in the know that the emails they do send you are quite safe to open and deal with.

Other Useful Links

HMRC Phishing Email Examples: http://www.hmrc.gov.uk/security/examples.htm

Geniune HMRC Contactshttp://www.hmrc.gov.uk/security/contacts.htm

Phishing Emails – Your choice Bloghttp://www.rlscomputers.co.uk/news/?p=43

Norfolk County Council Business Scamshttp://www.norfolk.gov.uk/Business/Trading_standards/Business_scams/index.htm

Norfolk County Council Consumer Scamshttp://www.norfolk.gov.uk/Community_and_living/Consumer_advice_and_protection/Scams/NCC051378

Social Share Toolbar

How to Spot a Phishing Email

I get several calls on this subject PER DAY!! and mainly the question I get asked is: How do I spot a Phishing email?

What is Phishing?

First I will explain what Phishing is; Phishing is a way of fraudulently acquiring sensitive information, such as credit card, bank account, login details or any other piece of personally identifiable information by tricking users with official-looking email messages. They appear to have come from legitimate sources by the sender (thief) using official looking logos, company addresses, names and visual links in a hope that the recipient (you) opens the attachment or click on the rogue link to start the criminal activity (hack, infection by Trojan or malware).

What to Look Out For?

Here are a few clues on what to look out for when spotting a Phishing email.

  1. Check where the email came from, examine the senders email address. It might have come from a public email address (i.e. xxx@outlook.com or xxx@yahoo.co.uk).
  2. Look at bogus attachments, if it has a PDF, Zip or Word document attached doesn’t make it real or legitimate.
  3. PANIC!, if an email has created a sense of impending doom if you don’t act TODAY! then be suspicious.
  4. Links that sound correct can very easily be faked. This link for example should take you to our website www.rlscomputers.co.uk, when it actual takes you to the BBC website. If you are unsure NEVER click on a link and always visit the website site directly yourself.
  5. Grammer is a major clue to Phishing email attacks, sometimes the dialect is a very obvious tell but can be over looked.

What Does a Phishing Email look Like?

I have collected some examples over time, so some of these are old but still lethal (some details have been masked for security reasons). Bank_Phising1 british_gas virgin-media

rbs_screen01-mail

Courtesy of RBS: http://www.rbs.co.uk/microsites/global/phishing_demo/index.htm

Courtesy of Sophos: http://www.sophos.com/en-us/press-office/press-releases/2006/07/top-phishing-targets.aspx

Courtesy of Sophos: http://www.sophos.com/en-us/press-office/press-releases/2006/07/top-phishing-targets.aspx

SPAM_USPS

itunes_scam

What Can I Do To Stop it?

You can’t stop all of it, but you can avoid a nasty outcome and reduce it down considerably by following these guidelines.

  • Never send sensitive account information (PIN codes, passwords, account reminder phrases or mothers maiden name) in an e-mail message.
  • Never go to a sensitive site through an e-mail link; always type the site name in your browser (such as www.paypal.com)
  • Never open attachments from a untrusted or unknown source (this includes PDF and Zip files)
  • Never share your passwords with anyone.
  • If your bank requires verification, do it over the phone or in person.
  • Verify any person who contacts you unsolicited, claiming to be customer support from a company (if they have to ask who you are, then they don’t know who you are)
  • Always report fraud to the company that the thief is portraying to be or represent.
  • SPAM / Junk block the Phishing emails, then delete them.
  • Make sure you empty your SPAM or Junk folders and email bin frequently (I do it daily)!

Seek technical advice on this if you are not sure.

Contact
RLS Computer Services – IT Support
0844 334 2020
Email support@rlscomputers.co.uk
or Like Us on Facebook

You can report scams to:

Citizens Advice Consumer Helpline 03454 04 05 06 or www.adviceguide.org

Action Fraud (UK’s National Fraud Office) 0300 123 2040 or www.actionfraud.police.uk

Also some great advice and information on scams from the Norfolk County Council Consumer Advice and Protection website: http://www.norfolk.gov.uk/Community_and_living/Consumer_advice_and_protection/index.htm

 

Social Share Toolbar

Heartbleed Internet Security Bug

Heartbleed-BUG

By now you would have heard about the Heartbleed software bug that has affected approximately two thirds of internet based services.

Many service providers (banks, shopping, social networks, etc.)  have issued statements recommending that you change your password because they cannot guarantee it is still secure.  If you use the same password to connect to these services, you should consider changing it as a precaution and to be on the safe side.

You should also check with those providers that they have taken precautions and fixed the problem to their websites.

For more information please follow the link below.

Source: Panda Security

Social Share Toolbar

Cryptolocker Ransomware: Your Data’s Worse Nightmare

Calling all PC users, we from time to time warn you of the dangers of viruses and Trojans, etc. but I felt that an update is CRITICAL, due to a relatively new strand of malware referred to as “ransomware”. It is designed to extort money from computer users by holding computers and files hostage until the computer user pays a ransom fee to get them back.

Although this is a very clever scam, the malware is typically unsuccessful in actually locking computer files if the ransomware is caught and dealt with promptly by a professional. Unfortunately, all that has changed with a new piece of ransomware that is so severe it has been described as “game changing” within the IT industry.

Today I received a report that a client was infected with a piece of ransomeware called “Cryptolocker” that will first hijack your PC and at the same time begin to encrypt your most popular file types, like Word, Excel, jpg’s, PDF, etc. so you cannot open them. The process is executed in stealth mode and once the process is complete the screen is then hijacked with the following message.

cryptolocker-ransomware

 

 

 

 

 

 

 

 

 

The major twist is that unless you pay the ransom (normally around $300) there is no way to decrypt the files and THEY WILL BE LOST FOREVER.

How to catch it

Cryptolocker is spread through malicious hyperlinks shared via social media and spam emails, like fake UPS tracking and TAX refund notification emails. Once the attachment or link is opened, the computer becomes infected immediately, and the virus begins the encryption process.

Prevention Checklist

  • Use a professional, quality antivirus software program (Like from Panda Security) and keep it updated daily and malware free.
  • Keeping your operating system up-to-date with the latest patches. You should check if any updates exist for your system.
  • For on-going protection, ensure that you are running effective and up-to-date security software and don’t turn off any obvious security measures (e.g. Firewalls)
  • Make sure you keep back-up copies of important/precious files (documents/pictures etc.) which would be very hard or impossible to reproduce if they are lost
  • Never open attachments or links in emails you don’t recognise or links in shared social networks.
  • Scanning all files downloaded online – and only downloading files from trusted sources.
  • After following the above steps you feel there is still a problem or if you are not sure what to do, seek further expert advice. Doing nothing could very easily cause you problems later!

What to do if I get infected?

If you are infected STOP don’t do anything more. Turn off your PC and contact us IMMEDIATELY and don’t be tempted to switch it on again until it is sorted.

Is there any way of getting my files back?

Sorry NO, unless you pay the ransom or you have a clean data backup stored in an offsite facility.

I will echo the advice of our Cybercrime Forensics Specialist Group:-

Seek advice on this if you are not sure – the worst thing to do is to do nothing.

Contact
RLS Computer Services – IT Support
0844 334 2020
Email support@rlscomputers.co.uk
or Like Us on Facebook

Social Share Toolbar