Received a Random Link? DO NOT CLICK ON IT!

a person is typing on a laptop computer

If you ever receive random texts or emails from PayPal (or any other business, for that matter) telling you they suspended your account and now require you to authenticate your identity with an unknown link, then you should definitely think twice before clicking on that link. This is a common method that hackers use to break into accounts, especially those account holders that fall for this phishing scam. There is a better alternative to investigate this issue to see where it leads. It is important to access your account the way you normally would instead of clicking on that link.

If you were in this position, what would you do?

It is pretty safe to say that no one wants to fall for a phishing scam; but, at the same time, it can be very tempting to trust the message to make sure there is nothing wrong with your account.

The best approach is simple, but definitely not one that we would intuitively think to do.

Instead of clicking on the link provided in the text or email, open up a new web browser tab and login to the website, the same way you normally would in order to access your account. It does not matter the type of account you are trying to log into, whether it be your bank, your favorite online retailer, or any website that you have an account with. The practice of logging into the site directly, rather than using the link given, is simple and easy to do. It will also help keep you from being a victim of a phishing attack.

Let Us Help Your Team and Keep Them Safe

4 Corner IT can help you and your company choose the best tools and resources to keep everyone safe from security and phishing attacks. Our professionals can help build your business’ defenses and offer training to all members of your team, including how to identify potential threats and the best practices to keep safe from these attacks. For more information or to get started today, contact us at 954.474.2204. 

Contact Us Today and Check Out Our Blog!

New Malware Affecting Devices Steals Your Money

a person using a laptop computer on a desk

Many common types of malware can attack your devices to gain information or damage your devices. Android devices now have to keep an eye out for a dangerous malware campaign called “troll fraud malware”. It is signing them up for services and stealing bank details to drain their bank accounts and spend their money. How do you protect your Android device from this malicious malware that can take your funds without your knowledge?

How Does Malware Steal Money?

Some malware is easily detectable and is made known to the user soon after their device is infected. However, the newest threat, troll fraud malware, works under the radar. It bypasses notification systems to move forward with spending users’ money without consent. The malware uses a complex system to turn a seemingly regular app into a malicious app quickly. It works by signing users up for premium services without their knowledge and charging the charges to their phone bills.

This intricate malware can force users to disconnect from safe, protected wi-fi networks and force them to use cellular data. It can even confirm subscriptions and intercept one-time passwords and two-factor messages. Thus, users will never receive any indication they’ve been hacked. Microsoft has warned users to be careful when downloading mobile apps as the troll fraud malware has become a rising problem that is difficult to detect.

How To Protect Your Device 

It’s not easy to spot an infected Android app, but there are measures you can take to protect your device and your finances. One of the most important things to remember is always to be aware of what apps are installed on your device. Only download apps through the official Google Play Store and avoid third-party downloads. Apps that appear in the app store are not always vetted for security and can easily infiltrate your device when downloaded. 

Malware can easily hide in simple app categories such as wallpapers, lock screen customization apps, and more. Read reviews on apps, research developers, and read the description. Pay special attention to app requests that request permission to access your messages or notifications. If an app request doesn’t make sense or is requesting more access than you feel comfortable with, don’t download the app. 

You always want to be cautious with your device to ensure it remains protected. If your device is experiencing any issues at all, an app will not be able to solve the problem, and you should have your device looked at, or it may be time for an upgrade. 

Ensuring your device is secured is essential to protect your data and information. If you have any issues with your Android or devices, you can reach out to a professional if you need additional support. Contact us at 954.474.2204.

Ads Can Carry Malicious Code

malware malicious code

Sometimes you might be browsing the Internet and come across an advertisement for free downloads of Windows applications. Obviously, this is too good to be true, and hackers tend to exploit advertisements to spread their malicious code across devices. Malvertising is used to deliver various types of threats, all of which can cause considerable harm to unprepared businesses. 

The malvertisement threat in question is a new campaign targeting users in Canada, the United States, Europe, Australia, and Nigeria. It aims to steal information like usernames, passwords, and other sensitive credentials. 

Types of Malicious Code

ZDNet reports that this new malvertising campaign—called Magnat by Cisco Talos—spreads a malicious browser extension using Trojan malware. Thus, providing a backdoor entrance to the user’s device. This new, as-yet-undocumented threat appears to be custom-built over the past several years. Other types of malware used in this campaign include a password stealer. This is installed on the user’s device through the use of the backdoor. 

The browser extension (also a keylogger) and the password stealer are standard fare for threats. However, the backdoor, called MagnatBackdoor, is a special type that allows attacks to gain remote control over a PC without detection. It also adds a new user to the device and installs keyloggers, as well as other malware. Thus, enabling the attacker to steal sensitive information. Researchers believe that the threat works like a banking trojan with the primary aim being to steal credentials for individual sale on the Dark Web. Of course, the credentials could also be used by the attackers, too. 

 Malware Distributuion

This malware is distributed primarily through advertisements that link to malicious file downloads, with the big kicker being that these adverts advertise popular software applications. While there is reason to be concerned about this campaign, it’s also important to know that it’s nothing new. These threats are commonplace and security researchers, as well as security professionals in the field like ourselves, fully understand how to keep your devices as safe as possible. 

 

4 Corner IT wants to help your business keep itself safe from these types of threats (and more). If you need some pointers on how to keep your employees from clicking on these advertisements, we can provide training, as well! To learn more, reach out to us at 954-474-2204. 

Contact Us Today and Check Out Our Blog!

How Prevent Your Network from Being Sold By Hackers

Locked computer ransomware with hands holding money and key flat vector illustration. Network Sold by Hackers

Believe it or not, your organization’s network can be sold by hackers under the right circumstances. This is the unfortunate reality that we live in. Thus, the commoditization of data and network access has become a real problem. According to a study from KELA, hackers can sell access to compromised networks for a pittance compared to the amount of work you have invested in building your business. If you have your business’s network sold by hackers, it could create a snowball effect. This includes events that can lead to your business’s downfall. Therefore, you must do everything in your power to protect your network and prevent this from happening.

This report from KELA followed Initial Access Brokers. This term is used to describe threats that sell access to compromised network infrastructures. Additionally, these threats are big players in the world of cybercrime. They can effectively facilitate some of the most devastating threats out there, including ransomware and remote access threats. The report examined one full year of listings by Initial Access Brokers to discover how much value can be assigned to this type of network access.

It is quite shocking to see just how little value is associated with access to your network. Out of the 1,000 listings, KELA found that the average price of network access credentials was about $5,400. The median price being around $1,000. Other trends examined included the average price of credentials, as well as information on industries affected and countries affected. The top countries affected were the United States, France, the United Kingdom, Australia, and Canada. Additionally, top industries affected included manufacturing, education, IT, banking/financial, government, and healthcare.

Just take a moment to imagine how much chaos someone could inject into your business simply by purchasing access to your infrastructure. All it takes is a small investment and access to a VPN for someone to start causing some real trouble for your business. There are quite a few ways that you can minimize the damage done through these methods, including the following:

  • Implement comprehensive security measures

    In terms of sheer security, we recommend unified threat management, or UTM, to handle most of the threats your business could face. This all-in-one solution includes security measures such as a firewall, antivirus, content filter, and spam blocker to minimize exposure to threats.

  • Monitor your network traffic

    If you keep track of who logs onto your network, when, and where they are logging in from, you’ll have a greater chance of identifying suspicious traffic patterns.

  • Implement multi-factor authentication

    Password security is still important, but not nearly as important as having additional measures in place. Multi-factor authentication can help make sure that people logging into your network are who they say they are.

  • Take regular backups of your infrastructure

    You never want to use your data backup, but having it never hurts, and it will give you a nuclear option in the event that someone does manage to gain unauthorized access to your network.

If you have your business’s network sold by hackers, it can damage your business’s entire operations. To learn more about how you can protect your business, reach out to us at (954) 474-2204.

3 Cyber Security Issues Businesses Should Prepare For

Caucasian IT professional admin using laptop computer doing data transfer operation with rack server cabinets in digital room of data center. Cyber security

Cyber security should be a top priority for all businesses, regardless of size. The unfortunate reality is that many business owners do not take the necessary steps to secure their data, which could lead to significant problems further down the line.  

As technology becomes more advanced and hackers become more sophisticated, it is important to stay on top of these issues so that your company doesn’t fall victim. In this article, we will highlight three cyber security issues that you need to address before it’s too late! 

Mobile Malware 

Increased dependence on mobile devices has led to increased mobile cyber-attacks. Cybercriminals are taking advantage of the fact that people have become increasingly reliant on their mobile devices. 

In 2020, it is estimated that there were two trillion text messages sent. These texts could contain “phishing” attempts whereby malicious actors could attempt to access sensitive information such as passwords, usernames, and account numbers. 

Bank apps and other apps with sensitive information are also at risk. Consumers typically download new apps without doing any research on the company, so it’s critical to do your homework, before adding these apps to your device.  

Check if other users have downloaded and installed the app before you install it yourself. Read the reviews, and conduct a search on Google or one of the other search engines to cover as many bases as possible.  

Compliance Fatigue 

The list of compliance standards grows each day with technology updates and new threats. Compliance fatigue is a real risk faced by businesses that can lead to costly mistakes and time investments. However It’s more cost effective to keep up to date now rather than face the inevitable repercussions of not doing so later 

Lack Of Awareness and Education About Cyber Security 

Many people have no idea that phishing and other cyber scams are a problem. Any security is only as strong as its weakest point.  Employees are a network’s biggest weakness, so education about the dangers of cyber security is one way for them to be aware of the risks they face with every click on their computer or mobile device. 

When it comes to cyber security, you need to take precautions at every level: from your on-site systems and data storage, all the way up through the different layers of technology that connect with various parts of your business. Engaging with a trusted MSP like 4Corner IT can help mitigate cyber security risks.