Phishers and Scammers are Getting Smarter…Are You?

Most of us have heard of the term phishing and have probably been attacked by it more than once. Phishing is attempting to acquire information from users while posing as a trustworthy individual in an electronic communication.  “Phishing” generally refers to attacks in your email inbox, but there are three others to know of: vishing, smishing, and whaling.

“Vishing” is a phishing attack on your VoIP (voice over IP) phone.  If you don’t have a VoIP phone then you are not at risk, as land lines are not susceptible to this kind of attack. Like phising, a message sent to a thousand possible emails, vishing is sent to a thousand possible VoIP phones.  Vishing happens when victims receive voice messages asking to contact their bank about fraudulent bank account activity.  The attack is successful when users call the number and are then prompted by voice commands to enter personal information, or they are connected with someone appearing to be a bank representative. Providing information can then lead to stolen credit card numbers, or full-on identity theft.

“Smishing” is a phishing attack on your mobile phone via text messaging or Short Message Service (SMS) messaging.  Same concept as above, text messages are sent to your phone asking you to go to a website or call a number where you are met by someone attempting to steal your personal and critical information.

Finally, “whaling” is a specified attack on senior business leaders.  These attacks are more specific, as scammers are doing their homework and compiling business email addresses, job titles, direct telephone numbers, and reporting employee names of business executives and compiling direct attacks over email.  Executives are prone to fall to these attacks as the information in the emails leads them to believe the messages are legit.  The email message may contain and attachment or point executives to a website, where once clicked, a program is downloaded to the user’s PC and confidential information is then compromised.  This attack is a little different as the scammers are not only interested in obtaining personal information on the user, but are also after confidential and proprietary information of the company.

A lot of successful phishing attacks go unreported because the victims don’t want to appear gullible enough to be stooped by these attacks.  Sometimes we throw logic reason out the door and fall, even though we think we are too smart to do so.  Continue to delete the emails, but also remember to delete the voicemails and the text messages.  And remember, if you have a small suspicion that something isn’t right, it probably isn’t!

EarthLink IT Services offers numerous security services to protect against these attacks.  Check out our security service product suite HERE!

Where Is Your Laptop?

Laptop theft is a common practice. Every day laptops disappear from college libraries, car back seats, coffee shop tables, hotel lobbies and airport waiting areas. In the past, laptops were valuable for their hardware, once stolen they were resold quickly for strictly their monetary value. Today that’s not the case. Your data is the target! There’s probably something on your laptop that you don’t want the whole world to see. It could be proprietary information, documents containing personally identifiable information (birth date, social security number, credit card info) or even someone else’s personal information.

If you travel with your laptop or keep it in a place where others can access it, then you’re vulnerable to theft. A password no longer guarantees denied access to your data. If someone is smart and determined enough they will crack it and have unrestricted access to every piece of data stored on your laptop. So how do you protect it? Encryption. Encryption adds an additional layer of protection. If your password is cracked the data remains encrypted and the information is scrambled so that even advanced security experts can’t read it.

EarthLink provides a Managed Laptop Security solution that encrypts your data and also adds yet another layer of protection with laptop remote wipe capabilities. Should your laptop be lost or stolen, EarthLink’s protection will automatically kick in and wipe (delete) the data by overwriting it until nothing is left.

Passwords simply don’t cut it anymore in today’s technology world. If you laptop is mobile then you must add multiple layers of data protection to minimize the risk of your data getting into the wrong hands. Contact EarthLink Managed Security Services (or download this info sheet) today to learn more!

External Penetration Testing – Are Your Internet Facing Systems Protected?

The world of hacking seems like a mysterious place; we seem to only occasionally see it, either on the news or in a movie.  So really, what are the chances of cyber-attack happening to your company?  Think it’s minimal?  Maybe…but can you risk it?  There is currently no federal mandate requiring corporations to disclose cyber-attacks, so why worry?  Here’s why: if anyone finds out, it only takes one attack to destroy a company’s reputation (and, in the process, their bottom line!).  Do you want to be the next company profiled on the national news circuit?  No you don’t.

Now I ask the question in the title – Are your Internet facing systems protected? Are you sure? Knowing the risks is the first step to mitigation and reducing the chances of any cyber-attack.  Performing external penetration testing helps you clearly identity external vulnerabilities before an unauthorized user (i.e. hacker) has a chance to exploit those vulnerabilities.  (EarthLink can do this for you with it’s managed security services: download a pdf of offered services by clicking here.)

Penetration testing protects your company.  If you can, test anytime an external system change is made. Adding, changing and removing external systems is, most likely, what creates your vulnerabilities in the first place. Have testing done quarterly or annually at minimum, whether your company is required by regulations or not. Know your vulnerabilities before attackers do. After testing, develop a plan to mitigate identified vulnerabilities and start lowering your overall security risk.

Bottom line…If you are not already performing penetration testing, START, because the life of your company may actually depend on it.  EarthLink Managed Services can help you perform penetration testing and help you maintain security on your public facing network.

(EXTRA READING: Learn about the top cyber-attacks of 2011 in this foxbusiness.com article.)

Mac Flashback Virus Infects 600,000: What Can You Do?

Security has often been cited as one of the big advantages Mac computers have over their Windows counterparts.

Windows users were under constant assault from viruses, Trojans, spyware, and malware of all kinds.

Mac users remained blissfully above the fray. Most never even considered buying or even installing a free computer security program.

Until last week.

Mac Flashback Virus Worldwide Outbreak Map

Where the Flashback Virus Has Spread

More than 600,00 Mac users were found to be infected with the Flashback Trojan, malware that exploits a Java security flaw to install itself on Macs. Most infected computers (56.6%) are in the U.S.

This isn’t the first Mac attack by any means. Just a year ago there was a fairly large attack called MacDefender.

But more people use Macs now and Flashback has gotten a lot of publicity, leading some to say it has, once and for all, ended Mac’s no-virus reputation.

Now for some comforting news for Mac users: though it’s a large infection, Flashback probably has only infected around 1% of Macs according to some estimates.

Secondly, Apple has already launched a couple of updates to identify and protect against Flashback, so if you get a Mac OS update notice, please don’t ignore it. You can also run your Mac’s Software Update at any time.

Keep in mind, however, that Apple’s Flashback security updates are only for OSX v10.7 and v10.6. Users with earlier operating systems who are concerned are encouraged by Apple to disable Java in their browser preferences. Here is more information about Flashback from Apple.

Though Apple is still working on a Flashback detection and removal tool, there are free 3rd party options available now.

Security vendor Dr.Web has a free online tool to check your system for the Flashback malware (specifically, Backdoor.Flashback.39). All you need to do is enter your Mac’s UUID (don’t worry, there are instructions on how to find it). Keep in mind, this is just a detection, not a removal tool.

Another security vendor, F-Secure, is offering a free tool that automatically detects and removes Flashback from your Mac. Download the free tool here and read the installation instructions.

If you are an EarthLink member and Mac user interested in ongoing protection for your computer, you can take advantage of these Special Offers on Norton Security software from our security partner Symantec.