Blog

July 23rd, 2014

If your company uses a phone system that emails voice mail messages or faxes, be wary of emails that look legitimate but actually contain malware or links to infected sites.  Remember, you are your own best defense when it comes to protecting your computer, your company and yourself from malware and viruses.   Let’s take a look at the email I received today.

you have a voicemail

 

If you received this email, you might be tempted to click on the link without giving it a second thought, but… if hovered over the link instead you’d see that the link leads here: electricalmetallictubing.net/demo/Report_2UIHd9ady8d326XTihUd.exe

There are a couple of things that should jump right out at you and make you think twice before actually clicking on it.  The first is “electricalmetalictubing.net“.  It’s unlikely that your phone system keeps your voice mail messages on a site called that, right? Does it even SOUND like somewhere your voice mail would be?  The second thing that jumps out is that the link ends with exe.  If a URL (or link) ends in .exe it triggers a program that can execute (or run) when you click on it.  Note, that if you’re intentionally installing a program, it’s OK to click on a link with .exe at the end.  But, you’re trying to get a voice mail here, not installing a program!

 

April 1st, 2014

benefit elections spamI found this in my spam filter yesterday.  It purports to be from the payroll company, ADP.  It was easy for me to spot it as SPAM, since we don’t use ADP for payroll processing.  But even that weren’t the case, that there’s a .zip file attached to this email would have raised a red-flag.

Not all .zip attachments contain viruses, though.  So, you are your own best defense when it comes to virus and malware protection.  Two quick rules to remember:

  1. Never, ever, ever, ever open a .zip attachment from a unknown sender.  Never.
  2. If you get an unexpected .zip attachment from a known sender – send a new email to that person, or give them a call, to verify before opening the attachment.

ADP released this statement yesterday about these emails.

If you’ve got questions about emails, think you have have a virus or just want some advice on how to best protect your company and your network, give us a call 203.987.4566 or email support@virtualdensity.com.

 

January 29th, 2014

Sometimes, it takes you completely by surprise.  An employee walks into your office and quits and you’re thinking, “Well, *&%^@!  Now what?”
Whether your employee left voluntarily, was laid off temporarily or was fired permanently you should know what access they have to your organization’s IT systems and how you can either limit or terminate access to them.

To be fair, most people wouldn’t delete files from your shared drive or set off a virus in your network or copy client information or any of the nasty things we see people do on TV an in movies.  But, some do and you don’t want to leave your organization exposed.  So what do you do?

Proper protection starts long before your employee leaves.  In fact, it starts when you hire him.  When you hire someone, you should begin a file – electronic or physical – of what your employee will need access to in order to do her job.  Of course, job responsibilities change over time and people get more and more access to an organization’s data over the years, so it’s important to keep up with changes.  Keep a list of credentials for each employee, even those who “would never leave”.

What passwords might your employees have?   Here’s a short list; your list may be longer, or shorter.!

  • company email password
  • network password
  • firewall and/or router password
  • shared drive or cloud drive password
  • online banking password
  • online credit card processing password
  • website password
  • company Facebook, Twitter, Pinterest, G+ password
  • alarm panel code

With all those passwords, imagine what could happen if a disgruntled employee could do….

If you need help protecting your IT assets, give us a call 203.987.4566 or email us cloud@virtualdensity.com.  We’re here to help!

 

 

 

November 21st, 2013

The United States Computer Emergency Readiness Team (US-CERT) issued a recent advisory warning that cybercriminals will very likely attempt to use the Philippines Typhoon disaster as part of email scams and phishing campaigns.

Phishing attacks attempt to use high-profile events, including natural disasters in their subject line, to get victims to open an email and click on links contained in the message. The goal is to send victims to a web page designed to collect as much information as possible on victims, but increasingly phishing attacks attempt to get people to give up sensitive account credentials. They also can be directed to attack websites containing malware.

As the holiday shopping season begins, security firms say they typically monitor an increase in phishing activity. Here are 10 ways the US-CERT and solution providers said users can spot suspicious phishing messages.

Be wary of unsolicited messages, according to the US-CERT. Rather than clicking on links from banks, retailers and other online merchants, recipients should type in the web address directly into their browser, say security experts. Some messages are designed to appear to come from legitimate senders, but instead contain links to a phony web page masquerading as a legitimate website.

In April, a phishing campaign used the Boston Marathon bombing to lure people into viewing videos, photos and other content related to the incident, according to Symantec. The campaign used an automated toolkit to set up the attack, sending victims to a malicious web-page-hosting, data-stealing malware.

Phishing attacks targeting holiday shoppers will craft messages using trendy electronics and other popular must-have items. Phishing messages are spotted year round and increase significantly when new products are unveiled by Apple, Google, Microsoft, Samsung and other top technology vendors.

But phishing scams peak during the holiday gift-shopping period from Nov. 29 through Dec. 25. The US-CERT said to avoid offers that seem too good to be true. Don’t follow links in unsolicited messages. Visit the retailer site directly to verify the legitimacy of an offer, said McAfee.

Mobile threats have increased significantly in recent years due to rising smartphone adoption and an increase in transactions being conducted on the devices. Security vendor McAfee said this month that Black Friday shoppers that use Android devices could face text message phishing attacks. Phishers can create phony mobile apps posing as holiday bargain-hunter tools, the firm said.

Mobile malware FakeInstaller, which has been a long-standing Android problem, can trick users into thinking it is a legitimate mobile application. Ultimately, FakeInstaller can gain unrestricted access to smartphones and makes attackers money by sending text messages to premium rate numbers.

The easiest way to prevent the SMS scam is to avoid sideloading applications. Stick to official mobile apps from the Google Play store, McAfee said. Mobile antivirus apps also can spot and block FakeInstaller from running.

PayPal is a top spoofed site during the holidays, according to industry studies. The Anti-Phishing Working Group, a coalition of technology companies, law enforcement and government officials, found that online payment and money-transfer provider PayPal was the most targeted institution for phishing attacks. Eighteen percent of all phishing campaigns tracked by the group were directed against PayPal users in the first half of 2013.

PayPal offers its users an email identification tool from Iconix to verify the validity of email messages it sends to users. The company also sells a credit-card size security key that can be used to generate a random security code as an additional authentication measure when making PayPal transactions. This helps reduce the threat of an account hijacking as the result of giving up account credentials in a phishing attack.

Kaspersky Lab researcher Stefan Tanase urges users to make sure they are browsing through a secure connection when visiting a bank website, online retailer or social network. Another way to boost your security and avoid giving up information to cybercriminals is to check the SSL certificate of the website you log into, Tanase said.

Modern browsers, such as Microsoft Internet Explorer, Mozilla Firefox and Google Chrome, also will verify the legitimacy of a website and display a lock and green color in the website address bar to provide validation that the site is using SSL and is legitimate. Clicking on the lock icon will provide additional information, including cookies and certificate information that show how it verified encryption and certificate validation.

Antivirus software that has the latest updates often will provide phishing protection by blocking known phishing sites. Solution providers told CRN that, often, small business owners and individuals fail to keep their antivirus updated regularly, missing critical updates to ongoing attack campaigns that spread quickly. A web security gateway, a next-generation firewall or unified threat management appliance also provide blocking capabilities by detecting and blocking connections to locations that have been identified as malicious.

A common phishing scam that targets user account credentials typically tricks users into giving up their login and password details by luring them into implementing a new “security feature.” The scam uses a major bank brand or merchant name. It is effective because out of the millions of spam messages sent out, a small percentage will be fooled into thinking they’re implementing a new security feature.

Security firm Sophos detected this kind of scam targeting the customers of an Italian prepaid debit card service. Recipients tricked into opening an HTML attachment were prompted for their password. It is then saved and a phishing web page is opened.The presence of the password prompt may actually strengthen the social engineering of the phish, Sophos said.

Another good practice according to Kaspersky Lab’s Tanase is to check the email headers to confirm the source of the email message. This isn’t always foolproof because addresses and source information can be easily spoofed.

Email headers can give the details of a sender. Google and other services provide email header analysis tools that can determine the legitimacy of a sender’s IP address. In addition to the IP address, the header will show the Mail Server used and the details of the sender’s service provider. Phishers can spoof the email headers, but usually telltale signs can provide clues as to whether a message is legitimate. When in doubt, throw it out.

Phishing can be combined with other scams, and the US-CERT recommends that learning to identify fake antivirus could help stop an ongoing attack. Rogue antivirus is difficult to terminate. It causes realistic security warnings that ultimately request credit-card and personal information claiming that it will identify threats and remove them from the system. One recent scam involved a follow-up phone call from an attacker call center requesting access to the infected machine.

The threat of being infected can be reduced significantly by actively maintaining and keeping your antivirus up to date, say security experts. The US-CERT recommends that users visit a vendor website directly when purchasing or renewing software subscriptions.

Messages using the USA Patriot Act have been a common scam in recent years, according to the US-CERT. The email messages have been seen in greater numbers, possibly as the result of the revelations over the National Security Agency surveillance activity. Emails frequently reported to law enforcement use a message purporting to be from the Federal Deposit Insurance Corporation (FDIC). The phony message says the victim’s bank account is no longer insured because of “suspected violations” of the Patriot Act. The phishing email then attempts to steal the victim’s identity by requesting verification through an online form.

Ransomware is a similar scam. Malware locks the user from accessing any other functions of the infected computer. The attack requests payment in the form of a fine to unlock the system. The latest Cryptolocker attacks are a good example of the problem.

November 6th, 2013

Virtual Density has identified an issue that may impact your IT systems. We are actively working on the issue and will provide updates as further information becomes available.

Potential Business Impact

Use extreme caution when opening .TIFF files and when visiting unknown websites.

Service(s) Impacted:

Exchange and Lync, plus other Microsoft products. (Click here for a full list: https://technet.microsoft.com/en-us/security/advisory/2896666)

Summary of issue:

TIFF attachments in Lync or Email

Started at 11/05/2013 07:43 PM ET

Microsoft has identified a “zero-day” vulnerability involving .TIFF files. This means that neither Microsoft nor the antivirus companies have been able to develop tools to address this vulnerability. Because this is a zero-day vulnerability, the only way to protect yourself is to exercise extreme caution when opening .TIFF files, no matter how they reach you—whether via Exchange or Lync or through unknown websites. We advise all our users to be very careful with .TIFF files. Anti-virus and firewall protection applications may not stop this threat. Do not open any files with a filename ending in .tiff – either through your personal mail or Virtual Density mail. There are a number of news articles discussing the specific details of the vulnerability.

You can read them here: https://news.google.com/news?ncl=d-A1C6SaxJzq77M7R5cmrPtUUtToM&q=zero+day+microsoft&lr=English&hl=en Here are some answers to questions you may have:

Q: Won’t Virtual Density’s SpamStopper catch any viruses that are trying to get through?
A: No. The very definition of zero-day means that as of today, there are no signatures that let us detect any attachments containing malware. Your best defense is user awareness until Microsoft delivers a patch, and until signatures can be developed.

Q: Can I block .TIFF files from being delivered to my end users mailboxes?
A: No, unfortunately, that functionality is not available.

Q: When is Microsoft anticipated to deliver a patch?
A: Microsoft has stated that it will “take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update”. Rest assured that we’ll apply the updates as soon as they’re made available to us.

Technical Details:

From Wikipedia: “A zero-day (or zero-hour or day zero) attack or threat is an attack that exploits a previously unknown vulnerability in a computer application, meaning that the attack occurs on “day zero” of awareness of the vulnerability. This means that the developers have had zero days to address and patch the vulnerability.” The vulnerability is a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images. An attacker could exploit this vulnerability by convincing a user to preview or open a specially crafted email message, open a specially crafted file, or browse specially crafted web content. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Questions about this event?

Feel free to contact us at our Support Center in the following link:

http://www.virtualdensity.com/support/support-center/

October 24th, 2013

Not all spam comes by email.  Yesterday, my husband got this “Domain Name Expiration Notice” in the mail.  His domain www.coachraysoftball.com doesn’t expire until March 2014, and it wasn’t registered with Domain Registry of America but here they are reminding him to renew.

This letter is designed to mislead the otherwise uninformed consumer.  It looks official and it makes perfect sense.  It shows when the domain name will expire and offers three extension periods and plainly states the cost.  Further, it suggests other similar domain names that you, the owner of the domain name, may wish to consider.  It also very clearly states that you are switching your domain registrar.  It says, “When you switch today….” and “…now is the time to transfer and renew your name…” and “This notice is not a bill.” and “…switch your domain name registration to the Domain Registry of America.” and “Transfer and renew your domain name.”  On the back of the notice is 3/4 full of the tiniest print I’ve ever seen (but can’t read) and it probably explains the whole thing in perfected legal jargon.

If you get one of these in the mail, read it carefully and then tear it up and toss it out.  You probably didn’t register your domain with them to begin with and you don’t need to renew your domain 6 months in advance.  If you didn’t ask for automatic renewals, your registrar will remind you with plenty of time to renew.  Virtual Density, for instance, sends out notices 30 days in advance.  You can check your domain name and it’s expiration date at freewhois.us.

You DO have to renew your domain annually, unless you renew for more than one year at a time. Services like email and your website will no longer work if your domain expires, so it is important that you don’t let your domain name expire.

If you have any questions about your domain, whether or not you registered it through us, just ask!  Call me at 203.987.4566 ext 102 or email me jenn@virtualdensity.com and I’ll be happy to help!

October 23rd, 2013

Here’s another example of an spam email designed to take advantage of us busy people!  We use a VoIP phone system here and when someone leaves a voicemail, or sends a fax, we get an email alert with the message attached.  So, it’s not unusual to get an email like this one. But, there are a few items that mark *this* email as bogus.  There’s a screen shot of the email at the end of this post.

1) One or more of the email addresses is wrong.  And, why would it be sent to more than one email address anyway?
2) The attachment is a .zip file.  Zip files should ALWAYS make you think!  Always verify with the sender before you open a zip file!

Remember – you are your own best defense against viruses and malware.  It’s important to take a moment and really look at attachments and links before clicking.  An extra few seconds of careful study can save you untold hours of heartache and stress!  If you’re unsure about an email, ask us!  support@virtualdensity.com

voice message

 

 

September 28th, 2013

Thumbnail

If you’ve ever tried to set up your phone, tablet or computer to get your email then you’ve no doubt encountered these two IMAP and POP3. Maybe you already know what they mean, but in case you don’t here’s a quick explanation: 

POP3:  Downloads the message off the email server directly to your phone, tablet or computer and, usually, doesn’t leave a copy of it on the server.  If you’re getting mail on more than one device, this is not for you!

IMAP:  Downloads the message off the email server directly to your phone, tablet or computer and leaves the message on the email server. IMAP is best when you’d like to see email messages from webmail, outlook and other devices.
If you’ve still got questions try our self-help page, email us at sales@virtualdensity.com or call us 203.987.4566!
September 27th, 2013

You’ve heard them or read them all – SaaS, HaaS, IaaS, PaaS   Seems like there’s a new one everyday and what do they all mean, anyway?

SaaS – Software as a Service –  or software that is available through the internet.  Simply put, instead of purchasing the software and installing it on your own hardware (computer or server) the software is available over the internet.  Also, data is typically stored by the SaaS provider instead of locally on the user’s computer or server.

HaaS – Hardware as a Service –  involves providing physical hardware and switches that form the backbone of the cloud to a user. The HaaS provider operates, manages and upgrades the hardware on behalf of its customers for the lifetime of the contract.

IaaS – Infrastructure as a Service – is one type of cloud computing in which a vendor offers various infrastructure components such as hardware, storage, and other fundamental computing resources.

PaaS – Platform as a Service – facilitates the deployment of applications without the cost and complexity of buying and managing the underlying hardware and software, providing all of the facilities required to support the complete life cycle of building and delivering web applications and services entirely available from the Internet — with no software downloads or installation.

You may notice that all of the “as a Service” models have one common theme:  a trusted, experienced provider.  Want to know more?  Call us 203.987.4566 or email sales@virtualdensity.com for more information.  We’re here to help!

Thank you to The IT Law Wiki for help with the definitions!

August 16th, 2013

You ought to be.

Google says it’s OK for them to read your email because … well… because you shouldn’t expect them not to.  In fact, it’s in their terms of service – you read that when you signed up, right?

In a recent court documents, Google says, “Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use web-based email today cannot be surprised if their emails are processed by the recipient’s [email provider] in the course of delivery. Indeed, “a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.”

“Gmail is one of the most popular web-based email services in the world with over 400 million users. Like all email providers, Google applies automated systems for the delivery of email. As part of this processing, Google’s automated systems scan email content to filter out spam, detect computer viruses, and provide various features, including functions that allow users to search their email messages, automatically sort incoming email, and others. These systems are also used to display advertisements targeted to email content, as Google has disclosed since the inception of Gmail nearly a decade ago. The revenues from these advertisements enable Google to provide the Gmail service for free to the public. Gmail’s advertising-based business model is similar to that of other free email services offered by Yahoo, AOL, and Hotmail.”

Every email provider scans email for keywords to help reduce the amount of spam delivered to it’s users.  Without that technology, you’d spend hours every day sifting through your inbox trying to decipher what’s legitimate and what’s not.  But, not every email provider scans email in order to get better results on advertising dollars.

If you don’t like the idea of Google reading your business email so it can improve it’s business contact us and move your email to a business class provider.  We’ve got great email options for every size business.  And we promise not to read a thing.