Social Engineering Attacks And How To Prevent Them

November 23, 2015

Social engineering is a non-technical method of attack in which the hacker attempts to convince users to break normal security practices. The type of information generally sought by hackers includes bank account information, password, credit card details etc. Certain social engineering attacks also involve sending malware-laden email attachments to gain control over the user’s computer.

Types Of Social Engineering Attacks

  • Phishing: This is probably the most common form of social engineering attack. The hacker sends an e-mail, IM or text message that appears to be coming from a legitimate and credible institution, company, bank etc.  A phishing scam is carried out to obtain a user’s personal information such as name, address, social security number, bank account details etc.
  • Pretexting: In this, the attacker creates a plausible backstory to gain access to confidential information. For instance, the user may receive a call or email claiming to be from a bank and asking about his credit card details or account number to verify identity.
  • Baiting: These attacks are often presented in the form of attractive offers and schemes to the users once they enter their login credentials. People who fall a prey to the bait may infect their computer system with malicious software, leak out the financial information stored on the computer and generate new malware exploits.
  • Quid Pro Quo: This attack may involve an attacker who spam calls people and claims to be from an IT company. The user may be asked to disable his anti-virus program in exchange for a quick fix for his computer issue. Subsequently, the attacker may install a malware on the system in the guise of a software update.
  • Tailgating: This involves an attacker getting access to a restricted area of an organization through an authorized employee. Tailgating may also be carried out by borrowing someone’s computer or laptop for some work but actually installing malicious software.

Tips To Prevent Social Engineering Attacks

  • Beware of unsolicited IMs, emails or phone calls
  • Keep your anti-virus software updated
  • Do not give out your personal information, such as user name, password, credit card number, social security number etc. to anyone
  • Ignore phone calls or emails asking for financial information or passwords
  • Do not download attachments or open embedded links from unknown senders
  • Check website URLs before opening
  • Reject requests for online tech support
  • Lock your laptop or computer while leaving your workstation
  • Use two factor authentication to log in to all your online accounts

For more information on preventing social engineering attacks, contact Centex Technologies at (972) 375 – 9654.


Credit Card Phishing Scams And How To Protect Against Them

November 17, 2015

With credit card becoming the most preferred mode of payment these days, phishing scams have also risen massively. Phishing is a form of hacking attack wherein cyber criminals contact the users in the guise of legitimate and credible companies to extract their credit card information. Once the details are obtained, the cyber criminals use it for malicious purposes.

Here are some of the common ways through which credit card phishing scams are carried out:

  • Fake Emails: Phishing attacks usually involve fake emails that create a sense of urgency or require the user to visit certain website immediately. These emails usually have a form to fill personal information, including credit card number or bank account details.
  • Malware Installed On Computer: The cyber criminals may download and install malware on the user’s computer through malicious advertizements, pop-ups, email attachments or simply by visiting a spam website. Once your computer is infected, the malware will steal your credit card information and send it to the hacker whenever you make an online transaction.
  • Spam Links: The user may receive a spoofed email with an embedded link to a website that appears to be legitimate. These websites usually requires confirmation of the user’s credit card number, expiration date and security code.
  • Fake Phone Calls: The hackers may also make a forged phone call impersonating a known credit card company or bank customer service executive and ask the user to verify his credit card details.

Tips To Protect Against Credit Card Phishing Scams:

  • Install and frequently update the anti-virus software, spam filter and spyware remover on your computer.
  • Do not share your credit card details with anyone and choose a strong as well as lengthy password for all online accounts.
  • Never use public computer systems or Wi-Fi networks for online banking or shopping.
  • Even if you receive a legitimate email with an embedded URL, do not click on the link. Instead, manually type in the website address in your browser to visit a genuine site.
  • Install software and applications only from credible sources.
  • Regularly check your credit card statements and if you find any suspicious purchases, immediately bring it to the notice of your bank.
  • Use zero liability cards as far as possible to avoid being accountable for unauthorized transactions ion your credit card.
  • Verify a website’s security by confirming that its URL starts with ‘https’ instead of ‘http’.

For more information on protection from credit card phishing scams, feel free to contact Centex Technologies at (855) 375 – 9654.


Internet Of Things: Security Risks And Challenges

November 9, 2015

The term – Internet of Things (IoT) essentially refers to a uniquely identifiable network of physical objects, such as wearable gadgets, smart phones, TVs, electronic appliances, cars etc., that are rooted with software, sensors and internet connectivity. These devices are able to connect and share information without requiring a machine-to-machine or human-to-machine interaction. While they can be a game changer in terms of the way we live our daily lives, being in nascent stage, IoT devices are still quite vulnerable to hacking attacks.

Here are some of the security risks associated with Internet of Things:

  • Data Breach: With the lack timely updation of security software, IoT devices can be at risk for exposing sensitive information to cybercriminals that can be used for malicious purposes. Hackers can stalk the different devices in an IoT network and steal the data shared between them. Data breaches can be a serious threat to the virtual security of individuals and organizations that use such devices.
  • Botnets: These are a group of remote computers, smart appliances and network connected electronic gadgets working together to achieve an illegal goal. The bots are usually transferred to these devices through insecure internet ports or spam downloads. A malicious code is used to infect the IoT devices and exploit the software on which they operate.
  • Cross-Device Access: IoT devices generally connect to a computer system, Wi-Fi network or smartphone to operate. This provides an additional route hackers can take to gain access to the information stored on all systems connected with the IoT device. By installing a malicious program or code on an IoT device, the attacker can get hold of entire network and system files. It also makes users vulnerable to a man-in-the-middle attack where hackers can intercept or modify information shared between two IoT devices.
  • Dos Attacks: A Denial of Service (DoS) attack involves using the bandwidth, network resource, CPU time etc. of a malware infected computer. The hacker attempts to flood the infected computer network with a huge amount of traffic that causes its functioning to cease. With Internet of Things, the hackers are easily able to access a number of interconnected devices through a single path.
  • Ransomware: This is malware based attack that limits or restricts the user’s access to an infected device unless he pays a certain sum of ransom to the hacker. With the increasing use of interconnected IoT devices, the risk for ransomware attacks has also escalated manifold.

We, at Centex Technologies, provide complete cybersecurity solutions to the business firms in Central Texas. For more information, you can call at (972) 375 – 9654.


Steps To Optimize Your Firewall Configuration

October 28, 2015

Firewall is an essential part of your organization’s network security. It works by monitoring all the incoming and outgoing traffic on your network to restrict any unauthorized access. It can also limit exposure by camouflaging internal network information from the public internet. Though its importance is well-known, many people do not optimize their firewall settings efficiently. Majority of the cyber-attacks occur mainly because of flaws in a network’s firewall configuration.

Here are some steps that you need to follow to optimize your firewall configuration:

  • Filter Outbound Traffic: You must constantly monitor your server to detect and remove any unwanted or unauthorized traffic. Denied or dropped outbound requests hitting the firewall should also be tracked. Subsequently, the network administrators should reconfigure the firewall to prevent such unauthorized servers, thereby eliminating load from the firewall.
  • Minimize Privileges: You should set specific configuration polices to filter traffic on your organization’s network. Each user should be given the least level of privileges that are absolutely required for him to work efficiently. This will reduce the chances of a potential data breach. You should also review your firewall policies frequently to determine any new applications and the connectivity they need
  • Run Only Required Services: Many organizations face security issues due to outdated or unrequired services running on their firewall. The best way to overcome this is to strengthen device security and ensuring that the firewall configurations are compliant before they can be used on the organization network. By modifying your device’s settings according to their functioning and usage, you can improve its security and minimize the chances of running a malicious service on your firewall.
  • Standardize Authentication Mechanisms: You should enforce the same authentication mechanisms across all your organization’s branches, even in remote locations. If not, the employees will be able to access online accounts with weak passwords without any limit on login failures on entering incorrect details. In such situations, hackers find an easy way to access the organization network through remote locations. Having a standardized authentication policy will minimize this risk and improve security.

It is important that you continuously monitor your organization’s firewall settings. However, by following these steps, you can improve overall network security and significantly lower the chances of a hacking attack.

We, at Centex Technologies, can help to optimize your organization’s IT security. For more information, you can call us at (972) 375 – 9654.


Protecting Your Financial Information Online

October 24, 2015

With the greater convenience and efficiency offered by online financial transactions, the need to safeguard your information has also increased. More and more people are using the internet for shopping, banking, paying bills, booking tickets etc. However, on the flip side, hackers have also found an easy way to steal the users’ confidential data such as passwords, credit card details, account numbers etc.

Here are some tips that will help to protect your money when you are making online transactions:

  • Be Careful Of Spammy Links: You should always type in the URLs manually for websites where you need to carry out any financial transaction. Clicking on links sent in emails, chat rooms, social networking sites and banner ads on suspicious websites may redirect you to a spam website.
  • Pick A Complex Password: One of the biggest mistakes most people make is using their personal information, like name, pet’s name, date of birth etc., as passwords for online accounts. There are many programs that scan personal information through Facebook accounts and make it easier for the hackers to guess passwords. Make sure you create a strong password, at least 8 characters comprising of letters, alphabets and special characters.
  • Check The URL: While visiting a website that requires entering your sensitive information, you should check and verify that the link is genuine. You should carry out financial transactions only on websites that start with ‘https’. This will ensure that the data you enter is properly encrypted and secure.
  • Get An Additional Credit Or Debit Card: You can also consider having an additional credit or debit card to be used solely for online transactions. Restricting limit for the credit card or holding a limited amount of money on your debit card can help to mitigate the consequences of a hacking attack.
  • Eliminate Vulnerabilities: You should always keep updating the operating system and the applications on your device to eliminate any vulnerability that can be used for malicious purposes. The anti-virus and anti-spyware software should also be installed and regularly updated with the latest security patches.
  • Avoid Using Public Computers Or Internet: As far as possible, you must try to avoid accessing your online banking or shopping accounts on public computers. These systems might not have proper security updates installed and intercept your personal information. Even when using a personal device, avoid connecting to an open or unknown Wi-Fi network. It is possible that hackers might be intercepting the traffic or decoding the information you are sharing over the network.
  • Use Virtual Keyboard: When banking online, you should use virtual keyboard to enter your password or other important details. It automatically encrypts your details and reduces the risk of password theft.

By following the above mentioned tips, you can efficiently protect your personal and financial information from being accessed by the cybercriminals.