What Is Vishing & How To Avoid It

Vishing is the term used for voice or VoIP (voice over IP) phishing. It is a social engineering attack that is launched with a primary goal to extract user’s confidential information and is usually done using an automated dialing and voice synthesizing equipment.

Vishing works just like any other phishing scam. The imposter generally pretends as someone from the bank or as a government representative seeking information. Sometimes, the fraudster may even use voice to text synthesizers or recorded messages to masquerade himself. The attack is launched with an intention to gain access to a person’s PIN number, credit card details, passwords, social security number etc. In most cases, the scammer is successful in making the victim part with their credentials.

When a vishing attack is launched, either of these things happen 

  • A person will receive a call. On answering that call, an automated voice system will ask the victim for their personal information.
  • Sometimes, a fraudster will call the victim and inform that they should call their bank to avail some offer or to provide certain information. The victim then hangs up the phone to dial bank’s number but fraudster doesn’t and keeps the lines open. Victim hears a spoofed dialing tone and some other scammer answers the phone call. They impersonate their identity as bank official to steal the required information.

How Do They Obtain Your Number?

There are several possibilities by which the fraudsters obtain your number. Some of which are

  • Using stolen phone information
  • Auto – generated numbers
  • Numbers and details compromised in a previous data breach

Techniques Used By Them

  • Impersonate As Genuine Callers – There is high probability that these scammers already have your personal information and address you as genuine people over the phone.
  • Holding The line – Sometimes, cyber criminals hold your call. They then direct your call to another scammer when you call them back.
  • Sense Of Urgency – The most common approach is to incite fear in the mind of a person. The caller makes the victim believe that their money is in danger. He/she then acts hastily without thinking much and commits the mistake of sharing their confidential information with the fraudster.
  • Phone Spoofing – The number from which the call comes seems to be genuine and so you believe what the caller says, often ending up in sharing your login credentials or passwords.

How To Avoid Them

  • Never Share Your Personal Information Over The Phone – If you pick a call that seems to be from a legitimate caller, never share your personal information over the phone in the first place. No bank or government institution will ask you to provide your credentials over the phone. In case they do, then ask the caller’s name and tell them that you would call them back after some time. Search for the bank’s official number and inquire from them about the call.If you sense something suspicious then there are chances that the call was a vishing attack launched at you.
  • Use A Caller ID App – There are numerous apps such as Truecaller that allow you to know the callers identity. It has billions of spam numbers locked in their database and if you come across such a number then you can also add it to their spam database.

For more information on IT Security, call Centex Technologies at (254) 213-4740.

, ,

Ways to Make Using Dropbox Safer

Dropbox was started off by a MIT student, Drew Houston after he felt the need for a service that would allow him to easily access & share files. Ever since, Dropbox’s pace of growth has been magnificent. With over 500 million users around the world, it has come a long way from the time it was first launched in 2007.

People can easily store their files online and can access it from anywhere & on any device which has Dropbox installed in it. However, there are certain security concerns that the users must pay a heed to.

What Are The Possible Issues?

  • Data Retention – Users must be extra careful about the data they provide as when they sign up, they are required to fill information like username, password, phone number etc. which are then retained by the company. The data is retained by Dropbox even if you delete your account. This is done to comply with legal obligations.
  • 3rd Party Logins – If you are using your Google account or other 3rd party portals for logging in Dropbox, people with access to your Google login can also gain access to your Dropbox files.
  • Data Sync: Improper syncing of data on multiple devices can increase chances of data being accessed by other people. Let alone personal security, it has brought about serious security threat to employees and organizations following BYOD culture as IT department has little control over files that their employees sync with their Dropbox account.

How To Make Using Dropbox Safer

  • Enable Two-Step Verification – Normally a person fills in a password to login.  However, passwords may be weak & easy to hack. Thus to overcome this lag, two factor authentication is a great alternative. It ensures that a code is sent on your mobile phone every time you log into your Dropbox account. This makes it secure as it requires you to add the one time password sent on your device.
  • Unlink Old Devices – The primary benefit of Dropbox is that you can access your files from any device & from any part of the world, as they are saved online. With time, we change our devices but our Dropbox account stays linked with our old devices too. This poses a serious security threat. So, it is important to keep a tab over the devices it is linked to. If there are some devices which are no longer in use, then delink your account from them.
  • Set Up Email Notification – You can make necessary setting onto your email account and it shall notify you of any activity in your Dropbox.
  • Manage App Access – For better Dropbox experience, you may allow third party apps or device data storage to grant access or “sync” to your Dropbox account. Overtime, one often forgets which apps were granted permission to access your account. If there is an app which is no longer being used by you then it is best to rescind access to such an app.
  • Encrypt Your Files – You can use third party solutions to encrypt your files before uploading them on Dropbox for an additional layer of security.
  • Use Strong Passwords – The most common way to protect your data stored on Dropbox is to use strong passwords that are difficult to guess and hack by cyber- criminals. This way you move a step forward in ensuring security of your private & confidential data.

To get more information on IT Security, call Centex Technologies at (254) 213-4740.

All You Need To Know About WannaCry Ransomware

PDF Version – All-You-Need-To-Know-About-WannaCry-Ransomware

,

Pros And Cons Of BYOD Culture

Times have changed and this has brought a significant switch in business sector too. With BYOD (Bring Your Own Device) culture now ruling the picture, more and more employees are bringing in their own smartphones, laptops and tabs at the workplace to perform their tasks. There are certain things which go well with BYOD and have benefited the organizations whereas there are some limitations too which it has brought along. Let’s go through the pros & cons of BYOD culture.

Pros Of BYOD

  • Convenience – The greatest advantage is that they do not have to carry two devices along. Since, they can work from their own devices, they are easily reachable if a sudden or urgent business task arises. So next time if you ask your subordinate to send you an email they can easily send it from their own device.
  • Employee Satisfaction – When employees are allowed to work on the devices they are already comfortable working on, then it can significantly contribute towards employee satisfaction. Also, this way their productivity increases which gives them enough time to think innovatively.
  • Cost – If employees work on their own devices it means that the company need not invest on laptops and PC’s for them. So, it is a cost effective strategy that helps companies in saving thousands of bucks.
  • Take Advantage Of Newer Technologies – Updating company software and upgrading hardware on regular basis equates to shelling out dollars at the company’s end. Whereas, when employees are allowed to use their own devices, you don’t have to worry about this at all. Employees will themselves get their devices upgraded with latest technologies & software’s which shall indirectly help company reap huge returns.

Cons Of BYOD

  • Security – One of the major concerns surrounding BYOD is security. It is very difficult to overcome this challenge. Many employees have access to confidential information as well as logins & passwords details. If a virus creeps in their device it might also leave your official information susceptible to data breach.
  • IT Support – It is always easier for people from IT team to fix and deal with devices of similar kind. Things have become complex with the rise of BYOD culture, where each employee brings in their own device. Somebody’s device might not support a program/ format that runs on the other person’s device. In such a case, it becomes difficult for the IT department to fix these issues and ensure that all the systems on the network are compatible with each other.
  • Difficulty In Retrieving Data – Since all the official data is available on the employee’s device as well, it becomes difficult to retrieve it when once he/she leaves the organization.

The smartest move is to educate your employees and keep them informed about device safety. For more information on IT Security, call Centex Technologies at (254) 213-4740.

Better Alternatives To Setting Passwords

Till date, passwords were the most widely used way for authentication and to keep critical information secure. However, given the present scenario and state of cyber security it can be stated that traditional password systems have not been able to meet the security challenge. As per a report by Verizon, 81% of data breaches in 2017 were either due to stolen or weak passwords.

What Is The Problem With Passwords?

First, passwords are not secure at all. A weak password can easily be guessed or hacked by the cyber attacker leaving the user’s confidential information at risk. Secondly, a strong password is formed by the combination of alphabets, numerals and symbols. With an intention to set a strong password that is not very easy to hack, people complicate it too much and quite often forget it (now that’s a valid paradox).

Thirdly, employees often expose the organization to risk due to their carelessness. Writing the passwords and sticking them up on their desks in order to remember and keep them handy is the most common mistake and is a serious security threat. Also, it is very difficult to remember so many passwords for different login credentials which is why an alternative to setting passwords is required.

Better Alternatives To Setting Passwords –

Biometrics
– With things like Apple Touch ID, Face ID passwords, unlocking using fingerprints etc. biometrics has gradually ingrained itself into our lives. It is an excellent alternative to using passwords as it involves our unique biology which makes it difficult to forge or hack. From fingerprints, eye retina scans, face scan etc. are all widely being used by people today. Also with time, more and more devices are becoming compatible to biometric verification.

Two- Factor Authentication
– It provides an added layer of security. It uses a piece of information that only the user knows apart from the username and password. Either a one-time password that is sent to the user on their mobile phone or a specific user information that only he/she knows makes it difficult for cyber criminals to hack the password.

Heart Rate – Another safe alternative is using a security technology that resorts to heart rates of a person. Now this is something that is quite difficult to hack as each person has a unique heartbeat.

Security Tokens – There are two types of tokens – soft and hard security token. They are not connected to a network and generate one time passwords instead making them a great alternative.

With the evolving technology, there has been a paradigm shift in techniques that are opted to protect the confidential information. As predicted by Bill Gates in 2004 at a RSA Security Conference, passwords would soon become extinct as people are now opting for other alternatives which seem to be safer somehow.

For more information on IT Security, call Centex Technologies at (254) 213-4740.

,