Things To Know About Online Coronavirus Scams

The sudden outbreak of Coronavirus infection has taken the world by surprise. In order to fight against the disease, people are trying to keep themselves updated on any news related to the same. However, cybercriminals are using this as an opportunity to lure people into their scams.

Here is a concise guide to help you understand more about online Coronavirus scams:

What Is A Coronavirus Scam?

Coronavirus scams are similar to other malware scams. The attackers trick the users into opening infected documents and files under the pretext of offering more information about the virus. Once a user clicks to open these files, the malware is downloaded and installed.

What Are The Commonly Used Pretexts?

The scammers may pose as healthcare officials and offer information related to symptoms or prevention of the coronavirus infection. Alternatively, some scams use the disguise of documents offering update information on the number of infection cases or death tolls across the globe. The scammers use threat headlines that state the viral infection has spread to the victim’s home city and motivate the victim to enter his details for reading more information.

Some scammers are preying on the people’s willingness to provide support to infected patients. Such scam emails may be titled “URGENT: Coronavirus Spreads – Can we count on your support today?”

How Do These Scams Operate?

There are two main types of scams being launched by cybercriminals: Email scams and website scams.

  • Email Scams: The scammers send out emails that may offer more information about the coronavirus infection or provide a link to donate for supporting the affected patients. In either case, the email includes a disguised link for further information. The link usually starts with ‘HXXP’ instead of ‘HTTP/ HTTPS’. Once the victim clicks on the link, it opens a form or application page. This form is programmed with malicious code to steal personal information and credit card details.
  • Website Scams: A simple example of a website based scam was recently discovered. The website purported to provide an updated number of coronavirus cases on a global map. However, it was embedded with an info-stealer. The code had a hidden file with the name ‘corona.exe’. Further research indicated that this malware is a variant of the malware AzoreUlt.

Irrespective of the mode of infection (email or website), the malware is focused on stealing personal information or gaining remote access to the victim’s computer system.

How To Secure Yourself Against Coronavirus Scams?

  • If you receive an email, check the sender’s email domain and other URLs included in the email to see if they match the name of the organization that the sender claims to be associated with. You should not be clicking on the URLs without verifying the geniunity.
  • Be wary of login pages with unfamiliar URLs.
  • Instead of clicking any hyperlinks provided in the email, copy and paste the URLs into your browser.
  • If any email or website creates a pressure on you to act immediately, refrain from it.

For more information on Online Scams and how to stay alert, call Centex Technologies at (254) 213 – 4740.

, , , ,

Points To Consider While Securing MSPs

PDF Version: Points-To-Consider-While-Securing-MSPs

, , ,

Marketing Your Brand In A Cyber-Secure Way

With a rising number of social media users across the globe, social media has become a popular marketing platform among organizations. It allows marketing professionals to reach out to a wide spectrum of customers and customize their campaigns accordingly. Despite an array of benefits offered by social media or digital marketing, businesses need to be very cautious before moving along this path.

Main reason behind the required caution is that social media marketing is susceptible to cyber threats. Lack of thorough consideration and security may lead to damaged brand image, loss of data, alienated customers and financial loss.

Following are some points to consider to market your brand in a cyber-secure way:

Be Cautious Of Who Manages Your Social Accounts: Careless handling of social media accounts can lead to both financial as well as credibility damages. A popular example of social account mishandling is the hacking of the Burger King social media account in 2013. The attackers hacked the twitter account of Burger King and changed its profile picture to McDonald’s logo. You would certainly not want your customers to think of your competitor when viewing your account or advertizement. In addition to harming your reputation, a hacked social media account results in leakage of your customer’s data such as social media username/password. For securing your brand’s accounts, assign a dedicated admin to a social media account, set up a secure password and limit access to intruders.

Careful Posting: Create guidelines for governing social media posting on behalf of your organization. The guidelines should clearly state the kind of content to be shared, the type of wording that can’t be used, and the information that needs to be kept confidential. Also, make sure that any link shared by or to your account is secure. Establish a verification process for every post before uploading it on your social media account.

Manage Vulnerabilities: Make it a point to take care of in-house vulnerabilities. Although social media can act as a gateway for social media hackers, you can stop the hackers if your company has additional security. For managing in-house vulnerabilities, take account of the following steps:

  • Update your firewall and antivirus software regularly.
  • Make sure that your servers are updated and encrypted.
  • Back up your data on an off-shore location or cloud.

Educate your employees on following proper security measures while posting on the company’s social media posts using a mobile device.

To know more about how to keep your applications secure, contact Centex Technologies at (254) 213 – 4740.

, , ,

Harnessing The Power Of Identity Management In The Cloud

In order to understand the concept of Identity Management, let us consider a simple scenario. If a user locks himself out of a personal email, he can simply reset the password and log in. The only requirement is that the user has to prove his identity by answering some security questions or through other means like providing OTP (One Time Password) sent by the service on user’s email/ mobile. However, the scenario is not so simple for users in a business environment.

To simplify the process for business users, most of the cloud based applications uses an Identity Management Service, commonly known as IDaaS.

What Is IDaaS?

  • IDaaS stands for Identity-as-a-Service. It is an Identity and Access Management (IAM) service that is offered through the cloud.
  • Organizations use IAM to provide secure access to its employees, contractors, customers, and partners. The main purpose of this system is to verify the identity of the person requesting access.
  • The system uses different ways to confirm identity.
  • Once identity is confirmed, IDaaS provides access to resources depending upon permissions granted.
  • Since IDaaS is deployed on the cloud, user can request secure access irrespective of his location or the device being used by him.

Reasons To Adopt IDaaS:

There are three main reasons that support the increasing adaptation of IDaaS by organizations:

New Capabilities: IDaaS facilitates new capabilities such as Single Sign-On (SSO). This allows business users to access multiple resources using a single login. When any user logs in to an application, IDaaS creates a token. This token is then shared with other applications. Thus, users are not required to sign in repeatedly for individual applications. Other capabilities supported by IDaaS include Security Assertion Markup Language (SAML), OAuth, OpenID Connect (OIDC), etc.

Easy Implementation: Another driving factor behind adapting IDaaS is that it is easy and quick to implement. The hardware required to implement is easily provisioned by the provider and it takes a few weeks or months to implement it. Additionally, in case you are reluctant to switch to IDaaS after trying it for some time, it can be easily uninstalled.

Innovation: Some major hurdles that stop organizations from pursuing innovation are understaffed IT teams, lack of technology, complicated IT infrastructure, etc. IDaaS removes these barriers and allows business organizations to innovate their processes, products, and marketing strategies.

For more information on Identity Management for cloud based solutions, contact Centex Technologies at (254) 213 – 4740.

, , , ,

Tech Support Scams: Everything You Need To Know

Tech Support Scams is a million-dollar industry that is known to be existing since 2008 and is at its all-time peak. It targets innocent people into spending hundreds of dollars by tricking them with non-existent computer problems. In order to secure yourself from ever-rising Tech Support Scams, it is important to understand what these scams are and how do they operate.

What Are Tech Support Scams?

Tech support scams trick people by making them believe that their computers have encountered a technical problem. The scammers motivate the victims to make a payment in order to get rid of the problem.

How Do Tech Support Scams Operate?

The tech scammers implement a variety of tricks to target the victim. Following are some of the common ways used by the scammers:

  • Cold Calls From Fake Agents: The scammers operate from discrete locations and call random numbers from a phone directory. The scammers use VoIP technology to hide their actual number and location. They pose as technical agents from software companies such as Microsoft, Windows, etc. They take control of the victim’s computer and send fake error reports. Once the victim is convinced, they collect money for mending the error. The best way to secure yourself against these scams is to ignore such fake calls.
  • Toll-Free Numbers From Fraudulent Tech Support Companies: These companies advertize heavily on popular search engines or heavy traffic websites to build trust and attract customers. Once a customer calls these technicians for a minor service such as software activation, these technicians introduce fake pop-ups on the customer’s computer stating that the system is infected. Thus, the customer ends up paying hundreds of dollars for ‘Windows Support’. In order to protect yourself from such scammers, it is imperative to be careful while choosing a technician or tech support company.
  • Screenlockers: This method has gained popularity recently. The scammers spread malware with the purpose of locking the user out of his own system. The malware poses as an installer for legitimate software. Once installed it may either result in a ‘Blue Screen Of Death’ or show a message that you are using an expired software. In the case of BSOD, the screen will show a few numbers for seeking help. If the message indicates an expired software, it will ask for a license key. The message may include a number and some links for popular remote assistance sites/software such as TeamViewer. The scammers ask the user to install the software and share the access id in lieu of gaining access to rectify your computer’s problem. The underlying motive is to sell you overpriced solutions and ‘service contracts’.

What To Do If You Have Given Access To The Scammers?

In case you have already granted remote access to the scammers, follow these steps to reduce the impact of the scam:

  • Revoke the access or restart your system to expire the session and remove the scammers from your system.
  • Run a malware scan as the scammers may have installed malicious software like password stealers in your system.
  • Change all your passwords and update your security protocol.
  • Run a ‘System Restore’ to restore any missing files or software from your system.

For more information on new Tech Support Scams, call Centex Technologies at (254) 213 – 4740.

, , , ,