Need Reliable Computer Support & IT Services? (703) 493-1796
Need Reliable Computer Support & IT Services? Call NOVA Computer Solutions at (703) 493-1796
I Was Hacked – Don’t Make The Same Mistakes I Did
I wish I knew all of this a few months ago. I’m writing to tell everyone who will read this that the email you think is from a trusted source may really be from a hacker. Last fall, a new, sophisticated spear-phishing campaign was sent to employees that handle company finances. One of those companies […]
I Was Hacked – Don’t Make The Same Mistakes I Did
BYDaniel De Steno|March 5, 2018|Business IT Articles, News, and Tips
I wish I knew all of this a few months ago. I’m writing to tell everyone who will read this that the email you think is from a trusted source may really be from a hacker.
Last fall, a new, sophisticated spear-phishing campaign was sent to employees that handle company finances. One of those companies was mine. (I’m writing this anonymously because I don’t want my clients to find out what happened.)
Hackers are now masquerading as trusted business contacts. They’re pretending to be employees from vendors’ accounts payable departments, or other financial entities in an attempt to steal money.
If you don’t know, the term for this is spear phishing. Spear-phishing emails look like they’re from a trusted source but in reality, they’re sent from hackers to obtain classified financial or other private information. One of my employees got fooled.
Today’s hackers can easily find out who your trusted contacts are and will impersonate them in order to trick your employees into either sending them money or providing them the means to gain access to your accounts.
How did the hackers succeed in robbing my business, you ask? Well, they simply spoofed the name in the “From” field in an email. It appeared to be one of our vendor’s emails, but in reality, the email came from a thief. I’ve learned that core SMTP doesn’t provide authentication, so it’s easy to forge and impersonate emails. I didn’t know that then, but I do now.
Since then I’ve done some research. What I’ve learned is that there were two different spear-phishing emails that went out. One message said that an invoice was due and read, “I tried to reach you by phone today, but I couldn’t get through. Please get back to me promptly with the payment status of this invoice below”. In the context of the message was a fake link for the employee to click to view and pay the invoice. This is the one that fooled my worker.
The other message read, “I’m providing you with my new address and invoice details below”. This one had a link for the recipient to view the new address to send payments to. Be sure to watch out for these emails; I’m sure they’re still circulating.
The majority of account takeovers today come from spear-phishing attacks like this where someone gets tricked into releasing private credentials and information. Plus, spoofed emails can also contain additional cyber threats like Trojans or other viruses. These can cause significant damage to your computers and even delete your files. Luckily, this didn’t happen to us.
I’ve also learned that cybercriminals are increasingly using spear-phishing attacks because they succeed. Ten targeted messages have a better than 90% chance of getting a click. Even CEOs get spoofed and share usernames and passwords.
The problem is that these attacks are becoming more sophisticated all the time. While we’re busy working trying to grow our businesses, the cybercriminals are working to find ways to trick us out of our money. These are no longer lone attackers, but professional, global organizations working to find better ways to hack into our bank accounts.
Now I know better. I know how to protect my business from these spear-phishing attacks and other types of cybercrime. Here’s what we’ve done, and you should do as well:
Stay Vigilant
By far, the number-one thing that you can do to is to be as aware as you can about the types of threats you’re facing. Contact your IT provider and ask them to conduct Security Awareness Training for you and your employees on a regular basis. They are apprised of the latest cyber threats and how to protect you from them.
Plus, always view email messages with a high degree of skepticism. Hackers are clever — you and your employees must be even more so. Hover over the email address in any message that asks you to do something. Never click on a link in an email. Always go to the website you know is correct. Remember, secure websites always start with “https” and not “http”.
Your employees are your first line of defense to keep your information and computers safe. By properly teaching them how to deal with cybersecurity attacks, you can lower the chance that your business will be affected by a security breach.
Unfortunately, many organizations train employees on security awareness only once or twice. Cybercriminals are constantly developing new techniques to trick people into giving away confidential information or downloading malware. It’s critical to conduct recurring security training to ensure your employees stay up to date on the latest security threats and how to avoid them. Regular reminders, such as changing network passwords or recognizing the latest spear-phishing scheme will save you a lot of trouble in the long run.
Make Cybersecurity a Priority
Always back up your files to an external hard drive or secure cloud storage. My Managed Services Provider says that it’s best to use a comprehensive solution with remote, offsite backup and data recovery services to ensure our business information is safeguarded and files are recoverable. Your Managed Services Provider should do this for you as well. They can also keep your security solutions up to date.
In ours and other cases, the spear-phishing attacks could have been blocked with the latest Email and Spam Protection solutions. These provide:
Anti-Spam, Anti-Virus and Anti-Malware solutions that scan your incoming mail, and block spam, malware, and phishing attempts.
Firewall Management that determines if an address that’s trying to connect to your computer is one that can be trusted. If not, it denies access.
Outbound Mail Scanning so that if one of your computers is infected with a virus, your outgoing mail services aren’t compromised. This is important because it will keep your company off spam lists and blacklist
Remember this: Although you probably use firewalls, unless you take precautions to protect your emails, your overall security could be compromised.
Change Your Thinking
Acknowledging that this can happen to your business is important. Don’t think that because you run a small business that you won’t be attacked – this is what I thought, but it’s just the opposite. Small and midsize businesses are a prime target for today’s cybercriminals because they typically don’t have the protections in place that larger enterprises do.
Get ready for a cyberattack. Hire expert cybersecurity consultants to go over your digital assets and identify any potential vulnerabilities they find. Educate yourself on the latest cyber threats and let the experts help you protect against them.
Unfortunately, there’s no way to avoid being the target of spear phishing or other forms of cyberattacks – if you think otherwise, you need to change your thinking right this second. If you don’t, you’re setting your business up for theft. If you haven’t done so already, you must lay out an actionable plan of defense to prevent your employees and business from becoming victimized.
My company does all of this now – I don’t want to be robbed again. Furthermore, I’ve contracted a really great Managed Services Provider to ensure I’m not at risk.
Schedule you free consultation by filling out the form below.
NOVA-MAINTAIN Program Terms and Conditions
This Agreement was entered between NOVA Computer Solutions L.L.C. referred to as “NOVA” and the above referenced client also referred to as “Client”. The parties agree to abide by the terms and conditions as set forth in this agreement.
Period of the Agreement: This Agreement is effective as of the contract effective date and remains in effect for 36 months. The contract is renewed automatically after the initial 36 months on a 12 month basis. Upon termination there shall be no refund or credits allowed.
System Maintenance Services: Professional services include, but are not limited to time spent – either at Client or NOVA’s site. (a) Exclusions: Unless so specified, the Covered System does not include any cabling, or any wiring external to the Covered System, telecommunications devices (including modems), peripheral equipment, software. In no event shall the Covered System include removable magnetic or optical media, ink ribbons, toner cartridges, paper or other supplies, expendables or services.
System Maintenance Services: NOVA shall perform Virtual Maintenance Services at least once per month. If client experiences a Major Alarms the client will notify NOVA by telephone. Client shall cooperate with NOVA’s reasonable requests for assistance to determine the cause of the reported problem and whether an on-site Maintenance Service visit is required. NOVA may assist Client with additional services outside the scope of the Maintenance Services. This assistance will be billed at NOVA’s prevailing hourly rate.
Fees: The monthly Fee shall be invoiced in full at the beginning of every month. Any other amounts due hereunder, including the applicable Surcharge Rate or any reimbursable out-of-pocket costs, shall be invoiced monthly as well. The rate for additional time needed per month for System Maintenance Services will depend on the package you select. No Travel Cost Within in 25 Miles of Primary Support Office, Discounted Rate for over 25 miles.
Certain Client Responsibilities: Client shall ensure that: (I) all software and hardware is installed and operated according to applicable manufacturer specifications; (ii) all upgrades and releases have been properly installed; (iii) a uninterrupted and suitable power supply and other environmental conditions have been implemented and maintained; (iv) suitable surge protection devices have been implemented; (v) no other equipment or software having an adverse impact on the system have been introduced; (vi) no repair attempts or other changes have been made other than by or with the express approval of NOVA or the applicable manufacturer, (vii) the systems haven’t been mishandled, neglected, abused, damaged by fire, lightning or water, or otherwise subjected to unusual electrical or physical stress (viii) Client periodically makes and stores in a safe place archival copies of all software and all valuable data. (a) Failure to Comply. NOVA may refuse to provide Service or may treat any such work as Other Billable Maintenance Service at NOVA’s prevailing hourly rate.
Cancellation Policy: NOVA or Customer may cancel this contract for any reason with 90 days written notification.
Limited Warranty: Client must notify NOVA of any dissatisfaction, problems, or concerns within 3 days of the date the services were provided. Client will grant NOVA a reasonable amount of time to resolve problem to Client’s satisfaction. NOVA represents and warrants that it will use its best efforts to perform Maintenance Services in a competent and workmanlike manner.
Limitation of Liability: NOVA shall have no liability or responsibility to Client or any other person or entity with respect to any liability, loss, or damage caused directly or indirectly by a manufacturer or third party equipment or programs sold or provided by a manufacturer or third party. This includes, but not limited to, any interruption of service, loss of business or anticipatory profits, or consequential damages resulting from the use or operation of the equipment. NOVA shall not be liable for any loss of data at any time, under any circumstances. Client is responsible for backing up all its data before NOVA performs any service.
Late Charges, Collections and Attorneys’ Fees: Client will be charged $40.00 for each returned check. Client will be responsible for all attorney fees and costs incurred and collection fees. Any late payment shall be subject to any costs of collection, reasonable legal fees and shall bear interest at the rate of eighteen (18) percent per month or fraction thereof until paid. Client shall pay amounts invoiced under the terms of this Agreement within seven (7) days after receipt of invoice. In any dispute, action, arbitration, bankruptcy, probate, or administrative or judicial proceedings, or any settlement thereof, NOVA shall be entitled to recover attorney’s fees and costs.
Fee Increases: This contract has an automatic 5% increase yearly and NOVA reserves the right to revise fees at any time. NOVA will provide the Client of the updated fee’s, other than the automatic yearly increase, fifteen (15) days prior to the next month’s invoice.
I / We have read and understand the Terms and Conditions above and agree to be bound by them by digitally accepting the attached quote for services.
Free Dark Web Scan to Reveal Your Leaked Passwords