Coleman Technologies Blog

In the wake of Hurricane Beryl, businesses have another reason to reflect on data backup, disaster recovery, and business continuity. Since the hurricane made landfall in Texas, despite being downgraded to a tropical storm, it still caused over $5 million in damage to islands across middle America.

Hurricanes can cause significant damage and loss of life, and we would like to express our deepest best wishes to anyone who may have been impacted by the situation. While we hope that you made it out of Beryl unscathed, the same might not be said for your business’ technology and data systems.

We can learn about data backup and business continuity from this situation, specifically what it is, and reflect on why it’s required.

Understanding Business Continuity

In its most basic terms, business continuity is ensuring that you can maintain a certain level of operations, even under the worst possible conditions.

The idea of business “disasters” doesn’t amount to natural ones like a hurricane. It includes so much more that you don’t have much control over. You need to be ready to respond to these situations that might prevent your business from functioning as it needs to. Three-quarters of companies without a business continuity plan fail within three years of suffering from a disaster.

If this isn’t sobering enough, I don’t know what is.

Data backup is only one part of your business continuity strategy. We’ll go over some of the specifics of what you should aim for today.

How to Build Your Business Backup Strategy

To prepare your business’ backup plan, consider the following questions:

How many backups will you maintain?
You should have several backups in place that you can restore from, as you can never rely on one singular copy. You never know if it will be available, reliable, or configured appropriately. Maintain multiple backups so you have a dependable backup at all times.

Where are your backups stored?
You should store your backups in multiple locations, including at least one copy on-site and one off-site, preferably in the cloud. This ensures that your data will always be protected, even if one of your backups is destroyed by a disaster.

How often are backups taken?
You should take full advantage of backup tools that allow for incremental data backup. This will allow you to rewrite data that has changed since the last scan rather than rewriting the entire backup. These smaller-scale backups can occur as often as every 15 minutes, making them more reliable and less prone to data loss than the large, end-of-day backups that have traditionally been done in the past.

Implement Business Continuity and Data Backup Today

Your business shouldn’t have to suffer from a disaster, natural or otherwise. Business continuity and data backup address this pain point. Learn more about what we can do to preserve your business by calling us today at (604) 513-9428.

You might remember the buzz when Josh Allen, a digital artist, won first place at the 2022 Colorado State Fair for his digital artwork called "Théâtre D'opéra Spatial." The catch? He created the image using AI. Now, he’s in a fight with the Copyright Office to prove that his work deserves copyright protection.

Copyright Office Denies Copyright 

In 2023, Allen tried to get a copyright for his winning piece, but the Copyright Office said no—twice. They argued that Allen didn’t have enough control over the final image because he used an AI tool to create it. The Office explained that since Allen didn’t directly control how the AI responded to his instructions (or “prompts”), the image wasn’t fully his creation.

Allen Fights Back

Allen is challenging the decision, saying the Copyright Office was influenced by all the media attention his work got. He argues that the Office shouldn’t judge whether art is made by AI or by humans because it’s not always easy to tell. Allen thinks this sets a bad example for how AI-generated art is treated, especially as technology gets better.

He’s now going to court to explain that, while the AI helped create the image, he spent over 100 hours carefully crafting over 600 prompts to guide the AI in making the exact image he had in his head—women in Victorian dresses with space helmets, performing opera on stage. Allen believes that his time, effort, and direction make him the true creator of the artwork.

The Copyright Office’s Take

The Copyright Office agrees that Allen’s prompts are original and can be protected. However, they say the final image generated by the AI cannot be copyrighted because Allen didn’t create it entirely by hand. They also mentioned that if Allen had made more edits to the image, like adding a filter, he could’ve registered his copyright without any issues.

What’s Next?

It’s unclear how this case will end, but it highlights how tricky it can be to figure out who owns AI-generated content. Allen’s battle with the Copyright Office has been going on for a while, and it may take even longer to get a final decision.

So, what do you think? Should artists be able to copyright works made with AI, or does the fact that a machine did most of the work change things?

Sorry for the loaded title. There’s a lot to talk about, even for those of you who don’t use or even know what Telegram is.

We’ll try to sum this up, because we think there is a lot to say about security and the nature of technology in this, and like all things these days, there’s some odd rabble-rousing about this whole series of events. Who’s up for a wild ride?

Maybe you’ve seen the headlines:

Telegram Founder, Pavel Durov, Arrested in France

The entrepreneur is facing a pretty broad range of crimes. Let’s take a step back and explain who he is, and what Telegram is.

What is Telegram?

Telegram is a communications app. It’s an instant messenger, similar to WhatsApp (which is owned by Meta), Google Hangouts (which is owned by the owner of Google, Alphabet), and Signal (which is owned by the non-profit Signal Foundation).

Telegram is sort of unique, because it checks a few boxes that some users can’t get from other alternative apps, such as:

• Telegram offers end-to-end-encryption (E2EE). We’ll explain what that is momentarily, but it’s a big one.
• You don’t need a phone number to use it, so it feels less invasive and more private (and it’s also easier to make an account).
• Telegram isn’t owned by some major social media conglomerate like Google or Meta.

So this supposedly super secure, super private messaging app isn’t beholden to the two biggest giants in the tech industry, and that is pretty enticing to many people.

In fact, Telegram has an active user base of about 900 million users. Facebook Messenger has around a billion active users, and WhatsApp sits at 2 billion. This clearly makes Telegram a popular service.

End-to-End-What-Now?
End-to-End-Encryption is a really important feature of modern-day messaging apps. Most anything on the web can encrypt your communication. Technically, when you post something publicly on Facebook, there is a level of encryption that keeps your activity secure.

E2EE is where your information is encrypted, and it isn’t unencrypted until it gets to the intended recipient. That means, theoretically, that not even the app provider, the Internet Service Provider, or anyone in between can intercept and view your content.

When communication is E2EE’d, and you send me a message on Telegram, it means Telegram the company doesn’t know what you sent to me.

You can see why folks would like this, right?

In a world where it feels like you can mention something in passing, and have social media sites deliver ads to you about it within minutes, it sure can feel refreshing to have a communication app that promises to keep its nose out of your business.

Seriously—just a quick tangent. I was talking with my partner about a chain restaurant we went to on a recent trip. This chain restaurant doesn’t have locations anywhere near us. The closest one is a six-hour drive away. I mentioned it to them in the car. Obviously our phones were with us at the time. I’m now getting Facebook and Twitter ads about this chain. This happens a lot, and it’s a topic for a whole other blog. Stay tuned.

So Telegram is popular, and promises security. Sounds good, right?

Oh, one more thing about the whole privacy and security thing—Telegram only uses E2EE in calls and what it calls “secret chats.” Not all communication is encrypted end-to-end on Telegram. It’s worth mentioning that because users often claim that WhatsApp is less secure, but WhatsApp does encrypt all messages, calls, and video calls.

Overall, at least on the surface, there’s a lot to like about Telegram. It’s safer and more secure than most chat apps, and if you don’t like being married to Facebook or Google, it will likely check most of your boxes.

The Telegram Controversy

Everything sounds good, right? So why is the founder and owner of Telegram, Pavel Durov, being held in France?

This doesn’t happen very often in the tech industry, but Mr. Durov, 39, is being charged as being personally liable for the behavior of users on his app. The list of crimes he’s being charged for is pretty wide, but the short of it is that Telegram is being used for a lot of illicit activity. 

Pavel Durov was detained by French authorities and is being charged with complicity in managing an online platform to enable illegal transactions by an organized group. This could lead to a sentence of up to 10 years in prison.

Some of the other charges included complicity in crimes such as drug trafficking and fraud,  enabling the distribution of child sexual abuse material, and refusing to cooperate with law enforcement.

This is an extremely unique case because we rarely see big tech entrepreneurs held accountable for something that their products and services enable others to do. Telegram probably wasn’t inherently designed to do evil, but due to its privacy and security, it is a safe haven for criminals to commit crimes.

Modern Technology: Privacy Versus Moderation

How long have we (collectively, not just those of us at Coleman Technologies) been talking about the importance of security and privacy? How long has the world been talking about the level of moderation these massive communication platforms have (or don’t have)? It feels like it’s been a long time.

For almost a decade now, Facebook/Meta has been playing tug of war with itself when it comes to moderating and controlling what sort of content spreads easily and what doesn’t. We’ve seen a major social media platform all but die the goofiest death imaginable with Twitter (or X the Everything App if any of you happen to use its newly adopted name), all in the name of moderation.

Nobody likes to be moderated. Nobody likes their chats and conversations recorded and read for the sake of advertising or analytics. However, a complete lack of moderation seems to turn a platform into a Mad-Max-style playground for bots, scammers, and cybercriminals.

Maybe AI is the answer (but someone needs to moderate the AI, and AI is extremely easy for the savvy user to deceive). Maybe we need to rely on users to be better at reporting problems. 

There really isn’t a simple answer to any of this. We are all living in a world full of misinformation and opaqueness, and it’s very easy to become absolutely exhausted by it all. Of course, content moderation can quickly go too far, and nobody wants that either.

The Cybersecurity Take on All of This

First and foremost, Telegram, Signal, Google, Facebook—all of the platforms we mentioned today are all fine to use. No matter what technology you use, there are going to be people thinking about ways to take advantage of it.

Heck, my son can’t play Minecraft without someone coming in and cheating and sneaking away with all of his coveted diamonds.

If a technology interfaces with people, some people might try to spoil the experience.

That’s why it’s important that you make yourself aware of scams and exploits. All of those platforms mentioned above aren’t designed to share malware, but a person can figure out a way to trick you into clicking a link that infects your device. None of the platforms are designed for perpetuating abuse or selling illegal substances either, but people will find a way. No technology is perfect, and even if it were, when millions of people use it, some of those folks are going to be bad eggs.

This is an important lesson for cybersecurity. You aren’t in a constant uphill battle with Microsoft, or with the concept of malware. You are in a battle against people who want to upset your business and take your money.

I’d love to hear your thoughts. If you are a business owner who is stressed out about dealing with the complexities of technology, give us a call at (604) 513-9428, and we’ll do our best to simplify and optimize it for you!

One of the best things about the move towards streaming in media is that since people love watching real-life stories, studios have committed to creating documentary content that provides interesting perspectives. Many people don’t have a comprehensive understanding of technology, especially as it relates to real-world situations, so dramatized documentaries can be a good source of information. Today, we’re going to go through three riveting technology documentaries that are available on streaming services.

The Social Dilemma (2020)
Social media is one of the most important technologies developed over the past couple of decades. As with any transformative technology, the practices developed early on by developers to monetize seemingly “free” services have a major impact on users and the monstrous social media space as a whole. A saying that is repeated several times throughout the movie is, “If you’re not paying for the product, you are the product.”

The filmmakers use one-on-one interviews as well as actors who play roles that are supposed to represent an average family and their use of social media. This gives the viewer multiple perspectives to understand the documentary's central theme: that social media is a new market with a much different business plan than any other that has come before it: what is called surveillance capitalism. 

The documentary does an amazing job of explaining how social media negatively affects personal value, society, and other issues without the billions of users on these platforms even knowing that they are being manipulated at every turn. The Social Dilemma was directed by Jeff Orlowski and is available for streaming on Netflix. 

The Great Hack (2019)
The Great Hack isn’t about hackers, per se. It’s about the case of Cambridge Analytica, a company set up to mine data and manipulate people into changing how they look at the world. Centered around a pair of whistleblowers, the documentary tells the story about how the company unethically obtained a load of Facebook data to provide powerful clients the information they required to manipulate public policy.

The scandal was at the heart of the 2016 U.S. Presidential election and the British exit from the European Union (Brexit). The Great Hack sheds light on the ethical implications of data privacy breaches and the dangers of unchecked data manipulation through interviews with former employees, whistleblowers, journalists, and academics. The film raises important questions about the power of technology companies, the role of social media in shaping public opinion, and the need for greater transparency and regulation of these massive technology companies. 

The Great Hack was directed by Karim Amer and Jehane Noujaim and is available for streaming on Netflix. 

Deep Web (2015)
The Internet is much larger than the typical person experiences. Alex Winter, one of the great documentary filmmakers of contemporary cinema, explores the deep web in his 2015 film of the same name. The film features many issues, including the ethical use of technology, the dissolution of the Silk Road, a notorious illicit marketplace found on the deep web, and Bitcoin, the infamous cryptocurrency so often used in cybercrime.

The film explores the events leading up to the trial of Ross Ulbricht, the originator of the Silk Road, through the lens of his capture, the trial, and the immediate aftermath. In doing so, it serves as a historical account of what would soon be a common enough occurrence to be a part of the zeitgeist.

Deep Web was directed by Alex Winter and is available for streaming on Amazon Prime.

This is just a taste of the many documentaries discussing today’s technology and its intricacies in daily life. We encourage you to view these titles and continue exploring to learn more.

Over the past few years, huge scamming operations have operated in Southeast Asia, and now they are spreading. These scams—known as pig butchering scams—cause serious harm, as in an estimated $75 billion worldwide in 2023.

With these sorts of operations spreading, let’s go over what pig butchering is. 

What is Pig Butchering?

Traditionally, farmers process their swine to make them ideal for the market. Pig butchering scams do the same. Much like farmers fatten up their droves, these pig butchering operations will nurture a single target over time, building what appears to be a long-distance, intimate relationship with the target. Once the target is well and truly hooked, the scammer requests that they send cryptocurrency to help them get out of a jam.

The victim does so, and suddenly, a meaningful relationship is torn from their life as the scammer vanishes, off to swindle their next victim.

These attacks can leave their victims crushed, and it doesn’t help that the people running these scams are often enslaved themselves, abducted and forced to steal in exchange for freedom that likely will never come.

These operations have since spread from Southeast Asia to across the world. Dubai has become almost an epicenter for these activities in the past few years, with its massive international migrant population serving as a buffet of targets for the people running the scams to manipulate and effectively imprison.

Similarly, these scams have started stretching across Africa, as gangs operating in Nigeria and other countries have begun adopting these tactics as well. With a history of similar scams associated with that region and prefabricated pig butchering kits available for sale, it has become incredibly simple for these scams to spread.

These scam centers have also been spotted in Georgia, Peru, Sri Lanka, El Salvador, and the Isle of Man, meaning the chance of you being targeted only increases as time passes.

How You and Your Team Should Avoid Pig Butchering

While pig butchering scams generally target individuals, you want your team members to be as cybersecure as possible. After all, who’s to say that an online paramour wouldn’t try to convince them to steal your financial accounts?

Make sure your team knows about attacks like phishing and spoofing and how easy it is for scammers to mine the internet for photos and even videos to fool them… especially with AI now on the table. Your team must know and practice safeguards against these threats and the many others that are out there today.

This is a big part of how you need to prepare your business to contend with cyberattacks as well, and we can help. Contact us at (604) 513-9428 to learn more about what we can do to help protect your business.

Artificial intelligence is the latest IT buzzword that everyone seems to focus on and it’s because it is a big deal. Advances in computing have created an environment where developers can create software that effectively learns. Unfortunately, due to the nature of AI regulation; or, the complete lack of it, there are some who are concerned that the technology—which could be a revolutionary tool for the improvement of human societies—is being degraded.

“A Race to the Bottom”

One of the predominant AI researchers on the planet, MIT physics professor Max Tegmark made some serious statements about the current use of AI to The Guardian. Tegmark’s comments were:

“We’re witnessing a race to the bottom that must be stopped. We urgently need AI safety standards, so that this transforms into a race to the top. AI promises many incredible benefits, but the reckless and unchecked development of increasingly powerful systems, with no oversight, puts our economy, our society, and our lives at risk. Regulation is critical to safe innovation, so that a handful of AI corporations don’t jeopardize our shared future.”

His belief is that the more powerful the technology becomes without proper oversight, the more apt that it can go sideways and have dire consequences for society. As innovation of AI technology speeds up, it stands to reason that there are some truths behind his viewpoint. AI, at current levels, is set up to mimic human responses to queries, but can do it at a much faster rate due to these systems’ ability to pour through underlying data. Advanced AI, or what they are calling Artificial General Intelligence, describes systems that can surpass human intelligence and efficiency in ways that are reckless until other, more scaled-back systems are deemed to be good for humanity as a whole. 

It’s Science Fiction

So many Sci-Fi stories that deal with rogue AI have been created that it’d take an AI just to help list them all. These stories have almost always been created as cautionary tales, fashioned long before we had AI platforms. Most of these stories end with the destruction of humanity by their own creation. It’s hard to believe, as a layman, that the technology has already grown to the point where there are concerns over whether or not humans will lose control over it, but with respected academics obviously anxious over how fast AI is being developed, it may be prudent to take a step back and throttle back on the gas, as it were. 

Unfortunately—depending on your perspective—these AI initiatives have the full support of some of the largest and most important technology companies in the world. Microsoft, Google, Apple, Meta, and Amazon have all earmarked multi-billion dollar investments over the next five years; and if history gives us a glimpse on how this will go, they will be looking to bring to market products that will get them significant returns on their investments. Could this spell curtains for humanity? I sure hope not, but if you consider Tegmark’s comments, it could mean that it is in fact “a race to the bottom.” 

Potential AI Regulation

It’s not that uncommon to see times when industrialists and academics are at odds. People have a view that the more regulations you put on any system, the more you are confining it to mediocrity. AI is no different. In October 2022, the White House published a paper titled A Blueprint for an AI Bill of Rights. This is basically a document that was created starting a serious conversation about regulating AI and some rules that would keep it from being a blight on humanity. It was put together by government officials with The Office of Science and Technology Policy working with academics, human rights organizations, and even input from Microsoft and Google. Other nations have their own ideas for regulation. Japan, Singapore, and the European Union all have some AI-based regulation on the books, but outside of Colorado, there have been no sweeping mandates that would be controversial anywhere in the United States regarding AI regulation.

Ultimately, AI is a great tool that could really take humanity into the next phase of existence on this planet (and to others), but if people are reckless with it for the profit of private or public organizations, it could really end up being the end of humanity. Only time will tell. If you are interested in AI and other technologies, share this article with others and return to our blog soon.

Google’s Project Zero team has discovered 18 zero-day vulnerabilities impacting the Samsung Exynos modems—four of which enable remote code execution. Let’s talk about what this issue does, and what needs to be done to minimize risk.

These Threats are Severe and Need to Be Addressed

Without going too far into the weeds, some of these vulnerabilities—which, in addition to mobile devices, were also identified in wearables and vehicles—can be carried out with the attacker only knowing the target’s phone number and can give the attacker access to the device with no need for the target to provide access. In fact, a vulnerable device could be compromised without the target even being made aware.

Samsung’s list of impacted devices includes:

• Samsung mobile devices, including those in the S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series
• Vivo mobile devices, including those in the S16, S15, S6, X70, X60 and X30 series
• Google’s Pixel 6 and Pixel 7 series

Plus, any wearables that use the Exynos W920 chipset and vehicles with the Exynos Auto T5123 chipset are also impacted. It is also important to note that this is by no means an exhaustive list.

Patches Aren’t All Available as Of Yet, But There is a Fix

Because this issue impacts devices from so many vendors and manufacturers, patches aren’t necessarily available for everything that is going to be impacted. However, you should disable Wi-Fi calling and Voice-over-LTE to prevent the threat, and update your devices when patches are released.

For most of the common smartphones, like the recent Google Pixel phones and Samsung Galaxy phones, these updates were pushed out in the March security patch. If you own these devices, you need to make sure you apply these updates because not doing so will leave your device extremely vulnerable to attack.

We’re Here to Help You Manage the Complicated IT Businesses Require

Reach out to us for any assistance needed with implementing these fixes, or any of the rest of your IT. Call us at (604) 513-9428 today for help.

It is a legitimate question whether something is actually art if it isn’t created by a human being. That’s before you are exposed to it, however. In fact, an AI created a piece of art that was crowned the winner at the Colorado State Fair. Let’s take a look at AI art in the context of this competition.

Let’s dive in.

Are AI-Generated Images Art?

At the Colorado State Fair, there is a fine arts competition where Josh Allen won the first place prize in Digital Arts/Digitally Manipulated Photography for his image, “Théåtre D'opéra Spatial.” When Allen provided a glimpse into his process via Discord, however, he was met with scrutiny. He used an image synthesis model called Midjourney to create the image.

As Allen said in his Discord post, he “...created 100s of images using it, and after many weeks of fine tuning and curating my gens, I chose my top 3 and had them printed on canvas after upscaling with Gigapixel A.I.” As he reports, he “could not be more excited” that his “favorite piece” ultimately won.

The rest of the community was a bit more critical of Allen’s choice. The image was produced with little actual hands-on work from Allen. Instead, it was built using the input that he plugged into the Midjourney platform. Allen wrote in his official submission, “I generate images with MJ, do passes with Photoshop, and upscale with GigaPixel,” and even labeled his piece with “Jason Allen via Midjourney.”

As you might not be surprised to hear, people have opinions on this topic, and many of these opinions cannot in good conscience be shared here. Still, there are many who believe that AI-generated art signifies the “death of artistry” and wonder “if creative jobs aren’t safe from machines, then even high-skilled jobs are in danger of becoming obsolete [sic] What will we have then?”

Art is Created and Judged In Accordance with the Technology of the Time

We understand why this has people concerned, but the fact remains that the tools we use today are simply taken for granted. An artist named Rhea Edge listed tools, techniques, and artists that use them, as well as when the tools were introduced, then shows that these tools also were not received well at the time.

In particular, Edge discusses the development of the camera obscura, a darkened room with a small hole in one side that allowed images to be projected onto a wall. This photography went on to inspire innovations in the art that are seen in modern day photography at large. Tubed paint was also a problematic topic due to artists not mixing their own paints. Artists were criticized right up until the 1970s and 1980s for these practices.

Edge also points out that art tends to change over time, highlighting how long it took the Impressionist painting style to really become an established style in the art world.

One other artist named Brian Simpson examines technology’s role in the development of art. He indicates that miniature portraits were essentially cut out entirely by the advent of photography. Simpson is also an advocate for Allen’s AI-produced artwork.

“There is a mind behind it. The mind is deciding I want this image. And with this image, this is the word I want to use,” Simpson said, going on to reflect on how Allen produced 40 images, ultimately choosing the ones he submitted.

“You can argue that choice and self-curation is part of the art process,” said Simpson.

This statement makes it clear that the current state of image creation and artwork still involves much human interaction, especially to achieve outstanding results like with Allen’s piece. How long this remains the case, however, is yet to be determined.

What are your thoughts on AI-generated artwork? Do you have any strong opinions on this topic? Be sure to share them in the comments below—and remember that AI is very well-established in the business world, so consider implementing it for your own company’s needs!

Funerals are never to be taken lightly, which makes it all the worse that there are people out there willing to use these events to scam those in grief. Recently, Facebook has seen many groups that supposedly offer links to streamed funerals in exchange for credit card data, with different events being added more recently.

Let’s break down these scams and establish how to avoid them in your own life.

Scammers Claim They Provide Livestreams to Funerals

We’ve all lost someone important to us in the past, and there may have been times when we could not make it to their services or celebration of life. Scammers have realized this and are now creating Facebook pages that purportedly offer access to a stream of the event.

For instance, let’s pretend Bob P. Example recently passed away. Using the information about his planned services, a scammer can set up a Facebook group that shares the time of the events and offers to stream the services. These pages then divert those wishing to remember a loved one to an external website, where they are asked for their credit card information and—in some particularly ghoulish situations—donations in honor of the deceased.

I can’t be sure, but I’d be willing to bet that Bob would rather his loved ones keep their money and remember him as they can.

Multiple Outlets Have Spotted These Scams

Cybersecurity journalist Brian Krebs, of KrebsOnSecurity, shared that many of the links that these events pushed would go to domains referencing streaming in some way.

MalwareBytes Labs also found plenty of examples of this kind of scam, many leading to websites that required a sign-in to “watch your favorite movies.” I don’t know about you, but that’s not how I would describe someone’s streamed funeral. Once the sign-in process is complete, MalwareBytes found that the sites would then ask for credit card information, supposedly to verify that the user was in a country the site could stream to. Interestingly, hidden on the page was a preselected button authorizing a second membership and doubling the payments.

How to Keep Yourself and Others From Being Scammed

First, you should always check the website a funeral home allegedly hosting a live-streamed service maintains. Many have begun posting that funerals are not being live streamed, making this kind of disclosure to fight this very threat.

Second, you should never provide credit card details unless you are certain where your money is going. It also helps to keep some advice from the UK’s National Association of Funeral Directors in mind: 

“Watching the livestream of a funeral service is free of charge – you should never be asked for payment. Any livestream or fundraising links will be provided by the funeral director to the bereaved family, so please always check any links or pages with the family or funeral director first – and never accept friend/page follow requests, or click links, without checking them out first.”

Text messages are great. They’re a quick and effective means for us all to communicate. 

Unfortunately, this does bring some downsides, too… namely, they’re a relatively simple means for a scammer to spread their attacks. Let’s discuss why this is so dangerous and how you can identify and avoid these threats.

Phishing Email Attacks Target Us Where We Are, So Is It a Surprise We Get Phishing Texts?

SMS-based phishing, AKA “smishing,” uses text messages as the medium of choice to send a phishing attack. These smishing texts can take numerous forms, from classic phishing attempts like fraudulent communications from “your bank,” fake shipping updates from services like FedEx and UPS, or other such parties, to alerts from government agencies and contests.

A more comprehensive list of common smishing tactics is as follows:

• Fraudulent messages from financial institutions, as mentioned
• Messages claiming you have won a contest that you never entered
• Alerts directly from government agencies or other authority figures
• Delivery notifications for packages you never ordered
• Credit card offers and promotions
• Texts asking for personal information or identity verification
• “Suspicious activity” alerts from your accounts
• Ads for sales and promotions at retail and restaurants
• Claims of payment issues

In a world where most people almost always have a delivery on the way, and are often engaged with the world via text message, many of us can be vulnerable to these types of attacks.

Just as with any scam, a bit of precaution and knowing what to look for will help you, your family, friends, and your team members recognize when a text message is a smishing attack. For instance, if you are asked to confirm your identity or access a link in the message, the message is likely a threat.

Smishing’s Strength Comes from Fear and a Lack of Awareness

Unfortunately, it makes sense that smishing can be so effective. Put yourself in a target’s shoes momentarily: you suddenly get a message that claims there’s some issue with your bank account. Without the forethought that it could be a scam, that suddenly becomes a very high-stress situation for you… not exactly the ideal conditions for rational thought.

Pair that with the tendency for trusted entities to be used as a front, and it is suddenly a lot harder for the average person to catch them.

How to Keep Yourself Safe from Smishing

There are a few steps that you should take with every suspicious message (and before you ever encounter one):

Do NOT Respond
Never answer one of these text messages directly, and never provide any sensitive or personal information… such as identification numbers, private details, passwords, or access credentials. Furthermore, never click any links or attachments sent with one of these messages.

Check Its Legitimacy
Take note of the phone number used and who the message is supposedly from. Go back and check with the purported sender directly—through a different means of communication, of course—to see if the message was, in fact, authentic.

Keep Your Device Secure
Mobile operating systems are regularly updated with added protections to keep scams to a minimum, so keeping up with these updates will only help reduce the security issues you may face. Modern mobile operating systems also commonly feature spam filtering capabilities. It also helps to install a dedicated mobile security application.

Adopt Security Measures
Various protections—multi-factor authentication, filtering and spam protection, encryption, and regular audits—can help keep smishing and other threats to a minimum for a business that adopts them.

Educate Those Around You
Whether you’re surrounded by friends, relatives, coworkers, or employees, don’t be shy about sharing these tips with them to create a bubble of improved security in your circles.

How to Report Smishing Attempts

If you do receive a text-based phishing attempt, it can also help to report it as such. The Global System for Mobile Communications—or GSMA—has an established number for users to send the contents of these attacks to… 7726.

Reporting Smishing on Android

• Very, very carefully, press and hold the offending message.
• Select the three-dot icon to access the menu.
• Select Forward and send it to 7726.

Reporting Smishing on iPhone

• Very, very carefully, press and hold the offending message.
• Select More and then the arrow at the bottom-right corner of the display.
• Forward the message to 7726.

Alert the FTC

It also helps to report these attacks to the Federal Trade Commission. The agency provides a fraud reporting tool that you should fill out so they can inform law enforcement to help stop these attacks. You’ll then be provided with best practices to follow.

We Recommend Sharing This Information with Everyone You Know

The more people that know about this threat, the better, because that means more and more people will be more resilient against them. We’re here to help businesses promote this awareness amongst their ranks and provide the tools to secure their operations better. If you’re interested in learning more about what we offer, call us at (604) 513-9428.

Can you tell the difference between your colleagues and a scammer with access to their email account? This is essentially what a business email compromise attack involves—a scammer initiates a phishing scheme using an internal mode of communication. These scams are also observed in schools, making them dangerous in the education sector.

Today, we’re exploring how to navigate these attacks safely and what’s at stake if you don’t.

How BEC Works

Most employees won’t think twice if they receive a request for information—especially if it comes from a trusted company entity.

Business email compromise is an attack that uses an essential business communication tool to fool the victim into handing over the information directly. In some cases, the attacker might even receive direct access to the information they seek. There are no two ways about it—this situation is bad, full stop.

Here’s how it works:

1. A scammer will select a target, research it, and potentially even craft a fraudulent website to make their efforts that much more effective.
2. The scammer then breaches the company’s email systems and identifies the most effective targets based on the emails they send and conversations they hold.
3. Spoofing an email domain, the scammer prepares to impersonate the right person to influence their target.
4. The scammer then contacts the target, working to build up enough trust to make the ask—whether for money (often in the form of gift cards) or data.

These attacks are increasingly becoming more significant problems for schools and educational institutions.

Public Sector Organizations Are At Risk

Schools and public institutions find themselves the target of these attacks for a couple of reasons:

• Many such organizations have only a limited budget for cybersecurity, making them more likely to be targets of a cyberattack.
• These organizations also commonly exchange large amounts of capital regularly, giving an attacker more opportunities to strike.
• Many of these organizations also rely on complex administrative structuring and processes, making them even more vulnerable as issues are missed and the right people are required to sign off on any action.
• The public sector also typically collects a lot of data throughout its operations, which means that a cybercriminal would be interested in obtaining these stores.

It makes sense that schools in California and Tennessee have been targeted by these attacks, given how much hackers stand to gain from a successful strike. These institutions can sustain damages of up to six or even seven figures. But those are just the direct costs, not to mention the other damages to reputations and penalties.

All of these are reasons to consider your own approach to securing your business from BEC attacks.

What You Can Do to Mitigate Business Email Compromise

We recommend that all British Columbia businesses take the following security precautions for BEC:

• Adequately protect financial data and other sensitive information. A precautionary audit can help you determine what is at risk and where your vulnerabilities lie.
• Consider a cyber insurance policy. Cyberattacks are more commonplace than natural disasters these days, so you should have plans in place to protect you against the financial costs that could result (just make sure you know what’s covered and what limits exist).
• Prioritize compliance. All businesses are subject to certain compliance requirements, and failing to maintain the standards required by government or industry could result in hefty fines should your business fall victim to a scam.
• Monitor your infrastructure at all times. There are tools out there that can help you detect BEC attacks before they become a problem—like, say, a compromised account before it can be leveraged against your staff.

With these measures in place, we’re confident you’ll be in a much better position to identify and prevent BEC attacks.

If you’re worried about your business’ security, you can rely on Coleman Technologies to keep you safe. Learn more today by calling us at (604) 513-9428.