Coleman Technologies Blog

Since it was first documented in 1989, ransomware has only become far more severe, ruthless, and, most of all, prevalent. Let’s review some important statistics to remember if you are to understand ransomware and, even more importantly, avoid its impact on your business.

Triple Extortion Ups the Ante

It wasn’t all that long ago that double extortion ransomware—attacks that first demand a ransom for data restoration and then a bribe, of sorts, to keep the attacker from leaking this data—was first spotted (which, for the record, was only just in 2019).

Now, however, triple extortion ransomware is on the rise. In addition to demanding a ransom for the decryption key and one to prevent data from being leaked, triple extortion adds the threat of regulators being notified by the criminals directly so the affected business will pay to prevent word from spreading. It is important to acknowledge that Coleman Technologies does not, has not, and never will endorse paying a ransomware demand. That said, it is easy to understand why doing so (especially when triple extortion is in play) is so tempting.

Despite this, you need to resist, ideally avoiding ransomware every time you can by educating your team about how it spreads and how to identify it.

Phishing and Ransomware Go Hand-in-Hand

Speaking of how ransomware spreads, one of the primary means that attackers use is phishing. By convincing a user to allow a threat past their defenses so that it can take root, ransomware can somewhat easily bypass the cybersecurity tools that businesses should have in place.

That means you and your whole team must be ready to spot phishing when it threatens your business. However…

Artificial Intelligence is Making Phishing Harder to Spot

Since it’s exploded into the relative mainstream, seemingly everyone has used AI to optimize their processes. Unfortunately, this includes those using phishing to their own nefarious ends.

Attackers are more capable than ever of crafting convincing scams using AI to their advantage. This makes it even more important that you and your team are ready to catch these threats as they appear.

Ransomware is Serious Business (Literally)

Nowadays, there are actual organizations built on and dedicated to cybercriminal activities. Some cybercriminals make their money using ransomware to extort it. In contrast, others craft ransomware and lease it out for others to use, providing a service in itself.

This makes ransomware more accessible than ever, so it’s more likely that your business will ultimately be targeted. Once again, you and your team all need to know the best practices for avoiding ransomware:

• Not clicking unknown links
• Not opening unexpected attachments
• Maintaining a proper backup isolated from the rest of your systems

Your Business Can’t Afford to Underestimate Ransomware

Speaking of backups, we must acknowledge one small victory: the number of ransomware victims who paid instead of restoring from a backup has nosedived over the years. Some stats show that payments shifted from 85% of victims paying in 2019 to just 27-29% paying in Q4 of 2023. This is great, as it suggests that people are more aware of ransomware and using backups appropriately.

We can help your business do the same. Contact us to find out how our services can put you in a better position to succeed, no matter the consequences. Call (604) 513-9428 today.

Here, we’ll review the basic experiences that this scam subjects a user to as it sets the trap… and, of course, what your business can do to avoid these threats.

How Users Can Be Scammed

Put yourself in the shoes of a targeted user for a moment: just like any other day, you access your Gmail account and discover what looks like a Google Calendar invite. The invite is apparently for some kind of company-wide meeting (probably to discuss the company’s trajectory, policy changes, or something like that) to take place at the end of the workday. The message includes a link to the complete agenda, which can be accessed once a user confirms their credentials. You do so… and in doing so, fall for a scam.

This scam can be pretty safely categorized as “brilliant in its simplicity,” much like other phishing attacks can be nowadays. By using Google’s own convenience-based features, a fraudulent calendar event can be automatically added to a user’s Google Calendar, notifying the user. Fraudulent links send the user to a faked Google login page, where the user’s credentials are stolen as they attempt to log in. Alternatively, the link just begins installing malware directly to the targeted system. This scam has also proved effective against private users - informing them of some fabulous cash prize they’ve “won” through these fake Calendar entries.

How the Scam Was Uncovered

As it turns out, the details of this scam were reported to Google by an IT security firm in 2017, but Google has not made any steps to resolve it until recently.

The firm stumbled upon this discovery when a coworker’s flight itinerary appeared in an employee’s Google Calendar. From there, the researcher realized the implications of this accidental discovery, and quickly determined that users just don’t anticipate phishing attacks to come in through their Calendar application.

Can This Scam Be Stopped?

Now that Google has acknowledged the issue, a fix is currently being developed as of this writing. Until the point that a successful fix is deployed, you need to make sure your users are protected against this vulnerability.

The first thing they need to do is ensure that no Gmail events are automatically added to their Google Calendar. Under Settings in the Google Calendar application, they need to access their Event settings. From there, they need to deselect the option to Automatically add events to my calendar from their Events from Gmail.

To disable invitations to events from automatically adding themselves to the Google Calendar, a user needs to go through the same process, this time switching the Automatically add invitations option to the much safer “No, only show invitations to which I have responded.”

With any luck, this - combined with a little vigilance from your users - will protect your business from a phishing attack via its schedule. To learn more about how to protect your business against a variety of threats, subscribe to our blog, and give Coleman Technologies a call at (604) 513-9428.

Potential data breaches are increasingly problematic for organizations, and the most common way that data is stolen is through phishing attacks. Phishing attacks are currently one of the most pervasive threats on the Internet, and you need to understand them to thwart their effectiveness against your users. Let’s explore what exactly a phishing attack consists of and some best practices you can use to defend your network against them.

What is a Phishing Attack?

Phishing is an attack method in which scammers try tricking you into giving important information by pretending to be from a trustworthy source. It involves someone trying to obtain passwords through deception. Scammers pretend to be someone you can trust. This is usually done through deceptive emails, messages, or websites that appear to be from trusted sources, like banks or well-known companies. The goal is to “phish” for this information and use it for malicious purposes, such as identity theft or financial fraud.

Four Practices to Help Protect Your Network

Let’s look at a few ways to keep phishing attacks from breaking into your network.

• Be cautious with links and attachments - Avoid clicking on links or downloading attachments from unknown or suspicious sources. Phishing emails often disguise malicious links to look legitimate. Hover over a link to check the URL before clicking.
• Verify the sender’s identity - Double-check the sender’s email address, especially for unexpected messages or requests for sensitive information. Phishers often use addresses that look similar to legitimate ones but have slight differences.
• Look for signs of phishing - Be wary of generic greetings, spelling or grammar mistakes, and urgent requests for personal or financial information. Legitimate companies usually address you by name and don't pressure you into immediate action.
• Use Multi-Factor Authentication - Enable MFA wherever possible to add an extra layer of security. Even if a phisher gets your password, MFA can do a good job of slowing down or completely preventing unauthorized access.

To protect your business, you need to understand phishing and do what you can to prevent falling victim to it. You will want to create a comprehensive training regimen focusing on faux phishing attacks to bring awareness to employees who may not have a naturally security-minded approach. 

If you would like to learn more about actions you can take to keep the massive amount of phishing attacks you and your employees receive at bay, give our team of experts a call at (604) 513-9428. 

We often advise people to steer clear of clicking on suspicious links, but distinguishing between a legitimate URL and a dubious one has become increasingly challenging. Not only have malicious tactics evolved to the point where everyone has to stay on top of their game to not be fooled, these threats are almost pervasive so they are coming at people from all types of directions. We thought we would focus on a single punctuation mark that can make all the difference in whether a link is legitimately safe or potentially dangerous.

Meet The Most Trusted Fictitious Online Retailer in the World

Imagine a fictional company that rises to become a global retail and multimedia giant, a household name—let's call it TallMart.

Our entirely fictional TallMart offers an extensive array of products and services. Users engage in buying and selling, managing payments, running ad campaigns, customizing personal profiles, watching exclusive movies from TallMart Studios, handling TallMart Web Hosting accounts, and now, accessing telehealthcare from licensed TallMart medical professionals.

Our motto is simple: TallMart: Why Go Anywhere Else?

Given TallMart's status as the world's most trusted online retailer, akin to giants like Facebook, Amazon, and Google, it enjoys widespread trust. However, like other major platforms, TallMart's massive success attracts cybercriminals attempting to scam its users for money and sensitive information. With so many transactions, the opportunity to separate users from money is there; and hackers are nothing if not opportunists.

When Users Feel Secure, Cybercriminals Gain an Advantage

TallMart users receive numerous emails about products, account notifications, receipts, transactions, and offers. Cybercriminals can easily mimic these emails, adopting TallMart's branding and employing technical spoofing to make them appear legitimate. They may include links that seem to lead to TallMart but redirect users to similar-looking URLs under the cybercriminals' control.

Creating a deceptive webpage is inexpensive and quick, allowing cybercriminals to register domains like Talmart.com or TallMartcustomerservice.com. It's crucial for users to stay vigilant and recognize potential warning signs to avoid falling victim to scams.

How to Verify the Destination of a Link in Emails, Chats, or Correspondence

While methods may vary across applications, hovering your mouse over a link typically reveals its destination. Most email clients and web browsers display the link destination at the bottom of the page.

The Key: Punctuation in the URL

While checking for misspellings and unofficial URLs, an effective way to identify a suspicious link is by observing periods after the domain name. For example:

Safe: https://www.tallmart.com/gp/help/customer/account-issues
Safe: https://support.tallmart.com/
Suspicious: https://support.tallmart.com.ru

The truth is that some legitimate URLs may have periods toward the end of them, indicating file types like .html, .pdf, .doc, etc. are connected to the link or attachment. It’s best to remain cautious with direct links to files in every situation, as malware could be embedded and all it takes is a simple interaction to execute the malicious code. It’s best to avoid clicking on suspicious email attachments. Ultimately, exercising caution with clickable content is the most prudent practice to keep yourself from becoming a victim.

You should always hover over links to inspect their destination. If you find that there is a period in any abnormal place, be skeptical and either avoid it altogether, or verify that it is from a legitimate source. 

If an email urges urgent action, such as logging into your account, refrain from using the provided links without first making certain that any link or attachment is completely legitimate. You can do this in several different ways, but clicking through without considering the potential consequences could turn out to be a nightmare for you and for your organization.

Please share this with others because the more people know about how to stay safe online, the safer we all are. 

Give Me the Short Answer - What’s Phishing?

Phishing is where you get an email that looks like an actual legit email. The goal that a cybercriminal has is to trick you into giving them a password or access to an account (like to PayPal, Facebook, or your bank) or to get you to download malware.

The problem with phishing emails is how real they can seem. A phishing attempt for your PayPal information can look just like an everyday email from PayPal.

Even worse, often phishing emails try to sound urgent. They make you feel like you have to take action quickly, or that a bill is overdue, or that your password has been stolen. This can lower the user’s guard, and force them into a sticky situation.

How to Spot a Phishing Attack

Like I said, it’s not always going to be obvious when you get phished. Even careful, security-minded, technical people can fall victim because phishing is just as much of a psychological attack as it is a technical one.

Still, there are some practices you and your staff should use:

Always Use Strong, Unique Passwords

This can solve a lot of problems from the get-go. If your PayPal account gets hacked, and it uses the same password as your email or your bank account, then you may as well assume that your email and bank account are infiltrated too. Never use the same password across multiple sites.

Check the From Email Address in the Header

You’d expect emails from Facebook to come from This email address is being protected from spambots. You need JavaScript enabled to view it., right? Well, if you get an email about your password or telling you to log into your account and it’s from This email address is being protected from spambots. You need JavaScript enabled to view it., you’ll know something is up.

Cybercriminals will try to make it subtle. Amazon emails might come from This email address is being protected from spambots. You need JavaScript enabled to view it. or emails from PayPal might come from This email address is being protected from spambots. You need JavaScript enabled to view it.. It’s going to pay off to be skeptical, especially if the email is trying to get you to go somewhere and sign in, or submit sensitive information.

Don’t Just Open Attachments

This is nothing new, but most malware found on business networks still comes from email attachments, so it’s still a huge problem. If you didn’t request or expect an email attachment, don’t click on it. Scrutinize the email, or even reach out to the recipient to confirm that it is safe. I know it sounds silly, but being security-minded might build security-mindfulness habits in others too, so you could inadvertently save them from an issue if they follow your lead!

Look Before You Click

If the email has a link in it, hover your mouse over it to see where it is leading. Don’t click on it right away.

For example, if the email is about your PayPal account, check the domain for any obvious signs of danger. Here are some examples:

• Paypal.com - This is safe. That’s PayPal’s domain name.
• Paypal.com/activatecard - This is safe. It’s just a subpage on PayPal’s site.
• Business.paypal.com - This is safe. A website can put letters and numbers before a dot in their domain name to lead to a specific area of their site. This is called a subdomain.
• Business.paypal.com/retail - This is safe. This is a subpage on PayPal’s subdomain.
• Paypal.com.activecard.net - Uh oh, this is sketchy. Notice the dot after the .com in PayPal’s domain? That means this domain is actually activecard.net, and it has the subdomain paypal.com. They are trying to trick you.
• Paypal.com.activecardsecure.net/secure - This is still sketchy. The domain name is activecardsecure.net, and like the above example, they are trying to trick you because they made a subdomain called paypal.com. They are just driving you to a subpage that they called secure. This is pretty suspicious.
• Paypal.com/activatecard.tinyurl.com/retail - This is really tricky! The hacker is using a URL shortening service called TinyURL. Notice how there is a .com later in the URL after PayPal’s domain? That means it’s not PayPal. Tread carefully!

Keep in mind, everyone handles their domains a little differently, but you can use this as a general rule of thumb. Don’t trust dots after the domain that you expect the link to be.

Training and Testing Go a Long Way!

Want help teaching your staff how to spot phishing emails? Be sure to reach out to the IT security experts at Coleman Technologies. We can help equip your company with solutions to mitigate and decrease phishing attempts, and help educate and test your employees to prepare them for when they are threatened by cybercriminals.

Passwords are one of the most important parts of keeping any account secure, and if you were to gain access to these accounts, you’d have access to personal data, subscriptions, money, and even the victim’s identity. Today, we want to show you just how easy it is to steal a password and gain access to an account.

You Too Can Steal Passwords to Almost Any Type of Account

All it takes is a little spare cash to gain access to any account, and it’s remarkably easy to pull off. We can’t show you exactly how to do it, but we want to emphasize that literally anyone can do this to your business. Let’s look into some of the intricacies of how stealing a password works.

Learn a Little Bit About the Victim

We’ll use Homer J. Simpson for our example, a name with a singular entry in the United States census from 1940. Simpson was born in 1914, and we are confident that there have not been any babies born with the name since the 90s. That said, we’re making everything up from here on out. If we want to make Simpson’s life difficult, it’s pretty easy to do so, even if we don’t know anything about him.

Imagine that Simpson had a MyFitnessPal account in 2018, which he used to track his health metrics. MyFitnessPal is one of the services that suffered a data breach back in February of 2018 in which 144 million accounts had their emails and passwords compromised. These types of data breaches happen all the time, and users need to be aware of the risks associated with trusting this information to any online accounts, whether it’s Sony, Wendy’s, or even Doordash.

Thanks to the MyFitnessPal breach, Simpson’s password is on the Internet and available to criminals on the dark web. Because of this, we know his name, his email, and the password he likes to use. That’s plenty of information to work with.

From here, you go on Simpson’s social media accounts to find things like his date of birth, the town he grew up in, and his mother’s maiden name. You can also use LinkedIn to find information about his job and his social network. It’s easy to do this in as short a time as 10-15 minutes. You can find out about his kids, his dog, his wife, and potentially even his address. This is also helpful information to know when cracking a password.

Most individuals use information close to them for their passwords, and while we always advocate that it’s just not a good idea, well, it’s easier for people to remember credentials in this way. You can make a lot of educated guesses as to the user’s password simply by knowing a little bit about them.

Use Software to Crack the Code

This is where the fun begins. Using software found on the dark web, hackers can crack even sophisticated passwords. If the user’s password isn’t very complex, maybe 9 or 10 characters long, or without some special characters, it could be cracked in a matter of minutes or maybe a day or two. If the user has an actually random password, though, it will take longer, but the fact that these systems can be cracked is concerning to say the least. Complex passwords will naturally take longer to crack, but most of these tools will try the more common renditions first, just to check if the victim is skimping on their password security.

Alternatively, Just Trick the User

No use beating around the bush; just use phishing attacks to steal the password and let the victim do all the work for you. Around 95 percent of modern cyber breaches are caused by a phishing attack, and it’s such a high rate of success that there’s no reason not to try using it.

All you have to do is send them an email claiming to be their bank. You might make up an excuse like there is something wrong with their account. This is usually enough to elicit some sort of strong response, as people’s money is generally a soft spot. Whatever you do, make the problem important enough to require immediate attention.

Next, send them to a webpage that you built to look like their bank’s website. You can then have them offer up their login credentials on a silver platter as they attempt to log into their account. This happens all the time, and you might be surprised by how easy it is, but the fact remains that it’s simply far too easy to pull off to not take it seriously.

Always Remain Vigilant to Cybercrime

Now that you know how easy it is for someone to crack a password, or even steal it for that matter, you should remain vigilant and always try to stay ahead of hackers through the use of multi-factor authentication tools and other security solutions. Coleman Technologies can help you stay ahead of hackers! Call us today at (604) 513-9428 to learn more.

What is Social Engineering?

Think of it like this: online, you have some type of social currency. Your personal information, your data, your interactions, your profiles, they all add up to your online life. If someone were to use that information to trick you into providing them access to your secure online accounts, you would be the victim of a social engineering attack. 

Basically, a hacker uses what amounts to the fundamentals of human psychology to gain unauthorized access to an account. Rather than exploiting a vulnerability within a system’s technology, a social engineer will take advantage of the human resources to gain access through relatively simple psychology.

Successful social engineering can be the result of many different actions. Some include: carelessness by an individual, perceived kindness, reaction to fear, and business as usual. Let’s take a look at these actions and how social engineering schemes work as a result.

Individual Carelessness

When there is a lack of diligence carried out by an individual, there are openings for a social engineering attack. This includes trash thrown out with information on it, keeping login credentials out in the open, and other careless actions. It’s important that you and your staff understand that the best practices of password protection, such as using a password manager, are crucial to maintaining the integrity of your company’s network and infrastructure.

Perceived Kindness

Many people won’t think twice about helping someone that asks for help. Social engineering attackers take advantage of the better angels of our nature, by using people’s helpfulness to gain access to secure computing resources. Any person can fall for this type of attack. This is why we stress that in order to keep your digital and physical resources secure, a critical eye for potential intrusion works. That doesn’t mean you have to be a jerk, but if a situation is presented to you that’s out of the ordinary, take anyone’s helplessness with a grain of salt.

Business as Usual

When we picture a hacker, we all tend to think about them the same way. They are brooding people sitting in a dark room typing away at a computer. In social engineering attacks, this couldn’t be further from the truth. A popular social engineering tactic is to gain physical access to a large business--where there are often a lot of moving parts--and then spend time at the business looking for ways into secure digital environments. This could also include straight hatchet jobs, where your employees would help people outside of your business sabotage your access control systems. 

Reaction to Fear

Finally, fear is one of the best motivators. By striking fast and threatening all types of negative consequences if a worker doesn’t help them get into a secure computing system, this kind of cyberattack can be a major problem. 

Coleman Technologies Can Help Protect Your Business

If you are looking to secure your network from cyberattacks, including social engineering, the IT professionals at Coleman Technologies can help. Call us today at (604) 513-9428 to learn more about how we can help you with the training you need to keep social engineering from causing problems for you.

The past few years have seen some of history’s greatest data breaches. For instance, the most notorious of these attacks, the Equifax breach, Yahoo, and Marriott-Starwood, resulted in a combined total of 3.5 billion accounts breached.

This means, statistically speaking, you would have a pretty good chance of picking a data breach victim of the past few years by randomly selecting two human beings from the entirety of planet Earth’s population.

Crunching the numbers, there has been an increase of security breaches of 67 percent since 2014.

What Does this Mean? Is Anything Secure Anymore?

Interestingly, there is a plus side to these enormous data breaches happening in the public eye, thanks to a few key points:

• It brings attention to these kinds of crimes - Thanks to disasters like the Equifax breach, more Canadians are aware of the impact of cybercrime. This kind of awareness is crucial to encouraging improved security.
• There is too much data for cybercriminals to practically use. This one can be chalked up to statistics… the more data that a given cache has, the less of a chance that your data is pulled up in an attack.

To clarify, we aren’t trying to sugarcoat the severity of a data breach, but having said that, the past few years’ cybersecurity threats have really given us all an example to consider. With new compliances, regulations, and other mandates being put into play, businesses are certainly considering these threats.

What About Small Businesses?

There is a tendency to overlook small businesses when discussing data breaches. After all, the ones that have struck large targets (like Yahoo, Target, eBay, Sony, and many others) almost always get a headline, along with the attacks that focus on municipalities, like the ones that targeted Wasaga Beach, Ontario and Midland, Ontario with ransomware.

What aren’t heard about so much, unfortunately, are the attacks that lead to much smaller companies shutting their doors for good… a side effect of the limited number of victims per attack, and the relatively casual approach that many have towards security. Unfortunately, a Verizon survey shows just how misguided the assumption that a smaller business size will protect it from threats, when 43 percent of businesses breached would be classified as small.

Security Needs to Be a Priority

Fortunately, there are ways that you can reinforce your business’ cybersecurity, especially with the help of Coleman Technologies and our experienced cybersecurity professionals. Call (604) 513-9428 to get in touch with us, so we can help evaluate and fulfill your business’ needs.

There is no denying that Quick Response codes—better known as QR codes—are a handy little invention. Just a few years ago, many businesses heavily adopted these contactless communication tools, allowing customers with a smartphone to access menus, documents, and more with ease. Having said that, we unfortunately can’t deny that cybercriminals are taking advantage of how handy QR codes are, too.

Let’s talk about the rise in QR code fraud, as well as how you and your team can avoid it.

How Do QR Codes, and QR Code Fraud, Work?

First developed in 1994, a QR code is a two-dimensional version of a barcode, meant to adjust for the limitations of its predecessor. A traditional barcode is limited to 20 alphanumeric characters due to it only being able to be scanned horizontally. The QR code was then developed to hold exponentially more information in its combination of vertical and horizontal data as well as allow this data to be accessed at any angle.

While this makes the QR code a very appealing option for businesses, it also gives cybercriminals a relatively easy means of sharing malicious links and malware that has become largely trusted by people everywhere.

After all, if major brands are now displaying QR codes in their advertisements, they must be safe, right?

Unfortunately not. The utility offered by a QR code also applies to cybercriminals and scammers, who can use them to augment their attacks in numerous ways.

QR Codes Make Effective Phishing Tools

Phishing is one of the most unpleasant cyberthreats out there today, largely because it requires a user to be engaged and aware about their own cybersecurity at all times. It relies heavily on the target to not see it coming.

Now let me ask you this: would you hesitate to scan a QR code on a poster or a menu if prompted? If you’re like most people…probably not. It just isn’t how most people see a threat coming in.

This makes us vulnerable. This is why many of these threats have been spotted that pose as parking tickets, or as offers or loyalty programs attached to storefront doors.

Making this bad situation even worse, these attacks often don’t go into effect immediately. Instead, malware can be uploaded to the device that scans the malicious code where it will lie in wait until the opportune moment to strike arises. Many of these attacks will simply take notice if you use your device to access an account and record the credentials you use to access it, giving the attacker the keys to the castle.

Alternatively, some QR phishing tools will send users to a phishing website—one that poses as a legitimate one to fool the victim into handing their credentials over willingly. Some scams cover what were once legitimate codes with their own, diverting payments to their own accounts.

This Makes It Critical that You Protect Yourself

Whether you’re talking about your business or your personal life, QR code scams need to be avoided. Fortunately, there are a few somewhat familiar steps that you can follow to help ensure that you do so:

• Just like with other forms of phishing, any suspicious QR codes should prompt you to separately reach out to the party that supposedly shared it to confirm its legitimacy.
• Similarly, don’t hesitate to manually seek out what a QR code seems to offer.
• Using the security tools at your disposal, like antivirus or scam alert applications, to mitigate the risks associated with these scams helps protect you from falling victim to these attacks.

Coleman Technologies is here to help protect your business from all types of threats, like this one and others. Give us a call at (604) 513-9428 to learn more about what we can do for you.

What is Smishing?

When cybercriminals use phishing scams, they aren’t using advanced technologies to crack their target’s digital defenses. Instead, they hack users by exploiting the assumptions, bad habits, and ignorance of the target to get them to release sensitive information.

Attackers circumvent cybersecurity measures by sending messages purporting to be from an authority figure or trusted contact, thereby convincing the user to undermine their protection. A notorious example of phishing is the email from the persecuted royal family, known as the "Nigerian Prince scam."

Smishing simply applies this principle to SMS instead of the usual email.

You could simply receive an SMS from a number that claims to be a financial institution or service provider, or even if you are doing business with that institution.

This message could contain details that confirm that the sender is who they purport to be, or it could go unnoticed because it is not the kind of message that most people expect to be phished through. More recently, many of these attacks have been sent under the ruse of being from authorities trying to share information about the COVID-19 pandemic.

There is a possibility that a link may be included in the message asking you to log in, but the problem is that this will lead you back to a fraudulent login page where the user’s actual login data is collected. It may prompt you to download a document that hides a variety of malicious programs, and suddenly the attacker has access to all your personal information, such as your phone number, email address, credit card numbers, bank account credentials and other sensitive information.

It's as simple as that.

Now, think for a moment about how much sensitive data you're likely to keep on your phones and what data a hacker might extract from them.

Spotting a Smishing Message

To prevent this from affecting your business, your entire team must be able to detect phishing attempts as soon as they are sent via SMS.

• Just as with suspected phishing emails, opening a suspected smishing message is extremely risky. If the sender is not familiar to you, do not open the message and definitely do not access any links included.
• If you cannot verify the legitimacy of the message, do not release sensitive information. If you receive a text message from Facebook informing you of a problem with your account, access Facebook separately to confirm before you resolve it.
• Some mobile devices can block texts, just like email clients can filter messages. So, make sure you block phone numbers that are suspected of phishing and apply settings that might be helpful.

As a final tip, you need to make sure your entire organization keeps an eye on security during the workday and that they know how to identify and respond to threats.

Of course, it does not hurt to apply certain preventative measures to your network, such as anti-virus, firewall protections, and others. We can help! Coleman Technologies can support your team in its IT requirements for security, productivity, and mobility. Find out about our services by contacting (604) 513-9428.

We often talk about scams and cyberthreats, and lately our advice for dealing with a potential phishing threat is to simply avoid it altogether.

That is, when you get any kind of email or text message with a link you weren’t expecting, whether it’s from someone you know or from your bank, just don’t click it. Instead, log into the account in question the way you normally would, and verify the information there, or confirm with the sender through some other means to make sure what they are sending is valid. While this is still a good practice, sometimes you need to click on a link. Here are a few tools you can use to check if a link is safe, before you click.

Why Would a Link Be Dangerous?

First of all, why wouldn’t you want to trust a link that someone you trust sends you?

There are a lot of reasons. Even if it looks like a video message from your dear sweet Nana, or a virtual Christmas card from your youngest niece, there is a chance that the sender has been compromised and is trying to spoof their contacts. 

You want to know when it’s probably not a scam or a threat? When your dear sweet Nana or your niece calls you up on the phone and asks you to look at it.

That simple two-step confirmation makes all the difference in the world. Otherwise, you should consider the risks that maybe, just maybe, the sender was compromised and that the link you are being sent is malicious.

The same goes for the business end of things. 

Your coworker, business partner, vendor, or client might have no reason to do anything malevolent to you. If they fall for a trick themselves, though, a part of that trick might include spreading to all of their contacts.

A malicious link could contain malware that infects your computer, tries to steal your data or access your online accounts, and also spreads itself as quickly as possible to anyone in your contacts list. Not only will you be the victim, but your friends, family, and colleagues will be YOUR victim, and so-forth.

How to Safely Identify and Copy a Link

Before we get into the tools, let’s quickly run through what we mean by a link.

Basically, any text or graphic that is clickable and takes you to another page in your browser is a link. Sometimes, that link will be written out, with the https:// and the full URL. 

For example, if it is a link to PayPal, it might look something like this: https://www.paypal.com/us/smarthelp/PAYPAL_HELP_GUIDE/getting-started-with-paypal-icf29 

Links could also just be text that is clickable. So instead of writing out the URL, the link might be something like this: Get Started with PayPal

Now here’s the thing. If you’ve been paying attention, we’ve already proven to you just how easy it is to trick a user into thinking they are going to one website, and taking them somewhere totally different. Both of the links above don’t actually go to PayPal. We assure you that they are safe, but they are taking you to goofy fake mustache glasses on Amazon.

Sometimes, links are graphics, like buttons, icons, pictures, or virtually anything else. If you can click or tap it and have it take you somewhere, it’s a link, and any links can be spoofed very easily.

If you want to tell where a link is going to take you, you need to copy the actual link:

 On a Desktop or Laptop:
-Hover the mouse over the link.
-Right-click on the link.
-Select “Copy Link” or “Copy Link Address” or “Copy Hyperlink”

Now you have the link copied, and you can paste it into one of the following tools with CTRL+V (or right-click and select Paste)

On a Tablet or Smartphone:
-Be careful not to accidentally just tap the link to open it!
-Hold your finger over the link for a few seconds to pop up the context menu.
-Select “Copy Link” or “Copy link address” or “Copy Hyperlink”

Now that you have the link copied, you can paste it into one of the following tools by holding your finger down over the URL field within the tool and selecting Paste.

Safely Check a Link Before You Click it with These Tools

You can use the following tools to check the safety and legitimacy of a link. Keep in mind, this won’t protect you from one hundred percent of all scams, as these tools can only check for known threats. It’s also a good idea to use multiple tools to cross reference, in case some of the tools just haven’t been made aware of the link you received.

Use Norton Safe Web to Check a Link
Norton Safe Web is a free online tool that lets you paste a link to check to see if it’s safe.

It will give you a quick rating on the link. If the link is untested in Norton, it’s a good idea to try a few of the other tools. If Norton states the link is dangerous, it’s a pretty safe bet you should avoid it.

https://safeweb.norton.com/

Check the Link With PhishTank
The cleverly named PhishTank site will tell you if a link you received has been reported as a phishing scam. Phishing links tend to look pretty similar to legitimate web pages. For instance, a phishing link for PayPal might look almost exactly like the regular login page for PayPal. The problem is that it won’t log you into PayPal, but it will send your PayPal credentials to someone else.

https://www.phishtank.com/

Google’s Transparency Report Might Tell You If a Link is Unsafe
Google’s search engine works by crawling the Internet and indexing everything it finds. Sometimes, it might run across dangerous content such as malware or phishing risks. Google’s Transparency Report tool will tell you if a link you’ve been sent is found in their massive database of unsafe content.

https://transparencyreport.google.com/safe-browsing/search

Scan the Link with VirusTotal
Finally, there’s VirusTotal. This tool takes a little longer to give you an answer, but it can be a little more thorough than the others. This is a good last-ditch effort if you aren’t happy with the results from the other tools. 

https://www.virustotal.com/gui/home/url

It’s important to keep in mind that a phishing scam or malware attack could still sneak through these tools, especially if the URL was just generated and you are among the first people to get it. These tools are designed to spot known phishing attacks and malware that has already been reported. With that in mind, it’s still a good idea to err on the side of caution.

If you feel like you’ve received a suspicious email, text message, or other correspondence, and you would like us to take a look for you, don’t hesitate to reach out to us at (604) 513-9428.

I was talking to some colleagues the other day about cybersecurity and its relationship with modern everyday scams, like phone scams and similar things. In my opinion, it’s worth bundling these two topics together, and we found some interesting statistics that we’d like to share.

What Do We Mean By Scams?

When I say scam, I’m getting into some pretty broad territory. I’m talking about efforts to trick a person into giving their time, energy, money, or something else of value to someone who is trying to earn it through trickery, fear, or emotional manipulation.

In other words, we’re not going to talk about computers very much in this blog post.

Here are just a few examples of some common scams:

• Account issue or password scams - This is usually in the form of an email or text message claiming that there is a problem with an online account or payment, urging you to quickly log in using a fake link, so that a scammer can steal your credentials.
• Fake charity scams - Someone poses as a real or fake charity to try to get money from you.
• Debt collection scams - Someone poses as a debt collector to collect money you owe, or don’t actually owe.
• Settlement and debt relief scams - Someone offering to renegotiate or settle debt with the goal of simply taking your money.
• Mortgage scams - A wide range of scams where the scammer offers relief or tries to trick homeowners into sending their closing costs or payments to somewhere other than the actual lender. This can even result in a scammer owning your house.
• Imposter scams - A scammer pretends to be someone you know (often on social media) or someone with authority you can trust to trick you into sending them money or sensitive information.
• Romance scams - A scammer poses as a new love interest and tricks you into falling for them online so they can trick you out of your money.
• Grandparent scams - A complex scam where a scammer poses as a relative in desperate need for help asking you to transfer money without thinking about it.
• Mail fraud - Legitimate looking mail that is designed to trick you into sending money or personal information.
• Lottery and prize scams - A scammer contacts you to tell you that you’ve won something, and asks you to pay upfront for fees and taxes.
• Mobile payment fraud - Legitimate wallet apps like Venmo, Zelle, and others are full of scammers who will simply request money from you to see if you will fall for it.
• Online sales fraud - Scammers use Facebook Marketplace, Craigslist, and other sites to send money for goods, and then cancel the payment after you’ve shipped the item.
• Money mules - Not a scam in itself, but these are people caught up in a scam that might not even know it. They are recruited to collect money for scammers for various scams.

There are countless more, but this just shows you the scope that we are dealing with.

Scammers use a wide variety of communication methods to trick you, including phone calls, text messages, mail, email, physical meetings, television ads, website ads, social media, or altering legitimate signage and publicly accessible information.

The biggest thing to look out for with any sort of scam is an inflated sense of urgency. The scammers want you to act without thinking, and the most abhorrent scams above, like grandparent scams and imposter scams often make victims believe that a loved one is in danger in order to bypass any common sense one might have. 

Human Beings are Scammed CONSTANTLY

You probably already know this, but it’s easy to drown it all out. How often does your phone ring and say “Scam Likely?” Most of us just sort of ignore it now. Huge portions of the population just simply don’t answer phone calls from people who aren’t in their contacts unless they are expecting something, because most personal phone calls are scams.

What about email? While we’ve come a long way with spam protection, how many emails do you instinctively scroll past because you simply know it’s unsolicited or toxic or some sort of scam? We’re just all conditioned to see these things every day… and then I found some statistics that blew my mind.

It’s estimated that older adults, particularly baby boomers and seniors in general, observe an average of at least one scam every hour of their lives.

That’s a wild number, and while we couldn’t find a report for younger people, those of us who work on computers for eight or nine hours a day or more likely have a similar experience.

Some other things about age and demographics were interesting—Gen Z (people born in the late 1990s through the early 2010s) have reported higher rates of victimization when it comes to online scams. Growing up with the technology doesn’t necessarily mean you are less prone to being victimized while using it.

It’s also believed that older generations, again, baby boomers and seniors, simply don’t always report it when they fall victim to a scam. When people are asked why, they usually say they wanted to take responsibility for their actions, or that they didn’t want to be shamed for it.

You Aren’t Dumb For Falling Victim to a Scam

Let’s make this totally clear. If you look at the numbers, the sheer barrage of constant scams and attacks the average person just simply wades through in a day, it’s an incredible feat that we aren’t all going out of our minds.

Every single one of us has experiences in life where it’s the first time you have dealt with something, and you don’t know what to expect, and this puts you in a vulnerable state.

For instance, if you are a first time home buyer, and someone is mailing you some official-looking information about paying for access to your deed, it’s very possible that it could slip past your fraud-detecting radar. Is this a normal part of the process? Should I just do it? Should I contact my lawyer or my broker or at least ask other homeowners?

The problem is, the home-buying process is exhausting, and now you are in the middle of moving in and wrestling with your Internet service provider, your electric company, your former landlord, a moving company, all while your neighbors are telling you that the last owner always let them pick the apples from your new apple trees. Your fraud-detecting radar is shot and drained at this point, and it’s easier to fall for a simple scam.

The same goes for a grandparent scam—if you get a phone call from a loved-ones phone, and you hear their voice, stressed and tear-filled, pleading to help them, and then a lawyer gets on the phone and says your son/daughter/grandson/granddaughter was in an accident and are being kept in jail and you need to pay bail, your emotions will kick in. As a human being, you are doing the right thing by having an emotional response and reacting with compassion, but the people on the other end of the phone know this and are taking advantage of it.

Being a victim of a scam isn’t your fault. You should always report it, and tell your story so that others can learn from it. You aren’t dumb for being a victim. I’m not going to tell you that being more mindful of these things would have prevented it. If you were scammed, you already know this. You’ve learned your lesson, and like all of us, you’ll continue to be targeted and you’ll continue to avoid 99% of the scams that target you.

The best thing you can do is tell others about it. Turn your story into a warning for others. 

Scam artists follow a very effective playbook that wouldn’t be so effective if everyone was aware of it. They are incredibly good at covering their tracks and making it nearly impossible to get caught, so the best way we can combat these threats is by making the public more aware so that everyone knows what to look for.

Yes, there are cybersecurity measures to help with the online stuff, and that’s incredibly important. I can tell you to make sure you are using strong, secure passwords, and using unique passwords everywhere, and using multi-factor authentication, and making sure your business is secure, etc. Those are critically important, but no cybersecurity protection is going to stop Pam in HR from getting a text message that looks like it comes from the CEO’s phone, asking her to buy a few thousand dollars worth of gift cards to mail out. The only thing that stops that is awareness.

That’s all. Those are just some thoughts we had. This is important stuff, and I can’t stress enough how commonplace it is. Stay vigilant, and don’t hesitate to simply call and ask us if you get something that raises your suspicions. We’re here to protect local businesses, and we hope that we can serve our community at the same time. If you’d like to talk about cybersecurity and how we can protect your business and its people, give us a call at (604) 513-9428.

Cybercrime and cybersecurity threats targeting businesses have increased consistently over the last several years, so it makes sense that it won’t slow down in 2025. Let’s take a look at a few insights so you know what to be ready for.

Cybercrime is a Business that is Driven by Money

Cybercriminals target small businesses because it’s profitable to do so. They know smaller businesses might not have the same level of protection as a much larger company, but they certainly have access to valuable data, and would be willing to pay a ransom to keep their data.

That means cybercriminals treat their own work like a business, and they are constantly researching and sharing new ways to exploit small businesses to get the most return.

Attacks Will Use Multiple Approaches

We’ve been seeing this a lot over the last year—cybersecurity attacks might include multiple stages with backup plans to infiltrate your network. It might start with a phishing attack, but if that fails, the cybercriminal might resort to using social engineering attacks over social media or the phone.

AI is Empowering Cybercriminals

AI is a pretty powerful tool for the average office worker, so it’s absolutely going to be leveraged by the bad guys. AI attacks make cybersecurity threats more personalized, faster, and harder to detect. Criminals can use AI to automate large-scale attacks and adjust their attack vectors more rapidly, making it much harder to defend yourself.

The Biggest Threat is the Unknown

When it comes to cybersecurity, the most devastating type of threat is the one you aren’t prepared for. New types of threats crop up all the time, and they tend to do the most widespread damage before the rest of the world is able to counter them. With the trends we’ve been seeing, and the insights above, cybersecurity is a critical part of doing business and needs to be taken seriously by every single organization.

Let’s Protect Your Business from Cybersecurity Threats

Let’s work together to make 2025 a great year for your business. We can help prevent cyberthreats, equip your business with the tools it needs to be safe, and monitor and maintain your IT to keep things running smoothly. To get started, give us a call at (604) 513-9428.

You would think that since millions of phishing attacks are ignored, set to spam, and actively mitigated each month, that there wouldn’t be such a desperate effort to educate people about the signs of phishing attacks, but the fact remains that it only takes one successful phishing attack to compromise an entire workstation, network, or computing infrastructure. 

Today, everyone that works for your company will need to be able to spot and report a phishing attack. Doing so can sometimes be extremely difficult if the spammer does his/her homework. Consider using and teaching these tips to keep your business from being a victim of a phishing attack.

1. The Email Gives You Anxiety

One of the first things you need to know about phishing emails is that they almost always push you to take impulsive action. That’s why so many people fall for them each year. They often seem like they are from a legitimate source and are written to deliver fear. If the contents of an email give you an uneasy feeling, and they seem a little out of scope for the sender, chances are it is a scam and should be reported.

2. It’s Zipped Up

Hackers will often send attachments with their phishing attacks. If you are sent a .zip file, and you don’t immediately recognize the sender, do not click on it. In fact, it’s best practice that any email sent with an attachment, if you don’t know exactly what it is, should be verified before being opened. 

3. URLs and Addresses are Fraudulent

If you can’t tell by the tone of the content, one telltale sign that you are dealing with a phishing attack is to look at the URLs of the links or the actual email address the message comes from. Hackers will often resort to small changes and redirects to get a recipient into a compromised position. If you hover your cursor over any link, you can see the URL it directs to in the status bar. If it is not a URL you immediately know, you should verify from the sender.

4. The Message is Sloppy

Today’s company is more cognizant of their brand and message than any time in history. If you receive an email that is filled with grammatical errors, misspelled words, and poorly defined sentences, you will want to avoid clicking on anything. Marketers today are trained to make an email as personal as they can. If your email has an impersonal message, chances are it wasn’t sent from a marketer and should be reported.

This may not be a comprehensive list, but by following these tips you will be better prepared to deal with a phishing message. The IT professionals at Coleman Technologies do a lot to drive forward security as an integral part of any IT management policy. To learn more about phishing, call our knowledgeable professionals at Coleman Technologies today at (604) 513-9428.

What Makes Spear Phishing Different?

As a rule, spear phishing is a much more precise and personalized process. To keep to the “fishing” analogy, a generalized phishing campaign casts a wide net, trying to snare as many victims as possible with their scam. Utilizing vague and generic language, the ‘typical’ phishing attack is made to appear to come from a large organization, informing the user of some need for the user to take action, resulting in the hacker gaining access to the user’s information. This methodology makes the typical phishing attack fairly effective against many people, while simultaneously easier to spot if one knows the warning signs.

By comparison, spear phishing is far more precise. Instead of trying to find value in the quantity of targets snared in a trap, spear phishing takes the opposite tack. Using a highly targeted approach, spear phishing attacks are directed toward a specific individual within an organization.

This specified approach means that the generic messages that many phishing attempts leverage simply won’t be enough to fool the intended target. Instead, the hacker has to play investigator, seeking out as much information as they can about their intended target. Where do they work? What is their position in the company? Who do they frequently communicate with? Once the hacker has collected enough information to create a convincing message, they will typically spoof an email to their target. This email will usually contain some reference to a known contact or some in-progress project to make it more convincing and will request that the recipient download a file via a provided link.

However, while the link will direct to what appears to be a Google Drive or Dropbox login page, it is just another layer to the deception. Entering credentials into this page will give them right to the hacker for their use, breaching the user’s security and putting the entire business at risk in one fell swoop.

What Methods Do Spear Phishers Use?

Due to how spear phishing works, the messages sent by hackers need to be as convincing as possible. Combining extensive research with some practical psychology, a hacker has more ammunition to power their attacks.

As mentioned above, spear phishing is far less generic than the average phishing attempt. By referencing specific people, things, and events that mean something to the target, or appearing to come from an internal authority (a manager, perhaps, or even the CEO), the hacker can create a message that is less likely to be questioned. If the hacker writes their messages without any spelling or grammatical errors, as many spear phishers do, it only becomes more convincing.

These hackers are so reliant upon their target being fooled; many will purchase domains that strongly resemble an official one. For instance, let’s say you owned the domain website-dot-com. If a hacker decided to pose as you to launch a spear phishing attack, they might purchase the domain vvebsite-dot-com. Without close inspection, the switch may not be noticed - especially if the hacker creates a good enough lookalike website.

Am I A Target?

Of course, the research that a hacker has to do to successfully pull off a spear phishing attack is extensive - not only do they have to identify their target, they also have to figure out the best way to scam this target. Generally speaking, a hacker seeking to leverage spear phishing will focus their efforts on anyone in an organization who could potentially access the information that the hacker wants but isn’t high up enough in the organization to question an assignment from above.

Or, in more certain terms, a business’ end users.

In order to minimize the chances that a spear phishing attack will be successful against your company, you need to make sure that everyone subscribes to a few best practices. For example:

• Pay attention to the finer details of an email. Is the message actually from This email address is being protected from spambots. You need JavaScript enabled to view it., or does the email address actually read This email address is being protected from spambots. You need JavaScript enabled to view it.? Did Christine/Kristine include any attachments? As these can be used to spread malware via email, you should avoid clicking on them unless you are certain the message is legitimate.
  
  
• Is the message written to sound overly urgent? Many phishing messages, especially spear phishing messages, will try to push an action by making it seem as though inaction will lead to a critical issue. Another warning sign to look out for: any deviation from standard operating procedures. Don’t be afraid to question a sudden switch from Google Drive to Dropbox - it may just be the question that stops a spear phishing attack.
  
  
• Speaking of questioning things, don’t hesitate to make sure that any messages you suspect may be spear phishing aren’t actually legitimate through some other means of communication. A quick phone call to the alleged sender will be well worth avoiding a data breach.
  
  

While spear phishing is a considerable threat to your business, it is far from the only thing you need to worry about. Coleman Technologies can help your business secure its IT solutions and optimize them for your use. To learn more, subscribe to our blog, and give us a call at (604) 513-9428.

It is so important to keep your business secure nowadays. Statistics show this to be the case. Don’t believe us? We can share a few of these stats and explore what they mean, just to prove it.

Predictions Place the Global Annual Cost of Cybercrime this Year at $8 Trillion

With an estimated 400 million or so small and medium-sized businesses around the world, that breaks down into $20,000 of damage to each. Of course, in the real world, cybercrime isn’t divided up so equally. Many companies will be impacted less, and others will be impacted a lot, lot more. Speaking of which…

By 2025, Cybercrime is Set to Reach $10.5 Trillion

That’s quite a jump, especially when you update the impact to each of the 400 million SMBs around the world. Instead of about $20,000 damage each, this figure equates to $26,250… which, again, would not be evenly distributed.

This makes it all the more clear that cybersecurity not only needs to be seen as a priority for the world’s SMBs (including those around British Columbia) now, but also and even more so in the future.

Phishing Attacks Were Blamed for 80% of Cybercrime in the Tech Sector

Phishing—or the use of fabricated communications to illicitly gain access to a resource—is a huge threat nowadays, simply because of its use as a kind of delivery system for other forms of attack. When four out of five attacks involve phishing in some way, you can’t afford not to be prepared to spot and stop it.

Hopefully, These Statistics Start to Illustrate the Importance of Cybersecurity

If you’d like to learn more about your business’ potential protections and what we can do to ensure them, make sure you give Coleman Technologies a call at (604) 513-9428.

The Cozy Bear Threat

According to the National Cyber Security Centre, a government security organization based in the United Kingdom, a hacking group known as “APT29” (also referred to as “the Dukes” or “Cozy Bear”) has actively targeted the research centers conducting research into developing a COVID-19 vaccine. These claims have been supported by both the United States’ National Security Agency and Canada’s Communications Security Establishment.

In fact, the National Cyber Security Center released a report that outlined the attack that the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency also endorses.

This report describes the use of various exploits in conjunction with spear phishing attacks by APT29. Both tactics give APT29 access to carry out the rest of their attacks, which often involves deploying malware known as WellMess or WellMail.

On a side note, some of these exploits have been patched, so make sure you’re also up to date on your patches as well.

Many experts also share the opinion that Cozy Bear has struck before, and that the current threat needs to be taken very seriously as a result. It is believed that APT29 was responsible for the 2016 intrusion into the Democratic National Committee’s systems, as reported by CNN. The group has also been linked to assorted attacks on healthcare, energy, governmental and diplomatic organizations, and think tanks in the past.

What is Spear Phishing?

Phishing is a form of hacking that targets the end user, rather than using software vulnerabilities, to gain access to a system. Spear phishing is a more direct form of phishing. Instead of sending a generic message to massive groups of potential targets to see who takes the bait, spear phishing is specifically directed to an individual with access to key data and resources.

While APT29 may not target your organization as a part of these efforts to steal research, it is nevertheless critical that you and your team can recognize a potential phishing attack and mitigate it before it causes significant problems. While the following is by no means a comprehensive list of warning signs, it is a good place to start educating your team:

• Always check the details. Many phishing attacks can be identified by close-but-no-cigar “From” addresses. When in doubt, try looking up the email address that sent an email.
• Proofread the message. While legitimate messages can contain terrible spelling and grammar mistakes, and attackers can more and more effectively mimic professional communications, many phishing messages can be rife with errors.
• Double-check. If possible, don’t be afraid to confirm that the email is legitimate by reaching out to the supposed sender (through some non-email form of communication) to confirm that they sent the message.

For more assistance in dealing with phishing attacks, reach out to us! At Coleman Technologies, we’re motivated to help prevent a phishing attack from impacting your operations. Give us a call at (604) 513-9428 to learn more.

It’s the holiday season, and you know what that means: lots of gift-giving and online shopping. Regardless of what you and your family celebrate this holiday season, you should be prepared to handle the influx of phishing attacks which always surface around this time every year, including both the usual methods and the more sophisticated ones.

Here are three strategies you can use to avoid phishing attacks and effectively navigate the holiday season without putting your financial or personal information at risk.

Check With the Online Retailer About Orders

Sometimes you might receive an email claiming that there is something wrong with an order. Maybe it’s your financial information, or maybe it’s your shipping information. In any case, these kinds of phishing tricks are using the commercialization of the holiday season to convince you to hand over your sensitive information.

If you receive an email or a text about an order that needs to be updated, then we recommend you go directly to the website in question and log in through their official login portal—especially not through any links contained in emails or text messages.

Don’t Click on Links in Emails (or Texts)

The same advice that works for untrusted links also applies during the holiday season, when emails and texts are being received by the dozens to ensure that orders are confirmed, payments are processed, and shipments are arriving. Don’t get so caught up in receiving these notifications in your email and on your smartphone that you forget to keep security in mind, though. It’s easy to send a text that looks like it is from some random retailer asking you to plug in your payment information again or to confirm a shipping address, only the message isn’t from a retailer and it’s instead coming from a hacker or other cybercriminal to either infect your system with malware or steal credentials from you.

Again, when in doubt, check your order information on the retailer’s official website, not from a link received in an email or to your smartphone.

Only Do Business with Trusted Retailers

This tip is more of just a “be careful of where you shop” caution. During the course of the holidays, people are browsing the Internet all over to find the perfect gifts for their loved ones. Sometimes this search might take them to corners of the Internet they didn’t know existed, where niche online shops thrive. While we are all for supporting small businesses, we just want to raise awareness of how you go about choosing who to trust for online purchases.

The basic premise of it is to only plug your card information into secured portals hosted by trusted retailers. Look at the company’s history, location information, support and other contact numbers, and so on to ensure they are an authentic and trustworthy person to purchase gifts through.

Stay safe this holiday season, and Coleman Technologies hopes you enjoy the time spent with your friends and family!

Phishing is a common trick where hackers pretend to be someone you trust to steal your personal information. For example, they might send an email that looks like it's from your bank, asking you to verify your account details. Here's why it's so effective.

Hackers Disguise Themselves

Hackers know you won't respond to random emails. So, they pretend to be someone you know or a company you trust, making you more likely to engage. For instance, they might mimic your favorite online store, prompting you to click on a malicious link. 

Always check who sent the message. If you're unsure, contact the person or company directly using known contact details.

Hackers Conceal Their True Intentions

If someone directly asked for your password, you'd refuse. But if they pose as tech support or offer a fake prize, you might be tempted. A common tactic is sending emails that claim you've won a lottery, urging you to click a link to claim your prize. 

If a message seems too good to be true or feels off, it might be a scam. Report such messages to your tech support or IT department.

Hackers Exploit Your Routine Actions

You're used to clicking links or downloading attachments in emails. Hackers take advantage of this habit. For example, they might send an email appearing to be an invoice from a service you use, tricking you into downloading malware. 

Pause and review emails carefully before clicking or downloading anything. If something seems suspicious, verify it first.

To protect yourself and your organization from phishing attacks, consider investing in professional security measures and comprehensive cybersecurity training. Regularly updating your knowledge about the latest phishing tactics can also help you stay vigilant.

Phishing is a common issue that businesses of all kinds can experience, whether they are a small startup or a large corporation. Hackers are always trying to extol information from your employees, including account credentials, remote access to your systems, and in some cases, funds directly from a bank account. It’s up to you to teach them how to identify and respond to phishing attacks.

Here are some strategies you can teach them for how to address phishing attacks against your infrastructure.

Be Wary of Unsolicited Requests—Especially Suspicious Ones

Chances are you’ve seen the messages you get in your inbox about confirming special offers or doing certain tasks, like clicking on a link or downloading an email attachment. More often than not, these types of unsolicited emails are phishing attempts designed to get you to act in a specific way. If you think a message looks suspicious, then it probably is, and you should flag the message as such so your IT can handle it. You might look for unprofessional language, misspelled words, or other similar telltale signs when you are making your decision.

Be Especially Careful with Phishing Links

Although they are not necessarily anything new, phishing links are still quite dangerous because they take almost no time at all to put together. A phishing link can come in the form of an email, social media message, or even a text message. Hackers will use every trick they can think of to get you to click on the link, and if you’re not careful, you might actually do it. Links can look legitimate even if they are not; for example, a zero could easily be slotted in the place of a capital “o.”

Use Alternative Methods of Identity Confirmation

Let’s say you get a message that you are truly 50-50 on. It could be real, or it could be a scam. If there is even a shadow of a doubt as to the authenticity of the message, you should consider reaching out to the other party through an alternative means, just to confirm that the sender is who they claim to be. For example, if it’s GoDaddy support, contact GoDaddy support through the phone number on their actual website rather than the one in the email message. If it’s an internal message, like one from your supervisor or your IT department, reach out to them with the contact information you have on-hand to verify their identity. In all cases, it’s better to be safe than sorry.

You can help your business stay protected against phishing attacks by working with Coleman Technologies. We can equip your organization with the tools to protect itself and the support your team needs to identify such messages. To learn more, call us at (604) 513-9428.