Coleman Technologies Blog

Microsoft’s Dedication to Security

Microsoft has as good of a handle on the nature of cybersecurity as any other major software company. The sustainability of their business and the effectiveness of their products are dependent on it. If their security software didn’t work well, there is no way they could sustain their place as the world’s most important software company, right?

One problem they are running into is that their security is SO effective, that hackers had to shift the ways they tried to infiltrate networks and steal data. The establishment of phishing is a social engineering term for duping a victim into downloading software that’s only purpose is to gain access to their personal data, which leads to data and identity theft, and in the case of business computing, access to much more.

Businesses Have Trouble with Security

Today’s business has to deal with a lot of different security issues. First, they are responsible for having the technology protections connected to each part of their computing infrastructure. This can be as simple as having the router-supplied firewall and an antimalware program loaded on their server. It’s likely, however, that the average business will need more coverage over their network to secure it, and the data stored behind those security platforms.

Next, and maybe most crucially, it is the business’ responsibility to train its staff on what kind of issues to look out for. Today, most malware infections and other infiltrations are the result of a mistake made by a person that has credentials and access to data. If your organization doesn’t properly train your staff on how to eliminate these threats, there is a fair chance that your network will be inundated with some type of malware at some point.

Microsoft 365 Security and Compliance

Microsoft, acknowledging the need for an enterprise product that combines the power of their Windows 10 operating system, the productivity options presented from Office 365, and powerful security and compliance controls, has launched Microsoft Office 365. The cloud-based solution presents the core computing resources that any business could use in a product that is available right now from Coleman Technologies.

Our knowledgeable technicians can help you find the right security platform for any of your business’ computing needs. Call us today at (604) 513-9428.

Your Computer Can Make You Money?
Certainly you’ve heard of cryptocurrency, which is a type of currency that is “mined” from a computer. The most common cryptocurrency is Bitcoin. Bitcoin is generated by computers that crunch through numbers. Some organizations have warehouses full of high-end servers that are constantly mining for Bitcoin. The average computer can’t really handle this task, but with enough of them, hackers can start to receive a considerable sum.

Why Is This Dangerous?
Cryptomining is dangerous particularly because of how intensive the process is. It can take a toll on the average device if it’s left unchecked. As previously stated, it takes an exceptionally powerful machine to effectively mine cryptocurrency. This causes the device to experience an abnormal amount of wear and tear. Over time, you’ll notice that your device will start to decrease in efficiency and slow down.

Other ways that this might affect a business is through the immediate costs associated with cryptomining affecting your hardware. You might notice an abnormally high electricity bill from a server being influenced by cryptomining, or a cloud-based service working too slowly. Either way, the end result is a negative effect for either your employees or your customers.

How You Can Protect Your Business
If you’re looking for cryptomining on your network, be sure to keep an eye out for suspicious network activity. Since the malware will be sending information over a connection, you’ll be able to identify suspicious activity during times when there shouldn’t be as much activity on your network. In this particular case, the data being sent is small, making it difficult to detect for businesses that transmit a lot of data.

Security professionals are turning toward machine learning to detect and eliminate cryptomining troubles on networks. Machine learning can analyze a network’s traffic for the telltale signs of cryptomining software. Another method is to use a SIEM solution that gives network administrators the power to discover consistent or repetitive issues from potential malware.

To keep your business safe from the looming threat of cryptojacking, you should implement measures to ensure all common methods of attack are covered, including spam, antivirus, content filters, and firewalls. To learn more, reach out to us at (604) 513-9428.

What is Encryption?
Encryption is a security measure meant to thwart any would-be hackers from using your stolen data to further their ambitions. Think about it like this; without encryption, hackers would gain access to your files, plain as day. Encryption provides a measure that keeps hackers from using your organization’s data even if they were to gain access to it. It essentially scrambles data to everyone who doesn’t have the decryption key, rendering it useless.

One particular technology that uses encryption to a considerable degree is a virtual private network, or VPN. A VPN can connect your employees to your infrastructure regardless of their location in a secure way. Think of it like this; the connection between your employee’s device and your network is normally a clear tube that can be observed by anyone ambitious enough to look for it. Rather than leave it as is, encryption makes the tube opaque--enough to obscure what’s inside so it’s not quite clear for any unwanted onlookers.

Why is it Important?
You can imagine the immense importance of encryption in today’s data-oriented business world. If you’re not taking every measure possible to secure your data, you could be making a huge mistake. Encryption in particular is important for assuming the absolute worst. You can never know when your data will be stolen, so it’s best to take preventative measures to ensure that it will cause a minimal amount of damage should it occur. If your encrypted data is stolen, it will simply be unusable without spending far too much effort to get the data into a readable state.

Coleman Technologies can equip your business with encryption services that you can count on to keep your data as safe as can be. To learn more, reach out to us at (604) 513-9428.

Shadow IT
In a lot of ways, productivity is a lot like the thing it produces, money. People will do anything to get more of it. Businesses, have a plan; and, while they also want to maximize productivity and money, they typically don’t put their whole enterprise in jeopardy to get a little bit more of it. Shadow IT is the process in which an employee will download and use a piece of software that hasn’t been tested or passed by a company’s IT administrator to try and get a little more done.

Often times, the employee is just showing initiative, with no real knowledge that by downloading and utilizing a certain off-brand software that they have just put their whole business in danger. This wouldn’t be such a major deal if it was an isolated incident, but studies show that nearly 80 percent of all employees admit to utilizing software that wasn’t selected, tested, and released for use by their IT administrator. These apps may have vulnerabilities that would-be infiltrators can take advantage of. That is why it is important to utilize the software that has been vetted by the company, even if that means losing out on a bit of productivity.

Cryptojacking
There are well over 1,500 different cryptocurrencies, and in 2018 crytojacking, the strategy of using malware to use a target computer’s resources to mine for cryptocurrency was a major problem for businesses. Since this is a computationally complex task, it significantly reduces the computer’s effectiveness and longevity. As a result, cryptojacking has become en vogue for hackers and others looking to mine cryptocurrency without the investment necessary to do it.

Most studies show that the effect of cryptojacking could get way worse in 2019 since the value of cryptocurrency has fallen significantly over the past year. This means more machines mining for crypto are necessary, and thus more attacks. Users are just learning how these attacks are carried out and how to protect their business against them.

Ransomware
While there was a reported reduction in the number of ransomware cases in 2018, it still remains a major concern for any business looking to build a comprehensive network security strategy. Ransomware, of course, is a strain of malware that encrypts parts of or entire computing systems and then demands payment in cryptocurrency in a set amount of time for safe return of the files/access.

Hackers using ransomware have taken to targeting healthcare organizations’ networks for the breadth of the sensitive data they hold on them. They’ve also began to target operational technology systems, since, as with healthcare, costs of restoration of these systems (rather than payment) are prohibitive. This produces a little more urgency to get the problem resolved.

Unsecured Internet of Things
The Internet of Things keeps expanding, but so does the security threats to networks as a result of security-light devices. With more and more devices presenting security problems for businesses and individuals alike, it becomes important to ascertain exactly what devices are present on your network at any given time. Remember, even if a security-less IoT device is connected to a network-attached smartphone, it still offers up a major vulnerability.

While this is a major threat, there has been a push to improve the security of IoT devices as of late. With more security-minded companies developing useful smart products, these concerns will begin to take a back seat. But until that shift has been well documented, you’ll want to be diligent in the manner in which you utilize IoT devices.

Phishing
No business goes very long without getting some type of phishing email. In fact, it is estimated that 156 million phishing emails are sent every day, making it the most used practice by hackers everywhere. The way it works is that since most accounts are secure enough not to be guessed outright, hackers search for ways for people to help them gain access to the accounts they want to get in to. Nearly every successful cyber attack begins with a successful phishing scheme.

A specific example called business email compromise (BEC) which targets specific members of an organization is responsible for over $12 billion in losses across the globe. Once thought to be an email scam that could be mitigated with strong spam filters, today’s phishing scam is taking on a new shape by utilizing text messaging, instant messaging, phone calls, and even the seemingly-benign social media quiz to gain access to business networks.

2019 is lining up to be another stellar year for business technology, and as more tech is used, more threats come with them. If you would like any more information about how to prioritize network security, give our IT experts a call at (604) 513-9428 today.

The Smartwatch
The smartwatch market as we know it today has existed for almost a decade, surprisingly enough, but the first smartwatch was developed in the late ‘90s. A smartwatch is seen today as more of a peripheral for a smartphone. They come in several different shapes, sizes, and styles, but they all tend to provide some kind of utility to the user. Here are some of the main benefits of using a smartwatch:

• Convenience: You can’t beat the convenience of checking your watch and getting access to all kinds of information, like notifications, calendar events, and so much more. Modern smartwatches also give users the ability to search for information, and the processing power of these devices gives smartwatch users the ability to perform several actions that a smartphone can accomplish.
• Functionality: The latest smartwatches have several features that give users lots of functionality. They can integrate with applications and take advantage of other practical functions, making them as useful as you want them to be. In this way, smartwatch manufacturers continue to push the boundaries of what’s possible with wearable technologies.
• Discretion: Discretion is probably the most important part of using a smartwatch, as it’s much easier and more discreet to use it than pulling out a smartphone. Most smartphones have the capability to push notifications to your smartwatch, including those from social networks, messages, weather, and so on. More than anything else, it at least keeps you from being rude and checking your smartphone in the middle of a conversation.

Security Issues
The primary issue that comes from wearable technology is that it connects to your mobile device through a Bluetooth connection. Since they also connection to Wi-Fi networks, they are being exposed to two potential ways of being breached. Businesses that prioritize security (read: all businesses should prioritize security) need to be particularly wary of wearables, especially in regard to a Bring Your Own Device policy.

The modern hacker will use any opportunity they can find to hack into a device, and since wearables are particularly vulnerable to this due to the modes of connection they contain, they provide additional access points that create issues for businesses. If a hacker can gain access through an application at the wearable level, it could potentially compromise even the connected device and any network it’s attached to.

Industry experts might agree that the lack of wearable security isn’t a major concern overall, but it’s still something that you should be addressing with your business’ mobile device policy. Here are some ideas to think about:

• If you are accidentally collecting electronic Protected Health Information (ePHI), you could be putting your organization at risk of breaching healthcare standards set by HIPAA. You should limit your employee’s fitness and wellness data collection on company-owned wearables and devices whenever possible.
• Be wary of what can happen if you fail to educate your employees about the importance of protecting wearables. Be sure to remind them that they aren’t just putting business data at risk, but also their own individual data. It’s imperative that your employees understand how to best protect these devices.
• Focus on the management of these devices, as there are no proper anti-malware solutions for IoT devices.

For assistance with planning out a wearable strategy for use with your Bring Your Own Device policy, be sure to reach out to us at (604) 513-9428.

If you don’t have guards or security cameras in place, you’re more likely to suffer from a physical security breach, which can be just as devastating as a digital breach. Ask yourself how comprehensive your security really is. After all, the new year has just hit, so why not use it as an opportunity to protect your business’ physical assets? With so many cyber threats out there these days, it’s no surprise that organizations focus on the digital aspect of security, but some people are just old-fashioned and would rather infiltrate a business the traditional way.

It’s also important to keep in mind that not everyone is going to be the perfect employee. You might have a couple of bad apples in the bunch that see technology and want it for themselves. In this case, digital security might not mean much, but physical security like locked doors and so on could make all the difference in keeping them from making decisions that are bad for both themselves and your business.

Basically, you need to take this two-pronged approach--one that considers both digital security and physical security--for the following reasons:

• Data access is restricted to those within your organization, but even the best employees make mistakes.
• A tiered approach means that employees only have permission to access data they need for their immediate work responsibilities.
• Knowing who is accessing devices and data, as well as when they are doing so, can help you to resolve issues as they occur.

Let’s consider a couple of scenarios where it helps to have physical and digital security. Access control limits who can access specific information, so if the data is corrupt or missing, then you’ll have a clear idea for who is responsible for it. On the off-chance that it wasn’t the employee, then you know their credentials have been stolen and abused by a cybercriminal. Access monitoring is helpful for this, as it can also determine when someone is accessing data, as well as where they are located. Thus, if someone from another country is accessing data in the wee hours of the morning, it’s likely that you have a digital security problem on your hands.

As far as physical security goes, consider what would happen if you didn’t keep track of who checks out devices. For example, let’s say you have company laptops that can be checked out for use by your employees. If you’re not keeping track of who checks out what device, you’ll never know who currently has the devices in their possession, as well as when they were last taken out. It makes it astonishingly easy to get away with stealing a device.

Therefore, in order to make sure that you’re keeping your data as secure as possible from all avenues of attacks, we recommend you work with the folks from Coleman Technologies. We can help you ensure security. To learn more, reach out to us at (604) 513-9428.

Today, we aim to fix that. We will review why a Google account is so important to keep secure, as well as a few means and methods of doing so.

How a Google Account Can Be So Valuable
The purpose of the Internet has evolved greatly in the relatively few years it has been around. Today, the Internet is largely used as a communications and information sharing tool - true to its roots. This is where the name Internet comes from: inter (reciprocal or shared) and network (a system of connected things). However, as new purposes for the Internet emerged over time, circumstances changed, and the view of the Internet shifted.

The Internet was always meant for sharing information, from the very first inklings of an idea. In 1962, J.C.R. Licklider of MIT wrote up a series of memos that illustrated a system of interconnected computers, intended to share programs and data the world over, that he coined the “Galactic Network.” This idea of sharing information was also the driving force behind Sir Tim Berners-Lee’s development of the World Wide Web. As Sir Berners-Lee said:

“Had the technology been proprietary, and in my total control, it would probably not have taken off. You can’t propose that something be a universal space and at the same time keep control of it.”

In many ways, these ideals are retained in today’s environment. Online sharing is at its peak, social media and collaboration fulling leveraging a network that is, for the most part, still free of control by any central source. These are ideals that have developed into the demand for net neutrality and open-access information. However, while these ideals have been largely upheld, there are a few notable caveats that give us a more accurate view of today’s Internet.

As the Internet grew in capability, it also grew in utility… many of which featuring the need for greater security and privacy. With the confidential information that only select users should be accessing growing in popularity within Internet-based communications, this spurred a balance to the Internet that both individuals and businesses can appreciate, and that Google has shaped its offerings around.

From its beginnings as a dissertation project by two Stamford doctorate students, Google has grown into the dominant force online today. Businesses use its G Suite applications every day, as private users leverage some of their other services to their own benefit. Many people, both for business and personal use, leverage Gmail. Let’s face it, Gmail is just useful, whether you use it for work, or just maintain an account to open accounts with other web services.

It is this last point that makes your Google account’s security so important to maintain.

How many of your online accounts are accessible by Google? On the subject, how many of your accounts would be compromised if your Google account was first?

The Impact
This is the double-edged sword of a Google account. On the one hand, it only makes sense to use a Google account to create others, either using your associated Gmail address or linking it directly. The convenience is inarguable, and Google does equip these resources with reasonable security standards. So why not use a Google account?

Unfortunately, there’s one critical consideration that doing so adds into your security equation, that many overlook:

Linking an account to your Google account ties your Google account’s security to it directly.

This means that, if your Google account was to be compromised, all of the accounts you had connected to it are also compromised by association. Depending on what you had saved in this way, that could have some devastating ramifications.

Finding Out How Devastating
If you’re on your desktop right now, you can access your Google account by clicking here. In the Security section, you can review all the devices that your Google account has been active on, all the third-party applications with access to your account, and all the websites that are utilizing Google Smart Lock.

Is this list longer than you would have expected? Does it include your bank?

If it does, all it would take for someone to defraud you would be to access your Google account--or even lock you out of your own bank, resetting your bank credentials by using your Gmail account to activate an account recovery process.

A Solution
Again, this creates a conflict between two priorities: convenience against security. While the convenience could make anything that you use online more efficient in both your professional and personal life, nothing is worth compromising the security of either. So… where do we stand?

Like any conflict between two interests, the ideal place to meet is in the middle. In this case, it is the conclusion that you can have the best of both worlds--you just have to make sure that your Google account is secured properly.

While it would be great if there was, there just isn’t an option somewhere in Google you can select to make everything perfectly secure, just like that. Having said this, it is just a matter of taking a few precautions.

Securing Your Google Account
The first thing to securing any account is to understand that it isn’t a one-time activity and will need to be revisited periodically to make sure that everything remains secure. You should keep an eye out for news stories that discuss breaches among any of the organizations you have an account with, as you will still need to alter your credentials for these accounts.

Once this is set, there are a few best practices that it would be in your best interest to follow.

Passwords and Account Security
While all of your accounts should have the protection of a strong password, the fact that your Google account serves as a repository for your others make it only more crucial to implement one to its authentication measures. To accomplish this, make sure the password or passphrase you select is well in keeping with best practices, and that your Google account is the only account secured with it.

You should also be careful about what you are using to access your account. Any device that is available to the public should be avoided, as they are not only magnets for viruses and other digitally-based cyberthreats, but a cybercriminal could potentially retrieve your credentials from the device you used and thereby gain access to your account. Public Wi-Fi signals can have very similar issues, so use a secured, private connection whenever possible.

Two-Factor Authentication (2FA)
There is also the option to make your Google account ask more of someone trying to access it, a secondary code sent to you in a text message, delivered in the Google Authenticator application, or dictated through a direct call to your mobile device. By enabling 2FA, you can greatly decrease the likelihood that a cybercriminal will have everything they need to get in, assuming they don’t have access to your phone as well. We generally recommend that you utilize Google Authenticator, as it is the most secure of those three options.

You can also use your Google account to access a list of one-time authentication codes that you can print out and keep with you. This way, if you need to access your account and don’t have your phone handy, you can reference these to get in. If you run out of codes or lose the list, you can easily reset them and start over.

To set up these features, log in to your Google account.

At the end of the day, you don’t have to sacrifice the convenience of Google, as long as you have protected it responsibly. Coleman Technologies has the expertise to help you manage this security, as well as the rest of your business’ IT solutions and infrastructure. Call (604) 513-9428 to learn more.

What Apps?
First, we’ll start with a complete list of the apps that had been infested with this nefarious code:

• Sparkle FlashLight
• Snake Attack
• Math Solver
• ShapeSorter
• Tak A Trip
• Magnifeye
• Join Up
• Zombie Killer
• Space Rocket
• Neon Pong
• Just Flashlight
• Table Soccer
• Cliff Diver
• Box Stack
• Jelly Slice
• AK Blackjack
• Color Tiles
• Animal Match
• Roulette Mania
• HexaFall
• HexaBlocks
• PairZap

What Did These Apps Do?
SophosLabs found a cache of apps that feature what they call “Andr/Clickr-ad” malware. These applications are engineered with maximum flexibility in mind. They could contact a common attacker-controller server to download what is called an ad-fraud module. It does this every 80 seconds. The malware simply opened a non-visible window and would repeatedly click on ads, making the network look like it was getting more traffic, fraudulently enhancing the developers’ revenue.

No specific ad network was specified by Sophos, but users who had downloaded these applications would see a decrease in the battery life and/or an increase in the amount of data their device would use. One strange part of this is that some of the ad traffic was able to identify itself as from coming from iPhones, despite this appearing on Android-only apps. They came from “Apple models ranging from iPhone 5 to 8 Plus and from 249 different forged models from 33 distinct brands of Android phones.” This ploy was used as a way to increase revenues further as some advertisers will pay a premium to get their ads onto Apple devices. iOS versions of the apps, largely by the same developers, didn’t have the malicious code integrated.

Download Legit Apps
How can you go about making sure that you aren’t part of this problem? Download legitimate applications. Some of the best ways to make sure the apps you are downloading are legit, include:

• Read a lot of reviews - Much of the information you will need to see the legitimacy of an application can be found in the review of the app in the store. If you make a point to read eight or more reviews, you will quickly get a good idea about how functional the application is.
• Check app permissions - Applications need permission from a user to use the core functions of the phone. If the application in question tends to need access to functions that it shouldn’t, you should be skeptical about the application.
• Check the terms and conditions - Most people don’t go through the terms and conditions of anything, let alone an application for their smartphone. Even if you do make a point to read them, the amount of legalese found is akin to a lullaby or a warm glass of milk. The problem for users is that there is a lot of good information about the applications, and specifically how it uses data. If you do set aside some time to read about it, check out some language that is relevant to the way you use the application.
• Research the developer - Nowadays, software development is filled with people that are looking to make a name for themselves. This type of ambition can lead to bad decision making. If you take some time to do some basic research about the developer of an app you have reason to question, you’ll likely find the truth of whether they can be trusted or not. If they want to be known, they likely promote their work via social media, so, start there.

Android has millions of legitimate applications on the Google Play Store, so worrying whether or not you’ve downloaded one that will put your data at risk shouldn’t be too worrisome as long as you stick to our best practices. To learn more about technology, security, and mobile strategies, call Coleman Technologies today at (604) 513-9428.

The Now:
It’s the holiday season, which means that many will find that themselves traveling, either to visit family and friends or to seek out more agreeable climates. However, business being what it is, many will also still be trying to get work done during their travels.

Thanks to the incredible capabilities of the mobile devices we have today, this is made much easier. A business that leverages cloud solutions offers mobile users an exceptional amount of maneuverability, and the popularity of Bring Your Own Device policies have made it so that the resources needed to accomplish work goals are never too far away. Yet, this access is a catch-22, as it also means that data can be easily lost, far from the business’ location and the protections it should have in place.

Resultantly, there are a multitude of ways that a cybercriminal can come into possession of your data, either personal or professional. Fortunately, there are some ways to help prevent this from happening as well.

• Public Wi-Fi is Too Public: When out in public, you’ll want to avoid connecting to public Wi-Fi networks when shopping or accessing sensitive information. We all know that hunting for the best deals is made much easier when you can look up prices online, but you’ll want to use your data instead. Public signals make hackers’ jobs that much easier with their typically insufficient security standards.
• Charity Good, Charity Scams Bad: These phishing variants can come in via all avenues, but very commonly take the form of calls and text messages. A scammer pretends to be working for some charity, but in actuality, just wants your money and data for themselves. If you receive what you believe to be a charity scam attempt, you’d be wise to do some research into who is asking for it before handing over your data, payment information or otherwise.
• Charge Carefully: Whether you’re at the airport during a layover and trying to eke a few more minutes out of your device, or you’re deal-hunting online as you’re wandering the mall, you need to make sure you’re being smart about how you’re keeping your device charged. Many attackers will hide attacks in charging stations, waiting to strike whomever connects.

The Then:
Of course, these hacks and threats aren’t going to end after the holiday season is over. Moving into 2019, the above threats are still going to be just as large of a problem, along with many other threats. Much of this will be in part due to our reliance on mobile devices.

Hackers will still be able to intercept data exchanged on an unsecure network, more devices will become outdated and insecure (you may want to peek at some of those holiday deals for an upgrade), and yes, more people will enable these threats through uninformed decisions. You need to make sure that your business isn’t influenced by threats like these.

Coleman Technologies can help. Get your business a holiday gift by calling (604) 513-9428 and speaking to us about our managed IT services.

Chances are, you’re all too familiar with exactly the kind of scam I’m describing. The one that makes the Do Not Call List sound like wishful thinking, that makes it look like someone from your area - or even your contacts list - is trying to reach you.

Chances are, you’ve answered one of these calls, only to hear silence, broken after you say “Hello?” As soon as you do, a (likely prerecorded) voice launches into its tirade, being a nuisance and bothering people.

Chances are, you may have even received angry phone calls from people you’ve never met, let alone called, claiming that your number has been the source of repeated calls just like these.

You aren’t alone.

Unfortunately, the scammers responsible are talented at skirting rules and regulations.
Calls like these have been harassing users for quite some time, simply because the scammers understand how to cheat and find loopholes. This is all despite the efforts of regulatory bodies like the FCC (the Federal Communications Commission).

In November of 2017, the FCC enabled telephone providers to block calls that were presumably fraudulent. This was based on many factors, like the calls coming from invalid numbers or numbers with no service provider attached.

However, the rules outlined in the 2017 Call Blocking Order weren’t enough to stop scam robocalls for long.

Now, we all have had to deal with the huge nuisance of neighbor spoofing. Neighbor spoofing has almost certainly affected you directly, and if you’ve been lucky enough to avoid it, it’s happened to someone you know.

But you may be asking, what is neighbor spoofing?
If your phone rang, and you have caller ID enabled, you’ve probably developed the habit of checking the number before you answer it - after all, a local number is probably safe to pick up.

Neighbor spoofing has made it so that assumption is no longer the case.

Instead of using a fake number to call their targets, scammers using neighbor spoofing will actually use someone’s real number to call someone relatively nearby - sometimes literally next door. If you’ve ever received an angry phone call from someone demanding an explanation for someone with your number repeatedly calling them and harassing them, your number just so happened to be the one that these cybercriminals spoofed.

There have even been reports of people receiving calls from their own number, claiming to be from the phone company as an attempt to “verify a hacked account.”

Neighbor spoofing is also a very effective method for scammers because it can bamboozle the automated protections already in place to stop scam calls, just like it fools the targeted phone’s user. This also keeps the Do Not Call list from affecting these scammers’ attempts (as if it ever stopped them before).

Additionally, many apps may add some unwanted complications, even if they are effective.
There are mobile applications available that are intended to stop robocalls from ringing your smartphone in the first place. One such application, the aptly-named RoboKiller, does this in two ways. First, RoboKiller references a list of numbers identified as spam, and blocks these calls completely. Second, it uses a patented analysis of the call’s audio fingerprint to compare it to those of other spam calls. Regardless of the number it appears to come from, RoboKiller can identify if it is a match to a known attempt.

You’ll only know that you were targeted after you read the notification that RoboKiller provides.

Meanwhile, RoboKiller responds to the scammer with a time-wasting prerecorded message. You can then review the calls that RoboKiller blocked by opening the app on your phone. There, you can listen to a recording of blocked calls to determine which calls were spam, and which were legitimate attempts to reach you. From there, you can whitelist a number by pressing the Allow button.

Users of RoboKiller can also add numbers to their list of permitted callers to allow them to come through. RoboKiller is a subscription-based application that charges $2.99 each month ($24.99 for an annual subscription), which may be seen as a relatively low cost if you’ve received enough of these calls.

As RoboKiller states on their website, “With RoboKiller, you don’t stop neighbor spoofing. You take action in the fight against the robocall epidemic.”

However, this approach isn’t without some worries.

For one, consider the cost of admission for this app. Yes, $2.99 may seem like a bargain if you have a smartphone, but what about all the people who still don’t? Furthermore, many mobile users today are of older generations, and may not understand how to work the application (or again, may not have a device that is compatible with the app). Yet, these worries may not be necessary for long.

Both the government and the telecom industry have had enough.
It wasn’t long after the 2017 Call Blocking Order was released that the attorneys general from a full 40 states came together to form the Robocall Technologies Working Group. This is a bipartisan commission intent on collaborating with service providers to learn about robocalling technology with the ultimate goal of stopping it.

On October 8th, the attorneys general of 35 of those states signed a letter to the FCC stating that the efforts of law enforcement had not and would not be sufficient to stop abusive scam attempts and robocalls. In this letter, the attorneys state some chilling facts:

• 30.5 billion illegal robocalls were made in 2017 alone, up from the estimated 2016 total of 29.3 billion.
• Estimates have placed the total calls made by the end of 2018 to be somewhere near 40 billion.
• Phone scams allowed cybercriminals to steal an estimated $9.5 billion in 2017.
• August of this year saw 1.8 billion scam attempts in the 4 billion illegal robocalls made that month.

Facts like these only highlight the pervasiveness of these scams, and how important it truly is to eliminate them as much as possible. In fact, the Federal Communications Commission has gone on the record to demand that mobile providers figure out a standardized system to help prevent these calls from reaching mobile users, echoing the demands made by the attorneys general.

This system would rely on call authentication to ensure that only legitimate calls would make it though, and that spoofed calls would be caught by requiring all calls be verified as coming from the correct source.

Not only did Commissioner Ajit Pai release a statement to the press demanding that this system be created, he sent a letter to 14 telecom CEOs, including AT&T’s John Donovan, Charter’s Tom Rutledge, Verizon’s Hans Vesterburg, T-Mobile’s John Legere, Comcast’s Brian Roberts, and Google’s Sundar Pichai.

Pai demanded that these changes be ready to deploy in one year, giving telecoms a ticking clock to establish what they call the SHAKEN/STIR framework (Secure Handling of Asserted information using toKENs/Secure Telephone Identity Revisited). This move was met with the approval of the attorneys general, who went on to encourage the FCC “to implement additional reforms, as necessary, to respond to technological advances that make illegal robocalls and illegal spoofing such a difficult problem to solve.”

As the attorneys general said: “Only by working together, and utilizing every tool at our disposal, can we hope to eradicate this noxious intrusion on consumers’ lives.” Fortunately, this will also benefit the businesses that have been affected.

With any luck, we’ll only have to deal with the robocalling nuisance a little while longer. For assistance in keeping other scams from interrupting your business and putting it at risk, reach out to Coleman Technologies. We have the experience to stop the other threats you would otherwise deal with on a daily basis. Call (604) 513-9428 today.

What’s the Problem?
What’s the first thing that anyone who prefers Google Chrome does when they open Microsoft Edge? Simple--they download Google Chrome. Since Chrome isn’t available by default on Windows 10 devices, users have to download it, which means that they are reliant on Bing’s search results to find Google Chrome. The problem with this is that some malware sites have disguised themselves as sponsored ads for Google Chrome in Bing’s search results.

These sponsored ads would appear when a user searches for Google Chrome in the Bing search engine. Basically, instead of a legitimate sponsored ad leading to the Google Chrome download page, the malicious ad would instead bring the user to a phishing site disguised to look like the Google Chrome download page. This page would have a URL of ‘googleonline2018.com.’ If you try to access this page through Google Chrome, it’s actually blocked, but Bing and Edge don’t do this, making it a huge security issue.

These Issues Aren’t the First
Making the situation even worse is that this isn’t the first time Bing has encountered issues like this. Even as far back as April of this year, this same threat was reportedly identical to the recent version. The ad has been pulled as of this writing, but it’s strange that no explanation has been issued regarding this threat by Google, or even a confirmation that the issue has been resolved. All of these factors combine to create a situation where it’s not that unbelievable a situation like this could happen again.

Other Bing Problems
There are other problems related to Bing that have caused issues in the past, including a history of providing offensive or alarming content through its image search. For example, if you were to search for objectively neutral terms, there is a chance that, even with SafeSearch on, the image search will deliver racist search suggestions or other similarly-offensive content. Bing has also been known to push conspiracy theories through its suggested searches. Searching for the wrong thing could potentially expose users to material that they didn’t want to view in the first place, or content that could land viewers in hot water with the law.

To remain updated on similar situations to those explained above, as well as the latest security breaches and threats, subscribe to Coleman Technologies’s blog.

Applying Software Patches
It should be clear that software patches are designed to fix security problems and improve the functionality of the software, but some organizations simply don’t have time to implement them manually, or they simply don’t understand the purpose for them. Part of the problem is that sometimes the developers aren’t necessarily clear that patches are available, while other times those within your organization may not even know how to administer them. Regardless of the reason, there are usually problems on a network that will go unattended for extended periods of time.

Most hackers only want to take advantage of the issues they can detect. Thus, there could be countless threats out there designed to target countless unpatched vulnerabilities on your network that not even the hackers can know about. It makes sense for a hacker to use just one exploit to target a handful of vulnerabilities. Therefore, it’s important to make sure that all software that you use is updated and patched.

Additionally, your systems shouldn’t be running unused programs. The more software you have, the more ways hackers can take advantage of your organization’s network vulnerabilities. Moreover, you might even be wasting revenue on renewing software licenses that you don’t even need, so it’s best perform a network audit from time to time to get the worthless software off your infrastructure.

Dodging Social Engineering Attempts
Social engineering is broadly categorized as any method that takes advantage of unprepared users or those who are ignorant of solid network security practices. Examples include a phone call or email message claiming that the network has been breached by a foreign entity and that “tech support” needs to remote into the computer and resolve the issue. There are other, more subtle methods as well, such as targeted spear phishing attacks that go after specific users with personal information that convince them that the hacker is someone in authority.

These types of attacks vary in sophistication, but they can range anywhere from an employee receiving a message claiming that they’ve won a prize, to the intruder physically following your employees into the office and stealing sensitive data manually. In instances like these, a little bit of employee training can go a long way. Teach them to look for anything suspicious, and inform them that vigilance is incredibly important in the workplace.

These two security improvements barely scratch the surface of what your organization should be focusing on for network security. If you want to fully protect your business to the best of your ability, give us a call at (604) 513-9428.