Technology

WannaCry Ransomware: The Biggest Ransomware Outbreak in History

Rocket IT

The newest ransomware threat sweeping the digital world, WannaCry (also known as WCry, Wana Decrypt0r, or WannaCrypt) is being hailed by security experts as “the biggest ransomware outbreak in history.” Over the weekend, WannaCry has infected organizations all over the world, such as FedEx, the United Kingdom’s National Health System hospitals, Nissan, and many more. That these are high-profile targets doesn’t mean, however, that small businesses have been exempt from the outbreak.

The WannaCry virus infects individual computers through corrupted email attachments and can spread to infect entire networks.  Like other ransomware, WannaCry encrypts data on your PC and offers to send you the decryption key at a price. Since this malware spreads so quickly, all it takes is one user clicking on one of these phishing email attachments to infect your entire network.

So what’s the best way to combat ransomware like WannaCry?

Make sure your firewall firmware is up to date and that your end users are educated on email attachment best practices and how to identify malicious links.

Do not open any unexpected email attachments, even if they come from a trusted source. Hackers can spoof legitimate email addresses and may appear as someone in your address book.

If you receive an unexpected attachment that you think may be important, create a new email to follow up with the individual from whom that attachment was sent. If you hit “Reply” to the original email containing the attachment, your response will go straight to the person who sent that original email, even if that person is not the actual owner of that email address.

How does this affect you? If you’re a Rocket IT client, we are carefully monitoring the situation, and our clients have been protected by our managed firewalls and spam filters. Investing in the right managed security services can save your organization from falling victim to the latest cryptovirus.

For companies that have been infected by ransomware, having good backups can save you from the tough choice between significant data loss and paying the fee demanded by the hackers who have encrypted your files.

We’re only in the second quarter of the Year of Ransomware. Take the proper precautions to educate your employees and protect your organization from becoming the next victim.

For up-to-date news on the WannaCry virus, follow KnowBe4’s real-time article.

 

 


 

About the Author-

Jason Hand loves making music, serving his church and getting people excited about technology tools. He currently lives in Georgia with wife and two adopted sons.  Jason is the Systems Administrator at Rocket IT.

 

Inefficiency is the enemy of a profitable, thriving business. What would a 2.5% increase in utilization mean to your organization? Download our FREE whitepaper for five easy steps to increase employee productivity at no additional payroll cost.

 

 

 

 

Read More
Technology

From the Desk of the vCIO: How to Choose an Internet Service Provider (ISP)

Rocket IT

Setting up a new office, adding a secondary Internet connection, or replacing an expensive/poor ISP is a daunting task.  The variety of services, contract types, acronyms, and other traps in the buying process can be overwhelming and leave you stuck with a bad contract.

When selecting the right ISP for your organization, there are four basic questions you’ll need to answer. Let’s break down the various options to help you hone in on a provider:

 

Question 1 – What type of Internet Connection is even available to my building? – Fiber, Cable, T-1, Wireless?

Before we dive into the plethora of vendors, costs, and speeds, we need to determine what types of service can even be delivered to your building.  If your building is in a bustling office park, you can expect to have a wide range of choices.  If your building is in a rural location, you may be limited to only T-1’s or Wireless connections (we’ll talk about what that means to you in the next section). Do some research on what’s available in your area so you know what you have to choose from.

We can help with narrowing this down for you!  Give us a call.

Question 2 – How is the Internet Connection delivered to your building? – Fiber, Cable, T-1, or Wireless?

The biggest factor in cost, performance, and reliability in an Internet connection is the medium by which it is delivered to your building. Now that you know what’s available, here’s what the difference in those options means to you. You may have more than one available, so pick the best one for your needs and budget.

  • Fiber – highest cost, highest bandwidth, highest reliability. Recommended when the Internet connection is a critical part of your business.  Costs range between $600 and up.
  • Cable – recommended as a secondary connection. Low cost, high bandwidth, mediocre reliability.
  • T-1 – high cost, lowest bandwidth, highest reliability. An older technology at this point, and should only be used if no other reasonable options exist.
  • Wireless – moderately high cost, moderate bandwidth, ? reliability. In some areas, it’s possible to do point-to-point high-speed wireless signals.  Most appropriate when other technologies don’t exist.

Question 3- How much bandwidth do I need? 

The bandwidth is your pipeline, so it determines the speed of your connection. We measure that in megabits per second or Mbps. For an office staff relying heavily on the Internet, a rough rule of thumb is to expect that each employee will require 1 Mbps of bandwidth for a smooth experience.

  • Fiber’s bandwidth generally ranges between 10 and 2,000 Mbps.
  • Cable is generally 50-200 Mbps.
  • T-1’s are 1.5 Mbps each (which is why they are poor options, being so low!)
  • Wireless is in the 10-100 Mbps.

The more devices you have connected to your network, and the more active they are on it, the more bandwidth you’ll want. This isn’t just limited to your employees’ desktops anymore. This also includes smartphones, tablets, and anything else that communicates with the outside world. Also, if you work with large files, stream video or audio a lot, or use cloud services, then you’ll want more bandwidth available. When looking at what you’ll need, keep in mind that you won’t want to just focus on how much you download, but also on how much you upload.

Question 4 – Do you need phone service on your ISP connection?  Which type?

Nearly every ISP offers optionally-bundled phone services with their Internet Connection services.  These can often be secured at a reasonable cost alongside Internet.

If you do need Internet, you’ll need to know how many concurrent phone lines you require – what is the maximum number of users who will be on the phone with external parties at once?

You’ll also need to know what type of phone system you have. Your phone vendor can assist with this, and help you make the right decision for your organization.

 

Now that we know what the choices are, what type of connection, how much bandwidth is needed, and what type of phone service you need, we can now move to determining which provider is best for you.  Consider the following when making your final decision:

  • Peer Reviews of Provider – being saddled with a poor provider is an incredibly frustrating and time-consuming problem. Talk to your IT provider, business contacts, and neighbors in your building to learn how their experience has been with their ISP.
  • Up-front and Monthly Cost – how much will the bandwidth cost?
  • Do you need a secondary provider – Even fiber goes offline on occasion. Do you need a secondary connection via Cable?
  • Contract term – some providers require 3 year or 1 year contracts, while others are month-to-month.
  • Provisions for breaking the contract/moving – do you have options available for if you want to break the contract without a termination fee? What about if you move to an area that isn’t serviced by your ISP?

 

 


 

EH 2About the Author-

 Eric Henderson is Rocket IT’s virtual Chief Information Officer. He is also the tallest person at Rocket IT (by a fraction of an inch).

 

 

1200x627- vCIOHave you found that you need the expertise of a Chief Information Officer to help you make strategic decisions on how to leverage technology to meet your unique business goals, but aren’t ready to commit to hiring a full-time executive to fill that need? Learn about our virtual CIO services.

 

 

 

 

Read More
Best Practices, Technology

Five Easy Steps to Capture Dead Time

Rocket IT

The average cost of unplanned downtime per minute in 2016 was nearly $9,000 per incident.

Your organization doesn’t have to eat the cost of dead time. Download our free whitepaper now to learn five easy steps you can take to capture dead time.

From more efficient integration to beating your inbox addiction, this paper gives you the tools to increase your company’s productivity by 2.5% at no additional payroll cost.

 

 

 

Read More
Best Practices, Technology

The Reality of BYOD

Rocket IT

If there were a list of technology buzzwords in offices this year, “BYOD” would be near the top. The Bring Your Own Device craze is sweeping through workplaces all over the US.

It’s easy to get pulled along in the tide of popularity that BYOD is riding right now. On the surface, it appears to be more cost-effective for companies, and it gives the employees more control over what devices they use. And, since many end users prefer to use more of the latest technology for their own devices, companies get to reap the benefits of this without shouldering the full cost.

But beyond what’s already on the BYOD sales brochure, what is the reality of adopting a BYOD policy at your organization? Here are five things to consider before making that final decision.

 

Compatibility

BYOD isn’t limited to just smartphones; many organizations include laptops in this policy. When employees are providing their own laptops, they typically want to decide what devices and systems they’re going to be using… And that can raise compatibility issues. Will your CRM and other software systems run on every employee’s computer, using the same version and interface? If not, will additional training be required for different versions?

To avoid this issue, you can set technology standards and provide a list of approved devices for your employees, but end users tend to be less enthusiastic about the freedom of BYOD program when it comes with boundaries.

 

Lack of privacy

When using your work computer or work phone, there’s an understood (and oftentimes stated) agreement of acceptable use. For employers who allow use of personal devices for work activities, acceptable use becomes increasingly difficult to enforce and define. And for employees, keeping your personal files and data private can feel virtually impossible.

In addition to that challenge, BYOD creates an interesting new dilemma when employees leave the company. The device belongs to that employee, so now companies need to get their proprietary information and files off leaving employees’ phones and laptops, which can become difficult or awkward, depending on the situation.

 

Risk of involuntary disclosure

This is arguably a risk associated with any device containing confidential data that an employee can remove from the building, but with BYOD policies, organizations run a higher risk of involuntary/voluntary disclosure of their proprietary information. While your employees (hopefully) won’t run over to your competitor to share secure company information on their laptops, the data is more susceptible to theft by third parties. Many people don’t keep a lock on their personal devices, and if their laptop or phone is ever stolen, those thieves have access to company data as well as that belonging to the employee.

Organizations can curtail this risk by setting a policy that requires every employee keep a secure passcode lock on every device they use that stores or access secure company data.

 

Security

We’ve posted before about the security risks of BYOD. Honestly, there can be a lot of them. Not only are you at risk of physical theft, any data kept on your employees’ devices are susceptible to digital theft. With enterprise equipment, you have standardized security software (antivirus, firewalls, etc.) that your employees may not use or may even disable on their own equipment.

In addition, while people tend to be more careful about their browsing habits and what links they click on when using a company-owned computer, they’re less suspicious of that attachment from Jim two houses over that is “guaranteed to make them fall down laughing!” than they are of misspelled links in their work inbox. And if their device with access to your servers and shared drives is compromised, that can easily spread to the rest of your organization… Or even your clients.

Before putting a BYOD program into practice, make sure you have security standards set that workers must meet in order to use their personal devices for work purposes.

 

Compliance issues

With security of your organizations’ data becoming harder to manage, so too does your compliance with state and federal regulations. When your business falls under compliance mandates, there are specific requirements regarding data protection and information security. When individuals own these devices, it’s difficult for the employer to monitor and ensure compliance.

You can audit the compliance and security of your office’s devices regularly and set standards for your employees to mitigate this risk, but telling individuals how they can or can’t use their own property rarely goes over well.

While a BYOD policy may cost less up front than the standard company-issue programs, the costs of noncompliance and risk of data loss can be significantly steeper than that initial investment.

 

 


 

About the Author- 

Erica Lee is the Assistant Service Manager at Rocket IT. Erica was an exchange student to Germany as a high school junior and, because of that experience, went on to earn Bachelor degrees in German and International Affairs from the University of Georgia.

 

 

Want technology and leadership content sent directly to your inbox? Subscribe to Rocket IT’s monthly newsletter!

 

 

 

Read More
Technology

How Long Will This Server Last?
A Basic Guide to the Shelf-Life of Your Organization’s Hardware

Rocket IT

Technology equipment can be expensive, and many organizations try to get as much use out of their hardware as they can before replacing them, sometimes to their detriment. But how long should you really keep your equipment before the risk for failure and unplanned downtime becomes significant?

Here’s a basic guide to the lifespan of your equipment that you can follow when deciding what to upgrade and when. At Rocket IT, we recommend you replace your hardware in the lower end of the ranges given below to stay up and in the green. The closer to the end of the time range you go, the greater your risk of failure and data loss.

 

End User Equipment/Services:

Computer
Unless you really want to keep upgrading as new technology comes out, your laptop should remain functional for about three to five years with regular updates, patches, and upgrades.

Monitor
The lifecycle of your monitors depends heavily on how often you use them and what kind you have. Your LCD monitor can last from 30,000 to 60,000 hours which will give you about ten to twenty years of use out of them if you use them around eight hours a day.

Docking Station (if laptop)
Docking stations don’t have moving parts, so they tend to last a long time. You’re more likely to need to upgrade your docking station because you’ve gotten a new laptop than you are because the old one ran through its shelf-life.

External Mouse/Keyboard
Quality really does matter with your external mouse and keyboard if you want them to last. Cheap ones’ performance can start to decline after just a year with average use. Quality ones can last for over three years. All of this varies with how often you use your mouse and keyboard and how rough you are with them when you do. About one to three years

Personal Printer
Most desktop laser printers have an expected lifetime of about five years. The life expectancy of your printer depends heavily on how much you use it and on the conditions in which you do. Desktop printers in a cool office are more likely to last longer than those that run in a hot warehouse, for example. The average inkjet printer has a life expectancy of about four years.

External hard drive
About 78% of drives last longer than four years. If you use your external drives regularly, they can last anywhere from one year to six. There are a lot of factors that can contribute to hard drive failure, so you should always be very careful to make sure you have backups (and sometimes redundancies).

Desk phone and headset
Desk phones can last a good long time, and their headsets will last as long as the batteries last (if they have batteries). Headset batteries should last maybe three years. Most VOIP phone systems are hosted solutions now, so there’s no associated hardware to replace for the system itself.

 

Company-Wide Equipment/Services:

Servers
The typical lifespan of your average server should be about three to five years, depending on how they’re used; however, you will want to pay close attention to the server’s software. When server software ages out, it becomes incredibly difficult to properly support and service the equipment itself. Pushing the longevity of your server makes you more susceptible to unplanned downtime and data loss.

Copier
For regularly used standing copiers, you can expect to get about five years of use out of them. For the high-end copier and less frequently used ones, you can often use them for up to seven to ten years.

Firewall
Your typical firewall can last about five to eight years. Like a server, you will definitely want to replace it before waiting for it to fail.

Switches
Like firewalls, switches can last from about five to eight years.

Wireless Access Points
Again, these devices can remain effective for about five to eight years.

 (Uninterruptible Power Supplies) UPS Devices
A UPS provides emergency power to your equipment when the main input power fails and protects your equipment from power surges. The battery of a UPS device can last about three years. The device itself typically lasts about four to six.

 

 


 

MB About the Author-

 Michael Bearchell lives with his wife and three children in Gwinnett County. He is an Inside Support Technician at Rocket IT and has found out the hard way that it is tough being a New York sports fan in the south.

 

1200x627- vCIOHave you found that you need the expertise of a Chief Information Officer to help you make strategic decisions on how to leverage technology to meet your unique business goals, but aren’t ready to commit to hiring a full-time executive to fill that need? Learn about our virtual CIO services.

 

 

 

Read More
Best Practices, Technology

How to Prepare for Working Outside the Country for the First Time

Rocket IT

Are you getting ready to travel outside the country? You’ve probably run down the typical checklist: give your itinerary to a trusted friend or family member so someone knows where you are, check in with your embassy, get your passport and (if necessary) visas up to date, stay hydrated, etc. But how can you make sure you’re ready to work and collaborate with your team stateside after you get off the plane?

Whether it’s your first time traveling to a foreign country for work or you’re just looking for a few new tips, here are five steps you should take before checking in for your flight.

Check your security

Are you confident in the security of your means of connecting to your home office when using potentially compromised public networks in a foreign country? Before you leave for your trip, set up a virtual private network (VPN) connection and test it from your home to make sure you can safely connect to secure information you may need abroad.

Ensure your phone will work

You don’t want to get to the hotel room and find that your phone doesn’t work at all where you are. Call your phone provider and activate an overseas plan. This is a good rule of thumb for all of the services you typically use locally and will need abroad, so be sure to call your bank to let them know when and where you’ll be traveling, as well.

Choose the devices you need to bring

Do you really need to bring that laptop? Laptops can be heavy, unwieldy, and are a huge target for theft. Can you get away with just a tablet and/or phone?

Make sure you have the right charger adapter for all your devices

As funny as it was when someone tried to plug an American hair dryer into a European plug in the movies, it’s not amusing when it’s you. Pick up a few adapters for your electronics. Depending on where you’re traveling and where you’re recharging, you may need a charger adapter that adjusts voltage. You can tell pretty quickly when a plug isn’t going to work, but it’s not as obvious right away when the voltage is too high. Check the voltage capacity of your devices before plugging them in so you don’t risk overheating them.

Set up contingencies

You’ve already contacted your embassy. Your spouse has your complete itinerary and flight information, and your banks and phone providers have set up your accounts for overseas service. But what about your work contingencies? Does your team have all the appropriate information they need in case you’re delayed or unavailable?

Before leaving for your trip, make sure your peers and reports have everything they need from you to make sure critical work gets done if you are out of pocket while abroad.

Wouldn’t it be easier if more things in business came with an actionable checklist? Your technology strategy should. How’s your IT plan and budget coming along? Do you think there’s room for improvement? We can give your leadership team a clear path forward for wise technology investment that supports your business goals.

Do you have any availability next week to discuss?

 


 

EH 2About the Author-

 Eric Henderson is Rocket IT’s virtual Chief Information Officer. He is also the tallest person at Rocket IT (by a fraction of an inch).

 

 

1200x627- vCIOHave you found that you need the expertise of a Chief Information Officer to help you make strategic decisions on how to leverage technology to meet your unique business goals, but aren’t ready to commit to hiring a full-time executive to fill that need? Learn about our virtual CIO services.

 

 

 

 

Read More
Best Practices, Technology, Tips & Shortcuts

Sending Emails to Large Groups without Giving Away Your Address Book

Rocket IT

Have you ever received an email and winced when you saw the email addresses of about 25 other executives in the recipient line?

For those of you who have been the ones sending those emails, sending one mass email to everyone instead of many individual ones is certainly the fastest and most efficient way to get your message out, but there is a better way. To send an email to a large group of people without giving away your address book (and giving out the email addresses of people who may not be too keen on having them shared out to people they don’t know), use blind carbon copy for your recipients.

Using blind carbon copy (BCC) allows the people entered in the BCC field to remain concealed from the other recipients. Doing this can also prevent accidental Reply to All emails.

When you enter email addresses into the BCC line of an email, you don’t need to enter any recipients into the standard “To” line. Just enter all your recipients in BCC, include your subject and your message, and you’re good to go.

You can also use the BCC function when sending a meeting request to multiple recipients. Of course, this isn’t meant to trick people so they don’t know who else is attending a meeting. When inviting executives to a large event you’re having, you may have the same message for a large group of people, and many of them may not want their email addresses to be public knowledge.

To use the BCC function in Outlook when sending a meeting request, click on the “To” box next to the text area after creating the request and enter your recipients into the Resources field. This will effectively BCC those guests.

Why are people so reluctant to have their email addresses shared with others?

Well, some people use those emails that go out to a group of people to add to their own mailing lists without getting permission from the sender or from that individual whose email address they’re adding. Many executives prefer to not receive cold emails, and when they see their email address shared with a large group of people, it may negatively impact your relationship with them. Using the BCC function is a quick and painless way to preserve the privacy of your contacts.

Now that you know how to use the BCC function, we encourage you to go forth and use it wisely!

 


 

About the Author – 

Patrick Richardt is an Implementation Engineer at Rocket IT. He was born on Thanksgiving Day, and he currently resides with his wife and two children in Gwinnett County.

 

 

Want technology and leadership content sent directly to your inbox? Subscribe to Rocket IT’s monthly newsletter!

 

 

 

 

 

 

Read More
Technology

Ten Gadgets to Keep You Warm This Winter

Rocket IT

It’s been a relatively mild winter so far, but the temperatures are rapidly dropping. To help keep you focused on what’s mission critical instead of shivering in your ergonomic office chair, here are ten gadgets that will keep you nice and cozy both in and out of the office.

A Heated Wrap

Adjustable and warm. A heated shawl will keep you warm when you’re at your desk without hindering your movement or getting caught under the wheels of your chair.

To be safe in an office environment, look for one with an automatic shut-off.

 

USB Handwarmers

A heated wrap may keep most of you warm, but you still need your hands free for typing. USB handwarmers come in many different forms, but these will keep you extra toasty.

 

USB Heated Foot Rest

It’s hard to pull off heated slippers work in a professional setting, but a heated foot rest can reconcile the gap between fashion and freezing.

 

Headphone Earmuffs

Because there’s no reason you can’t keep listening to the Hamilton soundtrack or your audio copy of the Five Voices while your ears stay warm.

 

Bluetooth Beanie

Earmuffs aren’t everyone’s style. For those who prefer a hat, try out one of these beanies instead. They come in a variety of shapes and colors.

 

Heated Mouse

Handwarmers can still be pretty cumbersome, so this little heated mouse has you covered.

 

Heated Keyboard Pad

To match your heated mouse and keep your wrists warm as you type.

 

Heated Mouse Pad

If you prefer to keep your mouse wireless, try a heated mouse pad instead. This is also great year-round for anyone with poor circulation or arthritis.

 

Personal space heater with safety cut-off

Space heaters are really great for a cold office, especially when you and your coworkers have different opinions on what constitutes freezing. Be sure to check your company’s policy on space heaters (many are banned for safety reasons), and select one with a safety cut-off so it’ll automatically turn off if it’s tipped over or covered.

Don’t forget to turn it off before you leave for the day, and be sure to keep it clean from dust!

 

Fireplace Apps for iPhone and Android

If all else fails, here are some fireplace apps to help you think warm thoughts. These apps also provide great ambient noise and create a soothing atmosphere.

 

 


 

 

About the Author-

Jacque McFadden is the marketing specialist at Rocket IT. While a large portion of her job focuses on the more traditional side of marketing, she is also responsible for finding great new employees. Jacque is originally from Indiana. 

 

5-voices-giveaway-thumbnailWould you like the chance to win a copy of Rocket IT’s favorite leadership development book, Five VoicesEnter our giveaway by 12:00 AM EST on January 15th, 2017, for your chance to win!

 

 

 

Read More
Best Practices, Technology

Protecting Yourself from Phishing Attacks

Rocket IT

We’ve recently seen a good number of VERY sophisticated phishing emails that could’ve resulted in significant financial loss. As phishing attempts escalate, and scammers find increasingly crafty ways to elicit money from their victims, we must stay vigilant.

One clever phishing email scheme we’ve seen increasing recently goes something like this:

An employee receives an email from their boss, boss’s boss, or the CEO. This decision maker asks the employee to send them the state of the company’s accounts and/or requests the employee wire funds to that decision maker. From the email address, down to the signature, the email looks almost exactly as if it has come straight from the hands of that executive.

That’s because a scammer has spoofed their email address, making it appear as if the email came directly from them.

How can your organization avoid losing significant amounts of company money to scammers like this?

Ensure all employees have a strong password, especially executives and those with access to financials.

These emails can often come from the mailbox of the actual executive if their account is compromised. So the best thing to do is to prevent them from getting hacked to begin with. Make sure your password stands the test here.

For extra security, you can also set up two-factor authentication. This will trigger an additional security question before a user can access their account after logging in with their username and password. This security question should be equally as strong as your password. Using questions and answers that can easily be found via a quick google search will defeat the purpose of using this extra step.

Confirm. Confirm. Confirm.

Follow up with that executive and make sure they truly made that request. If you can, follow up over the phone or in person. If you respond directly to the original email, that response will go straight to the scammer. And, if the decision maker’s account has been compromised, any emails asking to confirm that transaction request could still be intercepted by the scammer.

Ensuring that all significant financial requests are verbally agreed to by the person requesting the transaction can prevent loss of funds to scammers like this.

 

 


 

MB About the Author-

 Michael Bearchell lives with his wife and three children in Gwinnett County. He is an Inside Support Technician at Rocket IT and has found out the hard way that it is tough being a New York sports fan in the south.

 

1200x627- vCIOHave you found that you need the expertise of a Chief Information Officer to help you make strategic decisions on how to leverage technology to meet your unique business goals, but aren’t ready to commit to hiring a full-time executive to fill that need? Learn about our virtual CIO services.

 

 

 

Read More
Best Practices, Technology, Tips & Shortcuts

Upsurge in Phishing Activities: Don’t Take the Bait!

Rocket IT

We’ve recently seen an increase in sophisticated phishing e-mails that could have resulted in significant financial loss. To help you detect the attempt before taking the bait, we’ve pulled a great article from our archives and updated it for your benefit.

The Internet is full of friendly people. There are Nigerian princes who want to give us a piece of their oil fortunes, in exchange for some basic bank account information, or long-lost relatives coming out of the woodwork to wire us multi-million dollar inheritances. To say nothing of the generosity of strangers: just the other day, a kindly foreign national wanted to split his investment proceeds with us, even though we had never met him.

Chances are, your spam folder is full of these laughable “once-in-a-lifetime” opportunities. They’re called “phishing” attacks in IT circles. The term refers to any attempt to acquire information such as usernames, passwords and credit card or bank information from the unsuspecting public through illegitimate emails, websites or other forms of communication.

While wayward Nigerian royals and uncles you’ve never heard of may sound like the Three Stooges attempting cybercrime, other phishing attacks aren’t as easy to detect and bear more of a resemblance to a criminal mastermind like Professor Moriarty than to Larry, Curly and Moe.

Advanced phishing attacks are highly organized, highly targeted and highly dangerous. They’re also on the rise. According to a recent study by Internet security firm IID, phishing attempts for Q1 2015 were up 8% when compared to Q4 2014; 2014 having been declared in their Q4 2014 report “The Year of the Breach.” The expert criminal minds behind advanced phishing attacks often try to bait an email recipient into “biting,” or clicking, on a link within an email. That link takes the user to a fake website that looks similar or identical to its legitimate counterpart. There, a user is prompted to enter a username, password or other piece of personal data, which is then sent to the malicious third party—who laughs all the way to (your) bank.

To protect yourself from these fake links and websites, it’s important to understand the two main parts of a link: what you can see and what you can’t.

Most email messages and all websites use a language called HTML in order to tell your email application or web browser what to display and how to classify the different elements of a message or a page. One of the fundamental components of both HTML email messages and web pages is the link, which is also referred to as a URL, or Uniform Resource Locator.

A link in HTML looks like this:

<a href=”http://www.rocketit.com”>Visit us at www.rocketit.com!</a>

 

In the example above, the only portion of this link visible to you is “Visit us at www.rocketit.com!”While clicking on this link would take you to the Rocket IT website, making the following changes to the link would result in sending you to an entirely different location:

<a href=”http://www.stealmyidentity.com”>Visit us at www.rocketit.com!</a>

 

The link above would also appear as “Visit us at www.rocketit.com” in the body of the email message or text of the web page. It’s easy to think that a link like this would send you to our actual website,www.rocketit.com. However, the link would actually send you to www.stealmyidentity.com, a site that could easily be malicious.

The easiest way to verify a link’s legitimacy is to hover your mouse cursor over the link. When you do this in your email client, a pop-up box appears that shows the destination URL. If you’re using a web browser, that URL should appear in the status bar at the bottom of the browser window.

For example, the email message below looks similar to the notification that professional networking website LinkedIn sends you when you’ve received a new message. But when you hover the mouse cursor over this link, the pop-up box appears—showing you that the link leads to an entirely different place.

 

LinkedIn_1

LinkedIn_2

If your email client or browser doesn’t show the link destination, there’s an alternate way to ensure that a link is safe by copying and pasting the link URL from the source message. Start by right-clicking on the link and selecting “Copy Hyperlink” from the pop-up box. If you’re copying and pasting from a browser, this option may be listed as “Copy Shortcut” or “Copy Link Location.”

Be careful you don’t accidentally click “Open Hyperlink” or “Select Hyperlink.” Both options will send you to the link’s destination.

RightClick_1

Then, open a safe application such as Notepad or Microsoft Word. Right-click and select “Paste” from the pop-up menu to copy the link to a blank document. You can also do this by pressing the “CTRL” key and the “V” key at the same time.

If the link shows any other destination than the one you expected, do not visit the link.

It is important to note that websites often use variations of their domain which are completely legitimate. For example, amazon.com might use the “sub-domain” wireless.amazon.com for their cell phone store. The end of the domain (amazon.com) is what is important.

But if the link contains a fundamental variation of the standard domain name, something like www.amazon12.com, it may be a fake form of the URL and could be designed to steal your Amazon username and password.

In addition to destination URLs that do not match the text of the link, there are two other dead giveaways that a link is malicious. If the link connects to a foreign domain, such as “.ru” or “.cn”, there is a good chance that the link is not safe. (Note that the link in the first example connects to the domain “golestangis.ir”, which is a domain for the country of Iran.) Many organized phishing scams originate from Russia (domain “.ru”) and China (domain “.cn”).

If a link includes an IP address, such as http://15.8.145.152, then it is almost certainly not safe. As a general rule, legitimate sites do not use IP addresses in the link text.

Always remain vigilant. Many different forms of phishing attempts exist-and these messages are designed to be compelling and indistinguishable from the sites they purport to represent. If you’re unsure of a communication’s source, it’s never impolite to directly contact the company or person being represented to verify a link’s legitimacy. You’ll be glad you did.

 

 


 

About the Author-

Matt Hyatt is the Founder and CEO of Rocket IT, the IT department for all kinds of organizations around Gwinnett. His award-winning firm provides both the strategy and support needed to help businesses thrive.

Matt currently serves on the Executive Board of the Gwinnett County Chamber of Commerce as the Vice Chair of Entrepreneurship & Small Business, is an active supporter of Gwinnett County Public Schools, and is a member of several peer groups (like Entrepreneurs’ Organization) in addition to cofounding two of his own. In 2014, Matt was awarded the Pinnacle Small Business Person of the Year. 

Outside of work, Matt enjoys spending time with his wife, Maureen, and their two teenage children pursuing their shared passions for photography, travel, and food. He also regularly runs with a team in ultra-long distance relay races.

 

5-voices-giveaway-thumbnailWould you like the chance to win a copy of Matt’s favorite leadership development book, Five VoicesEnter our giveaway by 12:00 AM EST on January 15th, 2017, for your chance to win!

 

 

 

 

Read More