Examples of Phishing Emails and How Not to Get Infected

August 9th, 2018 by Julie Lough

Wombat Security Technologies recently released their “State of the Phish 2018” report. This report found that 76% of companies surveyed experienced phishing attacks in 2017.

What is a phishing attack?

Phishing is an attempt to gather sensitive information, such as username and password, credit card information, social security numbers, etc., and use it for malicious purposes. These are often done via email, over the phone, through messenger applications or on social media.

The term “phishing” came about to describe the “bait and switch” style that phishing attacks emulate. They bait you with something that looks legitimate, an email from a friend, an alert from a trusted organization, etc., and then switch out the link with a malicious one, funneling you into phisher’s “net.”

How has phishing evolved over the last 20 years?

The “Nigerian Prince” used to be the classic example of a phishing attack – you know the story. But phishing schemes have evolved significantly over the last 20 years. Webroot says there were 1.385 million new, unique phishing sites created each month in 2017, with a high of 2.3 million sites created in May. These sites are used to mimic popular websites that people trust such as social media platforms, bank websites, universities, and popular applications.

The target of the phishing attack receives an email that looks legitimate, mimicking the design, language and structure of typical emails from the copied organization. The link within the email then takes the target to the dummy site that also mimics the organization’s design in an attempt to gather login information to the legitimate portal.

For example, if you received an alert from your bank saying there was suspicious activity on your account and offers you a quick-access link to log-in and check it out, the link would take you to a site that looks exactly like your bank login screen. Except when you login you will be sent to a refreshed screen instead of your account and your account information will be compromised.

How to spot a phishing email and not get hacked or infected

Here are some things to look for in your messages to help recognize a phishing email before you click on an infected link.

  • Substituted or extra characters
    Check the sender’s domain name – it may contain substituted or extra characters. For example, changing a capital “I” to a one (1) or adding an extra letter changing yoursite.com to yourrsite.com.
  • Email messages from convincing sources
    Be wary of email messages that appear to come from a source such as Microsoft claiming your password needs to be updated.
  • Fake URLs
    Hover over links to verify that the URLs are legitimate.
  • Email messages from your CEO
    If your CEO emails a request for confidential information, such as copies of W2s or requests a financial transaction be initiated, always verify by phone or in person.
  • Unencrypted emails
    Remember that email is not secure unless the email is encrypted.
  • Email messages regarding your bank or credit card
    If you receive a message from bank or credit card companies about money or credentials, call or login directly to the website instead.

Some other tactics to look out for:

  • You may receive a fake LinkedIn request. Go directly to your LinkedIn account instead of clicking the link.
  • If a phisher gains access to your Outlook, a common tactic is for them to create a rule that forwards your email messages to an email account they created so they learn your contacts and writing style. Check your rules!

If you suspect you have been the victim of a phishing threat, the first thing you should do is contact your IT support team immediately. Other important courses of action include changing your passwords, running a security scan on your device, and monitoring your computer for slowness or abnormal behavior.

If you have questions about your company’s security or you’re looking to take advantage of our end user security awareness and security training, contact us today online or by phone at 616.776.0400. We are happy to help you!

Types of Malware and How to Beat Them: Part 4

July 23rd, 2018 by Jennifer Lough

This is the fourth of a multipart series on common types of malware and other computer hazards. For those who have managed services with Micro Visions, we’re keeping an eye on threats for you. However, there are always small things you can do to further protect yourself.

Part 4: Trojan Horses

The term “Trojan Horse” comes from Homer’s Iliad. During the Trojan War, the Greeks built a large wooden horse, pretended it was a peace offering, and snuck into the city of Troy by hiding inside the horse. The key to getting inside the city? The people of Troy had to bring the “peace offering” inside the wall. Similarly, victims of Trojan horse malware generally download or click on something that they expect to be innocuous. (Spoiler, it’s usually pretty nasty.) Good news is they don’t replicate (like a virus does), but the bad news is that they can still do damage. They also tend to be pretty invisible while they’re at it.

According to Symantec, there are a few major categories of Trojan: backdoor, downloader, and infostealer. Essentially, the backdoor type allows the attacker to access your machine and its data and programs. Sometimes this results in someone taking control of your computer while you’re not actively using it (or even while you are). The downloader type acts as a carrier for other types of malware. In this case the Trojan malware is the large wooden horse, and the other kinds of malware are the Greeks. Infostealer Trojans include Emotet, which steals sensitive information from your machine. This type can allow the attacker to  monitor your device for passwords and other login information.

What to do?

Micro Visions protects against Trojans and other malware with monitoring and antivirus software. To protect yourself, beware of phishing emails. Avoid websites or links that seem suspicious. IMPORTANT: Your phone can also get Trojans, and it is especially vulnerable to apps with malware. Do your research before downloading.

Thinking of Buying Grey Market? Not the Best Idea.

June 2nd, 2018 by Jennifer Lough

Attention, people in charge of buying things. If you’re anything like me, a large contributor to whether or not you’re going to purchase something is the price. However, if the cost of something is surprisingly low, you should look into the reason it’s so low. Simply put, if it seems too good to be true, it probably is. For example, when someone smashes the front end of a 2017 luxury car and has it rebuilt, the value of the car is far lower than the value of an unwrecked, otherwise identical car. Similarly, a product from one company that’s significantly cheaper than the same product from the official distributor or manufacturer will likely be a low price for a reason. This is where the grey market comes in. Read the rest of this entry »

Types of Malware and How to Beat Them: Part 3

April 9th, 2018 by Jennifer Lough

This is the third of a multipart series on common types of malware and other computer hazards. For those who have managed services with Micro Visions, we’re keeping an eye on threats for you. However, there are always small things you can do to further protect yourself.

Part 3: Ransomware

Ransomware likes to sneak into your computer and encrypt your files. It’s called ransomware because if you give the attacker money, he could theoretically decrypt the data. Most of the time. Read the rest of this entry »

Domain Name Servers, at Your Service

March 28th, 2018 by Jennifer Lough

Do you know what DNS is and what it does? Because I didn’t, so no shame. First, it’s helpful to define terms.

  • IP address: the number that identifies a piece of hardware connected to a network. This allows information to reach it directly. There are several types of IP addresses with different purposes, but they all help devices communicate, but public IP addresses are those that connect to the Internet and the world outside an individual’s home.

Read the rest of this entry »

Types of Malware and How to Beat Them: Part 1

February 24th, 2018 by Jennifer Lough

This is the first of a multipart series on common types of malware and other computer hazards. For those who have managed services with Micro Visions, we’re keeping an eye on threats for you. However, there are always small things you can do to further protect yourself.

Part 1: Viruses and Worms Read the rest of this entry »

Net Neutrality: What it Means for Small Businesses

December 14th, 2017 by Jennifer Lough

Regardless of politics, the proposed repeal of net neutrality is making everybody with an Internet presence pretty crabby. However, in the interest of spreading knowledge, I’ve gone and sorted through the hysteria and straw men floating around. The vote to keep or kill net neutrality is today, December 14. Whether net neutrality stays or goes, here’s what it means for your business: Read the rest of this entry »

iOS11 and Office 365 Communication Issues

September 22nd, 2017 by Micro Visions

On September 19th, Apple released iOS11 for iPhone and iPad devices. There is a known issue sending email with the default iOS11 Mail application and communication with Office 365 services.

To prevent interruption in your iOS and Office 365 communications we have 2 recommendations for you: Read the rest of this entry »

Fall Out of Old Business Habits and Upgrade to the Cloud

September 1st, 2017 by Lauren Zielinski

It’s the first of September. Mornings are cooler, the sun is rising later, and leaves are starting to change color. Fall has finally arrived, and we all know what that means–pumpkin spice everything, college football, and cider mills. But while everyone else is engaging in the stereotypical fall activities and discussions, we’d like to discuss the cloud.

Adopting cloud-based computing can mean big benefits for a business. Aside from the obvious benefit of being able to access your data from anywhere, on any device, at any time, we believe that businesses of all sizes and at all stages can benefit from storing data in a secure, centralized environment. Check out a brief list of some of the benefits of cloud computing below. Read the rest of this entry »

Would a Disaster Take Down Your Systems?

August 25th, 2017 by Lauren Zielinski

Every year businesses of all sizes are affected by catastrophic events ranging from cyber-attacks to natural disaster to human error. Can you relate? Sure…but most business owners commonly think “I mean, come on…how often does a catastrophic event happen in which MY business would be in jeopardy?”

I’m glad you asked! Let’s bring it a little closer to home for you. Citizens living in Texas RIGHT NOW are currently living in fear as they wonder what disaster the storm, Hurricane Harvey, will bring. Read the rest of this entry »