Recent blog posts - Machado Consulting's News You Can Use - Page 159 | Worcester, Massachusetts | Machado Consulting

Login

Machado Consulting's News You Can Use

Welcome to our blog where you can find everything from tech-tips to keeping your data secure. Have any questions? We'd love to hear from you!

How to Identify a Phishing Scam

Recently there has been a lot of talk about phishing scams. But what are they really? A phishing scam is when someone contacts you for sensitive information supposedly on behalf of a reputable company. For instance, you may receive a phone call or an email from someone claiming to be from a company such as Paypal requesting information about yourself as well as your account in order to continue using their services. The scammers may do this by providing you with a link to a fake website where you are asked to enter the information. They may simply have a form embedded in an email for you to fill out. They may even directly ask for the information via phone or email.

You may be asking yourself, “Why do I care about these phishing scams?” You definitely should not brush them aside. Scammers who successfully receive this information can do a lot of harm to yourself as well as your business. When scammers get a hold of login information to an account (i.e. your online banking account) they will likely first change the password so that you cannot login and change it yourself. They will then take advantage of the access by transferring funds to their own accounts or even making purchases on your behalf using your money. These scammers can even go as far as stealing your identity which gives them endless possibilities. Once a scammer has enough information to steal your identity, they can open bank accounts, credit cards, mortgages, car loans, and many other forms of financing and they will not pay the bills. This means that all of this debt that this scammer is building up in your name, you will have to pay off whether it be monetarily or with jail time.

But how does one tell the difference between a legitimate request for information and a scammer trying to steal your identity? Phishing scams either by phone or email will almost always request sensitive information of some type in some form. These emails will all likely be addressed universally since they are sent to so many people at a time. Most companies, banks, and other financial institutions will not request such information in this manner. An easy way to avoid having this information stolen would be to simply not enter the information. The likelihood of a reputable company requesting information using a mass email blast is highly unlikely. If the company needed to contact you about your account they would address you directly.

If you think you have received a scam email, DO NOT click the links within it, do not supply any of the requested information, do not attempt to contact the sender of the email, do not open any attachments supplied with the email. Give us a call or send the email in a ticket to the Machado Consulting help desk. We can review the email and let you know whether if it is legitimate or a scam. If you think that you may have already supplied information to a scammer please let us know and we can assist you with the necessary steps to protect your account from being compromised.

Continue reading
0 Comments

Microsoft Phishing Scam

Phishing, the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication, is a very common method used by scammers these days.

Have you ever heard of the following situation: an agent of Microsoft calls your house or place of business claiming that they noticed your system has been infected with a virus or other infections and needs your help getting it cleaned up. They walk you through some steps to get some software installed for your “protection” and say everything will be alright. Hours later, you find your mind at ease: Microsoft is taking care of it for you. You walk away and days, weeks, or months later you find random charges on your credit cards or find files on your computer may be gone or changed.

This is the typical case of a phishing scam, performed daily across the world by people and organizations looking to take advantage of an innocent user.Microsoft Phishing Scam

Sometimes, being prone to a scam might not involve a live person at all. While browsing the internet using Internet Explorer, if at any point you are suspicious of a site, you can click the gear icon in the top right area and go to Safety > Report Unsafe Website. You can also check a site for security using the built-in SmartScreen Filter (Gear Icon > Safety > Check This Website). Microsoft has also implemented its SmartScreen Filter to other applications like Outlook and Outlook.com, so you are protected by email scam attempts as well.

To stay on the defensive, be aware that scams can contain the following:

·         Alarming messages and/or threats of account closures or password resets

·         Promises of money for little effort

·         Deals that sound too good to be true

·         Requests to donate to a charitable organization after a disaster that has been in the news

·         Bad grammar and misspellings

·         Usage of the Microsoft name or other well-known companies

If you see something suspicious, report it using the above methods for websites and notify your other team members immediately to protect them as well. Also, if you have any concerns about a website you’re visiting or suspect an infection of any kind on your system, please call Machado Consulting at 508-453-4700 and we will gladly help you avoid any scam you may come across. 

Continue reading
0 Comments

When Basic Email Security is Not Enough

You may think that the standard security policies that come with your email account can protect you from hackers. It's an easy mistake to make, but the truth of the matter is that, if a hacker really wants access to an account, they will employ every tactic possible to get it, which can make standard password security measures woefully inadequate.

For the casual Internet user who only uses email to message family about holiday dinners, having basic password security for your email may be just fine. However, you still don't want to underestimate the value of even a domestic email account. Just because you may not be a security guard at Ft. Knox doesn't mean that your personal financial information linked to your email account won't be valuable to hackers. What makes email so appealing to hackers is that a single account is often linked to other various online services that you use. Some services are more valuable to a hacker than others and the more services attached to an email account will make it that much more of a target.

The bigger the target you are to a hacker, the more time that they will invest into getting around your email security solution. If a hacker has any level of skill, then a flimsy password won't keep them out. A good hacker can bypass password security, but the thing about doing this is that it takes time. Therefore, a hacker will need some kind of known incentive to make sure that investing the time needed to hack an email password will be worth it. If your email is associated with your business or it contains account information for a valuable website, or online accounts, then your email account has a big bull’s-eye right where the "@" symbol normally goes.

The thing about hackers is that they can get extremely creative when it comes to accessing accounts. In fact, hackers are not limited to guessing passwords through the login page and they are not even limited to simply trying attacks over the Internet. Inside the hacker's bag of tricks is a social engineering tactic that's totally outside of your control, it's called "the telephone".

If a password is too complex for a hacker to crack, then they can pick up the phone and call your email hosting service pretending to be you. If the hacker can trick the technician over the phone that they are indeed you, then the operator will relinquish a new password to the hacker under the guise of "I forgot my password". You may think that email hosting services have policies that will prevent something so obvious, but you'd be surprised to learn that this isn't necessarily the case across the board.

For a hacker to trick an operator into giving them your email password, they will need some form of sensitive information. Hackers are pros at harvesting sensitive information, and the wider your digital footprint is, the more information that a hacker can use to get what they want. For example, if a hacker were to get a hold of your credit card number, or even part of your credit card number, and this happens to be the credit card number associated with your email account, then this may be the key (along with other personal information harvested from social media) to get the operator to hand control of your account over to a hacker. In one case, an email hosting company is accused of actually allowing the hacker to guess a two-digit password code over the phone after they successfully gave the operator stolen credit card information.

Once a hacker has control of your account the game is over. One of the first things that they will do is reset the password and lock you out. They will then have free reign to collect as much personal information as they can from your email account, which would include the ability to gain passwords to all of your other online services using the same social engineering tactic that originally gave them access to your email account. Of course, if your email is hosted internally, then your network administrator can easily wrestle control back from the hacker. However, if an impersonal third-party hosting service manages your account, then it will be much more difficult to convince them that you are in fact, you.

There are a few precautions that you can take to stop a hacker that's this determined to get ahold of your sensitive information. You can implement multi-factor authentication to access your email, which will require possession of your cell phone to log on. Check the security policies of your email hosting company and have them tightened in order to close the back door for hackers. But one of the biggest things you can do is to be careful with how you share your personal information online.

By training yourself on how to safely do things like making online purchases, posting to social media, creating complex passwords, switching out passwords on a regular basis, securely storing your passwords using encryption services, and much more, you can significantly lower the risk of a hacker breaking into your account. To learn about these best practices for email security and to equip your business with other enterprise-level security solutions like a Unified Threat Management tool for your network and a bulletproof spam email solution, then give Machado Consulting a call at 508-453-4700.

Continue reading
0 Comments

When Basic Email Security is Not Enough

You may think that the standard security policies that come with your email account can protect you from hackers. It's an easy mistake to make, but the truth of the matter is that, if a hacker really wants access to an account, they will employ every tactic possible to get it, which can make standard password security measures woefully inadequate.

For the casual Internet user who only uses email to message family about holiday dinners, having basic password security for your email may be just fine. However, you still don't want to underestimate the value of even a domestic email account. Just because you may not be a security guard at Ft. Knox doesn't mean that your personal financial information linked to your email account won't be valuable to hackers. What makes email so appealing to hackers is that a single account is often linked to other various online services that you use. Some services are more valuable to a hacker than others and the more services attached to an email account will make it that much more of a target.

The bigger the target you are to a hacker, the more time that they will invest into getting around your email security solution. If a hacker has any level of skill, then a flimsy password won't keep them out. A good hacker can bypass password security, but the thing about doing this is that it takes time. Therefore, a hacker will need some kind of known incentive to make sure that investing the time needed to hack an email password will be worth it. If your email is associated with your business or it contains account information for a valuable website, or online accounts, then your email account has a big bull’s-eye right where the "@" symbol normally goes.

The thing about hackers is that they can get extremely creative when it comes to accessing accounts. In fact, hackers are not limited to guessing passwords through the login page and they are not even limited to simply trying attacks over the Internet. Inside the hacker's bag of tricks is a social engineering tactic that's totally outside of your control, it's called "the telephone".

If a password is too complex for a hacker to crack, then they can pick up the phone and call your email hosting service pretending to be you. If the hacker can trick the technician over the phone that they are indeed you, then the operator will relinquish a new password to the hacker under the guise of "I forgot my password". You may think that email hosting services have policies that will prevent something so obvious, but you'd be surprised to learn that this isn't necessarily the case across the board.

For a hacker to trick an operator into giving them your email password, they will need some form of sensitive information. Hackers are pros at harvesting sensitive information, and the wider your digital footprint is, the more information that a hacker can use to get what they want. For example, if a hacker were to get a hold of your credit card number, or even part of your credit card number, and this happens to be the credit card number associated with your email account, then this may be the key (along with other personal information harvested from social media) to get the operator to hand control of your account over to a hacker. In one case, an email hosting company is accused of actually allowing the hacker to guess a two-digit password code over the phone after they successfully gave the operator stolen credit card information.

Once a hacker has control of your account the game is over. One of the first things that they will do is reset the password and lock you out. They will then have free reign to collect as much personal information as they can from your email account, which would include the ability to gain passwords to all of your other online services using the same social engineering tactic that originally gave them access to your email account. Of course, if your email is hosted internally, then your network administrator can easily wrestle control back from the hacker. However, if an impersonal third-party hosting service manages your account, then it will be much more difficult to convince them that you are in fact, you.

There are a few precautions that you can take to stop a hacker that's this determined to get ahold of your sensitive information. You can implement multi-factor authentication to access your email, which will require possession of your cell phone to log on. Check the security policies of your email hosting company and have them tightened in order to close the back door for hackers. But one of the biggest things you can do is to be careful with how you share your personal information online.

By training yourself on how to safely do things like making online purchases, posting to social media, creating complex passwords, switching out passwords on a regular basis, securely storing your passwords using encryption services, and much more, you can significantly lower the risk of a hacker breaking into your account. To learn about these best practices for email security and to equip your business with other enterprise-level security solutions like a Unified Threat Management tool for your network and a bulletproof spam email solution, then give Machado Consulting a call at 508-453-4700.

Continue reading
0 Comments

90% of malware statistics are made up on the spot…

Ever wonder what the difference is between a virus, a Trojan, or a worm?

First off, a Trojan-horse (or just Trojan for short) is a hacking program that is a non-self-replicating type of malware that appears to perform desirable functions but instead wreaks havoc on the machine. Most commonly, it is used to create a “backdoor” entrance to the machine in order to gain unauthorized access to the system without the user knowing. Unlike viruses, they do not attempt to inject themselves into files or other programs.

A lot of users consider any type of bad file or compromise on their system to be a “virus.” However, a computer virus is a type of malware that replicates by inserting copies of itself into other computer programs, data files, or into the boot sector of the hard drive. Some viruses simply take up hard drive storage space or hog your CPU’s (processor) usage. Others corrupt data, spam your email contacts, or log your keystrokes. These, as you can imagine, are the more common type of infection found on computers when they are compromised.

Lastly, a worm is a malicious program that replicates itself in order to spread to other computers (much like a virus) but does not need to attach itself to an existing program or file. Worms almost always cause some harm to a network, either by consuming all of the network’s bandwidth causing a slowdown, disrupting or increasing internet traffic, or other unintended effects. The most well-known worm was known as the “Mydoom” worm, first seen back in January 2004. It became the world’s fastest spreading e-mail worm ever.

Kind of like viral videos that are distributed like wildfire and then disappear into the background, malware behaves in a similar manner. There are swings where certain infections are rampant only around some parts of the year that security experts tend to notice. Late last year, you may have experienced or heard about the dreaded “FBI virus”, also known as the Trojan.Ransomlock.R infection. This summer, be on your guard! Malware is just as infectious as ever!

If you’re curious to find out what’s going around the internet these days, head over to http://www.securelist.com/en/ and check out the threats, analysis, and statistics pulled in from all over the world. It’s interesting to see what geographic locations are affected the most and what the actual names of these infections are.

Machado Consulting can implement a high-tech security suite that protects you and your business from malware, spam, and intrusions. Featuring award winning software and efficient methods of prevention, you can give us a call at 508-453-4700 or send an email to so we can determine the best package that suits you and your users’ needs!

Continue reading
0 Comments

Search Blog

Subscribe to Our Blog