New And Urgent Bank Account Fraud Alert

Xenomorph Android malware

The infamous Xenomorph Android malware, known for targeting 56 European banks in 2022, is back and in full force targeting US banks, financial institutions and cryptocurrency wallets.

The cyber security and fraud detection company ThreatFabric has called this one of the most advanced and dangerous Android malware variants they’ve seen.

This malware is being spread mostly by posing as a Chrome browser or Google Play Store update. When a user clicks on the “update,” it installs the malware designed to automate the process of accessing your online accounts and extracting and transferring funds.

Besides being alert to this scam (and you should let your spouse, partners and family know as well), you should be aware of a few ways to protect yourself:

  • Avoid links and attachments in any unsolicited e-mail. Simply previewing a document could infect your device, so never open or click on anything suspicious.
  • To update your browser, simply close it and reopen. You don’t have to download an application to update it. Furthermore, the Google Play Store app will not ask you for an update, so don’t fall for any website alert or text stating you need to download an update.

But remember, bank fraud can manifest itself in several forms, including:

  1. Phishing Scams: Cybercriminals send deceptive e-mails or messages, often impersonating trusted entities like banks or government agencies, to trick you or your employees into revealing sensitive information like login credentials. Sometimes these are facilitated by phone calls, so make sure your team is fully aware of this. The latest MGM hack happened when a hacker called the company’s IT department requesting a password reset.

  2. Check Fraud: Criminals may forge or alter your business’s checks to siphon funds from your account, making it essential for you to secure your checkbook and be careful about sharing or e-mailing your account information. You might consider going checkless to cut down on the chances of your account being hacked.

  3. Unauthorized Wire Transfers: Hackers may compromise your online banking credentials to initiate unauthorized transfers, diverting funds to their accounts.

  4. Account Takeover: Criminals may gain control of your business’s online banking accounts by exploiting weak passwords, reused passwords or security gaps, such as e-mailing your passwords to others or storing your bank password in your browser, allowing them to make unauthorized transactions.

  5. Employee Fraud: Sometimes, even employees may engage in fraudulent activities, such as embezzlement or manipulating financial records.

To protect yourself, use strong, unique passwords for your online banking accounts and never store them in your browser. Also, update your passwords monthly with significant changes to them, using uppercase and lowercase, symbols and numbers that are at least 14 to 16 characters.

Second, always turn on multifactor authentication (MFA) so you’re notified if anyone tries to log into your accounts without your knowledge.

Third, set up alerts for large withdrawals. You can ask your bank to require a physical signature for wire transfers to protect you from someone taking money from your account without your signature.

Fourth, get fraud insurance that specifically covers employee and online theft so you are protected in the event a cybercriminal steals money from your account.

And, as always, make sure you have strong cyberprotections in place for ANY device that logs into a bank account or critical application. Far too many businesses think that if their data is “in the cloud,” they are safe. Remember, your bank account is “in the cloud,” and the bank likely has a secure portal, but that doesn’t mean YOU can’t be hacked.

If you want to ensure your organization is truly secure, click here to request a free Cyber Security Risk Assessment to see just how protected your organization is against known predators. If you haven’t had an independent third party conduct this audit in the last 6 months, you’re due.

It’s completely free and confidential, without obligation. Voice scams are just the latest in a tsunami of threats aimed at small business owners, with the most susceptible being the ones who never “check the locks” to ensure their current IT company is doing what they should. Claim your complimentary Risk Assessment today.

Read more

This is the latest trend in phishing attacks

Warning of a new trend in phishing attacks.

Have you heard the saying, “A picture is worth a thousand words”? It seems cyber criminals have too, and they’re using it to their advantage.

In a new twist on phishing campaigns, cyber criminals are luring victims to click on images rather than downloading malicious files or clicking suspicious links.

Let’s dive into the warning signs, so you can keep your business safe from these sneaky attacks.

First things first, what’s the big deal about clicking on an image? It might be promoting a killer deal or one time offer.

But when you click on the image, you don’t go to the real website. Instead it’s a fake site designed to steal your personal information.

Imagine being lured in by a cute cat photo only to find out that Mr. Whiskers was actually a wolf in sheep’s clothing! Not so cute anymore, right?

So, how can you tell if an image is part of a phishing campaign? Here are some warning signs to look out for:

  • Unexpected emails: Did you receive an email from someone you don’t know or weren’t expecting? Be cautious! It’s like accepting sweets from a stranger – you never know what you’re getting yourself into
  • Too good to be true: If an email promises you a free holiday or a million pounds just for clicking on an image, remember the golden rule: if it sounds too good to be true, it probably is.
  • Spelling and grammar mistakes: We all make typos, but if an email is riddled with errors, it could be a sign that something is going on.
  • Mismatched logos or branding: If an email claims to be from a reputable company but the logo or branding doesn’t match up, assume it’s a scam

Now that you know what to look for, let’s talk about how to protect your business from these image-based phishing attacks:

  1. Educate your employees: Knowledge is power! Make sure your team is aware of the latest phishing tactics and knows how to spot the warning signs.
  2. Keep software up-to-date: Just like you wouldn’t drive a car with bald tyres, don’t let your software become outdated. Regular updates help patch security vulnerabilities that cyber criminals might exploit.
  3. Use strong passwords: It might be tempting to use “password123” for all your accounts, but resist the urge! A strong, unique password for each account can help prevent unauthorised access. Using a password manager is even better.
  4. Enable multi-factor authentication (MFA): MFA adds an extra layer of security by requiring people to verify their identity through another method, such as a text message or fingerprint scan.
  5. Backup your data: In case disaster strikes, make sure you have a backup of all your files. That way, you won’t be left high and dry if your data is compromised.

Whilst cyber criminals are getting smarter and smarter with their tactics, there’s no need to panic. By being aware of the warning signs and taking proactive steps to protect your business, you can stay one step ahead of these digital tricksters.

Remember, not all that glitters is gold – or in this case, not every cute cat picture is just a cute cat picture. Stay vigilant, and don’t let the scammers win!

Read more

Criminals are exploiting AI to create more convincing scams

Criminals are using AI to scam you

One of the many cool things about the new wave of Artificial Intelligence tools is their ability to sound convincingly human.

AI chatbots can be prompted to generate text that you’d never know was written by a robot. And they can keep producing it – quickly, and with minimal human intervention.

So it’s no surprise that cyber criminals have been using AI chatbots to try to make their own lives easier.

Police have identified the three main ways crooks have found to use the chatbot for malicious reasons.

  1. Better phishing emails

Until now, terrible spelling and grammar have made it easy to spot many phishing emails. These are intended to trick you into clicking a link to download malware or steal information. AI-written text is way harder to spot, simply because it isn’t riddled with mistakes.

Worse, criminals can make every phishing email they send unique, making it harder for spam filters to spot potentially dangerous content.

  • Spreading misinformation

“Write me ten social media posts that accuse the CEO of the Acme Corporation of having an affair. Mention the following news outlets”.  Spreading misinformation and disinformation may not seem like an immediate threat to you, but it could lead to your employees falling for scams, clicking malware links, or even damage the reputation of your business or members of your team.

  • Creating malicious code

AI can already write pretty good computer code and is getting better all the time. Criminals could use it to create malware.

It’s not the software’s fault – it’s just doing what it’s told – but until there’s a reliable way for the AI creators to safeguard against this, it remains a potential threat.

The creators of AI tools are not the ones responsible for criminals taking advantage of their powerful software. ChatGPT creator OpenAI, for example, is working to prevent its tools from being used maliciously.

What this does show is the need to stay one step ahead of the cyber crooks in everything we do. That’s why we work so hard with our clients to keep them protected from criminal threats, and informed about what’s coming next.

If you’re concerned about your people falling for increasingly sophisticated scams, be sure to keep them updated about how the scams work and what to look out for.

If you need help with that, get in touch.

Published with permission from Your Tech Updates.

Read more

3 essential security tools for every business

3 essential security tools for every business

Your data is one of your most valuable business assets. Keeping it safe should be one of your main priorities. So if you don’t have much security in place, there’s a minimum standard you should be implementing, right now.

There are dozens of security solutions available that all perform different tasks – from preventing criminals gaining access, to recognising attacks in progress, and then limiting the damage that can be done. There’s no one-size-fits-all as every business has different priorities and different types of data to protect.

Here are three essentials that every business should put in place as a basic level of protection.

  1. A firewall

A firewall monitors the internet traffic coming into and leaving your IT network. It acts as a wall between your network and the outside world. It’s your first line of defence against an intruder breaking in to your network.

  •  A password manager for everyone in the business.

A password manager stores all your credentials securely, and can also generate nearly impossible-to-guess passwords for all your accounts and applications.

That’s useful against brute force attacks, where cyber criminals essentially try to force their way into your system by guessing the password. It also stops you writing down your passwords somewhere ‘safe’!

  • A VPN (Virtual Private Network)

A VPN is important for any remote or hybrid workers in your business.

It means your employees can access your network from wherever they’re working, without worrying that their online activity is being watched by a criminal.

VPNs make your browsing completely private, hiding your device and location details, and anything you download. If you or your employees regularly use public Wi-Fi – especially to access your network – a VPN is essential.

These are our absolute minimum recommendations.

The strongest security uses additional tools like Multi-Factor Authentication to prove the identity of all users, and antivirus software to deal with any intrusions.

These work together to create a multi-layered security shield to defend against threats on many fronts.

But it’s important you create a security plan that’s right for your specific business. It’s a good idea to seek some professional help.

Not everyone’s as excited about IT security as we are! But we definitely have a passion for it.

If we can help you, get in touch.

Published with permission from Your Tech Updates.

Read more

10 Common Tech Problems Plymouth Businesses Are Eliminating From Their Business Forever

They say, “You get what you tolerate” and now more than ever, we’ve been conditioned to tolerate worse service at higher prices. Companies get a ‘free pass’ simply by saying phrases like “the labour shortage,” “because COVID,” or “inflation.”

But it doesn’t have to be that way.

While you may be able to still do business even with some less-than-stellar vendors in some areas, if all your computers were to suddenly stop working, your network go down, your files gone, chances are you’d be dead in the water.

Your business depends on technology, and you need to make sure everything is up and running RIGHT and you’re protected ALL the time.

Here’s a list of ten common problems, complaints and just downright failures in service we hear of all the time…and I’ll show you how to eliminate them in your business.

  1. When you call your IT company, your message goes to voicemail and you’re stuck waiting hours (or even days) for a call back so your problem gets resolved.
  2. You often must reach out multiple times to get a problem resolved and you need to check back to see what the status is and get a timeframe.
  3. Your IT company doesn’t proactively monitor, patch and update your computer network’s critical security settings daily (or at least weekly) leaving your entire business vulnerable to attacks.  
  4. Your IT company doesn’t offer proof that they are backing up ALL your data, laptops and devices.
  5. Your IT company doesn’t meet with you regularly (at least once a quarter) to report what they’ve been doing, review projects and offer new ways to improve your network’s performance instead of waiting until you have a problem to make recommendations.
  6. Your IT company doesn’t provide detailed invoices that clearly explain what you are paying for.
  7. Your IT company doesn’t explain what they are doing and answer your questions in terms that you can understand, NOT in “geek speak” and they don’t routinely ask if there’s anything else they can help with, no matter how small.
  8. Your IT company doesn’t proactively discuss cybersecurity with you or make recommendations for protecting your network from ransomware and offer employee training videos, so they don’t fall victim to a scam.
  9. Your IT company hasn’t provided you complete network documentation, and they hold the “keys to the kingdom” refusing to give you admin passwords so you’re totally helpless if something goes wrong and you can’t get a hold of them.
  10. Techs arrive late and dressed like they just got out of bed, and you cringe every time you need to make that call because they’ll make you feel dumb or like they are ‘doing you a favor’ even though you’re paying them!

If you’re tolerating any of these common problems, know that you don’t have to! You could be paying for substandard support and worse, not be keeping your company protected.

This could jeopardize your data and your network’s security and cost you thousands in lost productivity because you and your employees are spending time dealing with problems that shouldn’t exist.

If that’s the case, then it’s time you see what else is out there and make sure you’re getting what you pay for.

To schedule a free 10-minute discovery call to see how we can get rid of your tech issues, go to https://limbtec.com/book-a-call

Read more

Microsoft 365 makes Multi-Factor Authentication easier

Multi Facto Authnetication made Easier

Microsoft is planning to enable Multi-Factor Authentication (MFA) directly in its Outlook app for many 365 business users.

MFA is a vital tool to help protect your online accounts from cyber criminals. It works by generating a second, single-use passcode every time you log into an account. It’s usually sent to an authenticator app on your phone that you have to download and set up first.

Security codes can also be sent via SMS text message, by a phone call, or you might be given a special USB key to plug into your computer.

The process is often made quicker by using a biometric login like your fingerprint or face ID. It’s a minor chore, but the protection it offers far outweighs the couple of extra seconds it takes to access your account.

Microsoft isn’t so sure about those extra seconds, though. If the tech giant can save you that time, it’s going to do it. That’s why it’s looking to streamline MFA for Microsoft 365 business accounts.

It’s rolling out the improvement by building MFA directly into the Outlook app in a feature called Authenticator Lite. Until now, it’s relied on a separate authenticator app or sending login codes.

There’s no news yet for those of us who want faster authentication on our personal PCs. If Microsoft does announce plans to make this feature available to more hardware or operating systems, we’ll update you with any news.

If you don’t already use MFA for your apps and online accounts, we recommend that all businesses implement it as soon as possible. The additional security it offers protects against the vast majority of today’s cyber threats.

For more help and advice about implementing MFA or getting the best from Microsoft 365, just get in touch.

Published with permission from Your Tech Updates.

Read more

The Bad Bots!

Bot malware is a growing security threat

If we talk about ‘bots’ you’d be forgiven for thinking of the amazing AI chatbots that have been all over the news lately.

But this isn’t a good news story. Bots are just automated programs, and bot malware is a worrying new security risk you need to defend your business against.

Malware bots are particularly dangerous because they steal whole user profiles – that’s a complete snapshot of your ID and settings. This potentially allows cyber crooks to bypass strong security measures like Multi-Factor Authentication (MFA).

Usually, if a criminal steals your username and password, they still can’t access your account because they don’t have access to your MFA authentication method. But with your whole profile available to them, using your cookies and device configurations, they can trick security systems and effectively switch off MFA. 

Once profile information is stolen, it’s sold on the dark web for as little as £5.

And it’s not even super-sophisticated cyber criminals deploying this technique. Just about anyone can obtain your details and use them for phishing emails, scams, and other criminal activity.

Since 2018, 5 million people have had 26.6 million usernames and passwords stolen, giving access to accounts including Microsoft, Google, and Facebook.

All this means there are things you need to do – right now – to keep your profiles and your business protected from bot malware.

  • Update your antivirus software and keep it on at all times.
  • Use a password manager and Multi-Factor Authentication to keep your login credentials safer
  • And encrypt all your files so that, if anyone does access your profile, there’s very little to steal.

These are the things we help our clients with every day. If we can help you, just get in touch.

Published with permission from Your Tech Updates.

Read more

Cyber Security – What about your Mobile.

Don't forget your phone when you think about cyber security

Our phones are a goldmine of private information. Just think of all the financial details, personal messages, banking apps, photos and contact information that live behind that little glass screen.

And if your team use phones for work, they’ll often have access straight into company systems – email, contact lists, network access, file systems. So if they’re not kept as secure as any other device in your workplace, they can become a gaping hole in your cyber security.

Criminals know this, of course, which is why they target us through our phones just as much as they do through our networks and servers.

But cyber crime isn’t the only concern. Just losing your phone, or having it stolen, can put your data at huge risk.

So, whether you issue company smartphones, or your employees use their own, you should make sure everyone implements some simple security steps to protect your data and avoid disaster.

What to consider

Start with making sure your people set up a PIN and a biometric login (like a fingerprint or face scan) to open the device.

Only install apps from trusted sources to make sure you’re using genuine software.

And enable Multi-Factor Authentication on all apps that store even a small amount of sensitive data.

Be careful about where you connect to Wi-Fi. If you work remotely or often connect to public networks, consider using a VPN – a Virtual Private Network – to add another layer of security. You never know who’s monitoring traffic on a public network.

Finally, ALWAYS make sure your phone is running the latest version of its operating software, and keep all apps up to date.

Smartphones have changed so much about the way we live – at home, and at work – but it’s too easy to take them for granted. And that could be a costly mistake.

If you need help to keep your smartphones safe, just get in touch.

Published with permission from Your Tech Updates.

Read more

Cyber attacks are getting smarter and bigger. Is your protection?

Cyber Attacks are getting Bigger and smarter

Have you ever tried to buy tickets for a huge event and found that the seller’s website has collapsed under the weight of thousands of people all trying to do the same thing at the same time?

The ticket site falls over – usually temporarily – because the server is overloaded with traffic it doesn’t have the capacity for.

Criminal Distributed Denial of Service attacks – DDoS, for short – exploit the same principle.

When a DDoS attack targets a business, it floods it with internet traffic in an attempt to overwhelm the system and force it to fail.

This results in the business and its customers being unable to access services. That may trigger a temporary failure, or it could be more serious. Last year, the average DDoS attack lasted 50 minutes.

That may not sound like a long time, but it’s enough to create angry customers, or to bring business to a grinding halt. And downtime can be costly.

The really bad news is that DDoS attacks are not only lasting longer, but they’re becoming bigger, more sophisticated and more common.

Recently, the biggest ever reported DDoS attack was reportedly blocked. At its peak, it sent 71 million requests per SECOND to its target’s servers. Prior to that, the biggest reported incident stood at 46 million requests per second.

Worse still, more businesses are reporting being targeted by DDoS attacks where criminals are demanding huge ransoms to stop the attack.

What does this mean for you?

It’s important you check all your security measures are up-to-date and working as they should be. Are your firewalls up to the task, with DDoS monitoring and prevention tools set up? And is your team fully aware of the importance of staying vigilant?

We can help make sure your business stays protected. Just get in touch.

Published with permission from Your Tech Updates

Read more

Is you Cyber Security looking at the right things?

Is your security focusing on the right things

When we look to protect our homes, we start with shutting and locking the doors and windows. Then we will add extra measures like alarms, security lights, fences etc.

But there’s no point going to all that effort if someone’s already broken in and set up camp in the basement.

Yet, by deploying the latest must have cyber security product to protect your business and it’s data that is exactly what you may be doing.

What businesses currently do.

Businesses generally do many of the right things. They invest in security software. They take a strong, multi-layered approach to security – including all the things we recommend, like multi-factor authentication, encryption, reliable backup systems and staff training.

But they don’t pay enough attention to detection and response. That involves constantly scanning systems for any sign that a crook may have gained entry somewhere, and having a process to stop an attack in its tracks.

A new study shows that only a third of businesses place detection as their main priority, while two thirds say prevention is their primary focus.

That means, they could be building 10-foot walls around their systems with intruders already inside.

In-house security teams might be super-confident in the security measures they’ve put in place. But the data suggests that they’re being too complacent. The study reveals that more than eight in ten businesses experienced more than one data breach last year – even with good security in place.

Criminals are constantly finding ways to evade security. That tells us that we need to take a rounded approach, with strong prevention AND detection policies providing the best protection against today’s determined criminals.

If you need world-class security, get in touch today.

Read more