The Great Phishing Scamdemic
Have you been noticing an abundance of suspicious looking emails flooding your inbox over the past few months? You aren’t alone! In the age of COVID-19, InfoSecurity Magazine reports that phishing scams have soared by over 600% since the end of February. Unfortunately, many of these scammers prey on fear and uncertainty in order to worm their way around barriers. And working from home means those barriers aren’t often as well maintained as they would be in the office.
So what can you do to help keep your passwords and accounts secure? When it comes to phishing, awareness is often the best defense. With that in mind, we’ve put together a guide to help you navigate some of the common tricks and scams to watch out for during these trying times.
CDC Alerts
If you receive an email claiming to be from the CDC or WHO, you should be careful. It is most likely a scam! These messages often contain links claiming to list coronavirus cases in your area along with an urgent request to review those cases and see if you were in contact with anyone affected. The links may look legitimate on the surface. However, hovering a mouse pointer over the link and examining the actual target underneath reveals that it actually points somewhere more nefarious.
Health Advice
Phishers have been sending many scam emails purporting to offer important health advice related to the pandemic. These often appear to come from a specialist, doctor, or expert of some kind. These emails may contain a link or even an infected attachment. If you receive one of these messages, do not open any attachments or follow the links. Delete the email immediately. If you feel uncertain about your health, it is always best to contact your own doctor directly.
Workplace Policy Updates
You may receive occasional updates from your employer while working from home. This is normal and expected, but if you receive one of these notices, review it carefully before following any links or downloading any attachments. Cybercriminals have been sending highly targeted “Policy Update” messages appearing to come from your employer. These messages appear to link to an updated company wide policy due to the pandemic. Always double check the link by hovering your mouse over the text and checking where it really goes. If you are unsure, reach out to your employer directly and ask whether or not the message came from them.
Charitable Appeals
Many scammers are exploiting people’s best intentions by requesting financial support to help victims of the virus and front-line workers. Although these types of emails may not always be phishing scams, the charities they fund are usually illegitimate. Rather than helping to fund relief efforts, the money instead goes straight into the scammer’s bank account. Always do your research before donating to any charity. If you receive a charitable appeal via email, it is most likely fake.
SMS Recovery Hack
You may receive an email or SMS from someone claiming to be your employer or email provider. The attacker typically claims that someone breached your account and they need you to forward a forthcoming SMS code to restore it. The attacker then initiates an account recovery process which automatically sends out an SMS code to the account owner’s phone. If you unwittingly forward that code to the attacker, they will be able to take over your account.
These attacks have become very popular lately and have seen widespread success. There is even a variation of this scheme affecting WhatsApp users. To ensure this doesn’t happen to you, never forward any account codes to someone else. Your email provider should never require this information. If your employer legitimately needs it to rescue your account, contact them directly over the phone or video conference to ensure you know exactly where you are sending it.
Smudged Screen
Since touch devices have become the norm, a new type of attack targets these devices by simulating a smudge, hair, or piece of dust on the screen. Many people are already educated about the dangers inherent with clicking unknown links in an email, but wiping smudges from their touch screen is almost a reflex. However, if the smudge is actually a disguised link, that reflexive swipe may be detected as a tap. If you’re using a touch device, it’s always a good idea to close your email and browser before cleaning the screen.
Fake Ads
Scammers have been placing ads around the web and over email claiming to offer cures and treatments for the virus. Norton Security reports that the websites these ads lead to sometimes contain malware. Even in the best case scenario, the products and services they offer are useless.
How to Avoid Phishing Scams
Now that you are aware of some of the more malicious phishing scams going around right now, here are some general practices that will help protect you and your accounts from these threats:
- Avoid opening unsolicited email.
- Hover your mouse pointer over links to see where they really lead.
- Do not download attachments from any email unless it was something you were expecting to receive and you are certain of where it came from.
- Do not supply personal information to anyone via email.
- Watch out for sloppy spelling and grammar. Although this is not always a guarantee (they get more convincing all the time), poor grammar and spelling usually indicates the email is coming from a fake source.
- Be wary of urgency. Emails that try to create a sense of urgency are almost certainly scams.
- Stay calm. People can be more easily manipulated when they are in a state of panic. Try not to fall victim to fear-inducing emails or messages. This is a tactic used by social engineers to bypass your natural defenses. Instead, keep a steady hand and delete such emails.
Serious Risks to Consider When Socializing Distantly
In today’s crazy world of staying home instead of visiting friends, we’ve all been inclined to share a little more of ourselves on social media. There are more pictures of baking adventures with kids, selfies of good health and shared lists with a rundown of your personal information. Let me explain why sharing life information without precautions can be bad for real life.
Security Questions are Passwords
Decades ago, banks added extra questions to bank signature cards. This included information – such as a mother’s maiden name – to help verify customers needing account services. In the early 2000’s security questions became the norm for every account you set up online. Security questions are often required as an extra security layer to grant account access or to request a password reset. Questions range from asking your mother’s maiden name to the details of your first vehicle to the street you grew up on. The answers to these questions are additional passwords to access your accounts.
Breaches Handing Out Your Secrets
Security breaches happen every day, but in 2016 Yahoo admitted their security breach leaked over 3 billion users’ security answers to hackers, yes 3 BILLION accounts. This shed light on an even more serious issue – you can’t change your mom’s maiden name or the street you grew up on. But those now-public answers have the power to grant access to your accounts.
Fun But Harmful Social Media Posts
The Yahoo breach and other breaches may have spread some traditional security question answers around, but many people use social media to willingly spread the rest of them. Social media serves as a medium to help us connect to others (or argue with them, but that’s a different article). It was made for these things, but sharing such information publicly also opens users up to account hacking.
- Who doesn’t get a kick out of discovering that our soft-spoken, sweet friend that we met in church has a list of favorite concerts that includes hardcore rap?
- Why not gather “Likes” from posting pictures of us restoring our first vehicle on social media or reminiscing over old 1st grade class photos?
- How many have competed to see who’s moved the most times with lists of former hometowns?
- What other sharing have you seen that includes security question answers?
We’ve all enjoyed these posts, but all of these items are answers to many of the traditional security questions that secure our accounts. It’s hard to remember what we’ve used for our security questions around the internet, so we should assume we’ve used our personal information somewhere. Your privacy settings on your account may be high, but social media is stored in an online database that has certainly been hacked more than once.
Other Options for Security Questions
It’s not likely that you’ll switch over to posting fake information to social media to avoid giving up your security question answers. However, you do have the option to make up fake answers to security questions on your accounts. But how do you remember your fake answers? What if you mess up the exact spelling? A lot of people use a paper notebook to keep track of passwords and security answers. If this is you, please stop. With this strategy, one spilled glass or stolen laptop bag creates a whole new disaster in your life. Instead, look into a free password keeper like LastPass where you can add extra notes to your entries and only have to remember one password. With ever-present malware key-stroke loggers hiding silently on many computers, typing in passwords and security question answers still hands the keys over to hackers.
Upgrading To Two Factor Authentication (2FA)
Two factor authentication (2FA) is one of the most popular alternatives to security questions. 2FA requires two steps to allow you account access. The first step is usually your account password. According to PC World, “two-factor authentication is basically a combination of two of the following factors:
- Something you know – such as your password.
- Something you have – some options include getting a text on your phone, iCloud verification, email verification code, authentication app, or a physical security key.
- Something you are – such as a fingerprint reader or retina/face scanner.
There are no specific regulations requiring a business to have or request security questions. However, there have been increasing regulations requiring the safe storage of a user’s personal identifying information, such as the data which can be gleaned from stored security question answers. With this in mind, it’s a no brainer to set up 2FA if it is offered by your vendor. If your vendor does not offer 2FA yet, let them know you want better security on your account.
If you enjoy social media, then keep an eye out for our upcoming blog article – How to Stop My Social Media Account From Being Hacked.
Ten Tips on How to be Successful While Working From Home During Coronavirus Outbreak
As a web developer of over 15 years, I’ve spent a lot of time working remote. Sometimes out of convenience and other times out of necessity because of sick kids at home. With the outbreak of COVID-19, there are now millions of workers finding their desks a lot closer to home. My hope is that this article will help you settle in and get your productivity levels back to the same levels or better than they were in the workplace.
1. Don’t Steal from Your Employer
Do not use the company equipment for personal work, especially while on the clock. If you were issued a computer to take home, it’s highly likely your employer knows when you log on and what you’re doing. Many employers are being hit hard financially by this outbreak. They will not hesitate to fire an employee for wasting precious company time and resources.
2. Get Equipment that Works for You
In a perfect world, you have a home office or study room already setup with your home computer. However, the reality for many of us that we usually just pull out our personal laptop or tablet and sit on the couch or kitchen island to surf the web. It’s now imperative that you have a quiet, low traffic area set aside specifically for working.
Your equipment list may include:
- Laptop or Computer – It’s likely your employer has provided you with these.
- Desk – If you have a desk with your personal computer on it, move it aside and you’ll be all set. If you don’t have a desk, grab a folding table or another surface for your work equipment and place in a low traffic area where available.
- Monitor – Some laptop screens are small. An external monitor can solve that. Before ordering one online, be sure to check what ports your laptop has. Here is a link to help you identify the ports you have.
- Peripherals – Other items may improve your productivity, such as an external mouse or keyboard for your laptop. You may also need a web camera if your employer plans on doing online meetings.
- Printer – You may or may not need a printer depending on your job. Don’t forget ink and paper.
- Other – The list of other items to increase productivity could go on for pages. Some other items that I can’t live without when working from home include: noise cancelling headphones, a large refillable water bottle, pens, notebooks, sticky-notes, a lamp and a lap blanket.
3. Get Creative if You Don’t Have a Spare Room to Work Remote
Some suggestions include:
- Closet – I have a friend in a small apartment, she doesn’t have an extra room available. However, she did have a large bedroom closet full of clothes she’s not going to wear for a while since there’s no fashion police in her home office. She emptied those clothes onto a living room chair and moved her desk and a lamp into her closet.
- Table – A kitchen table is not exactly ideal, but if your family does not regularly utilize the entire kitchen table, then you have a space. Clear it off and let your family know it’s off limits to them. You won’t be having guests over, so you can leave your new desk as is every day. Important: keep glasses cleaned off the table and use a rolled-up towel to not only mark your space but also make barrier to keep accidental spills away from your computer and paperwork.
- Kids Room – If you have multiple children with multiple bedrooms, then you may have a new workspace option. Do a coin flip and pick who’s moving out temporarily. Unless you need to work at night, your displaced child may still be able to return to their room to sleep every night.
- Basement – We all groan at the thought of working in our basement, but hard times may call for hard decisions. Grab a table, space heater and some extra lamps for your new home office and call it good for now. Introverts may actually enjoy the peace and quiet of your basement.
4. Setup Security Measures
I’m not an IT expert, I make websites; but here are some bare minimums.
- Secure Internet Connection – You’ll have fastest internet speeds with a direct Ethernet cable plugged into your computer or dock. If that’s not an option for you, be sure your WiFi is behind a login. Your employer may have also setup a VPN for you to connect through. This is ideal!
- Password Protection – Make sure your machine requires a password to login. The last thing you want is your kid hopping on your computer and going to sites your employer would not approve of.
- Virus Protection – Staying off sites not related to your work while on your work equipment is the first step. The second step is being wary of emails and scams going around due to the outbreak. Your employer may or may not have installed special software for you, when in doubt, check in with them.
- Out of Site – News reports show that crime has not slowed and desperate times may lead to more break-ins. Keep your computer and valuables out of sight of windows and draw your blinds at night to lower temptation.
5. Limit Your Distractions
Let your family and friends know your work schedule. It’s so easy to get inundated with texts from your bored friends. Let your friends know you’re working from home and ensure them you’re not ignoring them. Tell them you’ll get back to them on your breaks or after work. Every text or social media notification can lead to work mistakes and it can take up to 30 minutes to get yourself back on track.
If you’re home with the family, share and post your schedule. Tell them your rules and that, although they can see you, you are at work and this time is very important. Your family and loved ones will push this boundary, but you must enforce it until it becomes natural for everyone.
6. Get to Work on Time
Your commute just got shortened, but the “traffic” may be just as bad or worse. By traffic, I mean your family and other home distractions. With kids home from school and pets seeing you home, your morning routine may take longer. I find it best to get up earlier than when I was going into the office. This gives extra time to do social media surfing and get the kids/loved ones settled in with enough attention, snacks and activities to make it until the morning break comes around. If your employer didn’t give you a specific time to start work, then you need to pick a time, communicate it to them and stick with it.
Plan for a short morning break, if your kids and pets are home with you, they may dictate when this time occurs. At the very least, get up from your desk and walk away from it for a few minutes, some light stretches may feel great too. I know it’s tempting to do some cleaning or laundry while you’re home, but you may quickly lose track of time during breaks. Don’t make a habit of this, set a timer on your phone and get back to work on time.
7. Enjoy Your Lunch Break
Set a timer on your watch or phone for your lunch break. Get away from your work space. Make this your personal time; catch up on social media, get some fresh air, play with the kids, do whatever gives you a break and lets you recharge to take on the second half of your day. Preparing healthy foods ahead of time will also provide you with good fuel for the afternoon. I use my lunch break to have a quick lunch with the kids, a little play time and then put them down for a nap.
8. Be Prepared for the Afternoon Slump
Just like at work, it may be hard to stay motivated in the afternoon. Learn to adjust your work agenda to what works best for you. I find that saving my new or challenging work for the afternoon works best. Others may find this to be the best time to answer emails. Do what works for you, but do not waste your employer’s time.
Give yourself a short afternoon break of 15-20 minutes. Use this break to resettle the family and pets, switch laundry or get a snack. Set a timer on your phone if you find break time getting out of control.
9. Know When to End the Work Day
If your work load allows it, keep your normal end of day schedule. I use the last 30 minutes of my day to make notes of where line items stand and setup an agenda of tomorrow’s priorities. This can be done using an electronic resource or even a paper notebook with a paperclip on the current agenda page. At the end of the day, shut down your computer and get away from your work space. You’ll quickly become spoiled by your short commute.
10. Appreciate Your Workday
You’ll easily find many benefits to working from home. You’ll save money on commuting, be able throw a load of laundry in on a break, and so much more. I personally love being able to have lunch with my kids and getting hugs from them while I’m on break.
Ready to be Successful While Working From Home the Coronavirus Outbreak?
Telecommuting has many advantages, but it also comes with trying challenges. Distractions are much higher at home; you will need to work hard to become disciplined and focused. It’s imperative to teach your loved ones what the new normal is for you – your livelihood depends on it. Your integrity must shine through, you no longer have your boss or co-worker policing your every move. Trust me, your employer will know if things are getting done in the end and that’s the bottom line.
How to Stay Safe Online During the COVID-19 Outbreak
The COVID-19 outbreak has taken the world by surprise. In these unprecedented times, it is important to know who you can trust. Unfortunately, there are some people who are looking to benefit off of the grief and anxiety of others. COVID-19 scams are running rampant right now. We’ve outlined how to stay safe online during the COVID-19 pandemic.
Malicious Coronavirus Emails
Scammers are sending emails while posing as various professional health organizations such as the CDC and the World Health Organization. Most of these emails are known as phishing emails, which are used to lure the receiver to click a malicious link. These links often impersonate other websites like banks or other accounts. The fake websites prompt you to log in or enter credit cards information. The consequences of handing this information over a malicious site can be crippling. Other links may send you to websites that install Malware onto your computer.
How to Spot COVID-19 Scams in Your Email
The number one rule of thumb is to always be cautious. Therefore, never immediately click a link or download attachments from ANY email. You want to be 100% sure of its authenticity. Here is how to tell if an email is a legitimate and avoid COVID-19 scams:
- Check the sender’s email address
If the sender’s email address does not end with the company’s domain (for example, an email from the CDC would look something like email@cdc.gov), it is almost always a sure sign of spam. Flag the email and trash it. If it does match, that is a good sign. However, it is possible for hackers to spoof emails to look like the real thing, so check for the next things as well. - Look for typos and grammar mistakes
Professional emails are usually read by a few pairs of eyes internally before it gets sent out to the public masses. This means typos and grammar mistakes are generally caught before the email hits your inbox. Scam emails are often written by one person. Additionally, it is not uncommon for the emails to have poor English translations if its origin is international. If you notice any typos or grammar mistakes, it is best to flag and trash the email. - Check the destination URL of any links
Hyperlinks allow the sender to type whatever they want and have that text link to any website on the web. This means that just because you see a link to a website, doesn’t mean your destination will be that website. This is one of the main ways hackers obtain your information. To check the actual destination of a link, hover your mouse over it and you should see the revealed URL somewhere in your email program or browser.Test this by hovering over this link to the CDC’s website: https://www.cdc.gov/coronavirus/2019-ncov/
As you can hopefully see, this actually links to our homepage. Refrain from clicking any link that will not bring you where you’d expect. Remember that this method of link checking works on hyperlinked images and regular text as well. If you receive a notice, you can always call your vendor directly to check on a notice or browse out directly to the vendor’s website instead of clicking on the email’s link.
Working From Home
If you are working from home or have employees working from home, you may be leaving sensitive information vulnerable. Hackers are targeting more and more people working from home in hopes to gain corporate information. Keeping yourself and your team informed on the email information above can tremendously minimize the risk of a data leak.
Another thing to do is to provide legitimate resources for employees to go to if something goes wrong. Whether it’s your internal IT department or the Microsoft help desk, giving a direct resource minimizes the chance of being baited by fake tech support.
Lastly, make sure you and your team have secure WiFi network and have changed the default password on their router. You will be off the secure work network, so double check that you are not leaving yourself to potential risks.
Stay Safe
Being vigilant is the best way to stay safe. If you’re unsure about an email, asking for a second opinion is better than taking the risk. Run it by a colleague, or contact Appletree with any questions. We can provide tech support and help you identify suspicious emails or web pages.
Google Images are Not Free
Images are a great way to catch eyes on your website, social media, and even advertisements. You may be asking yourself, are Google images free to use?Read More
11/19/2019 E-Newsletter: Your new keyboard may give you a virus… | Protect your children from adult advertising
Extremely important! Learn how to keep your computers safe from junk and viruses. Also, who gains access to your accounts after you pass away? Read this to learn how that works. More scams coming to your inbox. Don’t fall for fake debt collectors. Click here to read all this and more!Read More
08/01/2019 E-Newsletter: FaceApp – stealing your info? What is SSL and why do I need it?
Extremely important! Learn how to keep your computers safe from junk and viruses. Also, who gains access to your accounts after you pass away? Read this to learn how that works. More scams coming to your inbox. Don’t fall for fake debt collectors. Click here to read all this and more!Read More
Everything You Need to Know About Your Google Business Listing
Google My Business is the tool that allows you to directly edit your business’s information on Google. On top of that, it is a good place to view insights and reviews too. If you’re a business owner and need to claim your business, add your business to Google, or remove spam/fake reviews and customer photos, read on.Read More
07/11/2019 E-Newsletter: Slow computer? Let’s fix that. Fake debt collector emails
Extremely important! Learn how to keep your computers safe from junk and viruses. Also, who gains access to your accounts after you pass away? Read this to learn how that works. More scams coming to your inbox. Don’t fall for fake debt collectors. Click here to read all this and more!Read More
Why You Need an SSL Certificate on Your Website
Have you ever visited a website and been greeted by a warning stating that the site is “Not Secure” or something similar? It is definitely off-putting to visitors when this happens. If you are a site owner and notice your site doing this, it is actually pretty easy to fix. All you need to do is install an SSL certificate.
What is SSL?
SSL stands for “secure sockets layer”. This essential technology encrypts data as it moves between a web server and browser. In other words, it stands between you and the rest of the internet, 
jumbling whatever information you send (such as usernames, passwords, credit card info, etc) into nonsense that can only be decrypted by a special “private key” held by the intended recipient. This protects you from hackers who could otherwise intercept your info while it is in transit. You’ll know you’re on a site with an SSL certificate if you see a padlock to the left of the URL in the address bar.
What if My Site Doesn’t Collect Personal Information?
Google encourages every site to obtain an SSL certificate. As a reward, your website gets a boost in search ranking. By not having one, you ultimately rank worse regardless of your data collection policy. If you’re running a small business, building a good Google ranking is essential to help bring in customers. This reason alone is good enough to justify the effort – you can outrank your competitors!
In addition to that, not having an SSL certificate causes some browsers to display a warning. Google Chrome, specifically, shows a “Not Secure” label (as mentioned earlier). This can be alarming to potential visitors, redirecting them away before they even land on your site. If enough visitors “bounce” because of this, it can ruin your website’s performance and eventually even harm your company’s credibility!
Keep Your Information Safe
If you manage your website using a content management system like WordPress, your administrative login credentials could become compromised if your site does not have an SSL certificate. Without it, your username and password are sent as plain text over the internet. Credentials sent this way can easily be picked up by hackers. Another way to combat unauthorized logins is by using two-step verification. Enable that whenever it is available.
Stay Cautious
Sometimes even phishing & scam websites are able to obtain legitimate SSL certificates. Just seeing a padlock in the corner does not necessarily mean you should trust the site with your personal information. Usually, you only have to worry about these types of scams coming through your email, so make sure to keep your guard up and know what to look out for.
Now that you know how important SSL certificates can be for you and your customers, help keep your website visitors safe and comfortable by installing one as soon as possible. This will boost your reputation as well as your organic search rankings over time. Not sure how to install SSL yourself? The experts here at Appletree would be happy to assist – we do this all the time! Don’t hesitate to drop us a line and let us know how we can help.
Subscribe to the free Appletree MediaWorks E-Newsletter to get bi-weekly tech tips, scam notices and more, straight to your email!