ACTion Blog

Cyber Security Event @NY Law School

Aurora Computer is excited to announce that Patrick Buono was selected as a panelist for New York Law School’s Cyber Security event which will take place on Wednesday, October 17th.
The goal of this panel is to discuss safer technological practices for your clients and will feature topics such as data breaches, hacking schemes, phishing and more.
The event will be held from 12:45 pm – 1:50 pm. If you have time, be sure to check it out!

Is it Time for a Tune-up? by Natalie Murphy | Sep 6, 2018

Tech Support Is it Time for a Tune-up? One of the things that you may notice on our website when you read about our services is “tune-up”, it’s all over the place, but understanding what it means could help you protect your computer. The biggest sign that your computer may need a tune-up would be poor performance. This could include your computer starting very slowly and noisily (noises that it didn’t use to make). Once the computer is started up you may notice that programs take forever to open, web pages take a long time to load and you may notice that you have to try several times to open programs. Even if you’re not experiencing any of these, you may still want to tune-up before this happens. As you run programs and browse the internet, your computer picks things up, little bits of data that help optimize web pages, tracking cookies that companies use to target ads, and sometimes malicious stuff gets in.tune-up Is it Time for a Tune-up? computer 1209641 1920 But what actually happens when you get your computer tuned-up? When you call or live-chat with a OneSupport agent for a computer tune-up the tech will remotely log in to your computer. This sounds scary to some people, however, you’ll still be able to fully control your computer and you’ll be able to see what our tech is doing the entire time. There will also be a chat window available for you to ask our tech any questions you may have. Once the agent gets logged in they’ll begin cleaning up your computer. They’ll remove the bits of data that you’ve picked up from the internet, they’ll run scans to check for malware and computer viruses(and remove it if found), remove unnecessary browser add-ons and plugins, and edit the way your computer starts up. Mitch, a long time OneSupport tech explains why they edit your start-up, “Editing the startup is also a huge part of it because you are taking things out of the startup which do not need to run all the time and saving resources.” After this, the tech will clean up your disk space and defragment your hard drive. So now you may be thinking “what on earth does that mean?” To be perfectly honest with you, I wasn’t sure either. tune-up Is it Time for a Tune-up? hacking 2903156 1920According to Mitch, “The PC stores data on the drive wherever there is space. A lot of times it will split up files and put parts in different physical sections, fragmenting them. Defrag takes these parts of files and moves them around on the disk to put them back together, making them faster to read.” Throughout various parts of the tune-up, you’ll notice scans and processes running and the agent will restart the computer, maybe a few times, then they’ll let you know when they’re done and then they’ll disconnect from your computer. The tune-up process is simple but the time it takes will vary depending on how much “stuff” is on your computer. Since we’re open 24/7 you can have our techs do a tune-up for you at any time, day or night any day of the year. We’re here and we’re ready to help. Give one of our 100% U.S. based agents a call today at 844-417-8776 or chat with us at OneSupport.com/connect.

This is one reason computers get infected

Google Has Trouble Detecting Fake Tech-Support Ads

Ionut Ilascu

Fraudulent tech-support services that buy online advertising space have grown in sophistication to a level that Google cannot distinguish them from legitimate providers.

Operators of tech-support scams often operate just like a legitimate business to avoid detection and to ensure their success for a longer time. Sometimes even employees are unaware of the illegal activity.

Over the past few years, began to promote their activity through search ads, claiming to be an authorized service center for products from popular companies such as Apple, Microsoft or Dell.

Playing on the user’s trust in the results and ads provided by Google, most of the times the scammers just have to wait for the victim to call.

The tactic is powerful because the potential victims are the ones placing the call, so they have already shown some trust in the service.

“For many years, we’ve consulted and worked with law enforcement and government agencies to address abuse in this area. As the fraudulent activity takes place off our platform, it’s increasingly difficult to separate the bad actors from the legitimate providers,” Google director of global product policy, David Graff wrote.

To curb this type of malicious activity, the advertising company’s new policy is to allow ads only from verified third-party support providers.

A verification program is set to run at a global level in the following months to make sure that only legitimate providers can advertise on Google’s platform.

Fraudsters getting professional at it

Tech-support scammers have become more proficient at what they do. Apart from creating websites that instill trust, they also try to obtain as much information as possible about the victim or their machine, to help them make the deceit more difficult to spot.

Symantec published at the beginning of August a report on how fraudulent tech-support activity has started to integrate call optimization, a service that allows them to dynamically insert phone numbers in web pages.

One benefit to the scammer is that they can show the victim a phone number that points to someone speaking their language.

Any extra information helps with the social engineering, as it makes it easier to remove suspicions about any seemingly out of place instructions and demands.

For instance, multiple Dell customers were contacted by tech-support scammers that knew sufficient details about them and their computer to make the call appear legitimate.

One Dell customer had their laptop encrypted and held for ransom after the scammer correctly provided information that should have been available only to a legitimate service employee (machine service record, serial number, and warranty information).

Graff says that while Google’s verification program aims to separate the bad actors, it is not a guarantee that scammers will disappear; however, it will make their endeavors a lot more difficult.

This decision is likely to have the scammers return to cold-calling their victims, which can yield very unexpected results:

Email attacks on the rise, say 80% of businesses

Impersonation attacks have increased 80 percent quarter on quarter, according to a new report.

Mark Mayne

The latest figures show that Impersonation or Business Email Compromise (BEC) attacks have spiked enormously over the last quarter, clocking up an 80 percent increase quarter-on-quarter to hit a total of 41,605.

According to the new ESRA report from Mimecast, which tests the efficiency of email security systems, a significant 203,000 malicious links within 10,072,682 emails were deemed safe by other security systems – a ratio of one unstopped malicious link for every 50 emails inspected.

“Targeted malware, heavily socially-engineered impersonation attacks, and phishing threats are still reaching employee inboxes. This leaves organisations at risk of a data breach and financial loss,” said Matthew Gardiner, cybersecurity strategist at Mimecast, in a statement. “These are difficult attacks to identify without specialised security capabilities, and this testing shows that commonly used systems aren’t doing a good job catching them.”

The ESRA report also identified 19,086,877 pieces of spam, 13,176 emails containing dangerous file types, and 15,656 malware attachments that were allegedly missed by incumbent providers and potentially delivered to users’ inboxes. As part of the cumulative assessments, Mimecast claims to have inspected more than 142 million emails that have passed through organizations’ incumbent email security vendors

How to Protect Businesses from Phishing, Spear-Phishing and Whaling

3 Ways to Stay Ahead of Phishing Attacks

“So how can businesses — particularly small businesses with slim IT teams and stretched resources — stay ahead of increasingly smarter phishing campaigns?

  1. Adopt the Right Tools: The best defense is a good offense, so having an arsenal of technologies to prevent phishing emails from getting into a system are key. Strong encryption, modern anti-malware, data loss prevention tools and automated email client health checks are a good place to start when it comes to enhancing email security.
  2. Stay on Top of Threats and Vulnerabilities: You can’t protect against the threats you don’t know are out there, so be sure to stay on top of the latest cybersecurity threats and trends. For small businesses without a dedicated IT team, advisors and third-party entities such as vendor partners can be an amazing resource to help fill in the gaps.
  3. Educate Users: Employees who have been trained on how to spot and avoid suspicious emails are far less likely to fall victim to them. A single training is not a silver bullet, however. According to a 2017 report from Glasswall Solutions82 percent of employees will open email attachments if they appear to be from a known contact, which could happen even if they’ve been trained to recognize sophisticated attacks. This is why constant training and a strong companywide security culture are key to ensuring threats stay at bay.”

(Reference) BizTech https://biztechmagazine.com/article/2018/07/how-protect-businesses-phishing-spear-phishing-and-whaling.

#auroracomputer

IOS Phishing scam

PSA: Latest iOS phishing scam tries to connect you to ‘AppleCare’ w/ a system dialog popup | 9to5Mac https://9to5mac.com/20…/…/30/ios-phishing-applecare-attempt/. #auroracomputer