Articles and Posts

Spring has Sprung and so have the Criminals

posted by Heather Fegan | Feb 17, 2017

I wanted to reach out to you today to discuss security on the web. While the above photo may be humorous, this is a serious topic. Over the years and more recently, malicious attacks against individuals and companies have steadily increased. Nowadays there are very sophisticated attacks that are hard for even the most experienced IT security professional to notice.This message is by no means meant to scare you but it is simply to be informative of different attacks that malicious attackers use.

To start, here is some different terminology you might hear but really it all means the same thing. Malicious attacks could be in many different forms and these could be spyware, ransomware, trojans and phishing emails among others. The common factor between all these is they intend to do harm to you or use your accounts/systems to harm others. Additionally all these attacks are forms of malware. Malware is defined as any malicious software meaning any software that intends to do harm. It is also an overall term used to cover pretty much any type of attack. To read more about malware please visit this article by Symantec.

What I specifically wanted to cover in this message was a few specific types of attacks and give guidance on some security practices. The attacks I wanted to cover are phishing emails and ransomware.

Phishing:

Phishing is a type of attack normally done via email that generally appears to come from someone or a company that you trust that has you download a document or has a link in the message that directs you to a malicious website that might look legitimate and ask you to sign into your account. Instead of signing into your account what you actually do is give those malicious attackers your credentials to use. You may not realize that this even happened because these phishing emails appear to be very much real due to them mimicking real emails. One attack that has been targeting Gmail users recently is extremely hard to notice that it’s fake because the URL uses accounts.google.com which is a legitimate URL to use to sign into your google account, but the attack uses a screenshot of a legitimate document and the screenshot has a link attached that directs you to a fake login page that appears real by using “accounts.googl.com” in the URL but when you sign in those attackers get your Google credentials and start sending out more messages from your account or can also gain access to your other accounts by resetting passwords. Read more details about this type of attack here courtesy of Wordfence.

See the screenshot below of what happened to one of our own Iowa Realtors®. Notice the email, message and signature look very legitimate.


Sue-Dietz-phishing-scam-screenshot.jpg

In the example above, agents reply to the email and accept the referral and in turn receive a Google Drive link attached to malware that compromises the victim's email and/or computer. Sue Dietz had no idea this had happened until she started receiving phone calls from others asking if this was legitimate.

Read more about this specific attack from this REALTOR Magazine article.

Ransomware:

Another type of attack that I wanted to mention is called ransomware. This does exactly what the name implies and holds your data ransom. These attacks can be very sophisticated but they can also be very blunt. What I mean is that these types of malicious attackers can spend a lot of money setting up entire call centers and entire operations devoted to this. This all happens by downloading malware which encrypts your system and could display some sort of security message saying your system is corrupted and to call the number on screen for assistance. When you call the number someone on the other end may portray themselves as a security professional there to assist you. They may ask to have remote access to system and when they do this, they may show you some fake event logs from your system and ask for a payment for them to clean your system. Paying the ransom likely will not do anything to help your situation though because once you pay, the attackers get what they want and have no need for your data and just plain won’t care what happens to it. The only real way to get out of a ransomware situation is to have a very good backup system. This includes offsite backups that are encrypted so only you have access to them. Then, you would perform a clean install of your entire operating system and restore your data from your backup. Here is some information from Microsoft.

To sum all this information up, we are living in the cyber age and need to have protections in place for your home and other personal belongings, you also need to protect your digital life. To do this you HAVE to have antivirus (AV) to protect you from most malware. In addition to AV you need to be aware of things you’re clicking on, especially in emails and as you browse the web. For emails, the best advice is to not click on any links within the email and instead type them manually into your browser. If you receive emails that look like you received an invitation to edit documents via google drive or other online services, go into that service and view the documents from the “shared with me” link within that specific service. For documents you receive via email, be cautious opening or downloading them. I personally have always gone by if I was expecting them they are most likely safe but if they were received out of the blue or something seems odd, then ignore them or contact the sender directly to verify their validity. Additionally, when reading emails with links, you can hover over the link (Do not click it) and you will see the website where that link is actually taking you. If you are fairly certain something is spam or phishing or malware, click the link in your email program to report it as spam so email providers can take appropriate action.

Another good security feature is two-factor authentication that now comes with many online accounts. Two-factor authentication means you use your password and another device to authenticate who you are, but you generally have to manually enable it on the account. I personally have this enabled on a lot of my accounts and I use Authy as my two-factor authentication app but Google makes their own app you could use as well. Now I’m at my last talking point, which is ransomware. Unfortunately, I don’t have much advice on how to prevent it because the nature of ransomware is that it is very sneaky and difficult to notice.  If you get it on your device you basically have to start from scratch with all your data or pay the ransom and hope(I do mean HOPE) that the attackers will decrypt your data or give you the decryption key. Honestly though, the best thing to do is have a backup solution and backup your data often! This goes back to when I was in high school and my teachers always said “save and save often” when we were typing documents. So my recommendation is you get a backup solution like Carbonite. There are many different backup solutions that you can use but the main point to consider is that the backup device does not reside to your office. Your data should be backed up to an off-site location on a regular basis.

This is the last thing I will leave with all of you. If you’ve clicked on something you believe may be dangerous, please make sure to say something to your own IT or security professional immediately so you can prevent any additional exploitation of your accounts or your system in general!

Be safe out there! Share this with friends and colleagues.

Thanks,
Josh Porter
Technology Coordinator
Iowa Association of REALTORS®

Key Points:

  • Don’t use the same password for all your accounts

    • Best solution is using a password manager like Lastpass

  • Use two factor authentication on all accounts

    • Use an authenticator app like Authy

  • Don’t click links in emails

    • Manually type the link into your browser

    • Don’t enter account information if you do click a link in an email

  • Don’t download documents from unknown people and don’t download documents from emails you are not expecting

  • Use a remote backup utility to backup your data regularly

  • Have anti-virus installed on all your computers or mobile devices

    • Mac computers are not immune to viruses and need to be protected