Office 365 Phishing Scam Targeting Admins

Office 365 Phishing Scam Targeting Admins

by | Aug 16, 2019 | IT Services | 0 comments

There has been a recent phishing scam that is out there that is geared to compromise Administrators.  Usually when we think of phishing scams, we think it is to get employees to enter or divulge information that sets the system to be infiltrated by scammers.  The recent Microsoft 365 phishing scam targets at the administrator level.  Phishers targeting admins are becoming more popular due to the greater range of attacks that can be conducted through an admin account. With admin credentials, attackers can potentially create new accounts under an organization’s domain, send mail as other users, and read others user’s email.

How does the Office 365 phishing scam work?  To gain access to an administrator’s account, phishers have started creating campaigns that are disguised as Office 365 admin alerts. These alerts will typically be about a time-sensitive issues that requires an admins immediate attention such as an issue with the mail service or unauthorized access being discovered.

An example of a fake alert found by BleepingComputer is one that states an organization’s Office 365 licenses have expired. The mail then proceeds to tell the user to login to the Office 365 Admin Center in order to check their payment information.

How to avoid this type of phishing scams: Most Administrators are wise to any Phishing scams and usually the Administrators that are well aware won’t fall for this scam so easily. If the administrator is a novice or if there is an unqualified administrator the chances of the phishing scam working are increased.  Some Businesses have an administrator who knows a little bit about computers taking care of their IT and that can be a dangerous scenario for the business. Her are some ways to avoid Office 365 phishing scams according to Help Net Security;

  1. Enable multi factor authentication on all accounts.
  2. Disable the IMAP protocol on all mailboxes in your environment.
  3. Provide administrators two different Office365 accounts, one for daily use associated with their user account that does NOT have administrator privileges and one specifically for performing administrator functions.
  4. Do not have a mailbox associated with any administrator accounts.
  5. Be aware that the actual Office365 portal domain is microsoftonline.com not windows.net.

 Contact us at Customized Computer Services, Inc. (CCSI).  CCSI has been serving the Dallas-Fort Worth area for 30 years.  We specialize in helping our clients deal with possible phishing scams and other IT issues that may come their way.

Logitech Wireless USB Receiver Updates

Logitech Wireless USB Receiver Updates

by | Jul 16, 2019 | IT Services | 0 comments

If you purchase or have a Logitech wireless keyboard and mouse. It comes with a wireless USB receiver which allows the keyboard and mouse to connect to your computer.

We rarely if ever give our wireless mouse and keyboard much thought, but what if I were to tell you that there are updates to the Logitech USB receiver.  What would be the reason to update the dongle? The reason for the update is that the wireless USB is susceptible to a hack which was reported as early as 2016 and it was referred to as “MouseJack”.  Since then Logitech has issued a patch to fix the vulnerability.  Even though Logitech has a patch to fix the issue to this date Logitech continues to ship the dongle without the updated patch. Logitech never recalled any products after the original hack.

Many other products that perform the same function as the Logitech USB, they are also susceptible to be hacked, Logitech is not the only one that is affected by a security vulnerability.  Products that use the same chipset and firmware Dell, HP, Lenovo and Microsoft are susceptible to be hacked.  Logitech allows users to update the firmware on the Logitech website.

Customized Computer Services, Inc. is a Managed IT Service Provider, we have been serving the Dallas-Fort Worth Area for 29 years.  Contact us to find out how we can help your business stay one step ahead with your IT.

“Software Update Available” Don’t Put It Off

“Software Update Available” Don’t Put It Off

by | Jun 20, 2019 | IT Services | 0 comments

You get an alert “Software update is available” while working on your computer or scanning through your phone.  You are in the middle of something very important that can’t wait. You put the alert off only to be forgotten.  Believe it or not it has happened to the best of us, not just the average home PC user, but to Fortune 500 companies. Just what are these updates, why do we even need them.  The computer is running fine, why do I want to update and make the computer possibly run worse.  If you are put off by updates and the time it consumes to install, just think of what the worst possible outcome might be. Some of you might remember Equifax which is known for credit reporting.  Equifax suffered a massive preventable data breach affecting over 143 Million people.  The company had failed to update its software, the update which had the patches that would have prevent the massive data hack was available almost 2 months prior to the data breach.  Now that you know the importance of the updates lets look at other reason why updates are necessary and important to keep up to date.

Protecting your information from Security threats: The main reason anyone does software updates is making sure you are protected against the latest cyber threat.  Cyber criminals are always looking for new ways to infiltrate software programming and once they do they can get to any information available to them.  Updates are usually in response to the latest threats out there and it’s a good idea to be up to date.

Updates can help protect you documents: Without updates you leave yourself vulnerable to Malware. Some types of Malware can clean out your documents and transmit the documents to a remote location.  Ransomware has accounted for huge loss of data, this is when a cyber criminal gets access to your data and basically locks you out from accessing the data. The data is held hostage until payment is made for its release.

New features are added through updates: Updates are not just to protect you from the doom and gloom of data breach or security threats. There are other aspects to updates positive ones that help you make the end user experience much better.  Updates are created at time to get glitches that might occur with the current software and remedy it, other improvements can be functionality.  Updates can improve the stability of the software.

It is a very good idea to make sure you have updates on auto, cyber criminals are known to disable automatic updates, it is good practice to make sure your auto update is enabled or if you do not have auto update on your device make it a habit to check when new updates are available and update.

The importance of updating your software cannot be stressed enough.  Updates can take up time but updates can be scheduled and run when you are not using your computer or phone.  This will ensure that you are protected as well as have a better user experience. Customized Computer Services, Inc. (CCSI) has been serving the Dallas-Fort Worth area for over 29 years providing computer, printer and Managed IT services.  Contact us and find out how we can help your business.

Your Being Phished, Don’t Bite!

Your Being Phished, Don’t Bite!

by | May 20, 2019 | IT Services | 0 comments

You get to work turn on your computer and start going through your emails, as you go through the emails you run into an email that looks like its from a co-worker or a company you do business with, it looks innocent enough.  The email requests information and you thinking it’s a legitimate email you proceed to provide the information.  It looks so real the email that it can fool most people.  You realize afterwards that you have fallen victim to a Phishing Scam.  Phishing is when someone uses fake emails or texts – even phone calls – to get you to share valuable personal information, like account numbers, Social Security numbers, or your login IDs and passwords.  Some Phishing scams ask you to click a link, which unbeknownst to you gives access to your files and your computer to someone looking to run a scam by installing ransomeware or other programs which restrict access to your own files.  Your files will be held hostage and you will have to pay a price for its release.

How can you protect yourself from phishing scams

Back up your data:  Why should you back up your data, in case your computer gets compromised and you have to do a total system wipe and clean your computer you have your data saved. There are time when only a clean wipe of the computer is the only option to restoring it to before it was compromised.

Multi-Factor authentication: extra security measure to for access into your computer or phone usually it is something you have: pass code you get sent via text or an authentication app., something you are: Finger print, facial recognition or a retina scan.

Make sure the Anti-virus is current and up to date, make sure updates are done automatically this will help you stay on top of any security updates as they become available.

Set devices to Auto update: Protect your phone by setting it to update automatically.

Types of Phishing Scams:

There are many types of phishing scams here are five common scams that scammers run to get access to information.

  1. Financial Fraud: A phishing attack that attempts to directly gain financial information, such as bank details or online login credentials. One example is fake updates from PayPal look-a-likes that falsify spending receipts, upon which the user will be inclined to investigate. These are typically, but not always, distributed by email.
  2. Service Updates: Much like financial fraud, this approach sees hackers pose as services such as Dropbox or a utility provider, often as an indirect means for financial gain.
  3. Promotional Offer: This is a form of phishing in which some kind of coupon or special deal is promoted. This occurs on a mass scale, using entirely automated processes. This might feature tickets for a gig, or heavy discounting on retail purchases. The added benefit for hackers with this technique is that often the promotion involves resharing the initial link, helping spread the attack even further.
  4. Spear Phishing: Spear phishing is a type of phishing that is much more targeted than other approaches.  Here, a particular individual or organization will be attacked using information specific to that target. This might include the impersonation of employees or contractors to extract a certain piece of data, often using manipulation and trust rather than online pages to execute the attack.
  5. Whaling: Technically a branch of spear phishing, this type of attack is focused squarely on high profile individuals such as CEOs. Attackers can spend months researching their targets, working out their daily routine and mapping their personal relationships. Once the hacker has gathered this highly personalized information, the hacker will begin to use it to their advantage.

These are just some of the Phishing Scams that I mentioned but the list is growing and it is important to stay on top of this.  Making sure your cyber security is tight and the employees are well aware of the scams out there.  Employees need to double check before any information is sent and emails have to be scrutinized even before they are responded to or clicked on.  Last but not least Back up, Back up and again Back up your data.

Customized Computer Services, Inc. (CCSI) has been serving the Dallas-Fort Worth area for the last 29 years.  We have dealt with the issues of Phishing scams for our clients and we have help those that have been compromised by phishing scams.  Call us and find out how we can help you avoid being victimized by Cyber Criminals. 

Windows 2008 Server End of Life

Windows 2008 Server End of Life

by | Apr 17, 2019 | IT Services | 0 comments

As time goes by technology becomes slow and vulnerable to cyberattacks which require companies like Microsoft to develop new software and use better functioning hardware, this requires the old technology to be replaced so attention can be focused on new technology.  January 14, 2020 is the date to keep in mind if you are running Microsoft Windows 2008 server, because it will be the end of life for it, there will no longer be any support for the server going forward.

What does this mean for anyone with a Microsoft Windows 2008 Server?  For starter it may be a very good idea to plan ahead and start thinking about implementing a newer server as soon as possible. You don’t want to ignore the end of life of the 2008 server.  It will no longer have support and there will no longer be any updates all this will leave your organization vulnerable to cyberattacks.

Once support ends there will be no Hot Fix Agreement Option. Support for your 2008 server ended on July 9, 2013, while extended support was still available through January 15, 2015, once that ended you have had the Hot Fix Support available to you if anything happened to your server.  Those Hot Fixes came at an expensive price to keep the 2008 server going with updates. That will come to an end and Hot Fixes will no longer be available.  This will leave you with no security patches and if something should happen to your server. You are basically at this point on your own looking for solutions.

The Windows 2008 server will face security threats that it may not be able to deal with, it is a major issue to look out for. There may be other pitfall that the Windows 2008 server will face.  As servers progress and become more and more advanced with time new software is created to meet the needs of the newest servers that make their way into the market. With that said eventually the Windows 2008 server will become incompatible with the newest and greatest software that becomes available.

There are many industries that require servers to meet compliance for instance HIPPA compliance and PCI.  It is safe to say that if you need to maintain compliance then there is no choice but to move to the newer server.  If there is no support and security patches that will leave the data vulnerable and the fines associated with not meeting compliance simply outweigh the cost of a new server.  If you are in an industry where compliance has to be met than the Microsoft Windows 2008 server will be considered obsolete as of January 14, 2020.

You might think that keeping the Microsoft 2008 server will help you save money rather than buying a new server, on the contrary if you are running a Windows 2008 server and something goes down you will be paying for many hours of services. Each time the server goes down with no patches or updates there is no telling how much you’ll end up paying in service cost to remediate the issues.  Simply put you will end up paying more to keep the applications running on the windows 2008 server than to replace it.

With no updates, quick fixes or security patches you are going to face another hurdle and that is performance and reliability.  You can be sure that with time performance will always get better with a newer server.  The old will become slower in performance, applications will run slower with the lack of updates, hot fixes and patches. Reliability issues will crop up causing longer than anticipated down time, which eventually will reflect on operating costs. 

Come January 14th 2020 are you willing to risk going forward with your Windows 2008 server?

Customized Computer Services, Inc. (CCSI) is based in Arlington, TX and has been serving the Dallas-Fort Worth area for 30 years. We have helped many of clients migrate to new servers. Contact us and find out how we can help make your transition from a Microsoft Windows 2008 server to a new server a smooth experience.