There has been a recent phishing scam that is out there that is geared to compromise Administrators. Usually when we think of phishing scams, we think it is to get employees to enter or divulge information that sets the system to be infiltrated by scammers. The recent Microsoft 365 phishing scam targets at the administrator level. Phishers targeting admins are becoming more popular due to the greater range of attacks that can be conducted through an admin account. With admin credentials, attackers can potentially create new accounts under an organization’s domain, send mail as other users, and read others user’s email.
How does the Office 365 phishing scam work? To gain access to an administrator’s account,
phishers have started creating campaigns that are disguised as Office 365 admin
alerts. These alerts will typically be about a time-sensitive issues that
requires an admins immediate attention such as an issue with the mail service
or unauthorized access being discovered.
An example of a fake alert found by BleepingComputer is one that states an organization’s Office 365 licenses have expired. The mail then proceeds to tell the user to login to the Office 365 Admin Center in order to check their payment information.
How to avoid this type of phishing scams: Most Administrators are wise to any Phishing scams and usually the Administrators that are well aware won’t fall for this scam so easily. If the administrator is a novice or if there is an unqualified administrator the chances of the phishing scam working are increased. Some Businesses have an administrator who knows a little bit about computers taking care of their IT and that can be a dangerous scenario for the business. Her are some ways to avoid Office 365 phishing scams according to Help Net Security;
Enable multi factor authentication on all accounts.
Disable the IMAP protocol on all mailboxes in your environment.
Provide administrators two different Office365 accounts, one for daily use associated with their user account that does NOT have administrator privileges and one specifically for performing administrator functions.
Do not have a mailbox associated with any administrator accounts.
Be aware that the actual Office365 portal domain is microsoftonline.com not windows.net.
If you purchase or have a Logitech wireless keyboard and mouse. It comes with a wireless USB receiver which allows the keyboard and mouse to connect to your computer.
We rarely if ever give our wireless mouse and keyboard much thought, but what if I were to tell you that there are updates to the Logitech USB receiver. What would be the reason to update the dongle? The reason for the update is that the wireless USB is susceptible to a hack which was reported as early as 2016 and it was referred to as “MouseJack”. Since then Logitech has issued a patch to fix the vulnerability. Even though Logitech has a patch to fix the issue to this date Logitech continues to ship the dongle without the updated patch. Logitech never recalled any products after the original hack.
Many other products that perform the same function as the Logitech USB, they are also susceptible to be hacked, Logitech is not the only one that is affected by a security vulnerability. Products that use the same chipset and firmware Dell, HP, Lenovo and Microsoft are susceptible to be hacked. Logitech allows users to update the firmware on the Logitech website.
You get an alert “Software update is available” while working on your computer or scanning through your phone. You are in the middle of something very important that can’t wait. You put the alert off only to be forgotten. Believe it or not it has happened to the best of us, not just the average home PC user, but to Fortune 500 companies. Just what are these updates, why do we even need them. The computer is running fine, why do I want to update and make the computer possibly run worse. If you are put off by updates and the time it consumes to install, just think of what the worst possible outcome might be. Some of you might remember Equifax which is known for credit reporting. Equifax suffered a massive preventable data breach affecting over 143 Million people. The company had failed to update its software, the update which had the patches that would have prevent the massive data hack was available almost 2 months prior to the data breach. Now that you know the importance of the updates lets look at other reason why updates are necessary and important to keep up to date.
Protecting your information from Security threats: The main reason anyone does software updates is making sure you are protected against the latest cyber threat. Cyber criminals are always looking for new ways to infiltrate software programming and once they do they can get to any information available to them. Updates are usually in response to the latest threats out there and it’s a good idea to be up to date.
Updates can help protect you documents: Without updates you leave yourself vulnerable to Malware. Some types of Malware can clean out your documents and transmit the documents to a remote location. Ransomware has accounted for huge loss of data, this is when a cyber criminal gets access to your data and basically locks you out from accessing the data. The data is held hostage until payment is made for its release.
New features are added through updates: Updates are not just to protect you from the doom and gloom of data breach or security threats. There are other aspects to updates positive ones that help you make the end user experience much better. Updates are created at time to get glitches that might occur with the current software and remedy it, other improvements can be functionality. Updates can improve the stability of the software.
It is a very good idea to make sure you have updates on
auto, cyber criminals are known to disable automatic updates, it is good practice
to make sure your auto update is enabled or if you do not have auto update on
your device make it a habit to check when new updates are available and update.
The importance of updating your software cannot be stressed enough. Updates can take up time but updates can be scheduled and run when you are not using your computer or phone. This will ensure that you are protected as well as have a better user experience. Customized Computer Services, Inc. (CCSI) has been serving the Dallas-Fort Worth area for over 29 years providing computer, printer and Managed IT services. Contact us and find out how we can help your business.
You get to work turn on your computer and start going
through your emails, as you go through the emails you run into an email that
looks like its from a co-worker or a company you do business with, it looks
innocent enough. The email requests
information and you thinking it’s a legitimate email you proceed to provide the
information. It looks so real the email
that it can fool most people. You
realize afterwards that you have fallen victim to a Phishing Scam. Phishing is when someone uses fake emails or
texts – even phone calls – to get you to share valuable personal information,
like account numbers, Social Security numbers, or your login IDs and passwords. Some Phishing scams ask you to click a link,
which unbeknownst to you gives access to your files and your computer to
someone looking to run a scam by installing ransomeware or other programs which
restrict access to your own files. Your
files will be held hostage and you will have to pay a price for its release.
How can you protect yourself from phishing
Back up your data: Why should you back up your data, in case your computer gets compromised and you have to do a total system wipe and clean your computer you have your data saved. There are time when only a clean wipe of the computer is the only option to restoring it to before it was compromised.
Multi-Factor authentication: extra security measure to for access into your computer or phone usually it is something you have: pass code you get sent via text or an authentication app., something you are: Finger print, facial recognition or a retina scan.
Make sure the Anti-virus
is current and up to date, make sure updates are done automatically
this will help you stay on top of any security updates as they become
Set devices to
Auto update: Protect your phone by setting it to update automatically.
Types of Phishing Scams:
There are many types of phishing scams here are five common scams that scammers run to get access to information.
Financial Fraud: A phishing attack that attempts
to directly gain financial information, such as bank details or online login
credentials. One example is fake updates from PayPal look-a-likes that falsify spending receipts, upon which the user
will be inclined to investigate. These are typically, but not always,
distributed by email.
Service Updates: Much like financial fraud, this
approach sees hackers pose as services such as Dropbox or a utility provider,
often as an indirect means for financial gain.
Promotional Offer: This is a form of phishing in
which some kind of coupon or special deal is promoted. This occurs on a mass
scale, using entirely automated processes. This might feature tickets for a
gig, or heavy discounting on retail purchases. The added benefit for hackers
with this technique is that often the promotion involves resharing the initial
link, helping spread the attack even further.
Spear Phishing: Spear phishing is a type of
phishing that is much more targeted than other approaches. Here, a particular individual or organization
will be attacked using information specific to that target. This might include
the impersonation of employees or contractors to extract a certain piece of
data, often using manipulation and trust rather than online pages to execute
Whaling: Technically a branch of spear phishing,
this type of attack is focused squarely on high profile individuals such as CEOs.
Attackers can spend months researching their targets, working out their daily
routine and mapping their personal relationships. Once the hacker has gathered this
highly personalized information, the hacker will begin to use it to their
These are just some of the
Phishing Scams that I mentioned but the list is growing and it is important to
stay on top of this. Making sure your cyber
security is tight and the employees are well aware of the scams out there. Employees need to double check before any
information is sent and emails have to be scrutinized even before they are
responded to or clicked on. Last but not
least Back up, Back up and again Back up your data.
Customized Computer Services, Inc. (CCSI) has been serving the Dallas-Fort Worth area for the last 29 years. We have dealt with the issues of Phishing scams for our clients and we have help those that have been compromised by phishing scams. Call us and find out how we can help you avoid being victimized by Cyber Criminals.
As time goes by technology becomes slow and vulnerable to
cyberattacks which require companies like Microsoft to develop new software and
use better functioning hardware, this requires the old technology to be
replaced so attention can be focused on new technology. January 14, 2020 is the date to keep in mind
if you are running Microsoft Windows 2008 server, because it will be the end of
life for it, there will no longer be any support for the server going forward.
What does this mean for anyone with a Microsoft Windows 2008
Server? For starter it may be a very
good idea to plan ahead and start thinking about implementing a newer server as
soon as possible. You don’t want to ignore the end of life of the 2008
server. It will no longer have support
and there will no longer be any updates all this will leave your organization
vulnerable to cyberattacks.
Once support ends there will be no Hot Fix Agreement Option.
Support for your 2008 server ended on July 9, 2013, while extended support was
still available through January 15, 2015, once that ended you have had the Hot
Fix Support available to you if anything happened to your server. Those Hot Fixes came at an expensive price to
keep the 2008 server going with updates. That will come to an end and Hot Fixes
will no longer be available. This will
leave you with no security patches and if something should happen to your
server. You are basically at this point on your own looking for solutions.
The Windows 2008 server will face security threats that it
may not be able to deal with, it is a major issue to look out for. There may be
other pitfall that the Windows 2008 server will face. As servers progress and become more and more
advanced with time new software is created to meet the needs of the newest
servers that make their way into the market. With that said eventually the
Windows 2008 server will become incompatible with the newest and greatest
software that becomes available.
There are many industries that require servers to meet
compliance for instance HIPPA compliance and PCI. It is safe to say that if you need to
maintain compliance then there is no choice but to move to the newer server. If there is no support and security patches
that will leave the data vulnerable and the fines associated with not meeting
compliance simply outweigh the cost of a new server. If you are in an industry where compliance
has to be met than the Microsoft Windows 2008 server will be considered
obsolete as of January 14, 2020.
You might think that keeping the Microsoft 2008 server will
help you save money rather than buying a new server, on the contrary if you are
running a Windows 2008 server and something goes down you will be paying for
many hours of services. Each time the server goes down with no patches or
updates there is no telling how much you’ll end up paying in service cost to remediate
the issues. Simply put you will end up
paying more to keep the applications running on the windows 2008 server than to
With no updates, quick fixes or security patches you are
going to face another hurdle and that is performance and reliability. You can be sure that with time performance
will always get better with a newer server.
The old will become slower in performance, applications will run slower
with the lack of updates, hot fixes and patches. Reliability issues will crop
up causing longer than anticipated down time, which eventually will reflect on
Come January 14th 2020 are you willing to risk
going forward with your Windows 2008 server?
Customized Computer Services, Inc. (CCSI) is based in Arlington, TX and has been serving the Dallas-Fort Worth area for 30 years. We have helped many of clients migrate to new servers. Contact us and find out how we can help make your transition from a Microsoft Windows 2008 server to a new server a smooth experience.
When Microsoft introduced Windows 7 to the general public on
October 22, 2009, it made a commitment for product support of Windows 7 for 10
years. On January 14, 2020 the product
support for Windows 7 will end, this will include both updates and technical
What does this mean for you if are still using Windows 7
after January 14, 2020. For starter it
may be a good idea to move to Windows 10 as soon as possible. When product support ends there will no
longer be updates for Windows 7. You can
continue to use Windows 7, but you will be taking a risk with no updates your
computer will be vulnerable to security risks and viruses, there will no longer
be security updates from Microsoft.
How to prepare for Windows 7 end of life: Microsoft highly recommends an upgrade to Windows 10. When upgrading make sure the Windows 7 PC is compatible with the Windows 10 software. The minimal requirements for upgrade:
Processor: 1 giga hertz (GHz) or faster
processor or SoC.
RAM: 1 gigabyte (GB) for 32-bit or 2 GB or
Hard disk space: 16 GB for 32-bit OS, 20 GB for
Graphic card: DirectX 9 or later with WDDM 1.0
For those that have a Windows 7 PC that isn’t compatible
with Windows 10 software, it is highly recommended that they purchase a PC with
Windows 10. PCs today are much faster
and lighter than when Windows 7 first come on to the scene, and less expensive
also then they were. It maybe time for an entire PC replacement.
If you run a business that still uses Windows 7, then you
have a dilemma. Upgrading all your PCs to Windows 10, and retraining staff,
might prove tricky before Windows 7’s End of Life on January 14 2020.
However, you don’t want to risk running an operating system
that doesn’t get security patches. The good news is that Microsoft will be
offering Windows 7 Extended Security Updates, which will continue to deliver
updates and patches for Windows 7 business users after January 2020.
However, the updates will come at a price on a per device basis, just how much it will cost for support for Windows Enterprise users using Windows 7: For the first year after the End of Life date (January 2020 – January 2021), the cost is $25 per device. This rises to $50 per device for year two (January 2021 – January 2022), For year three $100 per device (January 2022 to January 2023).
It appears that at the moment Microsoft is hoping by 2023, Windows 7 use will be small enough to stop offering the extended security updates.
No matter which route you take it is advised that you safely back up your documents. Whether you are upgrading from Windows 7 to Windows 10 or moving to a Linux or a Mac make sure you have your documents backed up to transfer to your new operating system.
Customized Computer Services, Inc. (CCSI) has been serving the Dallas-Fort Worth Area for 29 years. We have helped our business clients to migrate to Windows 10 seamlessly, as we move towards the end of life for Windows 7. Contact us to help your business upgrade to Windows 10.