ThrottleNet

Managed IT services, support and cybersecurity

Make Your IT Network a
No Phishing Zone

Security

Phishing is a common cybercrime in today’s tech-savvy society. We’ve all heard the term and know that it’s bad, but how much do you really know about what phishing is, how to recognize a phishing message, and how to protect your network? This helpful guide has all the details to help you turn your business’s IT network into a “No Phishing Zone”.

What Is Phishing?

Phishing is a form of fraud that occurs when a target is contacted by either text, phone, or email by an individual acting as a legitimate person or company. The hacker uses phishing emails to administer either malicious attachments or links, which then allows them to extract private information from their victims, such as their account information and login credentials.

In many cases, these messages containing malicious links and attachments appear to be from an individual or company that they know. The objective of the phishing message is to either install malware on the victim’s device, or to guide them to a malicious website in order to mislead them into entering financial or personal information. This could include account usernames and passwords, credit card information, etc.

How to Recognize a Phishing Message

Email phishing is by far the most common type of phishing scam used to target businesses. The most successful phishing emails or messages are difficult to differentiate from legitimate emails. This is because cybercriminals will often pose as someone you know. Closer inspection of the email will often reveal the truth, however. Some indications of phishing could include misspelled URLs, names and email addresses, requests to verify personal or financial information, or messages with grammatical and spelling mistakes. However, if your network, email, or website have critical security vulnerabilities, it is difficult to prevent phishing and other types of cybercrime.

Know Your Technology Vulnerabilities

It is critical to keep your customer information and business data protected. Rest assured, hackers will work just as hard as you do to find ways to access your data through vulnerabilities in your network, website, and email system. You need to get and stay at least a step ahead of them. To help keep your valuable business information secure, ThrottleNet is offering a free External Vulnerability Audit to discover your weak spots before hackers do.

Discovering Your Network's Weak Spots

A Free ThrottleNet External Vulnerability Audit Checks For:

  • Domain vulnerabilities: ensures client information is secure and your URL is safe from malware and phishing.
  • Website weaknesses: scans your website for possible threats. This could include malware, blacklisting status, website errors, and software issues.
  • Email threats: searches for proper spam filtering to prevent malware and phishing attacks, and ensures your email server is not blacklisted.
  • Network security issues: looks your network to find all possible open external entryway threats, such as misconfigured services or ports.

Once your audit is performed, ThrottleNet will contact you to review the results and discuss possible solutions to safeguard your company’s data and IT infrastructure.

Get a Free IT Vulnerability Check in St. Louis, MO

Let ThrottleNet detect your weak spots before cybercriminals do. To get started, contact ThrottleNet to get your free audit. Don’t become phish bait! ThrottleNet will eliminate the hooks and network vulnerabilities to ensure your business IT is a “No Phishing Zone”.

START HERE

Scammers and spammers are always trying to find ways to steal in the cyber world. They steal money. They steal identities. And they steal data. Cyberthieves even chase individuals in companies like Throttlenet who specialize in IT risk management in hopes a member of our team will fall for their scam. Recently one of our newest team members, AJ, received an attempted gift card scheme email in her ThrottleNet inbox. Thankfully, she did not fall for it. We hope this story helps inspire you to identify and fight back against gift card email scams, too.

What Happens In a Gift Card Scam?

AJ’s experience is a textbook example of how gift card scams go down. The scammers sent her an email using our President’s name, George, but not the correct email address. In this case, the mismatched email is glaringly obvious, but your scammer may be more cunning. Always double check the “From” email address when you receive a request from your boss or coworkers related to money or data access. You cannot be too careful when your entire business is at stake.

In the first email AJ received, the scammer demanded that she purchase gift cards for hundreds of dollars. Once purchased they would have asked for the scratched off codes so they could immediately use them online. Thankfully, AJ looked at the from address and realized that George never talks that way and did not fall for the scam.

Example of a Gift Card Email Scam

Below is a recap of AJ’s email conversation with Gift Card Scammer “George” so you can see verbiage used and how it played out. She had a little fun with this one.

From: George Rosenthal
To: AJ
Can you spare some time to run a quick task
======================
From: George Rosenthal <personalilipad@seznam.cz> To: AJ
I’ll need you to purchase 3 eBay gift cards, with $500 increments on each card and all cards should be activated ($500 x 3, 1500). Scratch off the back of the gift cards, take a clear pic of each card and email them to me. Do get on this immediately, I’ll be waiting
======================
From: AJ
To: George Rosenthal <personalilipad@seznam.cz>
Oh wow, okay. I’m not sure where to get them though, or which card to use… can you call?
======================
From: George Rosenthal <personalilipad@seznam.cz> To: AJ
You should make use of the company card at walmart. Or better still make use of yours, would reimburse you. Do get on this immediately, I’ll be waiting
======================
From: AJ
To: George Rosenthal <personalilipad@seznam.cz>
I don’t have a company card yet, but I can call my credit card company and see if I have enough available. How long would it be until I get reimbursed?
======================
From: George Rosenthal <personalilipad@seznam.cz> To: AJ
It will take 3-5 working days to reimburse you.
======================
From: AJ
To: George Rosenthal <personalilipad@seznam.cz>
Oh that’s longer than I expected, I’m not sure about putting that much on my personal card. Is this for something very important?
======================
From: George Rosenth
To : AJ
Would reimburse you in two days then. I need it ASAP! It’s important
======================
From: AJ
To: George Rosenthal <personalilipad@seznam.cz>
So I would have it back on my card by Monday? I’m still planning to go out of town next week, so I definitely would need it back on my card by Monday.
======================
From: George Rosenth
To : AJ
Okay that’s fine.
======================
From: AJ
To: George Rosenthal <personalilipad@seznam.cz>
Okay good, I’ll go up to Walmart on my lunch break and see if they have any Amazon gift cards for you!
======================
From: George Rosenth
To : AJ
Try eBay gift cards first and if they don’t have that then you can go for Amazon gift card
======================
From: AJ
To: George Rosenthal <personalilipad@seznam.cz>
Hi George,
I went to Walmart on my lunch break but they didn’t have any more eBay gift cards OR Amazon gift cards! I was so shocked that I didn’t know what to do and just came back to the office. I know you said this was important, what should I do?
======================
From: George Rosenth
To : AJ
How come? What kinda gift card do they have? Get back to me. If you can’t get this done do let me know on time.
======================
From: AJ
To: George Rosenthal <personalilipad@seznam.cz>
I don’t know why they didn’t have any more, I didn’t think to ask. I saw lots of restaurant gift cards though, Texas Roadhouse, Starbucks, Taco Bell, things like that. Would any of those work? What are the gift cards for? Are they a client gift?
======================
From: George Rosenth
To : AJ
Starbucks is preferable. It’s confidential, Get on this immediately
======================
From: AJ
To: George Rosenthal <personalilipad@seznam.cz>
I understand, I promise I’m trying to take care of it as quickly as possible! There’s a lot going on today though, Sarah brought all her rabbits in this morning and they have completely destroyed the breakroom and one of them chewed up the printer wires and everyone is completely freaking out. Richard said I was supposed to be keeping an eye on them, but it’s only my second week and there’s really no way I could’ve done that in addition to running all the service tickets, I’m still learning all this stuff! Please be patient with me, I don’t want to get fired…
======================
From: George Rosenth
To : AJ
You won’t get fired. I’ll be waiting on you to get on this ASAP!
======================
From: AJ
To: George Rosenthal <personalilipad@seznam.cz>
Are you sure? He’s really upset and since I was already going to go out of town next week, I’m really really getting worried I might come back and they will have given away my job. Will you talk to Richard for me?
======================
From: George Rosenth
To : AJ
I asked you to run an errand for me yesterday and you kept mute on me. It seems you want to be sack right ? I’m giving you 10mins to get back in touch with me.
======================
From: AJ
To: George Rosenthal <personalilipad@seznam.cz>
Are you sure? He’s really upset and since I was already going to go out of town next week, I’m really really getting worried I might come back and they will have given away my job. Will you talk to Richard for me?
======================
From: AJ
To: George Rosenthal <personalilipad@seznam.cz>
George,
I’m so sorry, I left early on Friday because my son had the flu and I needed to pick him up from school. Everything was pretty hectic that day, but Sarah told me she would let everyone know what was going on. Did she not speak with you??
======================
From: George Rosenth
To : AJ
It took a while before I would hear from her. So have you gotten a way to get the gift cards ?
======================
From: AJ
To: George Rosenthal <personalilipad@seznam.cz>
I honestly hadn’t thought about it, I figured Sarah would take care of it. To be honest, I’m so new here that I’m kind of surprised you are asking me to take care of this. Isn’t there someone else who would be better to ask?
======================
From: George Rosenth
To : AJ
Yes I want you to do it but if you can’t do it don’t worry.
======================
From: AJ
To: George Rosenthal <personalilipad@seznam.cz>
Really? You said it was really important, and it definitely seemed very urgent…
======================
From: George Rosenth
To : AJ
You are questioning my order. So I’m not interested in letting you do this for me anymore.
======================
From: AJ
To: George Rosenthal <personalilipad@seznam.cz>
I’m sorry, I didn’t mean to question you. Just wanted to make sure. Please let me know if you need help with anything else!
======================
From: George Rosenth
To : AJ
Go ahead and get the cards for me now. Purchase either eBay Gift card or Target Gift card. I’ll be waiting
…………………

Spotting Gift Card Scams Is Easy

Gift cards are for gifts, NOT for payments. You should assume that anyone who tells you to pay with a gift card is a scammer. You can and should report gift cards used in a scam to the companies that issued the gift cards. The Federal Trade Commission also offers a great video on their site to show how these types of scams are run.

How Secure Is Your IT Network?

Could a gift card scam hurt your company? What kind of damage could it do? Bring in an expert to assess your business risks with a FREE vulnerability audit. We can look for proper spam filtering to prevent phishing attacks and malware attacks. Interested in what ThrottleNet can do for your business? Contact us today!

CONTACT US TODAY!

SIM cards are necessary to operate most modern mobile devices. SIM stands for “subscriber identity module”. As anyone who’s had trouble with their SIM card can tell you, this tiny piece of tech is majorly important. It connects the user to their network, and therefore their data. Among the data linked to your SIM is one of your most valuable pieces of personally identifying information: your phone number.

A new type of social engineering attack called SIM swapping is becoming more commonHacked employees are a danger to your company’s data, so it is important to know what to look out for and keep your team up to date on best practices in mobile cybersecurity. Read on for all the details of how you can protect your network from SIM swapping scams.

SIM Swapping Defined

SIM swapping occurs when a criminal contacts the phone company and convinces the employee that they are the owner of the phone and need a transfer to a new device due to damage or it being lost.

The scammer will ask the cell phone provider to activate a new SIM card connected to your phone number on a new phone that they now own. If the scammer is successful, they will receive all of your texts, phone calls, and data.

In some circumstances, the scam occurs on the inside, where employees of the phone company help make the switch, making them part of the scam.

What Happens When You Are SIM Swapped?

Once the scammer gains control of your phone number, they can receive your text messages. With access to your texts, this can allow criminals to log into your other accounts and receive verification codes needed to log in. This occurs if text messages are used as a form of multi-factor authentication.

With this information, scammers could log into bank accounts to steal money, or take over social media and email accounts. There is also a chance they could lock you out of an account completely by changing the password.

Protecting Yourself from SIM Swapping

Protect your device and data from SIM swapping with these tips from ThrottleNet’s IT security pros.

  1. Do not reply to text messages or phone calls that request personal information.
    These texts or calls could be phishing attempts by scammers looking to get your cellular, bank, or credit card account information. Instead, contact the company directly through a phone number or website you know is legitimate if you receive a suspicious text message or phone call.
  2. Limit the amount of personal information you post on social media platforms.
    Avoid posting your full name, address, or phone number. Posting this information can make it easier for scammers to steal your identity.
  3. Set up a PIN or passcode on your cellular account.
    Creating a PIN or passcode can act as an added layer of protection, which is another piece of information a scammer would need to obtain prior to stealing your identity. PINs or passcodes can also help protect an account from any unauthorized changes.Since setting up a PIN/passcode differs depending on the cell phone company, be sure to contact your provider to see what steps to take to do so.
  4. Use an authentication application or security key.
    A newer way to authenticate your identity online is by using security keys. Security keys are small USB-powered devices that work like an actual key to your accounts by inserting them into your computer when logging in. Some security keys work with both computers and mobile devices.

What To Do If You Become A Victim of SIM Swapping

If you’re the target of a SIM swap scam, there are three important steps you should follow to help mitigate the damage and re-secure your information.

  • Contact your cell phone provider immediately to take back control of your phone number.
  • Once you regain access, change your account passwords to prevent any other issues.
  • Check bank, credit card and other accounts for unauthorized changes and charges, and report them to your company.

For more information on SIM Swapping and other ways to protect your information, contact ThrottleNet today

GET MORE INFO

Shopping online has increasingly become the main method of buying for many people. Not only are we now able to conveniently make purchases by the touch of your fingers, but we have also become familiar with next day delivery, better deals, and more items to choose from. It is no surprise that online shopping has become so popular. But how do you know if the site you are shopping on is selling you what you think you are buying? How can we protect ourselves from online shopping security issues?

It is important to make sure to take all the proper precautions when purchasing any type of product online. Since shopping online has become the main way to buy for many, this leads to more shoppers falling victim to cybercrime or scam.

Be On The Lookout

How to make sure the retailer is legitimate before making a purchase:

  • Be sure to check out online reviews through the Better Business Bureau
    ○ Look for negative reports or complaints about the online retailer
  • Search the domain name through Whois.net
    ○ Look for the date when the website was registered
  • Conduct a Google search to read both positive and negative reviews or news stories about the business
    ○ Some positive reviews can be easily faked
    ○ Too many negative reviews is a red flag

Search For Clues

  • Most websites have an “about us” or “contact us” page. For most legitimate sites, they will have their physical address and phone number included. To take it a step further, enter the address provided on the retailer’s website on Google Maps to make sure the location looks like a business would operate there, as opposed to a house.
  • Call the phone number to see if anyone will answer. You can also do a reverse phone lookup to see if the business is who they say they are.
  • Examine the writing and URL included in the retailer’s website. The URL is important because, in a type of online shopping scams, cybercriminals will make exact copies of legit websites with a slightly different address. Make sure the business name is spelled correctly and there aren’t any extra characters. The URL should not be too long or complicated.
  • Look for seals of approval. Some retailers may have seals of approval on their homepage to exemplify their reputation or responsible data collection practices. Some seals of approval include the Better Business Bureau seal, the TRUSTe Certified seal, or the Norton secured seal.

Staying Secure When Making The Purchase

Look for the padlock symbol to the left of the URL. This indicates that the site securely protects your payment information. This should only be trusted when the padlock is in the same field as the URL, which should begin with https.

Online shopping has clear advantages, but it consistently tends to create issues for people who don’t really know who they are buying from. To learn more about ways to protect yourself and personal information when shopping online, contact ThrottleNet today!

What is e-Skimming?

e-Skimming, or web skimming, is a method a cybercriminal performs in order to get information from a credit cardholder. It can occur any time a cardholder uses a form of electronic payment to pay for something. Essentially, e-Skimming is a type of internet fraud that occurs when the payment page of a website is compromised. Once it is compromised, malware is added to the site to steal payment information.

These cybercriminals that are watching our online shopping carts are getting our information in real-time, making it more valuable in the black market. When an online shopper enters and submits their credit card information on the e-commerce site, their information is also transmitted to a server that is controlled by the cybercriminal.

The online shopper would not be aware that their personal information was stolen since they will receive the product that they ordered; however, their bank will discover the fraudulent activity later, when the crime has already been committed.

Keeping Your e-Store Safe

Any e-commerce site that accepts online payments is at risk for e-Skimming, which makes it important for you to take preventative measures. Here are some security measures and tips to follow:

  • Keep software current and up to date
  • Enable multi-factor authentication for all connected devices
  • Segregate network functions to limit accessibility
  • Keep all systems up to date with patches
  • Keep anti-virus and malware updated
  • Change default login credentials
  • Continue educating your employees
  • Create unique passwords
  • Report any online fraud to FBI at www.ic3.gov

Other security measures to follow include entering your credit card once for a site rather than repeatedly, using Apple Pay or PayPal, shop on well-known sites that are reputable, and paying close attention to credit card or bank account statements to see any possibility of misuse.

For websites to be compromised, their security must be weak. Make sure your e-Store has the proper security to be protected from e-Skimming by contacting ThrottleNet today. You don’t want to fall victim to e-Skimming, so get the cybersecurity you need from ThrottleNet!

Keeping your mobile devices secure is essential since a huge amount of time each day is spent on them. Opposite of what people might think, mobile security requires a different approach compared to computer security. This requires individuals to continue learning about mobile security.

Tips for Mobile Security

First and foremost, be aware of the permissions allowed for mobile devices on your network. Many times, people are unaware of the terms and conditions for many software downloads, registrations, etc. Skimming over these permissions could lead to security risks and has the possibility to release your personal information.

Other tips for Mobile Security include:

  • Set up a passcode
  • Keep a remote backup for your data
  • Stay logged out of your accounts
  • Keep your operating system up to date

WiFi Phishing

WiFi Phishing continues to be a dangerous social engineering attack because hackers can bypass security altogether. It is important to know how to spot this type of attack because hackers position themselves to look just like the network connection you normally interact and users easily hand over login information exposing their network and information.

Tips to Follow:

  1. Be aware of any unsecured WiFi network
  2. Double-check the name of the network
  3. Don’t enter personal data on a public network

How to Spot Phishing Emails:

  • Spelling errors
  • A sense of urgency
  • Links or attachments
  • Odd “sent from” addresses

What is Smishing?

Smishing is a form of phishing and is essentially the same as phishing, but instead, cybercriminals send fraudulent (SMS) text messages to trick you into clicking a link that can infect your mobile device. Smishing has become a growing threat to online security.

How Would I Know That I’m Being Smished?

The main element to staying safe on your mobile devices is to only reply to text messages from people you know. Basic precautions you can take when keeping your mobile devices secure include not clicking on texts that you received from a phone number that does not look like one, not clicking on links from people you do not know, and never installing applications from an SMS rather than the official app store.

Are you worried your IT systems aren’t protecting you from cybercriminal attacks? Contact ThrottleNet today to learn more about the services we offer and how we can keep you protected. Keep your personal information secure, contact ThrottleNet today for all your mobile security needs!