Spotting the Difference: Malware vs. Virus vs. Spyware

May. 28, 2020

2:00-2:30AM PST

In order to ensure that your data, or your business’s data, is sufficiently protected against advanced threats, it is vital to understand the different methods of hacking-based attacks that may arise. Advanced threat protection (ATP) is a designation for “security solutions that defend against sophisticated malware or hacking-based attacks targeting sensitive data.” ATP is available in the form of both managed services and software solutions, and can vastly differ in methods and elements. However, more often than not, ATP solutions consist of an integrated approach -- utilizing “endpoint agents, network devices, email gateways, malware protection systems, and a centralized management console to correlate alerts and manage defenses.” And ATP systems and strategies are all geared at keeping user’s data and other sensitive information secure.

However, it is important to note that there are varying degrees of protection when it comes to ATP. Most are familiar with antivirus software, but “a proper antivirus recognizes and defends against any kind of software that's designed with malicious intent, not just viruses.” Due to the fact that it is incredibly difficult to monetize viruses, “the vast majority of malicious programs aren't viruses.” This necessitates full-service malware protection services that will protect against a slew of different threats, in all of their many forms.

What is Malware?

Malware is a type of “software that is specifically designed to gain access to or damage a computer, usually without the knowledge of the owner.” Malware can take a variety of forms -- from spyware to viruses, to ransomware and worms, to trojan horses and adware, etc. Experiencing heightened popularity, malware is a means for money to “be made through organized Internet crime.” Utilized for economic gains, vandalism, and the destruction of targeted machines, malware can be incredibly detrimental to both you and your devices. 

In order to prevent any variety of malware from affecting your device and derailing your work, harming your data, or causing undue economic distress, multi-layered malware protection safeguards are advised -- “along with high-level network visibility and intelligence.”

What is a Virus?

A device can “contract” a virus “when the user launches an infected program or boots from an infected disk or USB drive.” With the ability to give rise to grave technological damages, a computer virus is “a type of [malware, or] malicious code or program written to alter the way a computer operates and is designed to spread from one computer to another.” Much like the type of virus that a human may fall victim to, viruses plaguing technological devices are “designed to spread from host to host,” all while continuously evolving and replicating. However, in order to reproduce, such viruses must live through files, documents, etc.

What makes viruses so frightening is their ability to remain hidden, lying dormant “until circumstances cause the computer or device to execute its code.” And once a virus latches onto one device, it can easily travel to other devices on that same network. Although some viruses are benign in nature, others are incredibly malicious and can result in the devastating harm of one’s device by “stealing passwords or data, logging keystrokes, corrupting files, spamming your email contacts, and even taking over [one’s] machine.” There are several methods in which a virus can spread from device to device, including, but not limited to illegitimate app downloads, audio and video files, “email and text message attachments, Internet file downloads, and social media scam links.” 

There are many possible symptoms of a virus plagued device:

In order to protect your device from viruses, it is advised to be extremely cautious when “surfing the web, downloading files, and opening links or attachments.” Scanning email attachments and files downloaded from file-share drives will also help to avoid viruses. Moreover, steering clear of file attachments that contain executables, like “a file with an extension like EXE, COM or VBS” will help to prevent viruses because “an executable can do any sort of damage it wants.” Whether to achieve a thrill, bragging rights, destruction, or cashflow -- those creating viruses have the power to cause physical damage to your device, as well as to provoke real economic or productivity loss for a user and/or their business.

What is Spyware?

As the name suggests, spyware is a type of malware that takes the form of “software that spies on your computer and steals your passwords or other personal information.” On the other hand, through the use of spyware, hackers may “literally spy on you by peeking through your computer's webcam.” Throughout the past several years, spyware has experienced a surge in popularity, resulting in the inclusion of antispyware elements in many of today’s antivirus software options.

Easily infecting devices and often hard to pinpoint, spyware “is one of the most common threats on the internet” and can affect a variety of devices -- ranging from iPhones to PCs. Certain activities may leave your device vulnerable to spyware, like “accepting a prompt or pop-up without reading it first,” “downloading software from an unreliable source,” “opening email attachments from unknown senders,” or even “pirating media such as movies, music, or games.” However, if your device is experiencing a spyware issue, it can often be immensely difficult to recognize. Spyware is, by nature, “deceptive and hard to find.” If your device slows or crashes out of the blue, begins running low on hard drive space, or experiences pop-ups when whether online and offline, it is very possible that it may be infected with spyware.

Spyware can take four different forms:

Although harmful, spyware can be removed and prevented. Using reputable anti-spyware solutions, refraining from opening emails or downloading files from unknown sources, and avoiding interactions with pop-up advertisements will help prevent spyware issues.

In Conclusion

Through consistent network scanning, careful measures, and full-scale malware protection services, you can avoid any and all forms of malware. Although malware will almost certainly plague all devices in varying degrees at some time or another, the right antivirus software will keep your data, money, files, and devices safe and secure.

References

Fenlon, Wesley. “How Computer Viruses Work.” HowStuffWorks, HowStuffWorks, 1 Apr. 2000,

computer.howstuffworks.com/virus7.htm.

Lord, Nate. “What Is Advanced Threat Protection (ATP)?” Digital Guardian, 11 Sept. 2018,

digitalguardian.com/blog/what-advanced-threat-protection-atp.

“Malware 101: What Is Malware?” Official Site, us.norton.com/internetsecurity-malware.html.

Rubenking, Neil J. “Viruses, Spyware, and Malware: What's the Difference?” PCMAG, PCMag,

27 Nov. 2018,

www.pcmag.com/how-to/viruses-spyware-and-malware-whats-the-difference.

“What Is A Computer Virus?” What Is A Computer Virus?,

us.norton.com/internetsecurity-malware-what-is-a-computer-virus.html.

“What Is Malware? - Definition and Examples.” Cisco, Cisco, 16 Apr. 2020,

www.cisco.com/c/en/us/products/security/advanced-malware-protection/what-is-malware

.html#~how-malware-works.

“What Is Spyware? And How to Remove It.” Official Site,

us.norton.com/internetsecurity-how-to-catch-spyware-before-it-snags-you.html.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Microsoft Open Sources its Coronavirus Threat Data

May. 20, 2020

10:00-10:00AM PST

Cybercriminals have been busy in the last couple of months, using the COVID-19 pandemic to hack people and companies. Microsoft decided to open-source its data about these cyber threats in order to better combat cybercriminals and look for ways to protect vulnerable users. The hope is that by sharing this information, they can get a better view of the techniques hackers are using and help defend better against cyberattacks.

Increases in Attacks

In the three months since the pandemic began, there has been an increase in cyberattacks of 600%, and a majority of these have been claims of coronavirus testing, stimulus packages, notifications from the government, and fake pandemic maps.

Cyberattacks in hospitals increased by about 60 percent from February to March. Many of the attacks on hospitals are ransomware, though the software that hospitals are using has been highly successful at blocking these ransomware attacks.

Major Targets

Fraudsters have been sending emails claiming to be from the World Health Organization (WHO) or the Center for Disease Control (CDC) and claiming they have information about the pandemic. These often have malicious links; some even have attachments that claim they have a list of infected people in your area. Others will ask you for a Bitcoin donation to help support research for the virus or want your contact information to send you what they claim to be exclusive information on COVID-19.

Just a few weeks ago, WHO confirmed that approximately 450 email addresses and passwords for active employees were leaked; other groups working on COVID-19 responses also had thousands of credentials leaks.

One group that has been widely targeted is remote workers. "With so many people working from home, remote work software like Skype, Slack, Zoom, and WebEx are starting to become popular themes of phishing lures. We recently uncovered an interesting Skype phishing email that an end-user reported to [Cofense] Phishing Defense Center," Cofense researchers explained. The scammers have been sending out fake videoconferencing notifications aimed at getting access to Zoom and Skype credentials. Hackers have also been infiltrating videoconferences and disrupting meetings.

Spreading Awareness

The software giant has been sharing examples of some of the different phishing emails being used by these hackers on their Twitter in the hope that they can get this information out to more people more quickly.

In a blog post, Microsoft said they have been processing "trillions of signals each day across identities, endpoint, cloud, applications, and email, which provides visibility into a broad range of COVID-19-themed attacks, allowing us to detect, protect, and respond to them across our entire security stack. Today, we take our COVID-19 threat intelligence sharing a step further by making some of our own indicators available publicly for those that are not already protected by our solutions."

Where to Find Indicators

Microsoft released a guidebook for Azure Sentinel Notebooks to help hunt for these attacks, and they assured those with Microsoft Threat Protection that they were protected from the identified threats.

The indicators are available through the Microsoft Graph Security API, in the Azure Sentinel GitHub, and in the MISP feed.

Protecting Yourself

Since Microsoft cannot identify and stop every threat as soon as it appears, you should be prepared to take measures for your own cybersecurity. If you receive an email asking for money for research for the coronavirus, take a moment to scrutinize the message before you click on anything or give them anything. If you receive emails that claim to have pandemic maps or special information about the IRS stimulus checks, it is highly likely the email is a phishing scam.

It is a good policy to not click on anything unless you are 100 percent sure that it is from a source you can trust. If it seems iffy, you can always call the organization the email is supposed to be from to see if they truly sent it to you. Do not download any attachments unless you are sure that it is from who you think it is from; fake attachments often have spyware or malware included that gets to tunnel through your computer once you open that attachment.

The steps are simple if you believe your information has been compromised. First, run a virus scan on your computer, change your passwords from a different device than the one you opened the email in, and contact your bank — if your bank account was jeopardized.

One way to help yourself feel safer when you are checking your email is to contact an email security service to help give you an extra layer of protection when you are checking your email.

 

References

ARSENE, Liviu. “Global Ransomware and Cyberattacks on Healthcare Spike during Pandemic.” Bitdefender Labs, 14 May 2020, labs.bitdefender.com/2020/05/global-ransomware-and-cyberattacks-on-healthcare-spike-during-pandemic/.

Davis, Jessica. “New COVID-19 Phishing Campaigns Target Zoom, Skype User Credentials.” HealthITSecurity, HealthITSecurity, 27 Apr. 2020, healthitsecurity.com/news/new-covid-19-phishing-campaigns-target-zoom-skype-user-credentials.

Dowdell, Sophie. “600% Increase in COVID-19 Related Phishing Attacks.” IT Security Guru, 16 Apr. 2020, www.itsecurityguru.org/2020/04/16/600-increase-in-covid-19-related-phishing-attacks/.

“Open-Sourcing New COVID-19 Threat Intelligence.” Microsoft Security, 14 May 2020, www.microsoft.com/security/blog/2020/05/14/open-sourcing-covid-threat-intelligence/.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Identifying Phishing Email Scams: What to Look For

May. 20, 2020

1:00-2:00AM PST

Whether you have opened them or not, you have probably received at least a few emails that seem to be from your bank, the IRS, or another organization that has important information about you. They may claim your account has been blocked, or something needs to be updated because of a change to their policy. The email usually has a link to click to correct the error they are claiming exists or to verify your identity, and from there, they want you to provide personal information like your Social Security number or a certain password. These emails are phishing scams.

These emails are created by hackers and the links in them will lead you to fake websites — that usually look close to the real thing — in an attempt to steal your information. Just by clicking the link, you may be putting your information in danger; the links often bring viruses with them and can also put malware and spyware on your computer. Hackers have been working on their techniques for years to prey on unsuspecting victims to steal their identity and bank information. Unfortunately, this can sometimes make these emails difficult to recognize right away. 

Recognizing Phishing Attempts

While it can sometimes be difficult to tell at a glance if something is a phishing email, there are a few telltale signs that an email is a phishing scam. Here are a few things to look for when you receive a questionable email.

The “From” Address

One sign that an official-looking email is phishing is the email address it came from. If you look closely at the email address, it usually has a Gmail or Yahoo ending, or a similar one using like-letters. For example, a phishing email that claims to be from US Bank might have email@vsbank.com. Notice the "U" is actually a "V." This is a little trick of the eye that a scammer will use to make it seem like a legitimate email. If you ever think an email address is questionable, do not follow the link. You can always call the organization the email claims to be from to check if the email is indeed legitimate.

Urgent Call to Action

A scammer may try to use an urgent call to action to scare you into clicking on the link in the email without thinking. These types of messages may:

  • "Say they’ve noticed some suspicious activity or log-in attempts”
  • "Claim there’s a problem with your account or your payment information”
  • "Say you must confirm some personal information”
  • "Include a fake invoice”
  • "Want you to click on a link to make a payment”
  • "Say you’re eligible to register for a government refund”
  • "Offer a coupon for free stuff"
  • Claim an account will be closed if you do not act now

Generic Greetings

Phishing emails are usually generic because they are created to be sent out to hundreds, if not thousands of people all in a single batch. They also typically do not have your name, just your email address, so they cannot personalize an email like the real organization would do.

Emails that start with "dear customer/member" and things along those lines may be a phishing attempt. Most businesses these days will address you by name if they have your name.

Poor Spelling and Grammar

Businesses usually have decent spelling and grammar in their emails to customers, because it is professional, and if something is filled with poor spelling and grammar, it is hard to read, and you will probably not read them. A phishing email is usually full of spelling and grammatical mistakes, making this a potential sign that the email you are looking at is a scam.

Inspect the Link

When you hold your mouse over a link in an email, the full link will be displayed in the bottom left corner of your screen. If you are on your phone, you can press and hold your finger down, after a few seconds a box should pop up in the middle of your screen that displays the full link. Here is where it gets tricky; just like when they make the return email appear to be real by using slight spelling tricks, they can deploy that strategy here too, using phony websites that look like the real URL.

To use our US Bank example again, you may see the link displayed as “uvbank.com,” “usbnk.com,” or “usbnak.com.” The letters have been changed, removed, or transposed in these three examples. If you were to quickly glance at the link without scrutinizing it, you might not realize the mistake.

The Promise of Money

There are a few variations on this type of scam email. This may be the longest-running type of internet scam out there because it works. In 2018, Americans lost over $700,000 to this type of scam, according to a report from ADT.

You receive a random email that tells you a sad tale about this person who has a large sum of money and for just a small payment from you, they can access it and will share it with you. If you pay it, they may invent further fees they need help to get to the money, but they promise they will pay as soon as possible. These people will take as much money from you as possible then vanish forever.

Another version asks for your bank account information to transfer their large sum of money to you to keep safe on their behalf; victims of this scam often end up with empty bank accounts.

Yet another version is some distant relative you have never heard of has died and left you a considerable amount of money. The person sending the email needs something from you before they can send you your inheritance.

What to do if You Get Scammed

If you think you may have fallen victim to a scam, there are a few things you can do:

  • Run a virus scan on the computer you opened the email from.
  • Change your passwords on a different device than the one you opened the email from.
  • Contact your bank.
  • Report the scam to the FTC.

Tips to Protect Yourself

To help avoid falling prey to email scams, do not click on any links that may be suspicious or download attachments in emails. Take a moment to scrutinize any email you get that may seem suspicious, following our criteria above.

You should feel safe when you check your email, and one way to do that is to contact an email security service to give you an extra layer of protection.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Trustifi Live Stream: How to Protect Your Business from the Hacking Cyber-Apocalypse

Oct. 28, 2017

10:00-11:00AM PST

Equifax. Deloitte. Yahoo. In the past few years, we’ve seen the rise of some of the worst cyberattacks in recent history. The sheer scope of these hacks has affected business and consumer confidence throughout the whole world. Imagine the most sensitive, confidential and private information, on display to the public – or worse yet – sold to the highest bidder. Private passwords, SSN’s, medical records, bank statements, credit reports, contracts, anything of value to the right set of eyes is now up for grabs.

The threat of a cyber-apocalypse has finally become a clear and present danger to all of us, in any industry. In a special live streaming event, happening on Tuesday, October 31st, Trustifi CEO Idan Udi Edry will deliver a webinar on what individuals and companies can do to protect themselves from this very real threat.

A properly-executed hacked email server can dismantle businesses, destroy reputations and end livelihoods. The webinar will focus on what companies and individuals can do to protect their information through intensive email security, in the light of these recent cyberattacks.

Trustifi, one of the most groundbreaking encrypted email providers in the industry, specializes in protecting corporations of any size. To sign up for Trustifi’s free 7-day trial, click here.

 

Trustifi does much more than just email security. Email tracking, certified email, and eSignature are just a few of the state-of-the-art services Trustifi provides. If you’re looking for a personalized demo, customized to your needs, click here.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

3 of 3 Part Email Dangers Blog Series: Business Security – Sales Engagement

3 of 3 Part Email Dangers Blog Series: Business Security – Sales Engagement

Sept. 4, 2018

10:00-11:00AM PST

By
on Apr 30 2017

Share this ON










$(‘.facebook’).hover(function () {
$(‘.fb-icon’).toggleClass(‘hide’);
$(‘.fb-hover-icon’).toggleClass(‘hide’);
});
$(‘.twitter’).hover(function () {
$(‘.twitter-icon’).toggleClass(‘hide’);
$(‘.twitter-hover-icon’).toggleClass(‘hide’);
});
$(‘.linkedin’).hover(function () {
$(‘.linkedin-icon’).toggleClass(‘hide’);
$(‘.linkedin-hover-icon’).toggleClass(‘hide’);
});

By Nancy Richardson, President – VOC Company, LLC

An increasing number of vertical industry market processes require extra security and data sensitivity. HIPAA and financial-based internal and client/consumer communications within the Healthcare and Financial markets are obvious examples. When you make your career in one of those fields you get use to certain standards when it comes to protecting the data that you process.

But even the most diligent of us can inadvertently overlook securing sensitive information, or think the document that we’re emailing internally is relatively innocuous and not worthy of protecting. Current email configurations often limit employees from effectively protecting business communications, particularly in business development – opening business to risks in sharing competitive information.

In this third blog in our three-part series, we’ll be talking about what you should be securing, encrypting, and tracking so that you can protect yourself, your business, and your clients.

What You Need to Know When You Work in Sales Engagement

In our last post, we discussed why HR professionals need to be extra diligent and especially sensitive to protecting the information they send via email. Much of the information HR sends is internal to the organization. But what if you’re a business development professional? Then the converse likely holds true — most of the information you send is external to your organization. Once your email leaves your inbox, you have almost no control about what happens to it.

This is why business development and sales professionals need to be particularly cautious when sending emails outside of the organization.

If you’re a business development professional, whether you know it or not, you’re transmitting quite a bit of organizational sensitive information. You’re definitely sending out a good deal of data that you wouldn’t want your competition — or even other prospects — to catch wind of. A simple sales contract could let your competition know your price points and about your prospect, allowing them to undercut or underbid you.

A prospect pipeline is a sales person’s lifeblood. Because of the unique nature of sales positions, which often require personnel to work remotely from the road, it’s imperative to protect your prospect list when transmitting it from device to device. If you’re like many professionals, you may rely on a service like Dropbox — or you may even email it to yourself! This puts your very professional lifeline at huge risk!

Many other types of organizations will work with prospects to develop a sort of “white label” product for resell. When negotiating pricing and product details a great deal of trade secret information may be emailed, back-and-forth. A non-disclosure agreement has limits in protecting your organization. What happens if your client’s email is breached and that information is leaked to your competitors? Despite the relatively limited reporting on cases of breaches involving intellectual property or trade secrets, they are still highly sought-after pieces of data by cybercriminals.

Fortunately, there are ways to protect yourself and your organization. By using a simple secure email lifecycle management tool, you can be assured that your emails — and their attachments — are protected end-to-end. Not only that, but you can track the email through its entire lifecycle, from send, receive, open, read, forward, and print. Protect your assets and protect your business by ensuring that your email is secure.

Through this four-part blog series, you’ve gained insight into the internal and external business communications risks, often overlooked. What other information do you think needs to be secured?

 

Recent News

Not all email encryption providers are created equal: S/MIME & the Outlook Bug

By
on Nov 07 2017

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

.pro-button-id-5c6f0d9a730a4 .base-pro-button {
color:rgba(255,0,0,0.5);
background-color:rgba(255,0,0,0.5);
/*padding: 5px;*/
}
.pro-button-id-5c6f0d9a730a4 .base-pro-button:hover {
color:rgba(255,0,0,0.5);
background-color:rgba(255,0,0,0.5);
/*padding: 5px;*/
}
.pro-button-id-5c6f0d9a730a4 .base-pro-button .fa:hover {
color:rgba(255,0,0,0.5);
}
.popup-content{
display: none;
}

Get Free Trial

For Business

See if Trustifi Is Right for Your Organization

.pro-button-id-5c6f0d9a73516 .base-pro-button {
color:rgba(255,0,0,0.5);
background-color:rgba(255,0,0,0.5);
/*padding: 5px;*/
}
.pro-button-id-5c6f0d9a73516 .base-pro-button:hover {
color:rgba(255,0,0,0.5);
background-color:rgba(255,0,0,0.5);
/*padding: 5px;*/
}
.pro-button-id-5c6f0d9a73516 .base-pro-button .fa:hover {
color:rgba(255,0,0,0.5);
}
.popup-content{
display: none;
}

Schedule a Demo

Part 2 of 3 Email Dangers Blog Series: Business Security – Human Resource Risks

By Trustifi on Apr 24 2017

Certain industry types require extra security and data sensitivity. When you make your career in one of those fields you get used to certain standards when it comes to protecting the data that you process. But even the most diligent of us can inadvertently overlook securing sensitive information, or think the document that we’re emailing internally is relatively innocuous and not worthy of protecting.

In part 2 of this 4 part series, we continue to talk about what you should be securing, encrypting, and tracking so that you can protect yourself, your business, and your clients.

HR Electronic Communications – What should you secure?

Human resource professionals often deal with some of the most sensitive information a company owns. We often think that the payroll department is the sentinel of our constantly-accessed personally identifiable information, and while that is true, human resource professionals access and process mountains of our sensitive information regularly. Bottom line: the HR department is the first and last stop in protecting employee confidentiality.

Because email is and continues to be the most widely used method of communicating internally and externally to an organization, HR professionals need to be extra diligent about protecting personally identifiable information and be especially worried about email security. As the keepers of everything from social security numbers to bank account and routing numbers, HR departments are one of the most targeted departments within an organization.

If you work in HR, take a look at your inbox. It’s more-than-likely a veritable treasure trove of data about your employees. Everything from W4s to spreadsheets with employee information gets transmitted through your email. And while you may think the data is safe as long as it’s being shared internally, once you hit “send” you have no control over where that data will ultimately end up. This is why it is incredibly important to use an email lifecycle management tool that not only tracks your email — so you’re assured of its destination — but stores your emails in an encrypted environment.

But what should you be protecting? The short answer is everything you send, but let’s look at a few of the most commonly overlooked items.

Employee Review Forms — many forms used by organizations contain an employee’s personally identifiable information in the header of the form. But because we often think of an employee review form as relatively innocuous, we don’t secure it when we send the email. This is a mistake and can open the organization up to a data breach.

Spreadsheets — HR departments thrive on spreadsheets to manage the day-to-day management of personnel. While these spreadsheets are often password protected, a simple password is easy enough for even the most newbie hacker to break. When you send your spreadsheets, make sure to add an extra layer of security by encrypting the email.

New Hire and Annual W4 Forms — many employers and employees will email these documents to each other. Because they’re relying on the assumed security of an internal email network, both employers and employees may open themselves up to a data breach by not securing the email.

Policy Changes — when sending policy changes to employees its imperative to make sure that all of your staff has received and read the change. While most email clients have a return receipt option that can be enabled, that’s often not enough to provide proof that an email has been received, opened, and read, which means the HR department has to chase down acknowledgments. Save time and money by using postmarked email.

Workers Compensation Claims — these forms have a wealth of information about employees and often need to be emailed externally, to insurance companies and medical offices. Like spreadsheets, the document may be password protected, but a simple password is simply not enough to thwart a hacker.

HR is the first line of defense in protecting an organization from a data breach and protecting the livelihood of its employees. One of the easiest ways to protect your organization from a data breach is to use a robust email lifecycle management solution.

 

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

1 of 3 Part Email Dangers Blog Series: Business Security – Vendor Exposure

By Trustifi on Apr 18 2017

Certain industry types require extra security and data sensitivity. When you make your career in one of those fields you get used to certain standards when it comes to protecting the data that you process. But even the most diligent of us can inadvertently overlook securing sensitive information, or think the document that we’re emailing internally is relatively innocuous and not worthy of protecting.

In this four-part series, we’ll be talking about what you should be securing, encrypting, and tracking so that you can protect yourself, your business, and your clients.

What You Need to Know About Exposure — from Your Vendors

At every level of the organization, as long as an employee is picking up the phone, or sending and receiving emails, that employee is making security decisions for the organization every day. Despite the sophistication of technology and the cybercriminals that employ its use, old-fashioned social engineering is still the go-to resource for infiltrating an organization.

Let’s take a look at how a cybercriminal might use LinkedIn to breach your organization.

LinkedIn is actually one of the biggest resources for criminals seeking to subvert a company’s security. The nature of LinkedIn is for its users to remain open to they can be searched for by business connections, clients, and vendors. But that openness also exposes organizations to attack. The larger an employee’s social network increase their risk of attack as they build connections.

LinkedIn also makes it incredibly easy for a cybercriminal to impersonate a legitimate connection. Let’s say that you work for Acme Optics. Acme Optics has its own LinkedIn corporate page, so it’s fairly easy to determine what kind of service Acme Optics provides and what connections it’s making with other organizations, such as vendors and procurement sources (and remember — those connections are still made by humans at the ends of the terminals).

Our cybercriminal — we’ll call him Vlad — figures out that you work for Acme Optics, determines that Acme Optics gets its lenses from Shine Glass, and sends you a spoofed email from Shine. In three relatively simple steps, Vlad has convinced you to open an email and unknowingly download malware to your internal network.

One of the more insidious ways that Vlad may hurt your organization’s bottom line was discovered during the Yahoo breach, where auto-forward was turned on for thousands of accounts. These “set it and forget it” settings — that almost no one checks regularly — set Yahoo users’ up for years of exposure. Everything from grandma’s cookie recipe to last year’s tax filings was being auto-forwarded to hackers.

And that’s relatively easy to do on company servers, too — once you’ve been let in the back door via malware.

Fortunately, you can protect yourself and your organization by requiring your vendors send any attachments through a secure email lifecycle solution. By utilizing a secure solution, you can be assured that you and your vendors are protected through end-to-end secure email, lifecycle tracking, and dual validation technology.

Also, remember to “trust but verify.” Despite your familiarity with a vendor, even our most trusted associates are open to being spoofed. Vlad is depending on your trust to open that email. If you’re not sure why your vendor is sending you an attachment, pick up the phone and call to confirm that your vendor sent you an email. An ounce of prevention is worth a pound of cure.

 

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Your Email Address is Worth More Than You Think

By Trustifi on Mar 13 2017

Before you start reading, I want you to close your eyes and think about your daily routine. What’s the first thing you do? If you’re like 80% of smartphone users, you probably check your phone before you even brush your teeth.

Now close your eyes again. What do you see on the home screen? What apps are there? You probably have a few time killers – games, trivia – maybe some of your favorite news sites. You definitely have at least one social media source. What did you need in order to sign up for access or download the apps?

An email address.

Email addresses are the modern social security number – and they are tied to everything you use. That’s why cybercriminals want them.

The end of 2016 was ushered out with the Yahoo data breaches. Billions of email addresses, passwords, and security questions were obtained by cyber thieves, who likely had their hands on this information for years and used it to infiltrate thousands of individuals’ lives. These cybercriminals weren’t looking for a massive payout from their theft; it was far more lucrative to cherry pick a few individuals’ information a little at a time because it prolongs the shelf-life of your stolen data. While Yahoo was aware of the breach, they only made it public when Verizon uncovered the massive problem  during due diligence.

Human beings are creatures of habit and because so much of our real lives are intertwined with our digital existence, we tend to recycle passwords from one data source to the next. Even if you’re diligent about using different passwords, your email address is still likely tied to multiple accounts, such as your credit card or banking information. Even something as seemingly innocuous as your Amazon account can be a veritable skeleton key to the rest of your digital life.

Your inbox is a treasure trove of information.

Beyond the passwords and security question answers, cyber criminals had access to the intimate details of over a billion users’ inboxes – how they shopped, who they banked with; medical records, tax information, family recipes all in the hands of cyber criminals who could exploit that data for profit. Email is ubiquitous and we presume that what we send is relatively private. Except that it isn’t. The Yahoo breach also exposed setting issues, like auto-forward. A copy of the email lives in the primary inbox and another copy auto-forwards to another inbox. It’s relatively simple to set up and is a feature that most folks “set and forget.” Most email services do not provide any tracking mechanisms for email, so the typical Yahoo user would have no idea where their emails were actually going.

Email theft is, unfortunately, a growing trend.

But that doesn’t mean you should give up on privacy and security. There are simple proactive steps you can take to protect your email and keep your digital life safe and secure.

 

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Millenials: Time to Give Privacy a LB

By Trustifi on Mar 11 2017

TL:DR For real, digital privacy is important AF.

We  spend approximately all of our waking hours connected to social media. Our entire lives are out there, so most of us don’t even think twice about digital security. Or, if we do think about it, we think “what’s the point?”

A recent graduate of George Mason University recently said, “There is no longer such a thing as privacy and it’s a little scary but honestly inevitable. I’m not sure if it’s reasonable to be worried anymore because it’s already out there.”  Natalie isn’t a rogue millennial either. According to a recent study, just 2 in 10 Millennials worry about digital privacy most of the time.

But all of that time we spend connected, we spend connected to peer generated content. These are people we have at least a passing familiarity with. So what’s the big deal?

Your digital life can hurt you.

What you put out there for the world to see can not only hurt your career prospects, but it can affect your entire life by giving hackers clues about your life – clues they need to answer security questions. These same clues can also help them phish your accounts and take control of your entire digital life , credit report, and entire identity.

TBH Your digital life affects you IRL too.

You need decent credit for everything from getting an apartment to getting car insurance. Sometimes, you need decent credit to get a job. If a cybercriminal – or just someone throwing some cyber shade your way – gets a hold of your digital life, they can (and will) get a hold of your credit. It can take months before you know that your stellar 750 credit scored just dipped to 550, and even longer to fix it.

 

By that time, you’re back couch surfing at your mom’s house. And that’s not a good look.

 

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

What You Need to Know About Email Safety

By Trustifi on Mar 10 2017

Data breaches are on the rise and, despite the increased security requirements that organizations are obliged to undertake, don’t seem likely to stop happening any time soon. Cyberthieves can make a lot of money stealing your identity and there isn’t a strong likelihood that they’ll be caught. As the world becomes more digital, going “offline” isn’t realistic. So what can you do to protect yourself before and after a data breach?

The best defense is a good offense. When it comes to protecting your identity there are some really simple, but effective steps you can take:

  1. Never use the same password twice. Even if you think your password is un-hackable, you’re probably underestimating the tools that cyberthieves have in their arsenals. In the event that one of your accounts is compromised, using different passwords for your other accounts makes it difficult for a hacker to access them.
  2. Whenever possible make sure you turn on two factor authentication for your accounts — especially your email.
  3. When you have to send sensitive information by email, make sure to use an encrypted email service, like
  4. Make your social media accounts, like Facebook or Instagram, private. Social engineers will often peruse social media accounts to glean the answers to your security questions, like your mother’s maiden name and where you went to high school.
  5. When choosing what security questions to answer, either choose an obscure question or write your own. It’s generally a good idea to make the answer something fairly off-the-wall, like answering “ice cream” to “what’s your favorite color.”
  6. Make sure to monitor your digital life: periodically log in to your bank and credit card accounts, do a quick Google search for criminal records, and request a copy of your credit report from the three major bureaus.

If, despite your best efforts, your information was compromised during a data breach it may be months or even years before you truly know if you’re in the clear. Make sure to immediately change all your passwords — and set up a schedule to change them regularly — and obtain copies of your credit reports annually. Don’t fall victim to phishing or social engineering attacks. If you think you might be the victim of identity theft make sure to file a report with your local police department and notify the credit bureaus immediately.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization