Go Phishing

Go Phishing

With COVID-19 changing the way many businesses are forced to work, phishing attacks have increased significantly while becoming more complex. Hackers often look at crises as opportunities and COVID-19 is no different. Attackers are using names of coworkers and companies to fool people into thinking they’re legitimate emails. With many employees working from home and logging in, there is an increased reliance on remote system tools, and phishing scams have evolved to mimic them.

Stressful times are upon us and there is no letup in sight. As a result, IT staff are finding themselves overwhelmed as they address a multitude of system issues, software problems, and new problems stemming from employees working remotely. Many employees are using personal devices, which are more vulnerable to cyber-attacks. To be truly prepared for remote work and sophisticated threats, businesses need to analyze their weaknesses and implement proper cybersecurity approaches.

At PROTECTED HARBOR, we provide custom solutions to cyber-attacks, ransomware and other debilitating infrastructure issues. Our team of IT professionals ensures your infrastructure is secure through the creation and implementation of security policies. We analyze and remediate risks to keep you safe. On average, we save our clients up to 30% on IT costs while increasing their security, productivity, durability and sustainability. We are an extension of many IT departments, freeing them up to concentrate on daily work while we do the heavy infrastructure lifting.

Contact us today to find out more, www.protectedharbor.com

How did Twitter get hacked?

How did Twitter get hacked?

On July 15th many Twitter accounts were compromised.  How did this happen to a company like Twitter?

‘This was the worst social media hack ever happened in history’twitter hacked

The security involvement of the hack are also wide-reaching, not just for Twitter but for other social platforms.

Early suggestions are the hackers managed to access administration privileges, which allowed them to bypass the passwords of any account they wanted.

Twitter appeared to confirm this in a tweet saying: “We detected what we believe to be a co-ordinated social-engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”

As we generate more content online we are creating a larger digital footprint.  These attackers simply contacted Twitter and asked for the names of key personal, the head of the customer service, their CIO, etc.  Once the attackers knew the identity of key individuals they then researched their web pages, Facebook links, LinkedIn profiles, etc.

The attackers were able to gain enough information from those pages to be able to correctly answer Twitter’s support questions and gain access to those accounts.

Once the attackers had access to an Admin account they could reset end-user accounts and then login as those users.  It was that easy.

Some questions that should be asked; What would have helped prevent this disaster?  Is your system(s) vulnerable to a similar attack?   How can your system(s) be protected?

2FA or Two Factor Authentication would have stopped this attack.  With 2FA the mobile device is registered to the account and the login is not possible until a code on the mobile device is entered.

At Protected Harbor we support 2FA for all systems, allowing our customers to be safe, secure, and protected, as in Protected Harbor.

How to Protect your data from Phishing Sites

Please follow these steps to help protect your data from phishing sites:-

Follow these steps to stay Protected as in Protected Harbor!
  1. Never enter password and ID on a web site opened from an email
    With the exception of when you forget a password and you requested the link, never ever enter your password and ID on a web site opened from an email. If a web site needs to be opened, then open the website in your browser, not by clicking on the link.
  2. Never log in to a secure server or site from a public computer
    Never log in to a secure server or secure site (HTTPS) from a public computer. Cookies can be left that will contain enough information for your account to be compromised, use your cell phone instead.
  3. Do not use public WiFi
    Do not use public WiFi. Criminals are always scanning public WiFi systems looking for users to connect so that they can capture the ID and password.

How to Protect your data from Phishing Sites