PC Professionals

As of 6:00 PM tonight, we still have no power at the shop. As soon as the lights come on, we WILL be open. Keep an eye on this space for the announcement. Thank you for your support.

Cybercrooks take advantage of top news, which means they’ve already found ways to send malware and steal money using COVID-19. Read our article sharing what to watch out for and what to do to stay cyber safe. Steer clear of coronavirus scams!

Steer Clear of Coronavirus Scams

With the world grappling with a health pandemic, scams are shocking. Regrettably, bad actors are everywhere, always looking for opportunities, and they’re seeing one in the coronavirus. This article outlines what you need to watch out for and how to stay cyber safe.
The last thing you want to read right now is that there’s another threat out there – sorry, but it’s true. Cybercriminals take advantage of fear. They take timely concerns and use them to target victims. Using the anxiety and upheaval around coronavirus is their mission.

So far, several coronavirus-related attempts to cyberscam people have been reported. There are examples of:
• emails that appear to come from government health departments;
• offering a tax refund to get people to click on malicious links;
• memos to staff that appear to come from large employers;
• COVID-19 test offerings from private companies;
• fake websites promising to sell face masks or hand sanitizer;
• soliciting donations to help fund a vaccine.
What to Watch Out For
Another concern is the number of bogus websites registered with names relating to COVID-19. The site can look legit but is set up to steal information or infect the victim’s computer with malware.
You may get an email promising the attached information offers coronavirus safety measures, or information shared by the World Health Organization (WHO) if you click on the link, or a similar email pretending to be from a reputable news source, such as the Wall Street Journal (WSJ).
In another example, an email impersonating a healthcare company’s IT team asked people to register for a seminar "about this deadly virus.” Anyone who didn’t question why IT was organizing the meeting clicked to register. By filling out the form, they gave their details to hackers.
What to Do
Be cautious. It’s understandable that you’re anxious, but don’t let that stop you from taking cyber precautions. You should still:

• be wary of anything that tries to play on your emotions and urges immediate action;
• question where emails are coming from – remain vigilant even if the communication appears to come from a reliable source;
• hover over links before clicking them to see where they will take you – for example, in the WSJ example, the Web address was for the “worldstreetjournal”;
• avoid downloading anything you didn’t ask for;
• doubt any deals that sound too good to be true (“a mask that stops the virus 99.7% of the time!”);
• ignore any communications requesting your personal information;
• don’t be suckered by fraudulent pleas for charity.

Global health organizations generally do not send out emails with advice. Instead, navigate directly to that reputable health institution for real news.
If you’re still not sure about the validity of the communication, check it out. Do so by calling or using another medium to get in touch with the “source” of the received message.
While there is not yet a vaccine for COVID-19, you can put anti-virus protection on your computer. Also, make sure that you’ve applied all available security updates to keep your software safe.
We hope you’ll take care and stay healthy both physically and online in these tough times.
Need help installing security software and keeping your technology safe? Our cybersecurity experts can give your home a tech immunization. Contact us today at 251 289-9741.

Fake Invoice Attacks Are on the Rise - Here’s How to Spot (and Beat) Them

Businesses around the world are being struck with a cyber-attack that sends victims a fake invoice that looks real enough to fool to most employees. It’s an old scam that used to see bills faxed or mailed in, but it’s made its way into the digital world and instances are on the rise.

Chances are you’ve already seen some of the less effective attempts, like an email advising your domain is expiring, except it’s not from your host and your domain is nowhere near expiration. These new attacks are more advanced, in that they look completely legitimate and are often from contractors/suppliers you actually use. Logos are correct, spelling and grammar are spot on, and they might even refer to actual work or invoice numbers. The sender name may also be the normal contact you’d associate with that business, or even a co-worker, as cybercriminals are able to effectively ‘spoof’ real accounts and real people. While it’s worrying that they know enough about your business to wear that disguise so well, a successful attack relies on you not knowing what to look for, or even that fakes are a possibility. With that in mind, here are two types of invoice attacks you might receive:

The Payment Redirect

This style of fake invoice either explicitly states payment should be made to a certain account, perhaps with a friendly note about the new details, or includes a payment link direct to the new account. Your accounts payable person believes they’re doing the right thing by resolving the invoice and unwittingly sends company money offshore. The problem usually isn’t discovered until the real invoice from the real supplier comes in or the transaction is flagged in an audit. Due to the nature of international cybercrime, it’s unlikely you’ll be able to recover the funds even if you catch it quickly.

The Malware Click - Rather than go for the immediate cash grab, this style of attack asks your employee to click a link to download the invoice. The email may even look like the ones normally generated by popular accounting tools like Quickbooks or Xero, making the click seem safe. Once your employee has clicked the link, malware is downloaded that can trigger ransomware or data breaches. While an up-to-date anti-virus should block the attack at that stage, it’s not always guaranteed, especially with new and undiscovered malware. If it does get through, the malware quickly embeds itself deep into your systems, often silently lurking until detected or activated.

How to Stay Safe

Awareness is key to ensuring these types of attacks have no impact on your business. As always, keep your anti-virus and spam filters up to date to minimize the risk of the emails getting through in the first place. Then, consider implementing a simple set of procedures regarding payments. These could include verifying account changes with a phone call (to the number you have on record, not the one in the email), double checking invoices against work orders, appointing a single administrator to restrict access to accounts, or even two-factor authorization for payments.

Simple pre-emptive checks like hovering the mouse over any links before clicking and quickly making sure it looks right can also help. Like your own business, your contractors and suppliers are extra careful with their invoicing, so if anything looks off - even in the slightest - hold back on payment/clicking until it’s been reviewed. Fake invoices attacks may be increasing, but that doesn’t mean your business will become a statistic, especially now that you know what’s going on and how you can stop them.

We can help increase your security, talk to us today. Call us at 251 289-9741