WARNING: The Latest, Most Complex Fraud Scam Might Catch You Off Guard! You may be wondering how cybercriminals are able to turn stolen credit card data into cash flow. A popular scheme is to sell high demand, incredibly underpriced items on eBay that they don’t even own yet. Upon the auction ending, the fraudster uses stolen credit card information to purchase the goods from an e-commerce store and ships it directly to the auction winner. This is effective because auction winners get what they bid on and pay the criminal, and the only party left to dispute the charges is the original and legitimate cardholder. Triangulation Fraud This popular scam of using stolen credit cards to buy merchandise won by other eBay members is by no means new, but as time goes on, is getting more automated and sophisticated. One retailer who wishes to remain anonymous, was achieving quite a bit of success with e-commerce, and was experiencing fast growth, and was amongst the Top 50 Online Retailers for the past two years, as ranked by Internet Retailer.com. Unfortunately, this did not protect them against falling victim to the scam. The retailer received more than 40 orders in the span of just a few weeks that were traced back after the fact to stolen credit card data. The retailer was successful in stopping a small number of the transactions before they were shipped, but many of the sales resulted in losses that needed to be absorbed by the victim. How It Works Understanding exactly how triangulation fraud works might be a bit confusing. The process is simplified below for clarification: Step 1 – Auction fraudsters set up one or more eBay account and begins to sell legitimate products. Once a customer buys an item, the money is placed into the fraudsters PayPal account. Step 2 – The fraudster sells the order by going to another online retailer, and purchases the item using stolen credit card data. The goods are direct shipped to the actual customer, and the fraudster gets the money. This scam is particularly crafty because the purchasing eBay customers are satisfied and have received a product, so there’s never any concerns about the company that provided them the product. For large retailers doing considerable amounts of volume, this process raises no concerns with them, and goes virtually unnoticed. The only way they can be made aware of such activity is by using sophisticated fraud screening programs, or when the owner of the credit card initiates a “chargeback” with the credit card company. EBay has publicly stated that the use of stolen credit card information in the purchasing of goods is by no means a new concept, and has said that cooperation and coordination is required with both retailers and law enforcement to get a handle on such cyber crime. Detection of such fraud relies on the tools used by merchants and implementing correct credit card authorization protocols. EBay does not wish to share the technology and practices they have implemented to handle this sort of fraud activity, out of concern it will provide information to the cyber criminals. Representatives for the auction site did however say that they use a range of internal tools, as well as risk models that identify suspicious activity. They also provide training to hundreds of retailers, as well as law enforcement on various types of fraud. Make sure you and your staff members never fall victim to triangulation fraud. Contact {company} for help at {phone} or send an email to {email}. We provide managed IT services in {city} that keep your company safe against all types of cybercrime.

You may think that using cloud-based email means that your enterprise email archiving needs are taken care of – but that’s not quite true. A separate cloud-based email archiving solution provides functionality that your cloud email system simply can’t, which could give you significant advantages over the competition. Moreover, in many cases, separate cloud email archiving can be a legal requirement. Here are five reasons to consider it: Archived means delete-proof People may mistake a searchable mailbox for an archive, but corporate email archiving provides more than mere search. Email archiving is a tamper-proof record of communications within your company that legal experts can rely on. Records cannot be deleted or changed in an email archive because it is encrypted, compressed, timestamped, and electronically protected from alteration. Conversely, your email inbox is entirely alterable. You could change or delete any email in your history at will in your mailbox, making it useless from a legal perspective. This alone disqualifies your mailbox as an email archiving tool. You don’t archive where you store Using your inbox as your email archive makes you vulnerable. Should something happen to your email service provider, you risk losing all records of your email along with your operating mailboxes. This could be financially costly, because it limits your ability to reproduce communications when prompted by the legal department, and potentially makes you noncompliant with regulations in your industry. A separate business email archive – ideally with a third party provider – protects your company. Grown-up searchability Searching is better with properly archived email. You may think that typing a couple of keywords into a search bar in your cloud email is enough, but it doesn’t scale. Lawyers cost hundreds of dollars an hour, and they will happily charge this to sift through information that isn’t easily findable to try and reconstruct conversations. Email archiving solutions provide a more structured search process, because they automatically index every email, producing a comprehensive set of metadata describing its various characteristics. These include everything from the time sent, through to who was included in the communication, and what was attached to the email, if anything. Metadata can be used to quickly construct a verifiable audit trail for any particular conversation, showing investigators how it unfolded over time. You might be able to do this with your cloud-based email search, but it would be prohibitively expensive and time-consuming in many cases. 360-degree visibility For many companies these days, email is only one part of the communication landscape. Employees may use a company-sanctioned instant messaging system, along with SMS texts, and voice messages sent via email. A properly configured email archiving solution can capture all of these communications and store them within a protected database – making the record of communications complete. Your cloud-based email will be unlikely to do this. Get the bigger picture What isn’t your cloud email telling you? Beyond letting you know when you are nearing your storage limit, probably not much. On the other hand, the indexed data in your email archive can tell you a lot, including the following: Which employees are responding to emails most quickly? Which are losing you opportunities by lagging in their replies? Are any employees regularly communicating with people that they shouldn’t, such as competitors, for example? Are any email accounts inactive, indicating that they should be closed to prevent a security risk? You can find out all of these things using business intelligence reports produced easily from an email archive, putting you 10 steps ahead of those people relying purely on cloud email to provide a record of their communications. An email archive cannot only be a valuable asset to the IT department, but is also a requirement in many cases. Conflating cloud-based email with email archiving is a mistake that could come back to bite you in the future. Get the functionality that your cloud email simply can’t provide. Contact {company} at {email} or give us a call at {phone} to learn more about cloud-based email archiving.

As of last month, a majority of US banks will have replaced most traditional debit and credit cards with newer, ideally more secure versions that rely on a microchip instead of a magnetic strip for data storage. What many people don’t know is that this new-fangled chip technology is not 100% secure! The FBI has issued warnings to law enforcement, merchants, and the general public to promote awareness that no single technology can completely stop fraud. What is an “EMV” credit card? EMV refers to the first three adopters of the chip card technology, Europay, Mastercard and Visa. Also known as “chip-and-signature,” “chip-and-pin,” or “smart” cards, these new credit and debit cards offer more secure use than the outdated magnetic strip technology that has been the standard for years. EMV card transactions work between the merchant and the cardholder’s bank with a code that is unique to each individual transaction, which results in greater security and generally ensures less vulnerability to criminal activity while the data is in transit. What dangers does the EMV card present to users? Despite the fact that the chip technology is certainly more secure than the traditional magnetic strip, the reality is that lost or stolen cards can be more readily exploited for use in stores, online and over the phone. In the latter two instances, the chip is not physically provided for the purchase (known as “a card-not-present transaction”), which negates most of its potential security measures. Furthermore, given that banks are issuing cards with both magnetic strips and chip technology to accommodate merchants that haven’t updated yet, criminals can still steal data from the magnetic strip for illegal purposes. If the merchant has failed to upgrade to an EMV terminal, there is a chance it can become infected with data-capturing malware. How can you protect yourself? Ensure that you protect the personal information specific to your card, such as your account number and PIN. When entering your PIN for a purchase, be sure to always shield your input from the view of other customers and potential thieves. Cardholders that have lost their card, or suspect it has been stolen should contact their bank as quickly as possible to minimize the chance of fraud. Merchants are urged to handle the EMV card and its data with the same precaution they use for traditional credit cards. For sales over the telephone or via the Internet, merchants are encouraged to employ additional security measures to verify the authenticity of the card in question. Servers and payment links used by merchants for all Internet transactions with credit and debit cards need to be properly encrypted to limit the chance of hackers accessing the information given by cardholders. If you believe you have been a victim of credit or debit card fraud, contact your local law enforcement or FBI field office to file a complaint with the Internet Crime Complaint Center (IC3) at www.IC3.gov. To stay up to date on the latest developments in tech security, be sure to regularly visit {company} online, or get in touch at {phone} or {email}.

Microsoft is the best choice for almost all daily work in the office, whether it’s Word for document processing, Outlook for email or Excel for spreadsheets, so why not get the most out of those services? Microsoft Office 365’s latest Cloud-based features have a lot to offer businesses, but could it expose your company to new risks? Can Microsoft Office 365 Affect Your Business’ Security? A healthy dose of skepticism is expected with any new technology, but with the right consultation from an expert provider like {company}, you can leverage the full power of Office 365 without taking on any risks. Office 365 connects each and every Microsoft application with the Cloud, making your tasks more convenient and user-friendly, and actually eliminates further risks with new innovations. {company} can help your {city} business make the most of Microsoft Office 365, ensuring a smooth transition and setup. To learn more about Microsoft Office 365, contact {company} today at {phone} or {email}. How Can Microsoft Office 365 Reduce Your Risks? {company} can give you access to Microsoft’s many Cloud-based features, including: “99.9% Uptime Guaranteed” means minimal interruptions:{company} can ensure minimal unexpected downtime or inconvenient planned maintenance, allowing you and your employees to work efficiently and without delay. Smooth transition means fewer migration issues:{company} can smooth your migration to Office 365 services with industry-leading practices. With our help, you can be sure that no email, file, or calendar is missing from your newly configured setup. Sensible fees that limit financial risk:Due to the very nature of Cloud computing, there is almost no up-front capital required to pay for any physical hardware or the space to store it. Safety in Cloud means lower chance of data loss: By operating through the Cloud, your files, emails and other data is stored offsite in secure locations. These effective archiving services ensure not only that you have access to your data from remote workstations and mobile devices, but also that an up-to-date version is available at a moment’s notice should your onsite copy be compromised during an emergency. Make the most of the Microsoft applications you already use! With our help you can optimize your {city} business’ Microsoft configuration for better accessibility, security and convenience. Contact {company} today to start your transition to the Cloud.

Microsoft’s recent Patch Tuesday brought four critical updates, as well as eight important updates, in an attempt to resolve 54 reported vulnerabilities found in Microsoft Windows and Microsoft Office. KB 3097877, part of security bulletin MS15-115, was found to cause a multitude of issues for those using Outlook, including the following: Crashing when opening web-formatted (HTML) emails Black screens when trying to log in Other odd behaviours/general hangups Upon discovering the issues, a spokesperson from Microsoft explained, “We are looking into reports from some customers who are experiencing difficulties with Outlook after installing Windows KB 3097877. An immediate review is under way.” If you experienced issues as mentioned above, you’re likely extremely frustrated. We get that. Fortunately, Microsoft has reissued KB 3097877 to address the issues. A spokesperson expressed, “We recommend customers apply this update to help stay protected.” There was no mention as to what the issues were caused by or why the update was faulty in it’s release, however, it’s vital to apply the reissued update as it’s designed to fix a series of flaws that could otherwise let attackers remotely execute code on your systems. Need help making sure patches are applied in a timely manner? {company} does that for you. Call {phone} or email us at {email} to learn more about about managed IT services.

Don’t Let the Latest Version of CryptoWall Destroy Everything You’ve Worked So Hard to Build… Remember CryptoWall, the world’s most destructive ransomware? It’s back with a vengeance! CryptoWall 4.0 has surfaced with a multitude of encryption methods and evasion tactics that are tricking even the latest anti-virus programs. Ransomware is the worst possible threat for businesses as it encrypts all of your vital information, then demands a payment for the decryption key. Tyler Moffitt, Sr. Threat Research Analyst at Webroot, explained, “CryptoWall 4.0 is the latest encrypting ransomware out right now and we’ve already observed it spreading. With the huge ‘success’ of CryptoWall 3.0, I anticipate this variant to be the number one threat to watch out for going into 2016.” Are you prepared to fend off the destructive ransomware that costs you thousands, or worse, tens of thousands of dollars to recover?   You’ve heard the saying ‘knowledge is power,’ and it’s absolutely true when it comes to fending off threats such as ransomware. Here are the top factors you need to know, in order to face the latest version of the most destructive ransomware: Keep an eye out for it’s name: The creators of CryptoWall 4.0 have given the ransomware a new name: help_your_files_ransomware. If you notice the phrase, make sure to call an experienced team of IT security professionals immediately. Also, make sure you’ve updated your file screening to include the phrase. Don’t open suspicious email attachments: If you’re not absolutely certain of the sender, do not open suspicious email attachments, even if it’s from someone you know, check the source. Don’t hesitate to call the sender and ask if they sent you something in the form of an attachment. Email attachments are still the most commonly used way to send ransomware. Expect to feel even more frustrated than ever:  In an effort to further frustrate victims into paying the fee, the attackers have started encrypting filenames, as well as files, so you’re not able to tell what files have been targeted and encrypted! This means filenames will appear with names including random letters and numbers. Prepare in the same way you would for previous versions: The good news is CryptoWall 4.0 behaves exactly like previous versions, although the encryption methods and evasion tactics are more advanced. CryptoWall 4.0 still infects in the same way, encrypts files in the same way, and uses the same domain to request/receive payments. This means you can prepare in the same way. CryptoWall 4.0 is stronger and more sophisticated than previous versions, but ultimately, it’s the same preventative measures that matter: Make sure files are backed up onsite and in the cloud, in order to ensure you’re able to recover those files instead of paying the fee. Use an email filtering software to prevent malicious or annoying spam from getting to your inboxes. Install an enterprise-grade firewall that keeps unauthorized users away from your network at all times. {company} provides managed IT services wherein we keep our clients prepared for the latest threats – safeguarding with the appropriate security measures to prevent even the most destructive ransomware. Call {phone} or email us at {email} for more information.

Discover the Secrets to Spotting Phishing Attacks Before You Become Yet Another Victim… Email is the most common source of malware and virus infections. Why? Because email is the gateway to your company; and while it’s an incredibly convenient way for your staff members to communicate with one another, clients, and partners, it’s also an incredibly convenient way for cybercriminals to hack your systems and steal confidential information. Phishing attacks flow into inboxes like yours significantly more during the months before the holidays… Are you confident your employees would be able to spot a phishing attack before it’s too late? Phishing attacks flow into inboxes like yours all throughout the year, however; they become significantly more common and sophisticated during the months before the holidays. Top secrets you need to know in order to spot phishing attacks before you become yet another victim: Poor spelling and grammar: If you’re on a major corporation’s website or you receive an email from a major corporation and it’s filled with spelling and grammar mistakes, it’s likely not legitimate. Asking for personal information: No matter how official the email seems, reputable companies don’t ask for personal information via email, such as passwords, credit card numbers, or anything else. Offers that seem too good to be true: If you end up on a website, receiving an email, or coming across a popup saying you’ve won something fantastic, it’s likely a phishing attack. Being asked to send money: If you receive an email that seems to be from a family member or friend asking for money due to an emergency, make sure to contact that individual prior to sending anything. A sense of extreme urgency: In many cases, hackers make it seem very urgent that you provide personal information/financial details or something terrible will happen. Don’t fall for this scam. Don’t become yet another victim to phishing attacks. Safeguard your email against hackers before it’s too late. Contact {company} at {phone} or send us an email at {email} for more information.

Honor Our Troops and Give a Big Salute to the True Heroes! On Veterans Day, we’d like to invite all of our clients to join us in thanking all the veterans who bravely serve their country and put their lives on the line. This year, please take a moment when 11:00am rolls around to take a moment of silence – remembering the true heroes who are currently serving, have already served, and those that have lost their lives in war. In today’s modern, increasingly competitive business environment, it’s easy to get caught up and busy with balancing the day-to-day tasks we have at work, but it’s absolutely necessary to honor the sacrifice of all the veterans and demonstrate that their dedication to our country will not be overlooked. {company} is proud to take a moment to thank all of the veterans out there. We greatly appreciate you for your service and we greatly appreciate you for your sacrifice. Thank you.      

Hackers have found a new way to steal from companies and it has more to do with people than it does technology.  Millions of dollars have been reported stolen from large corporations and they are handing it over themselves! This is how the scam works… Hackers will target the leaders of the company, usually the CEO and the CFO, using public available information. The attackers with find out the inner workings of the company and learn the policies for financial transactions. They make a domain name as similar to the name of the company as possible, LUTHERCORP.ca vs. LUTHERRC0RP.ca, and send an email to the CFO from that false domain. The email will claim to be from the CEO asking for a large sum of money to be wired to an account. The email will often be full long business conversations with other company executives to make it seem real and will be marked as urgent. Making it urgent often bypasses many of the regular security steps in wiring money. Once the money has been sent, there is no getting it back. How can I protect my company? Have a multi-step system for withdrawing money that involves more than 1 person within the company Open up communication within the company so that people know it’s okay to ask questions Establish a physical or verbal signature for withdraw so that the entire transaction isn’t online What does {company} do to keep you protected and operating at your best? {company} is all about keeping you protected and operating at your best. We provide managed IT services wherein we handle absolutely everything – from implementing the right security measures to proactively monitoring your systems for issues to making sure all patches are applied immediately – all at a flat-rate monthly fee. We go above and beyond – staying ahead of the latest threats and any industry-specific regulations you’re required to adhere to, in order to help you stay safe in the evolving world of cybercrime. This scam shows the biggest security flaw in a company is internal. Targeting high ranking members allows them to skip past any and all security measures that you may have in place. For more information on hacking tactics so that you can keep your company safe, contact {company} at {phone} or {email}. We provide managed IT services wherein we handle all of your technology needs.