Cybersecurity Tips to Put into Practice During Remote Work

As the situation with Coronavirus COVID-19 advances, many state governments are now issuing orders to work from home for the purposes of slowing down the spread of the virus through “social distancing”. While this period of uncertainty and fear grows, so do the phishing attempts of cybercriminals who seek to take advantage of potential victims.  

European cybersecurity agency ENISA has been warning users to stay vigilant for any suspicious looking emails that arrive in users’ inboxes – especially those that mention the Coronavirus – urging people to avoid clicking links or downloading files that may otherwise include malware and infect devices. Instead, it is recommended to check the legitimacy of the email through methods such as checking the direct website or calling a company’s direct phone line if the email and sender looks suspicious. Any unusual requests through an email should be handled with skepticism and caution.

Aside from being careful of such emails, ENISA also recommends employees to follow these security measures to stay safe while working from home:

  1. Maintaining a secure WiFi connection and having WiFi password protected so as to keep others away from accessing your web traffic. Employees should also make certain their connection on WiFi is secure rather than using an untrusted network through public WiFi.
  2. Having an antivirus software downloaded on your device as you work on sensitive material
  3. Making sure your computer software is up-to-date with the latest security updates
  4. Locking your desktop screen when it is not in use 
  5. Making sure all files are being backed up in case of an emergency (e.g. a ransomware attack)

During this time with remote work, employers should also take responsibility in making sure all employees are well equipped with tools necessary to ensure business security. For example, having an emergency cybersecurity plan or support available for workers when facing technical issues, or having a protocol to follow when working from home in the case of accessing sensitive files.

4 Tips to Keep in Mind to Avoid SMS Scams

From time to time, we receive strange texts from numbers we don’t recognize telling us that our Amazon account has or needs a delivery update or that there is unusual activity detected in our bank account. Texts like these are accompanied with a suspicious looking link that asks you to click to log in. The issue with these messages is that sometimes it could be difficult to tell if it’s a scam when it mentions a company, bank, or other entity we typically interact with. While this may be so, we’ve outlined a few tips for you to keep in mind when you get that suspicious SMS message:

Tip #1: Don’t Click on Links from a Text You Don’t Recognize

It’s important to look out for one of the bigger signs that the text you received could be a scam: if it asks you to click on a link. Usually, you can tell when a link is fraudulent through the domain name. Other times it may be a bit more difficult to assess the link, especially if the company name is used within the link. In whichever case, it’s best practice to just avoid clicking on any such links sent to your phone. If you receive a delivery notification that asks you to check its status through a link, go to your web browser or application instead and log into your account to do so. 

Tip #2: Don’t Reply to Suspicious SMS Messages

Messages that you don’t recognize could ask you to reply “YES” or “NO” or to give them a call about your bank account that was experiencing suspicious activity. In any case, avoid replying back to such messages and note that call to action texts that you don’t recognize could very well be an SMS scam. 

Tip #3: Be Mindful of the Message Content

It’s important to look out for a few tell-tale signs within message content that may reveal the malicious nature of a text. Several things to spot include the greeting message, spelling, grammar, and the link provided. If anything seems out of character through the message, then you’re probably right to think it may be fraudulent. Again, it’s always best to sign into your account through the official website than clicking on a link you’re unsure of – especially if the domain doesn’t appear to be an official company website link. 

Tip #4: Use Your Phone’s Block Feature

To help you avoid receiving any further messages from a sender, iPhones come equipped with the ability to “Report Junk” for texts you don’t recognize. The option appears when your phone recognizes that the number is not part of your contacts list. You can also block a number that sends you malicious messages by pressing on the contact info button at the top of your iMessage, press on the number once more at the top, then scroll to the bottom to press “Block this Caller”.

Phishing Scam With Fake Invoices Spreads Across US and UK

A malware called Emotet is spreading through the US and UK, specifically targeting banks and financial sectors according to a report published by Menlo Security. Cybercriminals have implemented a malware campaign that spreads via phishing emails, with the attachment of a malicious Microsoft Word document attachment. The email is made to look official through mention of financial topics such as invoices or banking details in the subject line, attracting victims to click on the file. 

Emotet malware use was on the decline back in December 2019, yet began to pick up momentum again early into the new year as cybercriminals use it for new malicious purposes. 

These targeted attacks are meant to disrupt multiple sectors including media/entertainment, transportation, and food/beverage in locations such as the US, UK, Philippines, Spain, and India. Emotet attacks have largely been focused on the financial services sector, with half of these campaign attacks affecting the US and a quarter affecting the UK. 

After a user clicks to download the infected Word file and presses on “enable editing”, embedded macros are deployed onto the victim’s computer, which then successfully transfers the Emotet malware. Once transferred over to the user’s device, Emotet not only steals sensitive information, but can also facilitate the spread of more malware to other computers that use a shared network.  

Emotet can’t be traced to just one source of administration, since its function as a botnet infects Windows computers globally, which then spreads further through those infected devices. 

As Emotet continues to wreak havoc, business employees should take precautionary measures in avoiding any suspicious emails that arrive in their inbox, as documents or any links attached could very well be infected with malware. Users should be cautious of those emails that ask to “enable macros”. Keeping computer operating systems up-to-date is also an important step to take in order to stay safe.

Email Productivity Applications Collect Users’ Personal Information to Sell to Third Parties

There are many email productivity applications that help manage and organize your inbox. While useful, they come at a costly price for your privacy. According to Motherboard’s Joseph Cox, many of these apps can scan through people’s emails and sell their data for profit. Some worth mentioning include Cleanfox, Slice, and Edison. On Edison’s website, the company states that it “accesses and processes” users’ emails, this similar statement used for the apps Cleanfox and Slice.

These types of applications scan people’s personal inboxes for emails that contain information such as package tracking notifications and receipts to record how much people spend as well as what they are purchasing. Once this data is collected, these application companies sell this information to e-commerce and finance companies that have an interest in such trends. However, they sell an anonymous version of the information. 

A spokesperson from Edison told Business Insider that their software “automatically recognizes commercial emails and extracts purchase information,” while disregarding any emails that include personal or work related matters. Slice’s parent company, Rakuten, stated that the reason as to why they collect people’s data is for market research purposes and – contrary to what we may believe – that they do value protecting their users’ privacy. 

Foxintelligence’s CEO Edouard Nattée stated in an email to Business Insider that new users are notified when their data is pulled from “transactional emails”, further stating that the information collected remains anonymous. While anonymized data may seem secure, data breaches that give access to the exact data can help cybercriminals trace information back to its original source. 

WiFi 6 Has Arrived and Promises Faster Data Delivery Speeds

WiFi is inevitably part of our everyday lives. With every passing year, we add more devices in our homes that require WiFi, consequently slowing down our speeds as more devices connect to our home routers. WiFi 6 is here to help solve that issue. WiFi 6’s devices/routers offer faster speeds of the internet and some of these routers are even inexpensive to own.

Last year at CES 2019, affordable routers were announced to be coming to stores, yet consumers were met with very high price points. A small number of routers were offered for just under $200. This year’s CES event introduced quality routers that ranged around the price points of $100-$200.

In large homes, it’s recommended to have a mesh router system. However, this could be a bit more expensive than singular routers. Mesh routers also provide stronger and faster speeds of WiFi. At CES, Comcast announced the WiFi 6 version of their Gateway. This was a crucial change for many since cable providers rent out routers to their consumers. Apple’s iPhone 11 and iPhone 11 Pro both support WiFi 6 in addition to other companies like Lenovo, Samsung, and Asus that announced new laptops that also incorporate WiFi 6.

In comparison to WiFi 5, WiFi 6 has nearly doubled in speed. WiFi 5 had about 3.5 Gbps compared to WiFi 6 which now has up to 9.6 Gbps. However, that speed isn’t necessarily for one device solely. Rather, the 9.6 Gbps is  needed for connecting and using multiple devices without sacrificing quality internet speeds. 

There’s more developments coming for WiFi 6 such as WiFi 6E, which increases speed and capacity, but consumers will have to wait a while for this one since it doesn’t exist yet. WiFi 6 doesn’t instantly improve internet speeds. Rather, the wireless upgrade will show noticeable improvements through your regularly used devices once support for WiFi 6 is established.

California’s New Privacy Law Protects Consumers’ Submitted Data

California residents rejoice – a new law passed for 2020 allows for greater consumer data protection in which one can opt-out of having companies collect and sell their data to third parties. This includes any data collected from social networking websites, consumer goods retailers, banks, etc. 

The new act is called the California Consumer Privacy Act (CCPA) and ultimately protects people from having their data monetized. Under this act, consumers have the right to access copies of any data collected by companies. Those businesses that violate the Act can face State fines or sanctions placed upon them. Enforcement of the Act begins this year in July, and any company that has yet to comply with the change in data collection may not face trouble until then. 

For those companies already in compliance with the new law, consumers can find their data collection opt-out pages typically under the Privacy tab. Recently, a directory of links was created to include these company pages for easy access to opt-out requests –  if in case the page isn’t found straightforwardly on the company site homepage. 

For more information on California’s new Consumer Privacy Act, please visit this page here. The directory of opt-out request pages can be found here.

New Orleans Struck by Cyberattack, City Declares State Of Emergency

On Friday, December 13, New Orleans Mayor LaToya Cantrell declared a state of emergency for the city after a cyberattack was detected around 11 a.m. 

The incident began at around 5 a.m. when NOLA Ready – New Orleans’ emergency preparedness campaign – confirmed “suspicious activity…on the City’s network” and a “cybersecurity incident” by the time 11 a.m. rolled around. Once the threat was established, New Orleans’ IT department issued a shutdown of all employee devices and disconnection from Wi-Fi. Servers were also ordered to be powered down following the attack. Emergency response lines were still open to take calls, however. 

The City of New Orleans declared a state of emergency shortly after the cyberattack was detected. A press conference was held the Friday of the incident, in which Mayor LaToya Cantrell confirmed that a cyberattack was responsible for the unusual network activity. Officials stated how no data was lost after the attack and that there is still no indication that passwords were compromised. Chief Information Officer Kim LaGrue confirmed that phishing emails had been sent to employees that asked for their login information while the attack went underway. There was also evidence of ransomware – specifically the Ryuk strain – as cause for the cyberattack. 

Mayor Cantrell did later affirm that ransomware was behind the attack, but investigations are still ongoing to verify if Ryuk was indeed involved according to the press conference held Monday, the 16th. 

It’s always important to take precautionary steps in making sure you’re prepared for an impending cyberattack. Some cybersecurity steps you can take include:

-Backing up all your data

-Being mindful of what email links and attachments you click on

-Patching software vulnerabilities

-Using strong passwords and activating two-factor authentication for your accounts

Inverselogic’s 2019 Holiday Gift Guide

It seems like yesterday that we celebrated the New Year, and in a blink of an eye, the holiday season has arrived once again. Inverselogic’s 2019 year was quite eventful and exciting with the onboarding of new client projects such as the establishment of Second Home’s new Los Angeles based location – a co-working space that evokes a futuristic atmosphere, the debut of Cellar Thief’s new website – an e-commerce store for wine enthusiasts – in addition to the site launches for Walker Wines and Blacksmith Wines – two stores that celebrate discriminating collectors who seek rare wines from the world, such as French Bordeaux or Italian Barolo. Even though the year is coming to a close, we are still busy with ongoing Windows 10 operating system upgrades as well as our preparation for the upcoming 106th Annual Rosebowl Game – a perfect way to kickstart 2020 with one of the year’s largest sporting events. 

While 2019’s conclusion is fast approaching, our enthusiasm for imparting valuable cyber security information never wanes. Alongside this, Inverselogic strives to provide all our clients with top quality technology services, and our dedication to client satisfaction has been and always will be one of our principal missions. Additionally, our team is committed to delivering innovative technology solutions that best serve our clients’ needs and ensure their continued success.

We would like to express our sincerest gratitude to all our wonderful clients for making 2019 another fantastic, prosperous year. Every year brings us the opportunity to learn, grow, and succeed with our clients. We’re thankful for our business partnerships and the goals that we achieve through every project together. From our team to yours, we hope your 2019 was just as successful.

Inverselogic welcomes the forthcoming new year as we look forward to what 2020 may bring. We would like to wish you a fun and safe holiday season and a very Happy New Year!

Please enjoy our annual Holiday Tech Gift Guide, which features all of this year’s newest and coolest gadgets. We understand that holiday shopping can be hectic around this time, so we’re here to make your experience stress-free as you search for that perfect gift for your loved ones!

Some App Developers Had Access to Facebook Users’ Data Through the Platform’s Groups

Earlier this month, Facebook admitted that about 100 application developers still had access to Facebook user data, specifically those in Groups on the platform. The news comes as a surprise considering how Facebook took measures to restrict access to sensitive data in April 2018 after the Cambridge Analytica scandal. At the time, Facebook’s newly enforced rules limited third party access to users’ personal data – such as names and profile pictures – and instead allowed access to Group content.

Even after nearly a year and a half later, Facebook still has issues with controlling how much access third parties have. A post published by Facebook director Konstantinos Papamiltiadis stated that the platform’s implemented rules in 2018 were inconsistently carried out, allowing developers to collect personal information from users. Those 100 application developers have now been restricted from doing so. 

Facebook’s director stated that 11 developers had access to user’s data in the last 60 days but had not used the data in any unethical practices. Facebook is now requesting that all data collected by those developers be deleted. Papamiltiadis did not specify what personal data they had access to, however, he did state that the developer apps consisted mainly of “social media management [tools] and video streaming app[lications]…”

UPS Drones Began Delivering Prescription Medications in US

Image Source: UPS

A subsidiary of UPS called UPS Flight Forward began its drone delivery in North Carolina at the beginning of November. Through a partnership with CVS Pharmacy and Matternet, the company successfully delivered medication to both a home and retirement community. 

The drone delivered packages without human operation, although it was monitored remotely. During its delivery, the machine lowered the package it carried through use of a cable. This approach to delivering residents’ packages has taken the burden off those who have restricted mobility. 

Drone deliveries have been happening since earlier this year, with UPS delivering medical supplies to North Carolina’s WakeMed Hospital beginning in March. Google also launched its own drone delivery operation called Wing in October this year, transporting supplies like over-the-counter medications to residents in Virginia. UPS’s Flight Forward now allows for easy, stress-free delivery of prescription medications to residents.

In order for companies to operate drone delivery services, they must receive a Part 135 Standard certification that is administered through the Federal Aviation Administration, granting said companies the ability to carry packages weighed over 55 pounds and fly an unlimited amount of drones during day or night. UPS recently received its Part 135 certification this September. With this granted certification, companies like UPS can explore new possibilities for their drone delivery services, perhaps extending their delivery locations and even categories beyond prescription medications or medical supplies. Google’s Wing has already tested delivering a range of items from Walgreens and a gift shop called Sugar Magnolia in Virginia.