The beginner’s guide to avoiding cyber attacks

Online scams and frauds are one of the biggest threats to global cyber security, and small businesses are more often than not the primary victims of that. The logic is simple: small businesses often lack both the secure protocols and the business expertise to avoid such attacks. This is why the Federal Trade Commission has launched ftc.gov/SmallBusiness,a website that will help small business be aware of avoiding scams and protecting their business from cyber-attacks.

The Acting Chairman, Maureen Ohlhausen, commented that the US Government realize how important small businesses are for the economic growth of the nation, hence the website aims to serve as the ultimate destination to make small business owners aware of the risks and procedures of cyber security.

As a small context, it will be well worth to know that there are about 28 million small businesses across the United States, which employs a total of 57 million people if we believe the reports of US Small Business Administration. Since the numbers are so huge, it becomes easier for hackers to choose from and more difficult for the government to protect everyone. Small businesses, like we mentioned, are particularly vulnerable to cyber-attacks since they do not have the resources of big corporations to set up secure protocols. More often than not, it only takes a few minutes for a professional hacker to get into a typical small firm’s system. Most of the times, the attack is fairly textbook: fool them into downloading a file that is a malware, trick them into donating money to fake charities, making them pay for orders by making fake receipts or something to that effect. Sometimes, hackers go for a more sophisticated technique, like finding a breach in the company’s network and accessing vital information. Overall, the conclusion remains the same: if you don’t know the basics of cyber security, it is fairly simple for any teenager who knows his stuff to steal your money.

As it happens, most small businesses in the US don’t know the basics of cyber security, which compelled the FTC to launch the website. The website provides beginner’s guide about cyber security and the basic protocols you should employ in your company in order to prevent attacks and scams. It also aims to educate the employees about the threat, by informing them how to maintain the privacy of files, how to secure their network from external unauthorized access and how to react in case of an actual attack. The web page also gives information about the standard attacks like phishing and the newer threats like ransomware. The good thing is that FTC is aiming to make it a continuing initiative instead of a one-shot, and hence is working with SBA to keep updating the website with newer guidelines and threats.

If you are a small business owner, you should take this very seriously. The Federal Trade Commission is doing all it can to help you, but it requires efforts from your side too. In case you have further queries, you could always contact them on their helpline number, or contact them on Facebook or Twitter.

Always- evolving Internet scams target your money and personal info WNCN

Internet websites, as well as internet services, makes it easy for humans to pay their bills, make online reservations, shop and even work. Anyone can do almost everything through the internet from almost any place in this world. Human limitations, as well as old boundaries, were dropped so that we can have a larger and wider access to all the information we want to know. Because of the internet, our lives have been so much easier.

However, the same is true when it comes to crime. Due to the large network of internet, different types of cyber criminals and internet scammers affected various online businesses and individuals.

 

Since there is an open door that always allows access to navigate wide numbers of online locations, there is a greater chance for criminal minds to reach even our private lives. The attack methods vary from traditional vectors to ingenious scams where justice cannot be easily reached out to catch these eventual perpetrators.

 

Below are some of the most usual ways for anyone to become vulnerable to malware attacks or phishing scam. Their target is your personal info in order for these attackers/scammers to obtain money from their victims.

 

  1. Phishing scam – these types of scam are usually based on the communication done through emails or social networks. Attackers will send messages and will try to trick their victims into giving their login credentials. These credentials can be bank accounts, social networks, work account and other personal information that can be proved valuable for their target victims.

The phishing email seems to come from official source such as bank authorities or any other financial institutes. Delivery companies, as well as social networks representatives, are also some of the disguises they used to persuade their victims. Once the victim clicks on the links in their messages, they wouldn’t know that the website that looks legit has been actually controlled by attackers. If the victim is not paying attention, they end up giving their login credentials as well as other personal information.

 

  1. Money Laundering Scam – it is also known as Nigerian Scam. It is one of the highly popular and oldest forms of scamming scheme. The typical scam usually begins with an emotional message. It could be a government official, a businessman or member of a wealthy family who will ask their victims to provide their help in retrieving large sums of money from the bank. They will tell their victims to pay initially for paper and legal matters fees and they will promise a large amount of money in exchange for their victim’s help.

Afterward, they will ask their victims to pay more for additional services like transfer costs and transactions fee. Their victims may even receive papers that look real however, their victims will be left broke in the end without any of their promised money.

 

  1. Greeting card scam – It is also one of the oldest forms of scam. The trick is that the victim will receive emails which seem to come from a friend. Once the victim opens the email and clicks on the card, it usually ends up with malicious and most likely a virussoftware that will be downloaded installed automatically on your operating system. The downloaded malware can be an annoying program that launches pop-up ads and unexpected windows pop up on your screen.

Once your computer has been infected with these dangerous software, you will automatically become one of the bots that are part of a much larger network of affected computers. The result of this is that, in just a click away from the attackers, your computer will send private data as well as financial information onto a fraudulent server being controlled by IT criminals.

 

The above three scams are just some of the many forms of a scam being used by online scammers and attackers. According to the FBI, the number of online scams has increased over the recent 10 years. The total losses have been doubled in the past years affecting both large scale businesses and private individuals. Other forms of online scams are hitman scam, romance scam, lottery scam, fake antivirus software, credit card scam, travel scam and economic scam.

 

Have you encountered some of the above scams while you are browsing in the internet or in your email inbox? What are the most convincing ones? We would like to hear your story. Share your story on the comment box below.

How to safeguard your WordPress Site from the Cookies thief?

The above topic may sound cacophonous to the web admin that are largely depending on the WordPress for building their sites. This is not for the first time that webmasters have to come across the issues related to the security of the WordPress CMS. This has not only become all time preferred CMS just because of the numbers but it has also provided the relevant solutions to the user’s issues.

The diligent efforts in maintaining the security and the integrity of the CMS is undoubted and has made it stand ahead of the others. Irrespective of this the mischievous activities of the hacker’s community is never ending. The latest news as about the fake WordPress API that is quite similar in name with the original one has been launched to steal the information of the websites.

Nowadays the latest trap developed by the attackers is not all about hacking the site but they are focusing on stealing the information from the site. This is done by floating the fake WordPress site that is built to befool the webmasters and admin to give it control to browse the sessions and stealing the information.

This site related news was first revealed by the consulting firm Security in its report. This site is launched in the name of the WordPrssAPI that is quite enough to befool the users for using this fake API as it is of the WordPress CMS. Thus the mere typo sort of error made by the users in choosing the WordPrssAPI can lead you in troubles. This entire episode was about stealing information from the active cookies of the site.

This was based on the idea of using impersonate usage of the site by befooling the admin and the webmasters. Further, in the report, the Consulting firm clarified that there were no potential damages made to the sites running on the WordPress CMS. It also states that the fake site intending to steal the cookies is now offline. But this has created a new havoc for the WordPress Users that now shall keep a watch on such sites with malicious intentions.

The Original WordPress sites are having a pattern of login session expiry that safeguards the users from various issues as every time they have to log in using the password. This fraudulent API was stealing the information and sending it to the fake site so the login session expiry constraint was released.

How this Typo-squatting works?

This is known as the typo-squatting concept for befouling the users to long on the fake sites. Such sites are built in a dense coding pattern where it is difficult to notice the malicious code. This is usually injected in the JavaScript that allows the malware to run on the site without getting detected easily.

Further adding to it the hackers have developed the site in such a manner that all the information that was sent to the fake domains was kept hidden from the search engine crawlers. Thus it is inevitable for the webmasters to take care in using the legitimate sites only for any sort of code audit and other such processes.

The increasing number of the CMS based sites and has given the attackers the opportunity to focus on these sites as they are a simple target. The modular components make it easy to inject the malicious codes in the CMS based sites. These attacks are more prone to affect the sites running on the CMS like WordPress, Joomla and Magento, therefore, the webmasters need to be more focused and attentive for the same.

The beginner’s guide to avoiding cyber attacks

Online scams and frauds are one of the biggest threats to global cyber security, and small businesses are more often than not the primary victims of that. The logic is simple: small businesses often lack both the secure protocols and the business expertise to avoid such attacks. This is why the Federal Trade Commission has launched ftc.gov/SmallBusiness,a website that will help small business be aware of avoiding scams and protecting their business from cyber-attacks.

The Acting Chairman, Maureen Ohlhausen, commented that the US Government realize how important small businesses are for the economic growth of the nation, hence the website aims to serve as the ultimate destination to make small business owners aware of the risks and procedures of cyber security.

As a small context, it will be well worth to know that there are about 28 million small businesses across the United States, which employs a total of 57 million people if we believe the reports of US Small Business Administration. Since the numbers are so huge, it becomes easier for hackers to choose from and more difficult for the government to protect everyone. Small businesses, like we mentioned, are particularly vulnerable to cyber-attacks since they do not have the resources of big corporations to set up secure protocols. More often than not, it only takes a few minutes for a professional hacker to get into a typical small firm’s system. Most of the times, the attack is fairly textbook: fool them into downloading a file that is a malware, trick them into donating money to fake charities, making them pay for orders by making fake receipts or something to that effect. Sometimes, hackers go for a more sophisticated technique, like finding a breach in the company’s network and accessing vital information. Overall, the conclusion remains the same: if you don’t know the basics of cyber security, it is fairly simple for any teenager who knows his stuff to steal your money.

As it happens, most small businesses in the US don’t know the basics of cyber security, which compelled the FTC to launch the website. The website provides beginner’s guide about cyber security and the basic protocols you should employ in your company in order to prevent attacks and scams. It also aims to educate the employees about the threat, by informing them how to maintain the privacy of files, how to secure their network from external unauthorized access and how to react in case of an actual attack. The web page also gives information about the standard attacks like phishing and the newer threats like ransomware. The good thing is that FTC is aiming to make it a continuing initiative instead of a one-shot, and hence is working with SBA to keep updating the website with newer guidelines and threats.

If you are a small business owner, you should take this very seriously. The Federal Trade Commission is doing all it can to help you, but it requires efforts from your side too. In case you have further queries, you could always contact them on their helpline number, or contact them on Facebook or Twitter.

PADLOCK: KEY TO SAFE ONLINE SHOPPING

Most of us enjoy the convenience of shopping online because of a faster transaction and easy process. In the US, in 2014 it was recorded that an estimate of $61 billion was spent on online shopping. With this numbers, many personal information such as phone numbers, address and credit card information were flying around the internet. Such personal data translate many dollars to cyber thieves. Therefore, before giving any information and confirming any online transaction using your credit card, do not forget to check if the website is reliable and safe.

In order to determine if site is secured, the website URL always begins with https (hypertext transfer protocol secure) and has a padlock icon which can be seen at the bar or at the bottom of the website.

The https shows that the site is safe and security is in force.

The padlock icon signifies that the web page uses SSL (Secure Socket Layer) or TLS (Transport Layer Security) protocol. SSL or TLS are cryptographic protocol that administers communications security over a computer network.

The padlock icon implies that all information and banking details are protected. The presence of such icon implicates that traffic to and from the page is encrypted. Encryption is the process of securing data by converting sensitive information into codes. This is done to prevent unauthorized access. Encryption blocks important data from being read by other individual who has the intention of stealing and taking advantage of such information.

The text in the URL must be preceded by a padlock icon. If the padlock icon is missing, the site is most likely fraudulent and must be treated with caution.

The padlock icon may be green or grey in color. A green padlock proves that you are connected to a site whose address is displayed in the address bar and such connection is not intercepted. It also signifies that the website is using EV (Extended Validation) certificate. Such certificate is a special site certificate that demands a significantly more meticulous identity verification procedure than other types of certificates.

The grey padlock indicates that the website is secured but such site did not an Extended Validation SSL certificate.
The padlock icon is not just an icon. You can click on it to see the website’s security details. Clicking on the icon is important because some fraudulent sites are built with a fake bar with a bogus padlock icon located at the bottom of the web page. It is advised to always check the functionality of the lock icon.

It is very important to check the browser’s help file. You can always contact the makers of the browser software if you are uncertain of its functions.

For you to stay safe online while making that purchase, it is advised to use familiar websites. Search for a trusted site and famous retail online shops. Beware of misspelled words or sites because scammers use different domains.

Always look for the padlock icon. Never buy anything online from a website that does not have SSL encryption installed. And never give anyone your credit card or bank information over email or private messages online.