Remote Support
Verify Agent
Close

Agent Verification

Always verify who you are speaking with. Whether we initiate a call or visit your location, use this tool to ensure the person you're interacting with is a verified Blue Layer agent.

Trust, but verify all contacts.



Every year, the holiday season proves to be the busiest couple of months for essentially everyone, even for cybercriminals and their online shopping scams.

In fact, we could say “especially for cybercriminals.”

Thanks to online shopping trends, an annual spike in online activity between November and December presents a field day during which scammers can do their thing. That’s a habit that’s only likely to stick around (and/or increase) as more people opt out of fighting crowds in favor of one-tap couch couponing.

So, before you fire up your preferred browser, open up all those tabs, and cash in on all those great deals, take note of these online shopping scams that you should be on the lookout for.

Fake Sites

Phony websites that are built to mimic big, well-known brands are a common sight around Christmas time. On these fraudulent websites, you’ll find low prices, unrealistic promises, and unbelievable deals that are often too good to be true.

As it turns out, it’s because they are.

Instead of big savings, you’ll find yourself in big trouble when you fall for this deceptive front for malware, phishing, and other malicious cyberattacks. The best way to tell whether or not you’re on a fake page or the real thing? Fake ones are typically riddled with popup ads, misspelled words and links, sloppy design, and unusual, overreaching information requests.

Phishing

Deal-related promotion emails are a common sight for anyone with an email address in 2021, especially around the holidays. This clutter of messaging presents the perfect opportunity for scammers to sneak their way into your inbox. Scam filters don’t always catch them, though, so the need to be extra vigilant when it comes to which emails you open and read is extra crucial. Red flags for holiday sale-related phishing emails include:

Fake Digital Ads

Pop-ups. We’ve all seen them, and they’re still around today. While some of them are trustworthy, many of the ones you see while shopping for everything on your wish lists are bound to include what you’ll find on a fake site that’s likely hiding behind the link on them. Remember: anything that features an unrealistic price, misspelled links or words, or suspicious branding/design should be avoided.

Online shopping should be convenient without putting you at risk of your financial info being stolen. Taking advantage of something popular and in-demand during a high-traffic time of year is classic cybercriminal behavior, and these online shopping scams are shining examples.

Do you want some help training your team on how to better recognize behavior like this during the holidays and beyond?

A scammer’s job is never done, and neither is ours. Contact us today for help protecting your business.

Email scanners are an important piece of technology used to automatically detect and reroute potential threats (like a phishing attack) that attempt to infiltrate your inbox from unknown and/or suspicious sources. If you’ve ever had to “check your spam folder or quarantine” after a trusted source has sent you a message, that’s an example of an email scanner doing its job… and doing it well!

But as always, cybercriminals are always working to stay one step ahead of the measures put between them and their goal. Your trusted email scanners are no different.

You don’t want to fall victim to a phishing attack that looks like it belongs with the other meeting invites, newsletters, and company updates in your inbox. So, if a cybercriminal does end up making it past your email’s security protocols, here are a few things to be wary of.

blank

Simply put, a phishing attack is designed simply to trick. And sometimes, even the sophisticated technology designed to resist these tricks falls for them, too. And when the technology fails, it’s on the user to ensure that the cybercriminal’s last intended step is not followed through.The only way to guarantee that involves a combination of the most effective cybersecurity technology and modern cybersecurity awareness training for those who interact with it. We can help with both. Click here to learn how Blue Layer can protect your business and your employees.

You don’t have to look far to see that interest in bitcoin is on the rise and in the news more and more every day. All this talk of “wallets,” “meme coins,” and “mining” is sure to have caught your attention at one point or another, leading you to wonder whether or not it’s worth a second look.

Of all the cryptocurrencies being talked about today, Bitcoin (BTC) is the one you’ve likely heard the most about, thanks to its accessibility and the groundbreaking headlines it’s made in recent months. Unfortunately, the hype surrounding it has also caught the attention of cybercriminals, and they haven’t hesitated to capitalize on it—even for a moment.

Since cryptocurrency is still considered to be in its infancy stages, there’s a lot of mystery and misinformation surrounding the growth of this decentralized asset. This can make it difficult for newcomers to discern fact from fiction on something that can already be a challenge to understand, so we’re here to help you clear the air and make only the smartest and safest decisions regarding where your money goes.

While BTC is something worth looking into, it’s not something worth ditching your cybersecurity due diligence for. Here are some common phishing attacks to look out for while adding to your new crypto wallet.

Suspicious Log-In Emails

This is a classic phishing strategy that uses a fake email alerting users of a suspicious sign-in attempt to their wallet. Emails like these will appear to be from reputable Bitcoin-related websites and ask for users to click on a malicious link that will prompt them to enter their private login information. Once this information is provided, the cybercriminals on the other end will have access to the user’s account, giving them the ability to empty their wallet.

Phishing campaigns like these are known for using popular social engineering tactics to make their attempts look as legitimate as possible, and it’s working. One report found that the click-through rates on Bitcoin phishing emails are higher than that of other phishing scams.

Sextortion Emails

Instead of asking for login credentials, BTC sextortion emails claim to have evidence of a users’ browsing history to blackmail them into providing payment in the form of Bitcoin wallet deposits. Beware: sometimes, these cybercriminals do research on their intended victims to increase their chances of eliciting the response they want. Don’t fall for this common social engineering tactic!

Google Docs Scams

This is another scam that exploits the Google Doc functionality that many of us know and use every day to trick BTC miners into giving up thousands of dollars worth of crypto. First, users receive an email notifying them that they have been mentioned in a Google Doc by a familiar party informing them that hard-to-come-by mining equipment has become available for a limited time. Then, after the provided link is clicked, they are led to a very convincing website that offers rare equipment in exchange for Bitcoin. Of course, this page is fake, and once payment is processed, funds are lost.While this particular incident targeted miners and not the everyday investor, it should still be noted that scams like these exist and are becoming increasingly convincing. Click here for a more detailed look at how this scam works.

blank

Outdated Bitcoin Wallet Software Exploitation

When a software update is released for any platform, it can often include important security measures that are put in place to thwart cybercriminals from exploiting vulnerabilities that might have been identified in earlier versions. One scam like this found a user supplying their login credentials to a malicious source to the tune of roughly $16 million.

The lesson? Always be wary of credential requests and always use the most up-to-date software.

As cryptocurrency continues to grow, we can only expect attempted attacks on investors to do the same. Always stay on your guard and practice smart cybersecurity habits whenever interacting with technology, especially when it comes to something that you may be new to and especially when it involves your hard-earned money.

Do you have questions about what smart cybersecurity habits look like? Just looking for some help making sense of it all? Click here to learn how Blue Layer can protect your business and your employees.

Does your organization use Google Docs to accomplish work? Do you frequently send and receive documents to and from people outside of your organization? If you answered “yes,” then you might be at risk for another new phishing scam that exploits another familiar tool that your team is accustomed to working with every single day.

Recently, cybercriminals have been producing malicious phishing websites that look identical to the Google login page that we’re all very familiar with and hiding them behind false, yet convincing, invitation emails and landing pages.

Here’s how it works.

First, a person might receive an email from what they believe to be a trusted source directing them to a Google Docs link that looks like the ones you’ve received countless times before.

After clicking the link, they are directed to a custom HTML page that looks like another familiar Google Docs share page. That page will lead the person to “Click here to download the document” to which they think they are receiving access.

Once that second link is clicked, they will be directed to a login page that has been made to look like the Google login portal. However, it’s here that they will find the actual malicious site where their credentials are to be compromised.

blank

Get a more in-depth look at these types of attacks and how they are created here: Attackers Take Advantage of New Google Docs Exploit

This is another prime example of how phishing targets users by exploiting their trust in a source that would otherwise be trustworthy. Attacks like these prove all tools (even the ones that you think are the most secure) can be made a target and that we should always assume cybercriminals can compromise anything in the absence of our constant vigilance.

Do you want to make your team’s vigilant ability to recognize bad content razor-sharp? Add awareness training to your cybersecurity mix, and you’ve got a team that can’t be fooled, no matter how convincing the phishing attacks that they encounter might be.

Click here to learn how Blue Layer can help protect your business from these and other cyber threats.

If you’re a frequent visitor to the Blue Layer blog, then you’ve likely become quite familiar with phishing and are quickly becoming an expert at identifying what it looks like. Today, we’re expanding that base of knowledge by digging deeper into a specific brand of phishing called “spear phishing.” First, let’s recap what phishing is.

Phishing “the process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity using bulk email which tries to evade spam filters.” (KnowBe4)

Now that we’ve refreshed ourselves with the broad definition of phishing, it’s time to zoom in on spear phishing, specifically:

spear phishing

Spear Phishing — “an email targeted at a specific individual or department within an organization that appears to be from a trusted source.” (KnowBe4)

Where phishing is used as a more broad term to explain these types of cybersecurity breaches, spear phishing offers a more targeted and sophisticated approach by combining more advanced hacking techniques with thorough research on their individual victims.

According to a recent report outlined in this KnowBe4 blog, cybercriminals have become incredibly effective at combining sophisticated spear phishing techniques with BEC (business email compromise) attacks to craft deceptive traps that are becoming increasingly difficult to distinguish from legitimate sources. One such example of this type of attack is vendor email compromise (VEC), a kind of attack in which hackers target a company’s critical supply line information as a means to collect fraudulent payments. VEC is deceptive, sophisticated, and, as many businesses are finding out the hard way, costly.

Learn More About VEC Here: Is Your Business at Risk of a Vendor Email Compromise (VEC)?

So, when cybercriminals are so dedicated to deceiving your business by such sophisticated and tedious means, what can be done to combat them? One of the most effective ways to distinguish malicious spear phishing attempts from legitimate communication is through Security Awareness Training with Blue Layer.

Our training modules are designed based on the very latest industry information so that the instruction that your employees receive is always ahead of the scams that they might encounter.

Click here to learn how Blue Layer can protect your business.

It never fails: just when you feel like you have a grasp on current cybercrime trends, hackers are already coming up with something new that you have to worry about protecting yourself from and educating your employees about. This week, we’re talking about vendor email compromise (VEC).

What is a vendor email compromise?

VEC is a type of business email compromise (BEC) that goes after a company’s critical supply line information instead of targeting the employees themselves, as we see with things like CEO fraud.

What is the result of a successful vendor email compromise?

Tremendous cost, according to KnowBe4. The average cost of a VEC attack? A whopping $183k! Not to mention compromised vendor information and business financial details.

Is your business at risk?

According to the same linked article from KnowBe4, the chances of getting hit during any given week have increased by over 80% between Q3 of 2020 and January of this year. That’s a giant leap in a small amount of time, meaning that your entire team should always be as vigilant as possible.

Unfortunately, cybercriminals will never stop working on new ways to make something appear to be what it is not. It doesn’t help when they are particularly good at their job, making it harder and harder to combat them day-to-day. Especially when their attacks start to look like an email you might receive on a normal workday!

blank

So, if your business works with vendors that sound like they could be vulnerable to the attack that we’ve described, then you should pursue cybersecurity awareness training for all of your employees that work directly with financial transactions. It will help them understand the scams they’re up against and how to avoid falling into the traps set in front of them.

Click here to learn how Blue Layer can help protect your business today.

Try, for a moment, to remember a time before deepfakes—when technology had not yet allowed us some of the everyday conveniences that we enjoy today: when you could not order things and receive them the same day; when you could not have a face-to-face conversation with anyone, anywhere at the push of a button; and when verifying your identity in any other way than appearing in person was simply unfathomable.

Now, things are different.

Now, technology like video verification makes things like online banking (another phrase that meant nothing only 20 years ago) even more convenient, if you can believe it.

What is video verification?

Video verification is a technique used by businesses to verify the identity of customers attempting to access their account information, either with a video interview facilitated by the business itself or with customer-submitted photos or videos.

Sounds foolproof in theory, right? How could a cybercriminal possibly work around having to verify themselves in real-time on camera? Thanks to the evolution of deepfakes, it’s becoming more and more likely that they can… and will.

blank

What are deepfakes?

In short, deepfakes are any media that is fabricated by AI or deep learning methods. More simply put, it’s a new and improved way for cybercriminals to trick their victims (businesses and individuals alike) into seeing what isn’t really there.

The most troubling form of media that the rise of deepfakes has manipulated is found in an example that indicates just how sophisticated this technology really can get: video deepfakes. According to KnowBe4, “Face swapping or puppeting is where the deepfake AI maps the face of the source images and generates a 3D face model based on the photos it is fed. The model maps out the features and then when fed a source video, it will map it over.”

See Deepfakes in Action: The Best (And Scariest) Examples Of AI-Enabled Deepfakes (Forbes)

What are the risks?

Recently, deepfakes have been used to spread hoaxes and other types of misinformation by recreating the likeness of popular opinion leaders and celebrities. Now, there’s a very real concern that they could be used to commit fraud in the form of duping the remote verification technology that helps to make our lives so convenient. This could result in sensitive information (such as bank account details, for example) being compromised without institutions even realizing that the customer whose identity they verified was not the customer at all.

It is important to note that this possibility is purely hypothetical, as no clear evidence has been found that indicates such incidents have occurred. Verifying the identity of a customer usually involves more than a single step. However, the FBI warns that it is only a matter of time before we start seeing these types of attacks emerge in the very near future.

So, if video verification deepfakes are inevitable, what can you do to counter them?

Blue Layer Protection and Training

Blue Layer lives on the frontlines of cyber defense, and we’re constantly on a vigilant lookout for innovation, both advantageous and malicious. We deploy the latest tools necessary for defending you, no matter how sophisticated the threats you’re facing might have become.

We make sure that those tools are put into the hands of those most qualified to deploy them by providing cybersecurity awareness training for your employees that updates as the industry does. Want to know what your employees need to know to look out for as deepfakes start to roll out into the world more frequently? The last thing we want is for you to be behind.

Click here to learn how Blue Layer can protect your business.

It might be difficult to remember a time before MFA when you didn’t have to receive a text or email code beyond a normal password to get access to your accounts. But once upon a time, logging in was as simple as 1.) identity 2.) password 3.) entry.

The evolution of technology has brought us many incredible things since those days. However, it’s also created a reality in which one-factor authentication can’t stand up to the threat that cybercrime poses.

Enter: multi-factor authentication, or MFA, for short.

What is MFA and how does it work?

Simply put, multi-factor authentication is a way that systems use multiple methods of making sure that you are who you say you are. Think of it as presenting two different forms of ID when filling out some type of application. This helps the organization confirm your identity by requiring you to supply something that only you know or possess.

blank

When you need more than one method, that’s multi-factor authentication.

Why is MFA important?

MFA is a way to enhance a company’s security by making it more difficult for cybercriminals to gain access to locked information. When a password is all that’s required, and that password is compromised, their entry is granted. When more than one unique credential is required, however, it becomes much more difficult for cybercriminals to sidestep the security measures in place.

One example that many might be familiar with is phone or email MFA. After correctly entering your password, you will be prompted to decide between a unique code to be sent to your phone number or email on file. If you are the sole owner of that phone number or email address, then only you can receive that unique code, creating a wall between your information and cybercriminals that is much harder to penetrate.

How can MFA be hacked?

In recent years, many large companies like Facebook, Google, and Twitter have adopted MFA, confirming its overall effectiveness. However, it is important to note that no MFA tool is totally and completely impenetrable.

A few different ways that hackers can penetrate multi-factor authentication include, but are not limited to, the following:

An unfortunate reality that we all must face is that creativity and ingenuity are not lost on cybercriminals. The fortunate reality is, however, that it’s not lost on us, either.

How can I utilize MFA to protect my business?

There are many different facets to cybersecurity and cybersecurity awareness training, and MFA is one of the most important. 

Click here to get in touch with our team if you are interested in learning more about multi-factor authentication and how to integrate it into your team’s cybersecurity awareness training.

Phishing is no new topic in the Blue Layer blog, and if you’ve been with us at any point in the past, then it’s likely that you’ve been with us as we’ve explored the dangers of phishing. And at this point, the most prevalent form of cyber attacks is something with which you might be quite familiar.

According to KnowBe4, cybercrime skyrocketed in 2020, and it’s not a trend that’s expected to subside anytime soon. So, we want to provide a quick refresher on what phishing might look like and what your business should do to combat it.

What Phishing Is

A phishing scam is when hackers attempt to steal confidential information, such as company access, data, passwords, or credit card information, by posing as a trusted or familiar entity via email. These hackers will often use the timeliness of a hot topic (and the uncertainty or anxiety surrounding it) to their advantage. COVID-19 and news concerning vaccine availability are two prime examples of this attempt to capitalize on what is typically considered to be a business’s most vulnerable target: human emotion.

blank

What Phishing Looks Like

Since the term “phishing” was first used in the late 1990s, these scams have evolved and assumed many different shapes. Here are a few examples of what businesses have seen recently.

  • Brand Exploitation: This is one of the most common, especially in the last year. In this scam, cybercriminals will pose as trusted brands to scam users into granting them access to the information they are attempting to steal.
  • Healthcare Phishing: Fake surveys and seminars are the channels through which these phishers gain the information they seek. These types of scams have become increasingly common over the course of the past year because of the COVID-19 pandemic, with scammers posing as trusted health organizations like the CDC or the WHO.
  • Travel-Related Phishing: As people become more comfortable with travel, those taking advantage of their first opportunities to shake that cabin fever are likely to become the next phishing targets. Beware of links that promise great deals and always protect your passwords.
  • Something New: The tricky part about cyber attacks is that they’re always changing shape. The objective remains the same, and you can always expect this old dog to be learning new tricks when the opportunity presents itself.

How to Protect Your Business From Phishing

Cybersecurity Awareness Training

Having the ability to anticipate the evolution of phishing attacks is the key to staying safe from them. Not only can cybersecurity awareness training keep your employees up to date on the latest phishing developments, but it can also equip them with the knowledge that will help them identify harmful web content, emails, and other security risks. Cybersecurity starts and ends with the employee.

Cybersecurity Software and Monitoring

Detect and prevent cyberattacks with a world-class malware database, context-aware monitoring and reporting, retrospective malware analysis, and Threat Grid sandboxing that prevents employees from downloading malware and provides comprehensive security before, during, and after an attack.As businesses grow, cybersecurity protocols often lag behind. And with security threats on the rise, an MSP that offers scalable solutions has become more needed than it ever has been before. Click here to find out how Blue Layer uses right-sized IT solutions to help protect your business from phishing threats.

The COVID-19 pandemic’s impact on the workplace is something that no one could have seen coming. For many businesses, a typical day at the office has become a thing of the past now that everyone has been sent home, computers and coffee in-hand.

But working from home quickly presented cybercriminals with unique opportunities to strike. And unfortunately, Zoom is one of those opportunities.

blank
Zoom Phishing

Zoom phishing scams typically come in the form of official-looking (yet fraudulent) texts, emails, or social media messages that prompt the user to follow a provided link to remedy various false claims. These claims might look a little something like these.

  1. A message claiming that your account has been suspended or deactivated and that you must click on the link provided to reactivate your account.
  2. A message telling you that you missed a meeting and that you can find more meeting details by following the link provided.
  3. A message welcoming you to the Zoom platform and prompting you to follow the link to finish setting up your account.

Of course, these messages are false, and these links lead to no such places. Instead, they typically lead to malware or false log-in pages that grant cybercriminals further access to your information. Many times, these phishing attempts feature Zoom logos and are designed and worded in ways that take advantage of the timeliness and popularity of this app — one that is on many devices and used by thousands of businesses every day.

Learn more: COVID-19 Cybersecurity Scams to Look Out For

Are Your Remote Employees Protected?

So, if Zoom accounts are targets for attack, but you still need to rely on it to conduct business for the foreseeable future, then what can you do to protect your remote employees so that they can feel confident using this tool?

The answer is actually quite simple — more simple than joining a Zoom meeting, in fact.

At Blue Layer, we help teams examine their cybersecurity practices and identify areas for improvement. After all, the user is a business’s first line of defense. Ensuring that all of yours (especially the remote teams) are up-to-speed on cybersecurity awareness best practices is the surest way to make sure they know what to do when faced with one of these malicious Zoom phishing attacks.

Click here speak with us about protecting your team with Blue Layer, your partner in all things IT.

As a reliable technology partner, it’s our job to help your business identify all types of attacks that pose a potential threat to you, your employees, and the information systems that you’ve been tasked to protect. Social engineering attacks are one of the most common types of threats that we regularly see and help businesses mitigate, and are at the core of nearly every cyber attack.

“Social engineering” is a term that you’ve probably heard at one time or another, but what does it mean? More importantly, how can you be sure that what you’re spotting is social engineering, and how can you make sure your business doesn’t become its next victim?

Let’s break it down.

blank
What are social engineering attacks?

Simply put, social engineering attacks are a process by which cybercriminals (or “social engineers”) obtain control over some element of a computer system by manipulating, influencing, or deceiving its users.

How are they different?

Social engineering attacks target the individual user directly by taking advantage of a person’s inherently-human vulnerabilities. A person’s fear, trust, sympathy, greed, or indifference surrounding a subject all serve as perfect targets for a social engineer, especially when the subject in question is a particularly sensitive or timely one.

Some examples of a sensitive or timely subject that may be grounds for an attack include security compromise, fraud, COVID-19, or COVID-19 vaccine availability, just to name a few.

How can you spot them?

Here are some common examples of social engineering attacks.

Again, social engineering is designed to take advantage of what makes us human. The biggest red flags are elements of a potential attack that are clearly written or designed to fool someone or provoke an emotion. Here are some examples.

These are some of the most common ways to determine whether or not a message is legitimate. However, as social engineers become more and more clever, distinguishing malice from legitimate sources has become increasingly tricky, fooling even the most cautious users. So, if you’re supposed to be on the lookout for social engineering attacks but they’re continually changing shape, how can your business possibly stand a chance?

How can your business stand a chance against them?

Social engineering is not something to be taken lightly, and safeguarding against it must be a constant team effort. So, if you want to equip yourself with the knowledge that enables you to identify even the most clever attack attempts and place barriers between you and those that might signal those attacks, you need a partner like Blue Layer.

Blue Layer is a team of professionals that is familiar with every angle of strong cybersecurity, meaning we know what it takes to handle something like social engineering.

Click here to learn more about our cybersecurity services, cybersecurity awareness training, and how we can turn your users into human firewalls!

Taking the path of least resistance when it comes to passwords is something we’re all guilty of. If they check all of the required boxes, are as uncomplicated as possible, and are memorable, then the chances are that’s what most of us are sticking with! But, will they pass the Weak Password Test? You can get results in as little as five minutes, and you might be surprised at how vulnerable your passwords are.

blank

The fact is, passwords are the first layer of a business’s strong cyber defense, and getting too comfortable with easy ones can sometimes be to the detriment of that defense. Cyber attacks in 2021 will look like they never have before, and there are critical steps your team must take to have a chance at combating them. Strong passwords are the perfect place to start. 

Here’s how your business can get back to a strong password strategy in the new year.

blank

Private?

A password is yours and yours only. Never share your passwords with anyone and keep them safe.

Eight characters or more?

The longer, the better!  A great hint is to use phrases for your passwords.

A combination of different characters?

The more complicated, the better, too. Strong passwords should be unpredictable and incorporate lowercase letters, capital letters, numbers, and special characters. Don’t worry about making them too complicated either — LastPass has your back.

Predictable?

When coming up with a new password or resetting existing ones, here are some things to avoid:

Unique?

Every credential you use should have a unique password.  Too often, we reuse passwords across websites, applications, and workstations in the name of ease and efficiency.  Unfortunately, criminals capitalize on this to compromise you and your organization.  A password manager such as LastPass enables you to retain the ease and efficiency to login and simultaneously provides unique and complex passwords.

In theory, making a password easy to remember makes sense. But with a password manager in place to keep track of your sites and credentials, you have the freedom to make strong and unique passwords.  Think of a password manager in the same respect as your Contact app on your phone.  Every phone number is unique for all of your contacts, yet you do not have to remember every phone number for every contact.  Simply click on what you need and easily accomplish what you need to do. 

2020 came down on the cybersecurity community with an entirely new brand of attacks centered on the COVID-19 pandemic, giving us all an honest reminder of just how savvy cyber threats really can be.

So, if you’re worried about what your defenses look like in 2021, then it’s time to speak with an innovative leader like Blue Layer. We work with our clients to analyze their current cybersecurity situation and help them pinpoint areas to improve.Passwords are just a starting point! Click here to learn more about the services offered at Blue Layer.

Much in the same way that cybercriminals have targeted remote workers throughout this pandemic, they have also set their sights on other unsuspecting victims by various means. This time, the latest attacks have come in the form of malicious email campaigns concerning the newest coronavirus development: the COVID-19 vaccine.

blank

You can always count on cybercriminals to take advantage of a situation, and this one (as sensitive and as serious as it is) is no different. Here’s how they’re doing it.

COVID-19 Vaccine Phishing Emails

Shortly after the news of an approved COVID-19 vaccine began to circulate, phishing campaigns designed to exploit the uncertainty surrounding and limited access to the vaccine began spreading to unsuspecting inboxes everywhere. These malicious email campaigns featured misleading subject lines that promised the recipient access to limited vaccines, only to expose them to dangerous malware and remote access trojans (RAT) once opened.

As malicious as this social engineering scheme is, it’s not totally unpredictable. “Malicious actors had a field day back in March and April as the coronavirus washed over countries around the world. It was and still is the perfect tool for social engineering scared, confused, and even downright paranoid end users into opening the door to your organization’s network,” said our friends at KnowBe4. “Put very simply, this is pretty much what we expected.”

So, now that these phishing campaigns have arrived, what can you do?

blank

What to Look Out For

Based on what we’ve seen, these phishing campaigns have been designed to take advantage of some of the most common questions about the uncertainties surrounding the COVID-19 vaccine, including:

So, when it comes to protecting your information from these attacks, be wary of content that comes from suspicious email addresses that use highly emotive language to direct you to hyperlinks that contain misspelled domain names or unfamiliar sites.

This is a hot button issue that will inevitably develop and evolve over the coming months, so constant vigilance is a must on all fronts. Encourage your team to stay aware, use their best judgment and remember that if an email promises something too good to be true, then it most likely is!

How to Protect Your Team

It may be a new year, but 2020’s issues haven’t hesitated to follow us around the corner, making vigilance just as important now as it was when the COVID-19 pandemic began. Keeping your team up to speed on cybersecurity awareness and best practices has never been more critical, and now is the time to act.

Click here to contact our team and learn how to protect your employees from ever-changing COVID-19 scams.

With phishing scams continuously evolving and becoming more and more clever, email remains the bad guys’ favorite tool to use when going after unsuspecting and unaware cyber victims. It’s an easy tool to protect with the right know-how, but even the slightest of slip-ups can turn an invaluable business tool into a costly vulnerability.

Here are some of the easiest ways to set your employees’ email security settings up for success in the upcoming new year and beyond.

blank

Strong Passwords

First things first: strong, unique passwords are a must. The idea of a password may seem trivial, but in fact, prioritizing ease over function when it comes to them can be costly. Include a combination of numbers, symbols, capital letters and lowercase letters, and avoid including anything that is very closely related to you, including names of family members, friends, pets, etc. Once you have strong passwords, LastPass is the best option for protecting them. 

Two-Factor Authentication

Think of two-factor authentication as an added layer of protection that’s even more personal and more difficult to work around. The first factor is the strong password that only you keep. The second is a unique one-time code that can be sent to your mobile phone or email or one that is generated only on your phone.

Email Whitelists and Blacklists

Whitelists and blacklists give you the power to decide who’s in and who’s out when it comes to those allowed access to your inbox through email. These lists can be set based on domain, email address, or an IP address or IP range.

Data Backups

Losing email data to cybercriminals costs time and money, neither of which your business can afford to lose. Always opt for third-party backup, even when it comes to cloud collaboration platforms like Office 365.

Virus, Ransomware, and Phishing Scanning

An Intrusion Prevention and Intrusion Detection System (IPS/IDS) is a network security tool that detects threats and prevents them from penetrating your email network. An IPS/IDS continually monitors your network traffic and incorporates rulesets that are refreshed daily to ensure protection from the latest, ever-evolving vulnerabilities, including exploits, viruses, rootkits, and more. IPS/IDS updates are issued to customers via the cloud, eliminating the need for manual staging or patching.

blank

Email Security Settings, Cybersecurity, and Cybersecurity Awareness Training with Trained Professionals

Blue Layer provides a comprehensive suite of cybersecurity services for our clients that are designed to assess the state of their security, identify weaknesses and vulnerabilities within their systems, and implement the best possible solutions to curb those potential threats to their network.

One element of these services includes cybersecurity awareness training, which effectively works to turn employees into impenetrable human firewalls. So if you are unsure about the current state of your business’s email security settings or your team’s ability to mitigate potential threats, contact Blue Layer today. We can help your organization cultivate the type of cybersecurity-first culture that you will experience the benefit of in 2021.

Click here, and let’s get started together.

Cybercriminals’ Biggest Target: Working from Home

As a business owner who is continuously working to protect your most valuable information, you know firsthand just how important it is to prioritize effective cybersecurity. You also know how frequently the definition of what that looks like can change. And in a time when things seem to be changing at warp-speed on a day-to-day basis, that can be even harder to keep up with.

Cybercriminals are always looking for new ways to take advantage of vulnerabilities. What bigger vulnerability than those created by COVID-19? Workforces everywhere have made a massive shift toward working from home in the face of this year’s pandemic, and cybercriminals have shifted focus to meet them there.

Read more: COVID-19 Cybersecurity Scams to Look Out For

So, what can you do to ensure that your remote employees are as safe on the couch as they are in the office?

It all starts with unified communications.

Unified communications allow multiple business communication channels to work together under a controlled platform for increased efficiency for all users. Get connected, stay connected, and collaborate safely with the power, scalability, and flexibility that comes with unified communications.

Backup your data.

Online productivity apps are essential for off-site collaboration, but they are not totally impervious to disaster. Third-party backup adds an extra layer to your remote cybersecurity.

Learn more about backing up your data here: Why You Should Back Up Your Office 365 Data

Fortify your connection.

Security measures like Virtual Private Networks (VPNs) play an important role in bridging the home-to-office cybersecurity gap. Having a VPN establishes a secure connection directly to your office from wherever you set up shop. Exposed connections are a common vulnerability with most businesses, and VPNs make that gap air-tight.

Get familiar with new cybersecurity trends, and don’t forget what you’ve learned in the past.

This new switch toward a remote workforce model has made it more important than ever to pay close attention to online security trends and apply the cybersecurity awareness training you’ve had in the past. The villains who would threaten your security haven’t gone anywhere — they’re just wearing new masks. Blue Layer can give you all the tools you need to remove them.

blank

Lean on a trusted IT partner for protection when working from home.

Cybersecurity moves fast, and it can be hard to keep up with an ever-changing landscape. Luckily for you, Blue Layer is on top of things. We help you stand firm against changing tides so that your employees and their information are protected, no matter where in the world they may be.

Identify gaps in your company’s cybersecurity strategy, educate your employees on the best cybersecurity practices, and make working from home as safe and secure as the office by clicking here.

COVID-19 Cybersecurity Scams to Look Out For

As long as vulnerabilities in technology exist, you can count on scammers to take full advantage of them and as one might expect, the coronavirus outbreak has been no exception. The arrival of COVID-19 has sent cybercriminals into overdrive, taking advantage of the unprecedented levels of stress, fear, and uncertainty that we have all experienced.

A big target for these COVID-19 cybersecurity scams? Remote workers.

Working from home has introduced many Americans to a new sense of detachment and vulnerability due to the mixing of work and social environments. These environments provide a perfect space in which cybercriminals can plot attacks on workers’ most important information.

blank

If you ask us, the numbers speak for themselves. Here’s a quick overview of some of the most popular COVID-19 cybersecurity scams that we’ve seen.

Brand Exploitation Phishing

In this scam, phishers pose as trusted brands to scam users into giving them an open gateway through which they can penetrate sensitive information and install malware on their devices. In this particular example, we see scammers posing as trusted agencies such as the Center for Disease Control and the World Health Organization.

Healthcare Phishing

Unfortunately, even those on the front lines of the pandemic aren’t safe from the cybersecurity threats that COVID-19 has inspired. Scammers posing as trusted organizations like the CDC and the WHO have taken advantage of the chaos that the coronavirus has caused by phishing for healthcare credentials through the use of fake surveys and seminars. Some have even attempted to go after the agencies themselves.

Phone Scams

In addition to malware, scammers have also used convincing audio to scam vulnerable people into providing personal health or financial information. How do they do it? By “offering testing kits, scaring you into getting your air conditioning ducts cleaned, posing as charity organizations raising money, and even pretending to be from the World Health Organization!” say our partners at KnowBe4.

Stimulus Check Scams

Scammers also have attempted to target the primary source of relief for many Americans during the pandemic: the economic stimulus checks provided by the government. In another effort to take advantage of the urgency surrounding COVID-19, scammers have sent unsolicited fraudulent emails that require the receiver to enter personal information for the false promise of receiving their check.

Fear Tactics

Another way that scammers have attempted to attack innocent people is by sending phishing emails that exploit the fear that their sensitive information may have been compromised. Some emails suggest that the receiver may be infected with the virus and that they should click on a malicious link to receive further information. Others use compromising information to falsely hold users hostage until they comply with the scammer’s demands, which usually come in the form of payment.


These are some of the most common COVID-19 cybersecurity scams that we have seen circulating and this trend is not a new one. As long as there is a crisis, you can expect cybercriminals to take full advantage of it to exploit the people that are most affected by it.

Thankfully, as long as threats exist, there is an effective way to ward them off. Cybersecurity awareness training helps your employees identify these types of threatening web content, giving them the tools they need to become your organization’s human firewall.

Click here to keep your business’s information safe from these and other potential threats that may arise.

5 Tips to Keep Your Tax Data Secure When Filing Online This Year

At Blue Layer, our priority is assisting and protecting our customers in any capacity that we can. Protection is especially important this time of year when many people are dealing with something as delicate as filing taxes, more specifically, filing online. Despite efforts to combat cyberattacks in recent years, they can still happen.

As you get ready to file, here are a few things to keep in mind that will make sure that your tax data is kept secure.

Two people working together

Create and protect strong passwords.

This is a simple (and non-negotiable) cornerstone of cybersecurity. Password apps like LastPass or 1Password help you generate and store unique, encrypted passwords and log-in information for all of your online accounts. They are safe, secure, and essential for keeping all online tax data secure. 

Use only secure connections.

While public WiFi networks are widely available for most people, they are notoriously insecure. Should you need to work outside of your home connection, establishing a VPN (virtual private network) is the best way to keep your connection secure. However, home networks can also be susceptible, making VPNs an excellent application for connections of any type, and in any scenario.

Encrypt your data.

There are several ways to do this, but regardless of your method, encryption adds another layer of protection between your data and those who wish to steal it. It’s also important to double-check that the sites that you are using use SSL (Secure Sockets Layer) encryption to protect your browsing data. How do we do this? Simply ensure that your URL begins with “HTTPS” and not “HTTP”.

Back up and delete your data.

In the unfortunate (and unlikely) event that your data is compromised in some way, backing essential data up on an external drive will ensure that it is not lost.

As an extra measure of security, you should also delete any tax data on the device that you used to file your taxes.

Use protection software.

Installing security software on your device is the best way to protect your information from any vulnerabilities that cybercriminals typically target. Keeping that software up-to-date keeps you safe from the ever-evolving methods of attack that cybercriminals employ.

Your tax data is incredibly delicate, and the unfortunate reality is that everyone is susceptible to breach. But at Blue Layer, we are focused on minimizing your exposure to threats by offering personalized cybersecurity solutions.

Click here to learn more.

Service Spotlight: Disaster Recovery from Blue Layer 

What is disaster recovery? 

Disaster recovery should be a crucial part of every business plan. Essentially, it involves backing up your corporate data and making the information available when required.  What would happen if your critical operations experienced an interruption due to missing, corrupted, or encrypted data? Many companies would face crippling downtime and backlash from customers when criminal attacks or natural disasters strike.

Data replication plays a crucial role in your business’s disaster recovery plan. Learn more about the benefits of implementing a recovery plan and protecting your business with Data Replication services from Blue Layer. 

Data Backup

The first feature of our data replication plan is data backup. Your data will be replicated and stored in a protected location, typically cloud-based, that is a reliable copy of your production data. Our advanced IT solutions ensure that uninterrupted access to your critical data is continuously available. 

If your operation relies on databases, virtual machines, multiple locations, or irreplaceable client data, then your business should leverage data synchronization. 

Continuous availability

Continuous availability to your most frequently used data takes disaster recovery plans to a new level. Decrease your downtime with a failover recovery environment with uninterrupted access to mission-critical information. Whether your data is hit by a natural disaster, hardware failure, or vicious malware, your access to the data will remain available. 

Minimal downtime

Blue Layer dedicates a team of recovery experts to monitor and manage your critical business components. We deliver a tested recovery plan, customized to your unique needs. Replication enables your business to resume operations in a fraction of the time when compared to traditional backup-and-restore solutions. In most cases, downtime is cut down to hours rather than days or weeks. 

Optimized resource utilization

You know the importance of optimizing the resources available to your business, and so do we. Our disaster recovery services keep it simple to reduce your backup storage requirements while maintaining your ability to access block-level, system-level, and duplication backups.

At Blue Layer, we offer multiple solutions from installing a dedicated appliance to utilizing our datacenter as an additional resource. Investing in replication will not only serve as your disaster recovery plan but also help you meet compliance requirements and save money over time by diminishing the costs associated with downtime. Without a tested plan for data recovery, it could be weeks before your business is up and running after mission-critical data is lost, corrupted, stolen, or otherwise compromised. 

 

Contact our team today to learn more about protecting your critical data with our Disaster Recovery services

Chilling Cyber Threats: Cybersecurity Tips to Keep Your Data Safe 

October is National Cybersecurity Awareness Month, created by the government and the IT industry to raise awareness of the resources available to Americans to remain safe online. Our team at Blue Layer is taking part to raise awareness by sharing our essential cybersecurity tips and services available. We have years of industry experience and the resources to help small businesses protect their network, data, and systems from chilling cyber threats. 

Improve your cybersecurity to keep your data safe with our helpful tips. 

 

Blog Woman

Create a strong password

Using a strong and secure password is critical to protecting your data. Create complex, difficult-to-guess passwords by including a combination of upper and lowercase characters, numbers, and symbols. Your passwords should be updated annually, and you should never use the same password on multiple accounts. 

We recommend storing your accounts’ login information through a secure password management tool. There are excellent free services available for both business and personal use. 

Use two-factor authentication

Follow up a strong password with a second form of user verification to better protect your accounts with two-factor authentication. This additional security method requires a second form of authorization, making it more difficult for hackers to breach your systems. Types of two or multi-factor authentication strengthen traditional login processes by requiring access code confirmations from another device or proof of identification. 

Employee training 

Many system breaches can be avoided by educating your team on potential cyber threats. Provide your employees with training to establish or refresh on security expectations, policies, and appropriate guidelines. Controlled employee access and monitoring of unauthorized activity can discourage internal misconduct through an understanding of cybersecurity policy. Promoting safe internet and technology practices in your business can boost productivity and employee morale. 

Blue Layer provides security awareness training resources that help you identify dangerous web content, emails, and security risks. We keep you informed of the latest cybersecurity threats, and we partner with you to protect your business and enable your employees to become a human firewall.

Backup your data 

Reduce downtime and stop the crippling effects of cyber threats by backing up your business data through data synchronization. If your data is left unprotected, it can quickly become compromised. Storing your information through a safe third-party or external source is recommended for valuable customer information. 

Anyone with databases, virtual machines, multiple locations, or critical data should leverage data synchronization. Protecting your clients’ personal information is a top priority, and our disaster recovery and cybersecurity services can ensure their data stays secure. 

Keep your system’s software up to date 

Updating your operating system and virus protection software is critical to protecting your data from external and internal threats. Ensure that your technology’s protection is up to date by turning on automatic updates or outsourcing these services from a trusted IT solutions provider. 

Blue Layer has been trusted to equip businesses with the appropriate, right-sized IT services for their unique needs for nearly twenty years. Let our IT experts monitor and support your company’s technology needs so that you can focus on what matters the most to your business. 

As your business grows, your security protocols must keep up with constant advancements in technology. Blue Layer can help you develop the proper approach to protect your system’s integrity from deadly cyber threats. From two-factor authentication, security awareness training, immediate text-based password reset, and monthly vulnerability scanning and remediation, we create the right strategy to meet your unique business needs. Contact our team today to schedule your business consultation and learn more about partnering with Blue Layer. We hope to see you soon! 

Click here to learn more about our cybersecurity services

Beware of Office 365 Email Phishing Scams

There is an Office 365 “Unable to Verify Subscription” phishing email that is being sent to Office 365 users. Do NOT click on the “Re-Enable Now” link included in the email.

The image below is an example of what you need to look out for.

blank

The email, text and images included may look very real, but in fact it is a scam to get your password and access to your Office 365 account. The image below is just one example of the email circulating among Office 365 users right now. When we mouse over (not click on) the “Re-Enable Now” button, the link is redirected to a URL out of Indonesia, however, other links may look different. Be suspicious of any Office 365 emails that you receive, stay alert and think twice before you click.

If you believe that you may be a victim of an Office 365 email scam or have any questions,

please contact our help desk.

Vulnerability Warning: Intel CPU

By now you may have heard about the ‘Intel CPU Vulnerability’ and may have even started to receive emails from your Antivirus vendor with information regarding patching. This latest vulnerability is also commonly known as ‘Meltdown’.

Vulnerability Warning

Meltdown breaks the most fundamental isolation between user applications and the operating system. This vulnerability allows a program to access the memory, and thus also the secrets, of other programs and the operating system. Meltdown affects personal computers, mobile devices, servers, and cloud systems.

Meltdown breaks the most fundamental isolation between user applications and the operating system. This vulnerability allows a program to access the memory, and thus also the secrets, of other programs and the operating system. Meltdown affects personal computers, mobile devices, servers, and cloud systems.

If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking the information. Luckily, there are software patches being released by Microsoft, Apple, and Linux providers to repair the vulnerability.

Meltdown uses similar techniques to many modern Antivirus programs. As such, patching the vulnerability may cause issues with system stability and Antivirus functionality. We will work with our vendors to identify, update, and patch relevant Antivirus products to then enable patching of affected operating systems.

“We are committed to patching all affected systems as quickly as possible. We continue to work closely with our vendors to monitor and protect our customers.”

Michael Strong, COO

For more information about the details of the vulnerability, visit this public information site. If you have any questions or inquiries, please contact us.

What You Need to Know About the Equifax Breach

This past week, big-three credit bureau giant, Equifax, was hit with a major breach of information, putting 143 million Americans at risk. Social security numbers and other personal information are among the data that was compromised in the intrusion. To make it even worse, the Equifax site, equifaxsecurity2017.com, where users are supposed to be able to find out if they were impacted by the breach, is broken and useless. Krebsecurity.com referred to it as a “stalling tactic or sham at worst.” Following the breaking news of the breach, this site was flagged as a possible phishing scheme. Many received differing answers on whether they were affected, causing much confusion. Some were also told that they were not eligible and to try again later in the month. Equifax hired a third-party public relations firm, Edelman PR, to assist in the notifications of affected customers.

Equifax Breach

Equifax confirmed that the cyberattack was discovered in the end of July, including data such as social security and drivers’ license numbers, birth dates and addresses. However, contradicting reports indicate that the vulnerability was discovered in March. Over 200,000 customers credit card data were also involved in the intrusion. Complaints are being raised about the delay in time that it took to inform customers about the breach. Equifax says that it took action quickly to prevent further damage, however, 143 million Americans are now affected by this and are not pleased with Equifax’s response. Updates from an Equifax spokesperson indicate that the site’s problems are now resolved and customers can get accurate information that clarifies whether they were affected or not.

Once Equifax discovered the breach in the access to their website, they enlisted the services of an outside computer security forensic firm, Mandiant. An employee of Mandiant purchased equihax.com and other domains that may have looked appealing to phishers in order to keep it off the market.

Coincidentally or not, Equifax executives managed to sell millions of dollars worth of stock. This happened between the time when the intrusion was discovered and when the public became aware. Stocks are now down by 13 percent, from when the breach was announced versus the price on the market Thursday. The executives claim to have no knowledge of the breach prior to the sales.

Equifax should have been aware of the technological ramifications of not being adequately protected. Without the protection that a company such as Equifax should have had, a data breach was likely in only a matter of time. Apache Struts is a program for building web applications in Java and is believed to be the open-source software package where the vulnerability was discovered. According to reports, the vulnerability had existed since 2008. Apache Struts is a very popular framework utilized every day by over 50 percent of the Fortune 100 companies such as Lockheed Martin, Office Depot, even the IRS and more. In this case, the vulnerability was exploited and malicious code embedded inside the data. When the Apache Struts program attempted to convert the data, it was executed at that time causing the breach. Meaning, hackers had easy access to establish malware onto the company’s webservers, as well as steal and delete confidential data.

New developments indicate a class action lawsuit has been filed. The civil action suit accuses the company of lacking security standards and guaranteed protection for its users in an effort to save money. The lawsuit is requesting compensation and costs for the potential 143 million Americans affected.

Customers should immediately put in place a freeze on all accounts that were associated with Equifax. For customers signing up with Equifax, all are required to acknowledge the terms of service. However, those terms appear to include legalese suggesting that by acknowledging the terms or terms of service you are waiving all rights to be a part of a class-action lawsuit in the future if that situation were to arise. Equifax has since provided an update on this verbiage addressing those terms. “In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident.”

How this affects you?

All consumers have rights, mandated by congress, to access their credit report via annualcreditreport.com. This gives consumers one free report from each of the “big three” Experian, Trans Union, and Equifax. If you sign up with a company like Equifax, the most that they can do for you is to alert you once your information and identity has been stolen, they cannot prevent it.

Consumers can request that the bureaus “freeze” their credit information. This prevents anyone from accessing the credit files. Consumers can temporarily or permanently remove the hold if they wish.

Always be aware of where your confidential data and personal information is. Do not provide personal information such as social security numbers or credit card numbers via email, unless the emails are encrypted, or to people you do not know. Hackers and phishers are getting smarter every day. Cybersecurity is becoming increasingly more important, not just for organizations and corporations, but for individuals as well. If you have questions or concerns regarding your cybersecurity and data protection, contact Blue Layer to learn more.

What You Need to Know About Two Factor Authentication 

In the world of cyber and digital crime, internet security is becoming more prevalent in our lives. Regularly changing your passwords and complicating their text seems secure, a simple phishing tactic can change all that. Enter, two factor authentication, also known as TFA or 2FA for short.

Two Step Auth

2FA will not only require a username and password but also requires the user to enter a piece of information only they would have access to or know. 2FA is using two of these three factors of authentication: something you know, something you have, and something you are. While retina and fingerprint scanning is seen in the movies, and will soon probably be a reality, the second factor of authentication can be as simple as a code sent to your mobile device only to be used once.

While 2FA is not a new concept, it remains important and widely used in the digital age that now encompasses our lives. Two Factor Auth can tell you which sites and companies are using 2FA including Google, Facebook, and Instagram, SnapChat, PayPal and Amazon, just to list a few. Even the White House now has a campaign encouraging users to #TurnOn2FA.

More and more services now support 2FA via mobile device apps. For example, Authenticator and 2STP companion available in iOS. The apps, pre-set by you to work with certain services, has constantly rotating sets of codes to use when even 2FA is needed. 

Contact Blue Layer today to learn more about what you can do to protect your business. 

What You Need to Know About “WannaCry” Ransomeware 

As has been widely reported, a well-orchestrated ransomware attack swept the world this past Friday, wreaking havoc in over 150 countries. Hospitals had to turn away patients and, as of Monday morning, approximately 200,000 systems in a wide variety of industries around the globe had been infected with the malware. This is the most extreme attack we have seen so far in 2017 and unfortunately, there is no permanent fix. Patch your systems and have proper security because this is not going away.

The Ransomware infects files and user data demanding payment until returned. Reports stated the ransom was $300 in bitcoin to start, following 3 days, it would increase to $600 bitcoin and after a full week with no action or payment, all encrypted data would be destroyed.

Ransomware

WannaCry may have gone global attack this past Friday, however, Microsoft, was aware of it and released a security patch earlier this year for vulnerabilities in Windows Software. Many were affected due to the lack of security updates and using older versions of Windows leaving users susceptible to attacks on their files and systems. Although the malware was first detected in March and used by the NSA, there was a report that it was publicly stolen from the U.S. National Security Agency about a month later. The malware is believed to have been stolen by well-known hacker crew, The Shadow Brokers. The malware drops an encrypted file on the seemingly vulnerable system, which is then executed as a service dropping the ransomware file onto the affected system. Approximately 165 extensions are vulnerable to the attack, including commonly used Microsoft extensions, including .docx, .gif, .jpg, and many others. While unusual, the temporary fix for this particular malware was discovered by a 22-year-old cybersecurity researcher in the U.K. He goes by the Twitter handle @MalwareTechBlog and by pure luck, managed to derail the entire operation.

Malware Tech noticed that one of the domain names being used in the attacks was not registered. He tweeted that he purchased the domain name, drugs-are.reallyreally.fun for $3, thus tracking the ransomware’s spread and unintentionally disarming the attackers.

Although Malware Tech stopped the ransomware spread now, that does not mean it is gone for good. You are putting yourself at a greater risk without a security appliance and without anti-virus software. Do not become a victim in the future. Protect yourself today.

PC users: run the updates on your machines with updates from Microsoft.

-If at all possible, upgrade from Windows XP.

-Do not open emails, attachments, etc. from senders you do not know.

-Always be aware of suspicious emails with attachments that you did not request.

-Never click on links from questionable sources.

-Any time you download or install files from the internet, you are at risk.

Since this malware was so destructive, for the first time since 2014, Microsoft released a patch for Windows XP. Click here to ensure your security is up to date and you are protected.

Questions or concerns? Contact Blue Layer today to discuss your security options. 

Google Doc Users Beware 

For those who frequently use Google Docs, double and triple-check before opening, even if it appears to come from a trustworthy source. Anyone can be a victim. A harmful phishing scam that imitated the typical Google Docs email took over the internet yesterday, including a reasonable amount of media companies. “Think before you click” may sound repetitive, but it really can save you from falling victim to cyber threats. 

Google quickly took action to subdue this particular scam, and the company said that in a statement it has since disabled the accounts that are believed to have been infected. “We have removed the fake pages, pushed updates through Safe Browsing and our abuse team is working to investigate and prevent this kind of spoofing from happening again.” 

Google Document

Large scale phishing attacks such as this one, regularly impersonate popular internet sites and pages. Similar Google Docs scams have been spreading on the internet since at least 2014. Unfortunately, they were not easy to identify because the authenticity was so realistic and accurate, phishers utilize actual Google accounts and really interacted with Google services. The genuine looking aspect lures victims into the scams without even knowing the pages are not real.

This is how a typical Google phishing scam would sound:

-You receive an email saying someone added you to a Google Doc. “Please click the link to view

-This link then takes you to a legitimate account screen with a list of all the Google accounts you’re logged into.

-You are then asked to choose the one you want to view the document in (or log in with to view)

-At that point, the malicious Google Docs. waits for you to grant access to your account, where it then has access to your contacts, emails and other personal information.If you had already fallen victim to the link, go to the permissions page in your Google accounts and revoke the service called “Google Docs.” It is fake. Then reset your password and turn on 2-Factor Authentication, if it wasn’t on already. Protect yourself and turn on Password Alert. This is a Google tool that will alert you anytime your Google credentials are entered into any page that is not “Google’s”. For instance, if phishers are using a genuine-looking fake page, Password Alert will immediately request you change your password as soon as you have entered them into the fake Google

Clicking the links or downloading attachments should not be a regular function, even if they are from people you trust. They may be victims as well. Take time to analyze the email and the URL it came from and double-check with the “sender” to see if they really sent you something. The best protection: think before you click!

Blue Layer provides team training to educate your employees on security awareness to protect your business. Contact us today to learn more. 

Microsoft Ending Support for Windows Vista 

For Windows users, the product lifecycle is no surprise. It begins when released and ends when support is no longer available. Support is available for a minimum of 5 years after a products general availability. Beginning on April 11, 2017, Microsoft has decided to end support and updates for Windows Vista. Although it will continue to start and run, Windows Vista will no longer be supported.

This means that Microsoft will no longer provide fixes, updates, or technical support online. If you are still running Windows Vista, then now would be the time to make sure that you have the latest update available to you. This means that without Microsoft support, you will no longer receive security updates to protect your PC from viruses, spyware, and malicious software.

You may continue to use Windows Vista, however, you put your PC at risk for malicious viruses and spyware. Contact Blue Layer to schedule a business consultation to prepare for updating your operating system.

Window Support