Getting clicks on your website?

BlackBox connections - Blog - Why SEO should matter to you

If your getting clicks on your website then your probably doing a descent job on your SEO.

Now if you just can’t seem to figure out why you’re not getting clicks or getting traffic to your website, then you may need to re-evaluate your SEO Strategy.  And if you are someone that is lost as to if you have a SEO plan to begin with….and have no idea where to start, then we’re glad you are here.  We want you to get more clicks!

What is SEO?  Basically SEO is short for Search Engine Optimization.  This is the method used to improve traffic and ranking of a website.

Why is SEO important?  Well let me ask…..does your website show up on the first page of Google when you search for your business?  If the answer is NO, then we need to chat!

SEO or Search Engine Optimization is an ABSOLUTE must if you want people to find you.  If a person does a Google search for a service they are looking for and you aren’t WORKING YOUR SEO….they WILL FIND YOUR COMPETITOR INSTEAD!

So what can SEO do for you?

You will be found! I know pretty basic…but we are thinking that is what you want, right?!  With our SEO techniques, we will help prospects find your website and local listings when they conduct local searches. We review your business and website to determine the SEO keywords and tactics that are right for you.

Connect with us so we can show you why & how we make YOUR website on THE TOP PAGE OF GOOGLE!

by BlackBox Connections

Topic: Getting clicks On Your Website?

Latest Data Breach List

BlackBox Connections Logo

Location

Unit 203
70 Country Hills Landing
NW Calgary, AB T3K 2L2

Office Hours

Mon – Fri
8:00 – 5:00
Support 24hrs

Call us Today

587 355 1566

BlackBox Connections Logo Image

Call us Today

587 355 1566

Latest Data Breach List

Data Breach!  We hear it more and more….and is up by 40%!

Do you know if you have given your personal information to any of the companies listed below? What about any of your employees?  Being aware of the latest data breach is of the utmost importance! Everyday we are being asked for our email address or other personal information and it can be difficult to know for sure where your information is going and if it is still safe! Below is a list of the latest data breaches we have had in the past year:

Yahoo! (Update)

Back in December of 2016, there was word that more than 1 Billion users were impacted by the 2013 Yahoo data breach, but unfortunately that number was way off.  It was more like 3 Billion accounts were indeed stolen.  Four months after Verizon acquired Yahoo’s core internet assets, it revealed that every single customer account had been breached including email, Tumblr, Fantasy and Flickr.

Gmail

Google put a stop to this one in about an hour, but even during that time, they estimated that 1 million users may have been affected.  Gmail users were targeted in a sophisticated phishing scam that were trying to get access to accounts through a 3rd party app.

DocuSign

Hackers recently targeted both customers and users with a malware phishing attack.  Only one of the systems were breached, but they were still able to obtain email addresses.  This led to a malicious email campaign that prompted recipients to click and download a Microsoft Word document that contained malware.   If you have received a suspicious DocuSign Email, forward it to [email protected]Remember to ONLY access documents directly through the DocuSign website and not by clicking email links.

Verifone

Known as the largest maker of point-of-sale credit card terminals, this company discovered a data breach of its internal network back in January 2017.  The breach did not affect the payment services network, but did affect the corporate network.  The data breach was immediately handled but sources say there is evidence that a Russian hacking group is responsible.  The hackers may have been inside Varifone’s network since the mid 2016, but this has yet to be confirmed.

OneLogin

A data breach attack that started at 2 am PST on May 31, was shut down by 9 am, OneLogin reports.  OneLogin allows users to manage logins to multiple sites and apps through a cloud-based platform.  While this company provides services for about 2,000 companies in 44 countries, over 300 app vendors and more than 70 software-as-a-service providers, they are not too sure of the full extent of this data breach.  They do know, that customer data was compromised, including the ability to decrypt encrypted data and the investigation is ongoing.

River City Media

Thanks to Chris Vickery, a security researcher for MacKeeper, a leak called “Spammergate” was found and reported to the authorities right away.  A group of spammers that operate under the name of River City Media, unknowingly released their private data into cyberspace after they failed to properly configure their backups.  The “bad guys” leaded information including:  HipChat logs, domain registration records, accounting details, infrastructure planning, production notes, scripts, business affiliations….not to mention 1.4 billion email accounts, IP addresses, full names and some physical addresses. Law enforcement is involved, but it is unclear as to what will happen with River City Media.

Deep Root Analytics

Chris Vickery, a cyber risk analyst, who has discovered other well known data breaches…including ones in this article, has discovered that the sensitive information collected by Deep Root Analytics, has exposed important personal information of U.S. voters.  The Republican National Committee had hired Deep Root Analytics to gather political information last year, which has now affected roughly 198 million American citizens.  Their personal information was stored on an Amazon cloud server without a password protection for almost two weeks.  Compromised informatino included names, dates of birth, home addresses, phone numbers, and voter registration details.  Since that time, they have updated the access settings and have put protocols in place to prevent further issues.

Online Spambot

Just like the River City Media breach we mentioned just above, where the “bad guys” had information stolen….well it happened again to an online spambot.  The data breach this time however is larger.  This one involves 711 million records, including email addresses and some passwords, with the goal of sending spam emails.  They had forgotten to secure the server the data was kept on.  It is currently unknown as to how many other people have found this database and are using it for their own negative purposes.

Verizon

This was another discovery by Chris Vickery, of UpGuard.  We have mentioned him in this post a few times as being the founder of some horrible data breaches!  If you have contacted Verizon’s customer service in the past 6 months, you may have been one of the 14 million subscribers that were affected by this data breach.  Apparently records taken were held on a server controlled by Israel based Nice Systems.  Although Chris reported this data breach to Verizon in late-June, it took more than a week to secure this breached data.  The data that had been obtained were log files that had been generated once a customer contacted Verizon via phone.

SVR Tracking

More than half a million customer records were leaked during this data breach.  SVR Tracking, a company out of San-Diego, provides a service for auto dealerships and lot owners to be able to locate and recover vehicles.  On September 20, Kromtech Security Center informed SVR Tracking of its findings in regards to 540,642 records that were unsecured in an Amazon S3 bucket.  The bucket was secured within 3 hours, but they are unsure as to how long the information was publicly available online.  The sensitive information that was leaked included:  email addresses, passwords, licence plate numbers, VINs, as well as the ability to see every single place a vehicle has been in the last 120 days.

Deloitte

Once named the “best cybersecurity consultant in the world” by Gartner, has been a target of the latest data breach.  This multinational professional services firm, failed to employ a two-factor authentication, and when hackers acquired a single password from an administrator of the firm’s email account, they were then able to access all areas of the email system.  Deloitte insists that only a small fraction of its clients were affected, but this was indeed an embarrassing situation for the company.

Saks Fifth Avenue

The Canadian company Hudson Bay, who owns Saks Fifth Avenue had their own data breach in which tens of thousands of customers information was visible on a page through their website.  The page was where customers could join a wait list for products they may be interested in, but it was possible to see email addresses, phone numbers, products codes and IP addresses.  BuzzFeed was the company that broke the news and once Saks Fifth Avenue were informed, they removed the page immediately.  They are still unclear as to how this happened, who did it or which customers may have been effected.

Equifax

As one of the three largest credit agencies in the U.S., it was alarming to hear of this data breach.  It has been called one of the worst in history, with it affecting 143 million consumers and their extremely sensitive information.  From Mid May to July of this year, hackers had access to the company’s system, by exploiting a weak point in the website software.   Information leaked included: Full names, addresses, dates of birth, Social Security numbers, driver’s license numbers, credit card numbers and other personal information.

E-Sports Entertainment Association (ESEA)

Roughly 1,503,707 records were stolen from one of the largest video gaming communities in December 2016.  Unfortunately, how many people were affected is still unclear.  Some of the information they believe was leaked included:  registration date, city, state, last login, username, first and last name, bcrypt hash, email address, date of birth, zip code, phone number, website URL, Steam ID, Xbox ID, and PSN ID.

Xbox 360 ISO and PSP ISO

Back in September 2015, it was revealed that Xbox 360 ISO and PSP ISO had been hacked.  The sensitive user information was taken from roughly 1.2 million Xbox 360 ISO users and 1.3 million PSP ISO users.  The information that may have been taken was:  e-mail addresses, IP addresses, username and passwords.

Arby’s

Between October 25, 2016 and January 19, 2017, malware was placed on a payment system inside certain Arby’s restaurants.  The malware was removed the but scope of the breach is not yet known.

Chipotle

Between March 24, 2017 and April 18, 2017, payment card transactions were affected.  The company did post a notification on their website to inform their customers, but as of yet they are unsure as to who and what may have been taken.  They believe they have stopped the unauthorized activity, but it is too early to give any more information.

InterContinental Hotels Group (IHG)

If you have ever stayed at any of these popular chains like Crown Plaza, Holiday Inn, Candlewood Suites, and Kimpton Hotel, you may have had your card information stolen.  Malware was found on servers which process payments made at on-site restaurants and bars.  Any cards used at the front desks however, were fine.  From August 2016 – December 2016 is when the malware was active.  It would have stolen cardholder names, card numbers, expiration dates, and internal verification codes.  Some of the targeted locations include:  Sevens Bar & Grill – Crowne Plaza, San Jose-Silicone Valley, the Bristol Bar & grille – Holiday Inn, San Francisco’s Fisherman’s Warf, InterContinental San Fransico, Aruba’s Holiday Inn Resort, and InterContintental Los Angeles Century City.

Dun & Bradstreet

33 Million corporate contacts from Dun & Bradstreet, a large business services company, had its marketing database shared across the web, back in March of this year.  According to the company, they were not breached but had actually sold the 52GB contact database to thousands of companies across the country.  Which of those businesses that may have suffered this data breach is still unclear.  Millions of employees from organizations like the U.S Department of Defense, the U.S. Postal Service, AT&T, Wal-Mart and CVS Health had their information leaked.  Information such as full names, work email addresses, phone numbers and other business related data was taken.

 

UNC Health Care

Between 2014 and 2017, women who had completed pregnancy home risk screening forms at prenatal appointments in either the Women’s Clinic at N.C. Women’s Hospital or the UNC Maternal-Fetal Medicine at Rex, may have mistakenly had their personal information shared to local county health departments.  1,300 letters were sent to patients who may have been affected by this data breach.  Information that was shared included full names, addresses, races, ethnicities, Social Security numbers, and a variety of health-related information.

Bronx Lebanon Hospital Center

Due to a misconfigured Rsync backup, hosted by a third party iHealth, thousands of medical records were exposed from the Bronx Lebanon Hospital Center in New York.  Patients that visited the hospital between 2014 and 2017 may have had extremely personal information leaked.   This data breach had included details such as names, home addresses, religious affiliations, addiction histories, mental health and medical diagnoses, HIV statuses, and sexual assault and domestic violence reports.   Immediate steps were taken from iHealth to protect the exposed information.

Brooks Brothers

Exact locations of this data breach are not yet known, but if you shopped at a Brooks Brothers retail stores or outlets between April 4, 2016 and March 1, 2017, you may have had your credit card information stolen.  Apparently an unauthorized individual installed malicious software onto some of the payment systems, which collected the card information.  The issue has been resolved but no other details have been given.

Kmart

The parent company for Kmart, Sears Holdings, has reported another data breach similar to the one they had back in 2014.  Kmart’s store payment systems were infected with malware.  Kmart.com and Sears shoppers were not impacted by the breach and it has been removed, but they are still unsure as to how long the system was under attack and how many stores would have been affected.  Certain credit card numbers may been leaked but no personal information was compromised.

University of Oklahoma

Education records dating back to at least 2002, were unintentionally exposed through privacy setting at the University of Oklahoma.  The student-run newspaper, The Oklahoma Daily was the first to reveal this data breach.  The newspaper reported that there were more than 29,000 instances in which students’ private information was made public to users within the University’s email system.  Information such as Social Security numbers, financial aid information and grades were compromised.  Until further notice the University has shut down the file sharing program.

Blue Cross Blue Shield / Anthem

80 million customers were affected by this 2015 data breach from Health Insurance company, Anthem.  While the settlement still needs to be approved by the courts, they have agreed upon $115 million.  Customers using Anthem Blue Cross & Blue Shield, Blue Cross & Blue Shield of Georgia, Empire Blue Cross & Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and deCare brands may have been affected.  The company had agreed to provide the impacted customers with 2 years of credit monitoring services, but have now extended that offer to an additional 2 years, as part of this settlement.

California Association of Realtors

A data breach was reported between March 13, 2017 and May 15, 2017, in which a malware was active on the organization’s online payment system called store.car.org.  Real Estate Business Services (REBS), a subsidiary of the California Association of Realtors has been dealing with this latest data breach and has removed the malware, as well as started using PayPal for their payments.  Payments made from a user on the website, personal information may have been copied by the malware and shared to an unknown 3rd party.  The sensitive information transmitted, would have been:  user’s name, address, credit card number, credit card expiration date and verification codes.

TalentPen and TigerSwan

Personal information for Job seekers with Top Secret clearance were publicly available and unsecured for just over 6 months according to UpGuard a cybersecurity firm.  Roughly 9,000 documents were affected during this data breach.  The documents were found in a folder labelled “resumes”.  TigerSwan, had ended a contract with TalentPen, a 3rd party vendor, who had failed to take down the files after they had been transferred to TigerSwan back in February.  The files were left in a bucket site on Amazon Web Services by TalentPen, without a password or any type of security until August 24, 2017.  Once Amazon had been contacted, the files were taken down.

U.S. Securities and Exchange Commission (SEC)

In 2016, Jay Clayton, Chairman of the SEC, issued a statement in regards to cybersecurity.  A software vulnerability in the test filing component of the SEC’s EDGAR system was discovered, but was fixed promptly.  In August of this year however, the SEC learned that the data breach may have provided the basis for illicit gain through the trading.  This vulnerability allowed access to nonpublic information, but they do not believe that there was access to personally identifiable information.

Sonic

Sonic,the fast food chain with almost 3,600 stores in 45 states, were informed of their data breach in which unusual activity was noticed on customer payment cards.  It is not immediately known which locations were affected.  The company is working with law enforcement and investigators to determine more.  KrebsOnSecurity was first to report this data breach after discovering a “fire sale” of millions of stolen credit and debit cards on the Dark Web.

Whole Foods Market

Recently acquired by Amazon, Whole Foods Market made an announcement about a recent data breach of its payment system.  They do not believe that individuals who shopped at the store were affected, but those who used the taprooms or full table-service restaurants may have. The investigation is still ongoing and updates will be provided.  The company also mentioned that Amazon’s payment systems were not connected to Whole Foods Market, so no Amazon transactions were impacted.

Disqus

Back in 2012, was when Disqus, a blog comment hosting service had their own issue with a data breach.  Unfortunately, the company had no idea they were a victim of this until the website, Have I been Pwned? reached out to them about exposed user information they had found.  After verifying the authenticity of the data, it was found that is was information taken from their 2012 user database, which had information dating back to 2007.  The information taken included:  user email addresses, user names, sign-up dates, and last-login dates.  Evidence of unauthorized logins has not been shown, but they have reset the passwords of all affected users.

by BlackBox Connections

Topic: Latest Data Breach List

Millions paid in Ransomware according to Google

BlackBox Connections Logo

Location

Unit 203
70 Country Hills Landing
NW Calgary, AB T3K 2L2

Office Hours

Mon – Fri
8:00 – 5:00
Support 24hrs

Call us Today

587 355 1566

BlackBox Connections Logo Image

Call us Today

587 355 1566

Millions paid in Ransomware according to Google

Ransomware increasing at an alarming rate!  Are you backed up?

 

Are you at risk for a ransomware attack?  It may be worth looking into, as it seems it is only getting worse!  Everyday the search term “ransomware” is being googled.  With an increase of 877% over the past year, it seems hopeful that people are taking action in regards to educating themselves on how to properly maintain their security and to find out what is ransomware.

Research led by a Google Team, publicly presented its findings at the Black Hat USA security conference in Las Vegas on July 26th of this year.  The session was titled “Tracking Ransomware End to End”.  Because this search query has seen such an increase, the research team lead by Google, worked with Chainalysis, the University of California at San Diego and New York University to gain a better understanding of ransomware.

According to Google data, only 37% of users are backing up their data on a regular basis, which is why hackers are able to have such devastating effects on their victims.  A large percentage of victims will choose to pay the ransom in order to get their data back.  Almost all ransomware relies on Bitcoin cryptocurrency as their payment model, as it is easy for hackers to set up and can easily be converted to cash.

Bitcoins are held in what is called a Bitcoin wallet, which is also the address where the victim’s make their ransom payment to.  The attackers will then move these Bitcoins from multiple wallets to a single account, explained Luca Invernizzi, a research scientist at Google. Finding the accumulation wallet is critical in order to go through the transaction ledger and discover any victims of these attacks.

The research partners along with Google used a multistage process to find these accumulation wallets.  First they scanned the internet and social media for any kind of ransomware reports in order to find Bitcoin addresses.  Next, Invernizzi said that Google infected its own isolated virtual machines with ransomware to get some ransomware payment addresses.   “We made micro-transactions to the different Bitcoin wallets that we discovered to uncover more of the ransomware payment network,” he said.

In order to gain a broader view of the ransomware ecosystem, Google’s research team collected 154,000 ransomware binary files from 34 different ransomware families.  From there, google then applied machine learning techniques to scale and automate the ransomware Bitcoin wallet discovery process.

From the analysis, Google was able to find an estimate of how much money had been paid by ransomware victims from the beginning of 2014 to the end of the second quarter of 2017.  There were likely some payments that were missed by Google, but they estimated that the total was at least $25 million paid out to attackers.

According to FBI’s Internet Crime Center’s 2016 report however, the google estimation is much larger then their 2,673 ransomware complaints for that year.  Victims paid out roughly $2.4 million for ransomware according to them.

Google’s data prior to 2016 shows minimal payments were made to ransomware wallets.  This was the turning point however, as ransomware is now a multi-million dollar business.  Based on the numbers, it seems as though ransomware is here to stay…….so make sure you are protected!

 

by BlackBox Connections

Topic: Millions have been paid in Ransomware according to Google

Spoofing…what is it?

BlackBox Connections Logo

Location

Unit 203
70 Country Hills Landing
NW Calgary, AB T3K 2L2

Office Hours

Mon – Fri
8:00 – 5:00
Support 24hrs

Call us Today

587 355 1566

BlackBox Connections Logo Image

Call us Today

587 355 1566

Spoofing…what is it?

Definition of a Spoofing Attack:  A situation in which on person or program successfully masquerades as another by falsifying data, thereby gaining an illegitimate advantage.

 

Email Spoofing

Have you received an email from the “Government” or some other person/business, asking you to validate your personal information via email or by clicking on a link?

Well don’t!  Hackers are waiting for you to take action and pass along your information.  Here are some clues that you can spot in order to figure out if this is a scam or not.

  1. Check the email address.  You can HOVER over the address line which will give you the actual address.  Make sure it makes sense.  If it is supposed to come from the Government then seeing the address “[email protected]” will tell you that this is CLEARLY a scam.
  2. How is their tone in the subject line or email?  If it is aggressive or threatening, than that is another sign.
  3. Are there typos, misspellings or other improper grammar used...if so this is your 3rd sign!
  4. You should never be asked to verify your personal information, login details/passwords etc. via email.
  5. Did they give you a link to follow?  Make sure that makes sense as well.  Again, if it is supposed to come from the Government but it sends you to the link http://mcmaster.weebly.com, then you know to NOT click on the link as it makes no sense what so ever!

 

Caller ID Spoofing

Pretty much all of us have Caller ID, which will tell us who is calling and from where.  Hackers however, are taking advantage of VoIP networks, which can allow callers to present false names and numbers in order to pretend to be someone they are not.

 

IP Address Spoofing

When a hacker hijacks a browser.  When a visitor types in a URL of a trusted site but is taken to a fraudulent web page created by the hacker.  The hacker could then steal or alter sensitive data, they can get your credit card numbers, passwords or install malware.  They can also take control of your computer in order to send out spam.

Protecting yourself is the best action!  Remember to always have security measures in place.

Quick Tips

Do you have a firewall in place?


Keep all passwords protected.

by BlackBox Connections

Topic:  Spoofing

Tax Season is upon us…are you safe?

BlackBox Connections Logo

Location

Unit 203
70 Country Hills Landing
NW Calgary, AB T3K 2L2

Office Hours

Mon – Fri
8:00 – 5:00
Support 24hrs

Call us Today

587 355 1566

BlackBox Connections Logo Image

Call us Today

587 355 1566

Tax Season is upon us…are you safe?

Is it that time already??  Yep it sure is…

Tax Season Safety should be top of your mind right now.

In addition to all the other scams out there…we have to also pay close attention to the rise in Tax Fraud.  The Canadian Anti-Fraud Centre (CAFC) is consistently receiving reports in regards to tax scams that seem to come via phone or email.

The 2 scams that you may encounter:

  • Scammers may call you impersonating the CRA, talking about a recent audit, discrepancies on past filed taxes or a repayment is needed.  From there these scammers may threaten you with more fees and even jail time….not to mention potential deportation.  You will know they are scammers by how they ask for payment.  They may request via pre-paid cards, gift cards or a money service business.  DO NOT DO IT!
  • Another way involves an email.  They may indicate that there is a refund pending and that you are to follow a link that is within the email.  That link will most likely take you to a fake or copied website of the CRA, where you are asked to input your personal information such as SIN number, date of birth, banking and more….in order to receive your refund.  Of course no refund will ever be issued.

 

What you can do to stay safe this Tax Season:

  1. File taxes early.  Usually those darn scammers are ready in January to get their hands on your information, so making sure you have all your paperwork in order and ready to be processed, you can beat them to the punch!
  2. Don’t fall for scams.  Remember, the CRA will not call or email you to ask questions about your personal information.  They will request information by mail and that should be it.
  3. Research your tax consultant.  Make sure that whomever you choose to process your taxes that they indeed licenced to do so.  Also remember to keep all their details such as name and tax certification with your tax paperwork for future reference.  Even if you use an online filing service provider, remember to research more information about them to make sure you aren’t being scammed.
  4. Keep Social Insurance number safe!  If a company is asking for your Social Insurance number, make sure it is really necessary for them to have it.  Many times this may be optional, so best practice should be to leave the card at home and only give out the number when absolutely necessary.  Don’t be afraid to ask them why they need it!
  5. Protection Services.  It may be worth it to you, as it is a service that specializes in Identity Theft Protection.  This service will send alerts to you if any fraudulent activity happens with your personal information.
  6. Shredding personal records.  If you have no reason to keep the paper copies of your financial statements, tax forms or other personal information then shred it.  This way if any of it ends up stolen or in the recycling bin, you have nothing to worry about!  You may also consider switching to online delivery, but remember, make sure it is all protected and secure!  Ensure you have strong authentication tools to help with your security.

The CRA  has some great warning signs, but for the most part they are pretty straight forward.

  1. You will never be asked by the CRA for personal information either through email, text message or any kind of link.
  2. You will never receive emails with details on your tax refund and certainly not any e-transfer payments.
  3. The CRA emails will NEVER contain SPELLING ERRORS or GRAMMAR MISTAKES.
  4. Before taking any action in regards to suspicious calls or emails, please contact the CRA directly by phone or by checking “My Account” or “My Business Account” in order to know if it is legitimate or not.
  5. Any questions in regards to fraud scams or if you are curious and want to learn more, you can visit the CRA for more information at CRA – Protect Yourself Against Fraud
  6. Now if you have shared any kind of personal information, please alert both Equifax and Trans Union so they can place fraud alerts onto your account to monitor.
  7. How about your banking information….if you did share that information with a potential scammer, then contact your financial institution immediately so they can place an alert on your account!
Quick Tips

 

NEVER give out personal information over the phone or email in regards to Tax questions.


Keep all passwords protected.

 

by BlackBox Connections

Topic:  Tax Season Safety