Email Spoofing

Have you received an email from the “Government” or some other person/business, asking you to validate your personal information via email or by clicking on a link?

Well don’t!  Hackers are waiting for you to take action and pass along your information.  Here are some clues that you can spot in order to figure out if this is a scam or not.

1. Check the email address.  You can HOVER over the address line which will give you the actual address.  Make sure it makes sense.  If it is supposed to come from the Government then seeing the address “[email protected]” will tell you that this is CLEARLY a scam.
2. How is their tone in the subject line or email?  If it is aggressive or threatening, than that is another sign.
3. Are there typos, misspellings or other improper grammar used...if so this is your 3rd sign!
4. You should never be asked to verify your personal information, login details/passwords etc. via email.
5. Did they give you a link to follow?  Make sure that makes sense as well.  Again, if it is supposed to come from the Government but it sends you to the link http://mcmaster.weebly.com, then you know to NOT click on the link as it makes no sense what so ever!

Caller ID Spoofing

Pretty much all of us have Caller ID, which will tell us who is calling and from where.  Hackers however, are taking advantage of VoIP networks, which can allow callers to present false names and numbers in order to pretend to be someone they are not.

IP Address Spoofing

When a hacker hijacks a browser.  When a visitor types in a URL of a trusted site but is taken to a fraudulent web page created by the hacker.  The hacker could then steal or alter sensitive data, they can get your credit card numbers, passwords or install malware.  They can also take control of your computer in order to send out spam.

Protecting yourself is the best action!  Remember to always have security measures in place.

Quick Tips

Do you have a firewall in place?

Topic:  Spoofing

Is it that time already??  Yep it sure is…

Tax Season Safety should be top of your mind right now.

In addition to all the other scams out there…we have to also pay close attention to the rise in Tax Fraud.  The Canadian Anti-Fraud Centre (CAFC) is consistently receiving reports in regards to tax scams that seem to come via phone or email.

The 2 scams that you may encounter:

• Scammers may call you impersonating the CRA, talking about a recent audit, discrepancies on past filed taxes or a repayment is needed.  From there these scammers may threaten you with more fees and even jail time….not to mention potential deportation.  You will know they are scammers by how they ask for payment.  They may request via pre-paid cards, gift cards or a money service business.  DO NOT DO IT!
• Another way involves an email.  They may indicate that there is a refund pending and that you are to follow a link that is within the email.  That link will most likely take you to a fake or copied website of the CRA, where you are asked to input your personal information such as SIN number, date of birth, banking and more….in order to receive your refund.  Of course no refund will ever be issued.

What you can do to stay safe this Tax Season:

1. File taxes early.  Usually those darn scammers are ready in January to get their hands on your information, so making sure you have all your paperwork in order and ready to be processed, you can beat them to the punch!
2. Don’t fall for scams.  Remember, the CRA will not call or email you to ask questions about your personal information.  They will request information by mail and that should be it.
3. Research your tax consultant.  Make sure that whomever you choose to process your taxes that they indeed licenced to do so.  Also remember to keep all their details such as name and tax certification with your tax paperwork for future reference.  Even if you use an online filing service provider, remember to research more information about them to make sure you aren’t being scammed.
4. Keep Social Insurance number safe!  If a company is asking for your Social Insurance number, make sure it is really necessary for them to have it.  Many times this may be optional, so best practice should be to leave the card at home and only give out the number when absolutely necessary.  Don’t be afraid to ask them why they need it!
5. Protection Services.  It may be worth it to you, as it is a service that specializes in Identity Theft Protection.  This service will send alerts to you if any fraudulent activity happens with your personal information.
6. Shredding personal records.  If you have no reason to keep the paper copies of your financial statements, tax forms or other personal information then shred it.  This way if any of it ends up stolen or in the recycling bin, you have nothing to worry about!  You may also consider switching to online delivery, but remember, make sure it is all protected and secure!  Ensure you have strong authentication tools to help with your security.

The CRA  has some great warning signs, but for the most part they are pretty straight forward.

1. You will never be asked by the CRA for personal information either through email, text message or any kind of link.
2. You will never receive emails with details on your tax refund and certainly not any e-transfer payments.
3. The CRA emails will NEVER contain SPELLING ERRORS or GRAMMAR MISTAKES.
4. Before taking any action in regards to suspicious calls or emails, please contact the CRA directly by phone or by checking “My Account” or “My Business Account” in order to know if it is legitimate or not.
5. Any questions in regards to fraud scams or if you are curious and want to learn more, you can visit the CRA for more information at CRA – Protect Yourself Against Fraud
6. Now if you have shared any kind of personal information, please alert both Equifax and Trans Union so they can place fraud alerts onto your account to monitor.
7. How about your banking information….if you did share that information with a potential scammer, then contact your financial institution immediately so they can place an alert on your account!

Quick Tips

NEVER give out personal information over the phone or email in regards to Tax questions.

Topic:  Tax Season Safety

Though we see it advertised as an antivirus app, it doesn’t seem to do too much!

Lately there has been a lot of investigation done with Google Play and the growing number of untrustworthy programs that are hidden in various apps.  For the most part they aren’t too malicious but they certainly are unsuitable for most business networks.  Many of these hidden apps fall into a category called Potentially Unwanted Applications.

The apps being studied usually have features that users are wanting, like editing tools, or a device power optimizer but unfortunately they are also bundled with things that can leach off a phone or tablet’s processing power or can also push unwanted ads onto the users screen.  The app called Super Antivirus 2018 is an example for sure!

This Super Antivirus 2018 is certainly not an antivirus.  After the app was uploaded to Google Play in early October of last year, it has been downloaded by users up to 50,000 times.  With claims to detect 100% of viruses and malware through personalized scanning, it seems as though it is less then accurate.

After analyzing the code, it seems that this app basically provides a smokescreen to throw security researchers off track.  It gives the appearance of doing legitimate security work and even scans and detects nearly 500 apps, but again…just a smokescreen as it provides no effective protection for the end user.

Super Antivirus 2018, does a fake virus scan and frequently displays a pop-up for another app called “Security Elite – Clean Virus, Antivirus, Booster.”  More pop-up adverts are what you can expect with this new app.  These deceptive promotions and pop-ups of course violate the Google Play Developer App Promotion Policy, specifically:

We don’t allow apps that directly or indirectly engage in or benefit from promotion practices that are deceptive or harmful to users or the developer ecosystem.

Issues connected to Super Antivirus 2018 include:

• Does not provide a proper malware removal feature
• It can mislead users into believing there is a virus on their Android device
• It can entice users to download another malware removal tool

Read more on the study done by SophosLabs and the paper written by Android specialist Rowland Yu.

Click here

Quick Tips

Stay Vigilant and keep antivirus up to date

Topic:  Super Antivirus 2018

The threat inside your company

Take a look around your company, and you will see one of the biggest IT security threats you face—the people you work with.  Even the most well-intentioned employees who are the biggest advocates for your company risk leaking sensitive data or inadvertently letting in malware that can wreak havoc on your network and systems.

For companies of all sizes, the threats from within are an ongoing concern and the hardest to predict. With employees using multiple devices—often in multiple locations—your IT department faces the challenge of monitoring a perimeter that is a moving target. But there are steps you can take to ensure that you’re protected.

To continue reading click here.

Quick Tips

Ensure your employees have access to company security policies.

Topic:  Foolproof Employee Security Checklist

Typo-squatting and why you should be concerned.

No matter who you are, I think it’s safe to say that we have all misspelled words.  Whether it’s because we’re typing too fast and didn’t realize…or maybe we just don’t know how to spell the word!  In any case, these annoying Cyber-criminals are now taking advantage of our mistakes and causing a lot of stress to those who fall for their tricks!

So what is Typo-squatting?  Quite simply, it’s when we make a typo while typing a URL into a browser.  If you are off by just one or two letters this can be your downfall.  An example being, if you are wanting to find Costco, but type in Costoco instead.  Such an easy mistake, but hackers look for those common misspelled words or words that can be easily miss-typed and create websites that look exactly like the intended page.  From there, once they have the user on their “fake” site, that is when the user is tricked into giving away personal or financial information.

Some common scams are ones that ask you for your personal information because you have won a prize or the one that says your computer has an infection and you need to download a malware-laden file to fix it.  I’m sure many of you can relate!

Security Adviser for Sophos, James Lyne was recently on NBC Nightly News speaking with Tom Costello about the risks of typo-squatting, why hackers use it and of course the precautions you can take to stay safe.

To read more and watch the segment click here.

Quick Tips

Always pay close attention to spelling.

Topic:  Typo-squatting