Don't Take the Bait
About this episode
SEPTEMBER 18, 2020
Within the last few months, there has been a 600% uptick in phishing attempts, which means people are still falling for these email scams. It’s up to you to stay safe and keep your data protected from bad actors. In this episode of the Geek Freaks Podcast Ron uncovers popular attacks with DropBox, OneDrive, and Michigan State University. He also shares more information on how to stay safe and alert.
MEET THE GEEK FREAK
RON HARRIS
VICE PRESIDENT
- 15 years in the industry.
- Enjoys spending time with his family, riding his Harley, and finding time to sleep.
- Fun fact: Ron broke both of his arms.
- He's a simple person, enjoys work, but also enjoys being alone reading a book or learning something new. Loves candy DOTs!
+ VIEW TRANSCRIPT
Don't Take the Bait(00:00) [Music]
Ron: (00:09) Hello and welcome to the podcast. I’m Ron Harris and today we are going to talk about well kinda the same thing we’ve been talking about for a while and that’s security, phishing. So, I just had a great conversation with one of our vendors, KnowBe4, and they were telling me that in the last couple of months they’ve seen a 600% uptick in phishing attempts.
Now they are, KnowBe4 is a I want to say an awareness and training provider when it comes to email and some security things. They have a great eye on what’s going on, so I think it’s tie we talk about it again and why is it happening right now and what can we do and what to look for and just some quick tips and then we will hopefully be on our way to a better, cleaner email situation. So, right now most businesses and business owners are thinking abut how do we keep the lights on, how do we keep money coming in, our revenue streams up, and kinda everything else. But, hackers or bad actors on the other side of it are thinking about how can we get involved, how can they now strike when everybody is so ripped a part. You now not at their office, not centralized, and I guess easy pickins.
But if you have a user base that’s trained and protected it’s not something to worry about. Unfortunately, most of the users that we run into, that we partner with, or start working with when we bring them on, they’ve never used any type of formal security training before, so they are not aware of it.
So, with a 600% uptick in the last quarter alone with phishing attempts, the bad actors are having a hay day. Now, they’re doing it a number of ways right now. Spear phishing is more of a professional phishing attempt. They are using the CEO’s name with a generic email address and they are telling the CFO that they need to wire money immediately for this, that, or the other thing. Or hey Ron, it’s Bill I need you to go to Walgreen’s and get me five $500 gift cards to the Google Play Store, can you do this for me? You know, while this seems very odd and not typical of the relationship or situation, people do it every day. Obviously, these bad actors are in it for one thing and that’s to make money or I guess two things; to make money or to sell your data and make more money. So, I guess it’s an ongoing thing. Now the traditional way to do it is email and spam. That’s where a lot of it happens and that’s going to be those FedEx emails, those Amazon emails, anything that comes in saying you got this PDF waiting for you in DropBox, go ahead and click here and login with your Office 365 credentials.
Now, what they are doing is they are trying to access your email box, your Outlook and you now it’s super illegal and it happens all the time. There is usually no recourse to it, but we don’t want it to happen to anybody. You know and the web based deliveries that’s more of a they are getting involved with Facebook they are sending you links they are doing manipulation behind the links they are saying hey this goes to Office 365, but it takes you to a page that looks like Office 365, but if you look in the address bar it says something different right. So, that happens all the time and now we are starting to see it in LinkedIn messaging, Facebook messaging, text messaging even, so it’s happening everywhere.
And sometimes those things are delivering ransomware with them right. So, it’s a lot of different ways they are trying to get access through phishing. Domain spoofing is another big one where they just kind of redirect you to a different domain. But, there’s a lot of things to look for in those emails.
Now, let’s say you get an email from FedEx or Amazon. Have you ordered anything from FedEx? Have you ordered anything from Amazon? Highlight over the link that takes action. So, click here to track your package, click here to login to your account. Does that say Amazon in it? Does that say FedEx? What’s that say? Now, 9 times put of 10 you’ll probably ignore it but that one individual, but that one person or that one situation where you’re like oh shoot I did order something from Amazon, let me check it. Bingo, bango you login and away we go.
Now the other thing that they are doing is that they are taking those login pages that you’re hitting whether it’s Office 365 or Google or Adobe, they are making them super realistic, right. But there’s always some telltale signs. Lok at the domain name is that super different. The logos and the webpage layout a bit off. Now in Office 365, a way to negate that Is to do portal branding. To actually stick your logo in a reference image that’s specific to what you do. That’s something we do on our onboards with our customers is hey we need a copy of your logo and a reference image and if they don’t have a reference image we just take their logo and give it to our marketing team and they make something up real cool and we tell them hey when you login to the portal this is what it is.
You know, it’s easy, cost-effective, it’s free and you are able to stop some things now because your eyes and your brain are on the same wavelength. Oh this is Office 365 this looks nothing like I’ve seen before. Stop. That’s a sign. Stop. Sometimes people push on, right. Now another way to get around the people that just push on and gibe it up is two form-factor authentications. Again, free from Office 365. We use a different tool called DUO, but that’s available tour customers and that allows them to have a PIN number randomly generated on their phone And DUO would say hey are you trying to log into the portal. If you’re sitting down eating dinner with your family and you’re not logging into the portal, you hit the red button and say no and alert your I.T. company or your I.T. administrator, whatever the case is.
Now, they aren’t getting in. They may know your password, but they can’t get past the two-form factor authentication. Now there’s certain things involved with that. There are vulnerabilities but they are very high level. Very sophisticated, most bad actors are not utilizing those methods yet. I’m not saying it’s foolproof, I’m not saying it’s anything to worry about right now, and the other thing that will continue to go on is social media. A lot of social media exploits and phishing through there. Load this add-on extension into your Chrome or hey here’s a picture and it’s a malicious file and you click it and it runs, now they have access to your machine where they can dump the payload or ransomware.
So, there’s a lot of things to worry about, but in this environment with everything going on right now there’s a lot to worry about. Not just phishing, not just security, but the generalization of the business. How’s everything doing? How’s everything flowing? So we’ve partnered with a lot of great people and have done a lot of great things to negate as much as possible for our end-users. Any of these situations. We use DNS filtering at the front-end. We use KnowBe4 for training so you can actually understand and see examples of what they are doing all the time to try and get in.
With KnowBe4 we actually send out phish tests. So, if you click on a link it will take you to a generic page that says you’ve ben phished and here’s some training. It enrolls you in some training so you can kind of look for those telltale signs. The email address, it may say Ron Harris, but is it the rharris email address or is it rharris425@gmail.com are you expecting an email from me? Are the images true? Do the links link back to the actual website? There’s a lot of things you can actually look at before you click that doesn’t necessarily get looked.
Now we do it here because we are an I.T. company but most companies we deal with on an everyday basis unless they are a partner of ours, they don’t look at that. Either they aren’t trained on that, they don’t the patience to do that type of follow through or they don’t…they just want to work they just grind and do what they have to do and ya know and if somebody sent me an invoice then I’m going to click on that invoice and log in because that’s what it’s telling me to do and I’m going to follow that.
We have to put tools and protections in place because we can’t let it get that far. We understand that everybody is busy and that we have a great product set and a great offering that takes care of that.
But back to what to look for and what to be aware of. It’s going to be hard, right. And it’s going to evolve all the time. Wee are in a pandemic right now and it’s affecting everything that we do. Work is different. Work from home is a huge thing. And now we are all torn a part we are not with our people. We’re not having our tribe; we are just working in our own cocoons and everything is good. Bu the bad actors also see that. So now with the uptick in phishing, you’re not able t turn t your buddy and be like hey man did you get that email? No, no I didn’t. What is that? It looks weird. Well now they are just bringing on urgency, getting things done, and you’re by yourself. So of course they are going to attack and with a 600% uptick a lot of it is gong to pharmaceuticals and healthcare, education, construction, so they are all kind of getting hit, but they are all going towards businesses that a lot of PHI or credit card transactions or just general data that thy can get their hands wrapped around and sit in the network and do their nasty stuff.
There’s a lot of things you as an organization can do. A lot of it is education based. KnowBe4 has free tools you can use to educate your users and if you go back through the news I think you can even, you don’t even have to go back that far, somebody local to us in Michigan State, the college got phished and they lost a few servers for a couple of days and a lot of student records went our right. So, it’s happening. It’s going to continue to happen. They are going to continue to target small businesses because what’s the weakest point in a small business. Most of the times it’s their I. T.
It's gonna keep happening. From an I.T. provider to you as a business owner, partners, even workers just be diligent. That’s all you can do in this moment is keep trying and keep your eyes up and look for those signs. If you’re not expecting an email from me bout an invoice, maybe reach out to me. Say I didn’t expect this invoice from Ron, I don’t send them anyway, but you know what I mean. Have that conversation. Call me up om the phone and say hey Ron did you send me an invoice? I’m going to say, right because 9 times out of 10 I’m not gonna know that I’ve been phished until they are gonna use my email inbox to blast my contacts. So, don’t be afraid to reach out to whoever’s sending you something and say hey…don’t email them because the bad actors will either set up a rule where the email goes to their deleted items automatically as read, so noting looks out of the ordinary or they will actually respond back from the email bx when they have control of it.
So, it’s getting very sophisticated. If you get an invoice from me and email me saying hey Ron did you mean to send this to me? The bad actor could respond back and be like of course man, go ahead and fil lit out. And You’re not going to know the difference. So, pick up the phone, give me a call and find out what’s going on. Again, because I probably don’t know. You don’t know most of the time when you’ve been phished or there’s a lot of shame, you’re embarrassed that that happened to you. A lot of people don’t even tell people.
We use a program that’s managed by a third party that monitors all of our Office 365 accounts for breaches, faster than human travel, let’s say you log on in Portage and then all of a sudden I get a log on in Portugal they are going to say wow there no way that guy made that turn in 31 minutes somethings going on and they will start investigating.
So, there’s all kinds of things you can do. Start with the basics right so look at the email. Make sure that why on Earth would Bill ever ask me to go to Walgreens and buy $500 worth of Google Play gift cards. Start there. Have that conversation with him. Say hey Bill did you mean to send this to me and he’s gonna say what and I’ll say yeah, I got an email from you and h will say oh okay. Get it blocked and move on. If they have control of the inbox, you’re gonna get the same email. Reach out again on that phone call, again have that conversation say hey Ron did you mean to send me this invoice and I’ll say what are you talking about. Again, because I may not know this is happening to me. And again, if you email them you may get an email back from the bad actor, so just keep everything to a person to person contact if you know that individual. I get a lot of attempts from people I’ve maybe been on email chains with or been CC’d on emails, that kind of stuff happens. You may not know them, but just in that case delete it ad report it to your I.T. team or administrator so that It can get blocked, right.
It’s going to continue to happen and I’m not trying to scare the pants off you, I’m just trying to bring awareness to the situation. 600% uptick in a quarter is insane. And it’s not going to stop. And their fear is that it’s evolving so rapidly that they can’t keep up with all the emails coming in. So, if you do use a tool Barracuda, anything like that, make sure you report all those bad spam emails. Have the conversation with your I.T. team, your outsourced provider, your internal team and just let them know that you got this email and this Is what’s going on and there’s a lot of DropBox links going around right now. There’s a lot of OneDrive links going on and another thing to think about is if you go to that Office 365 portal, make sure it’s your portal. Make sure it’s portal.office.com or outlook.com. Make sure it’s not skiboatandskisareawesome.com login here, right. Pay attention, that’s another thing that people fail to do because we are al busy and we are trying to maximize our value of time and make sure we are getting so much done in a day. Pay attention to those links, do what you can to stay on top of it. Again, we are here if you have any questions if you want to talk about anything. Maybe you’re interested in some products or want to learn about anything. Please teach out we are here. Take it easy. Be safe. Talk to you next week, thanks.