Are you sure it’s safe to scan that QR Code?

By -- 2022-04-3 in Blog

The Rise of QR Code Scams

QR codes are everywhere these days. From restaurant tables to Super Bowl ads, their uses have exploded since the pandemic began. Unfortunately, cybercriminals have also taken advantage of this boom. The FBI has warned that hackers now create malicious QR codes designed to trick unsuspecting scanners into revealing banking or login information. In early January, residents and tourists in Austin, TX encountered this firsthand when malicious QR code stickers were placed on parking meters. These codes promised an easy way to pay for parking online. Cyber experts have determined that scanning these suspicious codes won’t directly affect your phone by downloading malware. Instead, they lead to sites designed to steal your financial or personal information.

How to Spot QR Code Scams

  1. Think Before You Scan Be cautious with QR codes in public places. Does the sticker seem like part of an advertisement, sign, or display? If it looks out of place, it probably is. If the scanned website seems suspicious or asks for sensitive information that doesn’t seem relevant, avoid providing it.
  2. Avoid Scanning Codes in Unsolicited Mail There’s rarely a legitimate reason for a trusted sender to require a second device to access a site from an email. This also applies to paper mail—if you receive a piece of unsolicited junk mail with a QR code, assume it’s not safe.
  3. Preview the URL Many smartphone cameras now allow you to preview the URL when scanning a code. If the URL looks strange, trust your gut and don’t proceed. You can also use a secure scanner app to help spot malicious links before your phone opens them.
  4. Use a Password Manager If a QR code leads to a convincing but fake website where you have an account, a password manager will still detect the difference and prevent your passwords from being autofilled.

Stay Safe Online

If you’re interested in learning more about online safety and how to avoid and recover from phishing scams, feel free to reach out to us at info@OptfinITy.com.

Ever filled out a social media quiz?  You may have put yourself at risk!

By -- 2022-03-21 in Blog

Beware of Social Media Quizzes: They Could Be Phishing Scams

The Hidden Danger of Social Media Quizzes

If you use social media regularly, you’ve likely seen wacky quizzes appear on your feed. Many of these quizzes are linked to Facebook, but similar surveys on Twitter, Instagram, and TikTok’s “Get to Know Me” videos all serve the same purpose: harvesting personal information from unsuspecting users.

How These Quizzes Put Your Information at Risk

Many of these seemingly lighthearted posts mimic common security questions. Headlines like “Your Metal Band Name is the Street You Grew Up On + Favorite Pet’s Name” might seem harmless, but the comments often reveal a treasure trove of potential passwords or answers to security questions.

Cybercriminals create some of these posts with the intent of stealing sensitive information. However, even when hackers aren’t behind them, these quizzes remain dangerous. Most posts are public, allowing anyone to see the answers and use them maliciously.

Here are some examples of quiz prompts that a social media phisher might use:

  • Who even remembers their kindergarten teacher? Let’s celebrate our educators this week!
  • Nobody’s first car was a Ford—prove me wrong!
  • Name a TV show you could watch forever and never get tired of!

How to Protect Yourself from Social Media Phishing Scams

Avoiding these scams entirely may be difficult, but you can take steps to protect yourself:

  1. Never share sensitive information on social media. Even if a quiz seems fun or nostalgic, refrain from answering questions that could expose personal details.
  2. Watch out for posts that create a sense of urgency or panic. Cybercriminals manipulate emotions like curiosity, fear, and helpfulness to trick users into revealing information or clicking suspicious links.
  3. Report suspicious posts. If a quiz or survey seems questionable, flag it or report it to the platform to help prevent others from falling victim.

For more information on online safety and best practices, contact us at info@OptfinITy.com.

How Changes to the Microsoft Donation Program will Affect You

By -- 2022-03-17 in Blog, Uncategorized

If you’re like many non-profits, you may benefit from the Microsoft Non-profit program. This endeavor has enabled nearly 400,000 organizations worldwide to access top-notch technology at discounted rates.  However, there are going to be some major changes to the software donation program that will take place on April 4, 2022 that you should be aware of.

Arguably, the largest change that will take place is that on-premises products will no longer be available to nonprofits as a donation. Microsoft defines on-premises products as “standalone, perpetual licenses that users install on specific computers and that can be used without an internet connection (e.g., Office Standard)”. Instead, the majority of on-premises solutions will continue to be available through cloud donations, but organizations can still request these products through until April 4, 2022.  Windows Pro, Windows Server and SQL Server will still be part of the catalog of on-premises Microsoft software. Organizations operating computer labs, training centers, or providing public-access computers will still be able to access specific on-premises product donations.

Below are some of the cloud donations that will be available for your organization following this change:

  • Microsoft 365 Business Premiumwill continue to be free for up to 10 users
  • Microsoft 365 Business Basiclicenses will continue to be free for up to 300 users
  • The Power Apps Per App planto build low-code and no-code custom workflows is available for free for up to 10 seats.
  • Organizations can also leverage up to $3,500 in Azure services yearly directly from Microsoft in markets where Azure is available.

If you have any questions or concerns regarding this change, feel free to reach out to us at info@OptfinITy.com or call us at (703) 790-0400.

Are you being tracked by an Apple AirTag?

By -- 2022-03-4 in Blog

Understanding the Risks of Apple AirTags

Apple’s AirTag devices have gained popularity since their release in 2021. Designed to help users track items like keys or bags, these tracking devices have also been misused for nefarious purposes. Some individuals have slipped AirTags into someone’s bag or car without their consent. This secret tracking poses a serious threat to survivors of domestic abuse and has been used for stalking and car theft.

How to Detect an Unwanted AirTag

If you suspect someone is tracking you with an AirTag, start by manually searching your belongings for any hidden devices. However, because of its small size, finding an AirTag can be difficult. To improve your chances, use a Bluetooth tracking app to scan your surroundings for unknown AirTags.

Finding the Serial Number

If you discover an AirTag nearby, you may want to find its serial number in case law enforcement needs it. Use Apple’s Find My app by holding the AirTag near your phone, tapping on its name, and viewing the serial number. Alternatively, place an NFC-capable smartphone against the white side of the AirTag. A webpage will appear displaying the serial number.

Disabling an Unwanted AirTag

To prevent the owner from tracking your location, disable the AirTag by twisting the back counterclockwise near the Apple logo and removing the battery.

Seek Assistance if Needed

If you believe someone is tracking you, contact law enforcement. For further discussions on online safety, reach out to us at info@OptfinITy.com or call (703) 790-0400.

Cyberattacks on US Infrastructure likely to Increase Amidst Russia Sanctions

By -- 2022-02-28 in Blog

Cybersecurity Attacks Expected to Rise

Cybersecurity experts and the FBI warn that cyberattacks against U.S. citizens and companies will likely increase. This comes after Western nations imposed sanctions on Russia following its invasion of Ukraine and related malware attacks.

Escalating Tensions and Cyberwarfare

Tensions have risen further after the U.S. and its allies blocked some Russian banks from the SWIFT international payment system. Experts predict hackers will retaliate with ransomware, malware, data theft, and denial-of-service attacks.

Small Businesses at High Risk

Small and medium-sized businesses face the greatest risk. Many lack strong cybersecurity defenses, making them easy targets for sophisticated attacks.

How to Stay Protected

Cybersecurity experts recommend taking these steps:

  • Keep software and antivirus systems updated.
  • Enable two-factor authentication.
  • Develop a crisis response plan.

Ensure your organization’s cybersecurity is up to date. Contact us at info@optfinity.com or call (703) 790-0400.

How to Play Wordle for Free after it’s Behind a Paywall

By -- 2022-02-24 in Blog

The Rise of Wordle

If you’re like millions of other Americans, you’ve probably played or at least heard of Wordle. This simple yet addictive word game skyrocketed in popularity thanks to its viral appeal, ad-free experience, and zero cost. However, that might change soon.

The New York Times Acquisition

In late January, the New York Times purchased Wordle, sparking concerns among players. Many fear the game will end up behind a paywall, similar to the Times’ other games and articles. The Times fueled this worry by stating that Wordle would “initially remain free” for new and existing users.

How to Keep Playing Wordle for Free

Fortunately, you can still play Wordle for free—even if it moves behind a paywall. Since Wordle runs in a browser, its code exists as plaintext on the game’s website. To save the game:

  1. Right-click in your browser.
  2. Select “Save Page As” and choose Webpage, Complete.
  3. Save the file as an HTML document.

Once saved, you can open the HTML file in a browser and play offline anytime.

The Catch

While this offline version lets you enjoy Wordle indefinitely, it comes with a few drawbacks. You may not be able to save your streak, and sharing results could be difficult or even impossible. Still, with over 2,000 five-letter words in the game’s word bank, you could keep playing daily for nearly seven years.

Want more tips on optimizing your technology? Contact us at info@optfinity.com.

OptfinITy Recognized on CRN’s 2022 MSP 500 List

By -- 2022-02-14 in OptfinITy News

FEBRUARY 14, 2022: OptfinITy announced today that CRN®, a brand of The Channel Company, has named OptfinITy to its Managed Service Provider (MSP) 500 list in the Pioneer 250 category for 2022. CRN’s annual MSP 500 list identifies the leading service providers in North America whose forward-thinking approaches to managed services are changing the landscape of the IT channel, helping end users increase efficiency and simplify IT solutions, while maximizing their return on investment.

 

With many customers still recovering from the impact of the ongoing pandemic, MSPs have become a vital part of the success of businesses worldwide. MSPs not only empower organizations to leverage intricate technologies but also help them keep a strict focus on their core business goals without straining their budgets.

 

OptfinITy was recognized as an MSP Pioneer 250 company due to its extensive managed services portfolio, including on-premises and off-premises capabilities, weighted toward managed services while largely focusing on the SMB market.

 

 

About The Channel Company

The Channel Company enables breakthrough IT channel performance with our dominant media, engaging events, expert consulting and education, and innovative marketing services and platforms. As the channel catalyst, we connect and empower technology suppliers, solution providers and end users. Backed by more than 30 years of unequalled channel experience, we draw from our deep knowledge to envision innovative new solutions for ever-evolving challenges in the technology marketplace. www.thechannelco.com

 

 

 

 

 

Follow The Channel Company: Twitter, LinkedIn, and Facebook.

© 2022 The Channel Company LLC. CRN is a registered trademark of The Channel Company, LLC. All rights reserved.

The Channel Company Contact:

Jennifer Hogan

The Channel Company

jhogan@thechannelcompany.com

 

Is Zoom Sharing your Data?

By -- 2022-01-25 in Blog

Zoom’s Popularity and Privacy Concerns

Zoom has become one of the most widely used video conferencing platforms, with over 300 million daily meeting participants. The surge in remote work has significantly contributed to its widespread adoption. While many users appreciate its user-friendly interface and convenience, Zoom presents several privacy risks.

Past Security Issues

Privacy experts have scrutinized Zoom since 2019, when the software played a role in a webcam hacking scandal and contained a bug that let uninvited users snoop on password-protected meetings—a phenomenon now known as “Zoom-bombing.” Since then, Zoom has improved its security by removing problematic features like built-in attention tracking and enabling end-to-end encryption. However, some privacy concerns remain.

Non-Attendees May Watch Your Recordings

If you use a paid Zoom subscription, carefully manage who can access cloud recordings. This feature records meetings, generates text transcriptions, and saves active chats. While useful for attendees, other authorized company users—who may not have attended the session—can also access these recordings. To protect sensitive information, administrators can limit access to specific preapproved IP addresses.

Zoom May Share Your Information with Third Parties

In 2020, an analysis by Vice’s Motherboard revealed that Zoom shared user analytics with Facebook, even for users without Facebook accounts. Zoom later removed this feature, but its privacy policy remained unclear about data sharing with third parties. Zoom has since clarified that it does not share video, audio, or chat content with third parties for advertising purposes. However, you should still review your Zoom and device security settings, minimize permissions when possible, and keep your app updated to ensure all security patches are installed.

If you want to discuss software security and account privacy, contact us at info@optfinity.com.

Here’s Why you Should Clear your Android’s Cached Data

By -- 2022-01-24 in Blog

Though cookies and cached data within your mobile phone browser can improve your browsing experience by keeping you logged into websites and saving website preferences, they can also become burdensome. Cookies are used by websites to track your browsing history so that they can more easily serve you with personalized ads- which can be an annoying and intrusive experience for some. Additionally, too much cached information can slow down your browser’s speed. So, if you own an Android and are interested in clearing your cached data and browser cookies, continue reading to learn how to do so.

If You Use Google Chrome:

  • Navigate to the top right corner of the browser and click the “More” button (symbolized by 3 vertical dots)
  • Select “History”, then “Clear browsing data”
    • Within this setting, you can also choose whether to clear data from the last 24 hours, the last month, or all data history
  • By selecting the “Advanced” option, you can also delete saved passwords, site settings, and autofill form data
  • After selecting what you want to delete, click the blue “Clear data” button

If You Use Samsung Internet:

  • Navigate to your phone’s settings
  • Next, click on “Apps”
  • Scroll down and click “Samsung Internet”, then “Storage”
  • At the bottom of “Storage”, you can choose to either “Clear cache”, “Clear data”, or both
    • Clicking “Clear data” will bring up a prompt warning that all the app’s data will be deleted permanently
    • This includes files, settings, accounts, and databases

If you Use Mozilla Firefox:

  • Navigate to the browser, and select the “More” button in the top right corner (symbolized by 3 vertical dots)
  • Click “Settings”
  • Go to the “Delete Browsing Data” menu
  • Select “Delete any existing open tabs”
    • From this menu, you can also delete your browsing data, site data, site permissions, cookies, and cached images and files

Hope you found this helpful! If you have other questions about how best to secure your devices when browsing online, feel free to reach out to us at info@optfinity.com.

Files in Microsoft may not be as safe as they appear

By -- 2022-01-10 in Blog

ZLoader Malware Exploits Microsoft Vulnerability

How Hackers Use ZLoader to Steal Sensitive Information
Hackers favor ZLoader malware for its ability to steal user credentials and other sensitive data. Recently, cybercriminals have exploited a vulnerability in Microsoft’s digital signature verification to deploy ZLoader effectively.

How This Threat Affects You
Microsoft’s signature verification tool, Authenticode, ensures that files are legitimate and trustworthy. However, researchers at Check Point Research (CPR) identified that the cybercriminal group Malsmoke has been tricking victims into running a corrupt file disguised as a legitimate and safe program. Once activated, hackers use the ZLoader trojan banking tool to steal cookies, passwords, and other sensitive information directly from an infected computer.

How to Protect Yourself
If you use Microsoft products, CPR strongly recommends installing Microsoft’s security patch for Authenticode verification immediately. Microsoft first released this patch in 2013, but it has not been mandatory since 2014. Installing this update, along with practicing safe browsing habits—such as avoiding unfamiliar links and refraining from downloading email attachments from unknown sources—offers the best defense against ZLoader malware.

For expert guidance on cybersecurity patches and best practices for your organization, contact us at info@OptfinITy.com.