By -- 2019-12-5 in Blog

A large-scale threat campaign used several fake IRS websites to target over 100,000 people this summer. Researches at cloud security solutions provider Akamai, discovered that the phishing campaign used hundreds of different types of domains and URLS to imitate the Internal Revenue Service of the United States for over two months. Victims of this threat campaign were directed to a fake IRS login, asked to enter their email address and password, and were tricked out of offering personal information. The fake campaign in total used at least 289 distinctive domains and 832 URLS to target people from all over the world.

It also appears that the threat actors have targeted legacy websites. Katz, principal lead security researcher at Akamai expressed that he believes that a lot of the websites that hosts the IRS phishing page are legit websites that have been compromised and hijacked by cyber criminals mostly because of the public’s trust in these websites.  Katz also predicts that it is not a coincidence that the hacking began in August. Research has indicated that August is a good time for criminals to receive engagements from victim since it is a time for vacationing where victims have more  time to read personal email, open suspicious links and browse the internet.

 

If you are worried about fake websites for you or your company and would like to setup security awareness training, OptfinITy can help.  Give us a call at 703-790-0400 or via email at sales@optfinity.com.

By -- 2019-11-21 in Blog

Did you know  that Windows 7 will officially be End of Life in less than 2 months?  For most companies, this has become common knowledge and unfortunately, this has provided scammers an opportunity to  infect your machine with ransomware.

According to a report released by a security firm, attackers have educated themselves on the upgrade and have already begun attacking Microsoft users with a fake Windows update E-mail that infects the computer with ransomware. Ransomware is a specific type of malware that invades your computer and locks all of your valuable information. The spammers will then contact you and threaten to destroy all the data stored if you do not pay a ransom fee.

The spammers are currently sending Window users emails with subject lines such as “Install Latest Microsoft Windows Update now!” or “Critical Microsoft Windows Update” unveiling a sense of urgency to open the Email. They will urge users to click on an attachment downloaded to the Email usually titled as “latest critical update.” The attachment will seem to have an attachment with a .jpg file extension which is a .NET downloader that will infest malware into your device. The ransomware will then encrypt the recipients files and leaves a ransom note asking for $500 dollars in bitcoin in order to unlock and restore files.
If your organization is looking to upgrade your devices or you are worried about your employees clicking on potentially hazardous emails, contact OptfinITy today for information on how we can upgrade you and educate your employees.

 

By -- 2019-11-20 in Blog

Disney’s new demand streaming service has been available for less than two weeks and  that is all it took before hackers were able to compromise the streaming service , selling hacked accounts for as little as $1.

On November 12th, only hours after the service launched, Disney + users took to social media outraged that they have been locked out of their accounts and had received alerts stating that their account information and details have been changed. The hacked users claimed that a fake email was sent to them as a service subscriber, warning them that their account had been locked. Once the email was opened, the subscriber was requested to supply their credit card details and account information.

If you are worried about your accounts being hacked and information compromised, it is best to put a multiple layered approach to your security, including but not limited to email controls and online training of your employees.  For more information on these types of solutions, please contact OptfinITy via email at sales@optfinity.com or via phone at 703-790-0400.

By -- 2019-11-18 in Blog

Have you ever traveled before with a phone lower on power and tried one of those “free” USB charging stations?  According to a recent report, it turns out the convenient USB power charging stations found in airports and malls may come with a cost.  Officials are warning that  that travelers should be wary of using USB ports when charging smartphones since hackers have devised ways to download and steal data from phones and tablets by modifying USB connections and installing malware onto your phone without your knowledge. This technique is known as ‘juice-jacking.’

Although, the general notion of juice-jacking is viewed as a relatively new hacking threat, it is not as new as it seems. In fact, attendees of security conferences back in 2011 have been warned about the dangers of plugging their devices into public charging kiosks.  The concept of juice-jacking has also been proven at hacker conventions and seen by many travels who have had the unfortunate encounter of having their personal information and data stolen due to juice-jacking. For more information on your latest security concerns and other technology related resources, check out our website at www.optfinity.com.

By -- 2019-09-30 in Blog

Having a solid IT infrastructure is the absolute bare minimum if you want your organization to grow and prosper in the 21st century. With the technology age in full swing, organizations that don’t adapt and implement the latest technologies will be left in the dust. A recent entrepreneur.com article lists a few areas that business owners should focus on to ensure present and future success.

  1. Don’t just move to the cloud. Adopt the cloud- The cloud itself is not going to transform your business. You need to take advantage of its functionalities to make your organization operate more efficiently.
  2. Constantly upgrade your networks and move to software-based networking- Network upgrades are necessary to eliminate vulnerabilities and optimize proficiency. However, if your network updates require downtime and changes in hardware, you are quickly falling behind. Many organizations have already switched over to software-based networking which allows for small updates to be sent regularly without disrupting users and in turn eliminating downtime.
  3. Know your software and don’t let it become outdated- Software is the backbone of a company’s IT structure and can be used to run its networking systems. Through analytics and machine learning, certain types of software now are able to adapt the system in real time, essentially maintaining themselves virtually.

The window is rapidly closing for companies to jump on board of the technology train. If your organization hasn’t already began looking into or adapting the aforementioned practices, or if you have any questions regarding your IT infrastructure, don’t hesitate to give us a call at 703-790-0400 or shoot us an email at info@optfinity.com.

By -- 2019-09-25 in Blog

Elaborate phishing scams are already a massive problem that continue to cost organizations thousands of dollars as a result of employees clicking on malicious links or sending money to someone claiming to be their boss. Thanks to technological advances in AI, there is a new threat to look out for, vishing (voice phishing), that allows criminals to mimic the voices of employee supervisors and demand large transfers of money from employees, passwords, or other critical information. A recent thenextweb.com article discussed a situation in which $243,000 was transferred to cybercriminals from a CEO thinking he was speaking with his boss who worked at a parent company.

Back in March, a CEO of a UK-based energy firm received a call from whom he believed to be his boss at a German parent company requesting a prompt wiring of $243,000 to a Hungarian supplier. The cybercriminals had used voice-generating AI software to mimic the German accent of the British CEO’s boss, which lead the unsuspecting chief executive to proceed to wire the money. It was only after a second request to wire more money that the executive became suspicious, refused, and alerted authorities.

This isn’t the last time this will happen. With the improvement of voice mimicking software comes more opportunities for criminals to exploit their capabilities. If you have any questions or concerns related to cybersecurity, vishing, or phishing, please don’t hesitate to give us a call at 571-370-5777 or visit our cybersecurity division’s website at www.perusity.com.

By -- 2019-09-17 in OptfinITy News

OptfinITy, the DC area’s leading IT provider for small businesses and non-profit associations announced today that the Alexandria Chamber of Commerce has named OptfinITy as a 2019 Best in Business Finalist. This annual event recognizes companies who set themselves apart as leaders in the area.

OptfinITy believes there is more to running a business than simply providing services, which is why they frequently sponsor local networking events, volunteer to speak at business growth workshops and cybersecurity seminars, and sponsor events honoring local police, firefighters, and first responders. “We’re honored to be selected as a finalist for the Best in Business Awards and to be among other local organizations who work to enrich our community by taking initiative to improve the lives of not only our clients, but everyone in the community, outside the confines of the office and workday,” says Michael Drobnis, Founder & CEO of OptfinITy.

This year, the Best in Business Awards will be held on Wednesday, October 2nd, from 6:00PM – 9:00PM at The Westin Alexandria which is located at 400 Courthouse Square, Alexandria, VA 22314. We hope to see everyone there!

By -- 2019-09-12 in OptfinITy News

The Washington DC Metropolitan area’s leading managed IT service provider’s President and CEO will be presenting a cybersecurity presentation at this year’s Fairfax County Small Business Forum. The presentation will be from 10AM-10:50AM and will cover a variety of topics ranging from how to spot a phishing email to how to secure your organization and the many network and system vulnerabilities that exist.

Cyber threats have a high potential of putting small businesses out of business due to their expensive recovery costs. “As you may have heard in the news, cyber threats are on the rise and it is therefore extremely crucial for small businesses to have top-notch cybersecurity plans,” said CEO Michael Drobnis. As an owner of an IT firm with over 20 years of experience working with small businesses to implement effective cybersecurity programs, attendees will walk out with the knowledge necessary to help them take extra precautions to protect their organization.

About the Small Business Forum:

The Small Business Forum offers small business owners opportunities to network, seek coaching and “find out what is available in our business ecosystem” by engaging with fellow business people, Fairfax County agencies, federal agencies, larger corporations who seek subcontractors, and business services exhibitors all under one roof for five hours. Some of the past successes include several small businesses securing contracts during the forum, as well as numerous long-standing business relationships initiated during sessions.

We hope to see you there!

By -- 2019-09-6 in Blog

When a natural disaster or great tragedy occurs such as a massive hurricane or the Boston bombing, your immediate reaction may be to want to help those who are suffering during these circumstances by sending monetary donations. Unfortunately, cybercriminals know this and take advantage of people’s good will through phishing scams and the creation of fraudulent websites that ask for monetary relief. To best protect your technology from being exposed to malware, here are a few guidelines to follow in the wake of a disaster:

  1. Highly question any individual plea for financial assistance. This includes solicitations on social media, direct emails and crowd funding websites. Even if it appears to come from a trusted source, always double check with the Federal Trade Commission Consumer Information website or National Voluntary Organizations Active in Disaster website for guidance.
  2. Beware of emails containing links that claim to lead to a website with “more information” or photos. Although the photos and information may be relevant, it is extremely important to double check if it is a trusted website before clicking on the link.
  3. A good way to check to see if a website is legitimate is to scroll over the URL. If the URL says something different than where you are trying to go, you know it’s a fraudulent website. For example, you may receive an email that says donate here for hurricane disaster relief efforts at www.madeupdomain.org, but when you scroll over the hyperlink it would say www.madeupdomain.com.
  4. Never even open a spam email, let alone click on the attachments or links inside, and never reply to an email with or give any personal information to a website that you are not 100% positive is legitimate.

You should always be following safe email practices, but in the wake of disastrous events it is especially important to be on the lookout for phishing and malware schemes since they routinely spike under these circumstances. Once your technology is compromised, it is expensive to fix, so don’t put yourself in that position. If you have any questions about how to prevent yourself from becoming a victim of a malware or phishing attack, don’t hesitate to give us a call here at OptfinITy at 703-790-0400 or visit us on our website at www.optfinity.com.

By -- 2019-08-28 in Blog

In the current technology age, every organization relies on a secure network to ensure efficient daily operations ranging from lead generation and sales to internal functions such as HR and accounting. That being said, if your network is infiltrated with malware, it isn’t just a problem for the IT department; it affects the entire organization and can cost them thousands of dollars. A recent entrepreneur.com article provides some suggestions on how to maintain a secure, malware-free network.

  • Protect all your access points with strong, complex passwords. If you’re worried about forgetting them, check out our previous blog that provides an easy trick, or use a password manager such as LastPass.
  • Ensure that all your software and systems are up to date. Cybercriminals are coming up with new ways to infiltrate systems and developing new viruses every day, so if you’re not constantly updating your systems and software, you’re leaving yourself vulnerable.
  • Limit the amount of file sharing enabled devices and relegate all file sharing to one server. This allows for easy monitoring for unauthorized access and limits the number of targets for a breach.
  • If your organization doesn’t already use private IP addresses, you should consider doing so. Having specifically assigned IP addresses for devices makes it easier to identify unauthorized network access by checking router logs.

While these suggestions are all great ways to prevent malware from infiltrating your organization, you should still constantly back up your data. That way, in the event of malware getting past all your defenses, you won’t lose everything in a breach, or be forced to pay in the event of a ransomware attack. If you have any questions or concerns about the security of your organization or how to stay malware-free, don’t hesitate to give us a call at 571-370-5777 or visit our cybersecurity division’s website at www.perusity.com.