Have you been caught watching porn?

By -- 2019-12-16 in Blog

If you haven’t received an email accusing you of watching pornography, consider yourself lucky—but be on alert. A familiar scam with a new twist is making the rounds, and it’s designed to exploit fear and embarrassment to steal your money.

This scam often begins with data from a previous breach, where emails and associated passwords were compromised. The scammers rely on the fact that many people reuse passwords across multiple sites. They send threatening emails claiming to have your password and alleging they’ve installed malware on your computer to capture compromising footage of you watching explicit content.

Why This Scam Feels Convincing

The scam is particularly effective because the perpetrators include a real password—one you’ve used in the past or are currently using. This detail can make their claims seem legitimate. However, in most cases, there is no malware on your device. The scammers are simply banking on fear and guilt to compel victims to send money.

Unfortunately, people who may have visited such sites—or who are alarmed by the idea of their password being compromised—are more likely to fall for the scam. It’s worth noting that pornography remains one of the most searched topics on the internet, making this an easy target for scammers.

What Should You Do?

If you receive such an email, here’s our advice:

1. Stay Calm: These scammers are trying to exploit your emotions. Don’t panic or respond.
2. Ignore the Threats: Delete the email and avoid engaging with the scammer in any way.
3. Change Your Passwords: If the password mentioned in the email is still in use, update it immediately. Use unique, strong passwords for each site, and consider using a password manager to help you stay organized.
4. Enable Multi-Factor Authentication (MFA): Adding an extra layer of security makes it much harder for attackers to access your accounts, even if they have your password.
5. Consult a Trusted IT Provider: If you’re still concerned or need help securing your accounts, reach out to a reputable IT professional.

Need Help? Contact OptfinITy

If you don’t already have a trusted IT provider, OptfinITy is here to help. Our team specializes in protecting individuals and businesses from cybersecurity threats, and we can ensure your systems and accounts are secure.

Don’t let fear drive you into the hands of scammers. Stay informed, take proactive steps to protect your information, and reach out for professional assistance when needed.

ASAE Exhibition And Party Pack Prize Winner

By -- 2019-12-11 in Blog

It’s December and that means OptfinITy once again exhibited and attended the ASAE technology conference. More than 1,000 industry professionals, associations and non-profit organizations come together to examine how technology impacts the association industry on December 3rd and 4th at the DC Convention Center.

As one of the leading providers of technology and cybersecurity solutions to associations, OptfinITy was there to speak with and help various associations with all of their needs as the event relates to infrastructure, cyber security, website development, mobile apps, phone systems and IT Support.

Congratulations to Rob Gates who was the winner of our beer pong contest.

If you or someone you know could benefit from IT solutions that will help run your business better, give us a call at 703-790-0400 or via email at sales@optfinity.com.

Why End-users should not have administrator access

By -- 2019-12-10 in Uncategorized

The Importance of Limiting Administrative Access

In today’s day of cyber attacks, viruses, and ransomware, business owners and executives are always asking: What can we do to limit our exposure?

An Industry Standard: Restrict Administrative Access

One of the easiest recommendations we provide—and a widely recognized industry standard—is to never allow end-users to have administrative access to their computers.

Real-World Impacts of Administrative Access

In our over 17 years of being in business, it is really easy for us to pull up thousands of tickets related to viruses, computer slowness, and operating system issues that are a direct result of an end-user having local administrator access to their computer.

Productivity and Cost Implications

Giving users administrative access not only can make your staff less productive, it raises the cost of doing business. Examples include:

  • Fixing computer issues caused by unauthorized changes.
  • Employee downtime due to system problems.
  • Data loss from virus infections.

Risks of Administrator Accounts

Administrator accounts on a computer allow the user to install software, make any change to the system settings, and override local folder permissions. While this might not seem like a big deal at first glance, let’s consider the potential issues:

  1. Unauthorized Software Installation
  • Leads to non-work-related activities.
  • Causes potential computer slowdowns or shutdowns.
  1. Unlicensed Software Installation
  • Opens your business to hefty fines from software vendors.
  1. Execution of Malicious Programs
  • Users can unintentionally execute malware, leading to infections that could span many computers on your network.
  • These infections are often undetectable by antivirus programs when the user specifically allows them to execute.
  1. Data Breaches and Privacy Concerns
  • Administrator accounts can be used to access data in other user profiles on shared PCs.
  • This poses risks of data breaches and theft.
  1. Unfavorable System Changes
  • Operating system settings can be altered, intentionally or unintentionally, leading to significant consequences.

The Benefits of Limiting Access

While limiting user access might seem inconvenient for some, mitigating the significant risks and costs associated with running with administrator access is well worth it. When combined with a 24 x 7 helpdesk to provide controlled access and oversight, businesses can ensure that the right components are being installed without compromising security.

The High Cost of Administrator Access Exploitation

We have seen firsthand the devastation that can occur when malware runs with full administrator access. In today’s environment, the cost of such incidents can easily exceed hundreds of thousands of dollars. By restricting administrative access, you take a vital step in protecting your business and its assets.

100k People Tricked by Fake IRS Website

By -- 2019-12-5 in Blog

Beware of Fake IRS Websites: Over 100,000 People Targeted in Recent Phishing Scam

This past summer, a large-scale phishing campaign exploited fake IRS websites to target over 100,000 individuals worldwide. Researchers from Akamai, a cloud security solutions provider, uncovered that the threat actors operated the campaign for more than two months, using hundreds of deceptive domains and URLs to impersonate the Internal Revenue Service (IRS) of the United States.

How the Phishing Scam Worked

Victims were directed to fake IRS login pages where they were prompted to enter their email addresses and passwords. These fraudulent sites also sought to extract personal information from unsuspecting users. In total, the campaign utilized at least 289 unique domains and 832 URLs to carry out its attacks.

Legacy Websites and Public Trust Exploited

One of the alarming aspects of this campaign is its reliance on compromised legacy websites. According to Katz, principal lead security researcher at Akamai, many of the sites hosting these IRS phishing pages were legitimate websites that had been hijacked by cybercriminals. “These sites were likely targeted due to the public’s inherent trust in them,” Katz explained.

Why August Was Chosen

Interestingly, the campaign’s timing appears to be strategic. Research indicates that August is a prime time for phishing attacks as it coincides with vacation season, a period when people are more likely to check personal emails, click on suspicious links, and browse the internet. Katz believes this timing was no coincidence and highlights the importance of staying vigilant, especially during periods of increased online activity.

Protect Yourself and Your Business

If you’re concerned about the risk of falling victim to fake websites or phishing scams, security awareness training is an essential defense. OptfinITy can help safeguard your personal and business information through comprehensive training programs designed to educate and empower users.

Contact us today at 703-790-0400 or email us at sales@optfinity.com to learn how we can help protect you from cyber threats.

Smartphone Users Advised Not to Use Public USB Charging Stations

By -- 2019-11-18 in Blog

Have you ever traveled before with a phone lower on power and tried one of those “free” USB charging stations?  According to a recent report, it turns out the convenient USB power charging stations found in airports and malls may come with a cost.

Officials are warning that travelers should be wary of using USB ports when charging smartphones since hackers have devised ways to download and steal data from phones and tablets by modifying USB connections and installing malware onto your phone without your knowledge. This technique is known as ‘juice-jacking.

Although, the general notion of juice-jacking is viewed as a relatively new hacking threat, it is not as new as it seems. In fact, attendees of security conferences back in 2011 have been warned about the dangers of plugging their devices into public charging kiosks.  The concept of juice-jacking has also been proven at hacker conventions and seen by many travels who have had the unfortunate encounter of having their personal information and data stolen due to juice-jacking. For more information on your latest security concerns and other technology related resources, check out our website at www.optfinity.com.

Is Your Organization’s IT Infrastructure Up-To-Par?

By -- 2019-09-30 in Blog

Having a solid IT infrastructure is the absolute bare minimum if you want your organization to grow and prosper in the 21st century. With the technology age in full swing, organizations that don’t adapt and implement the latest technologies will be left in the dust. A recent entrepreneur.com article lists a few areas that business owners should focus on to ensure present and future success.

  1. Don’t just move to the cloud. Adopt the cloud- The cloud itself is not going to transform your business. You need to take advantage of its functionalities to make your organization operate more efficiently.
  2. Constantly upgrade your networks and move to software-based networking- Network upgrades are necessary to eliminate vulnerabilities and optimize proficiency. However, if your network updates require downtime and changes in hardware, you are quickly falling behind. Many organizations have already switched over to software-based networking which allows for small updates to be sent regularly without disrupting users and in turn eliminating downtime.
  3. Know your software and don’t let it become outdated- Software is the backbone of a company’s IT structure and can be used to run its networking systems. Through analytics and machine learning, certain types of software now are able to adapt the system in real time, essentially maintaining themselves virtually.

The window is rapidly closing for companies to jump on board of the technology train. If your organization hasn’t already began looking into or adapting the aforementioned practices, or if you have any questions regarding your IT infrastructure, don’t hesitate to give us a call at 703-790-0400 or shoot us an email at info@optfinity.com.

Vishing Scam Costs Large Energy Company $243,000

By -- 2019-09-25 in Blog

Elaborate phishing scams are already a massive problem that continue to cost organizations thousands of dollars as a result of employees clicking on malicious links or sending money to someone claiming to be their boss. Thanks to technological advances in AI, there is a new threat to look out for, vishing (voice phishing), that allows criminals to mimic the voices of employee supervisors and demand large transfers of money from employees, passwords, or other critical information. A recent thenextweb.com article discussed a situation in which $243,000 was transferred to cybercriminals from a CEO thinking he was speaking with his boss who worked at a parent company.

Back in March, a CEO of a UK-based energy firm received a call from whom he believed to be his boss at a German parent company requesting a prompt wiring of $243,000 to a Hungarian supplier. The cybercriminals had used voice-generating AI software to mimic the German accent of the British CEO’s boss, which lead the unsuspecting chief executive to proceed to wire the money. It was only after a second request to wire more money that the executive became suspicious, refused, and alerted authorities.

This isn’t the last time this will happen. With the improvement of voice mimicking software comes more opportunities for criminals to exploit their capabilities. If you have any questions or concerns related to cybersecurity, vishing, or phishing, please don’t hesitate to give us a call at 571-370-5777 or visit our cybersecurity division’s website at www.perusity.com.

OptfinITy Named 2019 Best in Business Finalist

By -- 2019-09-17 in OptfinITy News

OptfinITy, the DC area’s leading IT provider for small businesses and non-profit associations announced today that the Alexandria Chamber of Commerce has named OptfinITy as a 2019 Best in Business Finalist. This annual event recognizes companies who set themselves apart as leaders in the area.

OptfinITy believes there is more to running a business than simply providing services, which is why they frequently sponsor local networking events, volunteer to speak at business growth workshops and cybersecurity seminars, and sponsor events honoring local police, firefighters, and first responders. “We’re honored to be selected as a finalist for the Best in Business Awards and to be among other local organizations who work to enrich our community by taking initiative to improve the lives of not only our clients, but everyone in the community, outside the confines of the office and workday,” says Michael Drobnis, Founder & CEO of OptfinITy.

This year, the Best in Business Awards will be held on Wednesday, October 2nd, from 6:00PM – 9:00PM at The Westin Alexandria which is located at 400 Courthouse Square, Alexandria, VA 22314. We hope to see everyone there!

OptfinITy CEO Michael Drobnis to give cybersecurity presentation at the annual Fairfax County Small Business Forum

By -- 2019-09-12 in OptfinITy News

The Washington DC Metropolitan area’s leading managed IT service provider’s President and CEO will be presenting a cybersecurity presentation at this year’s Fairfax County Small Business Forum. The presentation will be from 10AM-10:50AM and will cover a variety of topics ranging from how to spot a phishing email to how to secure your organization and the many network and system vulnerabilities that exist.

Cyber threats have a high potential of putting small businesses out of business due to their expensive recovery costs. “As you may have heard in the news, cyber threats are on the rise and it is therefore extremely crucial for small businesses to have top-notch cybersecurity plans,” said CEO Michael Drobnis. As an owner of an IT firm with over 20 years of experience working with small businesses to implement effective cybersecurity programs, attendees will walk out with the knowledge necessary to help them take extra precautions to protect their organization.

About the Small Business Forum:

The Small Business Forum offers small business owners opportunities to network, seek coaching and “find out what is available in our business ecosystem” by engaging with fellow business people, Fairfax County agencies, federal agencies, larger corporations who seek subcontractors, and business services exhibitors all under one roof for five hours. Some of the past successes include several small businesses securing contracts during the forum, as well as numerous long-standing business relationships initiated during sessions.

We hope to see you there!

Beware of potential spike in fraudulent websites in the aftermath of Hurricane Dorian

By -- 2019-09-6 in Blog

When a natural disaster or great tragedy occurs such as a massive hurricane or the Boston bombing, your immediate reaction may be to want to help those who are suffering during these circumstances by sending monetary donations. Unfortunately, cybercriminals know this and take advantage of people’s good will through phishing scams and the creation of fraudulent websites that ask for monetary relief. To best protect your technology from being exposed to malware, here are a few guidelines to follow in the wake of a disaster:

  1. Highly question any individual plea for financial assistance. This includes solicitations on social media, direct emails and crowd funding websites. Even if it appears to come from a trusted source, always double check with the Federal Trade Commission Consumer Information website or National Voluntary Organizations Active in Disaster website for guidance.
  2. Beware of emails containing links that claim to lead to a website with “more information” or photos. Although the photos and information may be relevant, it is extremely important to double check if it is a trusted website before clicking on the link.
  3. A good way to check to see if a website is legitimate is to scroll over the URL. If the URL says something different than where you are trying to go, you know it’s a fraudulent website. For example, you may receive an email that says donate here for hurricane disaster relief efforts at www.madeupdomain.org, but when you scroll over the hyperlink it would say www.madeupdomain.com.
  4. Never even open a spam email, let alone click on the attachments or links inside, and never reply to an email with or give any personal information to a website that you are not 100% positive is legitimate.

You should always be following safe email practices, but in the wake of disastrous events it is especially important to be on the lookout for phishing and malware schemes since they routinely spike under these circumstances. Once your technology is compromised, it is expensive to fix, so don’t put yourself in that position. If you have any questions about how to prevent yourself from becoming a victim of a malware or phishing attack, don’t hesitate to give us a call here at OptfinITy at 703-790-0400 or visit us on our website at www.optfinity.com.