There is a new phish in town, and now its targeting iTunes users trying to access their personal information.  This attack is emailed in the form of a receipt which appears to come from your iTunes account listing movies the victim supposedly purchased.

There is a link at the bottom which, when clicked, directs the victim to a page asking for personal information in order to obtain a full refund including credit card numbers, social insurance numbers, and even mother’s maiden name.  It is quite obvious what they can then do with all this sensitive data once it is stolen.

To stay ahead of the curve, be sure you are always reviewing the source of the email, sender’s email address, and the actual URLs of the links being suggested, among other things.  And of course, double check your credit card and bank accounts to see if these charges are, in fact, real.  Once you realize these charges are not even listed on your accounts, it is more obvious that this potentially is a scam.

While this current scam is aimed at our Canadian neighbors up north, it won’t be long till it makes its way down to the lower 48.  Always be suspect of any email asking for you to click on a link.  If you’re not sure all your employees are properly trained on how to look out for these types of scams, Optfinity provides training and testing for you and your staff to prevent security breaches by victimized employees.

WordPress recently released a new version of their software which also included an update that fixed a previously undisclosed critical vulnerability.   If left unpatched, hackers could possibly modify the content of any post or page on a WordPress website.

Initially this vulnerability was not made public in the hopes of staving off hackers; however, it didn’t take long for hackers to strike after the news broke, and it seems over 100,000 webpages may have been the victim of defacement.

You should always ensure you and your company are running the most current version of any software and are constantly downloading the updates provided.  If you can, automatic updates will help alleviate the need to manually check for these. 

Optfinity provides this level of support for all our clients, so they never have to worry about using an old version of any software or not being up-to-date on any security patches.  If you’re not sure of how robust your systems are or whether or not auto-updates are configured, Optfinity can provide you with a free assessment to help you determine how susceptible your data may be.

How to Stay Safe on Public Wi-Fi: Protecting Your Personal Data

Have you ever stopped to think about the safety of the free Wi-Fi network you’re connecting to at your local coffee shop? If you’re like most people, you probably haven’t. But here’s something you might not know—scammers often set up fake Wi-Fi hotspots to steal your personal data. The next time you’re sipping your latte, take a moment to verify that the network you’re joining is actually from the store, not a malicious hacker sitting nearby.

Why Should You Worry About Public Wi-Fi?

Public Wi-Fi networks are a convenient way to browse the web, check your email, or catch up on social media while on the go. However, they come with significant risks. If you’re connecting to a network set up by a scammer (also known as a “honeypot” Wi-Fi), any data you send over that network could be intercepted. This includes sensitive information like passwords, credit card details, and addresses. If the hacker gains access to your private data, it could lead to identity theft, financial loss, and much more.

How to Protect Your Personal Information

Here are a few essential steps you can take to stay safe while using public Wi-Fi:

1. Verify the Network: Always confirm the Wi-Fi network name with the staff before connecting. Don’t just assume the free network in a coffee shop is the legitimate one. Scammers are skilled at creating networks with similar names to confuse unsuspecting users.
2. Look for HTTPS: When visiting websites that require you to input sensitive information—such as passwords or credit card details—make sure the website URL starts with “HTTPS” rather than “HTTP.” HTTPS means the site is using encryption to protect your data, even if you’re on a potentially risky Wi-Fi network. If you don’t see HTTPS, don’t enter any personal information.
3. Use a VPN (Virtual Private Network): A VPN encrypts your internet connection, making it much harder for anyone to intercept your data. This is particularly useful when using public Wi-Fi.
4. Turn Off Sharing: Disable file sharing and Bluetooth on your device when using public Wi-Fi. This reduces the chances of someone accessing your files or connecting to your device remotely.
5. Keep Your Device Updated: Ensure your device’s software is up-to-date with the latest security patches. Regular updates protect you from known vulnerabilities that hackers may exploit.

Unsure About Public Wi-Fi Safety? Contact Optfinity

If you’re still uncertain about using public Wi-Fi or want additional tips on securing your personal data, contact us at Optfinity. Our experts are ready to provide you with advice on how to stay safe online and offer your business a free security assessment. Don’t let hackers steal your data—take the steps necessary to protect yourself today!

By staying vigilant and following these simple precautions, you can enjoy public Wi-Fi without putting your personal information at risk. Stay safe, and always make security a top priority!

Arkansas police are hoping they can use an Echo found at a murder scene, and its recordings, to help with the investigation of a murder.  Echoes only begin recording after hearing the wake word, but background noise/chatter could have activated the device. 

Amazon stores all the voice recordings from its devices on its servers.  As a user, you can delete your personal voice data, but there’s no way to prevent Amazon from saving that data on their servers.  Amazon has said they do not release customer information without a “valid and binding legal demand”.

While this might all not sound like much for the average user, just remember that the Echo could possibly be picking up any background conversations you might be having, including you talking about personal information such as credit card numbers, addresses, social security numbers, or any other self-identifying data.

Be aware of the cache on your Echo and frequently delete those files.  While there have been no cases yet of mass hacking of these devices, you do not want to make things easier for criminals to have access to your personal data by leaving the information on your Echo.  This is especially true if you utilize one at your place of business. 

Those one billion Yahoo! users’ account information, which was stolen back in 2013, is now for sale on the computer underground market for a total of a little less than one million dollars.

So not only is the data currently in the hands of criminals and probably being utilized, but if you have not changed your passwords that were also similar to your Yahoo password, all your other accounts might be jeopardized.

And this is just the tip of the iceberg because not only were passwords taken, but so were security questions and answers.  These are also reused by many of us throughout multiple accounts.  So not only should you utilize a password manager and generator for your passwords, but also for security questions.  At the very least, keep the passwords and answers in a simple spreadsheet.  Remember, your security answer does not actually have to be Spot, your first pet.  It could be jIes92#lf!FW.

British Hospitals Hit by Ransomware: Are Your Business Systems Safe?

Recently, three British hospitals fell victim to a **ransomware attack**, forcing their IT systems offline and leading to the cancellation of routine patient operations. The attack lasted several days, significantly disrupting the hospitals’ ability to provide essential care and services, highlighting the critical impact that **cybersecurity breaches** can have on organizations.

The Dangers of Globe Ransomware: Data Loss and Business Disruption

The ransomware in this case was a variant of the **Globe ransomware**, which is particularly dangerous because it not only encrypts data but also **deletes system backups**. Backups, typically generated daily, allow businesses and institutions to restore their systems to a previous state after an attack. However, without access to these critical backups, **recovering from a cyberattack becomes nearly impossible** without paying the ransom.

Many organizations rely heavily on their backup systems as a safety net in case of IT disasters. When those backups are compromised, businesses are left with few options to restore operations, leading to downtime, lost revenue, and potentially life-threatening consequences in the healthcare sector.

2,800 Patient Operations Cancelled: A Wake-Up Call

Though the hospitals managed to recover their systems within 48 hours without paying the ransom, the incident resulted in the cancellation of **2,800 patient operations**. Not only did this create potential health risks for patients, but it also led to substantial financial and operational losses for the hospitals involved.

This case raises the question: Could your business survive being shut down for 48 hours? Worse, could you afford the ransom costs, which in some cases have reached **$17,000 or more**, to restore your data?

Protect Your Business from Ransomware Attacks

Don’t wait until your business is hit by a cyberattack to assess the strength of your IT security and backup systems. At Optfinity, we specialize in cybersecurity and can help you evaluate how well-protected your organization is against ransomware and other threats. We offer a free assessment to identify potential vulnerabilities and ensure your backups are secure and effective.

Contact Optfinity today to safeguard your business from ransomware and other cyber threats. Stay proactive—don’t wait until it’s too late to secure your company’s most valuable assets.

Ransomware Attack Impacts LA Population

We talk a lot about ransomware, but phishing scams are still just as prevalent and are just as dangerous to companies, their employees, and their clients. This year, a hacker comprised the data of over three quarters of a million LA County employees. This not only includes their employee’s personal information, but also client/patient information stored in their email accounts.

What does the stolen information include?

The information stolen includes names, social security numbers, credit card information, medical records, and many other sensitive pieces of data.

Aftermath of the Attack

Thankfully, law enforcement launched a criminal investigation and have issued an arrest warrant for one felon and are still looking for potentially any others who might have been involved.

This all began because a thousand county employee email users reportedly received phishing email from the hacker and a few fell victim to the bait. This is a perfect example of how employee training to ensure staff do not click on unfamiliar links as well as two step authentication to prevent unauthorized access could have prevented this large-scale hack.

Next Steps for Your Organization

Are all of your employees knowledgeable on how to avoid phishing scams? Are you aware of the dangers if an employee accidentally opens themselves up, and your systems, to a hacker’s scheme? Optfinity can provide you and your staff with all the necessary tools, software, hardware, and training you need to ensure your IT safety and security.

Many Amazon customers are being scammed by a very real-looking email saying there’s a problem with their order and asking them to click on the attached link to enter some information as verification. So if you are or will be ordering through Amazon anytime soon, be on the lookout!

Remember, anytime a company sends an email asking you for more information, there are some ways to identify if it’s a scam and to protect yourself. You can read the full article for every tip. However, the easiest way to protect yourself in these circumstances is just to go directly to the site yourself without using the provided “link”. This way you know you’re going to the right site.

The other major way to protect yourself is by using two-step authentication whenever it’s available. We have blogged about this several times over the past year. This, and many other tips, are just some of the things you should be training your employees on to

Protect Yourself from Amazon Order Scams: Tips to Stay Safe

Many Amazon customers are falling victim to a new and convincing scam. The fraudsters send emails that look incredibly legitimate, claiming there’s an issue with your Amazon order and asking you to click a link to verify your information. If you’re shopping on Amazon anytime soon, it’s crucial to be aware of this scam and know how to protect yourself.

How to Spot Amazon Order Scam Emails

While the email may appear to come from Amazon, it’s important to remember that legitimate companies like Amazon will never ask for sensitive information via email. If you receive an email claiming there’s a problem with your order, here are some signs to look for:

1. Suspicious Sender Address: Check the email address closely. Scammers often use email addresses that appear similar to Amazon’s official domain, but with subtle differences.
2. Urgent Language: Scammers create a sense of urgency to prompt you to click the link right away. Be cautious of emails with phrases like “Immediate action required” or “Verify your account now.”
3. Generic Greetings: Legitimate emails from Amazon usually address you by name. If the email is generic, like “Dear customer,” it’s a red flag.
4. Unsolicited Links or Attachments: Never click on a link or open an attachment from an unknown email. These could lead you to phishing sites that steal your personal information.

The Easiest Way to Stay Safe: Go Directly to the Source

When in doubt, avoid clicking the link in the email. Instead, go directly to Amazon’s website by typing the URL into your browser. By doing this, you can verify the status of your order securely and make sure you’re on the right site.

Strengthen Your Security: Enable Two-Step Authentication

One of the most effective ways to protect yourself and your accounts is by using two-step authentication (2FA). We’ve highlighted the importance of 2FA in previous blog posts, and it’s a critical tool in safeguarding your Amazon and other online accounts.

By enabling 2FA, you add an extra layer of security that requires you to enter a second verification code—usually sent to your phone or email—before granting access to your account. This makes it much harder for scammers to gain unauthorized access, even if they somehow get hold of your password.

Protect Your Business: Employee Training and Cybersecurity Assessments

If you’re an organization, it’s vital to train your employees on how to recognize phishing scams and other cyber threats. A breach can occur when an employee unknowingly clicks on a malicious link, compromising the company’s security.

At Optfinity, we specialize in cybersecurity training for businesses, ensuring your team knows how to identify and avoid potential scams. We also offer free security assessments so you can evaluate the strength of your company’s defenses.

If you’re looking to improve your company’s cybersecurity or want to learn more about protecting your business from scams, contact Optfinity today. Let us help you build a more secure organization.

How the MUNI Ransomware Attack Highlights the Importance of Cybersecurity for Your Business

Several weeks ago, San Francisco’s Municipal Transportation Agency (SFMTA), which operates the MUNI transit system, was struck by a major ransomware attack. The cybercriminals demanded 100 Bitcoins—roughly $70,000 at the current exchange rate—in exchange for restoring the agency’s systems. In response, SFMTA chose not to pay the ransom, fearing it would encourage future attacks. While the MUNI system continued to operate by allowing passengers to ride for free, this breach serves as a stark reminder of the vulnerabilities any organization can face, regardless of size.

What Happened During the MUNI Ransomware Attack?

The ransomware attack hit MUNI’s systems hard, infecting over 2,000 devices, including servers, workstations, and ticketing machines. Experts believe the attack was not a deliberate target but rather the result of an accidental infection. It’s suspected that a single employee unknowingly opened a malicious file, which allowed the malware to spread throughout the network.

SFMTA’s recovery process was relatively quick. By the end of the weekend, they had restored their systems and resumed charging passengers. However, this incident highlights two crucial questions every organization should ask themselves:

1. How would your business handle a similar attack?
2. How quickly could you recover without paying the ransom?

The Real Cost of Cybersecurity Neglect

While SFMTA is a large organization that could afford to absorb the financial and operational impact of a few days without charging fares, many businesses—especially smaller ones—would not be able to recover as easily. A single compromised employee could put your entire system at risk, leading to prolonged downtime, loss of revenue, and potential damage to your reputation.

The cost of downtime, lost productivity, and the expense of recovering from a ransomware attack can be devastating for small and mid-sized businesses. A cyber attack could disrupt your operations for days, weeks, or even longer if your recovery plan isn’t up to par.

The Importance of Strong Backups and Quick Recovery

One of the most critical aspects of protecting your business from a ransomware attack is having a robust backup and recovery plan. The speed at which SFMTA was able to recover their systems—without paying the ransom—was largely due to their effective backup strategy. Without reliable, up-to-date backups, the risk of losing valuable data increases exponentially in the event of a cyber attack.

How quickly could your company restore its systems if a ransomware attack were to happen today? Are your backups secure, encrypted, and easy to access during a crisis? If you’re unsure, now is the time to reassess your cybersecurity plan.

Don’t Wait Until It’s Too Late: Assess Your Cybersecurity

At Optfinity, we understand the importance of proactive cybersecurity. We offer free cybersecurity assessments to help you understand exactly where your vulnerabilities lie and how you can improve your defenses. Whether it’s strengthening your backups, training employees to recognize phishing attacks, or ensuring your systems are secure, we can help you build a strong foundation to prevent cyber attacks.

Don’t wait until you’re the next victim of ransomware. Reach out to Optfinity today for a free assessment, and make sure your systems are secure before it’s too late.