The Marriott Hack Exposes 500 Million People

The Marriott Hack Exposes 500 Million People

It’s nice to get away every now and then, but if you have stayed at any property under the Marriott umbrella, including St. Regis, Westin, Sheraton, or W hotel since 2014, there is a good chance that your personal information has been leaked, a spokesperson from parent company Marriott has said. They said the multinational hotel corporation will begin emailing users impacted by the leak in the coming days.

Continue reading

Fileless Malware Attacks Increasing

Fileless Malware Attacks Increasing

Ransomware has been far from low-profile since its inception several years ago. Everyone knows what the file-encrypting malware does, and they all know that paying the ransom can make the nightmare go away by decrypting the files located on their computer. As if the threat of losing data forever wasn’t enough, you’re staring down a ticking clock while this is going on. Nowadays, ransomware is becoming more difficult to manage through various tactics.

Continue reading

How to Thwart Targeted Phishing Attacks

How to Thwart Targeted Phishing Attacks

Modern businesses rely on email as a central part of their communications infrastructure, but this comes with its own set of threats and issues that can derail operations. Spam in particular is troublesome for organizations to deal with, as it wastes time and exposes your users to danger. While spam can be blocked, more dangerous types of messages can make their way past your defenses. These types of threats are known as phishing scams, and they present a considerable threat to your organization.

Continue reading

The Anatomy of a Phishing Attempt

The Anatomy of a Phishing Attempt

Recently, a client called us, concerned that their email accounts had been hacked and a phishing attempt was in progress. Fortunately, one person was smart enough to ask the questions which ultimately saved their company $187,000.

The Cast of Characters;

Company President (“Pres”)

Company CFO (“CFO”)

Internal financial analyst (“FA”)

Internal IT (“IT”)

Continue reading

Would Your Users Fall For These Social Engineering Schemes?

Would Your Users Fall For These Social Engineering Schemes?

Social engineering is one of the trickiest parts of protecting your organization. It might sound like something out of a science fiction flick, but it’s one of the most dangerous attacks that a hacker can use against your business. Social engineering attempts to manipulate the target into giving away sensitive credentials or personal information for the purpose of stealing identities and other malicious intentions.

Continue reading

How To Spot A SMiShing Attempt

How To Spot A SMiShing Attempt

Phishing--it’s a threat that tells a tantalizing lie to entrap its target, and one that you’ve likely heard of before. However, as technology has advanced, so have the opportunities that cybercriminals have to leverage phishing attempts. Smartphones, for instance, make it so that you must be aware and on the lookout for SMiShing scams.

Continue reading

Tip of the Week: A URL Can Help Give Away A Phishing Attack

Tip of the Week: A URL Can Help Give Away A Phishing Attack

Back in 1995, scammers pulled the first phishing attack. They took the identity of AOL employees and requested the billing information of users through instant messaging. More sophisticated phishing attempts have evolved over the years, culminating in the commonly-seen email phishing attack, which tricks users into handing over personal or sensitive information. Phishing attacks can be seen through, so we’ll show you how you can identify threats before they become a problem.

Continue reading

Birding and Bad Guys

Birding and Bad Guys

Birding and bad guys

My wife and I had a nice vacation recently. We attended the Biggest Week in American BirdingBirding. People come from all over the world to see birds that migrate through northern Ohio. The area around Magee Marsh and Ottawa National Wildlife Refuge is inundated with travelers out to see birds that are only here for a brief time.

Of course, birding is more than just seeing the birds. Identifying them is the goal. There are programs that will help you identify birds of all types and help you see the identifying characteristics to help distinguish one bird from another. One local expert, Ken Kaufmann, gave a talk once about birding and he started out with the statement “Birding is easy” and he showed a picture of a cardinal. The next slide read “Birding is hard” and showed a picture of some type of seagull that even he was not able to definitively identify.

Keeping safe online is kind of like birding. Email comes to us like migrant birds. We don’t always know where it comes from or who sent it. Sometimes, like identifying a cardinal (Ohio’s state bird), recognizing a spam or phishing email is easy.

Continue reading

UPS Package Tracking Scam

Our esteemed security trainer recently received the email pictured below,  and he's not the first from the Ashton team to have gotten something similar over the past few weeks.  We've redacted the necessary email addresses so as to prevent spam, but you get the gist of it.  Tom received an email, purportedly from UPS, regarding a package on its way to him.  As with all of these emails, a tracking number (as a link) was included.  But two things stand out, and these are two things you should always consider when reviewing an email; the shipper's email address doesn't have anything to do with UPS, and by hovering over the tracking number, you'll see that the URL is actually for "www.logmeinusercontent.com".

...
Continue reading

Phishing, Anybody?

Yesterday morning, our spam filter (Reflexion) blocked an email directed to my attention.  Evidently, a FedEx item couldn't be delivered.  I released the email to my inbox so I could have a look.  Interestingly enough, I did in fact send two items last week, so ths email caught my attention.  I hadn't really thought about it, but the items I sent were via UPS 2nd Day Air, rather than FedEx.  Still, the fact that I'd just sent something allowed this email to catch my eye.  Upon opening the email, the first thing I saw was a .zip file attachment.  Red flag #1. Why would FedEx need to compress a simple document into a .zip file? 

Tags:
Continue reading

Scammers Use Whaling Attack Emails to Pose as “Big Fish”

Scammers Use Whaling Attack Emails to Pose as “Big Fish”

Have you ever heard of a phishing attack? This is a type of scam designed to trick users into handing over sensitive credentials by appearing to be someone else. However, some types of phishing scams are much more dangerous than others, with some hackers feeling ambitious enough to pull in “a big catch.” These types of attacks are called “whaling,” and use imitation of executive authority in order to get what they desire.

Continue reading

Education is Key to Network Security

Education is Key to Network Security

I occasionally do Security Awareness training for Ashton and I try to keep my presentations up to date with current news items about data breaches and other security related issues that adversely affect businesses today. Taking a step back from the details, there is one overriding theme in almost all of the incidents: social engineering. Generically defined, social engineering is getting someone to do something willingly that will ultimately hurt them, and they do it because they trust you.

While technology has improved over the years, people have stayed pretty much the same. Back in 1963 Frank William Abagnale, Jr ran his first con. He went on from there to become one of the most prolific social engineers ever to eventually get caught. His life became the basis for the movie Catch Me if you Can. He was able to successfully impersonate an airline pilot, doctor and others. One comment he made was very telling: "What I did is now 4,000 times easier.

Continue reading

Date with Disaster

Date with Disaster

Date with disaster

Back in 1965 you could get a date by going on The Dating Game. You were either an individual, asking questions of three bachelors/bachelorettes to see if they were anyone you wanted to date, or one of three on a panel, answering those questions (and hoping to win a date). Since that show offered limited opportunities for either side of the dating equation, singles looking for companionship needed to expand their options.

Eventually we got singles clubs and then dating web sites. People being like they are, looking for a potential mate or at least a date needed to be more convenient. After all, people are busy and finding a significant other takes time that is just hard to come by. Enter dating apps. Now dates can be searched for (and maybe even found) while on planes, trains, and automobiles, in the dentist office or where ever you can connect. Even at work.

Continue reading

Tip of the Week: 5 Giveaways that You’re Being Baited With a Phishing Scam

b2ap3_thumbnail_phishing_scams_400.jpgPhishing attacks have become commonplace, partly due to the fact that it’s so challenging to know who’s for real and who’s a fake on the Internet. The anonymity of the Internet has fostered an environment where hackers can extort money with little fear of getting caught, under the right circumstances. How can you protect yourself and your business from being targeted by phishing attacks?

Continue reading

Something Phishy is Going On

Something Phishy is Going On

Something is phishy here.

Last time I discussed some high points (or low points depending on your perspective) from the Verizon 2015 Data Breach Incident report . Phishing was one of the topics. At the risk of sounding repetitious, here are some more items to emphasize why, at home and at the office, you need to be careful with email.

Item 1) An article titled Phishing' scam cost London woman nearly £50,000. Unfortunately for this poor woman, someone hacked her email and sent her instructions to wire money to the "bank." After she lost the money she went back and looked at the email and noticed that the email address the scammer used was missing an "s" in "partners."

Notice the clue she missed? The email address the scammer used was off by ONE letter. Not much to look for if you are distracted, in a hurry or careless. It cost Vivian Gabb her life savings and a house.

Continue reading

2015 Data Breach Incident Report

2015 Data Breach Incident Report

tl;dr

You may or may not recognize the abbreviation. It stands for “Too long; didn’t read”.

I suspect that for many of you, that would be your response to getting an email offering the latest data breach incident report (DBIR-2015). Well that is what people like me are for. We read these reports and pick out the juicy bits for you. This one is fairly long, at 70 pages, but it has some interesting information that you as a business owner or a computer user should be aware of; and perhaps you can benefit from it.

The short version: $400 million loss, 700 million compromised records, 61 countries. If you went to Home Depot and used a credit card, you were affected, along with a lot of other people under other circumstances.

Continue reading

4 Obvious Signs of a Phishing Attack

b2ap3_thumbnail_phishing_attacks_400.jpgThe online world is full of threats that are waiting for you to let your system's guard down. Thanks to powerful security measures, you might not be worried enough to consider that hackers have found ways to get around your defenses. If you’ve grown complacent, you might be in for a rude awakening when a hacker’s phishing scam works on you.

Continue reading

78% of Phishing Scams are Hackers Impersonating IT Staff

b2ap3_thumbnail_phishing_emails_400.jpgWhen it comes to protecting your business from hackers, having a strong firewall is important, but it isn’t enough to fully keep the bad guys out of your network. If they can’t hack their way through a system vulnerability, they will try another, more devious way; namely, by tricking your staff with phishing tactics.

Continue reading

Dyre Wolf Malware Bleeds Businesses of $1.5 Million Per Hack

b2ap3_thumbnail_dyre_wolf_phishing_400.jpgWith spring arriving (even though we woke to snow cover in Cleveland yesterday), “winter is coming” as the new season of the critically-acclaimed television series Game of Thrones returns to millions of viewers worldwide. Ironically, there’s also a type of malware gaining traction in the online community that matches its bark with its bite, aptly dubbed Dyre Wolf. This threat has the potential to cost businesses as much as $1.5 million per hack, and takes advantage of the ever-common spear phishing tactic.

Continue reading

Can You Spot a Phishing Attempt?

Can You Spot a Phishing Attempt?


 Could you tell a phishing scam if it hit you over the head?  Ashton's engineers see them all the time, and this one is pretty blatant.  All you need to do is hover over the URL and see where the redirect is taking you.  You can also try going to the domain from which the email was addressed (in this case amazonshopperexp.com) to determine its validity.  In this case, there is no such page. Look suspicious? Then don't click on it.  Want to learn more? Feel free to call us at 216 397-4080 and we can help.  Ashton offers security seminars at which you'll learn more about all the different types of scams out there, and how to better protect you and your business.

...
Continue reading

Blog Archive

Mobile? Grab this code!

Qr Code

Our Mission:
Ashton Technology Solutions develops proactive business technology strategies to arm our clients for success.

Contact Us

Learn more about what Ashton Technology Solutions can do for your business

Call Us
Beachwood: 216-397-4080
Wooster: 330-439-5730

23625 Commerce Park
Suite 130

Beachwood, Ohio 44122

sales@ashtonsolutions.com