Tag Archive for: cyber security

Sorry Wrong Number, Let’s Be Friends

/in /by

Criminals have one job to focus on, while the rest of us have our own jobs to worry about AND be ever vigilant against crime. Cybercriminals don’t just hack your computers and take your money without you knowing about it, sometimes you willingly give it to them… just for the wrong reasons. This next story is significant because it happened to people I know. And although it doesn’t involve traditional cybercrime, it involves technology and the abuse of trust.

A person I know (a male) got a call one day from an asian sounding woman. She asked for a person and he told her she had the wrong number. I guess that day he was feeling extra lonely or bored and for some reason instead of hanging up the phone immediately the woman managed to strike up a conversation. And the game began.

Like any good criminal, the attack doesn’t happen right away. She spent time with her victim, weeks in fact. She told him she was originally from Japan and that she was living in LA. After a couple weeks of back and forth, the topic of investing came up, and she told him about what she and her uncle were doing; buying and selling crypto currencies. 

She casually asked him if he had any money to invest, she would be willing to show him how to do what they were doing, he said he had about a thousand dollars. She got him to set up a legitimate account with crypto.com and then had him set up an account with a fake version of the legitimate CME Group app. For someone that has no experience in crypto you wouldn’t think twice about using a link sent to you by someone you’ve been talking to for weeks… always download your apps from an app store or trusted site.

Once he set up the account and transferred the crypto, the game shifted into high gear. The plan was simple, every Friday they would get on the phone and make 3 trades. The trades would be quick and the profits would be somewhere in the neighborhood of 20 to 30%. Keep in mind, throughout the week, they continued to talk. After a couple months, his account was looking pretty amazing, enough so that another person we know decided to join in. The second person put in an initial investment of two thousand dollars. And just like clockwork, his monies seem to grow exponentially every week. 

I caught wind of this after they had been doing this for about 4 months. I had my suspicions and so I decided to join the game… but only far enough in to expose what was really happening. The first guy asked if I could join and she said as long as I was trusted. She then contacted me directly… through WhatsApp.

WhatsApp is an online way to communicate with people, often used by people not within your own country. This of course was a red flag since she had said she was in LA. She asked me how much I had to use, and I told her two to five thousand… she of course suggested the five thousand. I had an existing account with crypto so I sent her a screenshot of my account (making sure there wasn’t any revealing information). She then sent me a suspicious link to CME Group… I asked her why I couldn’t use the app store to download the app, and she said I had to use this link. I dragged my feet on transferring funds and made excuses as to why it was taking me so long. But then she made a hurried mistake exposing herself to everyone.

In the last rounds of trading she offered the guys some additional money to help boost their returns, they of course said sure. After the trading and the impressive returns however, she requested they pay her back… but instead of using the monies from the account, she told them they needed to send her a wire in US dollars for the amounts she fronted them… 37K each. 

At this point I had no reason to continue pretending I was going to send her any money and they were no longer under the spell of fast money. She attempted to regain control of the situation but no one was obviously having it. In total she made away with three thousand dollars… but it was a game she played for over 5 months. Not a great return, even as a criminal. It could be assumed she was running this scam on other people so perhaps she won on volume. 

Before you go down any questionable paths, click on any suspicious links, answer any phone calls from people looking for someone else, step back and think of this tale. Better yet, give us a call and we’ll help you and your office navigate the ever changing landscape of the cybercriminal. Always put people first, before technology.  Don’t ever be afraid, shy or timid to reach out for help, especially if there’s any doubt whatsoever.  Betterchips is here to help and save your time and money and to prevent scams like these.  

A Happy Technical Support Representative Engaging a Client Virtually

What do you mean I need to see you again?

/in /by
A Happy Technical Support Representative Engaging a Client Virtually

Wouldn’t it be nice if you only had to see your IT specialist when things went wrong? And wouldn’t it be even better if things never went wrong? Well, too bad. Let’s get really real, technology and cyber criminals seem to be on some never ending desire to make things more difficult and dangerous. As fast as criminals figure out a way to get in your computer, software companies are producing patches to board up the holes. Your hardware isn’t much different; how many times have you been told you need to update your computer in order to run current software?

Technology has enabled businesses to operate more efficiently and effectively, centralizing most (if not all) of your vital information and operations into just a few key points. And as technology advances and cyber criminals create new ways to gain access, everything from your work stations to your office’s policy and procedures need to be updated in order to keep up. 

Are you updating software every week? How about regularly backing up data on external drives? With all the work you have on your plate already, the “little things” can easily slip through the cracks, and what should happen regularly can quickly become a situation of “whenever I have time.” Keep this in mind the next time you put off updating your office for the 2nd or 3rd or 4th time; One organization identified over 4 million high-risk sites in 2021, with roughly 66% of them involving phishing. It only takes one time to lose everything you’ve worked for; the average money spent on ransoms surpassed 300,000.00 and over 80% of attacks were on companies with less than 1000 employees. 

Yes, you could hire a full time IT person to watch over your network, your work stations, your software updates, your driver updates, train new hires, update old hires, keep up with current threats, keep up with new software and hardware, and so on… Or you could simply utilize a qualified IT support company like Betterchips Consulting, with a staff of tenured, highly skilled professionals making sure every aspect of your digital resources is covered, and beyond. 

Your problems are so trending right now

/in /by

There’s no such thing as bad publicity… unless it comes via your IT support company’s Facebook page. Here at Betterchips, we take our clients’ privacy very seriously.  You’ll never see our clients’ logos on our website or even mention the companies we work with.

We all name-drop, it’s just how we validate who we are and why we belong in a particular group. The problem with name-dropping in the IT world, especially if your company has just experienced cyber crime, is that it draws unwanted attention to your potential vulnerabilities… even if they’ve been fixed. 

A big part of being an IT company is being able to be trusted. An IT company has to have access to the vital parts of a company’s network and in some cases have more accessibility than the owner. If an IT company is sharing with the general population that they take care of your back end or maintain your systems (usually remotely) not only could they be making your company a target, but they could be inviting bad actors to give their security a trial under fire. 

Social media is a huge marketing tool for virtually everyone selling anything. These free platforms can take literal nobodies and make them actual millionaires. So with nothing to lose and all the money in the world to gain, many companies are leaning heavily on their social media accounts to attract new business.  The problem is when companies share too much information, especially information that may be useful to cyber criminals

Cyber criminals enjoy a challenge. You fixed your problem? We will see about that! Having your IT company use your downfall as a means to promote themselves is the same as having your corner coach yell across the ring, “he’s bad about dropping his guard, but we told him not to!” 

Betterchips will never talk about its clients and what has been, or is being, done for them. Even in one-on-one situations, we take our clients’ privacy very seriously. You’ll never see our clients’ logos on our website and even if their problems make the news, we will never acknowledge that we helped them or are in the process of helping them. Betterchips understands that cyber criminals number in the several thousands, and even if you can stop 99.9% of them, that .1% can do enough damage to ruin everyone.

20 minutes could save your business

/in /by

20 Minutes Could Save Your Business

You’ve probably already trashed the emails, deleted the text messages, and closed the pop ups a dozen times today. In fact, statistically speaking, you’ll probably get around 100 pieces of email today, and at least one of those will be a phishing email. 

Now, let’s multiply that by the number of people in your office that interact with your business digitally, that send you text messages… or simply happen to be on your wireless network, and suddenly you’re not just watching out for the stuff you get.

Keep this in mind, one survey in 2021 assessed that 47% of SMBs (small medium businesses) were attacked successfully! And of those that were attacked, an estimated 60% couldn’t recover from the damage done. This means that in 2021, approximately 28% of US SMBs closed because of a cyber crime. Would you take 20 minutes to help prevent this from happening to your company?

We can present all the data in the world and you can read it and appreciate it for what it is, but at the end of the day, if you’re not doing something to prevent your digital assets from being compromised, maybe you should ask yourself ”why?” We understand that in the 24 hours we have each day, there doesn’t seem to be much time to worry about hypothetical situations or “what ifs”, so we’ve come up with a simple 20 minute assessment. You have 20 minutes, right?

 Here are some of the questions you’ll be asked…

  • Does your business have written Incident Response, Disaster Recovery and Business Continuity plans?
  • Does your business follow written policies and procedures for creating backups of digital assets and systems?
  • Does your business have industry appropriate antivirus and malware protection measures and email security practices in place?

There are 10 questions in total, and this free assessment (you can do it while you’re eating lunch or getting your morning coffee started) may be an eye opener and start you thinking about ways to protect your digital resources. For the full assessment, just go to…

It’s Time to Take a Closer Look at Cybersecurity Risk – Betterchips Consulting Corporation

And after you take this quick survey, if you find yourself with more questions than answers, contact Betterchips and we can help shed some light on this topic or any other technology questions you may have.

A Pile of Complex Technology Contracts

Filing it won’t fix it.

/in /by
A Pile of Complex Technology Contracts

Every day there are scams being run and individuals and businesses alike are finding themselves victims. The FTC (Federal Trade Commision) had over 2.8 million fraud claims filed in 2021, that’s over 7,671 per day. This number in all likeliness is higher because it only represents the individuals who were willing to file a report. 

In 2021 it is estimated that 2.8 million scams cost victims over 5.8 billion dollars, that’s roughly 2,071 dollars per person, if it were that easy to calculate. The reality is businesses can literally be forced to close if they are attacked. When Equifax was hacked, it cost them over 700 million dollars to recover. So what does filing a report actually do?

If you are attacked, it’s definitely advisable to report it, however, as the FTC states on their site, “We can’t resolve your individual report, but we use reports to investigate and bring cases against fraud, scams, and bad business practices.” This basically means that your report will help them to identify criminals, chart trends, and provide the impressive statistics provided in this blog, but it won’t help you on the road to recovery. 

This is also echoed on other government websites including USA.GOV. They clearly state, “You can report scams to the federal government. Your report may keep others from experiencing a scam. Government agencies use reports of scams to track scam patterns. They may even take legal action against a company or industry based on the reports. However, agencies don’t follow up after you report, and can’t recover lost money.”

If you experience an attack and lose money or possessions, it is recommended (and you’ll probably do it anyway) that you report the attack to your local and state governments as well as the federal government. But the hard truth is the vast majority of scammers aren’t within the jurisdiction of the US. With places like Pakistan, Brazil, China, Nigeria, and India, topping the list for scam originations, filing a report only adds validity to the need to be ever vigilant with protecting and maintaining your digital assets and resources. 

What should you do to prevent scammers from taking you? We recommend contacting a company like ours before something happens. Betterchips can provide technical support as well as staff training, to help reduce the chance of a bad actor gaining access to the information you need to run your business. With ongoing monitoring and continual updates with hardware, software, and staffing, you’ll be able to focus your attention on growing your business. If you find yourself a victim, contact us immediately, as time is of the essence. We can quickly and effectively make sense of what’s happening and provide the best possible solution to get you back in the game.

Good news! More bad news.

/in /by

CISA (Cybersecurity and Infrastructure Security Agency) is an organization that was established to help fight against cyber crime. As this group learns and collects data on the different types of crime, they update their Known Exploited Vulnerabilities catalog (KEV).  The KEV is updated often; just in June CISA updated the catalog 49 times. How often are you updating the key points in your digital infrastructure, and what are the metrics you’re using to do all of this by?

That’s a lot to ask of the average person (the average person being someone not in IT). And so there are many companies and programs that automate these various updates. Instead of taking a look at all or many of the areas you could be updating regularly, let’s take a look at one: patches.

First, before we talk about updating and managing patches, let’s make sure we understand what a patch is. Patches are basically the updates to software, operating systems, and certain hardware systems that typically address security issues and vulnerabilities within the application. When your computer notifies you that it needs to Restart to apply updates, it needs to install the latest security patches. Now that you know what they are, let’s talk about managing them.

The pros of automation is that you can set it and forget it. The cons of automation are that you can set it and forget it… until it kicks up a bunch of red flags. Recently a patch was released and some companies and federal agencies implemented it without first testing it. This caused major internal issues like problems with authentication, which meant employees couldn’t login to the services they needed to do their work.

Some basic steps to help avoid issues (but will require you to do more work) are:

  • Make sure you have a current list of ALL software and OS in use.
  • Set up rules and procedures for patch management.
  • Keep up with new patches.
  • Before you implement them throughout, test all your patches.
  • Always have a backup of working editions.
  • Make sure your patches are downloaded from secure sources.
  • Keep a patch management or configuration management log.

If you’re having issues with things like this, don’t go at it alone or trust just anyone. Betterchips Consulting can help keep you compliant and manage tasks like this properly. With decades of high level experience, we understand how important it is to not only keep you safe from outside attacks, but also keep you safe from the things meant to protect you.

Betterchips - Technology Know-how

Happy holidays from your international cybercriminal syndicate

/in /by
Betterchips - Technology Know-how

The 4th of July is one of the nation’s largest celebrations. As many Americans and non-Americans come together to enjoy this time off, reconnect with family and friends, and perhaps share a beer or two, cybercriminals are in the wings waiting for their moment to shine. 

Most companies have come to expect phishing schemes and cyber attacks around holidays such as Thanksgiving and Christmas, but all-to-often, we ignore and overlook the other holidays. Criminals see time away from your computer as an opportunity to explore and exploit your unattended network. 

The facts are clear, the vast majority of breaches occur because someone let the wrong person in the virtual door. Once on the other side, hackers will spend time going through your data, watching interactions and transactions, and deciding on what you need most. It may be months before you are made aware of their presence, and the more time away from your systems, the less likely you’ll catch them before it’s too late.

Some key reasons holidays are great opportunities for criminals…

  • Employees are usually thinking about other things during holidays, and a preoccupied mind is more apt to slip up and click on the wrong thing.
  • Less eyes inside the network means more free time for criminals to snoop around. Long periods of being offline make it harder to track suspicious activity.
  • When purchasing on a budget or under time constraints, sometimes better judgment takes a back seat to what appears to be a great deal.
  • A limited staff or a staff that doesn’t usually work with your systems (but is covering it while you’re away) could be the gate keeper a seasoned hacker is looking for. 
  • With lots of emails from family and coworkers being circulated around the holidays, criminals will exploit your trusting nature and pretend to be someone you know. 
  • Working remotely can be dangerous. Public hotspots are a prime access point for tech savvy criminals to obtain access to your data.

It only takes a few extra moments to prevent someone from gaining access to your digital assets. Stop and inspect any emails or text messages you receive. Even if the message appears to be from a familiar source, take a second to double check. Use your known means of contact to reach out to the sender, and get confirmation the email or text was sent from them. If it’s coming from an address you recognize but the content seems suspicious, don’t interact with the message. Wait till you have a chance to speak with the sender directly. If you’re working remotely, try to avoid public hotspots, and if you have to use unsecure networks, make sure your antivirus software is current. Remember all it takes is one mistake and everything you’ve worked for could suddenly be up for ransom or worse, erased forever.

IF your company should find itself under attack with a data breach or compromised security, contact Betterchips immediately. The quicker Betterchips can get involved, the more likely your company’s digital assets can be saved or restored. Don’t let precious time go to waste, contact Betterchips now… Yes, we work holidays.

Does your network trust no one?

/in /by

95% of breaches occur because of user error. That’s right, your precious data and all the initial setup you’ve done to protect it will likely be undone by one of your own. If you’ve never heard of zero trust, there’s a good chance your security profile is based on a protocol established in the 90s… you’re not still using Webcrawler, are you? 

The 90’s centralized data center and secure network perimeter is given a major uplift with zero trust. The concept is simple: your network treats everything as potentially hostile. Period. But some are misusing the term in order to market other products.

Let’s be clear, your business probably isn’t understanding technology jargon, keeping up with the latest tech trends or navigating cybersecurity. But this doesn’t mean you should also be taken advantage of due to ignorance. Here are the core details of zero trust.

  • Every connection is terminated. Before anything ever hits its destination, the item is inspected. This is different from traditional network security that inspect items once they reach their destination.
  • Data is protected using context based policies. Basically, a zero trust infrastructure will continually evaluate a number of factors to make sure the person or program requesting the data has all its ducks in a row.
  • Attack surfaces are reduced. In a traditional network setting where a user may want to access a program on a network, in zero trust, the user and app are directly connected. This greatly reduces the possibility of contamination laterally.  

Yes, there’s a lot going on behind the scenes of your network, and yes, you should definitely keep it up-to-date and as secure as possible. Things like zero trust, which VPN to use, compliance and regulations, policy and procedures, and cybersecurity, are just some of the things a qualified MSP like Betterchips Consulting handles on your behalf. You have enough to worry about running operations day-to-day, let us help ensure all your hard work is safe, secure, and performing optimally.

Is “The New Normal” putting your business at risk?

/in , /by

The emergence of COVID-19 has caused many seismic shifts in the business world. The first, and currently most prevalent, is the dominance of work from home. Millions of workers are now working from home, with companies like Amazon, Google, Microsoft, and Facebook mandating their employees work remotely. Organizations are facing unprecedented challenges with work from home as it results in heightened security risks for companies of all sizes, and it is likely that your clients are at advanced risk of these threats.

At Betterchips, we want to keep our partners and our peers in the best space to stay safe from potential attacks and we recommend that you look into the 5 biggest threats that people are facing.

Personal and Mobile Device Security

With work from home, people are using much more devices, including their own, to save and manipulate files. They also use mobile devices to do work more frequently, which traditionally have different security protocols and can be attacked in different ways. These devices are a much bigger treasure trove for hackers as they have more personal data on them. To prevent the risk of attacks here, we recommend that security teams should require device registration and provide oversight of devices allowed to access company data.

Strong Password Management and Authentication

Password policies are key and with employees using more devices and applications, then moving to options like 2FA will allow for a safer and more robust approach to password management. This will also reduce the burden on things like password resets into your administration teams.

Encrypt Your Data

Unencrypted data can be accessed and is much easier to hack. This is why security professionals should adopt and enforce encryption policies, especially as a large majority of employees are now remote. It is critical when people work from home as there is much more online and chat conversations occurring as human to human interaction is limited.

Make Sure Connections Are Secure

Remote workers are always at risk of not using secure connections, as they are not on the company network, This gives hackers a great path to access their computers and the company network. This is part of the education a company should do to their employees to remind them to use a secure network. Also, using a virtual private network can help to ensure that employees are secure when they access your company data, systems, and applications.

Educate on Cybersecurity Awareness

The best way to protect from a cybersecurity attack, is to educate your workforce on what they should do if they are suspicious of an attack or think they have been attacked. Education is something we can assist with, as our team can speak with you or your clients and help bring employees up to the expert level, and reduce the risk of attack.

If we can help you with any of these issues, please drop us a line at 1-866-270-2388, and we can quickly evaluate your current cybersecurity situation and build you a plan of action.

.

We Identify, Interpret and Remedy Complex Technology Casework, Matters and Incidents for Professionals and Business Stakeholders.

Site Navigation

Products and Services
About Us
Careers
Case Studies
Blog
Contact Us

Legal

Terms of Service
Privacy Policy

© Copyright – Betterchips Consulting Corp. – All rights reserved.
Disclaimer: Betterchips Consulting Corp. is not a law firm and does not offer or provide legal advice or service of any kind. If requested, we may be able to provide an attorney recommendation.