Archive for October 8, 2018

Tech Impact Launches Nonprofit Information Security Division

Posted in Commentary with tags on October 8, 2018 by itnerd

Tech Impact, a 501(c)(3) provider of nonprofit technology solutions and the operator of award-winning IT training programs for under-served youth, announced today the launch of its nonprofit information security division. The newly formed security division will continue to offer Tech Impact’s legacy security services, but adds a specialized team of security experts who are laser-focused on creating appropriately scaled and customized solutions to address cyber threats.

The division was created in response to the changing needs of nonprofits. Nonprofits have become appealing targets for cyber attacks because the criminal world assumes that they don’t have the resources to hire security teams, have an aging technology infrastructure that is easy to penetrate and are more susceptible to phishing scams. Additionally, the type of data that nonprofits have is of particular concern — billing and medical data are valuable in the black market and many nonprofits have more sensitive information that is of interest to government attackers.

The Tech Impact nonprofit information security division provides a full suite of IT security services designed to protect nonprofits from digital scams, data loss, system intrusion, and many other cyber attacks. Services include IT security assessments, cloud infrastructure and compliance strategy, modern authentication, cloud device management implementation, identity management implementation, and security advisor.

Tech Impact is also introducing a new security advisor service, which is a first-of-its-kind offering that provides nonprofits with an option for ongoing security services targeted at emerging threats. Nonprofit organizations will receive a customized suite of services that inform them about new threats, design and implement needed protections and respond to security incidents. Services include:

  • Security Assessment Services: website and network penetration testing, patch and firmware status verification, privileged user inventory, phishing penetration testing, and a web privacy and compliance survey
  • Consulting Services: strategy and budgeting sessions with Tech Impact experts, data and inventory and classification, policy and procedure review, and regularly scheduled check-in meetings
  • On-Demand Services: incident response and engagement with auditors

To learn more about Tech Impact’s security offerings, please visit https://techimpact.org/services/security-services-nonprofits.

Advertisements

These Extortion Phishing Scams Are Multiplying Like Rabbits…. Here’s How Not To Become A Victim

Posted in Commentary with tags on October 8, 2018 by itnerd

Yesterday, I got one of those scam emails that I’ve been writing about for weeks now. Like the last three extortion phishing scams that I told you about, this one plays on the fact that you might have surfed for porn and that you might of done something else related to that. In other words, it is playing on your guilt about doing things that you perhaps should not be doing. Here’s the text of the latest scam email that I came across:

Hi, dear user of [DOMAIN DELETED]
We have installed one RAT software into you device.
For this moment your email account is hacked (see on “from address”, I messaged you from your account).
Your password for [EMAIL ADDRESS DELETED]: [PASSWORD DELETED]

I have downloaded all confidential information from your system and I got some more evidence.
The most interesting moment that I have discovered are videos records where you masturbating.

I posted my virus on porn site, and then you installed it on your operation system.
When you clicked the button Play on porn video, at that moment my trojan was downloaded to your device.
After installation, your front camera shoots video every time you masturbate, in addition, the software is synchronized with the video you choose.

For the moment, the software has collected all your contact information from social networks and email addresses.
If you need to erase all of your collected data, send me $800 in BTC (crypto currency).
This is my Bitcoin wallet: [BITCOIN WALLET DELETED]
You have 48 hours after reading this letter.

After your transaction I will erase all your data.
Otherwise, I will send video with your pranks to all your colleagues and friends!!!

And henceforth be more careful!
Please visit only secure sites!
Bye!

The first thing that this email says is that they installed RAT software on your computer. RAT stands for Remote Access Trojan. It’s a piece of software that can download your data, log your keystrokes and control your webcam and microphone. Now this software does exist. But if you have up to date and functional anti-virus software, it should be able to deal with it. The second thing is that they have your email address. But it was likely part of a data breach. You can find out which one by going to haveibeenpwned.com and typing in your email address. It will likely come back with the fact that you’ve been part of a data breach that includes your email address and password. In my case, the password that the scumbags got their hands on was one that I had used at least five years ago. That alone tells me that this is a bogus email and I should ignore it. But if you’re concerned about an email like this, and if you’re the least bit concerned about whether your system is compromised, consult a computer professional and have them check things over. Another thing I am beginning to suggest is that you change the passwords to things like your email, online banking and the like as a preventative measure. That way if you get an email like this, you’ll know it is fake immediately.

The bottom line is this. These scumbags want you to be the 1% of people who fall for something like this because they make lots of money off that 1%. Don’t be a victim. Don’t respond. Don’t pay them. Just ignore them and make sure that whatever password that they have isn’t in use by any of your online accounts. They are scumbags and don’t deserve your attention or more importantly your money.