The Most Commonly Used Email Keywords to look for to Avoid Phishing Scams

The Most Commonly Used Email Keywords to look for to Avoid Phishing Scams

Year over year, email phishing scams have grown in frequency, but 2020 saw the number of malicious emails and sites increase by over 25%.  The easiest way to decrease the likelihood of falling for a phishing scam is to pay attention to the emails you receive and take the time to question if it is from a legitimate source.  To better prepare oneself to not fall prey, it is best to understand what tactics are used by scammers. 

  • Imitating legitimate business activities 
  • Creating a sense of urgency 
  • Prompting the recipient to act 

Year over year, email phishing scams have grown in frequency, but 2020 saw the number of malicious emails and sites increase by over 25%.  The easiest way to decrease the likelihood of falling for a phishing scam is to pay attention to the emails you receive and take the time to question if it is from a legitimate source.  To better prepare oneself to not fall prey, it is best to understand what tactics are used by scammers. 

  • Imitating legitimate business activities 
  • Creating a sense of urgency 
  • Prompting the recipient to act 

The goal of the scammers is to trick people into giving up their credentials by making the email look like it came from a legitimate source, and forcing a prompt action, before you look too closely at the email.   

The most common keywords fall into eleven basic categories, most you will recognize; invoice, new, message, required, blank subject, file, request, action, document, verification, eFax, and voicemail. 

Below are listed real world examples of subject lines in each category. 

Invoice 

  1. RE:INVOICE 
  2. Missing Invoice ####, from a legitimate business name 
  3. Invoice ### 

New 

  1. New Message from ####, usually a legitimate source or business name 
  2. New scanned fax doc-delivery for 
  3. New fax transmission from ####, usually a legitimate source or business name 

Message 

  1. Message from ####, usually a legitimate source or business name 
  2. You have a new message 
  3. Telephone message for #### 

Required 

  1. Verification required! 
  2. Action Required: Expiration notice on (email address) 
  3. [Action Required] Password expire 

Blank Subject 

Blank subject lines can generally avoid automated security measurements when there are not common keywords for the software to scan 

File 

  1. You have a Google drive file shared 
  2. (Name) sent you some files—can be someone you know or in your organization 
  3. File-#### 
  4. (Business Name) Sales project files and request for quote 

Request 

  1. (Legitimate Business Name) Sales Project files and request for quote 
  2. (Legitimate Business Name) W-9 Form request 
  3. Your service request #### 
  4. Request notification #### 

Action 

  1. Action required: Expiration Notice on (legitimate business email address) 
  2. Action required: (Date) 
  3. Action required: Review message sent on (date) 
  4. Action required password expired 

Verification 

  1. Verification required! 

eFax 

  1. eFax from ID: #### 
  2. eFax® message from “phone number”—2 page(s), Caller-ID: 

Voicemail 

  1. VM from ########### to Ext. ###### on date 
  2. VM from ########## received for username on date 
  3. Vmail received on Monday, #### ##### 

Recognizing the keywords is the first step in protecting yourself and company from phishing emails.  If you are unsure if an email is legitimate or not, contact the supposed sender via another form of communication or have your IT department verify its legitimacy. 

At HubWise Technology, we believe an educated customer is a safer customer.  Education is not the only way that we protect against phishing scammers; we also deploy HubWise Armor, our security solution, that includes advanced phishing protection and alerting to suspicious emails.  If you would like to know more about how we protect our customers, feel free to reach out at jmoen@hubwisetech.com. or via our contact form.

Importance of Creating Technology Road Maps

Importance of Creating Technology Road Maps

Why Develop a Technology Road Map

A constant refrain at HubWise Technology is that we ensure that our customer’s technology is enabling success. We have put a system in place to understand our customer’s business. Not only what it is doing today and how they are currently using technology, but what their plans are for next year, the year after and 10 years down the road.

We set out with each of our customers to systematically create a technology road map with our customers. This road map is created through regular business reviews with a goal to create a system that verifies that technology will never hinder their growth. Not only do we schedule regular reviews with our customers, but they can update their road map through our portal. We would rather deal with potential hiccups then ignore red flags that can lead to future business down time. Not all IT (Information Technology) service companies choose this consultative method, and instead focus on supporting the day-to-day operations only. At HubWise Technology we choose to provide a true managed services approach to our customer’s IT infrastructure.

A perfect example of why this type of approach is critical occurred in Dalian in Northern China recently. Adobe blocked all content on Adobe Flash on January 12th, which marked the end of a 27-year journey. This should not have been a surprise to anyone that still used flash. Big tech firms began killing off support for Adobe Flash all the way back in 2017. There are many reasons why it was killed off, including security vulnerabilities that were inherent to its design, the arrival of competitors that offered newer and better content, and ease of use. Adobe has recommended that all flash users uninstall flash player and do not attempt to download another copy, being that it is more than likely malware.

Outdated Technology can Cause Major Problems

With all these warning signs, the city of Dalian still ran their railroad system on it. This led to a full and complete halt of their rail system for 20 hours. All passenger and freight services were halted. This led to thousands of commuters without a way to get to their destination and while simultaneously interrupting normal operations of a multitude of businesses spread throughout Northern China. After 20 hours, the rail technicians were able to get the rail system back up and running, but instead of using a new management software that uses modern technology, they substituted a pirated version of flash.

While the instance above might seem like an illustration of a worst-case scenario if a technology road map is not created, the long-term ramifications of 20 hours of down time is manageable. For a smaller business, lack of planning can easily create a work flow pattern that inhibits growth or slows productivity daily. This can be something as simple as running old hardware that constantly lags, or stealing daily productivity across your staff. Lack of planning can lead to unplanned hardware or software updates or outages during normal business hours interrupting operations or the loss of critical data.

To HubWise Technology, ensuring that technology is enabling your company’s success is our number one priority. If your current IT provider is only concerned with your day-to-day operations reach out to us and we can explain our focus on doing better.

Facial Recognition and Masks

Facial Recognition and masks

Advocates of privacy in public spaces are one group that currently enjoy the benefits of wearing a facemask during the Covid-19 pandemic.  Facial recognition software struggles to accurately recognize who someone is while wearing a face covering.

Facial recognition software and algorithms are dependent upon collecting as many data points as possible, including distances between facial features.  When this ability to measure has been taken away by a face covering, the accuracy of the software plummets.  Many governmental agencies and private businesses are desperately trying to find a way to reprogram the algorithm’s that control facial recognition software to increase the accuracy of identification while wearing a facemask.  The Metropolitan Transit Authority in New York is one of these agencies.  They are asking Apple to adjust their algorithm so that riders of the MTA’s public transportation do not have to take off their facial coverings to open their iPhone while on the bus or subway. 

The U.S. National Institute of Standards and Technology, NIST, recently published a study that shows that even the most advanced facial recognition software struggles to accurately identify someone who is wearing a mask.  NIST proved that there was a decrease in accuracy of anywhere from 5% to 50%.  Providers of facial recognition software are trying to adapt their technology and algorithms to focus on someone’s eyes and nose area for identification.  This change can increase the accuracy of the algorithm, but it limits the data points that are collected, which becomes an inherent flaw within the software.  This may be a viable option on increasing the accuracy of identifying a masked person, but the less data points that are collected by the software, the less accurate a match will result.  While it is inevitable that this new facial focus points are changed while masks are mandated, beating the software from identifying you becomes easier.  Covering your nose fully with your mask, wearing glasses, bad lighting, and shadows become more of a hinderance to accurate recognitions.  After most algorithms change, NIST plans to run a new study later this year to judge the effective rate to the alterations in the software programing.   

The Covid-19 pandemic has increased the use of and importance of facial recognition software worldwide. To decrease choke points upon entering buildings, many companies have eliminated swipe cards to enter buildings and have begun relying on facial recognition technology to increase the speed that employees can enter buildings.  The increased use of facial recognition coupled with changes to the algorithm should increase the accuracy of the software in the future.  The new focus on the nose, eyes, and area above it will lead to a long-term increased accuracy with facial recognition.  The periocular region of the face, or the eye and eyebrow region change less than the rest of the face due to age or weight gain and loss. These new algorithms are in the final phases of development and will begin to rollout over the next several weeks by many of the technology’s providers. 

Even with the increased stress on identifying features in the periocular region, the loss of data points will still decrease the accuracy of recognition by someone wearing a mask.  Privacy rights advocates also point out that this technology can be deployed against people trying to mask who they are for privacy reasons, like a peaceful protestor worried about blowback from their employer.   

The pace of change of technology has and will continue at a rapid pace for the foreseeable future.  This continuous change is the only constant in the world of technology.  This constant change is why HubWise Technology hold fearless innovation as a core value.  We are constantly striving to study and evaluate new technologies to ensure our customers are enabled for success.  IF you would like to learn more about how HubWise uses technology to protect their client’s networks, please reach out.  (402) 339-7441 or jmoen@hubwisetech.com. 

Is a TikTok Ban Coming to the United States

Is a TikTok Ban Coming to the United States

Why is TikTok all over the news lately? Being a father of a 12-year-old daughter, I hear more about this app then I would like. I know about all the new crazes, challenges, dances, who is trending and who is gaining followers and who is losing followers.

I understand the popularity of the application, mix in music, dancing, and a video slightly longer than a vine and hours of entertainment follows.  My daughter, has been an avid user of the TikTok for years, and while her account is set to private and we routinely audit who she follows and who is following her, I still struggle with the idea that she uses social media, especially an app that has serious privacy concerns.  These privacy concerns have now moved to the forefront of the news media cycle. In recent days, Amazon has banned the application, then called the ban an accident and that the email was not supposed to be sent.  Wells Fargo has wholly banned the application from company phones and does not play on relenting or reversing the ban.  

Upon the rollout of IOS14 by Apple, a new feature on the Operating System, detected that TikTok was accessing user’s clipboard data.  ByteDance, the Beijing based owner of the application, has since said that this feature has been removed by a new update rolled out in the App Store, but have not mentioned if this access has been removed from Android devices.  This was not the first time that ByteDance had been discovered stealing and harvesting this information.  Last year, they were found checking users’ clipboards every few keystrokes even when the app was running in the background.  When this discovery was made, they promised to remove this feature and stop this practice. Trust was lost between users and TikTok once they were found out to be continuing this practice. 

The banning of the application has moved passed the private sectors and into the public sector.  Last week Mike Pompeo, the Secretary of State, stated that the administration was looking into banning the application throughout the United States.  India has already banned the use of the application and Australia is looking into this as well.  The United States Military apparatus has declared that the application is a security threat, with the Defense Department advising that no personnel keep it on their phones.  The U.S. Army has gone further, enforcing an outright ban of the application and does not allow any soldier to use it.  The U.S. Navy may soon follow suit.  The biggest concern is if the Chinese Government can access that data that ByteDance is getting from their users.  ByteDance claims that all United States user’s data is stored in with in the U.S. and the backups in Singapore.  This allows them to circumnavigate Chinese laws and deny access to the Government if it is requested.   

Within the next couple of weeks, we should know if a complete ban in the United States will take place.  If it does not as a parent, I will have to make the decision if the potential invasion of privacy is worth taking away an application that my daughter enjoys.  If I make this decision, I may not receive any Best Dad Coffee mugs for a time, but will know that my daughters privacy is somewhat better shielded. 

If you have concerns about the safety of you or your companies data, feel free to reach out for an evaluation of your current security and safety practices.  Jason Moen (402)339-7441 or at jmoen@hubwisetech.com.

COVID-19 & Contact Tracing

COVID-19 & Contact Tracing

Contact tracing currently is being adapted on a large scale in an effort to reopen the United States and global economy.

Many questions remain to be answered by the combined public and private effort. How will it be put in place? What will be technology’s role? How will our privacy be affected by allowing our daily movements to be traced? How important is it to resolving our current pandemic?

Medical contact tracing is a technique that is used to identify infectious disease carriers and then uncover who they may have exposed. This is done using manual tracers, people who track all movements and contacts an infected person has had, and through the use of technology, like GPS and Bluetooth. Knowing who could possibly be infected allows for the possibility of isolating an outbreak and minimizing the spread. This can be easily accomplished in a remote or isolated geographic area. The use of contact tracing has been extremely effective with limiting the spread of Ebola and other local infectious diseases.

There are three aspects to controlling and eventually ending the current pandemic that has engulfed the United States. First, testing needs to be readily available to all that have come into contact with a potential positive. Next is to trace all of the interactions that the potentially positive patients have made. Lastly, individually isolate those that may be asymptomatic carriers until the disease has run its course, or at least 14 days. When all three aspects are put into place across the nation, the economy should be able to open safely without a major threat of a new dramatic spike in cases. The Centers for Disease Control and the World Health Organization agree emphatically that it will take this three part approach to safely reopen the country.

The largest hinderance to our ability to successfully trace this disease is the current lack of infrastructure in place to accomplish this task on such a large scale. There were only 2,200 professional contact tracers in the United States pre-pandemic; roughly 1000 are working in New York. In comparison, there was 9,000 tracers in Wuhan, China, a city of 11 million people, tracking the progression of the Corona virus. According to research done by John Hopkins Center for Health Security, it will take approximately 100,000 tracers to accurately track the spread at a cost of $3.6 Billion. Several geographically linked States are working together to hire medically trained personnel to conduct these traces, with the goal of California alone, to bring on 10,000 temporary workers.

To help trace potential exposures, current technology, Bluetooth and GPS, are being utilized within new applications to conduct traces. Tech giants, Google and Apple, are close to releasing new mobile apps to speed up the progression of tracing and increase the availability of. Between the two companies, they are responsible for 99% of the operating systems running on smart phones world wide. When completed these applications will have the ability to automatically trace where any smart phone owner has been, as long as access to this data has been allowed. This will simplify the job of tracing all infected. There are major privacy concerns with allowing private businesses and potentially Local, State and the Federal governments access to individuals movements. While allowing this type of surveillance to occur will be the best way to help the greater good, there are many vocal opponent’s who do not believe that this intrusion will be limited to contact tracing only. Apple and Google are trying to mitigate these concerns by keeping the data decentralized, which will minimize the risk of malicious or unlawful surveillance.

Technology based tracing will never replace manual tracing. Only 8 out of 10 Americans own smart phones which have the capability of running the applications that it takes to trace all potential contacts with Covid-19. People that are aged 65 or older are the most susceptible to the worst effects of this disease, and they make up almost half of the people in the United States that are not smart phone users. Cities with large populations of homeless will also struggle using a mostly technological based tracing method. There will always be those that believe that their right to privacy is more important then their ability to be traced and will refuse to download any application that allows for this type of surveillance. The use of manual tracing and the utilization of technology in conjunction will allow for the most accurate tracking of the disease, which will lead to our ability to reopen the country safely and allow normal life to resume.

Taiwan has been extremely effective at mitigating the spread of Covid-19. Much has been written about their use of technology and helping stop the spread, but they have relied equally on manual tracing methods. With a population of almost 23 million, they have had only 428 positive tests for Corona, with only 6 deaths. In comparison, the state of New York has a population of less than 20 million, and have seen over 300,000 positive cases with 23,000 deaths. Taiwan has implemented all 3 preventative measures to keep their numbers so low. They have tested everyone with potential contacts, traced all contacts made and then quarantined anyone that could test positive for 14 days. Most importantly, they started taking these measures immediately after the spread started, unlike other locales who waited to enact preventative measures and did not strictly enforce them. Contact tracing is one of the three measures that must be put into place to allow the United States to fully open safely again. Without testing en masse, contact tracing and then isolating all that could have been infected the likelihood of another wave of cases stays incredibly high.

If you would like to find out how HubWise uses the latest technologies to manage our customers IT infrastructure, please reach out to us at jmoen@hubwisetech.com or call at (402)339-7441

Lunar Crater Radio Telescope

Lunar Crater Radio Telescope

NASA is proposing to create the solar systems largest Radio Telescope, by deploying a wire-mesh grid inside of a crater on the far side of the moon. This wire-mesh grid would measure 1 kilometer, and sit inside of a crater with a 3-5 kilometer diameter.

Radio Telescopes have been in use since 1937 and are utilized to detect radio-frequencies emitted by extraterrestrial sources. Radio Wavelengths are much longer than those of visible light; to compensate a very large reflector, or dish is used to feed the incoming wave into a receiver and amplifier. There are limitations to a terrestrial based radio telescope. The majority of the limitations are based on 2 factors, larger wavelengths cannon penetrate our Ionosphere, reflecting back into space, and radio interferences that interrupt the ability to receive the signals.

A Lunar Crater Radio Telescope (LCRT) eliminates the first two limitations. It is very difficult for a radio wavelength longer than 6 meters to penetrate our atmosphere. A lunar based telescope would be able to receive signals from 6 meters all the way up to 30 meters in length. This will allow NASA to explore new signals with the hope to seeing other solar systems in the creation phase. The Moon will also be used as a shield to protect the LCRT from interference created on Earth, especially from other radio wave sources. The most obvious benefit to creating the LCRT, is it’s resemblance to the Death Star. Because our Moon will only be used to explore new solar systems, not destroy planets of our enemies, we should not have to worry about it’s destruction by rebels.

HubWise Technology is always exploring the newest technologies that come to market. While this technology will not help us manage our Clients IT infrastructure, if you would like to find out what we us that does, feel free to reach out to Jason at 402-339-7441 or jmoen@hubwisetech.com.

Email Security

Email Security

In our current business environment, email security has been focused on the newest threats. The threats pertaining to Covid-19 are very serious and need to be highlighted but they are not the only type of threat that needs to be emphasized.

In times of disaster, malicious actors will always try to take advantage of the situation. While all email users need to be aware of these perils, we cannot forget about other risks that are still present. There are millions of phishing and spoofing emails being sent daily that do not contain any information about the Coronavirus.

While phishing and spoofing can be used in conjunction with each other, they are both separate types of fraudulent emails meant to trick users into giving up personal information; including passwords, bank account information, and credit card numbers. Phishing is the practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, usually passwords. Spoofing disguises a communication from an unknown source as being from a known source. Both acts are not only used maliciously through email, but can be utilized as fake websites, phone calls or text messages.

Email Phishing

There are millions of phishing emails that are sent globally everyday. They make up 90% of all cyber attacks by volume. Some are poorly done, the Nigerian Prince, while some take an expert to tell the difference between a legitimate and fake email. The most common form of phishing emails are mocked-up templates informing users that their Microsoft, Apple or Facebook accounts have been locked out. They usually contain a link to click which will immediately reset your password, and by only entering your current user name and password this issue can be quickly fixed. The key to this type of scam, is they urge the recipient to quick action. They succeed by minimizing the amount of time users spend thinking about the legitimacy of the request with their call to action. The top ten most common companies that are used in phishing emails are;

  • Microsoft
  • PayPal
  • FaceBook
  • Netflix
  • Bank of America
  • Apple
  • CIBC
  • Amazon
  • DHL
  • DocuSign

If you receive an email asking for your passwords, first, stop and think. Never follow an unprompted e-mail link to reset your password. If you think there might be an issue with your password, access your mobile or desktop application, and establish if you can access it normally. If you can, more than likely you have been phished. If you have put in your sign in information, immediately change your passwords.

Email Spoofing

Spoofing is a less common form of malicious email attack, but if done well, hackers can easily trick an unsuspecting receiver into giving up personal information. The most common is an attempt by the malicious party to trick their target into giving up their credit card numbers, Social Security Numbers or bank account information. They accomplish this by tricking the target in believing the email has been sent from a trusted source; their bank, coworker or insurance company. For example, the accounting department may get an email from what they think is the CFO asking to purchase gift cards for clients. After they are purchased, they will be asked to scan and email the information. At this point, the bad actor has successfully scammed their intended target, and received untraceable funds. If you receive an email, asking for personal information, money, account numbers, etc, always verify that it is a legitimate request. This can be done by simply picking up the phone and calling the requester at a phone number that you already possess not any that are listed on the potentially spoofed email.

How Is Your Organization’s Email Security?

While in these trying times, we need to be extra cautious, especially with the newer digital threats that revolve around Covid-19, we still can not ignore other forms of cyberattacks. If you are interested in learning more about how to prevent phishing, spoofing and other cyberattacks, please reach out to HubWise Technology, jmoen@hubwisetech.com or at (402)339-7441.

Choosing the Right Video Conferencing Application

Choosing the Right Video Conferencing Application

What is the right video conferencing application for your business or to stay connected with friends and family while we practice social distancing across the nation? There are several quality options available on the market today and updates are being introduced regularly to these applications to increase their ease of use.

With the current importance of and extremely high level of use, the assumption moving forward is their use will stay elevated after the business world moves back to normality. Between the current importance and the assumption of future use, there has been a race to see who can capture the most market share. This race has only increased the features, quality, and ease of use of all the video conferencing applications. While each major application has differing positives and negatives there are more similarities in use and features then differences. We are outlining several popular solutions below, but if you would like custom advice, our Managed Services can help find the right solution for your company.

Zoom

Currently Zoom is the most popular video conferencing applications in terms of use and name recognition. Zoom has two options, free and a paid version. Zoom offers the most “fun” with easy to use backgrounds, you can personalize your meeting space. The free version does limit the amount of time of each call to 40 and keeps the amount of users to 100 or fewer. If used for personal use, most people can keep their calls to less than 40 minutes and if you go over, a new meeting can be immediately started. For business use, the paid version does not limit the length of time on each call and still limits you to 100 call participants unless you include the additional paid feature of large meeting, which will allow up to 500 people to participate. The mobile versions for Android and IOS are also very easy to use.

Skype

Skype is another free option for video conferencing. Skype limits participants at 50 users but does not the duration of the calls that you are using. There is not an upgraded version that will allow more users or extra features. To use Skype, all users need to download and sign up for either the mobile or desktop version. You can blur the background, but can not upload any different backgrounds.

GoToMeeting

GoToMeeting traditionally has been a business only application. There is not a free version. It has the most friendly mobile applications, including quality and ease of use. It is also the only video conferencing application that allows users to maximize call and image quality. This feature is extremely useful when a user has internet limitations, either slower download speeds or while using mobile data. There are 3 different version which allow higher amounts of participants. The levels are 150, 250 and 3000 participants.

Google Meeting/Hangouts

Google Meeting has several versions available based on what type of account that you hold; G-suite basic, G-Suite business or G-Suite enterprise. All of the options for Google Meet are included with your G-suite account, but they are paid business accounts; Google Hangouts is available for free to all Google users with limited functionality. All of the options allows for calls of unlimited duration but they are either limited to 10, 250 or 100,000 participants. During the current pandemic, they are offering some of their calling functionality for free, including calls of up to 250 participants.

Cisco Webex

Cisco Webex supports up to 100 participants with an unlimited call duration, with the free or paid version. The free option limits specialized features, the premium version allows call transcription, storage of recorded calls, easier integrations with phone systems and more bouts administrative controls.

If you have questions about what Video Conferencing systems is the right fit for your business. Please contact Jason at (402)339-7441 or at jmoen@hubwisetech.com.