social media

What is phishing? Everything you need to know to prevent and fight it

by

Have you ever been a victim of fraud via email? This type of fraud is known as phishing and is becoming more common and dangerous every day. It is a method used by cybercriminals to deceive users, showing them information that seems like it comes from a known company, thus, they get confidential information such as credit cards, social security numbers or bank account numbers.

They usually send you an apparently corporate email (for example, an email from your bank) where they will direct you to a fake website, and kindly ask you to update your password, validate information about an account, or the most attractive ones offer you gifts, among other things, which will then allow hackers to keep your data. 

In some cases these attacks are easy to detect, however, in the day to day especially during working hours, we do not have time to look at small details. Spelling errors, unofficial URLs of companies that claim to be, or sometimes very similar addresses but not exactly the same, are the main indication that something is wrong. 

There are not only produced via email we can find several types:

Types of phishing attacks: 

  • Deceptive Phishing: This is the traditional type that we described above, the aim of the attacker is to obtain personal information from the user either by trying to get the user to provide it or by redirecting it to a fake website in order to obtain said information.
  • Spear phishing: This type of attack is usually more personalized and may include more personal information such as the name of the victim, phone or workplace. Spear phishing can come with names of known people, where they tell you that they attach a file that may be common for you, but this can be infected. These types of attacks are much more difficult to detect.
  • CEO Fraud: It works in the same way as Spear phishing, but in this specific case, the attacker pretends to be the CEO or someone with a relevant position, where they requests confidential information and that the employee will believe that must be given as someone with decision-making power in the company. 
  • Smishing: This type of attack is produced by SMS. They usually offer prizes and to receive it, the victim has to click on a link, reply to the message or call a phone number.
  • Vishing: This type of attack differs by being through a typical telephone call, where the attacker, as well as via e-mail, seeks to obtain certain personal information. 
  • By search in the browser: the fraud occurs in the same way with a fake site, but in this case, the hacker uses SEO and SEM techniques to position his false site and thus the user finds them among the first options of what you are looking for 
  • Pharming: This type of attack manipulates the hosts files or Domain Name Systems (DNS) to redirect a specific domain name to the one chosen by the cyber-attacker. 

What to do to prevent it?

  1. Recognize and identify a possible phishing: some details that can help us detect an email of this type: 
  • The URL address is different from the official website of the company where it says it is. The difference can be minimal: an “i” in uppercase (I) looks like a lowercase “L” (l).
  • They usually offer gifts or ask to update data, which is rarely requested in this way. 
  • Check the wording and language: often this type of emails have some details in the wording or language, if you see an email from your bank written in another language, this can be a clear sign of phishing.
  1. Enter your confidential data only on secure websites: In addition to checking the domain, check that the website is secure and that it starts with https: //
  2. Use two-factor authentication for all the services that allow it, especially for those who handle financial information
  3. Check the shortened URLs: if you see an abbreviated URL on a social media or it arrives by mail, there are websites that allow you to see the full address, that will allow you to see where you are redirected. 
  4. Open documents with other online documents viewer such as Google Drive: If it is usual for you to receive files from different contacts, you can open it first in an online document reader which will prevent some malicious software from being installed on your device. 
  5. Frequently update all the operating systems, browsers and applications that you use, thus avoiding vulnerabilities. 

Cyber ​​attacks are becoming more sophisticated every day and we can easily be deceived, but if we take the necessary preventive measures and are aware of how they are evolving, we can go a step further and thus reduce the risk of being the next victim. 

10 Cybersecurity measures to use Instagram safely without compromising your privacy

by

Recently we discussed the influence that social media have on our daily lives, particularly on Facebook. Instagram is a social media that has become increasingly popular, and the more popular it becomes, the more security risks we have when using it. Therefore, before starting to publish your favorite photos of your trips and your favorite dishes, take into account some security measures to use Instagram safely.

Instagram is undoubtedly the social media preferred by young people today, for the large amount of visual content that is published, as well as the immediacy of their publications, especially on the Stories. However, it does not stop being a focus of attention for hackers if it is not used correctly.

How could the misuse of an Instagram account affect your security? Small details such as simply having an open account, or connecting from a public Wi-Fi can bring you serious consequences, such as being a victim of fraud or data leakage.

Therefore, it is better to take security measures, from the most basic to some specific settings of the application.

How to use Instagram safely?

  1. If you do not have an Instagram yet and you are thinking about having it on your mobile, the first thing you should do is to download it from the official stores (Play Store, Apple Store, etc). Avoid downloading it from another site.
  2. After having your account, or if you already have it, the basic rule to use Instagram safely is to use the private account mode, so only those who want you choose can access you. If you want to leave it public because you want to promote it, make sure you do not publish any personal information that could compromise your security such as travel photos where you and/or your relatives appear, photos of children, etc.
  3. As in other social media (and in real life), if your account is personal and not for any promotional purpose, just accept to be followed by people you know, remember there are false accounts. In the same way, these false accounts will try to write you by direct messages to try to connect with you, if you do not recognize them, you can reject the request and they won’t be able to contact you.
  4. This privacy option is also available for Stories, Instagram allows you to create a group called “Close friends”, with that option you can select who of your followers will be able to see your Stories.
  5. We have repeated many times how dangerous it can be to connect to a public Wi-Fi without taking the appropriate security measures. Avoid doing it this way, since this is the easiest way for hackers to steal your user and password and access your account.
  6. It is important to be careful with third-party apps, if you want to know is a third-party app is reliable, you should consider some important details, for example: when you register with third-party app, it must show you a URL like this “https://instagram.com/, as well as show you the typical Instagram form to enter username and password (it must be the same as the login of the original app). Do not enter anything if you do not comply with these conditions.
  7. To add more security and using your Instagram safely, activate two-factor authentication, so every time you log in your account, you must enter in addition to your username and password, a code that will be sent to your mobile.
  8. Check the information of doubtful accounts: one of the security options that Instagram has recently added is to be able to review information about accounts with very large audiences (not necessarily public brands or personalities). When entering the profile of these accounts you just have to click on the three points that are in the upper right corner, and there you can click on “About this Account” and access to this information.

This option is not available for all accounts, but those that do have it allow you to verify things like the country (which can help you know if it shows a false location in their posts) date joined, or former usernames.

  1. The blue checkmark is also a way of knowing that the account is verified and that it is indeed the personality or brand they claim to be.
  2. If, on the other hand, you would like to verify an account, you must send a request through Instagram, but take into account that sending the request will not guarantee that it will be verified. After your application has been reviewed, you will receive a confirmation or rejection notification in the notifications tab. Instagram will never request payment for verification or contact you in any way for you to confirm it.

If you still have doubts it is always good to consult the Instagram help center. The important thing is to know the risks to which you are exposed to using this network and how to use it responsibly to enjoy its advantages.

8 Tips for your customers to trust in your e-commerce

by

The work of selling a product is becoming more difficult every day. We are overwhelmed by information and advertising, especially on the web. Even when your e-commerce manages to correctly apply all the positioning strategies to stand out in search engines, you still sell little or nothing. Why is it? Is it possible that your e commerce does not generate sufficient confidence.

The increase in cyber attacks has caused people to become skeptical about the websites they use and not feel comfortable leaving their private and financial information online to make a purchase. If you feel that your ecommerce is not generating confidence in your potential clients, follow the tips below that will help you identify what the problems are and how to solve them.

How is the image of your e-commerce?

1. The first impression counts: Start by reviewing the design, if it is old or outdated it will not make a good impression, the same way bad spelling or grammar can affect the image of your company. People do not feel confident in an organization that does not know how to express what they want from you.

The ideal is to hire specialists in these areas that can give the right image to your company. Also consider that if poor wording can affect the rankings of a Google search.

It is important that the prospective buyer is clear about the characteristics of what they are going to buy and the benefits that they will bring. Therefore, the entire image of your website must clearly express what your message.

However, the trust is not only in the image, the company also has to convey confidence at the time that your customer is going to make the purchase, at that time, you should consider the following:

2. Clients want to know who you are: There you can show the physical and / or legal information of the company. The more information you offer, the better, company history, mission, vision, business objectives, professional team, managers, etc.

3. Contact you easily: The contact section must have all the necessary information so that the customer can communicate with the company without problems. The information should include telephone numbers, emails and physical address (if available). Using Google Maps is the best way to show a physical address. There are other channels that can facilitate communication such as chats or interaction with users in social networks, will bring more value to the company.

What do they say about your company?

4. If managed correctly social media can be a great help and a fundamental tool for any business, as they allow a channel of communication with customers.

Users today pay a great deal of attention to the reviews a company receives on the web. If there are negative comments it is possible that this generates distrust. Therefore, it is important to manage this type of problems as quickly as possible, and contact
the affected clients, to reduce the impact that these comments may have.

Generate confidence in your e-commerce beyond the image

5. Use SSL certificate for your website: This way you are already guaranteeing the visitor that you are an authentic and reliable site regarding the registration of your personal or banking data, as these will travel from encrypted form. To have it, just ask the company where we have hosted the domain and configure it in your content manager. 

6. Show your stamps and certificates of quality: There are different certifications that will make your online store generate more confidence, for example, “Online trust” that guarantees the protection of your data and your rights as a consumer or, “Ekomi” to demonstrate that your payment is safe. There are also others like ChambertTrust and Fevad.

7. Clarify return policies: Clearly state in which cases they can apply and when they can not.

8. It offers multiple payment options: Offer your clients all the payment options you can, so that you can choose the one you feel most comfortable with. Paypal, bank transfer, credit card, etc. are among the best known. It is also important to make clear if it is necessary to charge some type of commission.

The security of your customers’ data must be paramount for you when making any online transaction, and you must prove it using all possible methods so that you feel comfortable and safe when visiting your e-commerce.

What is Two-Factor Authentication and Why Should You Use it?

by

Surely you have found more than one service that asks you to twice to confirm that you are really the one trying to access the content. This method is known as two-factor authentication, or multi-factor authentication because it is more than one test. Although this process may be a bit tedious, we will explain why it is necessary to apply it in each application that allows you to do so.

According to Wikipedia, ¨Multi-factor Authentication (AMF) is a method of computer access control in which a user is granted access to the system only after he or she presents two or more different proofs of who he claims to be, These tests can be a secondary password, digital certificate installed on the computer, among others.¨

The best known method is the two-factor authentication (A2F), which only requires two tests. Services that incorporate this identifying method into their system include ICloud or Gmail Outlook, cloud services such as Dropbox, OneDrive, iCloud PayPal, or social networks such as Facebook and Twitter.

Two-Factor Authentication and Two-Step Authentication

The basic authentication systems work with the typical user / password combination. The user that identifies you, and the password that authenticates who you say you are. However with the advancement of technology and cyber attacks, double authentication (or multiple factor) adds a more robust method to properly identify the user. For instance, a USB token, a coordinate card or even something more unique to authenticate the individual such as, a fingerprint, an iris, a voice or even the user´s  face.

It should not be confused with two-step authentication, since in this case two factors are used that add a second step to verify that you are who you say you are (such as when using a password and then a code that is sent by SMS or email). In the case of the A2F, different methods or tests are used that add on an additional layer of security.

Disadvantages:

Like any security system, it has its advantages and disadvantages, which must be considered when implementing. One of the disadvantages of double factor authentication is that if you misplace or lose your identifier, such as a token or coordinate card, then you will not be able to access the system. You will be forced to request it again.

Also in the case of two-step authentication, such as the one implemented by Google, a verification code is sent to an alternative device for the user to confirm in the case their email is locked out and to ensure that the user is legitimate. However, there is a risk that if this device is lost, the code can not be accessed.

How Secure is Two-Factor Authentication?

Although two-factor authentication has proven to be a breakthrough in terms of security, it still has its vulnerabilities. Recently the former hacker, now security consultant Kevin Mitnick explained that just by using a bit of social engineering, you can get sensitive data from a person.

Individuals must be diligent of the websites they are using even if they appear to be real. Investigating the website for any warning signs such as spelling issues in the domain. For example, Linkedln -with ‘ele’ lowercase instead of ‘capital letter’ is a red flag and could be a trick played by a hacker to get you to fill in your personal information. This would allow them in the future to be able to skip the two-factor authentication and gain access to any of your accounts. Therefore it is important to suspect any change, even the smallest, since it could be a fraud.

Adding two-factor authentication will not ensure 100% protection of your information, but it will reduce the chances of a cyber attack and make it much more difficult for the hacker. However, it depends on each person to implement it in all possible services. It does not hurt to have an additional layer of security to avoid any type of incident.

5 Cybersecurity tips you need to manage your business social media

by

Social media has transformed the way people communicate. Each of them generates more and more accounts every day, for its immediacy, its ease of use and other characteristics that as we all know, make us addicted to them. Companies know that social media is an indispensable channel to reach customers. The problem is that hackers find it easy to get your information if you do not take the appropriate measures of cybersecurity for your social media.

Social media sites are nearly completely public, once you post something it is permanent. In the business world, everything exposed in social media must be handled carefully, a couple of words in a tweet could cause serious negative impact on the reputation or even the finances of the company.

A careless community manager of a company can be responsible for writing a post without thinking or reading it before giving away private information, a disloyal competitor who wants to end their reputation or even a malicious computer criminal who pretends to supplant them, trying to cheat their followers using to their name.

It is not about blaming anyone, it is better to prevent this type of situation than have to deal with it afterwards. It is crucial to start with some basic ideas that can reinforce the protection of your social media.

5 tips of Cybersecurity for business social media

  1. Add two-factor authentication to your social media, do not stay with a single password, you can increase security by using a
    second option with a personal question or by sending a password to a mobile device that you have linked to your social media account. You can also use it for your personal networks.
  2. Assign devices to management business social media: just like the two factor authentication, manage corporate networks from devices only destined to corporate accounts.
  3. Configure the privacy options of each network: each one allows you to decide what you want to show and what not.
  4. Control who has access to social media: The more people who have access to the company social media, the risk becomes greater, assigns administrators and controls their permissions and access, especially if this work is carried by an external person to the company. In the case of Facebook, you can assign different roles, be sure to eliminate access to former employees or former account administrators.
  5. The fundamental idea of business social media is to promote a product or service of your company, and thus have a closer contact with your customers. If you plan your marketing strategy well, surely you will have quite effective results, but do not forget cybersecurity. If you create a social media campaign, make sure that this information (arts, texts, special promotions, etc.) does not reach unwanted people before the time you decided to publish. Use applications such as HushApp, which will allow you to protect your files easier and safely, so that your campaign will be a success.

There is no doubt that social media has become an essential tool for companies, especially SMEs, but they are also a key focus for cybercriminals, the ideal is to use them responsibly to ensure the success of the company in the digital world.