Who’s in Your Electronic Wallet?

Complacency is likely to be the greatest threat to your online security. The FBI recently reported that the padlock icon and HTTPS:// in a website cannot be trusted all the time in letting you know a site is safe. With the cost of SSL-TSL certificates falling, it’s cheap for crooks to set up malware sites and lure you in. We’ve discussed on-line shopping security and keeping other transactions secure, but the FBI’s warning compels us to revisit a few ideas.

First, what is an SSL-TSL certificate? The certificate is an acknowledgement that the owner of a website has installed SSL or TSL technology provide secure communications over a computer network. The certificates are granted by third-party providers, such as VeriSign, which is now owned by Symantec. The certificate shows us HTTPS (Hyper Text Transfer Protocol Secure) in a secure website’s URL. You can view the certificate by clicking on the lock symbol on the browser bar.

What do SSL and TSL stand for? In short, SSL stands for Secure Sockets Layer, the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems. It’s designed to prevent criminals from reading and modifying any information transferred, including potential personal details. TLS (Transport Layer Security) is just an updated, more secure, version of SSL. Symantec still refers to security certificates as SSL because it is a more commonly used term. SSL certificates can also cover other internet- based communications, and they come in various levels. If you are curious, you can click here to read more from Symantec than you might want to know.

What you should know, the FBI reports, is that cybercriminals are more frequently incorporating website certificates when they send emails that imitate trustworthy companies or email contacts. They’re typically phishing schemes used to acquire sensitive logins or other information by luring potential victims to a malicious website that looks secure.

We’ve published many articles that call for the internet industry to provide more safeguards, but as we’ve always noted, cybercriminals are working just as a hard to defeat current and developing security tools. One industry executive hit the nail on the head by noting that cybercriminals can’t work around an aware user, who has been trained to look for misspellings in the URL of a web page and knows not to trust a padlock icon. Addressing her firm’s corporate business targets, the executive called on organizations to invest in solid, continuing training programs.

We echo the FBI, which says the following (familiar) steps can help reduce the likelihood of falling victim to HTTPS phishing:

  • Do not simply trust the name on an email: question the intent of the email content.
  • If you receive a suspicious email with a link from a known contact, confirm the email is legitimate by calling or emailing the contact; do not reply directly to a suspicious email.
  • Check for misspellings or wrong domains within a link (e.g., if an address that should end in “.gov” ends in “.com” instead).
  • Do not trust a website just because it has a lock icon or “https” in the browser address bar.

The FBI encourages victims to report information concerning suspicious or criminal activity to their local FBI field office, and file a complaint with the IC3 at www.ic3.gov. If your complaint pertains to HTTPS/SSL/TSL issues in a phishing expedition, write “HTTPS phishing” in the body of the complaint.

You can protect yourself by being prudent and deliberate when opening emails and clicking on links, and you can support your efforts by installing, updating and using anti-virus and anti-malware protection programs. We work with several trusted providers, including Symantec, and we can help you select and set up the programs that best meet your needs. Call us – 973-433-6676 – or email us if you think your security may have been compromised or if have any questions about online security verification.

Virus and Malware Protection Requires Vigilance

The numbers are grim when it comes to the ability of antivirus and malware software to protect your computer from an invasion. Keeping a close eye on your computer is a huge help.

Let’s start with the bad news. I was astonished to learn that the four major antivirus engines used to combat viruses combine can only detect 40% of the viruses floating around. If you want to take some consolation, it’s a higher success rate than this past year’s flu vaccine, but it’s not comforting. It’s the same with antimalware protection. Quite simply, the antivirus and antimalware software developers can’t keep up with the volume of viruses and malware that’s produced every day.

If you know or believe your computer is infected by a virus or malware, disconnect it from your network or the Internet or shut down the computer and call us – 973-433-6676. IT professionals know which tools to use and where to use them to find and remove them. The tools are Microsoft tools, and they are free, but, again, it’s a matter knowing how to use them and being able to verify that a computer is totally disinfected.

If you have an infected server and no back-up in place, we’ll try to clean the server. With a computer, it’s easier to isolate the infection and – if needed – rebuild it, which means wipe it clean and reinstall the operating system, application software and data files. If you are using cloud-based applications and data files, the chances of an infection are greatly reduced because the hosting companies constantly update the software.

While the numbers may seem to be stacked against you, you can take steps to protect yourself. First, install, update and use your antivirus and antimalware software. Those programs will pick off the more numerous “easy-to-detect” viruses and malware.

Second, be very careful about the websites you visit and the networks you allow to connect to your computer. Only go to trusted sites and only connect with trusted networks. Of course, there’s a caveat here. Sometimes, your antivirus software may flag a network or computer trying to connect, and it may be a false positive. If it looks like something that’s OK, it’s most likely a network driver update.

Contact us – 973-433-6676 or email – if you have any questions about anything having to do with viruses or malware on your computer or server. It’s a dangerous world out there, but it’s more than survivable with good judgment and common sense.

New Service to Manage Your Virus Protection

We’re responding to that nasty world out there by launching a new service to manage your virus protection. By taking a proactive approach, we can help you stay ahead of the nasties – insidious virus codes and the people who spread them. Here are the details.

We will now install and manage anti-virus software on your computer or computer system for as little as $4.25 per month. While we have avoided recurring, on-going fees, we believe this makes a lot of sense for you. In many ways, its’ an extension of services we already offer.

Many of our customers rely on us to monitor their systems remotely so that we can fix certain problems when they appear, and our customers give us access to their systems so that we can keep them running at peak performance.

We get alerts when a virus or malware is detected, and if something looks like it’s getting out of control, we get continuous messages. In one case, we got a message on a client’s machine that didn’t seem out of the ordinary. During lunch, which happened to be right near our client’s office, the messages escalated. We went there immediately to help out and resolved the issue. Our client’s boss saw us there and asked what we were doing. The client explained how we jumped in and said: “That’s why we have Norman.”

That’s what we do.

Now, we can monitor your system for viruses and reach out to fix problems, including making “house calls” if needed. As with everything else we do, we’ll make it a point to fix your problem as soon as possible.

Unlike some other anti-virus products or services, we don’t require annual renewals. Stay with us for as long as you like and cancel your service at any time. For companies with four or more computers, we can bill you quarterly. Make your life less worrisome. Contact us by phone – 973-433-6676 – or email for more information or to sign up for our anti-virus protection management.