26 Nov 2020

How to avoid Black Friday Fraud, wishing you a #FraudFreeXmas

This week brings the start of the online shopping event known as Black Friday and Cyber Monday.  With most high street shops closed for lockdown; the biggest online retail event of the year is expected to be bigger than ever. Be warned, this increase in internet shopping brings increased dangers to consumers.

Cybercriminals are using increasingly sophisticated and convincing techniques. Unsuspecting shoppers looking to bag a bargain can easily fall victim to online fraudsters. Fake websites advertising must have items, seemingly genuine emails with links to the best deals, fake social media posts with buy it now options.  These are just some of the ploys being used to obtain your money and your personal details.

According to Action Fraud, over £3million was lost to cybercrime in 2019 Black Friday shopping. Action Fraud also reports that since the start of the COVID pandemic online shopping fraud has increased by more than 30% as cyber criminals exploit the boom in online sales.

This week Action Fraud have launched the #FraudFreeXmas campaign to warn bargain hunters about the dangers of online fraud. Here we share our own top tips to avoid falling victim to a cybercrime this Christmas.

 

  1. Choose where you shop:
  • Look for known and trusted retailers
  • Use website search to find a retailer rather than clicking on a link in an email or message
  • If buying from a retailer you don’t know, check their reviews and search consumer websites
  • Avoid deals that seem too good to be true – they almost always are!

 

  1. Choose safer payment methods:
  • Never pay for shopping via bank transfer
  • Use a credit card if you can, they offer some protection and you’re not sharing your bank details
  • Use a payment platform like PayPal, GooglePay or ApplePay, this keeps your data private.

 

  1. Be secure:
  • Make sure there is a closed padlock icon in the web browser before entering payment details. It doesn’t mean the retailer is legitimate but does mean their website is secure.
  • Only share personal information that is essential to your purchase
  • Don’t create an account with that retailer unless you absolutely must
  • If you are creating a user account, never use the same password twice
  • Choose strong passwords that are different to your email accounts
  • Use 2 factor authentication wherever possible
  • Don’t save payment details for later if a website offers this option
  • Use a secure WIFI network when you’re shopping or banking.

 

  1. Watch out for phishing emails and texts:
  • These can be really convincing and appear as though from a genuine retailer
  • Look out for subtle differences in email addresses for businesses you do subscribe to
  • Don’t click on any links sent via email, these can be used to download virus to your devices which will harvest your data
  • Copy and paste the address into your browser or do a search for the genuine website.

 

  1. What to do if you think you’ve been scammed:
  • Don’t panic or be embarrassed – it can happen to anyone
  • Contact your bank immediately
  • Report it to action fraud police.uk

 

Cybercrime can affect any individual or business, but there are steps you can take to prevent it.  If you’d like to review your cyber security and cybercrime awareness please book in for a free 15-minute consultation with one of our security experts. https://iqi.click/cybercal or call us on 0330 1224 420

03 Jul 2018

Government Scheme to Assist SMEs with Broadband Upgrade

The Government has recently launched a new scheme across the UK to assist small to medium sized businesses in upgrading their broadband.

The Gigabit Broadband Voucher Scheme will see firms being able to claim up to £3,000 to upgrade their broadband to a gigabit capable connection. The scheme forms part of the Local Full Fibre Networks programme, backed by a £200 million investment courtesy of the Government.

The Gigabit Scheme will open the doors to cloud services such as VoIP, cloud based email, cloud desktops and other hosted solutions, meaning even the smallest business will enjoy the opportunity to compete on a global playing field thanks to time and money saving systems known to make doing business more efficient.

Eligibility criteria

There is a set of eligibility criteria for the scheme. To qualify, companies have to be based in the UK. They must employ no more than 250 staff; have a turnover of less than £50 million and / or a balance sheet total under £43 million.

You don’t have to be a registered company to qualify: sole traders can also apply providing they meet the above criteria. This means that even the smallest businesses will be able to take advantage of today’s cloud based technologies that are reliant on fast and reliable internet.

Cloud services

VoIP: Also known as a cloud phone system, ‘voice over internet protocol’ telephone services have come a long way since they first became popular at the turn of the millennium, especially when backed by super-fast internet speeds. Cloud phones bring flexibility to the working day, providing access to an office phone system regardless of where you are. Money saving, convenient and presenting a professional profile without heavy capital investment, cloud phones offer a vast range of features such as call forwarding, call queuing, call routing and music on hold to name just a few.

Cloud email: Any time, any place access to business email with the reassurance of antivirus and antispam protection is made possible by cloud email. If you use Outlook, then you’ll appreciate its features such as contact lists and shared calendars, all available on the go on any device thanks to cloud email.

Cloud desktop: Everyone will agree that there is nothing like your own personal desktop. All your own shortcuts; the taskbar just how you want it; access to all your apps right there at your fingertips. So when you can see your familiar desktop on any device, wherever you are, that has to be a major advantage. Cloud desktop services reduce hardware costs because everything is hosted on cloud servers rather than locally. Plus with data stored in the cloud, there is an automatic back-up and built-in disaster recovery.

Laying foundations for the future

Matt Hancock is Secretary of State for Digital, Culture, Media and Sport. On the subject of the Gigabit Scheme, he said: ‘Small businesses are the backbone of the British economy and now they can turbo-charge their connectivity with gigabit speeds.

‘By building a full fibre future for Britain we are laying the foundations for a digital infrastructure capable of delivering today what the next generation will need tomorrow.’

Cloud services for the aspirational business

Whether you are just starting out in business or are planning expansion, a move to cloud services is sure to deliver a major boost to your efficiency and competitive edge. The new Gigabit Broadband Voucher Scheme will enable access to a range of cloud based services, so it is well worth learning more. Visit https://gigabitvoucher.culture.gov.uk/ to discover how the scheme could benefit your business, and if you are eager to find out more about cloud services, don’t hesitate to contact the IQinIT team.

15 Jun 2018

Skipped Software Updates Warning: Don’t Leave Your Systems Open to Cyber Attack

You’re working away when a window pops up on your screen letting you know that there are new updates available. But you’re busy right now, so you hit the ‘remind me later’ button. But when later comes around and you get that reminder you asked for, you’re still busy, so you dismiss it again.

The thing is that these notifications are not just created to annoy us while we’re working. They are trying to tell us something incredibly important: that our software needs a new layer of protection, or that there are improvements or bug fixes you could be benefiting from.

What are software updates?

Software updates perform a wide range of tasks. Some are for individual software programs; others are for our operating systems. There are updates that clean up and get rid of outdated features, whilst others install new and improved ones. Some updates renew drivers and others fix annoying bugs. But perhaps the most important updates are the ones that deal with security flaws.
What is a security flaw and how does a software update resolve it?

Software flaws are weaknesses or holes in the security of an operating system or software program. Hackers are a dab hand at writing code to exploit these weaknesses via malware. The code gets them into your machine when you open a certain website or email or play infected videos.

Once malware has infected your machine, it has the ability to compromise data, take control of your PC or use software differently to how it should be.

Why should I install software updates?

Once an update is released, hackers worldwide will know there is a security flaw ready for the taking. As fast as software developers are coming up with ways to halt security attacks, so hackers are finding new ways in. The game just goes around and around.

You should be aware that your data and files are at risk unless you have installed the latest updates. Everything you store digitally: photos, videos, files, databases; it’s all potentially exposed to hackers. Certain strains of malware have the ability to completely wipe documents from a hard drive or copy them to a remote server. No one will forget the effects of the WannaCry epidemic that swept the nation and further afield in 2017 leading to personal data and company documents being held hostage until payment was made to release them. In a lot of cases, the systems that were compromised were not up to date.

Ensuring you update operating systems and keep software updated as and when it prompts you is vital if you want to avoid these types of threats.

What about legacy systems?

A large number of organisations are still using legacy infrastructure, mainly because it delivers continuity, but also because there is a belief that the cost and upheaval of migrating to new technology would be damaging both financially and in terms of productivity.

In actual fact what some organisations may not realise is that the cost of maintaining legacy systems could actually be higher than the long term gains made by updating.

Aside from hindering innovation, there are some extremely serious risks associated with sticking with a legacy system, malware being one of them. Windows XP for example is, according to Microsoft, six times more likely to be infected with malware than more recent versions of Windows.

Some legacy systems simply cannot be security patched, or there are no patches available at all.

With such high risks offering up the potential for reputation damage, reduced profitability and loss of competitive edge, and the fact that legacy systems are subject to expensive maintenance costs, it is clear to see that the most astute option would actually be to update to a system powered by today’s technologies and protected by modern security measures.

In Summary

Even though software updates may seem like an inconvenience, and the prospect of system upgrades may be a real worry, the fact is, both could actually save you from a host of serious issues.

So, the next time you see an updates notification, be sure to action it. And if you are ready for a system upgrade to move your legacy infrastructure into the 21st century, how about talking to IQ in IT? We offer a hands-on service whereby we’ll get to the bottom of your individual needs and then build a system around them so that you have the infrastructure you need to grow, and that does the best job possible in keeping your organisation safe and secure.

01 Jun 2018

How Safe is Your Smart Home?

Living in a smart-enabled home? It certainly has its benefits. Ordering household supplies at the touch of a button on the cupboard or washing machine; turning the heating up via your phone before you even arrive home; issuing smart keys to tradespeople to access your property whilst you’re at work. We can switch the lights or TV on remotely to make it look like we’re home after dark, and we can even see what’s going on in the house when we’re out using cloud cams.

Our lives certainly seem to be getting so much easier and, you would think, more safeguarded thanks to smart technology. But have you stopped to consider how secure all these WiFi connected devices actually are?

Even children’s toys are connected to the internet these days. But worryingly these, and household devices that are remotely controlled over the web, are actually laying homeowners wide open to serious risks including break-ins and spying.

Lack of smart device security can lead to shocking consequences

Devices that are not adequately secured can open a home up to extremely shocking consequences. Often set with no password or a default, smart devices can provide a far too simple way for cyber criminals to obtain personal details from any web pages or apps that are not using secure encryption.

Kaspersky Lab’s Denis Makrushin has said, “Cyber-attacks conducted by seemingly harmless connected devices are no longer just the stuff of movies, or even of the future. They are a very real and current threat.

“As more devices have connectivity built-in, users urgently need to realise they must employ the same level of security for mobile phones and computers.”

The Mirror newspaper uncovered the calculating methods used by cyber criminals to acquire personal details. It also reported that whistleblowing website WikiLeaks has published documents which it claims revealed the range of hacking tools used by the CIA. These include techniques developed to transform everyday household gadgets such as smart TVs into spying devices.

The newspaper challenged First Base Technologies, the online security company used by financial institutions, supermarkets and the government to uncover holes in their online security systems. The response revealed major cause for concern.

Smart home devices spark major cause for concern

On attempting to access a British Gas Hive Active Heating system controlled by a mobile app, the company’s (legal) hacker, Rob Shapland, was able to access the device with ease. Worryingly, he managed to obtain the owner’s home address and holiday dates.

Hackers start their in-road with a name. They then search for social media accounts. Then, through the ‘forgot my password link’ and internet searches, they can work out an email address. All they then need is a password, which hackers can find easily by searching previous data hacks databases. These are logs of illegally harvested data shared by hackers in secret parts of the web. Because most people use the same passwords for all their accounts, this method is usually effective in revealing login information.

Mr Shapland’s key message was that passwords should ALWAYS be varied across different accounts and devices, even for devices that do not store financial information. Just bear in mind how dangerous it would prove to reveal your holiday dates: it’s almost as risky as leaving your front door unlocked.

Is your security camera protecting you, or spying on you?

Rob Shapland demonstrated how hackers could well be spying on you without you knowing. According to the Mirror newspaper, 100,000 British devices are believed to be at risk in this way. Even security cameras, designed to safeguard your home, could be putting you in a perilous position.

Some smart cameras are designed to be accessed using an app. Hackers access them using the default password. And how do they know when a camera only has the default password set? By using a piece of software intended for security analysts, hackers can see which webcams in any local areas are using the default setting of no password.

The advice here from Mr Shapland: “If you need to be able to access your webcam while you’re not at home, make sure it asks you for a password. Don’t use anything that doesn’t allow you to set a password.”

It is reckoned that by 2020, there will be 212 billion connected Internet of Things devices.

Already a widespread problem

Cyber-crime is estimated to net £34 billion per year, with six million people having become victims in just the past year alone. 1.4 million have reported computer virus attacks, and 650,000 email accounts and social media profiles have been compromised.

Hugh Simpson, security expert at Zyxel, says: “The more devices that integrate into the wireless network, the more risk and indeed the more that people know about you. So a balance between convenience and security is key.

“There are some basic practices that should be followed by everyone, from individual home users to the largest global enterprises. These include using strong different passwords, regularly checking for and installing software updates and implementing appropriate security software.”

Regular updates can prevent internet-connected devices falling prey to hackers and their continuously evolving attacks.

If you are in any way concerned over the security of your internet-connected devices whether at home or at work, why not seek the tailored advice of our experts here at IQ in IT?

06 Jul 2015

How to recover an Office 365 Mailbox Using Windows Powershell

The quick version:


Set-ExecutionPolicy RemoteSigned
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session

New-Mailbox -Name "John Contoso" -RemovedMailbox "John Contoso" -MicrosoftOnlineServicesID [email protected] -Password (ConvertTo-SecureString -String 'NewPassword' -AsPlainText -Force)

The long version:
From time to time mistakes happen and, at least with Microsoft technology, there are ways of recovering data that has been deleted. Now, usually with Office 365 it’s a simple case of going to the Exchange server, viewing the deleted mailbox’s and clicking the recover button. However, if you are unlucky this method won’t work and you’ll have to fall back on to using powershell. If you have used Powershell before then you can skip to step 4, if not then start from the top:

1) Check the Execution policy The first thing you need to do is to check what execution policy you are using. The execution policy you use determines what scripts you can use. to do this you need to use the get command, like so: Get-ExecutionPolicy This will then display the your current execution policy. If it is set to strict then you’ll need to change the policy to remotesigned as you won’t be able to run any scripts. by setting it to remotesigned you can run any downloaded script that has been signed by a trusted publisher. To change the execution policy to need to type in the following: Set-ExecutionPolicy RemoteSigned You will be asked to confirm that you want to change the execution policy, just press “Y” and it should be changed. Once you’ve done that then you can move on to the next step.

2) Get Credentials This step is so that you can access your office 365 account that you are the administrator of. To do this you need to type in the following code: $UserCredential = Get-Credential A pop up box will appear asking for your email address and password. Type in the the email address that you use to access the office 365 of which you are an administrator. Note: it is important that you make sure you type in the correct information. If you don’t type it in correctly then when you do the next step you will get back an error and will have do do it all over again

3) Set up your session and importing it the next thing you need to do is configure your session. Essentially what this step is doing is connecting to the exchange server. to do this you need to type in the following code: $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection Once you’ve entered that powershell will attempt to go and check the connection to your exchange server. Once that is done you can move on to importing the session. To import your session you need to type in the following: Import-PSSession $Session Once that is done powershell will go about importing your session so that you are fully connected up to the exchange server. Once it has finished importing you can move on to the next step.

4) Recovering the mailbox This is the script that you’ve probably been waiting for. This script will create a new account, find the deleted account and then recover all the data to the new account. To do this you need to type in the following code: New-Mailbox -Name “John Contoso” -RemovedMailbox “John Contoso” -MicrosoftOnlineServicesID [email protected] -Password (ConvertTo-SecureString -String ‘Pa$’ -AsPlainText -Force) Just replace the “John Contoso” with the details of the user mailbox that you are trying to recover. Once all the correct details are filled in press enter and get a message saying that it is trying to recover the mailbox. Note: it can take up to 8 hours for the mailbox to be recovered so it’s best to just leave it recovering for the day. In this time you won’t be able to access Outlook with the email address but you will be able to see it in the users section of Office 365. Just log in as the users every so often and check that you can get access to Outlook.