Email Spoofing & Phishing Scams
Email Spoofing & Phishing Scams
Prepared: January 2023
Email Phishing Scams
Effective: Immediately
What Is Email Spoofing?
Email spoofing is a technique used in spam and phishing attacks to trick users into thinking a message came from a person or entity they either know or can trust. In spoofing attacks, the sender forges email headers so that client software displays the fraudulent sender address, which most users take at face value.
How to Protect from Email Spoofing?
Even with email security in place, some malicious email messages reach user inboxes. Whether you’re an employee responsible for financial decisions or as someone who uses personal email at work, there are several steps you can take to avoid becoming a victim of email spoofing:
- Never click links to access a website where you’re asked to authenticate. Always type the official domain in your browser and authenticate directly on the site.
- The steps to view email headers are different for each email client, so first look up how to view email headers for your inbox software. Then, open email headers and look for the Received-SPF section of the headers and look for a PASS or FAIL response.
- Copy and paste the content of an email message into a search engine. Chances are that text used in a common phishing attack has already been reported and published on the Internet.
- Be suspicious of email supposedly from an official source with bad spelling or grammar.
- Avoid opening attachments from suspicious or unknown senders.
- Emails promising riches—or anything else that’s too good to be true—is likely a scam.
- Beware of emails that create a sense of urgency or danger. Phishing and BEC attacks often try to short-circuit recipients’ natural skepticism by suggesting that something bad will happen if they don’t act quickly. Treat email links with extra caution if the message warns of pending account closures, scheduled payment failures or suspicious activity on one of your financial accounts. Visit the website directly through your browser, not the link in the email.
Lear More About Email Spoofing & Phishing
Data Security
Multi Factor Authentication
Prepared: July 2022
Implementation of Multi Factor Authentication
Effective: Immediately
What Is Two-Factor Authentication?
Two-factor authentication is a way to prove that the person who has entered the correct password to access your computer or account is, in fact, you (as opposed to a someone or something that managed to get hold of your password through illicit means, such as a phishing scam).
To confirm it was you who entered the password, your two-factor authentication service will provide a one-time verification code through various methods: an app, text message or call. You type in that code and to unlock your account.
What Is Multi-Factor Authentication?
Multi factor authentication or Multi-layer security is what the term implies — the addition of extra security measures.
If a cyberthief was able to steal your phone, that person would be the one receiving any verification code from of 2 step authentication. If your phone is locked but text messages show the contents, the code could be viewed. If the thief has access to your email account, they could initiate a password reset. You can reduce the risk by using a two-factor authentication service that sends you the verification code only after you’ve successfully answered a challenge question. This would therefore be 3 factor authentication (password, challenge, and code)
While 2-factor authentication would be the minimum standard and an important step toward protecting your data, it may not be enough. You can implement “multi-layer security” so that if you slip up and accidentally open the door to a data breach, the thieves are less likely to succeed.
What Can You Do to Add Multiple Security Layers to Your Computer?
Phishing security. For starters, get an integrated anti-phishing platform. These typically involve filtering all your incoming email through an AI-powered service that looks for signs of fakery afoot. If an email you receive triggers machine suspicions, you’ll get a warning to run, not walk, to the nearest exit. These platforms can also analyze your email opening-and-answering habits to let you know whether scam artists are likely to consider you an easy mark.
A password manager. On top of that added layer, start using a password manager. It’ll spare you the need to create unique passwords for the dozens of online accounts, thereby eliminating the dangerous temptation to recycle the same password over and over. The password manager automatically generates random passwords for each online account — no two passwords are ever the same or even similar. Password managers also encrypt those passwords for greater security.
Automatic, frequent backups. Backing up your files also counts as an additional layer of security. You could do it manually, but I have found through 17 years of helping lawyers with their IT that this approach invariably fails. It is better to use a service that automatically and frequently backs up your data, ideally to a cloud-based, third-party service provider. (Don’t forget to vet the provider.)
Common sense. Then there are all the commonsense kinds of things you can do, like teach your staff to be more aware of cyberthreats, never share passwords, and never walk away from their desk even briefly without first locking their computer. The best way to educate your team is with cybersecurity software that takes over this role. If it’s up to someone on your team to run that, again, it often fails.
Source:
Discontinued Product
Sonicwall Security Appliances
Prepared: June 2022
Effective: Already in Effect
Drop Dead Date for Adoption of Replacement Technology: December 31, 2022
Sonicwall TZ100, TZ105, or TZ200 series routers are no longer being support by Breton Technologies as active firewall appliances. Although the devices will continue to operate as functioning routers, security subscriptions are no longer being offered.
Sonicwall appliances are our preferred products for our business clients requiring best in class security. The Sonicwall TotalSecure annual subscription is highly recommended to accompany the hardware device , offering Intrusion Prevention, Email Scanning, Anti-Virus protection, and Content Filtering.
Intel & AMD Processors
Intel Service Advisory
Prepared: June 2022
Effective: December 1, 2022
Based on information released by various technology manufacturers, Intel processors that are released as 4th generation processors or lower will no longer meet today's standards of performance in our business environments. At the time of preparing this advisory, Intel has released its 12th generation processor. Clients are encouraged to refresh their inventory by retiring all PCs containing these processors (or AMD equivalents) for newer generation processors.
OFFICE PRODUCTS
Microsoft Office Service Advisory
Prepared: June 2022
Effective: December 1, 2022
Based on information and bulletins released by Microsoft Corporation, Breton Technologies and its partners will no longer be providing support for Microsoft Office 2003 (all versions), Microsoft Office 2007 (all versions), and Microsoft Office 2010 (all versions).
Although these products may continue to run on the latest Windows operating systems, we have experienced a number of occasions where installations, re-installations and general functionality fail. Microsoft no longer provides security related updates or service fixes. In the event of a failure, no action will be taken in an attempt to resolve the issue.
WINDOWS SERVER
Microsoft Windows Server
Prepared: June 2022
Effective: December 1, 2022
Based on information and bulletins released by Microsoft Corporation, Breton Technologies and its partners will no longer be providing support for Microsoft Windows Server 2008 and all previous releases.
Although Windows Server may continue to run on the latest PC hardware , we have experienced a number of occasions where installations, re-installations and general functionality fail. Microsoft no longer provides security related updates or service fixes. In the event of a failure, no action will be taken in an attempt to resolve the issue. To avoid interruption to normal business operations and/or significant downtime, clients are encouraged to upgrade all servers prior to experiencing failure or significant downtime.
Users of this product would be considered non-compliant with respect to today's security standards.
Discontinued Product
Microsoft Small Business Server
Prepared: June 2022
Effective: Already In Effect
Drop Dead Date for Adoption of New Technology: December 31, 2022
Microsoft has announced that it will no longer be selling or supporting Microsoft Small Business Server (SBS). The last release of SBS contained Windows Server 2011 bundled with Microsoft Exchange 2010. Clients will be required to move to a cloud based service such as Microsoft 365 or configure its on premise network to run a Windows Server as well as a separate Exchange Server product (running Microsoft Exchange 2019). Each product can run on its own server or be configured as a VM. When Microsoft discontinues a product, it means that it will no longer provide updates, fixes, service packs and critical security updates.
Users of this product would be considered non-compliant with respect to today's security standards.
Discontinued Technical Support via Text Messaging
Text Messaging Services
Prepared: February 2020
Effective: June 1, 2020
Breton Technologies does NOT provide technical support via text messaging. There are several reasons for this policy. Despite the notion of being a convenient method of communication, texting is difficult for our technicians to provide technical advice and even more difficult to provide step by step support technical instructions. More importantly, our technicians are often in the field or conducting remote support and are therefore unable to quickly respond. Texting can lead to a delay in service response times or delivering service in the absence of accurate information. Our service ticketing system, implemented in January, 2020 triages all incoming requests and assigns tickets to the proper technician based on the ticket submission details.
Once a ticket is assigned our technicians may then use text messaging or email as a supplemental support tool in the service process. In the event of an Internet outage, clients can indeed send an emergency text or call our office.