Beware! Fake Update Request from Firefox Is a Virus!

By Michelle Denio, Technical Support Supervisor, Bryley Systems

Thanks to a vigilant Bryley Systems client, we can now alert you to a new malware threat.
A Bryley client submitted a service ticket about a Firefox update on his home computer. I was immediately suspicious because the supposed update had come through as a java script file type (.JS), instead of an executable (.exe). Luckily Outlook had blocked the attachment and our client, who was cautious, did exactly what he was supposed to do. He brought it to our attention!

While it appeared to come from Firefox, our research easily determined that this update request is fake and is in fact a virus.

Here are the two links I found on Mozilla:
https://support.mozilla.org/en-US/kb/i-found-fake-firefox-update
https://support.mozilla.org/en-US/questions/1137056

Below is what the fake request looks like. I’ve underlined and circled the source of the update request so you can see that it did not actually come from Firefox. Looking at the source is one of the first steps you should always take when you’re unsure about the validity of an email or a pop-up message. Had our client clicked on the Download, this hacker would have been able to install malware on our client’s computer.

Be Aware! How to Spot Phishing Emails

Phishing emails are malicious emails sent by criminals attempting to compromise your personal information. They often appear to be legitimate. So beware!

Most phishing emails are disguised as messages from an authoritative entity asking you to visit a website and enter personal information. These websites are set up to gather personal details, which they can then use to hack into your accounts and commit fraud. Some links and attachments in these emails contain malicious software, known as malware, which will install itself on your computer. Malware then collects data such as usernames and passwords.

If you recognize these emails, delete them immediately. Even technically savvy individuals can fall prey to such malicious activity. Being able to recognize these emails will lessen your chances of being compromised. Here are a few tips:

  1. Email Address. This is the first thing you should look at. Criminals use two tricks when crafting email addresses. First, they’ll put a real company’s name before the “@“sign to make it look credible. Second, they’ll use a web address similar to the genuine one. Scammers will craft phishing email addresses almost (but not exactly) identical to the real addresses. Check these emails carefully to make sure they are exactly the same as the real web address.
  2. Generic Greetings. Being cautious of emails with generic greetings such as “Dear Valued Customer” or “Dear Valued Employee”. Look for poor spelling, punctuation or grammar. Scammers will go to great lengths to make their phishing emails look authentic. They’ll use an actual company logo and even the names of people who are employed at the company.
  3. Links. If a link appears within the email, hover your cursor over the link to view the underlying address. Check to see where it would take you if you were to click on the link.
  4. Sense of Urgency. Phishing emails may use phrases such as “act quickly” to create a sense of urgency in order to lure their targets in. These scammers may make you feel as if you’re missing out on something. They want to pique your curiosity or exploit your fear to push you into an instant response.
  5. Name. Look to see whose name is at the end of the email. If it’s from a person, is their name in the email address and does the email address appear valid?

These types of emails are just generic emails which are sent out to large groups of people, knowing that it only takes a few people to click to make the effort worthwhile to the scammers.

Spear Phishing. Criminals who target specific individuals use what is called “spear phishing.” Spear Phishing emails are even more sophisticated than your run-of-the-mill phishing emails, often using personal information obtained from social media pages to make the emails appear credible. These cyber criminals might use your name or tailor the email to reflect your hobbies, interests, where you live or events that are happening locally. They may even make the email look as if it came from the organization you work for. People are sometimes targeted because of their position within the company or because they have access to sensitive data.

We all face the grueling task of trying to manage our email. While email is a very convenient mode of communication and most of it is genuine, knowing the signs of phishing emails will prevent you from unleashing a disaster.

When in doubt, don’t click! Contact your IT administrator. And remember, legitimate organizations will never ask you to disclose personal data via email.

For more information, please see “Recommended Practices – Part 4: Email Use” in the November 2014 edition of Bryley Information and Tips (BITs).

Bryley Systems specializes in protecting you from malware. Contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here for you.

Read this case study about a particularly vicious attack that Bryley remediated.

Bryley Basics: WordPress maintenance

Gavin Livingstone, Bryley Systems Inc.

Reference article by Al Morel, Web1776

WordPress is the most-popular Content Management Systems (CMS); it powers over 25% of all Internet-based websites since it is a free, easy-to-use, open-source CMS with a large and vibrant community.

Because it is an open-source utility, and even though it includes automatic security updates (since version 3.7), it has ongoing maintenance requirements. Business partner, Web1776, offers these helpful suggestions:

  • Backup – Backup your site every before and after a change is made and keep copies of your backup onsite and offsite. (You might consider BackupBuddy, a plugin that assists the WordPress backup process.)
  • Update – Update WordPress first, then its plugins, and finally, themes.

For the complete maintenance information and instructions, please see the Web1776 recent blog article WordPress Maintenance Recommendations.

Cybersecurity – How to Avoid Being the Next Headline

Understanding cybersecurity is not simple. When we read about a security breach it’s typically caused by an action, or failed security practice of an employee within an organization. No matter the size of the breach, it’s bad press. Data breaches surface daily and these incidents are growing in frequency, size and cost.

It is often more difficult for smaller organizations to maintain security themselves due to lack of resources or even lack of awareness. Small businesses have increasingly become easy targets. In fact, most cyber-attacks occur at companies with fewer than 100 employees. The best way to prevent such breaches is to become better educated and to follow best practices.

  1. Understand the risks. Having a basic understanding of the most common threats is key; everything from phishing, malware, spoofing, systems hacking, social engineering. It’s all bad, and it’s all a threat.
  2. Have a security policy in place that employees understand. Employees are the gatekeepers of your organizations information, so they should be the first layer of defense. Educate all employees about safe practices. Be sure everyone uses complex passwords and make sure personal and confidential information is not easily exposed. Keeping such documentation under virtual lock and key can go a long way to protect confidential information from getting in the hands of the wrong person.
  3. Keep your anti-virus/anti-spam software or other security applications up-to-date. This will help guard against the latest threats and secure your infrastructure.
  4. Verify! Verifying financial requests and confirming details via phone is more secure than email. This practice should be applied to your vendors, clients, and employees.
  5. Practice an incident response plan. Having employees who know what to do in the event of a security breach is the best protection and preparedness you can have. Hackers are often one step ahead of you, but collective accountability is critical.

Having a baseline understanding of your current environment and vulnerabilities is the first step toward building a wall of defense to reduce risk.

Please see the June 2015 edition of Bryley Information and Tips (BITs) for our IT security cheat-sheet.

For more information about ways to defend your company against a cyber-attack, or to inquire about Bryley’s full array of Managed IT Services, please contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here for you.

Eric Rainville promoted to Senior Technician

With substantial growth in his technical knowledge and responsibilities, as well as his consistent, can-do attitude, we are pleased to announce that Eric Rainville, a Bryley team member since 2014, is now a Senior Technician.

Donald Trump’s potential impact on technology

Lawrence Strauss, Strauss and Strauss

Gavin Livingstone, Bryley Systems Inc.

People expect that President-elect Donald Trump’s election victory, combined with a Republican Congress, will mean big changes. Because organizations depend on technology, what can be foreseen concerning the tech fields, based on Donald Trump’s campaign statements and on the team he is gathering around him?

In the election’s immediate aftermath, some of the biggest tech-sector stocks’ lost value (which has since changed with the more-recent rise in US stock markets), possibly due to campaign rhetoric where Donald Trump threatened to look into Amazon for monopolistic behavior and tweeted that Americans should boycott Apple for its refusal to help the FBI unlock the iPhone used in the California terrorist attack. He also reminded us of the possibility of a Google election-bias in its search returns. (Google employees have become President Obama’s top tech officials and Google employees visit the Obama White House about once a week, 10x as often as employees from comparable businesses.)1

President-elect Trump appointed Jeff Eisenach and Mark Jamison to reshape the policies of the FCC, which just last year, in a 3 to 2 vote, passed the so-called Open Internet rules. (These rules are somewhat based on the concept of “net neutrality” where the Internet is considered a utility and all Internet traffic is treated equally.) Eisenbach, Jamison, and many others believe these rules were poorly constructed and oppose them on the grounds that they could lead to government overreach with greater consumer costs and reduced investment by business.

The Wall Street Journal, in an Op Ed page2, discussed President-elect Trump’s position in more than 500 companies, of which about 125 do business around the world. Most of these successful businesses are related to real-estate development, hotels and golf courses.3 So, how do such interests intersect with the tech sector?

One way may be gleaned from Peter Thiel, the founder of PayPal and the President-elect’s most vocal booster in the tech world, who told Forbes4 “it’s hard to overstate … Jared [Kushner]’s role in the campaign.” Donald Trump’s son-in-law, Jared Kushner, with a family background in commercial real estate, brought to the campaign (per Forbes) advanced computer-based selling techniques like machine learning and micro-targeting. Forbes reports that Kushner learned about these methods through his interactions with Silicon Valley.

Jared founded a start-up, technology-oriented business, Cadre, with his brother, Joshua. Cadre makes buying and selling interests in commercial property akin to a blend of shopping on Amazon mixed with online stock trading. This NYC business has the kind of unique product with a vast upside that it is attracting top tech talent away from Google, Apple, Twitter and others.5

Cadre is a reinvention of that marketplace through technology. And what policies would a tech startup desire? Among the things it, and businesses in general, need are low interest rates to finance investment. And, Donald Trump has a unique opportunity to keep interest rates low with two vacancies on the Fed’s seven-member Board of Governors and the two chairs’ terms expiring in 2018. During the September debate, Donald Trump called out the Fed, saying “When they raise interest rates, you’re going to see some very bad things happen, because they’re not doing their job.”6 So, the president-elect’s vision is a Fed that keeps interest rates low, which could continue to spur business and technology investment.

Similarly, Donald Trump promised in May to dismantle the 2010 Federal financial regulations known as Dodd-Frank, which according to Donald Trump, “makes it very hard for bankers to loan money for people to create jobs, for people with businesses to create jobs.”7

Donald Trump wants to shrink the corporate tax rate from 35 percent to 15 percent. And he has floated the idea of tax incentives to repatriate monies businesses currently have invested overseas.8

One of the issues that Donald Trump took up during his campaign, was the idea of US workers being replaced by foreign workers. And directly impacting the tech sector are H1B visas, as many Silicon Valley companies train non-US citizens that enter the US on H1B visas. Donald Trump suggested attaching fees to the H1B that would make it less appealing for businesses to seek non-US employees.

The H1B visa issue does not have any effect on outsourcing overseas, a major issue for businesses and their workers; Donald Trump has not yet directly addressed outsourcing.9 However he did spend a lot of time addressing the loss of US manufacturing and the imbalance of trade with China in particular. The solutions he’s proposed include changing the Trans-Pacific Partnership and a 45% tariff on Chinese goods.

These are complex issues, and China’s 1990 inclusion in the WTO has given us everything from cheap, dollar-store junk to computers and cell phones. Because small goods are no more expensive to consumers than they were in the eighties, economists Robert Lawrence and Lawrence Edwards estimate that trade with China returns $250 a year to every American.10 However, Mr. Lawrence also calculates that between 2000 and 2007, Chinese imports caused about a third of the 484,000 annual manufacturing job losses, with productivity increases due to technology making up the bulk of the remaining losses.11

Donald Trump’s road-blocks to free trade are opposed by many who depend on the cheap, foreign manufacturing and, to a lesser extent, foreign markets. Creating barriers to imports suggests our partners may respond in kind, so the methods proposed for doing this may not have the desired effect.

Conversely, it is interesting that his top Secretary of State pick (as of this writing), Mitt Romney, is seen as welcoming trade agreements during his 2012 campaign.12

One thing is evident; investors have responded to Trump’s campaign promises pushing the Dow past 19,000 for the first time and Small Cap stocks (generally understood to be the riskiest) are seeing their largest gains by percentage.11

Generally, the upcoming Trump Administration will likely favor business investment and development, which should enhance technology research and business overall. However, the effects may impact technology companies unevenly, with likely short-term winners and losers.

REFERENCES

1http://www.politico.com/magazine/story/2015/08/how-google-could-rig-the-2016-election-121548

2http://www.wsj.com/articles/the-trump-family-political-business-1479426984

3https://www.washingtonpost.com/news/wonk/wp/2016/02/29/the-myth-and-the-reality-of-donald-trumps-business-empire/

4http://www.forbes.com/sites/stevenbertoni/2016/11/22/exclusive-interview-how-jared-kushner-won-trump-the-white-house/#4d6e2de62f50

5http://www.businessinsider.com/what-is-cadre-and-how-to-invest-in-its-real-estate-deals-2016-6

6http://www.bloomberg.com/politics/articles/2016-11-22/trump-looks-to-put-stamp-on-fed-in-first-months-of-presidency

7http://fortune.com/2016/05/18/trump-dodd-frank-wall-street/

8http://www.cnbc.com/2016/11/15/how-trumps-likely-tax-reforms-will-impact-tech-sector.html

9http://www.computerworld.com/article/3140166/it-outsourcing/trump-tapped-the-viral-anger-over-h-1b-use.html

10http://www.economist.com/news/united-states/21695855-americas-economy-benefits-hugely-trade-its-costs-have-been-amplified-policy

11http://www.foxbusiness.com/markets/2016/11/22/americas-smallest-stocks-are-biggest-winners-post-trump.html

12http://foreignpolicy.com/2011/11/17/mitt-romneys-foreign-policy/

Bryley Basics: Troubleshooting

Gavin Livingstone, Bryley Systems Inc.

Whether smartphone, tablet, PC, or notebook, troubleshooting a problem should follow these basic steps:

  • Research
  • Change one
  • Document all

Research – Why reinvent the wheel? Break the problem down into a keyword-rich statement and take advantage of your favorite search engine. Sometimes, reordering the keywords can provide a better search.

If this yields poor, inconsistent, or inconclusive results, ask a colleague, contact the manufacturer, or call Bryley Systems.

Change one – I’m always tempted to change five or 10 things at the same time, convinced that this will yield a quick solution; I’m hoping that by clicking everything in sight, something positive happen: I am frequently disappointed.

A better approach is to pick the most likely/obvious/basic solution, make this one change, test it thoroughly, and then verify the results before moving on.  In this fashion, you eliminate each possibility –preferably from greatest to lowest probability – to avoid muddling the solution and possibly breaking something else.

Document all – It’s not much use to change anything if you don’t remember your sequence; you can end-up in a death spiral of repeating the same steps, over and over, with the same, undesired, result.

Documenting can take the form of written, typed or recorded notes; whatever is easy and quick, but include enough information to ensure a successful conclusion and to assist if you run into the same situation in the future.

Many thanks to Karl Palachuk of Small Biz Thoughts for his inspiring October 2016 article “Troubleshooting – The Rules”.

Wi-Fi® is not Wireless Fidelity

Garin Livingstone and Gavin Livingstone, Bryley Systems Inc.

Wi-Fi is not an abbreviation for wireless fidelity1; it is a trademarked phrase that refers to wireless communication between electronic devices and a Wireless Local Area Network (WLAN) based on the IEEE 802.11x standards.

Wi-Fi is brought to us by the Wi-Fi Alliance®, a worldwide network of companies with the mission to drive the adoption and evolution of Wi-Fi globally.  The Wi-Fi Alliance tests and certifies that WLAN equipment meets its stated standards.

Current standards include:

  • 11g
  • 11n
  • 11ag

Speeds have grown substantially, now rocketing up to a potential 1,300Mbps using the latest WiGig™, 802.11ac, standard (although actual performance is typically significantly less than its potential).

wifi-standard

At their core; wireless networks are less secure than wired networks (since a potential intruders does not need a physical connection), although encryption technologies (Wi-Fi Protected Access or WPA and WPA2) exist to secure WLANs.

Large-scale Wi-Fi implementations include:

  • City-wide Wi-Fi – Free Wi-Fi provided in St. Cloud, FL, Sunnyvale, CA, etc.
  • Campus-wide Wi-Fi – Wi-Fi throughout a campus environment

1See ‘Wireless Fidelity’ Debunked by Naomi Graychase of WiFi Planet.

2See WikipediA IEEE 802.11.

What Does a Virtual CTO Do for Your Company?

By A. Baker, Inside Sales Specialist

Virtual CTO = Trusted Advisor = An Essential IT Service!

Technology advances are continually changing. Is your business leveraging these changes to deliver a true competitive advantage?

While the position of CTO (Chief Technology Officer) is a key role for any business, not every organization warrants a full-time person in this position. Many smaller businesses, from a cost perspective, may not employ a full-time CTO because the question they ask is “can our business afford this overhead?”

Small to midsized organizations compete with much larger , well financed companies. However, they may lack the internal resources, especially when it comes to technology management, required to be competitive.

At Bryley Systems, we believe that SMBs (Small and Midsized Businesses) are the backbone of our economy and our prosperity. And although it’s common for SMB employees to wear multiple hats, many wouldn’t be comfortable leading the technology operations. Bryley Systems has created a way for SMBs to adopt a CTO into their organization without the associated overhead cost and responsibilities normally associated with that role.

A Virtual CTO from Bryley will bridge the gap between the business vision and the more technical decisions needed to be made to support those goals. Bryley has a 30-year proven track record across many business sectors. We’re able to communicate in a language that is easily understandable to ensure that our clients can access the technology required for critical business initiatives.

Bryley’s services are at the forefront of technology and are backed by solid experience. Our tailored offerings are focused from client to client, depending upon their IT needs and business planning. Objectives are achieved, risks are managed appropriately, and the organization’s resources are used responsibly, particularly in the areas of computers, office networks, Cloud selections, software selection, and Wide Area Networks.

The cost effective solution to your CTO dilemma, one that addresses the importance of having a CTO without the overhead, is our virtual CTO . Our technology experts are available to you at all times, at an affordable cost, tailored to your specific environment.

Our Virtual CTO will:

  • Enable you to make informed technology decisions and efficiently manage technology within your organization.
  • Bring expert advice to bear on all your technology requirements and ensure proper documentation of all business processes.
  • Ensure a high return on investments (ROI) for all your technology investments.
  • Save on opportunity costs by managing all your technology issues and enabling you to focus on your business.
  • Audit all aspects of technology and ensure your peace of mind.
  • Manage all your IT vendor relationships and negotiate with vendors for all your technology purchases.
  • And much more.

Have the best of both worlds – strategic IT insight and tailored professional advice with an affordable financial commitment.

For more information about the Virtual CTO and Bryley’s full array of Managed IT Services, please contact us at 978-562-6077 or by email at ITExperts@Bryley.com. We’re here for you.

 

Worcester Chamber Ambassadors on the Move

The Worcester Regional Chamber of Commerce Ambassadors Committee took an informative tour on October 5 of the Worcester Armory located on Plantation Street. Gavin Livingstone, President of Bryley Systems Inc. of Hudson and Co-Chair of the Ambassadors Committee, facilitated this event.

Twelve Members of the Ambassadors Committee were treated to an engaging account of the Massachusetts militia (known as the Powder Horns), from its origins in the mid-1630s – the oldest militia in the USA – to more recent efforts domestically (post-Katrina support, transporting medical personnel during the Ice Storm of 2008, etc.) and internationally (Bosnia, Iraq, Afghanistan, and others).

Ambassadors were also informed of the important work of the Massachusetts National Guard Family Program Office, which supports families of current military personnel and veterans.

A weapons and field-equipment display and discussion was followed by a tour of several Humvees equipped as ambulances.
Many thanks to Lieutenant Colonel Luis Rodriguez and Captain Langdon Mavrelis of the Powder Horns, along with Nick and Elaine of the National Guard Family Program Office, for hosting this program.

 

ambassadors-humvee

ambassadors-interior