Beware! Fake Update Request from Firefox Is a Virus!

By Michelle Denio, Technical Support Supervisor, Bryley Systems

Thanks to a vigilant Bryley Systems client, we can now alert you to a new malware threat.
A Bryley client submitted a service ticket about a Firefox update on his home computer. I was immediately suspicious because the supposed update had come through as a java script file type (.JS), instead of an executable (.exe). Luckily Outlook had blocked the attachment and our client, who was cautious, did exactly what he was supposed to do. He brought it to our attention!

While it appeared to come from Firefox, our research easily determined that this update request is fake and is in fact a virus.

Here are the two links I found on Mozilla:
https://support.mozilla.org/en-US/kb/i-found-fake-firefox-update
https://support.mozilla.org/en-US/questions/1137056

Below is what the fake request looks like. I’ve underlined and circled the source of the update request so you can see that it did not actually come from Firefox. Looking at the source is one of the first steps you should always take when you’re unsure about the validity of an email or a pop-up message. Had our client clicked on the Download, this hacker would have been able to install malware on our client’s computer.

Be Aware! How to Spot Phishing Emails

Phishing emails are malicious emails sent by criminals attempting to compromise your personal information. They often appear to be legitimate. So beware!

Most phishing emails are disguised as messages from an authoritative entity asking you to visit a website and enter personal information. These websites are set up to gather personal details, which they can then use to hack into your accounts and commit fraud. Some links and attachments in these emails contain malicious software, known as malware, which will install itself on your computer. Malware then collects data such as usernames and passwords.

If you recognize these emails, delete them immediately. Even technically savvy individuals can fall prey to such malicious activity. Being able to recognize these emails will lessen your chances of being compromised. Here are a few tips:

  1. Email Address. This is the first thing you should look at. Criminals use two tricks when crafting email addresses. First, they’ll put a real company’s name before the “@“sign to make it look credible. Second, they’ll use a web address similar to the genuine one. Scammers will craft phishing email addresses almost (but not exactly) identical to the real addresses. Check these emails carefully to make sure they are exactly the same as the real web address.
  2. Generic Greetings. Being cautious of emails with generic greetings such as “Dear Valued Customer” or “Dear Valued Employee”. Look for poor spelling, punctuation or grammar. Scammers will go to great lengths to make their phishing emails look authentic. They’ll use an actual company logo and even the names of people who are employed at the company.
  3. Links. If a link appears within the email, hover your cursor over the link to view the underlying address. Check to see where it would take you if you were to click on the link.
  4. Sense of Urgency. Phishing emails may use phrases such as “act quickly” to create a sense of urgency in order to lure their targets in. These scammers may make you feel as if you’re missing out on something. They want to pique your curiosity or exploit your fear to push you into an instant response.
  5. Name. Look to see whose name is at the end of the email. If it’s from a person, is their name in the email address and does the email address appear valid?

These types of emails are just generic emails which are sent out to large groups of people, knowing that it only takes a few people to click to make the effort worthwhile to the scammers.

Spear Phishing. Criminals who target specific individuals use what is called “spear phishing.” Spear Phishing emails are even more sophisticated than your run-of-the-mill phishing emails, often using personal information obtained from social media pages to make the emails appear credible. These cyber criminals might use your name or tailor the email to reflect your hobbies, interests, where you live or events that are happening locally. They may even make the email look as if it came from the organization you work for. People are sometimes targeted because of their position within the company or because they have access to sensitive data.

We all face the grueling task of trying to manage our email. While email is a very convenient mode of communication and most of it is genuine, knowing the signs of phishing emails will prevent you from unleashing a disaster.

When in doubt, don’t click! Contact your IT administrator. And remember, legitimate organizations will never ask you to disclose personal data via email.

For more information, please see “Recommended Practices – Part 4: Email Use” in the November 2014 edition of Bryley Information and Tips (BITs).

Bryley Systems specializes in protecting you from malware. Contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here for you.

Read this case study about a particularly vicious attack that Bryley remediated.

Bryley Basics: WordPress maintenance

Gavin Livingstone, Bryley Systems Inc.

Reference article by Al Morel, Web1776

WordPress is the most-popular Content Management Systems (CMS); it powers over 25% of all Internet-based websites since it is a free, easy-to-use, open-source CMS with a large and vibrant community.

Because it is an open-source utility, and even though it includes automatic security updates (since version 3.7), it has ongoing maintenance requirements. Business partner, Web1776, offers these helpful suggestions:

  • Backup – Backup your site every before and after a change is made and keep copies of your backup onsite and offsite. (You might consider BackupBuddy, a plugin that assists the WordPress backup process.)
  • Update – Update WordPress first, then its plugins, and finally, themes.

For the complete maintenance information and instructions, please see the Web1776 recent blog article WordPress Maintenance Recommendations.

Cybersecurity – How to Avoid Being the Next Headline

Understanding cybersecurity is not simple. When we read about a security breach it’s typically caused by an action, or failed security practice of an employee within an organization. No matter the size of the breach, it’s bad press. Data breaches surface daily and these incidents are growing in frequency, size and cost.

It is often more difficult for smaller organizations to maintain security themselves due to lack of resources or even lack of awareness. Small businesses have increasingly become easy targets. In fact, most cyber-attacks occur at companies with fewer than 100 employees. The best way to prevent such breaches is to become better educated and to follow best practices.

  1. Understand the risks. Having a basic understanding of the most common threats is key; everything from phishing, malware, spoofing, systems hacking, social engineering. It’s all bad, and it’s all a threat.
  2. Have a security policy in place that employees understand. Employees are the gatekeepers of your organizations information, so they should be the first layer of defense. Educate all employees about safe practices. Be sure everyone uses complex passwords and make sure personal and confidential information is not easily exposed. Keeping such documentation under virtual lock and key can go a long way to protect confidential information from getting in the hands of the wrong person.
  3. Keep your anti-virus/anti-spam software or other security applications up-to-date. This will help guard against the latest threats and secure your infrastructure.
  4. Verify! Verifying financial requests and confirming details via phone is more secure than email. This practice should be applied to your vendors, clients, and employees.
  5. Practice an incident response plan. Having employees who know what to do in the event of a security breach is the best protection and preparedness you can have. Hackers are often one step ahead of you, but collective accountability is critical.

Having a baseline understanding of your current environment and vulnerabilities is the first step toward building a wall of defense to reduce risk.

Please see the June 2015 edition of Bryley Information and Tips (BITs) for our IT security cheat-sheet.

For more information about ways to defend your company against a cyber-attack, or to inquire about Bryley’s full array of Managed IT Services, please contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here for you.

Eric Rainville promoted to Senior Technician

With substantial growth in his technical knowledge and responsibilities, as well as his consistent, can-do attitude, we are pleased to announce that Eric Rainville, a Bryley team member since 2014, is now a Senior Technician.

Donald Trump’s potential impact on technology

Lawrence Strauss, Strauss and Strauss

Gavin Livingstone, Bryley Systems Inc.

People expect that President-elect Donald Trump’s election victory, combined with a Republican Congress, will mean big changes. Because organizations depend on technology, what can be foreseen concerning the tech fields, based on Donald Trump’s campaign statements and on the team he is gathering around him?

In the election’s immediate aftermath, some of the biggest tech-sector stocks’ lost value (which has since changed with the more-recent rise in US stock markets), possibly due to campaign rhetoric where Donald Trump threatened to look into Amazon for monopolistic behavior and tweeted that Americans should boycott Apple for its refusal to help the FBI unlock the iPhone used in the California terrorist attack. He also reminded us of the possibility of a Google election-bias in its search returns. (Google employees have become President Obama’s top tech officials and Google employees visit the Obama White House about once a week, 10x as often as employees from comparable businesses.)1

President-elect Trump appointed Jeff Eisenach and Mark Jamison to reshape the policies of the FCC, which just last year, in a 3 to 2 vote, passed the so-called Open Internet rules. (These rules are somewhat based on the concept of “net neutrality” where the Internet is considered a utility and all Internet traffic is treated equally.) Eisenbach, Jamison, and many others believe these rules were poorly constructed and oppose them on the grounds that they could lead to government overreach with greater consumer costs and reduced investment by business.

The Wall Street Journal, in an Op Ed page2, discussed President-elect Trump’s position in more than 500 companies, of which about 125 do business around the world. Most of these successful businesses are related to real-estate development, hotels and golf courses.3 So, how do such interests intersect with the tech sector?

One way may be gleaned from Peter Thiel, the founder of PayPal and the President-elect’s most vocal booster in the tech world, who told Forbes4 “it’s hard to overstate … Jared [Kushner]’s role in the campaign.” Donald Trump’s son-in-law, Jared Kushner, with a family background in commercial real estate, brought to the campaign (per Forbes) advanced computer-based selling techniques like machine learning and micro-targeting. Forbes reports that Kushner learned about these methods through his interactions with Silicon Valley.

Jared founded a start-up, technology-oriented business, Cadre, with his brother, Joshua. Cadre makes buying and selling interests in commercial property akin to a blend of shopping on Amazon mixed with online stock trading. This NYC business has the kind of unique product with a vast upside that it is attracting top tech talent away from Google, Apple, Twitter and others.5

Cadre is a reinvention of that marketplace through technology. And what policies would a tech startup desire? Among the things it, and businesses in general, need are low interest rates to finance investment. And, Donald Trump has a unique opportunity to keep interest rates low with two vacancies on the Fed’s seven-member Board of Governors and the two chairs’ terms expiring in 2018. During the September debate, Donald Trump called out the Fed, saying “When they raise interest rates, you’re going to see some very bad things happen, because they’re not doing their job.”6 So, the president-elect’s vision is a Fed that keeps interest rates low, which could continue to spur business and technology investment.

Similarly, Donald Trump promised in May to dismantle the 2010 Federal financial regulations known as Dodd-Frank, which according to Donald Trump, “makes it very hard for bankers to loan money for people to create jobs, for people with businesses to create jobs.”7

Donald Trump wants to shrink the corporate tax rate from 35 percent to 15 percent. And he has floated the idea of tax incentives to repatriate monies businesses currently have invested overseas.8

One of the issues that Donald Trump took up during his campaign, was the idea of US workers being replaced by foreign workers. And directly impacting the tech sector are H1B visas, as many Silicon Valley companies train non-US citizens that enter the US on H1B visas. Donald Trump suggested attaching fees to the H1B that would make it less appealing for businesses to seek non-US employees.

The H1B visa issue does not have any effect on outsourcing overseas, a major issue for businesses and their workers; Donald Trump has not yet directly addressed outsourcing.9 However he did spend a lot of time addressing the loss of US manufacturing and the imbalance of trade with China in particular. The solutions he’s proposed include changing the Trans-Pacific Partnership and a 45% tariff on Chinese goods.

These are complex issues, and China’s 1990 inclusion in the WTO has given us everything from cheap, dollar-store junk to computers and cell phones. Because small goods are no more expensive to consumers than they were in the eighties, economists Robert Lawrence and Lawrence Edwards estimate that trade with China returns $250 a year to every American.10 However, Mr. Lawrence also calculates that between 2000 and 2007, Chinese imports caused about a third of the 484,000 annual manufacturing job losses, with productivity increases due to technology making up the bulk of the remaining losses.11

Donald Trump’s road-blocks to free trade are opposed by many who depend on the cheap, foreign manufacturing and, to a lesser extent, foreign markets. Creating barriers to imports suggests our partners may respond in kind, so the methods proposed for doing this may not have the desired effect.

Conversely, it is interesting that his top Secretary of State pick (as of this writing), Mitt Romney, is seen as welcoming trade agreements during his 2012 campaign.12

One thing is evident; investors have responded to Trump’s campaign promises pushing the Dow past 19,000 for the first time and Small Cap stocks (generally understood to be the riskiest) are seeing their largest gains by percentage.11

Generally, the upcoming Trump Administration will likely favor business investment and development, which should enhance technology research and business overall. However, the effects may impact technology companies unevenly, with likely short-term winners and losers.

REFERENCES

1http://www.politico.com/magazine/story/2015/08/how-google-could-rig-the-2016-election-121548

2http://www.wsj.com/articles/the-trump-family-political-business-1479426984

3https://www.washingtonpost.com/news/wonk/wp/2016/02/29/the-myth-and-the-reality-of-donald-trumps-business-empire/

4http://www.forbes.com/sites/stevenbertoni/2016/11/22/exclusive-interview-how-jared-kushner-won-trump-the-white-house/#4d6e2de62f50

5http://www.businessinsider.com/what-is-cadre-and-how-to-invest-in-its-real-estate-deals-2016-6

6http://www.bloomberg.com/politics/articles/2016-11-22/trump-looks-to-put-stamp-on-fed-in-first-months-of-presidency

7http://fortune.com/2016/05/18/trump-dodd-frank-wall-street/

8http://www.cnbc.com/2016/11/15/how-trumps-likely-tax-reforms-will-impact-tech-sector.html

9http://www.computerworld.com/article/3140166/it-outsourcing/trump-tapped-the-viral-anger-over-h-1b-use.html

10http://www.economist.com/news/united-states/21695855-americas-economy-benefits-hugely-trade-its-costs-have-been-amplified-policy

11http://www.foxbusiness.com/markets/2016/11/22/americas-smallest-stocks-are-biggest-winners-post-trump.html

12http://foreignpolicy.com/2011/11/17/mitt-romneys-foreign-policy/