Entries by William Amos

Press Release: TechGen Alexa App Released

May 1, 2018, Minneapolis, MN We are excited to announce the release of an Official TechGen Amazon Alexa skill. This application will allow our customers to open a support request with a voice command through any Amazon Echo device or through the Alexa mobile app. Alexa is a virtual assistant program developed by Amazon, designed […]

Understanding IT Security Acronyms

PCI-DSS, ISO, HIPAA; you have probably heard many acronyms like these in reference to IT security. There are so many laws and organizations these days, it can be difficult for a person to know where to begin looking. This blog post will help introduce you to the topic so you can consider what might apply […]

Ransomware and Disaster Recovery

Another large Ransomware attack this month forced an Indiana hospital to pay four Bitcoins, or $55,000. This is unfortunately an increasingly common story, but this one has a twist – they had backups of their data but still chose to pay. Why? Restoring their backups could have taken weeks, and it would have been too […]

End of Year Scams

It’s the end of the year, and with the holidays wrapping up it means “time to get back to work” for most of us, but it means “time to kick into high gear” for hackers. With many companies running with partial staff, identity thieves see them as prime targets. When employees have extra workloads, they […]

Identifying a Phishing Email

No matter how secure your network is, the first line of defense is always your employees. They are the gatekeepers to your network – deciding which emails are opened and allowed in. Hackers know that they can’t do anything until they get inside. Just like someone who wasn’t invited to the party, they will pretend to know someone, pretend to be someone else, or make up whatever other lies they can to get inside. In the computer world, those fake and malicious emails are called “phishing emails.” Because of how dangerous they can be, the ability to recognize phishing emails is critical to network security.

Here are some things to look for to help you and your employees determine if an email is legitimate, or a party crasher.

Make sure the email is something you were expecting to get. Unsolicited requests, invoices, and links should be suspicious.
Hover your mouse over every link before you click it. You will see a small popup that tells you where the link goes. Make sure the link goes to the correct place before you click. One way to always be safe is to navigate to the website yourself in your browser and don’t click the link at all.
Double check the email address that the email is coming from. Sometimes fake emails will use addresses similar to real sites (e.g. “Techgem.com” instead of “techgen.com”)
Did they misspell my company name or make other mistakes on the email? Do they use a generic name instead of mine?
Do you know the person sending the email? Is this the type of email they usually send? Look at the signature of the email and make sure it matches their usual signature. If their identity is in doubt, you can always call them and verify the authenticity of the email.
Phishing emails will try to make you click without reading. Check to see if the email implies urgency or extreme importance. For example: “IMMEDIATE ATTENTION – YOUR ACCOUNT WILL BE CLOSED”
Look for misspellings and poor grammar. Many people who send phishing emails don’t speak English as a first language.
There can be other, subtle red flags. For instance, does the email have a strange subject line, signature, or layout?
Sometimes, a legitimate email may have one of the above, but by looking at a combination of the above, you can usually tell a phishing email from a normal one.

Attached below is an example of a real phishing email, with the suspicious features we used to identify it pointed out. Take a look at how we applied the tips mentioned above.

Stay safe out there.

Multi-Factor Authentication

Once again high profile hacking is in the news. Accounting firm, and security advisor Deloitte was illegally accessed by unnamed hackers last month who had managed to compromise an administrator account and used it to access one of Deloitte’s Microsoft Azure accounts. So far, at least six of their clients have been informed that data including […]

2017 Password Security Recommendations

Everyone has heard a lot about password security, but as of June the suggested practices have changed. With the constantly evolving world of cyber threats in mind, researchers at the National Institute of Standards and Technology (NIST) have gathered a significant body of evidence about what types of passwords work and which ones don’t. A […]