CyberGuru’s Proprietor/Chief Guru nominated for two awards

CyberGuru’s Proprietor/Chief Guru nominated for two awards

Chris Jeffery, Proprietor/Chief Guru, CyberGuru

CyberGuru’s Proprietor/Chief Guru, Chris Jeffery, has been recently nominated for two awards. Chris was nominated as the Young Business Person of the Year for the second year in a row from the Lord Mayor’s Business Awards, as well as the inaugural Young Alumnus of the Year from Australian Catholic University.

Unfortunately, Chris was unsuccessful in winning these awards but greatly appreciates the support and encouragement from our clients and colleagues for supporting the nomination. It was understood that the calibre of submissions for both awards was very competitive.

Chris has been previously winner of the Australian Computer Society Queensland Young ICT Professional of the Year in 2012, first place in the Intel Australia On-line Awards Website Competition in 1997 as well as finalist and semi-finalist in a number of other awards in his career.

Online file sharing locations being used for phishing expeditions

Online file sharing locations being used for phishing expeditions

Online file sharing locations being used for phishing expeditions

When we have discussed phishing in previous articles, we mention they often come from financial or corporate organisations such as PayPal, Apple or Telstra. However, we have recently become aware of a number of new types of phishing scams, targeting those who use online file sharing, such as Google, OneDrive and Dropbox.

Phishing scams are emails which appear to be coming from a reputable source, but are in fact not from the originating organisation but someone else who is seeking your personal information for malicious purposes. They not new, but are become increasingly sophisticated due to the advent of online file hosting that can easily enable files to be stored and not scanned by usual methods.

The Google Drive or Google Docs phishing scam comes through via an email, appearing to be from a particular sender you may have received an email from in the past. The subject line is often titled “Financial Documents” or similar. It looks nearly identical with a document being sent from Google Drive, with subtle differences, it also contains a link to open the file, as well as some other information from Google, as can be seen in the screenshot below:

Google Drive Phishing email - example of phishing email
Example of Google Drive phishing email (thumbnail – click image to open larger version)

Google Drive Phishing email - example of legitimate email
Example of Google Drive legitimate email (thumbnail – click image to open larger version)

We became aware of several organisations who have been infected by this Google Drive or Google Docs phishing scam. For the purposes of this article, we contacted a number of these organisations to discuss this with those to understand it in more detail. We appreciate the time and honesty of these organisations to find out more (especially once their initial embarrassment passed!). It helped us to understand the issues and what to look for and educate our clients and Blog readers.

The process seems to be:

  1. A user clicks on the link in the email which takes you to Google Drive to log in and download the malicious file. From each of the circumstances that we identified, it appears they were taken advantage of after first downloading and then running a file which accessed their email address book and sends the email to them requesting they download the same file.
  2. Once the malicious file opens, it then accesses address book and sends a similar to email to your contacts, are suggesting they download a file. Further, due to a nature of this file, you may actually unaware of the issue until the emails were returned as undeliverable or from recipients asking why they received a file.

We have also heard of reports of another scam that contains a similar Google Account login page, whereby you ask are asking however it is actually instead takes you to another website and steals your account information.

Further research has identified the same similar Dropbox and OneDrive as well. We recommend that you follow the following tips to protect yourself:

  1. Make sure you always sign-in directly to the service (using Google.com, Dropbox.com or OneDrive.com, don’t use the links contained within the email unless you are sure they are the correct ones.
  2. If you aren’t expecting to receive an attachment, only download or accept files after confirming from the sender that they intended to send you such a file. Instead of replying to the email that is sent, call or text the sender to confirm that they were wanting to send you such a file.
  3. If you do receive an email that is suspicious or not expected, immediately delete the emails from your computer, carefully ensuring you don’t click on any links, you don’t want to share these!

Through our Support solution, CyberGuru can review your computers to ensure there is appropriate security in place, as well as our Training to help you and your staff become aware on how to identify phishing to protect you and your data. Please contact us today for further information.

Five tips to spring clean your website

Five tips to spring clean your website

Five tips to spring clean your website

It is hard to believe we are now in September! Spring is here, and we suggest it is time to spring clean your website. We hear many organisations reflect on whether having a website is worth the effort when they aren’t getting as many visitors as they would like. Our top recommendation is that you need to regularly update your website and content. If you have a blog that hasn’t been updated in sometime, by posting new articles regularly, you are more likely to increase your interest in your business.

The following five tips will help you spring clean your website:

  1. Have you recently posted any new articles onto your website or social media platforms? Search engines are often crawling over your website, determining how often you are updating to determine its relevance in their searches. As mentioned above, by regularly refreshing content, search engines will visit your website more often and result in more visitors.
  2. Is the information on your website up-to-date? A review of your website content should take place on a regular basis. It is worthwhile to spend the time to refresh and go through all of the content on your pages to ensure it is updated. If it isn’t, then it is time to archive it so it is not referred to, or mark the content as under review or maintenance.
  3. Are the contact details you have on your social media and search directories accurate? We have seen a Google Business Page with an organisation’s address or phone details, but these are not their current details. Imagine if a client tried to visit you, referred to by Google to your location, and they discovered they weren’t there? They may think you are out of business!
  4. Are all your links working? Check to make sure all of the pages go to the correct locations, especially if you are referencing external or third party websites. As many websites are undergoing refresh or review, it may be worthwhile automating the link checking process this so you don’t have to keep checking if websites have changed.
  5. Are you maintaining your content management system and plugins to protecting your website against vulnerabilities? We have a number of clients who are taking advantage of our Website Maintenance Service, who for a monthly fee, get regular maintenance on their website, including full backup, installation the latest updates to the content management including plugins and translations and testing the website. If you aren’t doing it, is your website designer doing this?

If you haven’t already have a website, perhaps it is time to consider a new one, or if you do, redesigning your existing one if it has been online for some time. If you are considering getting a new website or having redesign your existing website, or need some assistance in taking advantage of some of the new developments, such as adding mailing lists, integration with social media platforms, our Design computer solution can help. We can also perform the Website Maintenance Service. Please contact us today for more information.

Troubleshooting internet connection performance and speed issues

Troubleshooting internet connection performance and speed issues

Troubleshooting internet connection performance and speed issues

I have recently been helping my in-laws troubleshoot an underperforming cable internet. Whilst the nature of cable internet is different to that of ADSL that because it is a “shared” connection between you and your neighbours, the circumstances surrounding actually getting to the bottom of their performance and speed issues took a significant amount of time to resolve with an unexpected result!

Whilst it is acknowledged that cable internet can be slow at times (especially slow after school or work!), between tests conducted my in-laws, their internet service provider (ISP) and myself, we identified that their performance were much slower than it should be. Even as they tried to perform the speed tests, we found it sometimes it wouldn’t even run! Strongly, this occurred at the same time they changed their plans, so we asked the question, as your speed been downgraded?

Following a number of conversations with their internet service provider, advising that they hadn’t been downgraded, and as a result them performing a range of tests and diagnostics, it was identified that there was technical fault on the connection in the street, so this was corrected over the course of a week.

Even after this cable was repaired, the performance did not improve. The ISP provided a replacement modem which they promptly installed. Again, the issue continued. The ISP even delivered another replacement modem on a separate occasion in case the second modem was at fault, but again the internet speed did not improve after it was installed.

After another lengthy conversation, the ISP acknowledged that the cause was on their end – not from a technical fault as originally thought, but that of their own equipment being overwhelmed by the advent of the new video streaming websites. They claimed that were about to commission new hardware to accommodate their growth and demand in these services.

Whilst for a home user this trouble this may been bearable, it is difficult for a small business or not-for-profit organisation to stand such issues. If you are experiencing internet connection performance issues similar to this, we strongly suggest speaking to your ISP as quickly as possible to get your speed and connection looked at and resolved as quickly as possible. Alternatively, if you do not have success, it may be time to change your plan or even ISP itself.

On a side note, we have recently noticed ISPs increasing bundling of their telephone and internet services, which often saving you money but actually putting you onto less performing connections. At the same time, they have introduced the ability to pay for increases your internet speeds. We strongly disagree on purchasing these options unless they are willing to assure you of the stated speed most of the time.

If you need a hand, please feel free to contact us to engage our Consulting computer solutions.

Microsoft releases Critical update for Internet Explorer

Microsoft releases Critical update for Internet Explorer

Microsoft releases Critical update for Internet Explorer

Microsoft has provided details of a critical security update required to address a vulnerability in Internet Explorer which affects all versions from 7 to 11, running any Microsoft operating system introduced since 1999, including Windows Vista, Windows 7, Windows 8/8.1 and 10.

According to Microsoft Security Bulletin MS15-093 (link opens in new window), “this vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.”

This security update is rated critical for all versions of Internet Explorer from 7 through to 11, on a wide range of operating systems including Windows Vista, Windows 7, Windows 8 and Windows 8.1, as well as Windows 10. It also affects as Windows Server 2008 and Windows Server 2008 R2. However, you can check if your software is affected please visit Microsoft’s Security TechCentre (link opens in new window).

It is strongly recommended you install the critical update which is available through Windows Update immediately to ensure you remain secure and protected. Most CyberGuru clients will receive this update automatically if Windows Update has been configured in this way. However, if do not have Windows Update installing updates automatically, you can download the critical security update from the Security TechCentre also.

Even if you run another internet browser, it is important to download and install this update. It is also consider also any computers you may have connected to the internet, such as servers, desktops as well as own laptops and tablets.

If you require any assistance, please feel free to contact us through our Support solution.