Gone Phishing

phishingToday I witnessed first hand a new threat that has successfully infiltrated a friend of mine: a DocuSign phishing email.

Hackers have stolen the customer email database of DocuSign, the company that allows companies to electronically sign documents. These criminals are now sending phishing emails that look exactly like the real DocuSign ones, but they try to trick you in one of two ways:

  1. With an attachment to an encrypted (to bypass antivirus software) Word document and an accompanying password to “unlock” it. This will potentially launch any sort of nasty surprises upon its victims, including Ransomware, which I wrote about last week;
  2. With a link to a phishing site that asks for email credentials to gain access to the DocuSign document. This provides the hacker complete access to your email account, including potential access to your OneDrive or Google Drive documents and also a base from which to launch a further attack to all of your contacts.

Either of the above two scenarios is not pretty and malware may be installed on your workstation. So if you get emails that look like they come from DocuSign (or any other web service, for that matter) and have an attachment or a link requesting login credentials, be very careful. If there is any doubt, pick up the phone and verify before you act on any suspicious email. When I replied to the email I received today, it was actively responded to by the hacker, who “assured” me that it was legitimate. This is a classic example of why you must use a separate medium to confirm the authenticity of any suspected email you receive!

How can you protect yourself from this type of threat? There are two things you can do:

  1. Pay attention to any email you receive and always be suspicious, particularly when an email is unexpected.  If you or any of your staff needs security awareness training, contact us!
  2. Implement two-factor authentication (this is a very old link – I’ll update it shortly) on your email system to prevent third parties from stealing your credentials. Again, contact us if you need assistance with implementing this for yourself and your users.

Remember: Think Before You Click.

Stay safe out there!

Dan

 

Cloud Services

We have found that our customers have found the following cloud services to be most beneficial to their businesses.

Google Apps

logo_lockup_apps_for_work_color

Google Apps for Work has been a very cost-effective solution for those businesses that have large mailboxes, large shared folders that they want to make available to the web, or those who don’t otherwise have a strong affinity to Microsoft products. One of the greatest features of Google Apps for Work is the Gmail interface and Google Drive. These web apps are quick and responsive, making use of Google’s incredibly fast search technology. It is simple to add additional space in either Gmail or Google Drive for a small additional fee.

The downside of Google Apps for Work is that it is a little more difficult to integrate the email into Microsoft Outlook and some of the settings, such as Out of Office Notifications, need to be managed through the web interface as opposed to Outlook.

Microsoft Office 365

Office 365

Microsoft’s Office 365 offering has been improving over the last few years and is now a formidable competitor to Google Apps. There are three levels of business offerings: Office 365 Business Essentials, Office 365 Business, and Office 365 Business Premium. The differences come down to whether or not the business needs desktop versions of Office as well as fully hosted email.

The best part about Office 365 is that you can purchase your email, full desktop Office applications and a full collaboration platform (through SharePoint Online) for a low monthly fee. It also offers up to 1 TB of storage per user through OneDrive for Business.

The downside of Office 365 is when mailboxes approach 50 GB or if large file shares need to be synchronized with OneDrive, it can be problematic.

Office 365 also has a non-profit offering available in Canada.