The Worst Offenders in the Workplace

I found an interesting article online that said that the most tech-savvy staff in a workplace are the worst offenders. According to Intermedia, a staggering 93% of office workers “engage in some form of unsafe online habits that could jeopardize their employer or their customers.” I find this quite surprising since the article goes on to explain that most of the people who have access to company data and help keep it secure–IT personnel–are the ones that are actually taking advantage of the workplace’s resources and going against workplace policies. Some of the statistics are listed below:
intermedia-102015

  • 32% of IT professionals have given out their login / password credentials to other employees (compared to 19% across all respondents)
  • 28% of IT professionals said they have accessed systems belonging to previous employers after they left the job (compared to only 13% among all respondents)
  • 31% of IT professionals said they would take data from their company if it would positively benefit them – nearly three times the rate of general business professionals.

On top of these numbers, 41% of employees will install apps on their work computers without consulting their IT department. With these kinds of activities going on, it’s quite obvious how data breaches, compliance failures, and data loss occurs.

Some additional things I’d like to note here is that last bullet mentioned above. 31% of IT professionals admitting to taking data from their company to benefit them. If that’s the case, businesses will have a much harder time picking out the right, and most importantly, trustworthy IT professional to handle and secure all of that sensitive information.

Source

Advertisements

Scamming Through Social Engineering

Before I begin I have to say that these are becoming a favorite of mine now, so here’s yet another tech support scam. This one is quite different though because it disguises under Apple’s remote assistance website (www.ara.apple.com) where users go when they have an issue with their Apple computer and want to have a technician troubleshoot it using a service such as LogMeIn or TeamViewer. This scam is registered to a domain similar to Apple’s official remote assistance website (www.ara-apple.com) and tricks the visitor of the site into calling a phone number which presumably connects them to a scam center in India.

Safari_alert

This tactic isn’t particularly new as there are many websites that tell the user to call a number or visit a website to “seek assistance”, but this one is different in the way that the bogus Apple assistance website the user visits starts providing them with .dmg downloads that they need in order to “begin the troubleshooting process”. It only gets worse from there as the user starts downloading malicious programs onto their computer and most likely does more damage to it than before. So much for assistance.

asddasdasd

What’s also pretty funny is that the website is registered to some guy in Delhi, India and he used GoDaddy to register it. Malwarebytes, the organization which initially posted about this site just yesterday, reached out to GoDaddy in hopes of getting the site down.

Source

Yet Another Tech Support Scam…

So there’s another “tech support” scam going around on the internet and it’s quite ridiculous so I thought I’d share a blog post about it this week. In this one, a user visits a certain website and is told that they need to enter a “safe key” which will unlock their browser in order to continue using it. The instructions are pretty unclear other than that the user has to call a phone number to obtain this so-called “safe key”.

scam

But wait, it gets better! Not only do these “attackers” lock your browser using a bit of JavaScript to make the pop-up appear, but they also appear to have put the exact “safe key” that stops their own scam into a script which can easily be viewed by looking at the page’s source. passkey2

The fact that the JavaScript function’s name is “lol()” makes it quite clear that these attackers probably made this attack pretty quickly and didn’t really have anything in mind other than to annoy the visitor of their website and have them call a bogus number and get the unlock key, which sits in the site itself the entire time. Also, they seem to believe that it’s pretty funny too?

Source

T-Mobile Data Breach Affects 15 Million

This past Thursday, Global informational services group Experian announced that one of its clients had been involved in a massive data breach, T-Mobile. The data that was part of this breach involved personal information for over 15 million customers and applicants in the United States who may have applied for T-Mobile’s service. t-mobile-office

The CEO of T-Mobile John Legere released a letter to consumers that explained the breach in more detail and goes on to say that “Experian has assured us [T-Mobile] that they have taken aggressive steps to improve the protection of their system and of our data”. Upon finding out about the breach, Experian said that it took immediate action and secured the server, initiated a comprehensive investigation, and notified U.S. and international law enforcement.

With data breaches happening so often nowadays to all types of companies, it’s hard to think that any of our data is safe anymore.

Source