Dark Web Monitoring

Top 4 Fraud Trends of 2020 and How Criminals are Targeting YOUR Business

By |2020-01-15T12:09:05-05:00January 15th, 2020|Cyber Security Awareness, Dark Web Monitoring, IT Support, Office 365 & G Suite, Uncategorized|

If we asked you to guess which category of crime that continues to inflict companies of all sizes with damages amounting to billions of dollars annually, you probably wouldn’t think it’s cyber crime. Staying updated on the latest attack types and prevention techniques is the only way to future-proof your organization. Facebook was one of the World’s Biggest Data Breaches and Hacks just last September with 419,000,000 compromises. That’s why we have compiled here 4 fraud trends of 2020 from our experts that you won’t want to miss:

Fabrication

Synthetic identity fraud is initiated when a hacker procures a social security number by theft or purchase on the Dark Web, and then fabricates an associated name, DOB, email account, or phone number. From there, the fake identity is legitimized and nurtured in order to exploit lines of credit. Once a fraudster is able to become an authorized user, a process that typically takes 5 months, the “bust-out” is ready to be executed. When the dust settles, creditors and businesses are left with dummy accounts filled to the brim with credit card maximums, loans, and cell phone/utility plans. An example of this is was seen last month in September, where a Toronto man was out $2,775 after e-transfer fraudsters impersonated him on email.

Ransomware

The “R word” can send chills down the spine of any business owner, and for good reason. Two cities in Florida were forced to pay over a million in aggregate bitcoin ransom, only after losing access to phone and email systems for multiple weeks. Municipalities are not alone, and a quick glance at data breach news headlines on any given week will reveal SMB attacks as well. 

Account Takeover

Understanding how criminals are targeting your business or vertical is a fundamental component to any sound cybersecurity strategy. Nevertheless, “the nature of work for a CISO is often reactive”, tasked with establishing a Security Operations Center filled with analysts who are looking to spot a needle in a haystack. On the other hand, the commoditization of crimeware and “spray-and-pray” techniques have led to a higher frequency in breaches, many of which are executed by non-sophisticated hackers. Solving account takeover fraud at the small business and medium enterprise level in today’s world requires purpose-driven teams and technologies that can protect your business smarter and more efficiently. 

Universities and Municipalities

Just last summer, three US universities disclosed data breach incidents within a two-day span. However, this pales in comparison to 2018’s highlight. In March 2018, nine hackers breached 144 US universities, charged with stealing 31 terabytes of data worth roughly $3.4 billion in intellectual property. Such breaches have a ripple effect across all verticals and companies, driving consumer awareness and raising the standard for cybersecurity for everyone. In Canada, the University of Ottawa, City of Saskatoon and City of Burlington all experienced ransomware by simple email compromises. 

How Can E-Tech Help? 

Dark Web Monitoring

Security researchers estimate that in the first half of 2019 alone, 23M+ credit and debit card details were being sold in underground forums. Once such data dumps hit the Dark Web, cybercriminals will exchange stolen information and credentials in order to orchestrate damaging fraud schemes. Dark Web Monitoring is designed to help both public and private sector organizations detect and mitigate cyber threats that leverage stolen email addresses and passwords. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Get a Free Dark Web Scan Today.

Cyber Security Awareness Training

The number 1 reason people are victimized by cyber crime is human error. No industry is safe from cyber security threats – even experts like us are targeted by cyber criminals. That’s why we recommend our all-in-one comprehensive advanced Cyber Security Awareness Training Program, to keep you and your employees safe from the dark web. Our Training includes: a presentation to your employees, advanced training modules and course completion certificates, phishing email simulators and fully detailed reporting. Try our Free Cyber Security Training Module.

Top 10 Cybersecurity Tips:

  1. Create unique passwords and enforce multi-factor authentication for all network users.
  2. Install spam-filtering solutions with anti-phishing capabilities across your network.
  3. Leverage web-filtering programs that block phishy websites.
  4. Prepare for cryptojacking attacks.
  5. Purchase SMB security suites that include Dark Web monitoring.
  6. Involve all stakeholders in raising cybersecurity awareness across your organization.
  7. Assess your organization’s information, protection, and access regularly.
  8. Ensure that all third-parties have cybersecurity protocols and policies in place.
  9. Build a cybersecurity incident response plan (CIRP) and democratize key information.
  10. Partner up with experts to train your employees every month.
Feel Free to Contact Us for More Information.>

How to Be Prepared for a Cyber Attack – Capital One Gets Hacked

By |2019-08-07T15:14:34-04:00August 7th, 2019|Cyber Security Awareness, Dark Web Monitoring, Uncategorized|

Were you affected by the Capital One breach?

Capital One, the 10th largest bank in the United States, was recently the victim of an internet breach where the information of over 100 million people in the US and 6 million in Canada were exposed. Executives at Capital One states that they’ve addressed the problem, but the reality is that the damage is already done; the stolen data is already in the hands of cyber criminals.

Where does all this stolen data go?

The Dark Web! It’s only a matter of time that all this data starts getting sold over the dark web. The hacker or group of hackers responsible can make multi-million dollars through selling all this data.

If you own a Capital One credit card, and especially if you do online banking, it’s essential to check to see if you’ve been compromised with a free dark web scan.

My data has been stolen…what do I do? 

Get ready to change your passwords! It’s easier to change your password than wait to be told if you been compromised. Any accounts associated with Capital One, all passwords should be changed. We suggest you do this regularly, every three to five months with accounts that contain valuable information.

Use a password aggregator to help ensure your password is strong and unique. Scary statistics show that more than 80% of users reuse passwords which is a serious security vulnerability.

Enabling two-factor authentication can add an extra layer of security to your logins. This can help prevent scammers from gaining access to your accounts. The most common form of two-factor authentication is when an application texts you a one-time code that enables you to access your account.

When, not if, breaches happen to any big organization you use, you will be prepared for the backlash because you took the necessary step to stay ahead of all issues.

How prepared for a cyber attack are you?

What would happen if a hacker decided to launch a cyber attack against your business? Would they be successful? Would they easily gain access to your company’s sensitive information?

All companies are vulnerable when they get comfortable in their cyber security. The Capital One breach is officially the largest ever to impact a United States bank, but there is sure to be bigger breaches. For a bank to be hacked, it shows that even companies that are trusted and relied on every day to be secure with your information are open to being attacked.

How can a company so secure get hacked?

Paige Thompson has been accused of breaking into a Capital One server and gaining access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers, in addition to people’s names, addresses, credit scores, credit limits, balances, and other information, according to the bank and the US Department of Justice[1]. The 33-year-old, who lives in Seattle, had previously worked as software engineer for Amazon Web Services, the cloud hosting company that Capital One was using.

It’s clear to see that one of the highest levels of cyber threat truly is internal, because they already have access to the information and understand what security measures are put in place.

When cyber threats happen, most people see the hacker as the stereotypical rebel in his dark basement with a black hoodie on. In reality, the criminal is most likely someone from inside the company. In 2016, IBM found that 60% of all attacks were carried out by insiders[2].

Cyber Security Awareness Training is very important! It protects you and your organization from disgruntled and careless employees. Whether you’re a business owner or employee, every single business day is as important as the last day. Without proper training and proactive monitoring, you put your credibility and the trust of your customers at risk.

>

Protect Your SMB & Non Profit from Inner & Outer Cyber Attacks

By |2019-07-10T16:03:55-04:00July 10th, 2019|Dark Web Monitoring|

We know what your thinking…

“Why would a hacker want my small to medium business or non-profit? Why would they go after me?”

Considering that you think this way, is why you’re a bigger target. Being an SMB’s or a non-profit makes you more of a target because you have an assumption that you won’t be attacked. The statistics back up all the information:

43 percent of cyber attacks target small business. 60 percent of companies go out of business within six months of a cyber attack. 48 percent of data security breaches have been done with malicious intent.[1]

As a small organization, these stats cannot be ignored. 

It may be hard to understand and believe why hackers would target non-profits or SMB’s, but it does happen, and unfortunately they receive no media coverage due to how small the business is. And worse yet, most SMB’s and non-profits don’t take cyber security seriously, or not as seriously as they should.

An owner or executive might believe that their companies don’t have anything of value worth stealing, but that just makes you more of a target. What you forget is that you have something that hackers want, things that are of extreme value such as customer payment information, employee information, passwords, and important day-to-day operations.

It’s realistic to say that data is the new gold, and you wouldn’t leave your gold coins out in the open ready to steal. 

If your system isn’t secure, hackers can stop your day-to-day operations, steal important client information, such as social insurance numbers and address, and encrypt your data all together. Part of the service you offer as an SMB and non-profit is making sure that your users information is protected. In fact, it should be a guarantee or else you may face legal consequences.

The Outer threat: How does the criminal underworld called the Dark Web affect you?

When data breaches occur to big corporations (recent breaches include LinkedIn, Air Canada, CIBC, BMO & more), the credentials, SIN, banking info, etc. starts to get sold all over the Dark Web. 

That stolen data is then used to steal your identity, your money, and further spread the computer diseases to your friends and colleagues.

How can you stay protected from the Dark Web? Here’s a step by step process to ensure greater security:

Knowledge is Power:

Register for a free domain check to see if you or your organization’s credentials are being sold over the Dark Web.

Password Protection is key:

About 80% of people will use the same password or a derivation of the same password for multiple different services [2]. This makes it extremely easy for hackers to gain access to multiple services if they buy only one on the Dark Web. “P@ssw0rd1!” is not hard to crack – check out our password tips to become more secure.

Use multi-layered security solutions:

For example; you can set Twitter to send you a verification text every time your account is signed into.

Keep your software up to date:

Antivirus services are constantly finding new threats and updating their procedures. Make sure to update your software so you are protected from the newest and more sophisticated threats

Call in the experts:

When you deal with cyber crime, you need to know what to do; you need to be an expert. Not everyone can spend all day thinking about security, but there are experts like E-Tech who do.

The Inner Threat: Protecting your company involves looking inwards.

It’s easy to assume that any cyber attacks would be coming from outside of your organization, but here’s the hard truth:

55 percent of all cyber attacks are from the inside of the organization, 31.5 percent done by malicious employees and 23.5 percent done by company insider who accidently leave the company open to attacks.[3] 

If you’re an owner or executive at your respective firm, it’s your duty to ensure that you protect your business and your team. Protection can no longer be solely focused on exterior threats, but equally with interior threats happening all the time.

An important tip to preventing internal hacks is keeping a sharp eye on authorization requirements, meaning limiting employees access to sensitive data. This can be an important first step to preventing some internal hacks.

As an SMB’s or non-profit organization cyber security is a very serious. You can never assume that your company is not a target just because your a small business. 

As an organization you not only owe it to your employees but you owe it to your customers to have your business as secure as possible.

Get a free dark web scan to begin securing your business from cyber criminals.

Facebook Gets Hacked – The 10 Best Ways To Stay Safe on Social Media

By |2018-10-16T16:28:36-04:00October 16th, 2018|Dark Web Monitoring, Uncategorized|

Social media needs no introduction – if you don’t have some sort of social media account by now, you might be living under a rock. Social media covers everything from casual sites (Facebook, Twitter), artistic sites (Instagram, Spotify), and even instructional sites (Waze, Reddit). What fails to be thought of by everyday consumers is how safe is it really?

It seems like every week, another big corporation announces a huge data breach, the most recent and most troubling being Facebook. On September 28th, initial reports by Facebook itself suggested that 50 million users were affected, and most recently (as of Oct. 12th) that number stands at a smaller but still unimaginable 30 million users [1] [2].

How did 30 million people get attacked?

As Facebook explained, hackers were able to exploit a vulnerability in Facebook’s code for the “View As” feature. The “View As” feature allows account owners to see how they’re profile would look like to other people. The hacker exploited this system by making it so if they were logged in as User A and did “View As” User Y, they became User Y. If User Y was logged in, the hackers now had stolen your Access Token, the generated cookie/tool that keeps your account logged in and from having to log in every time you load up Facebook [3].

Who was affected?

Facebook did a scan of all its users who used the “View As” feature in the past year, and deleted their access tokens. That resulted in 90 million users, whether they were hacked or not, experiencing a forced log out. Facebook recently reported that it estimates 30 000 000 affected by this breach.

[2]Out of the 30 million that were affected:

  • 1 million had no Facebook data accessed at all.
  • 15 million had at most their name, phone number and email addresses accessed.
  • 14 million had contact details and other profile data accessed, includingusername, gender, locale/language, relationship status, religion, hometown, self-reported current city, birth date, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, [their] website, people or Pages they follow, and [their] 15 most recent searches.”

Just another of a long list of corporations, social media giants and e-commerce sites to be compromised, it leads us to question if we could ever be safe.

What does it take to have true cyber protection?

With social media, you almost have little control when the biggest of corporations are still vulnerable. With the skill, technology and organization of today’s cyber criminals, it’s not a matter of IF you can get hacked, it’s a matter of being better prepared than someone else. A hacker will not waste its time on a strong defense, especially when there are millions of weak ones.

Here’s the 10 Best Ways to Stay Protected on Social Media:

1. Use a strong password.

  • This is the standard – cyber security 101, but it’s still overlooked by nearly all users. A hacker’s best tool is a brute force attack – an attack designed to discover a password through trying every single combination of letters/numbers/symbols. These attacks 8 BILLION combinations per second. A password should NOT consist of words or phrases. A great way to choose a password and remember it is to pick your favourite line from a movie/book, take the first letter of each word, capitalize every 3rd letter, and then repeat. For example; “O Romeo, Romeo! Wherefore art thou Romeo?” = orRwaTroRrwAtr.A laughing man, saying "I changed all my passwords to 'incorrect.' So whenever I forget, it will tell me 'Your password is incorrect.'"

2. Use a different password for each of your social media accounts.

  • Nearly 80 percent of users use the same, or a variation of one password across several accounts. If a hacker can steal one password, how hard would it be for them to get the 10 other similar ones? You might as well hand it over to them.

3. Never log in from wifi networks you don’t know and be wary of free networks.

  • Anyone can purchase a portable wi-fi adapter from their service provider. There is nothing stopping a criminal from going to your local Starbucks and naming their portable network “Starbucks Free Hi-Speed Wifi.” Next thing is, you logged in to that network – of course you did because it was Hi-Speed – and you’ve now given access to your phone to hackers.A list of Wi-Fi networks with the option "Password is Password" highlighted

4. Be wary of third-party add-ons and apps.

  • That follower tracker you downloaded to track your twitter followers could be developed and designed to trick you into giving up your account information. In fact, in 2017 alone, Google took down 700 000 malicious apps on it’s Play Store that were used for criminal activity.

5. Check your privacy settings.

  • Often overlooked are the privacy settings on your social media accounts. The more private you are, the less likely some can steal your information, it’s as simple as that.

6. Don’t click that suspicious link!

  • I admit that I also want to read “10 Reasons Why Star Wars is the Best Series Ever,” but it could mean clicking a link that’s going to download viruses, malicious software, encrypt your files or even destroy everything all together.

7. Be careful about what you share.

  • Don’t reveal sensitive personal information ie: home address, financial information, phone number. The more you post the easier it is to have your identity stolen. Believe it or not, posts like this exists:A Facebook post of a user exposing their credit card information online

8. If you have social media apps on your phone, be sure to password protect your device.

  • To have a cellphone constantly unlocked is asking someone to steal it. The best protection are the alphanumerical passwords that are available on most smartphones.

9. Remember to log off when you’re done.

The 30 million who got compromised through Facebook could have been safe if they did this simple thing. If it’s an important account, always log out when you’re finished. You can be the most secure, but all a hacker needs is your Access Token, and then they have your account.

10. Keep your firewall security and anti-virus software up-to-date.

When all is said and done, you must have proper anti-virus/anti-malware protection. Watch out for fake software being sold online – those are run by hackers as well. Always buy from a trusted source.

Contact Us to find out if YOUR corporate email address is being sold on the DARK WEB for hackers!

Stay up to date with us and receive Cloud & Security Tips!

>

Cyber Criminals Reign Over the Final Week of June: Hundreds of Millions of Consumers Data Left for Hackers

By |2018-07-09T12:13:20-04:00July 9th, 2018|Dark Web Monitoring, Uncategorized|

In the last week of June, three companies with enormous databases had their information seized: Adidas, a leading sports gear retailer, TicketMaster, a leading event ticket vendor, and Exactis, a data compiler.

First to get attacked was TicketMaster, who had 40,000 consumers’ data compromised on June 23, 2018. TicketMaster openly wrote about the data breach, claiming it to have affected less than 5% of its global customer base [1]. The breach affected only customers from the United Kingdom but spanned over several months from February to June 23, 2018. If a consumer bought anything on their website within those months, personal and/or payment information may have been accessed by an unknown third party. After reporting the breach, TicketMaster emailed all users they believe were affected, and offered a free 12-month identity monitoring service.

Adidas fell victim on June 26, 2018 by another unidentified third party. An Adidas spokesperson claimed that “a few million” consumers were affected [2]. Limited data was taken, including contact information, usernames and encrypted passwords. Adidas also claimed that there was no reason to believe that any credit card information was taken.

The least known but most surprising was Exactis. The data compiler and aggregator left around 340 million of consumers’ personal data open and accessible to anyone looking for it. Most disturbing is that the data was very specific in nature. Each record had information concerning personal attributes like phone numbers, email addresses, if you are a smoker, what size clothes you wear, etc [3]. The database was first discovered by Vinny Troia, the founder of a New York-based security company. Troia contacted Exactis, as well as the FBI when he discovered the disturbing collection. Exactis has not since given a statement concerning the leak, but the collection is no longer accessible. It’s unclear whether this database was used by cyber criminals, but Troia believes he cannot be the only person to stumble across such a huge collection.

Once more, businesses are reminded that data security is not an option, but an obligation. When a business has proper protection, it is also a deliverable sales pitch for new potential clients. Security can give a business that extra edge over the competition and could be the reason why it continues to grow.

Feel free to Contact Us for more information.

Title

ABOUT US

201 Consumers Road
Suite 204
Toronto, Ontario
M2J 4G8
(647) 361-8191

EXPERTISE

HELPFUL LINKS

E-Tech. All Rights Reserved 2024.

Accessibility by WAH
Go to Top