​Cyber Security: Some tips from TGDS on keeping safe

Last Friday, The Global Display Solution felt the affects of one of the largest DDOS attacks ever. The attack was perpetrated upon DYN and its managed DNS services. The attack was relatively harmless, but it did hurt our business by preventing us from selling online with credit cards and frustrating our customers who were unable to check out online. While this type of hack is unpreventable to us as small business owners, there is plenty we can do to prevent other types of cyber attacks and social engineering scams.

Below are a few of the hacks and scams that we have run into since starting business in 2001, we have separated them into two categories: social engineering and script hacking. This list is built from our own experiences as a company and our own research on how to prevent being hacked and scammed.

Social Engineering and Phishing

Social engineering and Phishing are a confidence trick that allow criminals to extract information from an unknowing victim and use it for financial gain. These fraud schemes are complex and involve many steps.

Preventative Actions:

• Never give out your passwords over the phone or click on a Url in an email and enter your password.
• Verify the email address and URL’s before you trust them. If in question, call the person over phone to verify.
• Shred sensitive information that could be used to gain trust or insight into operations.

Examples:

What’s Your Password?

A common tactic is a for a spoofed email or a person to ask for your password. These schemes can be incredibly complex and involve identical looking websites to back up the email or call.

Wire Transfer

Another common tactic is to email spoof the address of a customer and ask for wire transfer to be sent to a different account. These can be sophisticated and involve real invoices from vendors that are taken from trash.

Distant Shipping Location

A hacker calls trying to purchase a product and ship to distant location and uses 3rd party warehouse. The end goal is to have you prepay the shipping for them and they take the money from the account, never to be seen again.

A Special Trade Show Hotel Rate

This one is laughable at this point on how many times we get a person calling saying they are an official provider for “X trade show” and how they can secure us an excellent rate at any hotel. In this case, the attacker is getting our info from the trade show websites and trying to build on that to get our credit card info etc.

Script Hacking:

Hackers often email spoof to look official and send infected files attached or a website link with infected file waiting for user to go to. These files are generally .exe, zip, rar, PDF files but can also Microsoft files and a range of other files. Once the file is executed on the system, it can do a range of things including destroying your computer to gaining complete remote access.

Preventative Actions:

• Double check URL's and email for correct spelling. Call up person on telephone to confirm if it seems suspicious.
• Don't download files of any kind from someone you do not know without verifying via phone.
• Use complex passwords to accounts, use 2-step verification, and change passwords often.

Examples:

Sketchy Emailed Invoice or Purchase Order

We will often get an email from a random person that is asking us to look at an invoice that is overdue. The file that is in this email is most certainly an executable script designed to take over your computer or listen for the next time you input important passwords.

Check Out Our website!

Another common way for criminals to run scripts against your system is to get you to a site that will inject code into your browser and system.

Password Cracking and Guessing

Simple passwords can be guessed by complex scripts that repeatedly try different passwords until the correct one is found. This process can take days or even months but can often happen if your password is common or not complex enough.

Good luck out there and remember to stay aware of the scams and how complex they can be!