Avoid Phishing Attacks by Checking Out These Link-Checking Tools

a person sitting at a desk in front of a computer

Over the past few years, we’ve seen a huge increase in the number of issues with security and malware attacks on computers and devices. When you receive an email or text message, you should always use a link checker to ensure that it’s not a scam. Keep reading to discover some of the top tools which will help anyone to avoid phishing scams in the future.

Why Do You Need to Use a Link Checker?

While you might think that it’s okay to just open a link and see what’s inside, you should always be aware of what you are opening from the internet today. Even when you get an email from a company or person that you know, you never know if the link could in fact have a malware risk or be a phishing scam. Sadly, we see accounts get compromised each and every day by scammers, who can hack into your email or phone account and send suspicious emails.

In business settings, this is just as important, as you never know who in your team could open a link and corrupt your systems. This is why we encourage any business owner to educate their team about the link checking tools we share here today, in order to avoid you becoming the next victim of a malware attack.

Identifying and Copying Links

Before going any further, it’s important to understand what we mean when we are discussing links. A link is defined as any piece of text or a graphic that you can click to take you to another page within your browser. This could either be a piece of hyperlinked text, an image, or it may start with https://. However, just because a link says that it’s going to send you to one site, that might not be the case at all. When links are hidden in text, icons, and graphics, you never know if they are safe, which is why you should always use the following strategy to check the full URL:

On a Desktop or Laptop:

– Hover your mouse over the link.

– Right-click the link.

– Select “Copy Link” or “Copy Link Address” or “Copy Hyperlink”

You have now copied the link and can paste it into any of the link checking tools we share below by using CTRL+V (or right-click and select Paste).

On a Tablet or Smartphone:

– Don’t click the link by accident and open it, as this is an easy mistake to make on mobile devices.

– Hold your finger over the link until the context menu appears.

– Select “Copy Link” or “Copy link address” or “Copy Hyperlink”

Once the link is covered, copy it by holding your finger over the URL field in the tool and pressing paste.

The Best Link Checking Tools to Avoid Malware and Phishing Scams

There are many link checker tools online today, all of which can help to protect you from common scams. It’s best to cross-check your links with a couple of sites, so that you reduce the risk to your business.

Norton Safe Web

https://safeweb.norton.com/

This free tool from Norton offers you a rating stating how dangerous any given link is, so you have a good idea about the risk involved with opening any link.

PhishTank

https://www.phishtank.com/

PhishTank tells you if any link has been involved in phishing scams, as these are much harder to identify than regular links.

Google’s Transparency Report

https://transparencyreport.google.com/safe-browsing/search

This world-famous search engine constantly trawls the internet for phishing risks and malicious websites, which are then saved within the transparency report. Your link will be matched to anything in their records so you are aware of the risk when opening it.

Scan the Link with VirusTotal

https://www.virustotal.com/gui/home/url

Scan the Link is another popular tools that allows you to check links for viruses, however, keep in mind that if the phishing attack isn’t yet documented, it might not be identified.

Are you concerned about suspicious links and the risk they posed to your business? If so, get in touch with our team today to learn more about how we can support you in keeping your business secure this year.

Contact Us Today!

Received a Random Link? DO NOT CLICK ON IT!

a person using a laptop computer on a wooden table

If you ever receive random texts or emails from PayPal (or any other business, for that matter) telling you they suspended your account and now require you to authenticate your identity with an unknown link, then you should definitely think twice before clicking on that link. This is a common method that hackers use to break into accounts, especially those account holders that fall for this phishing scam. There is a better alternative to investigate this issue to see where it leads. It is important to access your account the way you normally would instead of clicking on that link.

If you were in this position, what would you do?

It is pretty safe to say that no one wants to fall for a phishing scam; but, at the same time, it can be very tempting to trust the message to make sure there is nothing wrong with your account.

The best approach is simple, but definitely not one that we would intuitively think to do.

Instead of clicking on the link provided in the text or email, open up a new web browser tab and login to the website, the same way you normally would in order to access your account. It does not matter the type of account you are trying to log into, whether it be your bank, your favorite online retailer, or any website that you have an account with. The practice of logging into the site directly, rather than using the link given, is simple and easy to do. It will also help keep you from being a victim of a phishing attack.

Let Us Help Your Team and Keep Them Safe

4 Corner IT can help you and your company choose the best tools and resources to keep everyone safe from security and phishing attacks. Our professionals can help build your business’ defenses and offer training to all members of your team, including how to identify potential threats and the best practices to keep safe from these attacks. For more information or to get started today, contact us at 954.474.2204.

Contact Us Today and Check Out Our Blog!

Enterprise Businesses and Vulnerabilities

a man holding a padlock in his hand

It is no secret how vital cybersecurity is for all organizations today. Recent data has shown just how crucial visibility into your company’s infrastructure really is. Today, most businesses have IT solutions to assist with detecting and managing their information systems vulnerabilities. These vulnerabilities can range from a bug in a code that can allow hackers to gain access to a flaw in the update that might fix one vulnerability but cause another. Enterprises face viruses, malware, spam, and phishing schemes. With the number of options available, IT professionals must learn how to manage these vulnerabilities and the types of solutions that will best fit the company. 

Enterprise Vulnerabilities are Pretty Bad

Sevco Security recently released a report, The State of the Cybersecurity Attack Surface, that gathered data from over 500,000 IT companies. This report found that many of the assets that these businesses relied on were missing critical endpoint protections or lacking critical checkpoints.

Research showed that from the businesses that were interviewed, 12% of the companies lacked endpoint protection services while 5% lacked enterprise patch management. It was also found that 19% of Windows servers were also missing endpoint protections.

These companies also demonstrated assets that were recognized by the security control console and registered as installed on a device, even though that device is not checking back in. This is an issue that many organizations deal with as 3% of IT assets showed stale endpoint protections with 1% showing stale patch management. Because of this, issues are more difficult to find and resolve before creating problems because devices are supposedly checked out and approved.

IT professionals should conduct proper research on all the available vulnerability management tools to find the appropriate ones to use. It is essential to look for a tool that allows automated scanning, alerting, and tracking of vulnerabilities over time. The tracking helps ensure that these vulnerabilities are patched as soon as possible. Vulnerability management tools should be pretty easy to set up and begin functioning as soon as possible. 

The four critical criteria of vulnerability management, also known as VM, are network discovery, scanning, reporting and correlation, and asset prioritization. It is important to ensure that you have an IT department that will always maintain your company’s infrastructure. If needed, you can also outsource vulnerability management to another IT team that will assist in protecting your organization’s infrastructure.

We Can Help Prevent Your Business from Experiencing These Issues

At AE Technology Group, our remote monitoring and maintenance are created in order to identify and solve IT problems before they can interrupt business operations. For more information or to find out how we can assist your company, contact us today at (516) 536-5006.

Contact Us Today!

Hackers Are Discovering Cracks in Multi-Factor Authentication

a person using a cell phone and a laptop

Multi-factor authentication, or MFA, is an effective practice in preventing cyberthreats. Unfortunately, and not surprisingly at all, hackers have found a way around MFA. Continue reading to learn how hackers found defects in multi-factor authentication and how to keep you and your company protected.

Why is Multi-Factor Authentication so effective?

The most common method hackers use to gain access to accounts is through phishing scams where they convince users to voluntarily provide login information like passwords and usernames. Although not as common, hackers guess frequently used weak passwords and might be successful. Either way, the secondary credential required by MFA means there is another level of security which helps prevent hackers from accessing accounts and personal information.

How are hackers getting around Multi-Factor Authentication?

Microsoft informed users of the recent attacks that have shown it is possible for hackers to find alternate ways around multi-factor authentication protocols. Hackers do not necessarily break through MFA but they are able to bypass inputting credentials required by MFA.

The most common way of bypassing MFA is through the use of “adversary-in-the-middle” attacks. In this attack, hackers use a phishing scam in tandem with a proxy server between the victim and the service he or she is logging into. Hackers are then able to steal the user’s password and the session cookie. The user is able to gain access to his or her account and has no idea that he or she was just hacked. In reality, the hacker just received access to the user’s account.

Other methods that are used to work around Multi-Factor Authentication

There are other means that hackers use to bypass multi-factor authentication but it may take time and effort. If a particular system uses SMS messages or email codes and the hacker was able to obtain the user’s login credentials, then the hacker can gain access to the account without having to answer the secondary credential.

Hackers can also bypass MFA by using trojans to spy on users or to take control of certain devices used to authenticate a system. If the account’s login portal depends on something the user knows, such as a code, hackers can attempt to get in.

What is the best approach?

The best defense against hackers and other attacks is to educate people on how hackers work and the most appropriate and effective security solutions to incorporate. It is recommended to implement multi-factor authentication. It is also crucial to teach employees the importance of MFA and other security solutions.

AE Technology Group can help you and your organization implement the best security solutions on the market. We can also provide extensive training and testing for your team to be prepared to handle any and all phishing attacks. To learn more about how we can help your business, contact us today at (516) 536-5006.

The Raspberry Robin Worm

a man sitting in front of a laptop computer

Utilizing storage devices, such as USB drives, has been known to spread malware from one device to another. Recent analyses found an imminent threat, known as the Raspberry Robin worm, is currently developing. What is it and how can you keep yourself and your company safe from attacks?

What is Raspberry Robin?

Raspberry Robin is a worm that was initially discovered in Europe in September 2021 by cybersecurity intelligence analysts at Red Canary. It was found to primarily affect users of Windows-operating systems.

What exactly does Raspberry Robin do?

When an infected USB drive is inserted into a computer, the device will display an infected .LNK file. A msiexec process is then started through the command prompt. A .BAT file has two commands that can be executed. One command can manage various Windows features and the other command can configure Open Database Connectivity. The combination of the two will make the threat difficult to locate on the network as it remains hidden.

The Raspberry Robin infection process was found to escalate further where compromised QNAP NAS (Network-Attached Storage) devices are also affected. During this stage, the hacker is able to retrieve the victim’s user and device names, using HTTP requests, once the .LNK file is downloaded. From the infected QNAP device, the malware then utilizes a malicious DLL (Dynamic-Link Library) in order to gain access and take control over the entire system.

How does Raspberry Robin spread?

Although it is understood that Raspberry Robin spreads via compromised USB drives, it’s unclear how it spreads from device to device.

What are hackers looking for?

Unfortunately, like most malware that are in its initial stages of development, there is not much known about Raspberry Robin. More research is required to determine its spreadability and the intention hackers may have when creating this worm. Although it is currently unknown, it is suspected that hackers developed this attack with the intent to steal data and/or install additional viruses on infected devices.

The Final Takeaway

To keep yourself and your business safe from Raspberry Robin is to treat all USB devices with intense scrutiny. This includes eliminating inserting USB drives that do not belong to you or USB devices that might have been found lying around on the ground. It is important to remember that USB drives may not look suspicious from the outside but inside, it can be compromised. Always think twice before plugging in any unknown devices on your computers. 

AE Technology Group can help your organization keep itself protected from the various and growing threats out there, including this Raspberry Robin worm. Although we’re unable to physically stop your team from inserting potentially infected USB devices, we can provide further education, including the dangers of doing so, as well as training for employees. In addition, we will continuously track your network environment for possible threats. To learn more about how we can keep your business safe, please contact us at (516) 536-5006.