Can you be a target for a phishing scam? Take the quiz and find out.

What’s the easiest way to get into a locked building?  Use the key.  What’s the easiest way to get the key?  Get it from the person who has it.

Your network is a building, metaphorically speaking.  Each device (computer, printer, network attached storage, etc.) is a room in the building and each device is protected by a user name and password, or at least should be. The user name and password are the credentials of the device, and are the “keys” to the room.  Usually, in order to make our life simple, once we insert our key (user name/password) into the building (network), we’re granted access to the rooms (devices) our gatekeeper/keymaster (network administrator) has decided we can go into.

Because we’ve become more security conscious over the past few years (we don’t use the password “password” or “123456” anymore…do we?!), the bad guys (hackers) have become more sophisticated.  They use various methods to get the keys.  Some use social engineering.  Others use brute force attacks.  And still others prey on the lack of computer knowledge of network users.

The last group uses “phishing” expeditions in order to get the keys.  This is a play on words on “fishing expedition”.  On a fishing expedition, we go out and see how many fish we can catch.  We target our area, throw out the line, which has bait on it, and see what happens.

A phishing expedition is no different.  The bad guys send out hundreds of thousands of e-mails that have malicious content, and see how many take the bait.  Once the targets take the bait, it’s pretty much over with.  Some of the malicious payload may be a virus or Trojan that captures your “keys”.  Others may be ransomware that encrypt your hard drive and demand money in order for you to get access to your files again.  Regardless of the payload, it’s all bad, which is why we call it “malware”, “mal” being the Latin word for “bad”.

Phishing expeditions are not limited to just gaining access to work networks.  They can also be used to gain access to bank accounts, credit card accounts, or any other password protected site.

So how do you protect yourself or your company?  At PCMDX we take a multi-level approach.  Securing the perimeter is very important.  We use a firewall to do so.  This prevents the bad guys from simply walking into your network through an unlocked door.

We also protect all of your devices by using anti-malware software, applying patches and updates on a regular basis, and making sure there’s no vulnerabilities on the network, such as devices that have out-of-date firmware, or computers with out-of-date operating systems, such as Windows XP or Windows Server 2013

We also believe in training and education.  The more your users know about how to protect themselves, the easier our job is, and the more secure your network becomes.

Keeping your network secure is not a one-time thing.  It requires regular maintenance, and regular training.  Every time the good guys find a way to block the bad guys from gaining access to the network, the bad guys come up with new ways to break in.

Here is a test that you can take yourself or give to your staff to find out how much you and they know about phishing expeditions.  If you score below a 100%, give us a call so that we can begin to secure your business or network.

Phishing Quiz

PCMDX is based in Hoover, Alabama and serves businesses that have 15 computers or less in Alabama, Mississippi, Western Tennessee and the Florida Panhandle.  If you’re a merchant that takes credit cards, you’re required to be PCI Compliant and PCMDX can take care of all of your PCI Compliance needs.  If you’re a medical practice, you need to be HIPAA compliant, and our engineers are HIPAA specialists.

Call us today for your free consultation at 205-201-0389 or via e-mail at pcmdxal@gmail.com .

 

Microsoft is Not Watching Your Computer

Over the past year we’ve had several clients contact us to tell us that they had received calls from “Microsoft” indicating that they had errors on their computer, and that “Microsoft” wanted to fix those errors.

Having received two of those calls as well, and having promptly hung up on those calls, we thought that most people would do the same.  Apparently this is not the case.  So please read this post so that you can protect yourself from a social-engineering hack.  And share this with others as well, especially those who are not computer savvy.

Here’s how the hack goes:

Your phone will ring and a person on the other end, usually with a foreign accent (ours had an Indian or Pakistani accent both times) identifies himself as being an engineer with Microsoft and they discovered an error on our computer, and they needed to fix it.  The way they want to fix it is to remote into the computer, by the victim going to a web site that installs remote control software.

If the victim seems dubious, the hacker asks them to go to a folder on their C: drive and look for a file called rundll32.exe (or any common Windows file).  Once the victim sees that file (which is on every Windows computer), the hacker says that it’s a dangerous file and that he will remove it.  He then directs the victim to a web site where the remote control software is installed.  Once it is installed, the hacker has complete control of the computer.  They will tell the victim that they are removing the bad files, meanwhile accessing the victims private information.

The hackers are brazen at times.  One of our clients allowed two of his computers to be accessed, and then the hacker had the audacity to tell the victim that they owed $199 for the “clean-up job”, which the victim reluctantly gave.  Then they called us.  It took several hours to remove all the malware installed by the hackers.

Again, they usually prey on people who are not computer savvy, and, since they sound convincing, the hackers are successful many times.

We have received two of these calls.  On the first one, we played along to determine their method.  Although we never let them get to the computer, and then stopped them by telling the hacker what we did, we were able to gather some information.

The hackers are based in India or Pakistan (ours was in Pakistan).  They are in a phone room and randomly call US numbers.  If successful, they are paid $150 US for each hack.

So here’s a very basic thing to remember:  Microsoft does not monitor your PC for errors.  If someone from Microsoft calls you to tell you there’s an error on your PC, HANG UP.  Quickly.

Now, if you’ve received a call like this and have allowed a hacker access to your PC, and have not had your PC cleaned, please contact us right away.  Once the hackers have access, they will continue to have access.  Our contact information can be found on our web site pcmdx.net or on our Facebook page facebook.com/pcmdx .

Windows 10 – Update 1

If you’re a Windows 7 or Windows 8 user, you may have noticed a new icon in your system tray (the icons next to the clock in the lower right hand corner).

It looks something like this

win10icon

When you click on it, a small windows pops up that is titled Get Windows 10, and tells you what happens when you proceed.

win10upgradeintro

The instructions are simple.  1 – Reserve your copy of Windows 10.  It’s free.  As in no charge (according to Microsoft).  When you “reserve” it, it prepares to download a 3 gigabyte file to your hard drive (that’s huge, so make sure you keep your computer on, as it will up to a few hours, depending on your broadband speed.  2 – Once it’s on your PC, you’ll be told to upgrade.  You can do it then or whenever it’s convenient for you.  and 3 – Enjoy.

OK, so looks pretty easy, so why not move forward with it, right?

Wrong.

An operating system (OS) upgrade is a HUGE undertaking.  It changes EVERYTHING about your PC and once you’ve installed the new OS, there’s no going back except to wipe out your PC and re-install the original OS, assuming your have a restore partition or the original disks handy.

So before you click “Reserve free upgrade” and begin the process, learn a little bit about the new OS.

NOTE:  We’re asking all PCMDX clients to hold off on the install until we’ve evaluated the new OS on our test machines.  We’ll check out the good, the bad and the ugly and give you a fair, unbiased report on whether it’s worth your time to upgrade.

The history of the Windows OS is why we’re asking our clients to wait.  Here’s a brief summary of the Windows OS:

1980s – 1995 – Although Microsoft Windows existed, it was not a true OS.  It was an interface for the MS DOS operating system, making launching programs easier.

1995 – MS introduced Windows 95, which was a true OS.  It was designed to be Plug and Play, meaning that many devices could be installed without the search for drivers and additional programs.  It meant well, but didn’t accomplish the task and the term BSOD (Blue Screen of Death) was coined.  Constant BSOD were common with Windows 95.  The business clients were introduced to Windows NT, which looked similar to 95, but that’s where the similarities ended..

1998 – 2000 – Windows 95 was replaced by Windows 98 and Windows 98SE, which were superior over 95.  Although BSODs still happened, they happened less often.  On the business side of the OSs, Windows NT 3.5 and 4.0 were taking over the business network due to their user friendly interface and their robust architecture.

2000-2001 – On the consumer side, Windows ME was introduced and on the business side Windows 2000 was rolled out.  ME didn’t gain the popularity that MS expected, with most users sticking to 98SE.  2000 did very well on the business side.

2001 – MS instroduced Windows XP, to date the most popular OS they have every put out.  Although the life cycle of a MS OS is supposed to be 3 years, XP lasted 13 years before it was retired (End-of-Life) on April 9, 2014.  XP came in two flavors, Home, for home users, and Professional, for business users.  Both were based on the NT kernel (the most basic part of the OS), which was must more robust than the previous versions.  BSODs began to appear less and less.

One problem with XP was its security.  In the early XP years, virus writers began to attack Microsoft and XP developed a reputation for being “less secure”.  MS countered this by coming out with Service Packs (SP) every few years.

2006 – Because of the security reputation that XP had, MS came out with Windows Vista.  It came in two types, Home Premium and Business.  It took security to a whole new level, and it gained a reputation for being overly sensitive.  It did have some cool features, like the Aero interface, Plug and Play was improved over XP, but most users, home and business, stuck with Windows XP.  Vista was a dud.

2009 – MS introduced Windows 7.  It again came in two types, Home Premium and Professional.  This OS was a true winner, combining the best of XP and the best of Vista into one.  MS was still supporting XP, though, so the home market transitioned to Win7 faster than the business market.

2012 – MS introduced Windows 8 and lost a substantial share of the home market.  The OS was a radical change from the previous Windows versions and people didn’t like it.  Businesses objected to it, home users wanted to know where the Start button was.  MS thought people were ready for its “Metro” interface of tiles instead of program icons.  MS was wrong.  MS came out with Windows 8.1 which brought some functions of the old interface back, but it was still a totally different OS.

2015 – MS releases Windows 10.  Wait!  What happened to Windows 9?  Windows 9 never happened.  Rumor has it 7 8 9 (sorry, geek humor, won’t happen again…).  Some speculate that Windows 10, because it’s free, will be copying Apple’s OS model.  Apple computers run “OS X”.  X is the Roman numeral for 10.  Apple doesn’t charge for upgrades to their OS, provided the computer can handle the upgrade.  Apple doesn’t change the “X” part, instead giving each new upgrade a name, like Snow Leopard, Maverick, Mountain Lion, Yosemite, and coming later in 2015, El Capitan.

Rumor has it that Windows 10 will be the last Windows released by MS.

So what’s new with Windows 10?  We don’t really know yet.  We’ve heard some favorable reviews, but until it’s released to the public, it’s all speculation.  We believe (hope?) that MS will have done with Windows 10 what they did with Windows 7, which is to combine the best of both Windows 7 and Windows 8.1.

So here’s what we suggest:  Go ahead and reserve your free copy of Windows 10, but hold off on installing it.  Let PCMDX install it first, test it, evaluate it, and then read our recommendation.  Remember, once you go to 10 there’s no going back, so be patient.  We’ll post on our Facebook page when we have an update on this blog, so make sure you Like us on Facebook.

Meanwhile, if you have questions, please e-mail us at pcmdxal@gmail.com

 

Welcome to the PCMDX Information Blog

The PCMDX Information Blog is designed to compliment our other sites, including our main web site PCMDX.net, our PCI Compliance site pci.pcmdx.net , our Facebook page Facebook.com/pcmdx and our forum, PCMDX Forum.

On the Information Blog, we’re going to bring you the latest things you need to know to keep your home or business PC or Apple computer running smoothly.  Most posts will be announced on the Facebook page, so make sure you “Like” the page so that you get the latest news when it happens.

PCMDX deals with both residential and small business customers, with our focus being on maintenance and security.  We believe that a well maintained computer or network will give the user trouble-free performance for years.  This includes making sure that the user has all security functions in place.

Thanks for visiting and for reading.  We welcome suggestions, so if you have any, please e-mail us at pcmdxal@gmail.com