Servertastic

UK £ US $ Euro

Introduction to Tech Support Scams

Tech support scams

Among the more common scams used by cyber criminals is the fake technical support service. Phone calls from Microsoft technicians and pop-ups warning of viruses are just a couple of the hallmarks of this con.

Tech support scams prey on the victim’s lack of IT knowledge to fool them into thinking there is something wrong with their computer. The victims are then conned into paying for an expensive service or downloading software in order to “fix” their problems. These services often entail giving the scammers remote access to their computer. This is their gateway to performing more malicious activity, which include theft of personal information and passwords or inserting more malware for future attacks.

In the past these types of scams have taken the form of cold calling. The scammers pretend to be a Microsoft technician to gain the victim's trust. They then talk the victim through various steps to fool them into believing their computer is compromised.

Phishing emails and pop-up ads are also popular methods of reaching victims. Sometimes these pop-ups go as far as to mimic Windows error messages. Those with low IT literacy can struggle to distinguish between the real and fake messages.

Newer Techniques

Scammers have been getting their schemes in front of victims using paid advertisements. When someone has a technical problem their first action is usually to look up a solution using a search engine. Services that appear as paid ads will seem more trustworthy in the eyes of potential victims and more likely to draw them in. Creating a convincing looking website, which can lure in victims, is simple for experienced crooks.

It has reached the point where Google are planning a special verification system to root out these fake ad (report by Naked Security). And in a recent development criminal have been exploiting un-patched WordPress plug-ins to redirect visitors to their scams (report by Malwarebytes).

How to protect yourself

The first important thing to remember is that companies like Microsoft will never make unsolicited contact with you. If you are contacted by anyone claiming to be from Microsoft or Apple, then it is best to assume fraud and hang up. Also note that no one can "remotely detect" viruses on your computer, and Window or Mac error messages will never require you to ring telephone numbers or email an address.

Keep calm when confronted with warnings. When you are presented with a dire message, it is only natural to want to act fast. Phishing emails and ads from scammers rely on urgent language to bypass rational thinking. Next time someone online tells you your computer has been compromised, stop and think.

If you get an email issuing urgent warnings, do not click and links or attachments. These may lead to fake web pages or contain malware. Keep an eye open for poor spelling and grammar in emails. These are obvious signs of unprofessional pretenders.

Taking a more proactive approach to protecting your computer from Malware can help you escape pitfalls. Do research into trusted anti-virus and anti-malware tools and get them set up early. These tools can detect malware planted by scammers and warn you about malicious downloads. If you know who you can turn to for help, then you can avoid suspicious characters online.

Proper training can help your staff avoid the pitfalls of tech support scams and other phishing attempt. Training programs such as CySafe can boost the vigilance of your staff and reduce the risk of them falling prey to phishing..

These kinds of scams can be easily avoided so long as you are vigilant and never take online ads at face value.

How do I Make my Site Secure?

website security

Photo by Ilya Pavlov on Unsplash

Why is it Important to Secure my Website?

Businesses operating online today face many challenges, the biggest being protecting themselves from cyber attacks. These attacks come in many forms:

  • Distributed Denial of Service (DDoS) attacks that can overload your website and force it to shut down. Your site will not be able to conduct any business while it is offline.
  • Phishing attacks being sent to your customers. These scam people into giving up their personal information.
  • Malware infections and ransomware attacks which hold your computers hostage.
  • Data breaches where the personal details of your customers are compromised.

The fallout from a cyber attack can be incredibly costly for your business. Your business even risks incurring legal action if it is found that you did not take the correct preventative measures.

Cyber attacks not only damage your finances but also to your reputation. People will be reluctant to engage with your business because they will not feel their information is safe with you.

Certain web browsers, including Google Chrome, indicate to their users when a website is unsecured by displaying a “not secured” message in the URL bar. This will ward off potential customers from using your website. Securing your website however will give you the green padlock or even the name of your business in the URL bar and assure your customers about your commitment to keeping their data safe.

Google have also confirmed that secured websites are given priority in their search engine rankings. So proper security does not just protect you and your customers, it can also boost your business’s presence.

The best course of action is to prevent cyber attacks by properly securing your website.

How do I Secure my Website?

SSL Certificates

The first way to secure your website is to make the switch over to HTTPS.

HTTPS encrypts information being sent between a website and the user, ensuring that hackers cannot read the information.

To switch to HTTPS your website needs an SSL certificate. SSL certificates come in different types depending on the scope of your website and level of trust needed.

  • Domain Validation - These can be issued in minutes and offer the encryption needed to protect user information.
  • Organisation Validation - These put your business information in the details of your certificate which ensures users about the legitimacy of your website. Obtaining this certificate requires your business to undergo a vetting process to verify your identity.
  • Extended Validation - Puts your business’s name in green text in the URL bar. These certificates also require you to complete a vetting process.
  • Wildcard Certificates - These can used to secure an unlimited number of sub-domains in one certificate.
  • Multi Domain - These can secure up to 100 domains in one certificate.

Upon installing your certificate the green padlock will appear in the URL bar and the HTTP will change to HTTPS. This indicates to your customers that your website is secure.

You can check out our range of SSL certificates to find what kind you need to satisfy your business needs.

Keep Software Updated

Keeping your software consistently updated is vital because it can prevent hackers from taking advantage of vulnerabilities. CMS developers such as WordPress and Joomla are constantly working on their platforms and regularly put out updates. Any anti-virus or anti-malware software you are using should be regularly updated as well to keep up with new viruses coming out.

You should also keep track of any plugins that your website uses for updates. If you find a plugin has had no updates in a long time you should consider finding an alternative that is still being supported.

Create Backups

Creating backups of your website and databases can provide protection from some of the worst case scenarios. For example, if you become victim of a ransomware attack, rather than giving into the hacker’s demands, you can reformat your computers and restore your data using a backup. As a result your system will be cleaned with minimal loss of time and data.

Ideally you should create multiple backups and store them separately from the rest of your system so that issues affecting your system will not invalidate your backups. Using different formats, such a cloud backup alongside storing a backup to an external hard drive, can ensure you will also have a copy of your files ready.

Web Application Firewall

A Web Application Firewall can be used to protect your website from malware attacks in real time. They work by monitoring packets of information as they travel to and from your website. It can then filter or block those packets if it detects any suspicious traffic.

Web Application Firewalls can protect your website from DDoS attacks, as well as SQL injections and cross-site scripting.

Penetration Testing

Rigorous testing can help find the vulnerabilities in your website that hackers might exploit. You will receive expert advice on where you website is weak and what changes should be made to protect it.

Penetration tests combine a range of manual and automated inspections of your IT systems, scanning the entire breadth of your infrastructure.

Strong Passwords

Using strong passwords can prevent hackers from getting into the backend of your website. Passwords should be multiple words or phrases long and contain a mix of lower and uppercase letters along with numbers. You should avoid using the same password for multiple accounts. Any default passwords you are given should also be changed as soon as possible.

A password manager, such as 1Password, can be useful in both creating strong passwords and keeping them securely stored. This helps you get around the issue of having to remember too many passwords.

Servertastic Limited is registered in England and Wales.
Registered Company Number: 04982077
VAT Number: GB125485804

Hosted by LayerShift

Mastercard Maestro Visa American Express
Diners Club JCB Discover Paypal
Sectigo Trust Seal
Reviews
Cyber Essentials