The Connection, Inc Blog

The Connection, Inc has been serving the New Jersey area since 1992, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

Tip of the Week: How to Foil A Phishing Attack By ID’ing a Bad URL

Tip of the Week: How to Foil A Phishing Attack By ID’ing a Bad URL

Phishing attacks have been around for decades, first being recorded in 1995 where scammers would pose as AOL employees and request a user’s billing information through instant messages. Nowadays, email phishing attempts have tricked users into handing over personal information of all kinds. There are many methods of identifying a phishing attempt, but today we’ll focus on one.

0 Comments
Continue reading

SMiShing: A New Mobile Computing Scam

SMiShing: A New Mobile Computing Scam

Chances are, you’ve heard of phishing before--emails that promise some benefit or prize if you only click on the included link, that actually only results in trouble for you and your data. Unfortunately, as technology has embraced mobility, so have phishing attempts. This is why you must also be aware of SMiShing scams.

0 Comments
Continue reading

Learn to Use Email Safely

Learn to Use Email Safely

Email is a core component to many businesses. With 124.5 billion business emails being sent and received each day, that doesn’t seem to be in danger of ending. Are the emails that are coming and going from your business secure? That may be another story, altogether. In order to keep your email security at a premium, we have outlined the following tips:


Using Filters
Filters make a lot of things easier to manage and easier to interact with, but since your employees have to stay on top of their company email, having some pretty easy-to-use solutions is important. Spam-blocking can go a long way toward reducing the amount of unimportant emails each employee sees, and a dedicated antivirus software can keep malware and other nefarious entities off of your network.

Be Smarter with Your Email
No spam filter or antivirus will do it all. In order to achieve the best results with securing your email, users have to be well-versed in the best practices of email management. The most important qualification any person can make when trying to secure their personal email from hackers is to ensure that they have the knowledge of what a phishing email might look like; and to make sure that the business’ network security is up to snuff.

Here are few tips to keep your email secure.

  • Know what a legitimate email looks like. For every email sent from a vendor or partner, there are two sent that are there to trick end-users.
  • If you aren’t going to take the time to encrypt your email, don’t put any potentially sensitive information within the email. This goes for heath, financial, or personal information.
  • The less people who have your email address, the more secure your email is going to be. Teach your employees to not give out their email addresses if they can help it.
  • The email solution needs to be secured behind solid passwords, and/or biometrics. Two-factor authentication can also be a good solution to secure an email against intrusion.

End Your Session
There are circumstances that people can’t control, so if you absolutely have to use a publicly-accessible device to access your email, you have to make certain that you log out of the email client and device you access your email on. After you log out, you’ll want to clear the cache. Many browsers and operating systems today want to save your password for user convenience. Better to use a password manager than allow the most public points of your workstation to save your credentials.

The Connection, Inc can help you set up an email security policy that will work to ensure that your employees are trained, and you have the solutions you need to keep any sensitive emails away from prying eyes. Call us today at (732) 291-5938 to learn more.

0 Comments
Continue reading

Fishing for Answers to Keep Phishing Attacks from Sinking Your Business

Fishing for Answers to Keep Phishing Attacks from Sinking Your Business

Phishing attacks have been in the social consciousness now for a while, and for good reason: it is the predominant way that hackers gain access to secured networks and data. Unfortunately, awareness to an issue doesn’t always result in positive outcomes. In this case, hackers get more aggressive, and by blanketing everyone under a seemingly limitless phishing net, 57 billion phishing emails go out every year. If a fraction of those emails accomplish their intended goal, the hackers on the other end of them really make out.

0 Comments
Continue reading

With Phishing Attacks Beating 2FA, You Need to Be Able to Spot Them

With Phishing Attacks Beating 2FA, You Need to Be Able to Spot Them

Unfortunately, one of the most effective defenses against phishing attacks has suddenly become a lot less dependable. This means that you and your users must be ready to catch these attempts instead. Here, we’ll review a few new attacks that can be included in a phishing attempt, and how you and your users can better identify them for yourselves.


How Has Two-Factor Authentication (2FA) Been Defeated?

There are a few different methods that have been leveraged to bypass the security benefits that 2FA is supposed to provide.

On a very basic level, some phishing attacks have been successful in convincing the user to hand over their credentials and the 2FA code that is generated when a login attempt is made. According to Amnesty International, one group of hackers has been sending out phishing emails that link the recipient to a convincing, yet fake, page to reset their Google password. In some cases, fake emails like this can look very convincing, which makes this scheme that much more effective.

As Amnesty International investigated these attacks, they discovered that the attacks were also leveraging automation to automatically launch Chrome and submit whatever the user entered on their end. This means that the 30-second time limit on 2FA credentials was of no concern.

In November 2018, an application on a third-party app store disguised as an Android battery utility tool was discovered to actually be a means of stealing funds from a user’s PayPal account. To do so, this application would alter the device’s Accessibility settings to enable the accessibility overlay feature. Once this was in place, the user’s clicks could be mimicked, allowing an attacker to send funds to their own PayPal account.

Another means of attack was actually shared publicly by Piotr Duszyński, a Polish security researcher. His method, named Modlishka, creates a reverse proxy that intercepts and records credentials as the user attempts to input them into the impersonated website. Modlishka then sends the credentials to the real website, concealing its theft of the user’s credentials. Worse, if the person leveraging Modlishka is present, they can steal 2FA credentials and quickly leverage them for themselves.

How to Protect Yourself Against 2FA Phishing

First and foremost, while it isn’t an impenetrable method, you don’t want to pass up on 2FA completely, although some methods of 2FA are becoming much more preferable than others. At the moment, the safest form of 2FA is to utilize hardware tokens with U2F protocol.

Even more importantly, you need your entire team to be able to identify the signs of a phishing attempt. While attacks like these can make it more challenging, a little bit of diligence can assist greatly in preventing them.

When all is said and done, 2FA fishing is just like regular phishing… there’s just the extra step of replicating the need for a second authentication factor. Therefore, a few general best practices for avoiding any misleading and malicious website should do.

First of  all, you need to double-check and make sure you’re actually on the website you wanted to visit. For instance, if you’re trying to access your Google account, the login url won’t be www - logintogoogle - dot com. Website spoofing is a very real way that (as evidenced above) attackers will try to fool users into handing over credentials.

There are many other signs that a website, or an email, may be an attempt to phish you. Google has actually put together a very educational online activity on one of the many websites owned by Alphabet, Inc. Put your phishing identification skills to the test by visiting https://phishingquiz.withgoogle.com/, and encourage the rest of your staff to do the same!

For more best practices, security alerts, and tips, make sure you subscribe to our blog, and if you have any other questions, feel free to reach out to our team by calling (732) 291-5938.

0 Comments
Continue reading

Should You Be Holding Your Staff Accountable for Failed Phishing Tests?

Should You Be Holding Your Staff Accountable for Failed Phishing Tests?

It can be a real head-scratcher when one of your otherwise well-performing employees routinely falls for the simulated phishing attacks that you roll out as a part of your cybersecurity awareness strategy. For all intents and purposes, the person is a great employee, but when it comes to acting with caution, they fail. If you’ve made a point to prioritize your staff’s working knowledge of phishing attacks, do you replace this employee? We’ll take a look at it today.

0 Comments
Continue reading

For Cybersecurity Awareness Month, Keep Looming Threats in Mind

For Cybersecurity Awareness Month, Keep Looming Threats in Mind

Any business in operation today needs to keep modern realities concerning cybersecurity at top-of-mind if they are going to successfully maintain the business going forward. One major issue to be cognizant of is the increasing prevalence of phishing attacks.


Did you know that, in 2018, phishing attacks had increased by 269 percent as compared to 2017? Furthermore, phishing was involved in 32 percent of all reported data breaches that year. Businesses located in the United States also seem to have the most to be worried about, as almost 86 percent of phishing attacks were leveraged against American targets.

It’s No Wonder that Phishing is Being Addressed During NCSAM

NCSAM, or National Cybersecurity Awareness Month, is meant to encourage awareness of cybersecurity practices and behaviors in an attempt to promote them. This year’s lessons cover many basic cybersecurity practices - including how to identify and avoid phishing attempts, reinforcing the 2019 theme of “Own IT. Secure IT. Protect IT.”

Of course, we can also help you out by giving you some actionable best practices now.

  • Be wary of unsolicited or unexpected messages - One of the biggest clues that something is a phishing message is that it will likely appear out of the blue. If you suddenly get an email “from Amazon” that says suspicious purchases have been made on your account and you need to re-verify your payment credentials, think about it for a second - have you received any other emails from Amazon in regard to these purchases, as in delivery schedules or order confirmations? The same concept applies to emails that come from any sender. Before you interact with one of these emails, try reaching out to the supposed sender through some other means to confirm.

  • Avoid unanticipated links or attachments - Cybercriminals have become irritatingly clever in how they deliver their attacks and malware - not only delivering a convincing argument via phishing, but hiding executable malware inside documents that activate when the attachments are opened or delivered via a bad URL. Unless you were anticipating a link or attachment in an email, you should always be hesitant to click on them - at least until you’ve confirmed their legitimacy through another form of communication.

  • Check the details - Make sure that the email is actually coming from where it should. Cybercriminals will sometimes create fraudulent emails that, at a quick glance, look similar enough to the real McCoy that a user may not spot the difference. Is the address from “contact@gmail-dot-com,” or from “contact@grnail-dot-com”? Look at the second option closely. G-R-N-A-I-L probably isn’t the mail service your contact uses, suggesting that this email is fake.

While this month may be dedicated to improved cybersecurity awareness, it isn’t as though you don’t have to consider it for the rest of the year. The Connection, Inc is here to assist you in keeping your business and its data secure. Give us a call at (732) 291-5938 to learn more about the solutions we have to offer.

0 Comments
Continue reading

Don’t Be Snagged by This Google Calendar Phishing Scam

Don’t Be Snagged by This Google Calendar Phishing Scam

Gmail and the applications associated with it seem to have some level of inherent trust among users. We just don’t anticipate threats to come in via something from Google. However, it does happen, as a recent spat of phishing has shown using Gmail and Google Calendar. What’s worse, this particular scam has been around for some time.

0 Comments
Continue reading

Tip of the Week: Warning Signs of a Phishing Attack

Tip of the Week: Warning Signs of a Phishing Attack

The modern cyberattack is more of a slight of hand than it is a direct attack. With encryption protecting a lot of business data, hackers need to find ways to circumvent that technology. They often do this though phishing. This week, we will take a look at some of the warning signs of phishing to help give you a little better awareness. 

0 Comments
Continue reading

Social Engineering and Your Business

Social Engineering and Your Business

As prevalent as cybersecurity threats unfortunately are today, many users tend to overlook major threats that they just aren’t focused on nearly as much: social engineering attacks. Social engineering attacks are just another means for a cybercriminal to reach their desired ends, and therefore needed to be protected against.

0 Comments
Continue reading

How to Properly Train Your Staff to Avoid Phishing Attacks

How to Properly Train Your Staff to Avoid Phishing Attacks

In the late 1970s and early 1980s, Bell telephone companies were making a mint off of offering the ability to call your friends and family that lived outside your predefined region, charging up to $2 per minute (during peak hours) for long distance calls. The problem for many people was that these regions kept shrinking. Some people decided to combat this costly system by reverse engineering the system of tones used to route long-distance calls, thus routing their own calls without the massive per-minute charges demanded by long-distance providers. These people were called Phreakers, and they were, in effect, the first hackers.

0 Comments
Continue reading

Protect Your Business From Phishing Attacks

Protect Your Business From Phishing Attacks

Spam is a major hindrance when running a business that relies on email, but it’s easy to protect your employee’s time from the average spam messages with the right technological support. Unfortunately, hackers have adapted to this change and made it more difficult to identify scam emails. More specifically, they have turned to customizing their spam messages to hit specific individuals within organizations.

0 Comments
Continue reading

Scammers Use Whaling Attack Emails to Pose as Upper Management

Scammers Use Whaling Attack Emails to Pose as Upper Management

The average business owner may already be aware of what are called phishing attacks - scams that attempt to deceive and trick users into handing over sensitive credentials. However, not all phishing attacks are of the same severity, and some are only interested in hauling in the big catch. These types of attacks are called “whaling,” and are often executed in the business environment under the guise of executive authority.

0 Comments
Continue reading

Tip of the Week: 5 Clues that an Email is Really a Phishing Scam

b2ap3_thumbnail_do_not_go_phishing_400.jpg
One of the most masterful arts of deception that hackers use is the phishing attack, which attempts steal sensitive credentials from unwary victims. The anonymity afforded to criminals on the Internet is what makes this possible. Using phishing attacks, hackers attempt to steal credentials or personal records by forging their identities. What’s the best way to protect your business from these attacks?

0 Comments
Continue reading

Don’t Be Duped By a Phishing Attack: 4 Signs to Look Out For

b2ap3_thumbnail_online_phishing_400.jpg
Your business is literally assaulted by thousands of threats a day, and they could ruin your organization's goals in an instant if not for your defenses. With such powerful security measures at your disposal, we don’t blame you for lowering your defenses; however, it should be mentioned that your network security doesn’t protect you from all manners of threats. Attacks like phishing scams have a tendency to bypass your security measures, which makes them dangerous.

0 Comments
Continue reading

Some Hackers Are Out to Give IT Departments a Bad Reputation

b2ap3_thumbnail_email_phishing_attacks_400.jpg
We all know that hacking is one of the biggest risks we must deal with in today’s technology-based society. Most hackers out there try to take advantage of the latest vulnerabilities in software, but there are some that use a more sophisticated method. These hackers try take advantage of the weaknesses found in the human psyche, rather than the technological flaws that consistently get patched.

0 Comments
Continue reading

Blog Archive

2025
June
July
August
September
October
November
December

Mobile? Grab this Article

QR Code

Free Consultation

team work

Interested in seeing what we can do for your business? Contact us to see how we can help you!

Sign Up Today!

News & Updates

The Connection, Inc. Celebrates 32 Years as a Trusted Technology Provider!   Since our founding in 1992, technology and the way we operate and do business has changed a lot. Companies that have adapted and aligned themselves with ...

Contact us

Learn more about what The Connection, Inc can do for your business.

The Connection, Inc
51 Village CT
Hazlet, New Jersey 07730