Archive for Information Security

Fake Invoice Scams are on the Rise

Businesses around the world are being struck with a cyber-attack that sends victims a fake invoice that looks real enough to fool to most employees. It’s an old scam that used to see bills faxed or mailed in, but it’s made its way into the digital world and instances are on the rise.

Chances are you’ve already seen some of the less effective attempts, like an email advising your domain is expiring, except it’s not from your host and your domain is nowhere near expiration. These new attacks are more advanced, in that they look completely legitimate and are often from contractors or suppliers that you actually use.

Logos are correct, spelling and grammar are spot on, and they might even refer to actual work or invoice numbers. The sender name may also be the normal contact you’d associate with that business, or even a co-worker, as cybercriminals are able to effectively ‘spoof’ real accounts and real people. While it’s worrying that they know enough about your business to wear that disguise so well, a successful attack relies on you not knowing what to look for, or even that fakes are a possibility. With that in mind, here are two types of invoice attacks you might receive:-

The Payment Redirect

This style of fake invoice either explicitly states payment should be made to a certain account, perhaps with a friendly note about the new details, or includes a payment link direct to the new account. Your accounts payable person believes they’re doing the right thing by resolving the invoice and unwittingly sends company money offshore.

The problem usually isn’t discovered until the real invoice from the real supplier comes in or the transaction is flagged in an audit. Due to the nature of international cybercrime, it’s unlikely you’ll be able to recover the funds even if you catch it quickly.

We have come across two small business customers recently which have been affected by this scam, locally in Lutterworth and Burbage, so it does happen to businesses of all sizes.

You may well be thinking that you would not be caught out by this – but can you say that about all your employees?

The Malware Click

Rather than go for the immediate cash grab, this style of attack asks your employee to click a link to download the invoice. The email may even look like the ones normally generated by popular accounting tools like Quickbooks (or some other well known accounting package), making the click seem safe. Once your employee has clicked the link, malware is downloaded that can trigger ransomware or data breaches.

While an up-to-date anti-virus should block the attack at that stage, it’s not always guaranteed, especially with new and undiscovered malware. If it does get through, the malware quickly embeds itself deep into your systems, often silently lurking until detected or activated.

How to Stay Safe

Awareness is key to ensuring these types of attacks have no impact on your business. As always, keep your anti-virus and spam filters up to date to minimize the risk of the emails getting through in the first place. Third party spam filters on top of your security software may also help.

Then, consider implementing a simple set of procedures regarding payments.

These could include verifying account changes with a phone call (to the number you have on record, not the one in the email), double checking invoices against work orders, appointing a single administrator to restrict access to accounts, or even two-factor authorisation for payments.

Simple pre-emptive checks like hovering the mouse over any links before clicking and quickly making sure it looks right can also help. Like your own business, your contractors and suppliers are extra careful with their invoicing, so if anything looks off – even in the slightest – hold back on payment/clicking until it’s been reviewed.

Also consider placing a message on your email signature which includes the warning that you would never advise of a change your bank details by email – only by phone or personally – to help prevent other people from falling for it.

Fake invoices attacks may be increasing, but that doesn’t mean your business will become a statistic, especially now that you know what’s going on and how you can stop them.

If you need help to increase your security, talk to us today. Call us on 01455 209505.

Phishing – What Is It and How to Avoid It

Phishing – What Is It and How to Avoid It

There’s always some IT jargon to contend with and here is another one – ‘Phishing’ – but you do need to look out for it. ‘Phishing’ is the attempt to obtain your personal information (login details, credit cards etc.) by someone pretending to be someone trustworthy in an email or other electronic communication.

Typically, they may try to get you to a website which may look completely legitimate and identical to the genuine website, such as a bank, and there they get you to disclose information that they want for their own purposes. On the face of it you may read this and think “They wouldn’t catch me out”, but they are very good at what they do and can be very persuasive.

A single click can be the difference between maintaining data security and suffering financial losses and not just personal bank accounts – businesses are especially vulnerable. From the moment just one employee takes the bait in a phishing email, your business is vulnerable to data breaches and extensive downtime.

As well as being vigilant, here are a few tips for things to look for :-

1. Poor spelling and grammar

While occasional typing errors happen to even the best of us, an email filled with errors is a clear warning sign. Most companies push their campaigns through reviews where errors are caught and corrected. Unlikely errors throughout the entire message indicate that the same level of care was not taken, and therefore the message is possibly fraudulent.

2. An offer too good to be true?

Free items or a lottery win sound great, but when the offer comes out of nowhere and with no catch? Take care not to get carried away and do not click without investigating deeper. Remember, this can look as though this is coming from anyone that you may actually happen to deal with – your broadband provider, bank or any other source – and the criminals have just struck lucky in your case that you are an actual customer.

3. Random sender who knows too much

Phishing has advanced in recent years to include ‘spear phishing’ (more jargon!), which is an email or offer designed especially for you or your business. Culprits take details from your public channels, such as a recent function or award, social media, etc. and then use it against you.

The only clue can be that the sender is unknown – they weren’t at the event or involved with you in any way. Take a moment to see if their story checks out.

4. The Website address or email address is not quite right

One of the most effective techniques used in phishing emails is to use domains which sound almost right. For example, [microsoft.info.com] or [pay-pal.com]. This technique is also used in search engine listings where someone pretends to be a company.

Hover over the link with your mouse and review where it will take you. If it doesn’t look right, or is completely different from the link text, send that email to the bin.

5. It asks for personal, financial or business details

Alarm bells should ring when any message contains a request for personal, business or financial information. If you believe there may be a genuine issue, you can check using established, trusted channels such as calling the company using a telephone number that you know is genuine.

Take care if using a search engine to get the number – ensure that the information comes from the genuine website (see tip No.4 above).

While education is the best way to ensure phishing emails are unsuccessful, a robust spam filter and solid anti-virus system provide peace of mind – especially if you are running a business.

Give us a call on 01455 209505 to discuss how we can help secure your system against costly phishing attacks.

Business Security When an Employee Leaves

Security after an employee leaves

We have seen businesses which have experienced issues after an employee has left their job – either when leaving voluntarily or otherwise – and any in many cases it is because no-one has considered the potential for disruption caused by I.T. when staff are leaving.

Your employees need access to your various business accounts so they can do their job, but what happens to those passwords when they leave? What effect can their leaving have on the security of the business? Nobody likes to think of this but nonetheless, it’s a responsibility every business owner and manager must face at some point.

Most of the time, the former employee leaves under good terms and you’ll wish them well. If you’re lucky, they’ll even manage the hand-over to their replacement so that your productivity losses are minimal. Other employees may leave your business reluctantly or in a storm of anger and suspicion.

Either way the risk to your business remains high until action is taken.

Here are 3 steps you can take to protect your business from retaliation and other password-related disasters.

Limit access to a need-to-know basis

You might be surprised how often a new employee is presented a huge amount of  business information on a platter when their actual job requires little more than a computer login. Accounts, strategy, customer details, industry secrets…all those sensitive aspects of your business that have made it a success – exposed.

A better policy is to limit access to only what the employee needs to do their job. Rather than view it as a lack of trust, your employees should appreciate the care you’ve taken to protect your business (and their job). It also helps keeps them from being overwhelmed, confused or tempted if the situation ever turns sour.

Likewise, take a few moments to delete old or temporary accounts that are no longer required, as you never know when a hacker or disgruntled employee will squeeze through the gaps, for example as we found a local business in Lutterworth had an ex-employee still accessing their work email address!

Change passwords fast

On average, it takes at least a week before passwords are changed after an employee has left, if at all. Unfortunately, this is the one type of delay your business can’t afford.

In 2017, an ex-employee from the American College of Education held their entire email system to ransom for $200,000 after an unhappy exit. Stories of others stealing client databases are also common, especially if they leave to start their own business or work for a competitor. Having a contract preventing an employee from setting up in competition with you does not prevent someone getting a copy of the customer database.

It’s not just full-time employees either, contract and part-time employees such as social media managers and customer support staff often have access to more of your business than you might imagine. Recent rulings make it easier for business owners to prosecute former employees who access their systems, however as we know, it only takes seconds to login and wreak absolute havoc.

Knowing you can force those bad eggs into a lengthy court case is poor comfort considering the extent of damage and hassle you’ll experience. The best option is to change passwords fast as this lessens the chance of revenge attacks and opportunistic access.

Use a password manager

If you have good password manager like LastPass, reducing your password risk becomes mostly automated. You’ll be able to keep your logins in a central vault that only you can see, and share based on business roles/need. There’s even an option to share passwords without letting employees see them in plain-text.

Instead of writing passwords down somewhere and manually entering them each time, they’ll be able to connect securely with a click. Plus, you can revoke the share at any time. If their role changes or they leave, you can use the dashboard to see who is having access to what and add/revoke permission at will. If you’re not sure what that employee has been up to, you can also generate reports of their history.

Having a procedure in place when an employee leaves, as well as a review of your employees access levels can prevent a lot of disruption in the future and is a worthwhile investment in your time.

We can help you set up password management and lock down your network. Call us on 01455 209505.

 

Spectre and Meltdown – What They Mean for You

Modern computers contain processors (CPUs) which do the heavy calculations that make your device work – the better the CPU, the faster your device. These computer chips are used in devices made by computer manufacturers all over the world, as well as Microsoft, Apple, Google and are in servers everywhere.

‘Spectre’ and ‘Meltdown’

Severe design flaws were recently discovered in CPUs, and these vulnerabilities were called ‘Spectre’ and ‘Meltdown’. Essentially these vulnerabilities can allow hackers to take advantage of the fact that whilst it is not being fully used, modern CPUs can do something called ‘speculative execution’. This is a techy way of saying that they take notice of what tasks you do often, and try to do those tasks for you in the background and store the data for you, so that it is quicker for you then next time you choose to do that task.

It’s a bit like going to the same coffee shop every day and one day you find that they have your cup ready for you. Except in this case instead of coffee its data – at times very important data – and that’s the problem. This data is held in something called a ‘cache’ and just sits there until it is told to clear itself.

The ‘Spectre’ vulnerability allows attackers to trick the processor into performing these speculative operations and ‘Meltdown’ can collect the data that is created. To date there have been no reports of attacks but as this has been known in the IT community for a while it is only a matter of time, especially given the fact that these vulnerabilities exist in CPUs made over very many years – so there are plenty of them to attack.

It is serious enough that CPU makers and makers of Operating Systems are rushing to get security fixes out to users. Intel are issuing updates for their processors to fix the vulnerability and AMD are working on a patch. Microsoft have issued updates for Windows 7, 8.1 and 10, with Apple have released updates for iOS11.2, MacOS 10.13.2 and tvOS 11.2. Google, Amazon etc. are also looking at the issue.

What does it actually mean for you?

The fixes that are being issued make changes to the way CPUs speed up your work – in effect the fixes are putting the brakes on the CPU to an extent and potentially reducing its performance. Some people may see a minimal impact but some may see a significant slowdown in the performance of their device after the fixes have been applied.

At the present time, it is believed that Windows 10 with newer CPUs will see a negligible impact but with older CPUs there may be a noticeable decrease in performance. Most noticeable decrease in performance are Windows 7 and 8 machines with older CPUs and according to Microsoft, fixes for Windows Servers will have a “significant impact” on performance after the updates.

It may be that over time, these updates may be refined and the impact may be reduced, but for the time being if you see a marked decrease in the performance of your device, it may well be that fixes for CPU flaws are causing it or contributing to it.

Whilst it may be unwelcome news, it is vital that you do keep all your updates current, no matter what device you are using.

If you would like help please call us on 01455 209505.

Backup up the Right Way for Businesses

The 31st of March is World Backup day and it’s a great time to put a backup in place. Businesses are losing large amounts of data every day, purely because ‘backing up’ is stuck at the bottom of their to-do list.

But how? What’s the easiest, most effective way for your business to backup?

You’ve probably heard of file backup by a number of names: Cloud Sync, Cloud Backup or Cloud Storage. They’re all similar enough to be confusing and meaningless enough to be anything, so here’s what they mean and which one you need today.

Cloud Sync

Google Drive, Dropbox, iCloud, etc. are services that sync up with a single folder on your computer. They mirror it. When a file changes in one, the sync service rushes to change it on your computer too, so they are always the same. Cloud Sync services are hugely flexible for remote employees, or even those squeezing in a few quick tasks while riding the train to work.

They’re easy to use, require no training, and the free tiers are enough for most individuals. Accidentally deleting a file means it disappears from the Cloud Sync drive – almost immediately – and overwriting a file does the same thing, so if an employee makes edits to the wrong file, then those edits take place. Having said that, if disaster strikes and the wrong file is overwritten or deleted, or your local copy becomes corrupted (or ransomed), even though the corruption is uploaded too, the good news is that some Cloud Sync services offer a 30 day backup option that can be used to replace deleted or ransomed files.

So when choosing which Cloud Sync to use, make sure that this is offered.

Cloud Storage

Amazon S3, Microsoft Azure, etc. are massive data centres full of storage drives that work just like your local hard drive, except that you access them securely via the internet. In fact, when you use a cloud sync app like Dropbox, they’re actually sending your data to one of these locations, but with a difference.

While the Sync services have a constant back and forth connection between the storage centre and your folder, Storage services do not – you store a backup that you instigate.

You can access cloud storage on a per/GB basis yourself and upload your entire backup as desired and even though it won’t update with changes on your local network, it will be safe from disaster. When you need to retrieve a file, you simply login and download it.

Your backed up data is secure, protected against disaster, and always available to you. However, because it relies on you/your employee to handle the backup plan and manually take care of the uploads, this is a higher-risk solution. Unless your employee is scouring your network each day/week/month for changes to files and uploading them with fervent dedication, chances are this plan won’t work.

Cloud Backup

Carbonite, Backblaze backup, Crashplan, etc. might not be names you’ve heard before, but they work in the background to monitor changes to files on your computer or network and make sure you’re backed up. You can roll back individual files or whole drives, and even select from earlier backups, not just one. Like sync services, they use cloud storage centres with extra-high security and redundancy so that your data is always there when you need it. Even better, neither you nor your employees need to worry about when it was last done.

The One You Need

Let’s talk planning. We recommend starting with the 3-2-1 strategy. This means having 3 copies in total, 2 of them locally such as on your computer and an external drive, and another offsite in the cloud. Using this strategy keeps your business operating when data disasters occur and is an investment in your uptime.

We can help get you set up with the 3-2-1 method, including selecting the best cloud service for your needs.

Need help with your backup? 3-2-1… Call us on 01455 209505.

Top 5 Cloud Advantages for Small Businesses

Business cloud backup

Cloud technology has created a revolution for small business, changing the way you store, share and backup files. While ‘the cloud’ is often hard to understand because it’s neither in the sky or in a single location, there’s no arguing that it’s improving business storage across the board.

Storage concerns can be a thing of the past as small businesses can benefit from the flexibility, cost savings and protections of cloud solutions. We’ve done the research for you and identified 5 ways small business in particular benefits from making the move.

It’s Cheaper

Budget is always a limiting factor for businesses, many of which are further constrained by pressure from higher up. Some regard investing in cloud solutions as a large expense that can be put off indefinitely. In most cases though, making the switch to cloud storage costs a fraction of the price.

Compared to maintaining and powering servers, scaling to keep up, and repairing in emergencies, cloud storage offers extraordinary savings. With one decision, you get access to high-end infrastructure and dedicated support, plus a healthier bottom line. Cloud solutions were specifically created to meet your needs, which means you only pay for what you use.

Costs remain capped while the benefits continue to rise, a clear advantage for the budget-conscious business.

It’s Secure

A lot of people like having their data where they can see it. But that’s not always the safest option. Natural disasters can happen, break-ins are a worry, and employees are always losing laptops and phones, or have them stolen.

More often though, someone simply makes a mistake and deletes important files, or accidentally infects the system with malware. Cloud storage mitigates every single one of these risks, with storage in ultra-secure locations, protected against disasters, and committed to robust backup systems.

In recent times particularly, we’ve seen many small businesses survive ransomware attacks purely because their critical data was secure in the cloud with clean backups available.

It’s Compliant

We know medical businesses and services need to follow certain regulations when it comes to patient data. This includes security as well as data integrity, plus backups and auditing. Many cloud providers acknowledged this need early on and made sure to offer compliance guarantees. They therefore keep abreast of changing regulations, often implementing new requirements before you’ve even heard about them. With cloud storage systems, you essentially slash your compliance workload and let your provider do the worrying.

It’s Portable

One of the key benefits of cloud storage is your ability to collaborate remotely. In the past, this would have involved multiple file copies that need to be merged back together, often confusing employees as to which is the ‘right’ file. With cloud storage, your staff can work on the same file, using the same interface and real-time updates.

Even having different versions of software is no longer an issue. Employees can work on a file in the office and then securely access the same file from their smartphone, laptop or other location, without needing to buy additional software or worry about version corruption. Sharing and collaborating becomes easier, more desirable and more secure.

It’s Easy to Migrate

One of the biggest concerns we hear is that it will be too disruptive to migrate to cloud solutions all at once. That’s okay. You don’t have to do it all in one day, it can be migrated in stages.

Talk to us about your cloud options by calling us on 01455 209505.

How to Stay Safe from Scams or Malware on Facebook

Facebook scams

At last count, Facebook has clocked up over 2.7 billion users, which makes the platform more attractive than ever for scammers and hackers. While you may be logging in to share your latest family photos or catch up with friends, the chances of accidentally triggering a scam or malware are increasing.

Here’s how to stay safe on Facebook and stop the spread.

Look out for freebies and surveys

Everybody loves a freebie and for the most part the competition posts on Facebook are legitimate. Having said that, when you see a giveaway for vouchers for a mega-store, alarm bells should ring. ‘Do this quick survey and we’ll send you a £50 Amazon Voucher!’ – it’s too good to be true.

Even one click can take you on a journey through the underside of the web, picking up trackers and malware at every stop and at the end, you’re asked to share the post so your friends can get a voucher too…except nobody ever gets the reward.

Check your permissions with games and quizzes

Whenever you access a new game or quiz, you’ll need to give permissions for it to access your Facebook profile. Most people click the okay button without any thought, but if you review the permissions you’re giving, you’ll often find they’re asking for a massive amount of personal data; public profile, friend list, email address, birthday and newsfeed. Do they really need ALL this information?

Sometimes it is from necessity, but bear in mind that some apps can be preparing to launch attacks against you both on and off Facebook. For example, when you call your bank they ask certain security questions like your full name, birthday and maybe which school you went to. All that information is in your Facebook profile and is now shared with your permission.

Don’t friend people you don’t know

Having lots of friends is nice, but that friend could end up costing you. It might be someone pretending to know you, or a picture of a pretty girl to entice men (and vice versa). Once you friend them, they get access to everything your friends can see. In this case, it’s more than the risk of someone knowing your personal data, you’ve just given them intimate access to your life.

If it’s weird, forget it

It doesn’t happen very often, but hackers find ways to take advantage of flaws in Facebook. A common hack that keeps popping up in various forms is to embed malware in a link. The virus then infects your machine and contacts all your friends with an enticing message, like asking whether a picture is of them.

When they click to view the picture, the virus catches them and their friend list, and so on. Facebook is pretty good at staying on top of these flaws, but they need time to fix it. Just like if you got a weird email with an attachment from a friend, make sure that you use that same level of scrutiny in your Facebook and don’t open messages or links that seem out of place.

Need help securing your privacy? Call us on 01455 209505.

4 Reasons to use Anti Spam Filtering in your Business

Anti Spam for your emails

Remember when spam was obvious and it was easy to identify and ignore? Those were the days! The impact on your business would have been minimal, as spam was more an annoyance than anything else.

Spam has matured into an aggressive threat, marked by sophisticated attacks and rapidly evolving techniques. It’s not just random electronic junk mail anymore and it’s putting a costly strain on your business resources, as well as global resources as spam email accounted for a whopping 85% of all email in January 2018 (source: Cisco Talos).

Unfortunately built-in spam filtering from your server or security software may not be enough to fight the spam threat effectively.

How Spam Impacts Your Business

Spam now contains malware, with hackers sending cleverly disguised emails to your business. Once clicked by an employee, it infects your computer system (virus) or steals your private data (phishing) or even both. The malware can then spread across the entire computer network and beyond, including to your clients and vendors.

The very fact that your employees must pause and examine every single link and attachment adds hours of lost productivity and occasionally, spam is so convincing that only an expert would be able to visually identify it. Employees are also more likely to miss an important email, either not seeing it arrive at the same time as a spam attack or becoming overwhelmed with the sheer number of emails.

How Anti-Spam Filtering Can Save Your Business

1. Block threats:

The spam filter’s purpose is to block the spam from ever reaching your employees’ screens. The threat is automatically identified and either held securely or immediately deleted. This is the best way to avoid activating spam malware, as it’s so easy to click through links in an email that seems authentic and important. The effects of that one spam click may be instantaneous or may lie hidden for months. Removing the email before it becomes a risk is a much better option.

You should get a spam filtering solution that provides you with your own control panel, which allows you to identify any spam that gets through as well as being able to check for any false positives (although this should be minimal with a good filtering system).

2. Filter legitimate emails:

Real mail needs to be able to stand out and avoid the trash. Anti-spam filtering has sophisticated recognition abilities which block spam only and allow real mail to land safely in mailboxes.

3. Meet data regulations:

Many businesses are subject to strict privacy and data storage regulations, some more so than others. To continue operation, they have to meet conditions including always using spam filtering to reduce the risk of data breach.

4. Protect your business reputation:

You can see how uncomfortable CEOs are when they hold press conferences to admit a breach. They must acknowledge that they failed to protect client data, or that users may be infected with a virus. Not only do they then face financial loss, their business reputation takes a nosedive. Anti-spam filtering can help to prevent these types of scenarios from happening to you.

Filtering has come a long way in recent years, with complex algorithms identifying and catching spam before it becomes a risk to your business. Real emails can now pass safely through without the classic cry of ‘check the spam folder’, and businesses can work with greater productivity and safety than ever before.

You need email, but you definitely don’t need spam or the chaos it brings to your business.

We can block spam and keep your legitimate emails flowing. Call us on 01455 209505.

Stop your Business becoming a victim of Social Engineering

Social Engineering is a danger to your business

You can have top-notch security in place in your business, but there is still one danger – ‘social engineering’. Most people have never heard of it but perhaps the more familiar term is ‘con’: the art of manipulating people to take certain actions or divulge private information.

Social engineers are a special type of hacker who skip the hassle of writing code and go straight for the weakest link in your security defences – people. A phone call, a cheap disguise or casual email may be all it takes to gain access, despite having solid tech protections in place.

Here are just a few examples of how social engineers work:-

Email

Pretending to be a co-worker or customer who ‘just quickly’ needs a certain piece of information. It could be a shipping address, login, contact or personal detail that they pretend they already know, but simply don’t have in front of them. The email may even tell you where to get the data from.

The hacker may also create a sense of urgency or indicate fear that they’ll get in trouble without this information. Your employee is naturally inclined to help and quickly sends a reply.

Phone

Posing as IT support, a government Official or customer, the hacker plausibly and quickly manipulates someone into changing a password or giving out information. These attacks are harder to identify and the hacker can be very persuasive, even using background sound effects like a crying baby or call-centre noise to trigger empathy or trust.

In person

A delivery man in uniform gets past most people without question, as does a repairman. The social engineer can then quickly move into areas of your business that may have sensitive information. Once inside, they essentially become invisible, free to install network listening software or devices, read a note with a password on it, or tamper with your business in other ways.

For example, if your Wi-Fi code is visible (and we see this all the time on ‘post-it’ notes and written signs) then the hacker can get access to your network simply by sitting in a car outside your building and connecting to your network with that password.

Then, with the right knowledge and software, they can cause all sorts of issues.

It’s impossible to predict when and where (or how) a social engineer will strike. The above attacks aren’t particularly sophisticated, but they are extremely effective. Staff naturally try to be helpful, but this can also be a weakness.

Not just in Businesses either – remember that there are regular reports of people being conned by plausible sounding phone calls out of the blue, from people pretending to be from your broadband company or Microsoft – just wanting to get connected to your computer.

So what can you do to protect your Business? First, recognize that not all of your employees have the same level of interaction with people, the front desk clerk taking calls all day would be at higher risk than the factory worker, for example.

We recommend that there should be awareness of the possibility of a security breach – you don’t need formal cyber-security training for each member of staff but the level of risk needs to be identified, focusing on the types of scenarios staff might find themselves in.

Social engineering is too dangerous to take lightly, and unfortunately far too common.

Talk to us about your cyber security options today. Call us at 01455 209505.

Search Google More Safely

Search Google more safely

We all use Google, quickly finding everything we need on the Internet. It’s replaced dictionaries, encyclopedias, instruction manuals, newspapers and in many cases, even doctors (not such a good thing!).

However, sometimes your search results aren’t the real thing and can be downright malicious. For example, we regularly find that customers search for, say, a printer driver software update and they type in something like “XP442 printer driver” . A close look at some of the results shows things like ‘ epsondrivers.org ‘ or ‘ printerdriversforyou.com ‘ – not the manufacturers official website – so you may get a driver but you are very likely to get something unwanted too!

Here’s how to search more safely: –

Pay attention to the URL in Google

Below every result title there’s a URL (website address) in green. No matter what the title says, this URL is where your mouse click will take you. Unfortunately, cyber-criminals will often list their site with a familiar and trusted title but link you to their scam/malware pages.

Another example can be the title of your bank name (eg, Example Bank), which seems legitimate, but the URL could be www.baabpjhg.com which is obviously not your bank. Sometimes they’ll attempt to trick you by putting the real site into the link too, eg www.baabpjhg.com/examplebank.com which makes it even more likely to catch you out when skimming through results quickly. When you visit the page, it might look exactly like your bank’s site and ask for your login details, which are then harvested for attack.

Whilst jibberish in the link is pretty easy to spot, sometimes they’ll take advantage of a small typo that you can easily miss. For example, www.exampebank.com (missing the letter L).

Notice Google search results v paid adverts

Google does a pretty good job at making sure the most relevant and legitimate sites are at the top of the list, however paid adverts will usually appear above them. Much of the time, these paid ads are also legitimate (and you can quickly check the URL to verify), but occasionally cybercriminals are able to promote their malicious site to the top and catch thousands of victims before being removed.

Similarly, well known businesses can pay for adverts, even though much of their software is classed as ‘Potentially Unwanted Programs’ and technicians remove them from computers every day.

Believe Google’s malicious site alerts

Sometimes Google knows when something is wrong with a website. It could be a legitimate site that was recently hacked, a security setting that’s malfunctioned, or the site was reported to them as compromised.

When this happens, Google stops you clicking through with a message saying “this website may be harmful” or “this site may harm your computer”. Stop immediately, and trust that Google has detected something you don’t want in your house.

Turn on Safe Search

You can filter out explicit search results by turning on Google Safe Search. Whilst not strictly a cyber-security issue, it can still provide a safer Google experience. Safe Search is normally suggested as a way to protect browsing children, but it also helps adults who aren’t interested in having their search results cluttered with inappropriate links, many of which lead to high-risk sites.

Switch Safe Search on/off by clicking Settings > Search Settings > Safe Search.

These are just a few tips to make your searching safer, but the most important is you – never take your internet security for granted and always be cautious when using any search engine, as they can only display what they find out there on the internet – good and bad.

Need some help securing your system? Give us a call on 01455 209505.