Transcription

Speaker 1 (00:10):

Hello everybody. Good morning. Um, at least it is, uh, in my time zone, uh, welcome to the Wolf guard zone, where we help educate business owners on what to expect of their it, and that can be of their internal it or outsource it. But basically we just want to help and educate, uh, however we can, um, today our topic is going to be, uh, having to do with fishing and keeping you and your, your staff safe. Um, so we have, um, some good material to go over there and as well, we have Gary back, Gary, I'll let you introduce yourself again.

Speaker 2 (00:48):

Hey, everybody, Gary from ingredients, we are part of the Southeastern Wisconsin, uh, 20, um, just as a managed service provider. Yeah. Great.

Speaker 1 (00:59):

Um, yeah, uh, on our topic today, uh, we're gonna talk about eight warning signs, uh, that we can provide everyone on just how to identify phishing emails. Um, and, uh, you know, we just want, don't want you guys falling for this, uh, these tricks that these hackers have. Uh, some of them are pretty clever, so yeah, we'll go over some of this. Um, you have any additional or, uh, intro information, Gary, that you'd like to share. Anything, any stories or examples before we kind of get into the details here. I mean, throwing you under the, then give you a

Speaker 2 (01:36):

No, well, we'll hop into the specific aid, but I think the biggest thing is when you have the right service provider, you actually have a mechanism in which to submit questionable items for review. So you don't have to feel like you have to make a decision and whether it's right or wrong, you have resources that can actually validate that stuff. And we get our customers do that all the time. I least every other day, there's a request that comes in for, Hey, would you look at this email? I think it's legit, but I just want that second set of eyes on it. So your partners should be able to do that for you. Yeah,

Speaker 1 (02:11):

For sure. Um, and then which we've covered kind of on, on the other, uh, live stream videos, but, uh, anyone that you have should be giving you at least, uh, five layers of security, uh, you know, to help keep you covered because you know, nobody is perfect and stuff happens. Um, but, um, yeah, we're going to, uh, your, your staff, you know, I see the staff at a company being really the last line of defense, you know, if it makes it through all this, all these other security measures, then it comes down to that email arriving in that inbox for that staff person. And do they have the knowledge to, to, you know, do the right thing or not click, um, and keep your company safe?

Speaker 2 (02:56):

Yeah. And of course multi-factor authentication definitely one of the biggest preventions from this type of attack, if it does get compromised, at least they can't take it all the way to becoming shadow it in your cloud service. Yeah, for sure.

Speaker 1 (03:10):

Cool. Well, um, I got a, uh, I have a, uh, um, PDF here that I'll provide everyone an address so they can, can download it themselves at the end of this live stream. Um, but I'm going to share my screen here, uh, just to show this to you as we cover it. So this, uh, this is something to that, like I said, you can download, I'll give you the address at the end, uh, but you can post it up in your kitchen, pass it out to your staff. Um, but yeah, title, you know, don't get hooked by phishing a warning signs, um, to help, you know, you identify a phishing email. I'm just going to zoom in some here on these main points and Gary, you know, feel free to just jump in. Um, sure. Um, I'm going to kind of go over some of these and, you know, if you can bring up some examples too, that'd be, that'd be great. Um, but yeah, one of the warning signs is just an email addressed vaguely with, you know, uh, dear valued customer or salutations, you know, it's may not have your name. Um, maybe it's just do your sales, you know, um, or sir, or Madam.

Speaker 3 (04:25):

Yeah. A lot of them remember

Speaker 1 (04:28):

The, uh, uh, you know, the, uh, well, I'll call it the old style fishing, um, years and years, years, years ago that my parents actually received a physical letter in the mail, you know, from the Siberian prince and all that. And I can't remember what the salutations was there, but it just kinda made me recall that, uh, it was just very vague and not, you know, direct, um, like they don't actually know who you are. They're just, you know, trying to get your attention.

Speaker 2 (04:58):

Well, it's funny, this tactic has actually been around for a long time and the early two thousands, there was actually the Nigerian prince scam, right. Where they will send you an email asking for money. Those things haven't changed, just the mechanisms in which they can more quickly produce and scale those out have changed to make it more effective. But the concept of getting somebody to respond quickly because of social mechanisms is still the number one method they gain access to your data, your systems and that kind of stuff.

Speaker 1 (05:30):

Yeah. Yeah. And that kinda leads me into the second point here. Um, the subject of the email will be very urgent, uh, in your threatening languages, uh, language such as, you know, your credit card has been hacked, um, unauthorized login attempt, uh, you know, account suspended act now, or, you know, that kind of stuff,

Speaker 2 (05:51):

Or we've been, we took it, we took control of your webcam and we've been watching you for the last 30 days. We have a video on you. Yeah.

Speaker 1 (06:00):

I mean, any of that would, would grab anybody's attention.

Speaker 3 (06:04):

Yep. Yeah.

Speaker 1 (06:07):

Um, you know, back to the Siberian prince example, uh, you know, you could be offered a lot of money for kind of no particular reason, you know, just click here, click this link. Um, you know, just looking at the email itself shouldn't really trigger, um, anything, unless you're really behind on just general technology, but, uh, you know, they want you to either reply to that email or to click, you know, a, a link, right.

Speaker 2 (06:35):

I mean the old adage applies, right. If it sounds too good to be true, it's probably too good to be true. I mean, there's no such thing kind of as easy money when it comes to, uh, the internet, unless of course you're a YouTuber or something, right. Maybe then you can make money, but you're not going to make it by click of an email that's for sure.

Speaker 3 (06:55):

Yeah. Yeah.

Speaker 1 (06:57):

Um, there's, uh, you know, this one I've seen being a little bit harder, um, over the last couple of years, but, but just, you know, poorly written emails, I'm professional, maybe they use the wrong, uh, spell or a word wrong for that particular sentence. Um, um, or just not proper English. Um, I I've seen some phishing emails where they actually have done pretty well on using the current correct English, um, printed or not printed nation, but, uh, you know, spellings or just the right. Um,

Speaker 3 (07:36):

I dunno, you know what I'm trying to say.

Speaker 2 (07:39):

I mean, I think the poorly written emails, um, you know, what's funny, they were very, very prominent and probably the number one kind of visual inspection mechanism you could do to determine whether or not this was a phishing attack or legit. And even though people fell for it, a lot of people bid just because of the language, but, you know, products like Grammarly or everything else auto, uh, AI, right. Artificial intelligence have made those emails much better than it used to be from an English perspective and makes them more believable. Um, also as a frame specific's like trying to mock Microsoft office 365 or, you know, look like they're the IRS, they've gotten very good at trying to mimic some of the language in that. So the poorly stuff is there should be a sure indicator. If you see poor language, you can be 100% certain it's a phishing attack. Yeah.

Speaker 1 (08:34):

It's kind of one of the, the biggest, um, easiest to find, um, yep. Yeah. Signs. Um, my, um, one of my friends the other day was telling me about a email he received from, from Amazon and, you know, saying about, uh, unauthorized transactions on his credit card, uh, you know, click this link to, to, to view these, uh, you know, these transactions to verify them or not. And he was asking me, you know, I don't even know if this is legit. I said, well, what's the, uh, the, from email address. And so on our next point here, the cinder address might look strange or doesn't match. Uh, it did not say from amazon.com, it was just like garbled different words and characters. And I mean, it was just real obvious to tell it was a fake email, you know, but sometimes you're just looking at the name, you know, the display name of the email, and you got click, uh, you know, by the, from address to actually see the address itself. Yep.

Speaker 2 (09:44):

Yeah. I mean, the, the key is for sure, there's different mechanisms in email. You can't just look at the body, you have to look at the body, the subject line and what we call the email header, which actually tells you who the real from is, and then drill down because they can say that they're Bob Smith from Microsoft as a name, but then actually be four or 5, 3, 2, 8 GS seven y@gmail.com, which, you know, is not a Microsoft edge, but right,

Speaker 1 (10:12):

Right. Yeah. I've seen, uh, you know, Microsoft be in the name, but then at the end it's, you know, Gmail or something like that, and right.

Speaker 2 (10:20):

Okay. And from a tactical perspective, there are ways that they can use dynamically generated domains to quickly spin them up, use them for this type of tactic. And then they're discarded once, you know, the email campaign has gone out, so to speak in a fishing and it's gotten its payload. That domain is no longer necessary.

Speaker 1 (10:40):

Right? Yeah. And on some of the, the, um, the better designed, uh, phishing emails, you know, it might even actually say the, from address correctly. Um, you know, so don't use that alone by itself, but you can, you know, have your tech person check it out. And then, like you were saying on the email headers, we can actually look and see almost like the path of what that email had to go through, where it came from, and it might be claiming to be Microsoft, but we see, you know, went through these other different servers that are not part of that. So we can always kind of do a double check for you if you're not quite sure it's better to ask than to just click on the link or reply. Um, so another item is a request is completely unsolicited. Um, and you know, it's not something, um, that you're expecting, um, just kind of generic, I guess. Um, what do you,

Speaker 2 (11:43):

Right? I mean, you kind of have to frame that, right. Don't go hate and on the sales guy who is trying to get your business, right? Those are legit. What you're looking for is kind of the unsolicited offers that try to get you to do some call to action, where something that looks like it may be known. Like we saw a password reset, please click here to finish your password reset. Well, wait, I didn't ask for a password reset. Why is it asking me for, you know, your Amazon example? How many times have you kind of witnessed that, where you get this email saying, we noticed somebody tried to access your password. So it gives you the call to response. Cause you think that's what it is, but did you really change your password or didn't you, if you didn't? Well, maybe it is a legit issue you got to deal with, or maybe it's again, if it gives you the link that says, click here to change your password, you may not want to do it. You can always change your password, but go directly to the site. Don't follow any the links inside of an email.

Speaker 1 (12:43):

Yeah, that's a, that's a good point. Um, I've seen that for, uh, phishing emails that make it look like it's from your bank. Um, you know, and they want you to log in. So really, if you just want to be extra safe, you know, of course don't click the link in the email, just open up a new browser, just manually type in your banks, login, you know, webpage and go log in and check it. Um, but when you click on that link, you know, one of the things that they do is they can set up a fake bank login webpage. And so you click that link and it takes you to that fake login page that they created. And as you log in, so you put in your username and password and basically it's just sending them that login information. Yep.

Speaker 2 (13:26):

Yep. Give me that information and then just pass that right through. Yeah.

Speaker 1 (13:29):

Yeah. So by you just avoiding that link, open up a new browser, type it in manually, you're just bypassing that whole, that whole, uh, threat.

Speaker 3 (13:39):

Yep.

Speaker 1 (13:41):

Um, this one next one I think is pretty interesting. I've seen some, some, uh, new ways of, of hackers dealing with this. So where they'll ask you to provide your personal information, credit card credentials, um, I've seen, um, posts on Facebook, uh, where it's, it looks like a picture, you know, with words on it. And it'll say, um, um, I'm trying to think of a specific example, Gary, maybe you can, you can help me here, but one was, uh, like something like, you know, everyone loves dogs. What was your, your first pet's name? And everyone starts providing, oh, mine was this and mine was this. Oh, that's a great name. And I mean, you're giving up one of your possible security questions, um, that you're asked when you create accounts.

Speaker 2 (14:31):

Yep. No, for sure. They're asking for that. Um, anytime you get an email that requests personal information, password validation, right. Or they give you a prior password cause with the dark web, those old passwords are available. So one of the tactics they use to get you to make a decision quickly, right. That sense of urgency is, oh, we know your password here. It is, you know, click on this link to change it. And you're like, whoa, that's true. I used that password before and we all know there are so many websites and passwords out there we got to use today. It may not even be the site that that's the password is, but you immediately, you want to react and actually change the password and get it done. So you follow through and click again. Yeah. Don't follow links in emails when it comes to that type of confidential information, go directly to the site, open up a new browser, like Chris said, and then handle it from there. You can always change your password at any given time. Don't feel like you have to be compelled to click and do it through that email. Right.

Speaker 1 (15:34):

Right. Yeah. I've seen some too where, um, some website did get hacked and the hacker gained all the, you know, customer login passwords. It was posted out to the dark web and then people, um, you know, go through that and if they can find an associated email address, they'll send you an email, say, Hey, your password, you know, was hacked. This is your old password. Now click this link to log in and change it. And so they're just trying to do the same thing, but it's, you know, you seeing your old password there, so you're, you know, you might think, oh, this is legit, you know, and then they just get your new password compromise if you click it. Yep. Um, the last one is just kind of an overall feeling. Um, you know, just, just look at it, uh, you know, don't, well, it's basically just, just pause, you know, for a few seconds, think about the email, does it feel right? Is it something you're expecting? Do you know this person, um, you know, just don't open it, take a quick action. A lot of the times that's what happens and that's where they,

Speaker 2 (16:43):

Right. You know what I mean? The coolest thing is when you see something like that, you know, count the five, at least before you decide to react. Right. Cause they're trying to get that emotional impulse out of you so that you don't stop and think or think before you click, you just react and do, and then you have clickers and data entry remorse, because you just realize after your submission, oh, that was actually malicious. And now I'm in a frantic mode trying to cancel a credit card or logged back into this site or contact PayPal because I just gave something up, whatever it is you are now actually doing more work than if you would've just taken five seconds in a deep breath and essentially thought about it right. The first time. Yeah,

Speaker 1 (17:33):

Yeah, yeah. For sure. That's, that's great advice. And um, I just want to talk real quick, too, about, you know, overall, what are these hackers trying to accomplish with a phishing email? Um, you know, I, I, there's several things really, but one is, is which I don't see too often anymore, but where they want you to click the link, which can activate, you know, uh, download, uh, try and download a virus and malware, you know, something to compromise or gain access, uh, to your computer. Um, one another one is to try and get you just to reply to the email, um, to try and basically verify the email address is valid. Someone's there and looking and reading, uh, the email and then the other one is, is kind of, I think the most common is, um, yeah, just trying to get you to clink, click a link, um, so that you give up some type of information.

Speaker 2 (18:32):

Well, the other thing that we've seen is that a hacker who does it, especially from say an email perspective, right? They want to get access to office 365 it's because there are hackers out there that are actually live hackers who want to gain access into your email ecosystem. So they can now start sending out requests. And you'll see this with a vendor request. I now get access to ABC company, and I'm going to present myself as this particular administrator. And I'm going to send an email to the vendor saying, Hey, you need to send out, I should say a customer, whoever it is, you need to send us money for this past due invoice. Here's our bank information, right? There are a lot of times that is automated, but we've definitely seen live attacks. About two years ago, we actually witnessed a live hack. We're having communications with the hacker over the users office 365 account.

Speaker 2 (19:28):

Now we had productions in place, but that particular person decided they wanted the grant themselves administrative rights. And they clicked on a link which allowed the hacker to gain access into their account. And the hackers set up an API. So everything was redirected through Imam and they were dynamically communicating through this, this person's user now, easy to change. We changed the password. Of course, two factor authentication. This was prior to that being enforced. We, you know, that wasn't forced at that point in time and stop that completely. But anything that a hacker can do in order to make money, right. Monetize that experience. I mean, put it in perspective this way. If you could take 10 seconds and get $10,000, would you do it? Right? Right. And now with automation, I could try to target again, 10,000 people. And if I can get 10 of those people to do that, and I get $10,000, I just made a hundred grand for very little work. Right. So I think the statistics say that by, was it 2025, this kind of, um, dark technology areas going to be a multi-trillion dollar industry. Right, right. Yeah.

Speaker 3 (20:43):

It's, it's not good to think about. Right. That's it. Right.

Speaker 1 (20:50):

But yeah, I've heard before, uh, which I think has a lot of truth in it. You know, a hacker hackers are doing almost like a shotgun approach. Typically, you know, they're doing, trying to get as many of these emails out there as possible to every email address they can find, um, all the time. And they're looking for the easiest hack with the biggest payoff. Right. Um, it's almost like, you know, think of someone that's, that's just lazy. It's trying to make money. You know, what's the least amount of work they can do to make the most money. That's what they're gonna go after.

Speaker 2 (21:24):

Right. And so probably like I said, you know, the United Jeremy and prince email was in the early two thousands, if not, you know, the late 1990s, but that tactic of trying to target the social mindedness of a person, right. They're carrying, this is still apropos today. There's still some social dynamic and sense of urgency that this trades, which bypasses all fundamental security systems in order to get an end-user to take an action. And again, right. The whole thing before you click, thank it seems simple enough, essentially. You're the human firewall. So your employees, you, your education, your policies, all those things kind of coincide to eliminate and reduce the likelihood that you're going to be taken advantage of by one of these attacks, as simple as they seem, people fall for them all the time, which is why they're still a commonly used tactic that's used.

Speaker 3 (22:20):

Right. Yep. And

Speaker 1 (22:21):

It obviously works very well if that's how much money they're making or the industry makes. So yeah, at the end, I think kind of the best advice is to have your it person have the different securities in place, but to train your staff, um, you know, let them know they are the last line of defense for your company and, uh, there's warning signs, but the very minimum pause for a minute, just do an overall check, you know, does it feel right? Are you expecting it? Yeah.

Speaker 2 (22:53):

And the reality is B fi besides the multi-factor authentication, there are two other things you need to do, especially when it comes to like cloud applications, like office 365, 1, you still should have a good backup. Now there are technology companies that are you against this, but if you take a look at Microsoft services agreements, there are limitations to data recovery in their environments. So if you were to get compromised and you can get ransomwared on SharePoint and other things that is really up to you to make sure you got data recovery there. So you're a good MSP is going to provide that. The second thing is you should actually be putting some type of security operation center or the touch in mechanisms, especially for shadow it, which are the applications and API calls that happen for authentication to account in order to detect, prevent and know what's going on. And a good email filter will stop those phishing attacks before they even get to the end user. Right. So, you know, those are two common things that you can take a look at and really solidified that last component. If it happens, I can recover. And I have a prevention mechanism that actually stops that from getting to my end users. Right?

Speaker 1 (24:00):

Yeah. I read your recently as well on CSO online, 94% of threats are delivered by email. I mean, that's huge. I think it was, uh, you know, around that, uh, amount, you know, for ransomware, uh, or ransomware is included in that and the last, uh, ransom threats that I saw, um, or I talked to someone about, you know, they were wanting $40,000, um, you know, to unencrypt their data, that they were holding ransom and they didn't pay it the next day. It doubled up to 80,000 and this was a company, uh, I was talking to, um, on the east side of the country, somewhere manufacturing company, and they didn't have their, it didn't have their backup set correctly. So backups or compromised data was compromised. They couldn't pay the ransomware and they just had to start completely from scratch.

Speaker 2 (24:57):

Right. And there's two things with what you're saying, Chris first, a lot of the hackers who really want to target these businesses, they have, I think it's proven they've already been on a system for six or more months before they decide to take any action. The second thing that happens is they're trying to ramp up the sense of urgency sometimes with a threat of extortion. If you don't pay this, we're going to release your data publicly, right? So you no longer have this. It's there. If you don't pay it, your ramps, you know, your systems, aren't going to be decrypted. You'll have to go to backup. No, it's, if you don't pay us, besides having your stuff encrypted, we're also going to take everything we have that we tell you, we got, we make copies of it and we're going to post that in a public forum.

Speaker 3 (25:41):

Right? Yeah.

Speaker 1 (25:43):

And even if you do pay, they can, they still do that a lot of the time.

Speaker 2 (25:48):

Right. So prevention is always the best medicine when it comes to these things. Yeah. Have the right tools, have the layers, as you said before. And of course, as an end-user think before you click, and if you've got an MSP at your side, don't hesitate to Attia. Send that email for a second set of eyes. Yep.

Speaker 1 (26:09):

I love it. Um, the last thing I want to, or two things I want to offer to everybody is a us here at Wolf guard. It, we do have a cybersecurity awareness presentation, uh, that we've been, um, um, offering to different businesses, community groups, um, in our community. And we can, you know, come there and just present this for you, uh, help basically just help educate, uh, people on how to keep safe and keep your company safe, you know, that kind of thing. Um, and then the item is a ebook. Uh, this is the, um, the eight warning signs document that we just went over earlier. You can go to this address, fill out your information, get a download of it, to hand out to your staff, uh, friends, you know, who, whoever you think might benefit from it. Yeah. Um, well, yeah. Thank you, Gary. I always appreciate you. Uh, you joining us, um, and we'll, we'll have to do it again. All the great Chris you take care. All right, everybody stay safe.