Category: How To

The Employee Phishing Test

Phishing is where you receive an email that appears to be from a trusted organisation but is designed to get your personal information such as login and password or credit card details.

Q. Would your employees fall for such a phishing email?

Usecure Ltd carry out phishing simulations on behalf of their client companies in order to see what the level of response would be and hence what actions need to be taken.

Follow this.

It’s half past four on a Thursday afternoon. You’re getting through your last tasks of the day, when you receive a new email. It has an alluring title:

“Holiday Policy Change – Action Required”

When an email with this title was sent out to the employees of one of Usecure’s clients, 78% of them opened it. The email, however, was a phishing scam: By the end of the day, 39% of the recipients had been duped into giving up their email passwords.

Luckily for the client, the email was only a simulation.

That’s a frighteningly high message open rate and response rate and shows how dangerous phishing emails can be.

Q. What is simulated phishing – and how does it help?

Simulated phishing means sending out ‘fake’ phishing emails. These are often modelled after real-world phishing emails and use similar techniques to catch the target’s attention, but are intended to educate the target on the risks of phishing rather than to trick them into giving up their details.

While training end-users on the risks of phishing and the common telling signs of phishing emails is essential, simulated phishing allows employees to put what they’ve learned into a real-world test. This helps raise awareness about phishing – employees that do fall for simulated phishing are sure to remember how easy it is to fall for a phishing scam – and the results are recorded for you to see how your employees fare in the simulation. This data can then be used to provide additional training and guidance to employees most at risk, helping you secure the organisation.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature


How to Spot a Romance Scam

Running romance scams is a full-time job for some scammers and they can be very good at it. In the first three months of 2018, New Zealanders reported losing $7.9 million to romance scams – and the real figure is probably much higher as most people don’t report such scams, due to embarrassment and blaming themselves for falling for a con.

A scammer pretends to be in a relationship with someone online in order to scam them out of money. This is most commonly through dating websites and APPS but also through social media, other websites and APPS where they can find targets. The scammers setup fake accounts on the dating website or wherever needed and usually use other people’s identities and photos as chosen to give them the maximum appeal to their intended victims.

They will have a fake backstory, family, friends and job and usually they’re scamming multiple people at the same time. Once they’ve worked to gain the trust of the person they’ve targeted, they will use various stories to get money or details from that person. They may start by requesting small sums of money to test the waters, and then build up to requesting larger amounts. Sometimes they won’t actually ask for money, but they will talk about problems that can solved by money, because they know that the target will offer financial assistance. In some cases the scammer may try to get the person targeted to unknowingly help launder money for their criminal activities.

How to Identify a Romance Scam

  • Profession of love or strong feelings within a short time of meeting the person online.
  • If your new love mentions health problems, family issues, business troubles or other issues that could be solved with money.
  • Requests for money: You should be wary of any request for money.
  • Changes in communication style: If there are several scammers taking turns to maintain the relationship, their writing styles may change.
  • If a new romantic contact is not willing to meet up or talk via video call, or comes up with a series of excuses to avoid meeting, you should be cautious.
  • Financial assistance to meet in person: Also be careful about offering or giving the person money so that they can meet you in person.

Some scammers are more than willing to play the waiting game before getting a pay off. Scammers may keep a “relationship” going for months or even longer before they begin to request money or drop hints about problems that could be solved with money.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

How to Identify a Suspect Photo

If you receive a photo from someone on a dating website or a Facebook friend request or a scam email etc. you might want to know whether the photo is of the sender or has just been copied off the Internet.

Fake photos are a common problem on dating websites, where, for male scammers photos of uniformed soldiers are often used. For female scammers, the use of photos of random hot women stolen from social media sites is very common.

Google has a reverse image lookup facility and it’s easy to use.

  1. Download a copy of the photo of the person on to your device if possible (or you can a URL pointing to the image)
  2. Go to Google Image search and select the camera icon
  3. Upload the photo or type in the URL for the image
  4. The result will be a list showing where the picture is on the Internet.

This cannot be guaranteed to give 100% accurate results, but it makes a good effort to match the image you supply.

If the scammer has chosen a popular photo from a popular website then Google is likely to find it but if someone is just using a picture of their neighbour for example then there’s little chance of finding it.

Just because Google cannot find the photo on the Internet does not prove it is a genuine photo of the sender.

The scammers that use fake pictures may well work for professional criminal organisations and treat it like an everyday job. So, confronting them is pointless, trying to talk out of such deceitful behaviour is a waste of time.

If you catch people cheating with photos then report them to the social media site concerned or the relevant dating site.

You may also choose to report them to the Police and tell the scammer you know they are fake.

If you have any experiences with scammers, spammers or time-waster do let me know, by email.

Fightback Ninja Signature

How to Stay Safe from Ransomware

Ransomware is when a hacker gets software onto your computer that can lock you out or encrypt the data files. Once the attack has succeeded, the hacker puts up a message screen on the computer announcing the attack and demanding a payment be made in order to get the decryption key or password to unlock the files.

Most of these attacks are the encrypting type and examples include CryptoLocker, Locky and CrytpoWall.

Ransomware commonly uses multiple evasion techniques to avoid being found by anti-virus programmes and is often able to spread from one computer to another on the same network.

The primary protection against ransomware is up to date anti-virus and anti-malware software and regular backups. Plus, you can consider the following:-

  • If your anti-virus or anti-malware has anti-ransomware options then enable that protection
  • Do regular scans of all drives
  • Ensure any important files and data are also copied onto Internet storage or other external storage
  • Never click on links in emails unless you are sure they are safe
  • Never open email attachments that you do expect
  • Delete spam emails and anything suspicious
  • Beware dodgy websites that may download drive-by malware.

In conclusion, ransomware is a real problem – don’t be caught out with out of date backups.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

How to Stay Safe on Public WI-FI

The first piece of advice is to avoid public Wi-Fi completely.

A public Wi-Fi network is inherently less secure than your home or office Wi-Fi because it is publicly available.

If you do need to use public Wi-Fi then pick one which needs a password and do not carry out any financial activity or buy anything or access your email or do anything else needing passwords.

If you want to be secure when using public Wi-Fi you will need a VPN (Virtual Private Network) installed on your devices.  These encrypt all communications between your devices and their target websites etc.

They also let you browse websites without anyone being able to track your location and activities.

Alternatively you can take your own Wi-Fi with you by using your mobile phone to create a Wi-Fi hotspot for your devices.

Points to Remember

  1. Leave Wi-Fi turned off until you need it.

When you’re finished working online, turn it off again.

  1. Turn Off File Sharing

If you have file sharing of any kind enabled then turn it off while on public Wi-Fi as it could be copying your confidential information to the Internet unencrypted.

  1. Keep Your Antivirus and Antimalware Up to Date

You must have anti-virus and ant-malware installed and make sure to keep them up to date or their effectiveness will diminish.

  1. Use https Websites where Possible

Https access is safer than http access so stick to those websites that have https versions where possible.

  1. Don’t Leave Your Devices Unattended in Public

You don’t want some accessing your laptop, smart phone or other device. Even if they don’t steal it, they may access your information or install a malicious APP

Stay Safe.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Check Who’s Using Your Wi-Fi

If your connection to your home Wi-Fi always seems sluggish – maybe someone is accessing it who shouldn’t be.

If you unplug the router for a few minutes, that will remove anyone connected to it, but only until you reconnect the router then your devices and possibly someone else can connect again.

If you think someone has access to your Wi-Fi who shouldn’t have, and knows the passcode then you need to change the passcode.

If there is still reason to suspect someone is accessing your WI-FI without your permission, then there are steps  you can take to identify the culprit.

Check the Router Access List

You will need to login to your router. The instructions when you got the router will tell you how to do this and it may also say on the back of the device. These instructions differ for each router.

You will need to know its IP address (plus login and password) and then you can access from any computer browser.

The router will show you a list of devices currently attached to it and usually enough information for you to recognise who the devices belong to.

You will see something similar to this

Wired Devices
MAC Address IP Address Device Name Time Connected
54:21:XX:XX:XX:XX Erica’s PC 2 days 4 hours 31 minutes
Wireless Devices
54:21:XX:XX:XX:XX Chromecast 45 minutes
54:21:XX:XX:XX:XX Android Phone 140927271 1 day 12 minutes
54:21:XX:XX:XX:XX iPAD 35 minutes

The device name will hopefully tell you enough to identify the owner of the device but if you have several Android phones in the house, for example, then it may not be enough.

What to do if you find an unauthorised device

If you have not set the router to encrypt the data then make that change and try again.

If you still seem to have an interloper then that person must have hacking skills and you would need to invest time and money in a network monitoring or employ an expert to trace the interloper for you.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature