4 Proven Ways to Mitigate the Costs of a Data Breach


Data Breach

4 Proven Ways to Mitigate the Costs of a Data Breach

No business wants to suffer a data breach. But unfortunately, in today’s environment, it’s difficult to completely avoid them. Approximately 83% of organisations have experienced more than one data breach. (IBM Security 2022 Cost of a Data Breach Report)

These breaches hurt businesses in many ways. First, there is the immediate cost of remediating the breach. Then, there are the lost productivity costs. You can add lost business on top of that, and lost customer trust. A business could also have extensive legal costs associated with a breach.

According to IBM Security’s report, the cost of a data breach climbed again in 2022. The global cost of one breach is now $4.35 million, up 2.6% from last year. If your business is in the U.S., the cost rises to $9.44 million. In Canada, the average data breach costs companies $5.64 million.

Costs for smaller companies tend to be a little lower. But breaches are often more devastating to SMBs. They don’t have the same resources that larger companies do to offset all those costs.

It’s estimated that 60% of small companies go out of business within six months of a cyber security breach.

Companies don’t need to resign themselves to the impending doom of a data breach. There are some proven tactics they can take to mitigate the costs. These cyber security practices can limit the damage of a cyberattack.

All these findings come from the IBM Security report. They include hard facts on the benefits of bolstering your cyber security strategy.


Cyber security tactics to reduce the impact of a breach

Use a Hybrid Cloud approach
Most organisations use the cloud for data storage and business processes. Researchers found that 45% of all data breaches happen in the cloud. But all cloud strategies are not created equally.

Breaches in the public cloud cost significantly more than those in a hybrid cloud. What is a hybrid cloud? It means that some data and processes are in a public cloud, and some are in a private cloud environment.

What some may find surprising is that using a hybrid cloud approach was also better than a private cloud.


data breach graph
Graph from: IBM Security/Ponemon Institute 2022 Cost of a Data Breach Report


Put in place an incident response plan & practice it
You don’t need to be a large enterprise to create an incident response (IR) plan. The IR plan is simply a set of instructions. It’s for employees to follow should any number of cyber security incidents occur.

Here is an example. In the case of ransomware, the first step should be disconnecting the infected device. IR plans improve the speed and effectiveness of a response in the face of a security crisis.

Having a practiced incident response plan reduces the cost of a data breach. It lowers it by an average of $2.66 million per incident.

Adopt a zero trust security approach
Zero trust is a collection of security protocols that work together to fortify a network. An example of a few of these are:

  • Multi-factor authentication
  • Application safelisting
  • Contextual user authentication

Approximately 79% of critical infrastructure organisations haven’t adopted zero trust. Doing so can significantly reduce data breach costs. Organisations that don’t deploy zero trust tactics pay about $1 million more per data breach.

Use tools with security AI & automation
Using the right security tools can make a big difference in the cost incurred during a data breach. Using tools that deploy security AI and automation brought the biggest cost savings.

Data breach expense lowered by 65.2% thanks to security AI and automation solutions. These types of solutions include tools like advanced threat protection (ATP). They can also include applications that hunt out threats and automate the response.


How to get started improving your cyber resilience

Many of these ways to lower data breach costs are simply best practices. You can get started by taking them one at a time and rolling out upgrades to your cyber security strategy.

Working with a trusted IT provider, put together a roadmap. Address the “low-hanging fruit” first. Then, move on to longer-term projects.

As an example, “low-hanging fruit” would be putting multi-factor authentication in place. It’s low-cost and easy to put in place. It also significantly reduces the risk of a cloud breach.

A longer-term project might be creating an incident response plan. Then, you would set up a schedule to have your team drill on the plan regularly. During those drills, you could work out any kinks.


Need help improving your security and reducing risk?

Working with a trusted IT partner takes a lot of the security burden off your shoulders. Contact us at JohnCruzIT today to schedule a chat about a cyber security roadmap.

Cyber Security Attack to Watch Out for in 2023?


Cyber Security Attack to Watch Out for in 2023?

The new year has just begun and it’s a time of renewal as we plan for the possibilities to come in 2023. It’s also a time when you need to plan for resiliency in the face of ever-present cyberattacks.

Sixty-eight percent of surveyed business leaders feel that cybersecurity risks are getting worse. They have a good reason. Attacks continue to get more sophisticated. They are also often perpetrated by large criminal organisations. These criminal groups treat these attacks like a business.

In 2021, the average number of global cyberattacks increased by 15.1%.

To protect your business in the coming year, it’s important to watch the attack trends. What new methods are hackers using? What types of attacks are increasing in volume? Knowing these things is important. It helps you better update your IT security to mitigate the risk of a data breach or malware infection.

We’ve pulled out the security crystal ball for the upcoming year. And we’ve researched what cyber security experts are expecting. Here are the attack trends that you need to watch out for.

Attacks on 5G devices
The world has been buzzing about 5G for a few years. It is finally beginning to fulfill the promise of lightning-fast internet. As providers build out the infrastructure, you can expect this to be a high-attack area.

Hackers are looking to take advantage of the 5G hardware used for routers, mobile devices, and PCs. Anytime you have a new technology like this, it’s bound to have some code vulnerabilities. This is exactly what hackers are looking to exploit.

You can prepare by being aware of the firmware security in the devices you buy. This is especially true for those enabled for 5G. Some manufacturers will build better firmware security into their designs than others. Make sure to ask about this when purchasing new devices.

One-time password (OTP) bypass
This alarming new trend is designed to get past one of the best forms of account security. Multi-factor authentication (MFA) is well-known as very effective at preventing fraudulent sign-in attempts. It can stop account takeovers even in cases where the criminal has the user’s password.

There are a few different ways that hackers try to bypass MFA. These include:

  • Reusing a token: Gaining access to a recent user OTP and trying to reuse it
  • Sharing unused tokens: The hacker uses their own account to get an OTP. Then attempts to use that OTP on a different account.
  • Leaked token: Using an OTP token leaked through a web application.
  • Password reset function: A hacker uses phishing to fool the user into resetting a password. They then trick them into handing over their OTP via text or email.

Attacks surrounding world events
During the pandemic, the cyberattack volume increased by approximately 600%. Large criminal hacking groups have realized that world events and disasters are lucrative.

They launch phishing campaigns for world events. Attacks come for everything from the latest hurricane or typhoon to the war in Ukraine. Unsuspecting people often fall for these scams. This is because they are often distracted by the crisis.

People need to be especially mindful of scams surrounding events like these. They will often use social engineering tactics, such as sad photos, to play on the emotions.

Smishing & mobile device attacks
Mobile devices go with us just about everywhere these days. This direct connection to a potential victim is not lost on cyber criminals. Look for more mobile device-based attacks, including SMS-based phishing (“smishing”).

Many people aren’t expecting to receive fake messages to their personal numbers. But cell numbers are no longer as private as they once were. Hackers can buy lists of them online. They then craft convincing fake texts that look like shipping notices or receipts. One wrong click is all it takes for an account or data breach.

Mobile malware is also on the rise. During the first few months of 2022, malware targeted to mobile devices rose by 500%. It’s important to ensure that you have good mobile anti-malware. As well as other protections on your devices, such as a DNS filter.

Elevated phishing using AI & machine learning
These days, phishing emails are not so easy to spot. It used to be that they nearly always had spelling errors or grainy images. While some still do, most don’t.

Criminal groups elevate today’s phishing using AI and machine learning. Not only will it look identical to a real brand’s emails, but it will also come personalized. Hackers use these tactics to capture more victims. They also allow hackers to send out more targeted phishing messages in less time than in years past.


Schedule a cyber security check-Up today

Is your business prepared for the cyber threats coming in 2022? Don’t wait to find out the hard way! Contact us at JohnCruzIT and schedule a cyber security check-up to stay one step ahead of the digital criminals.

7 Apps That Can Help You Improve Customer Experience in 2023


7 Apps That Can Help You Improve Customer Experience in 2023

Paying attention to your customer experience directly impacts your bottom line. Companies that are “customer-centric” are 60% more profitable than those that aren’t. In this digital age, customers also expect more from those they do business with.

In today’s world, people can order something on their phones and see it on their doorstep the next day. Keeping up with expectations means leveraging the right technology.

As 2023 is on the horizon, it’s the perfect time to improve your customer experience. Thanks to cloud technology, you don’t have to spend a fortune to do it. Just put in place some of the applications below. These apps focus on making leads and customers happy.

1. Online survey application
Doing an annual customer satisfaction survey is a great way to check in with customers. Successful businesses take the feedback they get and use it to make their company better.

But doing these surveys through a Word document attached to an email is so last decade! Use an online survey application to make the process seamless for you and your customers.

Online survey tools are available widely online. If you have Microsoft 365, you’ll find one included. These allow people to fill out surveys on any device and not worry about sending them back in an attachment.

On the receiving end, there is no long process of collating data. Just open your form survey tool and see the results instantly.

2. Smart chat bot
Most businesses have a limit on how many hours a day they can pay staff to answer questions. Customer service hours are typically the same as business hours. And staff can get busy, which means answers may take longer to send back to an inquiry.

Putting a smart chatbot on your business website can improve customer satisfaction. It allows people to get an answer right away. They can also get that answer any time of day or night.

68% of consumers like chatbots because they give them fast answers to questions. While they can’t answer every single question, they can handle quite a few. For example, in healthcare and banking, chatbots can take 75-90% of questions.

3. Business mobile app
People tend to live on their mobile phones these days. They carry them with them everywhere. Mobile apps are often the preferred method of connecting with data and businesses. More Google searches are now done via mobile devices than by desktops.

Think about creating a business mobile app. One that allows customers to connect with you to order products and services. You can use it for customer support, to initiate virtual calls, and more.

4. Facebook messenger support
Facebook Messenger is the 2nd most popular iOS app of all time. This Facebook-connected application makes it easy to communicate with friends, family, and companies.

Many businesses now use Messenger to connect with leads and provide customer support. When you use an app that is so popular in this way, you make it easier for customers to reach you. The ability to get a quick answer through Messenger can boost a customer’s opinion of your company.

5. VoIP phone system with good mobile app
When customers must juggle different numbers for your staff, it gets confusing. Should they call your sales rep at their desk line or mobile number? Using a VoIP phone system simplifies the entire process.

Employees can have a single number that they use when at their desks, at their home office, or anywhere. Make sure the VoIP service has a good mobile app. One that is easy for employees to use. This ensures they can easily handle customer calls using their smartphone. It also keeps them from reverting to using their personal number.

6. Text notification apps
SMS is becoming the new email for many companies. Retailers like Shoe Carnival and World Market have customers opt-in to text messaging. Customers like this for shipping notifications and to get sale and coupon alerts.

There are several services online that you can use for this purpose. Offering text updates can significantly improve your customers’ experience. Use them for appointment reminders, sale notices, or shipping alerts.

7. All-in-One CRM & sales platform
One thing that frustrates customers is a disconnect between sales and support. They may have had a conversation with a salesperson to customize an order. Then, find that customer service knows nothing about it.

To streamline the information flow, look for an all-in-one CRM/Sales platform. These are cloud services that offer a CRM module and a sales module, and both connect. There is a single customer record, so all notes from the sales and customer support side are in the same place. Both teams can view all customer interactions.

This improves the customer experience and results in fewer dropped balls. Efficiency and productivity improve as well because everyone is on the same page.

Get help with customer-facing technology support

It’s easy to get lost in a sea of different cloud applications. Let us help you navigate to a better customer experience. If you need any help with your IT security or suspect your system is compromised, don’t hesitate to contact us at JohnCruzIT.

Simple Setup Checklist for Microsoft Teams


Simple Setup Checklist for Microsoft Teams

Microsoft Teams is a lot of things. It’s a video conferencing tool, a team messaging channel, and a tool for in-app co-authoring, just to name a few. During the pandemic, the popularity of Teams skyrocketed.

User numbers for MS Teams jumped from 20 million in November 2019 to 75 million in April 2020. As of this year, Microsoft reports a user count of 270 million for the platform. This makes it the most popular business tool for team communications.

But one of the things that makes the app popular is also one that can make the setup complex. Microsoft Teams has many moving parts, but to use them effectively they need to be well organized. Additionally, users need to have a chance to learn the system and train on best practices.

What can Microsoft teams do?
First, let’s look at the different areas of Microsoft Teams and what it can do. Then, we’ll give you a simple setup checklist to help your team get up and running productively.

You can think of Teams as a virtual office in the cloud. It’s a centralized hub where teams can communicate, collaborate, and manage tasks. There is also an external communication component to Teams. You can use the app to video conference with anyone. You can also invite guests to a chat channel.

Here are some of the features of MS Teams:

  • Siloed chat channels
  • Security for team communications
  • Integration with Office apps
  • Integration with 3rd party apps
  • File sharing
  • Video and audio conferencing
  • VoIP phone system (with an extra add-on)
  • Keep all team resources in a single place
Microsoft Teams versions

Some good news for small businesses is that there is a free version of Microsoft Teams. If you sign up for a Microsoft 365 business plan, you get the app included, but with a few more features.

Microsoft has also been pushing MS Teams for personal use. So, you can use it to keep your departments better coordinated at work. Or to manage family video calls or PTA meeting collaboration. It’s a versatile and scalable virtual office platform.


Easy Checklist for Setting Up Microsoft Teams

1. Set Up Your Teams/Departments
One of the advantages of Teams is that it allows you to set up specific areas for your groups to collaborate. You do not want everyone to set these teams up on their own, or you could end up with an unorganized mess.

Some ideas for setting these up:

  • Set up teams by department (accounting, marketing, etc.)
  • Add a company-wide team (where everyone can collaborate)
  • Set up teams by role (office managers, executives, etc.)

Typically, if you mirror the hierarchy of your organisation, that’s a good place to start. Team areas are secured so only those users invited can see or access any of the content in that team.

2. Add Team members
For each team, add the members allowed to take part in that team. These would be people that can see the resources posted in that team area. It would normally be the members of the department or group that the team is designed for.

3. Set up Team Channels
The next level beneath the Team is the Channels. These team channels help organize conversations. For example, within a team set up for your marketing department, you may decide to add three channels. This keeps conversations more focused and makes it easier to find things.

For instance, you could have channels for:

  • Website Management
  • Social Media
  • Offline Advertising

Team channels are another area that you want to control. Don’t let everyone set up channels without a plan, otherwise, things get messy fast.

4. Set up Team tabs
Tabs are a great way to foster productivity. Say that employees on your accounting team need to access a tax reporting website. Inevitably, there can be time wasted asking for that link or a login. This is especially true if someone is filling in for a co-worker.

You can add that website link and info to the Tabs area at the top of the team channels. Just click the plus sign to add a new resource and consolidate things for your team members.

5. Schedule MS Teams training
One of the reasons that company initiatives fail is that users weren’t properly enabled. If users aren’t trained on using MS Teams, then they’ll revert to using whatever they used before. This negates the benefits of moving to Teams when not everyone is onboard.

Work with a Microsoft professional to train your teams. We can provide tips on the most productive features. As well as short-cut their learning curve quite a bit! Make sure to have a realistic timeframe. You should also survey users on whether they feel they need more training.


Need some help implementing teams in your organisation?

We can help you over many of the roadblocks that organisations face when starting with Teams. If you need any help with your IT security or suspect your system is compromised, don’t hesitate to contact us at JohnCruzIT.

Small businesses are attacked by Hackers 3x more than larger ones


Small businesses are attacked by Hackers 3x more than larger ones

Have you felt more secure from cyberattacks because you have a smaller business? Maybe you thought that you couldn’t possibly have anything that a hacker could want? Didn’t think they even knew about your small business.

Well, a new report by cyber security firm Barracuda Networks debunks this myth. Their report analyzed millions of emails across thousands of organisations. It found that small companies have a lot to worry about when it comes to their IT security.

Barracuda Networks found something alarming. Employees at small companies saw 350% more social engineering attacks than those at larger ones. It defines a small company as one with less than 100 employees. This puts small businesses at a higher risk of falling victim to a cyberattack. We’ll explore why below.

Why are smaller companies targeted more?

There are many reasons why hackers see small businesses as low-hanging fruit. And why they are becoming larger targets of hackers out to score a quick illicit buck.

Small companies tend to spend less on cyber security
When you’re running a small business, it’s often a juggling act of where to prioritize your cash. You may know cyber security is important, but it may not be at the top of your list. So, at the end of the month, cash runs out, and it’s moved to the “next month” wish list of expenditures.

Small business leaders often don’t spend as much as they should on their IT security. They may buy an antivirus program and think that’s enough to cover them. But with the expansion of technology to the cloud, that’s just one small layer. You need several more for adequate security.

Hackers know all this and see small businesses as an easier target. They can do much less work to get a payout than they would, trying to hack into an enterprise corporation.

Every business has “Hack-Worthy” resources
Every business, even a 1-person shop, has data that’s worth scoring for a hacker. Credit card numbers, SSNs, tax ID numbers, and email addresses are all valuable. Cyber criminals can sell these on the Dark Web. From there, other criminals use them for identity theft.

It is now much easier for people to find and add polls to their chats and meetings. You can find the “Polls” app when searching in the Teams app store (via the sidebar or top nav bar in the meeting).

Here are some of the data that hackers will go after:

  • Customer Records
  • Employee records
  • Bank account information
  • Emails and passwords
  • Payment card details

Small businesses can provide entry into larger ones
If a hacker can breach the network of a small business, they can often make a larger score. Many smaller companies provide services to larger companies. This can include digital marketing, website management, accounting, and more.

Vendors are often digitally connected to certain client systems. This type of relationship can enable a multi-company breach. While hackers don’t need that connection to hack you, it is a nice bonus. They can get two companies for the work of one.

Small business owners are often unprepared for ransomware
Ransomware has been one of the fastest-growing cyberattacks of the last decade. So far in 2022, over 71% of surveyed organisations experienced ransomware attacks.

The percentage of victims that pay the ransom to attackers has also been increasing. Now, an average of 63% of companies pay the attacker money in hopes of getting a key to decrypt the ransomware.

Even if a hacker can’t get as much ransom from a small business as they can from a larger organisation, it’s worth it. They often can breach more small companies than they can larger ones.

When companies pay the ransom, it feeds the beast and more cyber criminals join in. And those newer to ransomware attacks will often go after smaller, easier-to-breach companies.

Employees at smaller companies usually aren’t trained in cyber security
Another thing is not usually high on the list of priorities for a small business owner. We’re talking about ongoing employee cyber security training. They may be doing all they can just to keep good staff. Plus, priorities are often sales and operations.

Training employees on how to spot phishing and password best practices often isn’t done. This leaves networks vulnerable to one of the biggest dangers, human error.

In most cyberattacks, the hacker needs help from a user. It’s like the vampire needing the unsuspecting victim to invite them inside. Phishing emails are the device used to get that unsuspecting cooperation.

Phishing causes over 80% of data breaches.

A phishing email sitting in an inbox can’t usually do anything. It needs the user to either open a file attachment or click a link that will take them to a malicious site. This then launches the attack.

Teaching employees how to spot these ploys can significantly increase your cyber security. Security awareness training is as important as having a strong firewall or antivirus.

Need affordable IT security services for your small business?

Reach out today to schedule a technology consultation. We offer affordable options for small companies. This includes many ways to keep you protected from cyber threats.

If you need any help with your IT security or suspect your system is compromised, don’t hesitate to contact us at JohnCruzIT.

Top 3 Microsoft Teams updates


Top 3 Microsoft Teams updates

Microsoft Teams users have grown by 70% in recent months to 75 million active users worldwide. Teams are constantly adding new features to enhance their app and make meetings more collaborative. We will cover our top 3 recent updates.

Making Calls via Teams

Making calls to phone numbers via video meetings is often missing from video conferencing apps, Teams have introduced this very handy update.

Phone calling via Teams is a phone system built into the Microsoft Teams app. This call function can be carried out over direct routing. The new feature allows you to port your business phone numbers into the Teams applications and make and receive calls from the app.

Teams phone call feature offers call queues, call history, hunt groups, voicemail, video calls, and meetings. You will be able to enjoy a professional call experience while working remotely or at the office.

You can call and answer calls from anywhere in Teams and switch between devices.

Did you know you can route your calls through Microsoft's network? With the help of Teams calling plans, businesses can easily communicate with one another both domestically and abroad.

Teams Polls

Microsoft Teams is now better connected with Microsoft Forms. The “Forms” app within Teams is being replaced with a new app named “Polls”.

It is now much easier for people to find and add polls to their chats and meetings. You can find the “Polls” app when searching in the Teams app store (via the sidebar or top nav bar in the meeting).



There are new UI improvements to the poll suggestions pane, including the ability reposition the list of polls, provide

  • Re-position the list of suggested polls from the bottom to the side pane
  • Re-position the list of suggested polls from the bottom to the side pane
  • Provide the poll results view (previously, it only showed the voting view), which allows the poll creator to preview the poll's look to the meeting audience after it’s launched
  • You now view your recently created polls to re-use your past polls in a new meeting, saving you time!
  • A new poll animation appears after attendees have entered a response, this provides confirmation the vote has been captured. 
  • There is also an option to rate the Poll to provide feedback.
  • The poll results view has been improved and its now much easier to read

LinkedIn Integration

LinkedIn profiles are now integrated with Teams, to connect directly and build deeper relationships with your network. From Teams chat, channels, calls, or meetings, you will now be able to view your colleague’s LinkedIn profile, including their current role, past experiences, and other insights. Learn how to make the most of your LinkedIn integration.

If you need any help setting up your Microsoft Teams and managing IT services don’t hesitate to contact us at JohnCruzIT.

Image credit Microsoft tech connections

Interpol busts 2000 suspects in phone scamming takedown


Interpol busts 2000 suspects in phone scamming takedown

Sick of the unending stream of email and phone calls you receive from scammers claiming to represent your bank? Amazon? Microsoft? The tax office? The police?

We sympathise – we’re sick of them too, especially landline calls that could be a loved one calling for help or advice, and thus need to be answered…

…but that rarely, if ever, turn out to have a familiar voice at the other end.

Perhaps you’re one of the 40,000,000 or so viewers of famous science-and-engineering YouTuber Mark Rober’s video entitled Pranks Destroy Scam Callers – GlitterBomb Payback?

Incorrect logos, incomprehensible grammar, outright ignorance about our online identity, weird spelling errors, absurd punctuation!!!!, or bizarre scenarios (no, your surveillance spyware definitely did not capture live video through the black electrical tape we stuck over our webcam)…

Rober makes some alarming but entirely believable claims of just how much money [a] a top call-centre scammer can make if they hit their on-target earnings and [b] just how much a typical call centre of this sort turns over each day.

If you haven’t seen it, the video starts with the words, “I have 100 cockroaches here, and I placed them in this James Bond-style contraption,” so you can probably imagine how things end.

Despite the not-very-threatening outcome when Rober later releases the insects inside a scam call centre where he has access to footage from the CCTV feed, the video gives a good visual indication of just how industriously and unrelentingly these scammers operate. (When not driven from their work pods by roaches, that is.)

Fake refund scams

The scammers in Rober’s video seem to go in mainly for what are known as “fake refund” tricks, which go something like this:

  • Scammers “refund” you an impressive but believable amount, say $2000, for an “over-billing” for a product or service you actually use.
  • They then “help” you login to your bank account to ensure that the transaction went through.
  • They sneakily edit the HTML in your browser so the page shows a transaction for ten times the amount originally mentioned.
  • They cry out in alarm, claiming they themselves must have typed in an extra zero and that they’ve accidentally refunded too much.
  • Then they burst into tears, or turn on the emotional blackmail, claiming they (or you!) will be liable for the massive difference, so please, oh! please! won’t you help?

Their goal is to lure, browbeat, wheedle, threaten, cajole, beg and convince you to refund the “extra” money out of your own account.

After all, you can see the giant refund is there… except that it isn’t, because the item on the page is fake, with the HTML modified in memory to show a huge deposit and a vastly increased balance.

You’re scammed into thinking that they’ve made a mistake that will definitely get them in trouble, and could get you into trouble, too.

The crooks therefore hope to persuade you to help them “cover up” their mistake by withdrawing the “excess” from your own account and paying the non-existent “difference” back to them via some other channel.

While you might be sure that no criminal would ever catch you out with an apparently obvious trick like this, you’ll probably admit that, like most things, this sort of scam is only truly obvious the second time you see it or hear about it.

Travelling by bus is easy. Billions of people do it all over the world every week. But if you’ve ever taken a bus in a new town or city, you’ll know the uncertainty you face the first time you make a journey. Do you get off at this stop? Perhaps the next one is a bit closer? But what if the bus swoops into a tunnel and your next stop is hundreds of metres past your destination? How can you tell? And the simple answer is that you either need to ask someone else and trust their answer, or do an experiment and find out for yourself. Your next journey, if there is one, will be easy and certain. It’s during your first outing that you don’t know quite what to look for, and therefore when you are most likely to make a mistake.

Other common scams

Other common phone scams include:

  • Emailing you with an “receipt” for a fake transaction, such as a $79 Amazon charge you never made, but offering a “helpful” telephone support number you can call to disupte the “payment”.
  • Claiming to be from the tax office to discuss the “late payment” of the tax “penalty” in your latest “assessment”.
  • Pretending to be a police officer and reading out a list of “criminal charges” that could lead to your imminent arrest unless “fines” are swiftly paid.
  • Pressurising you into putting money in “high return” investment schemes, often backed by legitimate-looking but utterly bogus websites or mobile phone apps that simulate a healthy return.

Regular Naked Security readers know that these calls are just a pack of lies, so that although they’re a disruption and an annoyance, they’re not a direct danger.

But does your {child, grandparent, favourite aunt, cousin, not-so-technical friend} know they’re made-up garbage?

Perhaps not, if you look at Interpol’s latest report about cracking down on social engineering fraud.

Interpol’s definition of social engineering fraud is very much like our own, namely that it refers to “scams [that] manipulate or trick people into giving out confidential or personal information which can then be used for criminal financial gain.”

In a recent two-month global operation, dubbed First Light 2022, Interpol says that:

76 countries [took] part in an international clampdown on the organised crime groups behind telecommunications and social engineering scams. Police in participating countries raided national call centres suspected of telecommunications or scamming fraud, particularly telephone deception, romance scams, e-mail deception, and connected financial crime.

Although results are still coming in, Interpol claims that the operation has so far resulted in:

  • About 1770 locations raided worldwide.
  • About 3000 suspects identified.
  • About 2000 arrests of operators, fraudsters and money launderers.
  • About 4000 bank accounts frozen.
  • About $50,000,000 of illicit funds intercepted.

As Interpol notes, one of the scam back-stories used by these criminals is pretending to be from Interpol itself.

In some cases we’ve written up before, this sort of scam is sometimes used as a follow-up in order to rip off scared victims for a second time, by pretending to offer an “official” legal lifeline to recover some of the money they lost in the first part of the scam.

Of course, the reason that the “investigators” are so familiar with the details of how the scammers operated and how much the victim lost is not the result of good police work, but simply that the fake “police” are part of the same group that conducted the original scam.


What to do?

As Mark Rober’s video (see above) makes clear, busting 2000 suspected scammers and grabbing hold of $50m in ill-gotten gains is only a start.

Sadly, there are plenty more crooks where those 2000 came from, so:

  • Never be in a hurry to hand over personal information. Remember these two simple jingles: Stop. Think. Connect. And: If in doubt, don’t give it out!
  • Make sure your friends and family know where to look for genuine advice on how to spot scams. Don’t let them “learn” about scams by wandering into the hands (or onto the websites) of the scammers themselves.
  • If your friends or family warn you that you might be getting scammed, hear them out. Don’t let the scammers divide you from your loved ones as well as your money.

When it comes to personal data, whether that’s your username, password, home address, phone number, or anything else that you like to keep to yourself, remember this simple rule: If in doubt, don’t give it out.

Phishing goes KISS: Don’t let plain and simple messages catch you out!


Phishing goes KISS: Don’t let plain and simple messages catch you out!

We’re sure you’ve heard of the KISS principle: Keep It Simple and Straightforward.

In cybersecurity, KISS cuts two ways.

KISS improves security when your IT team avoids jargon and makes complex-but-important tasks easier to understand, but it reduces security when crooks steer clear of mistakes that would otherwise give their game away.

For example, most of the phishing scams we receive are easy to spot because they contain at least one, and often several, very obvious mistakes.

Incorrect logos, incomprehensible grammar, outright ignorance about our online identity, weird spelling errors, absurd punctuation!!!!, or bizarre scenarios (no, your surveillance spyware definitely did not capture live video through the black electrical tape we stuck over our webcam)…

…all these lead us instantly and unerringly to the  [Delete]  button.

If you don’t know our name, don’t know our bank, don’t know which languages we speak, don’t know our operating system, don’t know how to spell “respond immediately”, heck, if you don’t realise that Riyadh is not a city in Austria, you’re not going to get us to click.

That’s not so much because you’d stand out as a scammer, but simply that your email would advertise itself as “clearly does not belong here”, or as “obviously sent to the wrong person”, and we’d ignore it even if you were a legitimate business. (After that, we’d probably blocklist all your emails anyway, given your attitude to accuracy, but that’s an issue for another day.)

Indeed, as we’ve often urged on Naked Security, if spammers, scammers, phishers or other cybercriminals do make the sort of blunder that gives the game away, make sure you spot their mistakes, and make them pay for their blunder by deleting their message at once.

KISS, plain and simple

Sometimes, however, we receive phishing tricks that we grudgingly have to admit are better than average.

Although we’d hope you’d spot them easily, they might nevertheless have a good chance of attracting your attention because they’re believable enough, like this one from earlier today:

At 10:49 am [2] new emails were returned to the sender.

Click below to get a failed message.

Thank you for using Domain Manager

OK, so the English grammar and usage isn’t quite right, and our IT team would know who they are, so they wouldn’t sign off as [ Domain Manager ] …

…but if we were a smaller company, and we’d outsourced our IT and email services, this sort of message might not so obviously be out of place.

Also, these crooks have used the simple and effective trick of creating a clickable link in which the text of the link itself looks like a URL, as though it was your email software than automatically converted a plain-text-only URL unto a clickable item.

Of course, the email isn’t plain text; it’s HTML, so that the offending link is actually encoded like this…

<a href="somewheredodgy"></a>

…in the same way, but much more convicingly, than an email link such as…

Click <a href="someweredodgy">here</a> to see the message.

The link doesn’t take you to a real site, of course; it’s diverted to a server that was either set up for this specific scam, or hacked by the crooks to act as a temporary portal for collecting their data:

Fortunately, at this point the scam adheres to the KISS principle a bit too fiercely, relying on a web form that’s so stripped down as to be unusual, but it still doesn’t contain any obvious blunders other than the unexpected server name in the address bar.

Amusingly, because the hosting company that the criminals have used is based in Japan, turning JavaScript off results in an error message that we’re guessing the crooks didn’t care about (or perhaps were unable to change), giving you a JavaScript warning in Japanese:

Ironically, the web form works just fine without JavaScript, so if you were to fill in the form and click [Login], the crooks would harvest your username and password anyway.

As we often see, the scam page neatly avoids having to simulate a believable login by simply presenting you with an error message, until you your either give up, contact your IT team, or both:

What to do?

  • Don’t click “helpful” links in emails or other messages. Learn in advance how to find error messages and other mail delivery information in your webmail service via the webmail interface itself, so you can simply login as usual and then access the needed pages directly. Do the same for the social networks and content delivery sites you use. If you already know the right URL to use, you never need to rely on any links in emails, whether those emails are real or fake.
  • Think before you click. The email above isn’t glaringly false, so you might be inclined to click the link, especially if you’re in a hurry (though see point 1 about learning how to avoiding click-throughs in the first place). But if you do click through by mistake, take a few seconds to stop and double-check the site details, which would make it clear you were in the wrong place.
  • Use a password manager if you can. Password managers prevent you putting the right password into the wrong site, because they can’t suggest a password for a site they’ve never seen before.
  • Report suspicious emails to your own IT team. Even if you’re a small business, make sure all your staff know where to submit suspicious emails samples (e.g. Crooks rarely send just one phishing email to one employee, and they rarely give up if their first attempt fails. The sooner someone raises the alarm, the sooner you can warn everyone else.

When it comes to personal data, whether that’s your username, password, home address, phone number, or anything else that you like to keep to yourself, remember this simple rule: If in doubt, don’t give it out.

Ransomware with a difference: “Derestrict your software, or else!”


Ransomware with a difference: “Derestrict your software, or else!”
Ransomware with a difference: “Derestrict your software, or else!”

Just over a year ago, graphics card behemoth Nvidia announced an unexpected software “feature”: anti-cryptomining code baked into the drivers for its latest graphics processing units (GPUs).

Simply put, if the driver software thinks you’re using the GPU to perform calculations related to Ethereum cryptocurrency calculations, it cuts the execution speed of your code in half.

This restriction isn’t meant to protect you from yourself, for example to limit hardware damage if you try to drive the GPU too hard and cause it to overheat dangerously.

This is all about managing supply and demand.

Unfortunately for keen gamers, who love powerful GPUs because they improve their gaming experience with faster and more realistic graphics, cryptocurrency mining syndicates love good GPUs even more.

That’s because GPUs greatly accelerate the mining of Ethereum-based cryptocurrencies, with calculation speeds (or hashrates, as they are known in the jargon) anywhere from five to ten times higher than a normal CPU from the same amount of electricity.

Even more unfortunately for gamers, who might buy one or two GPUs each at a time, mining syndicates use their purchasing power to buy up GPUs in bulk.

This, in turn, encourages scalpers to buy in bulk too, aiming to sell their “second hand” cards well above new retail prices when official supplies run out.

Nvidia decided to appease its many avid gaming fans – surely the company’s most loyal long-term GPU customers, given that they actually want graphics cards for doing graphics – by splitting its processor card line in two.

Mining XOR Gaming

As Nvidia said last year:

To address the specific needs of Ethereum mining, we’re announcing the NVIDIA CMP [Cryptocurrency Mining Processor] product line for professional mining. CMP products, which don’t do graphics, are [… ]optimized for the best mining performance and efficiency. They don’t meet the specifications required of a GeForce GPU and thus don’t impact the availability of GeForce GPUs to gamers.


The idea is that GeForce GPUs run at full speed if used for graphics, but if used for Ethereum mining are deliberately hobbled by Nvidia’s Lite Hash Rate system, or LHR for short.

Public opinion at the time of the announcement was sharply divided, as a quick look at the many comments on last year’s article will reveal.

Naked Security readers reacted in many ways.

A gamer called Trillian said, “Good on Nvidia!”

Others claimed this LHR behaviour was unfair because they used their GPU cards for a mix of gaming and mining (intermingled, intriguingly, with comments from readers who claimed those claims were made up).

And a commenter called J Riley Castine was even more critical, wanting to know, “How is such a move […] not a violation of anti-trust laws?”

Exit light, enter night

Well, it looks as though this year-old community divide over LHR has spilled over into outright cybercrime.

Popular technology website Tom’s Hardware, amongst numerous other commenters, is reporting that cybercrime gang Lapsus$ claims to have hacked Nvidia and stolen a terabyte’s worth of data…

…only to issue what amounts to an unusual ransomware demand: Remove the Lite Hash Rate limiter, or else!

According to an IM screenshot posted by Tom’s Hardware, the alleged hackers wrote:


We decided to help mining and gaming community, we want nvidia to push an update for all 30 series firmware that remove every lhr limitations otherwise we will leak hw folder.

If they remove the lhr we will forget about hw folder (it’s a big folder) We both know lhr impact mining and gaming.



The hw folder (hw is short for “computer hardware”) alluded to above is the claimed 1TB of allegedly stolen data, apparently including card schematics, driver and firmware code, internal documentation, and more.

Ironically, in the same message thread, these hackers also claim to be selling their own “LHR unlocker” for some Nvidia cards, although the underground market for such a cracking tool would clearly evaporate if Nvidia were to remove the LHR restrictions for everyone.

Perhaps the alleged existence of this darkweb LHR unlocker is supposed to make Nvidia feel even more pressurised, on the grounds that an LHR bypass could be made public anyway, so the company might as well go along with the blackmail demand?

What to do?

It’s hard to know what to believe when messages of this sort start circulating.

Did the hackers actually get in to start with? Did they really manage to steal the information they’re claiming? Was this a conventional ransomware attack, aiming at both stealing and scrambling data for extra leverage? If so, and we therefore assume that the data scrambling part was thwarted, why should we believe any of the boasts in the messages? Do the crooks really have an LHR unlocker of their own to add to the drama?

We may never know the answers to these questions, but we can learn from the allegations anyway, which reiterate the importance of defence-in-depth.

Defence-in-depth not only involves multiple layers of proactive protection aimed at early threat detection and prevention, but ideally also needs ongoing threat assessment and response, in order to figure out what really happened if anomalies are detected.

As the self-styled Nvidia hackers say:

We were into nvidia systems for about a week, we fastly escalated to admin of a lot of systems. We grabbed 1TB of data.

Whether that’s is true or not in this case, it does describe the nature of many modern cyberattacks, which aren’t simply automated “smash, gran and run” sallies any more.

Modern cyberintrusions typically involve human-led network exploration, privilege escalation, and data exfiltration, often over an extended period.

Intruders with administrator powers often introduce backdoors along the way, or add extra network accounts for themselves, thus giving themselves a quiet and easy way back in next time…

…if you don’t take the trouble to seek-and-destroy the boobytraps they left behind this time.


If you need any help with your IT security or suspect your system is compromised, don’t hesitate to contact us at JohnCruzIT.

Wormhole cryptotrading company turns over $340,000,000 to criminals


Wormhole cryptotrading company turns over $340,000,000 to criminals

To misquote (and, indeed, to mispunctuate) Charles Dickens: it was the best of blockchains; it was the worst of blockchains.

This week, cryptocurrency company Wormhole lived up to its name by exposing an exploitable vulnerability that apparently allowed cybercriminals to run off with an eye-watering 120,000 Ether tokens.

Assuming a conversion rate of ETH1 = US$2800, that comes out close to $340,000,000.

You’ll find mention of this cyberheist on Wormole’s Twitter feed (@wormholecrypto), under an apparently un-ironic heading that describes the company’s business as:

Interoperability protocol powering the seamless transfer of value and information across 7 high value chains with just one integration”

“Seamless transfer” indeed!

Let’s rewrite history

As pointed out by Elliptic, a company that offers blockchain analytics to assist with compliance, the Wormhole team tried the same trick that was used by cryptocoin company Poly Networks when it was defrauded of more than $600,000,000 in August 2021.

The company apparently asked the crooks nicely, in a comment embedded in zero-value Ether transaction aimed at the criminals, to give the money back:

Printing out the input data above in ASCII text instead of as hexadecimal codes reveals an apparent offer to redefine the criminals as bona fide researchers and pay out a $10,000,000 bug bounty…

…if the crooks were to reveal the exploit they used:

We’re sure that anyone who thinks that ransomware payments should be illegalised – and there’s a vocal minority who think they should – will be aghast at this sort of retrospective offer to “give the money back and we’ll write the whole thing up (and off) as legitimate security research”.

Nevertheless, you can understand why a company in Wormhole’s desperate position might make the offer, even if it’s hard to imagine at first thought why crooks who had already – and apparently anonymously – made off with $340,000,000 would waive their anonymity in exchange for a fraction of the amount.

In the Poly Networks hack, the ruse seemed to work: the alleged hacker or hackers did utlimately return most of the stolen funds, with Poly Networks referring to them as “Mr White Hat”, telling them they could keep $500,000, and offering them a role as a security advisor to the business.

Thanks, but no thanks

This time, the cybercriminals don’t seem to have come to the party. Instead, vaguely mysterious blockchain startup Jump Crypto seems to have, hmmm, jumped in with money of its own to backfill the third-of-a-billion-sized, ahhh, wormhole opened up by Wormhole’s exploitable cryptocurrency code:
So, according to Wormhole“All funds have been restored and Wormhole is back up,” and, “The team is working on a detailed incident report and will share it asap.” Not a word about the disaster, however, on Wormhole’s blog or website, which still leads unashamedly with the words THE BEST OF BLOCKCHAINS in giant text… …albeit with an unintentionally hyper-accurate strapline underneath in tiny characters: “Move information and value anywhere.”

What to do?

As the saying goes, you couldn’t make this stuff up. So, as we did after the Poly Networks hack, where customers’ funds similarly vanished and later reappeared as if by magic, we’ll leave you with some general cryptotrading advice, rather than anything specific to this incident:
  • If you’re thinking of getting into the cryptocurrency scene, never invest more than you can afford to lose. And when we say “lose”, we mean “lose everything”, not merely “fail to make any profit”. There are more than 10,000 different cryptocoins currently in existence, many of which were kicked off by cash injections from early investors. Not all cryptocoins can or will follow the Bitcoin pattern of going from a few cents in value in 2010 to just under $40,000 each in February 2022. Even worse, some are unreconstructed scams in which the “creators” of the cryptocoinage collect startup funds from early investors in what’s known as an ICO (initial coin offering), only to run off without ever establishing a new cryptocurrency or trading site at all.
  • If you plan to buy and hold cryptocurrency, keep as much of you can offline in what’s known as a cold wallet. A cold wallet is an encrypted file that you keep where you won’t lose track of it, and where other people can’t use it unless they know your password. Be careful of trusting too much of your investment to hot wallet situations, where you need to trust other people totally, just so you can trade faster and more aggressively.
We started by misquoting Mr Charles Dickens, so we’ll end by reminding you that the quotation goes on to say, “It was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity.” Remember that trust is quick to evaporate precisely because it is supposed to take time to gain in the first place.

What to do?

We’ve always been happy to report on malware takedowns, cybercrime busts and other disruptions that have removed or reduced cybercriminality, but we’ve also always advised against relaxing too much when that sort of report appears.

Here’s our advice, whether this Emotet “revival” is the same criminals who’ve returned from takedown to active duty or new recruits; whether it’s the old malware code or a re-written variant; whether the new botnet has the same goals or yet more aggressive ones:

    • Old malware rarely actually dies. Sometimes, as happened with floppy disk boot sector viruses, malware families get killed off by technological changes. But the truth is that once a technique is out there, and is known to work, even modestly well, someone new is likely to copy it, re-use it, or revive it. So we live with the sum of the threats of the past as well as all the genuinely new tools, techniques and procedures that come along.
    • Don’t focus on individual malware families or malware types when planning your protection. Emotet may be well-known, and rightly feared, but its method of operation (MO) is widely copied in many, perhaps most, malware attacks these days, and this MO has been in use since malware first became a money-making game. In some senses, an initial infection by nmalware like Emotet is the end of one attack chain, because it doesn’t itself contain specific malware tools such as password stealers, keyloggers, cryptominers or ransomare scramblers. But it is also very much the start of a whole new attack chain, ready to receive and deploy “updates” or “plugins” – new malware samples that may vary over time, by region, by victim’s computer type, or simply at the whim of the criminals in command-and-control.
    • Consider managed threat response (MTR). If you don’t have the time or expertise to keep track of criminality on or against your network on your own, an MTR service can help you ensure that you chase back any attacks that you do detect to their root cause. Sometimes, this might be a weak password or an unpatched server, but often it’s down to “beachhead” malware like Emotet. If you find and remove only the end of the attack chain, but leave the entry point in place, then the command-and-control crooks behind that beachhead malware will simply sell you out to the next cybergang that’s willing to pay the asking price.

If you need any help with your IT security or suspect your system is compromised, don’t hesitate to contact us at JohnCruzIT.