Sorted Solution
Sorted Solution is providing today’s top businesses
with innovative IT Consulting, Help Desk Support and Technology Solutions
701 Fifth Avenue
42nd Floor
Seattle, WA 98104
SECURITY CORNER: How to Know If Your Login Credentials Have Been Compromised in a Security Breach
/in News, Security Corner /by Jude PacisThis article is about how to know if your login credentials have been compromised in a security breach and what you can do about it.
As you continue to evaluate your options for using a password manager, and assessing your current security stance, we would like to share an industry-leading security website that tracks company breaches from across the world that will let you know if your email or password has been compromised in a security breach.
But first, let’s define “breach.” A breach is an incident where data is inadvertently exposed. This usually happens because there are insufficient access controls or there are security weaknesses in the software. In either case, it means your personal and/or business information is at risk for misuse.
Where To Check if Your Login Credentials Have Been Compromised in a Security Breach:
To check if your PASSWORD has been compromised, go here: www.haveibeenpwned.com/Passwords
These web pages will check your addresses and passwords against known data that may have become compromised due to company breaches over the past several years. There is no login required and the web interface is easy to use.
What To Do If Your Login Credentials Have Been Compromised in a Security Breach:
After checking your common email addresses and passwords, if you find that your login information has been compromised, we highly recommend making some changes. Review your logins and change the ones using compromised passwords to something unique for the specific site. If your email address was compromised, change the password for that email account too.
The best practice for creating a strong password is to include letters, numbers, special characters, and to make it at least twelve characters long.
How to Prevent Your Login Credentials from Being Compromised in a Security Breach:
Also, now would be an excellent time to start using a password manager, like LastPass, to help keep all these new passwords easy to track and secure.
If you would like guidance or assistance in setting up your firm with a password manager, please let us know. Your team at Sorted Solution is here to help.
If you think your login credentials have been compromised in a security breach, take a look on www.haveibeenpwned.com and follow the steps above.
Phishing Scam Notice
/in News /by Jude PacisAn increasing number of clients have contacted us about questionable emails that they are receiving, appearing to come from known contacts they do business with locally. These phishing emails appear to come from known contacts of the client and direct the recipient to the legitimate DropBox web site (See screen shots below). DropBox requests the recipient to download a PDF document, and when clicked, asks the user to enter their Office 365 Outlook login username and password to complete the request.
If you receive one of these emails, please forward a copy to us. We will review the email and direct you to delete it if it is considered phishing. If it is a phishing email and you know this business or contact, this means the sender’s email account has been compromised and you should contact them by phone to inform them. We have also learned the phone numbers in the phishing email’s footer has been changed, so please use a known phone number from your own contact database and use this fact as another indicator of a phishing email attempt.
Here is what to look for:
Clicking on the attached PDF brought them to a realistic-looking DropBox web page.
However, the three items that should make you pause are highlighted below.
When clicking on the link, you were taken to a fake Microsoft site and asked to enter login credentials to access Outlook. However, as you can see, the address bar does not list office.com. My password manager LastPass (the highlighted icon on the right) does not attempt to automatically fill my office.com credentials because it does not recognize this site, regardless of what I see on the screen. And lastly, you would not be prompted to log into Outlook to open a file from DropBox when you are on the DropBox web site.
Help avoid becoming a victim of having your account hacked or accessing fraudulent sites by clicking on a link in an email you receive. Sorted Solution has three recommendations:
If you would like assistance setting up Two Factor Authentication or a Password Manager like LastPass, please send us an email. And as always, if you have questions about suspicious emails you receive or links you might have clicked on, we’re here to help.
Goodbye, Flash
/in News /by Maria CoderYou may have noticed for a while now that Adobe has blocked Flash content from working on your computers and devices, that’s because Flash has officially been retired. Adobe stopped supporting Flash on December 31st and as of Tuesday (Jan 12, 2021) it’s blocking all Flash content. Adobe is suggesting users uninstall Flash Player to help protect their systems as there will be no more security patches moving forward. You’ll find instructions on how to do this, as well as the reasoning behind it here.
Basically, Flash had been on the chopping block since 2017 as it was no longer as frequently used and was being phased out across major web browsers. While the retirement has mainly been a minor inconvenience, it posed a real problem for some people, particularly in the city of Dalian in China — that’s because they were using Flash to run their railroad system!
Slashdot reports commuters were late to work at first but the railroad’s technicians were able to get back up and running using a knockoff version of Flash.
Security Corner: Beware of Fake Emails
/in News /by Jude PacisWe have all seen it, those emails that appear in our inbox that have a subject of “Your service will be disconnected unless you act now,” “Reset your password now,” and “There’s a problem with your account.” Some of these look like the real thing and your instinct might be to immediately address the request but BE CAREFUL. Before you click a link, open an attachment, or respond, to the email, be sure to check a few things:
Here’s a real-world example of a scam email:
Imagine you saw this in your inbox. Do you see any signs that it’s a scam? Let’s take a look.
The email looks like it’s from a company you may know and trust: Netflix. It even uses a Netflix logo and header.
The email says your account is on hold because of a billing problem.
The email has a generic greeting, “Hi Dear.” If you have an account with the business, it’s unlikely you’ll see a greeting like this.
The email invites you to click on a link to update your payment details.
While, at a glance, this email might look real, it’s not. The scammers who send emails like this one do not have anything to do with the companies they pretend to be. This is a phishing email, where scammers are looking to obtain your personal information and can have real consequences.
If this does pass the “sniff” test and you click on a link, and you are sent to what appears to be a company website, but your password manager software doesn’t auto-populate the login, you might be at a scam site. Close your browser, and don’t go any further.
If you suspect you’re the recipient of a scam or phishing email, go directly to the web site from a new browser session and log into your account. Type in the website you know or Google it, don’t paste the link from the email. Banks, credit card companies, service providers will mostly likely send you a notice within your account if there is a problem or if they need something from you. Or, you may call the customer service department of the company and inquire about the request directly.
Alternatively, you can always forward your questionable emails to us at hello@sortedsol.com and we’ll help determine if it’s legitimate or not.
Security Corner: Time to Check Google Chrome is Up to Date
/in News /by Jude PacisGoogle has released a critical patch to address new Zero-Day vulnerabilities that can impact Google Chrome. By default, Chrome is set up to auto-update but if when you first installed Chrome you happened to select to manually update, you’ll need to that now. If you’re unsure where you stand, here’s how to check:
If you see a message that reads: Google Chrome is up to date, you’re up-to-date.
If you learn you’re not up to date, then please click the Update option on the About Google Chrome page to initiate the Chrome update process.
Google recently found security vulnerabilities in Chrome and this update patches those security vulnerabilities. It’s important to keep software up to date all the time, and particularly around the holidays when scammers tend to up their efforts. As an aside, please remember to not open any emails, click on links, or open any attachments from people that you don’t know. Also, even if you do know the sender, if something feels off, call or email that person from a new email that you create, to check if they’ve indeed contacted you.