Death, Taxes and Identity Theft: Life’s 3 Certainties

Posted on


Tara SealsBy: Tara Seals                                                                                                                             US/North America News Reporter, Infosecurity Magazine

It’s tax season again, the most wonderful time of the year for the US government, and taxpayer attitudes about identity theft are leaving much of the public vulnerable.

In its second annual Tax Season Risk Report, CyberScout, most Americans (58%) are not worried about tax fraud in spite of federal reports of 787,000 confirmed identity theft returns in 2016, totaling more than $4 billion in potential fraud.

Only 35% of taxpayers demand that their preparers use two-factor authentication, which is far more secure than a single password, to protect their clients’ personal information. The majority (56.5%) were not sure whether their preparer would follow this best practice, were not offered it or didn’t require it.

Also, half of all taxpayers (50%) who use a tax service weren’t sure how to evaluate them, chose someone online or didn’t screen them beforehand, leaving the taxpayer vulnerable to scams.

On the at-home front, less than a fifth (18%) use an encrypted USB drive, a secure way to save important documents like tax worksheets, W-2s, 1099s or 1040s. Another 38% either store tax documents on their computer’s hard drive or in the cloud, both approaches that are susceptible to a variety of hacks. And, the majority (51%) of taxpayers who expect a refund check in the mail have not taken precautions such as a locked mailbox, putting their check at risk of theft.

More than half (57%) of consumers will file in March, April or later than the April 15 deadline, giving tax fraudsters plenty of time to impersonate them online and steal their refunds.

“We’ve reached an extreme level of cybercrime where identity theft has become the third certainty in life. In tax season, it is crucial that everyone remain vigilant and on high alert to avoid tax related identity theft or phishing schemes,” said Adam Levin, founder and chairman of CyberScout, making a seasonal joke. “Tax season is one of the most common times for identity fraud to take place, making it even more important for consumers to take the proper safety measures.”

One of the safest ways for consumers to file their 2016 tax return is to file online directly with the Internal Revenue Service (IRS). Unfortunately, less than half of taxpayers (48%) rely on and trust online tax services. Nearly a quarter (24%) of respondents do not trust online tax services because they think they are unsafe, a misperception that can lead to exposure.

CyberScout recommends the following techniques for consumers to protect themselves:

Always use long and strong passwords.

Never authenticate yourself to anyone who contacts you online or by phone, since the IRS will never contact you by those methods.

Use direct deposit of refunds into your bank account or a locking mailbox for mailed refunds.

Monitor and protect your accounts and elements of your personal identity online and in social media. It’s easy for hackers to figure out answers to security questions from social media.

“In order to reduce the risk of becoming a tax identity theft victim, consumers need to follow the 3Ms: Minimize their risk of exposure, monitor your accounts and your personal identity, and know how to manage the damage,” noted Levin. “If the worst happens, victims of identity theft should turn to organizations they trust, including their insurance provider, financial services institution, or the HR department of their employer, who offer low-cost or free cyber-protection services to protect and restore stolen identities.”

Silly Spammers: Email Scam Company Compromises Itself With Bad Data Backup

Posted on

By Douglas Bonderud

Spam sucks. But as Information Age stated, scammers love it — mostly because it works. Despite increasing aspamwareness of spam email, campaigns attackers still find success, especially during popular holidays or in the wake of news-making headlines about data compromise or security failures.

But thanks to some bad data backup techniques, one prolific spammer group known as River City Media (RCM) compromised their own servers and let security researchers grab an inside look at day-to-day scam operations.

‘Legitimate’ Operations

CSO Online explained that security pros are familiar with RCM — the company bills itself as a legitimate marketing agency, but at one point was sending out more than 1 billion emails per day in an effort to grab and leverage consumer email addresses and personal data. The company uses a number of methods to obtain this information, including CoReg, which sees users signing up for a notification service or email newsletter and then having their address shared — without permission — among spam producers.

RCM also leveraged warm-up accounts, which are email addresses owned by the company that won’t report its chain of spam emails. Once they’ve sent enough messages, legitimate email service providers or affiliate programs mark them as “not spam” and provide access to the internet at large.

Another tactic? Aged domains. These older senders are naturally more trustworthy than newly created email addresses, making it easier to slip spam past filters.

To achieve their billions of emails per day mark, RCM also used a type of Slowloris attack. They opened multiple connections with a Gmail server and then sent fragmented response packets very slowly, all while requesting new connections. This stressed the server without disabling it, making it seem like the action isn’t really a spam attack.

Just Desserts for Poor Data Backup

As Computerworld noted, somebody at RCM forgot to properly lock down their data backup, in turn allowing MacKeeper security researcher Chris Vickery to infiltrate their servers and see exactly how they do business. The result was evidence of nearly 1.4 billion compromised email accounts tied to real names, IPs and even physical addresses.

Vickery discovered that despite the company only employing around a dozen people, it managed to leverage a combination of “automation, years of research and a fair bit of illegal hacking techniques” to blast out billions of emails, Computerworld reported.

In a bit of poetic justice, RCM frontman Alvin Slocombe sent out an internal email in February asking staff to change their Skype and HipChat passwords for fear that the company had been hacked. Instead, someone improperly configured their Rsync server and made it possible for Vickery to walk right in and look around.

It’s a rare case of things good right for the good guys, but it’s also a wake-up call: With less than 20 people, RCM managed to rank in the top 10 on the Register of Known Spam Operations (ROSKO) database maintained by Spamhaus. The company also used a variety of techniques to keep consumers on the hook and generate new leads.

The takeaway for companies and consumers? Don’t underestimate the power of spam. While scam operators are prone to mistakes just like everyday users, they’ve got the advantage with easy access to share, compromise and continually blast email addresses worldwide. A look behind the curtain reveals both sound and fury and it makes it patently obvious: Email remains the key battleground for solid network security.

How secure is your network?

Posted on

Most hackers claim they can break target systems in under 12 hours.

It also takes less than a day in total to finish the job and steal valuable data.


Content courtesy of Charlie Osborne for Zero Day and ITG Corporation.

According to new research, the majority of hackers claim they can break through cybersecurity defenses and infiltrate their target’s systems within hours.

At ITG, we provide your business with a comprehensive network security audit that outlines potential vulnerabilities. Our approach provides your company with an outline of potential security threats, and addresses security risks pertinent to your business.

In a confidential survey of 70 professional hackers and penetration testers conducted at the DEFCON conference this year in Las Vegas, Nevada, 17 percent of hackers claimed it would take them no longer than two hours to breach a target. More than half of the respondents said they changed their tactics with every target, but traditional countermeasures such as firewalls and antivirus programs rarely proved to be a barrier. However, when it comes to endpoint security, modern solutions are considered a more effective way of preventing attacks.

ITG provides modern solutions and will help you deal with these potential intruders. Our external and internal scans evaluate your company’s ability to protect its network infrastructure, applications, endpoints and users from any network security breach. We use comprehensive intrusion detection services that provide your business with an effective means of anticipating emerging security risks and preventing unauthorized access to critical systems and valuable information.

Consider this: Almost two-thirds of hackers, 65 percent in total, said their biggest frustration is that most organizations did not bother to fix the vulnerabilities and security weaknesses they discovered. Isn’t it time you addressed your network vulnerabilities? Contact ITG for a free assessment 518.479.3881 or

We have the network security expertise to help you plan, install, optimize and manage the complex network infrastructure that enables your critical business applications.


FBI chief calls for private sector to help battle cybercrime

Posted on Updated on

As the FBI has been expanding and retooling its approach to cyber investigations, Director James Comey stresses need for CISOs to engage with the bureau.

By Kenneth Corbin, Freelance Writer, CIO | MAR 9, 2017 6:21 AM PT

Cybercriminal courtesy Thinkstock

CHESTNUT HILL, Mass. — FBI Director James Comey has tough words for private sector firms that won’t engage with federal law enforcement authorities on cybersecurity, an area where the bureau has been dramatically expanding its investigation and prosecution efforts.

In a keynote address at a cybersecurity conference at Boston College, Comey lamented that most incidents of intrusion and attacks against U.S. businesses go unreported. But when a victim does report a breach to the FBI, such as the damaging attack against Sony in 2014 that was attributed to North Korea, agents will have a much easier time investigating and helping businesses mitigate the damage if they are already somewhat familiar with the target’s systems.

FBI chief calls for private sector to help battle cybercrime

As the FBI has been expanding and retooling its approach to cyber investigations, Director James Comey stresses need for CISOs to engage with the bureau.Comey

Sony had taken the time to get to know us,” Comey said, describing a rapid response to that incident where agents with a baseline familiarity with Sony’s systems could hit the ground running.

“If you are the chief information security officer [CISO] of a private enterprise, and you don’t know someone at every single FBI office where you have a significant facility, you’re not doing your job. Know that you’re pushing on an open door,” Comey said. “We’re not looking to know your private information, but we need to know you in a way so we can help you in a difficult circumstance.”

Comey described a multi-pronged initiative underway at the FBI to crack down on cybercrimes that involves recruiting and hiring more cyber experts, improving engagement with outside partners — including the private sector — and rethinking the bureau’s traditional approach to working cases. The bureaus is also working to bolster deterrence both through hardening systems that might be targeted and winning convictions in more criminal cases.

[ Related: FBI’s top 10 most wanted cybercriminals ]

Comey also indicated that he intends to serve out the remaining 6 1/2 years of his term, despite speculation that he might step down amid tensions with the White House.

He did not address his reported request for the Justice Department to issue a statement refuting President Trump’s assertion that his campaign had been wiretapped by former President Obama, nor the unfolding probe into Russian hacking of political targets during the election. Comey participated in a brief question-and-answer session with audience members following his keynote address, but did not take questions from reporters.

A spectrum of threats, an ‘evil layer cake’

He did offer that nation-states comprise the most dangerous enemies in the “stack” of cyber adversaries, followed by multi-national hacking syndicates, insider threats, hacktivists and terrorists, the least menacing element of what Comey calls “an evil layer cake.”

“The reason I put them at the bottom of the stack is that terrorists are adept at using the internet to communicate, to recruit, to proselytize, but they have not yet turned to using the internet as a tool of destruction in the way that logic tells us certainly will come in the future,” Comey said.

Regardless of what type of actor initiates the attack, the FBI is looking at cyber events in a fundamentally different way than conventional crimes that have a clear physical location. If a pedophile is under investigation for crimes in San Francisco, say, the San Francisco field office of the FBI would handle the case. Not so with cyber. Comey said that the bureau is assigning those cases, where the perpetrators could be up the street or halfway around the world, to the field offices that best demonstrate “the chops” to handle specific cyber investigations. So even if a bank in New York was the victim of a cyberattack, the field office in Little Rock, Ark., potentially could take the lead on the case, with support from other offices that might need to conduct investigative work on the physical premises.

“Whichever field office has demonstrated the best ability on that, we’re going to give it to that field office,” Comey said. “This has a not-unintended consequence of creating competition within the FBI.”

Private sector has edge for hiring top cyber talent, money

In addition to reorienting the bureau’s internal approach, Comey said that the FBI is trying to step up its recruiting efforts to bring in the next wave of cyber experts, though he acknowledges that competing with private-sector for top talent is a perennial challenge.

“Here’s the challenge we face: we cannot compete with you on dough,” Comey said. “The pitch we make to people is come be part of this mission. Come be part of something that is really hard, that is really stressful, that does not pay a lot of money, that does not offer you a lot of sleep. How awesome does that sound? The good news is there’s a whole lot of people — young people — who want to be part of that kind of mission, who want to be part of doing good for a living.”

But the difficulties in winning over converts to the bureau’s mission are also tied up in a deeper problem, the same perception of the government as an adversary — or at least something to be avoided — that has clouded relations with some in the private sector.

[ Related: FBI v. Apple: One year later, it hasn’t settled much ]

Comey wants to dispel the notion of the FBI as “the man,” in the Big Brother sense.

“We have to get better at working with the private sector,” he said, decrying firms that are subject to a ransomware attack who opt to pay the ransom and enlist a security consultant to help clean up the mess without alerting law-enforcement authorities.

“That is a terrible place to be,” he said. “It is a great thing to hire the excellent private-sector companies that are available to do attribution and remediation, but if the information is not shared with us, we will all be sorry. Because you’re kidding yourself if you think I’ll just remediate this thing and it will go away, because it will never go away.”

Paying ransoms, he argues, only emboldens the criminals, and keeping details of the breach in-house hinders law-enforcement authorities from tracking down the perpetrators.

Plea to tech companies to resist outfitting products with unbreakable, default encryption

Comey put in another plug for tech companies to resist the impulse to outfit their products with unbreakable, default encryption, recalling the highly publicized showdown between the FBI and Apple, while calling for all parties in the debate to resist the urge to resort to “bumper-stickering” the other side and rejecting the suggestion of an inherent tradeoff between privacy and security as a false choice.

“It is short-sighted to conclude that our interests are not aligned in this,” he said. “We all value privacy. We all value security. We should never have to sacrifice one for the other.”

Can Americans Catch a Phish? 1 in 4 Take the Bait

Posted on Updated on

December 16, 2015

Phishing email scams attempt to lure people in by mimicking real emails from big companies so perpetrators can do things like install malware on your computer, access your bank account or even steal your identity. So how savvy are we when it comes to differentiating the real from the fake? To find out, we partnered with our friends at NBC’s TODAY show to create a quiz that tests your phishing email smarts.

So far, over 20,000 Americans have taken the quiz, developed from real emails that ESET security researchers collected and analyzed. First, if you haven’t already, take the quiz yourself—then read on (no peeking!) to see how you compare. (Note: The quiz works best in Chrome, Firefox or Safari browsers.)

Can you catch the phish?

You’ve got a bunch of emails that look like they’re from companies you’ve done business with. Can you tell which ones are phishes?

Take the Quiz!

What do the results reveal?

Fully 25% of people cannot consistently identify phishing emails (they missed correctly identifying one or more phish or non-phish). The question most often answered incorrectly was this Target email—it was not a phish, but 61% thought it was.


However, cybercriminals often do spin up phishing schemes to take advantage of vulnerable people and brands in crisis, as happened after the Anthem hack in early 2015, so it’s good to remain vigilant.

The phishing emails that fooled people most often were the Amazon and FedEx emails. One in five people were taken in by this:


Upon scrutiny, you can discern several clues. Amazon’s logo appears squished, and there are several grammatical errors at the end—unlikely in a real email from the world’s biggest retailer.

With this FedEx email, 22% of people were tricked.


The tell? Asking you to download an attachment—especially if it does not seem to match the content in the email—is suspicious. Downloading an attachment like this can deliver malware to your computer, often without you even knowing you have been infected.

Here is the breakdown from each email question, so you can see how you compare:

  • Southwest: 89% correctly identified this as a phish
  • Amazon: 79% correctly identified this as a phish
  • Google: 53% correctly identified this as NOT a phish
  • Apple: 87% correctly identified this as NOT a phish
  • FedEx: 78% correctly identified this as a phish
  • PayPal: 96% correctly identified this as a phish
  • Gap: 68% correctly identified this as NOT a phish
  • Target: 39% correctly identified this as NOT a phish

 So what does this all mean?

[…]Research indicates that phishing scams are still a major way that cybercriminals take advantage of people and businesses. It’s important for us to constantly educate the public, for businesses to educate employees, and for parents to educate kids… and kids to educate parents and grandparents!

The data show that one in four people still get things wrong, and once is all it takes. The basic lesson here is to always exercise caution and promote safe Internet practices.

ITG Client Companies’ Email Is Secure

Posted on

You can improve productivity and eliminate the hassles of in-house servers

ITG offers Secure Hosted Exchange, an email system that gives companies control of their email without the complications and expense of managing their own servers.
And, with SecureTide™ built right into the system, companies have peace of mind knowing they are getting the best spam and virus protection in the business.


  •     Easy, Web-based Access
  •     New Email Archiving Capabilities
  •     Unlimited Mailbox Storage
  •     Embedded Premium Spam and Virus Protection
  •     Optimized Performance
  •     Outlook 2016 or 2013 for PC or Outlook 2016 for Mac

For more information on Secure Hosted Exchange, visit our website,, or contact us at 518.479.3881 or

Gmail hack: Even tech-savvy users fooled by sophisticated phishing technique

Posted on

By, Serina Sandhu, January 17, 2017

Even tech-savvy Gmail users are falling victim to hackers who steal their login credentials, according to a security expert, who notes that increasingly sophisticated phishing techniques are being employed.

How does it work?

The hacker will first send you an email, which includes an attachment, according to Mark Maunder, the CEO of WordPress security plugin, Wordfence.

When you click on the attachment to preview it, a new tab opens to what looks like a Gmail login page. However it isn’t genuine. If you enter your email and password, hackers will have stolen your credentials and have full access to all of your emails.

But why would I open the email from a random person in the first place?

Because the hackers have devised the email to look like it comes from one of your contacts, someone who is likely to have already been hacked by them.

The email will contain a subject line and the attachment from the contact may look familiar – they may use a subject line that your contact has used before – and rename the attachment to something plausible.

Once the hackers gain access to your emails, they will look for future targets they can send the phishing emails to.

Won’t I know something fishy is going on when I’m asked to login again?

Not necessarily, because the hackers have been very sophisticated when creating the phishing technique.

When you open the attachment and a new tab pops open, the URL will look something like:


That’s not a far cry from what it is meant to look like on the legitimate Gmail login page:

And the login box, where you enter your email and password, looks like the real one.

How long has this phishing technique been going on for?

It’s been gaining popularity over the last year.

Surely if you’re tech savvy, you’re safe?

Sadly not. Even “experienced technical users” have become victim to the hacks, says Mr. Maunder.

So how do I stay safe?

There are some checks you can do before typing in your login details:

First, check the URL to see if it begins with: data:text.

Second, if you widen out the bar, you will see there is a lot of blank space which may not be visible at first. After the blank space is the file that actually opens in a new tab, informs Mr. Maunder.

Also check to see if the URL has been verified. Depending on your internet browser, the https:// might be in green, and there may be a padlock symbol before it.

You can also enable a two-factor authentication for logging in to your Gmail. So on top of the username and password, there would be an extra layer of security that will require an extra piece of information.

What if my account has already been hacked?

It would be best to change your password straightaway. Also you can check your login history to find logins from unknown sources.

Mr. Maunder also recommends using a security researcher who can check if your email has been part of data leaks, but adds: “There is no sure way to check if your account has been compromised.”

When I contacted Google for a comment, they pointed to Prevent & report phishing attacks page.

Google’s statement:

“We advise people to be careful anytime you receive a message from a site asking for personal information. If you get this type of message, don’t provide the information requested without confirming that the site is legitimate. If possible, open the site in another window instead of clicking the link in your email. You can report suspicious messages directly to us. Google will never send unsolicited messages asking for your password or other personal information.”

House Passes Long-Sought Email Privacy Bill

Posted on

Courtesy of:

Krebs on Security, February 7, 2017

In-depth security news and investigation

On Monday of last week, The U.S. House of Representatives approved a bill that would update the nation’s email surveillance laws so that federal investigators are required to obtain a court-ordered warrant for access to older stored emails. Under the current law, U.S. authorities can legally obtain stored emails older than 180 days using only a subpoena issued by a prosecutor or FBI agent without the approval of a judge.

The House passed by a voice vote The Email Privacy Act (HR 387). The bill amends the Electronic Communications Privacy Act (ECPA), a 1986 statute that was originally designed to protect Americans from Big Brother and from government overreach. Unfortunately, the law is now so outdated that it actually provides legal cover for the very sort of overreach it was designed to prevent.

Online messaging was something of a novelty when lawmakers were crafting ECPA, which gave email moving over the network essentially the same protection as a phone call or postal letter. In short, it required the government to obtain a court-approved warrant to gain access to that information.

But the U.S. Justice Department wanted different treatment for stored electronic communications. Congress struck a compromise, decreeing that after 180 days email would no longer be protected by the warrant standard and instead would be available to the government with an administrative subpoena and without requiring the approval of a judge.

HR 387’s sponsor Kevin Yoder (R-Kan.) explained in a speech on the House floor Monday that back when the bill was passed, hardly anybody stored their personal correspondence “in the cloud.” He said the thinking at the time was that “if an individual was leaving an email on a third-party server it was akin to that person leaving their paper mail in a garbage can at the end of their driveway.”

“Thus, that individual had no reasonable expectation of privacy in regards to that email under the Fourth Amendment,” Yoder said.

Lee Tien, a senior staff attorney with the Electronic Frontier Foundation (EFF), said a simple subpoena also can get law enforcement the following information about communications records (in addition to the content of emails stored at a service provider for more than 180 days):



-local and long distance telephone connection records, or records of session times and durations;

-length of service (including start date) and types of service utilized;

-telephone or instrument number or other subscriber number or identity, including any temporarily assigned network address; and

-means and source of payment for such service (including any credit card or bank account number), of a subscriber to or customer of such service when the governmental entity uses an administrative subpoena authorized by a Federal or State statute or a Federal or State grand jury or trial subpoena.

The Email Privacy Act does not force investigators to jump through any additional hoops for accessing so-called “metadata” messaging information about stored communications, such as the Internet address or email address of a message sender. Under ECPA, the “transactional” data associated with communications — such as dialing information showing what numbers you are calling — was treated as less sensitive. ECPA allows the government to use something less than a warrant to obtain this routing and signaling information.

The rules are slightly different in California, thanks to the passage of CalECPA, a law that went into effect in 2016. CalECPA not only requires California government entities to obtain a search warrant before obtaining or accessing electronic information, it also requires a warrant for metadata.

Activists who’ve championed ECPA reform for years are cheering the House vote, but some are concerned that the bill may once again get hung up in the Senate. Last year, the House passed the bill in an unanimous 419-0 vote, but the measure stalled in the upper chambers of the Senate.

The EFF’s Tien said he’s worried that the bill heading to the Senate may not have the support of the Trump administration, which could hinder its chances in a Republican-controlled chamber.

“The Senate is a very different story, and it was a different story last year when Democrats had more votes,” Tien said.

Whether the bill even gets considered by the Senate at all is bound to be an issue again this year.

“I feel a little wounded because it’s been a hard fight,” Tien said. “It hasn’t been an easy fight to get this far.”

The U.S. government is not in the habit of publishing data about subpoenas it has requested and received, but several companies that are frequently on the receiving end of such requests do release aggregate numbers. For example, Apple, Facebook, Google, Microsoft and Twitter all publish transparency reports. They’re worth a read.

For a primer on protecting your communications from prying eyes and some tools to help preserve your privacy, check out the EFF’s Surveillance Self-Defense guide.

Protect Your Phone from Secret Spyware

Posted on

Reprinted from ITG’s January issue of Tech News

By Kim Komando, © 2017 Tulsa World syndicated under contract with NewsEdge.

For millions of Americans, the smartphone has become one of the most important tools in their lives. Your phone tracks your movements, absorbs emails and text messages and notifies you of every birthday and appointment. Every second, information floods your smartphone. Unless you switch them off, your apps are working round the clock, obeying your every setting and preference.

All day long your phone is churning private data through its circuitry, and if criminals can break into your phone, they can steal all kinds of things, from banking details to compromising photos and video. These thieves don’t have to steal your actual phone. They may not even be located in the same country.

How do they do it? Spyware, which is kind of like a computer virus, except instead of messing up your hard drive, it enables strangers to snoop on you. Skilled hackers can install spyware on your phone without you even realizing it.

Once it’s on your phone, spyware can record everything you do, from sending text messages to shooting video of your family reunion. Hackers may break into private accounts, commandeer email and even blackmail their victims.

Keep in mind, “spyware” is a vague and multi-faceted term, and it’s not always malevolent. Some parents install a kind of spyware on their kids’ smartphones in order to keep track of their activities. Managers sometimes keep tabs on their employees by watching what they do on their company computers. I don’t endorse this behavior, and I think there are much healthier ways of watching kids and employees, but this kind of spyware isn’t intended to ruin your life.

Don’t click strange links. The easiest way to avoid contracting spyware is this: Don’t click strange links. If you receive an email from a suspicious stranger, don’t open it. If you receive an email or text from someone you do know but the message seems peculiar, contact your friend by phone or social media to see whether the message was intended.

This might sound obvious, but sometimes our curiosity gets the better of us. When a link appears, some of us struggle to avoid clicking it, just because we want to know where it leads. Other times, an authentic-looking email is actually a phishing scam in disguise. If you’re the least bit doubtful, don’t click.

Lock your phone. Some types of phones are more susceptible to spyware than others. (More about this below). But owners can dramatically reduce their chances of infection by locking their phones. A simple PIN will deter most hackers.

Also avoid lending your phone to strangers. Yes, some people honestly forget their chargers at home and urgently need to call their spouses. But a clever con artist only needs your unlocked phone for a minute to cause a lot of damage. In this case, being a Good Samaritan is risky business.

Androids and spyware. The bad news is this: Android phones are particularly vulnerable to spyware. It’s simple to install a spying app on any Android gadget, but only once you get past the lock screen.

To protect yourself, make sure you have the lock screen turned on and no one knows the PIN, password or pattern. You can make it even harder by blocking the installation of third-party apps. To do this, go to Settings; Security and uncheck the Unknown Sources option. It won’t stop a really knowledgeable snoop, but it could stump less-savvy ones.

iPhones and spyware. Apple users can get pretty smarmy about their products. If you own an iPhone, you probably already know that your phone is far safer from malware than Android gadgets. A recent “Forbes” study showed that nearly 97 percent of all known malware threats only affect Android devices.

That’s good news for Mac addicts, but it can also make owners overconfident. Last August, Apple had to release an extremely critical iOS update to patch a security threat. Before the update, an attacker could take over and fully control an iPhone remotely just by clicking the right link.

Investigators learned that this kind of attack was called Trident, and the spyware was called Pegasus. The latest iOS was partly designed to prevent these exploits from damaging your iPhone. This is just one reason you should keep your iPhone up to date.

To get the latest version of iOS, go to Settings; General; Software Update. Your device will then automatically check for the latest version of the Apple operating system.

Secondhand smartphones. Beware the secondhand smartphone. Sometimes they’re handy, because a jail-broken phone is cheap and disposable and may work with many service providers. But they may also come with spyware already installed.

Buying a secondhand phone is a common practice, especially if you’re traveling in a foreign country or you’re between contracts and just need something for the short-term. If you have any suspicions about your phone, your best tactic is to reset factory settings. It’s inconvenient, but it might save you a lot of heartache down the line.

Ransomware is Real. Is Your Business Safe? ITG Can be Your Dedicated Crisis Management Team.

Posted on Updated on

ITG has a solution that will provide client companies with the security to recover from a ransomware attack.

Reprinted from ITG’s January issue of Tech News

ITG provides an enterprise-grade File Sync & Share (FSS) solution built for the needs of today’s business users. It provides the security, mobility and control your organization needs to feel confident when accessing, sharing and/or collaborating with files and data among team members, both internal and external to the organization. Most importantly, our solution provides you the opportunity to restore your files to the most recent good version if your business is faced with an actual ransomware attack, which could take place at any time and with no notice.

With ITG as your service provider, you can reap the benefits of a proven FSS solution built on three pillars of unprecedented strength:

Mobility & Accessibility
Fully exploit the power of your smart devices, transforming tablets and smartphones into reliable alternatives to carrying a laptop. You will have anywhere, anytime access to the most up-to-minute business content which empowers good decisions.

Business Collaboration
Our FSS solution is flexible and open and designed for business of all sizes, where control and management of cloud services is now critical to business operations:

  • You can provide secure access for employees, clients and other third party resources to work together on projects.
  • Take collaboration to a whole new level with real-time access and editing capabilities.

Enterprise Grade Security
Critical business content needs to be secure at all times.

  • ITG’s FSS solution  is an enterprise-grade cloud-based service that has 99.9% uptime with stringent levels of security certifications including HIPAA, SSAE-16 and SOC1 Type II compliance.
  • We adhere to all local regulations for data.

If you have been hit by ransomware, here is what to do:
In the event a computer is infected with a ransomware trojan such as CryptoLocker, we recommend you immediately disconnect the affected computer(s) from your network and attempt to remove the malware from the affected computer(s). The safest remediation may be to re-format the affected computer to ensure all remnants of the CryptoLocker trojan has been removed.

If you currently use ITG’s FSS solution and your workplace files and folders were affected by CryptoLocker, our data-retention and versioning control will allow you to revert your projects, folder, and files to a previous time before they became infected.

For more information on how to protect your business against the real threat of Ransomware, contact ITG to schedule a demo today!

Visit our website,, or contact us at 518.479.3881 or