A recent warning issued by An Garda Síochána about a callback scam targeting Irish users of WhatsApp should serve as a reminder to company owners that their business networks, including their mobile messaging platforms, face a variety of risks.
In early March 2018, a news story published by the Mirror explained that Gardai received many complaints from WhatsApp users who received a message from an unknown number and the subject line “Martineilli.” Users who opened the message were later targeted by missed VoIP calls from numbers starting with the 087 country code, which would suggest calls originated within Ireland. The idea is to ensnare WhatsApp users into a callback scam.
Gardai detectives have determined that the 087 numbers are spoofed, and that the calls are actually made from Bosnia. When the callers return the call, they unknowingly activate a special charge to their monthly bill. Some callers report that this has happened to them various times in a single month.
The lesson for business owners to learn in this case is that their mobile messaging apps can be vulnerable to external attacks. Even dedicated business messaging networks such as Slack are not as safe as many people wish for; furthermore, micro-companies that decide to use WhatsApp for business use just because it is already installed in the personal smartphones of most employees are opening their companies to greater risk.
In the past, information security researchers combing through code posted on the popular online development platform known as GitHub have discovered Slack tokens with login credentials that could be used to spy on corporate chats, projects and conversation threads.
Companies that choose to implement mobile messaging apps as part of their networks should first conduct a security audit. Even though apps such as Telegram offer strong end-to-end data encryption, company owners should not assume that they will be impervious to phishing attacks or social engineering.
A mobile messaging app can only be as secure as the business network and security policies of the company. Any digital communications solution can be hacked; the idea is to enact preventive measures to avoid data breaches and network intrusion situations.
Mozilla Corporation has implemented new technology by creating a Firefox extension in an effort to isolate specific social media data collection and improve the security of web browsing users.
The well-known browser maker has launched the Firefox Container as a consequence of the recent Cambridge Analytica incident and ongoing investigations of Facebook’s data mishandling aspersions. In response to the security breaches and controversy surrounding the misuse of Facebook user data, Mozilla accelerated the release of the Facebook Container add-on technology, which was previously in the development process with other plugins.
Data analysis firm, Cambridge Analytica, purportedly collected millions of Facebook user data without consent, leading to a potential value for the Trump presidential campaign. As a result, Facebook’s CEO made a public commitment to implement limitations on developer access to user data. Unsatisfied by these limitations, Mozilla has removed advertisements from Facebook as an additional response to Facebook’s data collection practices.
As Facebook’s default privacy setting remained problematic, Mozilla expedited the premiere of the Facebook Container extensions, empowering its web browser users to maintain and increase the regulation of their online privacy and security features.
Further examples of Mozilla’s ongoing commitment to security and usability can be noted through their Extended Support Release of Java Plugins this year. In 2017, Mozilla Firefox announced the removal of the Java Plugin support from its latest version of the web browser. Bank of Ireland addressed this impediment of access to their business clients concerning the Business On Line feature. As a result, Mozilla ensured functionality for older versions of the web browser for such issues while developing a solution towards future plugin support and integration as promised and executed in 2018.
As Irish businesses increase their use of online advertisements through Facebook, concerns were taken into consideration by Mozilla and other web browsing pioneers, despite their own removal of ads in protest of negative data practices. This is highlighted through ongoing developments made by Mozilla to improve usability, the security of plugins, and extensions for business users in Ireland and various locations in Europe.
As noted in the Facebook data security breach and Bank of Ireland inconvenience, Mozilla Corporation demonstrates a continuous development of technology towards user privacy and usability, with an involved interest of their users alongside their corporate responsibility and focus on technology improvements.
The 2018 update of the Oxford English Dictionary will include ransomware as a new entry, and this announcement just happens to coincide with a new zero-day exploit that bypasses security measures of popular cloud computing services such as Office 365 and Google Drive.
“Shurl0ckr” is the name of the new ransomware strain detected on February 7 by cyber security experts at Bitglass Threat Research Team. Out of 67 antivirus software suites, only five of them identified Shurl0ckr as a threat.
Ransomware attacks are very much on the minds of Irish information security specialists. In May 2017, IT administrators at the Health Service Executive moved quickly to protect its vast network from the WannaCry ransomware attack that greatly impacted the operations of the NHS in the United Kingdom. At the time, the HSE operated 2,350 servers and more than 25,000 clients, many of them running Windows XP. Technicians rushed to install emergency patches and update antivirus software on all machines; three instances of WannaCry were initially detected but later dismissed when found to be vestiges of a previous infection by different malware.
In the end, HSE was not targeted by the hackers behind the WannaCry ransomware; however, an internal assessment published in January 2018 indicated that the Executive lacks a defined strategy for business continuity in case of future attacks. HSE is not certainly not alone in this predicament; in June 2017, Irish broadcasting giant Kantar Media was dealt an embarrassing blow as its servers were came under a ransomware attack at a time when the company was negotiating an important merger.
Ransomware attacks are particularly devastating due to their particular mechanism; once a system is infected, malicious code proceeds to apply a layer of encryption to all data it can find with the exception of system files it needs to display a ransom demand, which typically directs victims to transfer cryptocurrency or enter a bank card number so that a key can be received to remove the encryption and access files. The Garda Cyber Crime Bureau tells business owners to not pay these ransom demands; however, this is often the only way to unlock sensitive data needed to unlock information. In America, more than $206 million in ransomware payments were made just in the first quarter of 2016; in the most critical cases, business owners have had to bite the bullet and reformat their hard drives or reset their servers and start over, thereby losing crucial company information.
While keeping antivirus software and operating systems up-to-date can certainly help to protect against ransomware, the best strategy will always be to install and maintain a solid data backup system that adheres to business continuity guidelines. In case of a severe ransomware attack, servers or clients can be completely restored without having to meet any ransom demands. Comprehensive data backup strategies will completely workstations; another option is to mirror virtual workstations in the cloud so that they can be booted from just about anywhere in Ireland or even abroad.
Proper data backup systems are also crucial for disaster recovery planning, and they may be a matter of compliance for businesses operating in certain sectors. Business owners who install reliable backup solutions for their company networks will always have peace of mind in terms of never having to worry about ransomware attacks.
While using their WordPress sites, all the sudden the user sees something pop up. A notice to download some plugin in order to continue using their WordPress site. No problem. Just one simple plugin, right? Wrong. That simple plugin just got their site hacked as soon as it was downloaded. It could even be in a form of an ad on their site. If the hackers get a hold of an important file called the “wp-config file”, the person using their WordPress site is basically going to be in a world of nightmare. People would think that after years and years of these sites being hacked, security would try to make some better improvements. However, the hackers are still getting through.
With today’s sites, the key to keeping sites from being attacked is being cautionate. This is still applied to WordPress as well. Keep updating the password every now and then. The password should be something that can be remembered but also something difficult for someone to figure out. Make sure the right plugin or firewall is installed. The hackers scan what sites are vulnerable and find out which of them are the easiest to be attacked. Those failed login attempts that people get emailed about that they know they didn’t do, that is proof when someone is trying to hack the site. WordPress seems to be on the top of the list for hackers.
For a business WordPress site, it could be extra stressful cleaning out their malicious site, especially the impact it makes on their business. If this is the case, then the main focus would be the security. The slip up catastrophe could lead business reputation into a downfall and at the hands of the hackers, the site could be turned into something that nobody wants to see when they visit a business site- most commonly redirected as a porn site. A professional is needed to be hired for a top-notch secure site.
Even if people think that their WordPress site is very protected and top-notch secured, they can never tell if they will be the next victim. According to US National Vulnerable Database, the top security vulnerability has been with plugins avaliable in the directory as well as from outsite sources. If one WordPress site is hacked, it could lead to other sites being infected, causing that dramatic spike of hacked WordPress sites.
Time: Wednesday 20th October from 9.30-10.45am
Every business, big or small, is totally reliant on technology. Christian Kortenhorst, will talk about some simple, cheap and easy IT solutions for small/medium size companies like ours to use in their every-day business. He will introduce us to some useful and cost-effective applications. He will also show us how to spend less time on our computers trying to solve those frustrating recurring problems that annoy us so much!
Some of the topics Christian will explore:
- Email, IMAP VS Pop3
- Online services VS Desktop applications
- Document-sharing
- Dropbox
- Calendars
- Multiple computer setup
- Using what you have
- Mobile devices
- Hardware recommendations
- Online backups
- Open source software
If you have a specific IT topic that you would like Christian to address, you can email your request to Christian@cksolutions.ie .
After the session you should have a better understanding of how a small to medium size business should ideally be set-up for managing files and documents, coordinating email and backing up your data.
Christian Kortenhorst is based in Dublin, Ireland. He has over 10 years’ broad-ranging technical experience, for example in setting up servers, network environments, and backup systems. Christian offers consulting and hands-on solutions in these and many other technical areas. He set up his business – CK Computer Solutions – in 2008 having completed 4 years in Computer Science in DIT.
Christian’s mission is to provide a quality and creative IT service to small and medium sized businesses. “We strive to advise and provide the best product and services that fits a company’s needs. With our constant research and testing of products and services we are able to keep our clients up-to-date with the best possible products and services that are tried and tested. We select products and services objectively based on a company’s needs and wants.”
Want a great solutions for your business accounts, check out Freshbooks. Great system for invoicing expense tracking and time tracking. The reporting system needs a bit of tweeking in my opinion but the excel/csv that it exports is enough for filing returns.
Business Sales Support
Call 1800 924 929, +353 1 4328846
Opening hours are
Mon-Fri: 9am – 5.30pm
BT Business IT Support
Call 1800 924 924, +353 1 4328846
Opening hours are
Mon-Fri: 8am – 6pm
Sat: closed
Sundays & Bank Holidays: closed
Major Business customers should call 1800 924 925
Emergency 24 hour support is also available outside office hours on the same number.
you may have been moved over to Vodafone services for support
Vodafone Business customers
- From a mobile or landline: Freephone 1907
- From Abroad: 00 353 1 203 8232
- Fax: +353 (0)1 203 7620
- Support hours: 9am to 6pm Monday to Friday
- Email us
- Mail us: Business Care Team, Block GC, Vodafone, MountainView, Leopardstown, Dublin 18, Ireland
If you have not send emails in Ireland on your broadband you may have to change SMTP settings, see below to see how to change your settings.
N.b: The better way:
If your hosting company hosting your email they might support Authenticated SMTP sending.
Use this since it will allow you to send emails who ever your connected to.
Also try to connect using SSL encrypted under SMTP settings, if this fails try setting your outgoing mail seetings to one of the following below relavent to what broadband your using.
Irish Broadband SMTP (Outgoing) Server:
smtp.irishbroadband.ie.
Eircom SMTP (Outgoing) Server:
mail1.eircom.net OR mail2.eircom.net
Magnet SMTP (Outgoing) Server:
smtp.magnet.ie
Virgin Media/NTL/UPC SMTP (Outgoing) Server:
smtp.upcmail.ie
Ice Broadband SMTP (Outgoing) Server:
mail.icecomms.net
Vodafone SMTP (Outgoing) Server:
NONE – You will need to use a gmail account or something like sendgrid.
O2 SMTP (Outgoing) Server:
smtp.o2.ie
Clearwire SMTP (Outgoing) Server:
smtp.clearwire.ie / mail.clearwire.ie
Digiweb SMTP (Outgoing) Server:
smtp.digiweb.ie
Imagine Broadband SMTP (Outgoing) Server:
smtp.imagine.ie
Perlico SMTP (Outgoing) Server:
mail.perlico.ie
3 SMTP (Outgoing) Server: Mobile broadband with 3 mobile Ireland
mail-relay.3ireland.ie
Gmail SMTP Server
smtp.gmail.com (use authentication)
Use Authentication: Yes
Port for TLS/STARTTLS: 587
Port for SSL: 465
Meteor:
Use your email account smtp. Meteor do not block outgoing mail settings.
If your still having problems in your office or business please contact us or our IT Support team can help you.
