News

News 2017-03-23T16:00:34+00:00

INSUREtrust Welcomes Professional Lines Broker

Hannah Hoeflinger

Norcross, GA (September 12, 2017) – INSUREtrust is pleased to announce that Hannah Hoeflinger has joined the company as Professional Lines Broker. Within this role, Hoeflinger will further grow INSUREtrust’s multi- city Cyber Boot Camps, build broker relations, and manage cyber, tech, and MPL accounts. She will be working on Executive Vice President Christiaan Durdaller’s team.

Full Press Release

Feature in Insurance Journal

Browser App Copyfish Caught by Phishing Attack

phishing

News of cyber criminals using phishing attacks is abundant. Yet, people continue to fall for these schemes, which is why the bad guys keep phishing. (As a reminder, phishing generally involves a hacker posing as a legitimate, trusted party to trick an unsuspecting victim into clicking a link, which then leads to a malware infection.)

Several tech news outlets, including Naked Security, have reported that Copyfish recently fell prey to phishing. Copyfish is a browser plugin that extracts text from videos, images, and PDFs. One of the browsers that Copyfish works with is Google Chrome, which means that Copyfish programmers must work through the Google Chrome Web Store.

An email to a Copyfish account, purportedly from Google, said that the app was out of compliance with Google rules, and offered a link for the Copyfish developer to click to fix the problem. The developer clicked the link, which led to the hackers getting Copyfish’ Google account login information.

Next, the cyber criminals unleashed havoc on Copyfish by, among other things, pushing out an infected update of Copyfish to its users who had installed the Chrome plugin.

The takeaway lesson from phishing attacks is always the same: Don’t click links in emails or on web pages unless you are 100% they are safe.

Would you like to train your company’s employees on how to avoid phishing attacks? Contact us at INSUREtrust. We can help with that.

Hackers stealing house down payments via wire fraud

phishing email

We talk a lot about hackers targeting businesses to steal their data and money. But the bad guys also target individuals too. A recent news report from the Austin, Texas, CBS affiliate tells how a couple was duped into wiring $140,000 in down payment funds to a cyber criminal, instead of to the bank.

Apparently the hacker broke into the home purchaser’s email account and studied the correspondence between the parties involved in the transaction. Then, the hacker created a very legitimate-looking email to the purchaser with wiring instructions.

Cyber criminals are very smart, and phishing scams are a low cost way for them to make money. Whether at work or at home, be ever-vigilant when transferring sensitive information or funds via the internet.

Now, the real estate firm sends customers a letter before closing that tells them “Do not comply with email instructions to wire funds.”

Would you like to train your company’s employees on how to avoid phishing attacks? Contact us at INSUREtrust. We can help with that.

Copy Machine Poses Cyber Risk

One of the constants in business offices decade after decade is the copying machine, and copiers today are far more advanced than in earlier years. But new technology sometimes brings new problems. Modern copiers have hard drives that allow the convenience of digital backups. The hard drives, potentially rich with sensitive data, can also be a target for hackers.

If you lease a digital copier from an outside source, you are probably at the greatest risk. Sometimes, the copier will be returned at the end of the lease period to the equipment company, without having the hard drive erased – a major problem – because there’s a good chance the copier will be rented or sold to another company after your lease period ends.

Best practice dictates that the hard drive be completed wiped before the equipment company re-takes custody of the machine. Otherwise, you have no idea who might have access to your company’s proprietary, sensitive, and confidential information.

Perhaps the biggest real world example is the 2010 Affinity Health Plan data breach [http://timesleader.com/business/2414/digital-copiers-a-security-risk]. Affinity decided to upgrade their equipment, and their digital copiers were sold to other businesses. None of the hard drives were erased, resulting in over 300,000 medical documents being potentially exposed. Because this was a HIPAA violation, Affinity eventually faced a $1.2 million fine.

To avoid a nightmare scenario, there are several steps you can take, in addition to completing erasing a copier’s hard drive before removing it from your office:

· Ensure the company you purchase or lease equipment from properly encodes your copier’s hard drive for the storage of sensitive data.

· Some machines have a disable feature that stops the drive from making backups of your documents. If your copier has such a feature, considering using it.

· If your copier is on a network so that users can remotely print to it, make sure that the network is secure.

There is never a bullet-proof way to ensure data will be safe, but taking steps like these definitely helps make it more difficult for the bad guys to get their hands on your company’s data.

How To Check A Suspicious Website

phishing

We’re all getting emails these days from hackers seeking to install malware on our computers and then steal our data. Phishing and spear phishing schemes start with innocent looking email messages, but when an unsuspecting user clicks a link, the result can be a risk management nightmare.

One of the easiest ways to check a link is to hover over it – but do not click it! – with your cursor. The web site address of the link will pop up, and you can see whether the actual address that pops up matches the text of the link in the email.

For example, let’s say you’re a customer of Acme Bank, and you get an email purporting to be from them asking you to click a link labeled “Update your login credentials” in the email. When you hover over the link, however, the web site address that appears is not Acme Bank at all, but something more like “iwill_steal-yourmoney.co.” In addition to deleting the message pronto, you should also alert other members of your organization so they don’t fall for the trick either.

Sometimes, you’ll run across a web site address might seem legit, but you just don’t know. The answer won’t be as obvious as the previous scenario. Maybe a friend or coworker told you about a site, or you found it on a search engine. Here at INSUREtrust, we recently ran across this situation with the real site of a real insurance organization. When we tried to go to the site, an ominous red screen appeared that warned if we continued, we might encounter malware. We definitely did not click to continue to the site!

Instead, we researched the site with these online tools:

https://sitecheck.sucuri.net
https://www.webinspector.com
http://www.isithacked.com

Turns out, the web site had been blacklisted by all three tools for potential malware issues. We called the organization to inform them of the problem, of which they were unaware. We’re glad we could help them, but we won’t be going to that web site until the issues are cleared up!

Remember, there are all sorts of evil plots out there to steal your data. You need to be ever-vigilant. Doing a simple web check on links in emails – and other easy steps like this – will help. But, there is a lot more to this whole IT security puzzle. If you’d like to learn more, just email us for a copy of our “IT Security Policy Guide.”

Posts Navigation