ABM Blog

IT Security

Updated information about scams to watch out for, cyber security threats and the do's and dont's when using your technology.

We are Cyber Essentials accredited

This is a Government backed scheme to help protect businesses from cyber attacks. It is so important to ensure your IT security remains protected. ABM can help you assess your infrastructure and meet the guidelines to become certified.

LEARN MORE
Password advice

Infection Types

No matter how careful you are, getting a virus on your machine can sometimes happen. Different infections complete different tasks. Read below to understand what each virus aims to achieve.

Malware : This is a general term for a virus. This is an important word to know as some people may not refer to it as a virus or infection. The over all task of any malware is to gain unauthorised access to your machine via downloading malicious software. 

Ransomware

Ransomware

It's aim is to block the user from gaining access to their files. It completes this by encrypting your data. (Essentially it changes the data into a code you have no idea how to unlock.) The only way to get your files back is to pay a ransom. However, it is more likely that you have lost them forever. This is why taking a backup of your files in a seperate location is so important. 

Spyware Malware

Spyware

As it's name suggests this malware is used to view information. Relaying your important data to another person for them to use how they wish. (Usually for purchasing items online.)

Worm Malware

Worm 

One of the most favoured malware among hackers. This is because they can target a whole company (or certainly a large number of people in a company), purely with the infection of one machine. Once the worm is implanted in your machine, it replicates itself and uses the network to spread further. It's aim can change depending on how it is coded. Either it will modify and delete files, or it will inject additional malicious software onto your system. 

Keylogger

Keylogger

This is a very popular reference in film. Once installed its aim is to record all of the keystrokes you make. It records and sends this data straight to the hacker. 

Trojan Horse

Trojan Horse

Much like the tale, the Trojan Horse disguises itself as a safe program to breach your systems. It may be a software you really like the sound of, and it might seem extremely popular. However, when installed it reveals it's true self and causes mahem. Either deleting data, blocking data or spying on your sensitive information.  

Adware Image

Adware

Also very popular in film. (Die Hard 4) It is installed to cause pop ups on your screen. Potentially in a flurry of random nasty websites and image ads. Or random pop ups that appear all over your screen and are therefore hard to avoid. 

What Not To Do On Public WIFI

Public WIFI has become a common selling point for many businesses. It is so easy to visit your favourite coffee shop and almost instantly have access to the internet, for free. But what are the dangers of using this open network? There are many precautions you can take to prevent a data breach.

Issues with public WIFI

  1. Password Protection / Encryption - Businesses are helpful in providing a network that everyone can easily access. However, if this connection isn't secured through a password, or some level of encryption, it basically allows anyone to access at any time. Most people will use it to complete general tasks, but there is always that 1% that has bad intentions. Using it to read other people's data (MitM attacks), deposit malware or record data for further scams.
  2. Man In The Middle - Or MitM attacks, are when someone uses a relay point between your connection and device to read your data. Your private work is no longer for your eyes only. 
  3. Malware - As mentioned above, hackers can use vulnerabilities in an infrastructure to deposit malware. Once on your device, it may have several different tasks to complete. Please read more about the different types of malware in our 'need to know' IT security guide. You can access this on the home page. The tasks they complete all lead to some kind of personal data being stolen and used maliciously. 
  4. Fake Hotspots - (Or rogue access points) Trick you into thinking they are a legitimate connection. They potentially have a similar name, such as 'Peter's Cafe' could be 'peterscafe'. But unfortunately, you have connected to a hacker's hotspot and they can now view everything you look up. If they have set this up, it is likely they also have a software that can view the webpages you are looking at, and anything you may have entered into the web page, including your login details (If not encrypted). MitM attacks make use of this. They are closely linked.

Tips to stay safe

  1. Sensitive Data - If you desperately have to access your banking or other sensitive data, only use https sites. Do not use an application. If you can wait until you get home, or to an encrypted network, then do so.
  2. Wi-Fi Settings / File Sharing - Do not leave your Wi-Fi and Bluetooth on if you are not using them, and turn off the auto connect option! This 'auto connect' function allows your device to automatically connect to any known networks in the area. As well as this, turn off your file sharing setting. This makes it harder for hackers to drop malicious files and malware onto your device.
  3. Password - If you can, only connect to networks with passwords and a high encryption set up. The best places are the ones where you have to actively ask for the password.  
  4. Log Out - A simple mistake is leaving your account open, or just exiting the web page. Please log out of all accounts after you have finished using them.

World Password Day

May 7th celebrates password awareness day. Many of us like to use generic or simple passwords so we don't forget what they are, or for ease of use. However, this can be a dangerous comfort, especially in a business environment. 'Password1' has been the most common password used since security was a requirement. If this is used by you for any device - uh oh, maybe consider changing it? How do you create an effective password? What are the do's and don'ts of password use? Carry on reading.

  1. Password Creator - Sometimes it is hard to decide on a password. Everything seems guessable. There are several online generators that are great for extremely random codes. If not, we can suggest some passwords for you.
  2. Personal - Try and make them based on hard to know information. For example, it will be hard for someone to find out your favourite childhood car, or where you met your partner. 
  3. Length - I know it is tempting to keep them short and sweet. But a longer password is less likely to be guessed. For example, 'MiniCooperLoves1.6' has 18 characters! This is verified as a strong passcode (as it is above 16 characters) and would be hard for someone to guess. 
  4. Characters - Capital letters, full stops, exclamation marks, symbols, slashes, underscores and dashes are great ways to make up the characters in your password, and in addition, make it more complicated. Lots of websites don't allow passwords without characters now; and so it is a good idea to figure out a few passwords you can incorporate these specifics in to.

Password Do's

  • Keep it to yourself - In a business environment the only people who should know your passwords are: Your boss, you and your IT company if required. If it is a joint computer and you have the same log in, then another colleague may require it. Apart from that no one else should be able to know or guess.
  • Change your password - Every so often you should think about generating a new password. However, before doing this check it is okay and always update the relevant people. Changing them every 6 months to a year, keeps your data safe.
  • Use different passwords - Having one password for all your accounts and logins is a very bad idea! Someone gains your password; they then have access to everything. 

Password Don'ts

  • Write it down - An easy way for anyone to access your information. Having a note somewhere with your password on it is a sure way for others to gain full access to your tech. If you must write it down, use a reminder sentence as to what it is, keep it somewhere no one would think to look and never detail what it is for, near the actual password.
  • Blank spaces - Try not to add blank spaces in your password. Instead use connectives. These are easily forgotten and can confuse you when typing it in.
  • Alphabet - Having a series of number or letters shouldn't be considered. E.g. 123456 or ABCDEF.
  • Obvious - As mentioned no obvious passwords, like your partners name or your nickname.

Do You Have A Virus?

Known as malware, a virus can be extremely detrimental to the running of your computer. The malware may have different objectives in mind, however most commonly they will destroy files, steal data and damage your computer. But how do you know if you have one?

  1. Slow  - Have you noticed a difference in the speed of your machine? This includes starting up your PC, navigating through your files, within your internet browser and opening programs. This is one of many tell- tale signs for a virus. 
  2. Storage - A virus likes to make your computer as slow and as unresponsive as possible. Pushing your machine to its limit is part of the attack. Part of this process is to flood your machine with malicious files and reduce file storage levels. As well as this some malware types like to delete files or encrypt them so you can't access your data.
  3. Crashing, Error Messages & Pop Ups  - Are you finding your machine is automatically closing down and restarting? Does your system freeze randomly? Are you seeing strange pop ups and error messages? If so, get your machine checked immediately.
  4. Security - Malware can disable the security on your machine. Are you trying to complete a scan or install anti - virus and it isn't working? The virus wants to live on within your PC and so has disabled your ability to diagnose and potentially destroy.
  5. Emails - It is likely that the malware will try to replicate and expand its reach. This is easily done through sending messages with links to your contacts, either via social media or just through email. If a person sees a link sent from yourself and clicks on it - their machine will also likely become infected.
  6. Hard Drive Activity / High Network Activity - Continuous noise from the hard disk in your machine, even when you aren't using it, is also a sign of a virus. If your internet usage is extremely high, this could mean the virus is sending information back and forth.

Preventing Malware Attacks

It is hard to understand (even when following these tips), if you really have completely destroyed all traces of malware on your machine. Follow these steps and do what you can, but it is always best to have a trained professional completely safety check your machine.

  1. Install a well known, well rated malware scanner  - Malwarebytes is a great option. Use it weekly or fortnightly, run a scan in the background whilst completing your usual tasks. Delete any files found, for example PUP's Adware and Malware.
  2. Have a good Anti - Virus software (security agent) - We offer our clients Trend Micro which we rate highly and use ourselves.
  3. Don't download suspicious content from the internet - It is tempting to just download what you require from the internet, and many places are offering this service for free. If it seems to good to be true - it probably is.  
  4. Links - When opening emails, do not click on links unless you know the person, and even then, be wary. Create dialogue with the person sending and ensure this is correct. 

If you are unsure and require help. Please give us a call. It is better to be safe than sorry. Malware can cause irreversible damage to your machine and if spread, it can shut down your business.

Opening Emails Safely

One of the most common problems we face when it comes to virus interaction, is someone opening an attachment on an email they believe to be safe. Recently the emails received have gotten more and more convincing. Everything in the email says ‘open me, I am important.’ But taking precautions to prevent malware infecting your systems is important enough to stop and spend the time ensuring that the email is safe. In a further post, we will list the different types of infections and what they can do to your machine. 

  1. Do you know the sender?  - When doing business, you can be in touch with lots of different people at once. Some you may know personally and some you will not. Because of this when you receive an email from a new contact you can automatically mistake it for a new business associate and open it and any attachments. The first step is to confirm the sender is genuine. You can do this by searching their email online. If the email is fake it will generally show up as such. Also, people tend to use aspects of their business or real name in the email. For example, we have @abm.uk.net at the end of ours. If the address is totally unrelated chances are it may be fake. 
  2. File types - With attachments, be careful to check the file type. You do not have to click on it to do this. In the top of an email the attachments show up with a little icon. The icon will generally tell you what the attachment is. For example, the PDF logo looks like (1) this and shows up like this when in an email. If you can’t identify what the item is through the image, then there will be an indication in the title. If the document is named at the end there will be a (.) then the listed file type. For example, ‘File Opening Procedures .docx’ Generally .docx and .pdf files are safe, if you are expecting them and know the sender. File types that are strange to see and should be opened with caution or not at all are .exe, .bat and .msi. These are programs and are not usually sent via email. As well as this some dangerous files are saved in containers. Containers are just a term to explain several files saved in one. For example, .zip or .rar files. If you receive these when you are not expecting them do not just open them and hope for the best. (see number 5)
  3. Reading the email - We all know there is a manner in which to send emails within business. Obviously within a company it can be different, Colleague to colleague is less formal than sending to a client etc. When receiving an email you are not sure about, the simplest thing to do (after you have established the sender and what the file is) is to read the content. Have they got your name right? Have they mentioned what you expect? Have they shown abnormal urgency for you to open the attachment? Have they got a professional demeanor within the email? Do they have a signature at the end of the email? But most of all does the email read right? If this person is doing business with you or vice versa, the email will have some formality and the person should have checked for any misspelling, or missed words. Obviously being human there is always room for mistakes, but if the whole email doesn’t read right, then you might want to rethink opening anything within it. For example, a little while ago I got an email saying my Apple account was breached and I needed an email change. The email looked convincing with the logo and link through. However, noticeably the email address was strange. Then with further inspection and actually reading the email the text was strange. It was like someone had put what they wanted to say in google translate and then copied it into the email. There were wrong spellings of words and sentences that were incomplete. Then in the footer was a different language and some strange legislation supposedly from Apple. Did I follow the link? No definitely not. I deleted the email and later logged into my account through the correct sources. There were no issues unsurprisingly. Also, something else you can do is confirm with the sender. Reply or create a new message and give a response just to clear everything up and prove it is genuine.
  4. Links - If there are not only attachments but links in the email. Check the authenticity of these as well. You can do this by hovering over the link and a URL should appear. DO NOT click on it. Just hover over and see if it looks legitimate and recognisable. If it seems like the URL of a website for the company you are working with then that is a good sign. You can always go to a search engine and search the company to check. 
  5. Saving - If you really want to check the attachment because everything else mentioned seems trustworthy, there are ways. You will need an anti - virus program installed on your machine. The way we like to do this is: RIGHT click on the file and save it into a temporary location. Somewhere away from other files just in an empty folder will do. From here go to the location where it was saved. Right click again on the file and choose the option to scan it with your anti-virus software. This will only be effective if your software is up to date. It will give you an idea if the file holds anything nasty.


If ever in doubt do not open the attachment. We understand that business is important and opening files can be part of the back and forth between companies. But it is honestly better safe than sorry in this case. Having a virus can cause more effects than you realise. And in some cases, can shut down a whole business. If all else fails, pick up the phone and talk with the sender, this way you can confirm if the email is genuine. In a further post, we will list some of the most devastating Malware and what each of them do. Also giving details as to the experiences we have had with them. But for now, just politely check with the sender and follow the steps above if not. For more information, call us. We are happy to assist with prevention and to give some ideas on how to install processes or key information within your business so no harm comes to your systems

Yell Scam

For those of you who aren’t familiar with Yell. Like the old directories, Yell hosts all company data. You can have a basic free appearance to add visibility to your business. Or you can pay to have a spot within a specified map region. This improves your visibility on Google and to people requiring your services in the area. The great thing about Yell is that you can monitor your progress, change your profile information, add photos and invite your customers to review you.
Another feature of Yell is that people can contact you asking for your services. Most of the time it is effective, you contact the person back and start creating a business relationship. However, a percentage of the time you receive marketing spam, or people trying to send you a virus and access your machine. It is very easy to fall into this trap. The hacker uses your weakness in that they know you want new business. Who doesn’t? This means you will potentially go out of your way to work with the potential customer.
How does the scam work?

  1. They contact you through message on yell asking for you to email them with their personal email.
  2. You email them using the email and then they reply. The reply will usually contain a link they want you to click on ‘to show you what they require’. Clicking links in emails is dangerous, let alone from someone you don’t know. 
  3. If you click the link it will either lead to a download of a virus, or for you to log in to some sort of account. Don’t do this! It is a fake page they have created to harvest your information. This is a phishing scam. 
  4. They will use your account information: potentially scamming you via taking funds, holding information hostage, or through downloading a virus of some sort, and controlling your machine.

How do you know it is a scam?

Here are some pictures showing you what happens. Of course, we didn’t click on the link and so we don’t know the exact scam this person was attempting to pull. But after scanning the link in the email out of curiosity, we realized it truly was a malicious link. There are other detailed cases of this happening.

Follow & Share 

ABM Computer Solutions

About Us
Services
Job Opportunities
Case Studies

Blog

Dont forget to check out our blog page. We post weekly about new technology, reviews, industry updates and more!

SUBSCRIBE

Get monthly updates and free resources.

CONNECT WITH US

© Copyright 2021 ABM Computer Solutions - All Rights Reserved