Beware the Mac malware stealing bank info

Beware the Mac malware stealing bank info

With a name like OSX.Dok, it’s hard to feel confident about staying ahead of the recent MacOS malware. The cryptic letters foreshadow countless pages of complicated code that most computer users don’t understand at all. Fortunately, avoiding this cyberattack doesn’t require any programming know-how whatsoever.

OSX.Dok isn’t new, but it has been improved

Originally, this Mac-based malware looked very different. When OSX.Dok was first reported several months ago, it could infect only older versions of the Apple operating system. Besides being relegated to OS X, it didn’t do much more than simply spy on the internet history of its victims. More recently, however, OSX.Dok was updated to target the newer macOS and to steal banking information.

How does it work?

Like so many malware programs today, this particular threat is distributed via phishing emails. Because the end goal is to acquire private financial information, these emails pretend to have pressing information about taxes or bank statements stored in attachments that actually contain malicious software.

Once any of these attachments are opened, OSX.Dok secretly broadcasts information about the computer and its location to the malware’s authors. Based on that information, hackers can redirect victims that visit banking websites to copycat URLs tailored to their language and location. Almost everything on the copycat sites looks exactly the same, but when you submit your user ID and password, they go straight to hackers.

Worst of all, the latest version of this malware seems to be incredibly advanced. It actively changes the way it hides itself and even modifies system settings to keep the computer from checking for operating system and security updates.

What can I do?

Security experts are still working on a way to combat OSX.Dok, but believe that it will remain a problem for some time to come. For now there are a few things you can do:

Never open attachments from people you don’t know personally, and even then be wary of anything you weren’t expecting. Pay attention to little details. For example, copyright dates at the bottom of fake banking sites only went to 2013. Look closely at the lock to the left of URLs in your address bar. Fake websites may have security certificates with names slightly different from those of the sites they mimic.

The best way to stay ahead of threats like OSX.Dok is by partnering with a capable IT provider. That way you can be sure that you have all the latest software and hardware to keep you safe. Even if something managed to slip through, regular audits are sure to find infections sooner than an overburdened in-house team would. Call us today to find out how we can protect you!

Productivity tip: email automation

If you have ever received what looked like a personalized email from a huge corporation, there’s a good chance it was actually written with the help of an email automation platform. Email automation saves time and money while strengthening customer relationships, and contrary to popular belief, it is well within most SMB budgets.

What is email automation?

Usually included in customer relationship management (CRM) software, email automation centers around the idea of combining your business data into emails to customers and prospects. This allows you to draft templates with placeholders for names, addresses, and other variables that the platform will match with individuals from your email list.

Even better however, is personalizing how and when your emails go out to clients. Automatically inserting customer data into an email is great, but it still requires that you draft the content that surrounds it and hit Send. Email automation grants you the ability to create templated emails that are automatically merged with client data and sent when certain conditions are met.

Examples of email automation

To really get an idea of how valuable this solution is, it’s important to see what it looks like in action. Say you own an eCommerce site that sells complementary goods, like golf clubs and golf balls. You could create a campaign wherein anytime someone buys a set of clubs, pre-written emails automatically go out one month later on how high-quality golf balls improve your handicap.

You’re not limited to two-step workflows either. Take a look at this example:

  • Step 1: Send a personalized email with a special offer on golf balls for existing customers.
  • Step 2: Send a follow-up based on how customers interacted with the offer email:
    • If a customer cashed in the offer, send a thank you email.
  • Step 3: Follow it up with a similar offer three months later.
    • If a customer visited the promo page but didn’t convert, send a promo email for another type of product, like golf bags.
  • Step 4: Follow it up with either a thank you email or another promo for golf clothes.
    • If a customer didn’t even open the email, send a survey email asking about their interests.
  • Step 5: Follow it up with email campaigns based on what they selected.

Email automation means there’s no need to micromanage your customer relationships. As long as you define the path to purchase for high-volume products, you can program workflows to nurture customers and prospects automatically.

For as little as a couple hundred bucks a month, your customer outreach campaigns can compete on the same level as your corporate counterparts with little effort from your team. Add in an expert IT provider and you have the ability to blow the competition out of the water. To learn more, contact us today!

7 tips for avoiding data loss in Office 365

7 tips for avoiding data loss in Office 365 Microsoft understands the value of your business’s data and the costly repercussions of losing it. That’s why they’ve released a slew of security and compliance tools for Office 365 subscribers. But given the increasing sophistication and frequency of data breaches, Office 365 cloud security solutions won’t be enough to protect your files. You’ll need to follow these seven security tips to truly avoid data loss in Office 365.

Take advantage of policy alerts Establishing policy notifications in Office 365’s Compliance Center can help you meet your company’s data security obligations. For instance, policy tips can warn employees about sending confidential information anytime they’re about to send messages to contacts who aren’t listed in the company network. These preemptive warnings can prevent data leaks and also educate users on safer data sharing practices.

Secure mobile devices With the growing trend of using personal smartphones and tablets to access work email, calendar, contacts, and documents, securing mobile devices is now a critical part of protecting your organization’s data. Installing mobile device management features for Office 365 enables you to manage security policies and access rules, and remotely wipe sensitive data from mobile devices if they’re lost or stolen.

Use multi-factor authentication Because of the growing sophistication of today’s cyberattacks, a single password shouldn’t be the only safeguard for Office 365 accounts. To reduce account hijacking instances, you must enable Office 365 multi-factor authentication. This feature makes it more difficult for hackers to access your account since they not only have to guess user passwords but also provide a second authentication factor like a temporary SMS code.

Apply session timeouts Many employees usually forget to log out of their Office 365 accounts and keep their computers or mobile devices unlocked. This could give unauthorized users unfettered access to company accounts, allowing them to compromise sensitive data. But by applying session timeouts to Office 365, email accounts, and internal networks, the system will automatically log users out after 10 minutes, preventing hackers from simply opening company workstations and accessing private information.

Avoid public calendar sharing Office 365 calendar sharing features allows employees to share and sync their schedules with their colleagues. However, publicly sharing this schedule is a bad idea. Enabling public calendar sharing helps attackers understand how your company works, determine who’s away, and identify your most vulnerable users. For instance, if security administrators are publicly listed as “Away on vacation,” an attacker may see this as an opportunity to unleash a slew of malware attacks to corrupt your data before your business can respond.

Employ role-based access controls Another Office 365 feature that will limit the flow of sensitive data across your company is access management. This lets you determine which user (or users) have access to specific files in your company. For example, front-of-house staff won’t be able to read or edit executive-level documents, minimizing data leaks.

Encrypt emails Encrypting classified information is your last line of defense to secure your data. Should hackers intercept your emails, encryption tools will make files unreadable to unauthorized recipients. This is a must-have for Office 365, where files and emails are shared on a regular basis.

While Office 365 offers users the ability to share data and collaborate flexibly, you must be aware of the potential data security risks at all times. When you work with us, we will make sure your business keeps up with ever-changing data security and compliance obligations. And if you need help securing your Office 365, we can help with that too! Simply contact us today.

 

CONTACT INFO

1233 The Plaza, Box# 189048
Charlotte, NC 28205

☎ 866.807.6624

LATEST POST

Featured
Safeguarding mobile devices: A guide for modern businesses
Safeguarding mobile devices: A guide for modern businesses