Spike in NBN Scams: Tips and Tricks

Spike in NBN Scams: Tips and Tricks

IT News: Tips to not Fall Victim to NBN Scams!

IT Support: NBN scam alert

A significant increase in suspected internet connection scams has occurred as of late, with NBN Co. receiving over 100 calls a day from members of the public about such scams. NBN Co. is currently in the process of rolling out the $50 billion network.

For a reliable supplier of NBN compatible phone systems and more, click here!

Calls to NBN’s contact centre have reached 9500 over the last three months, representing a significant increase from 6700 between October 2018 and March 2019. This comes as a sizable portion of the network is being completed ahead of the 2020 ETA. Driving awareness to combat these attacks, NBN Co’s chief security officer addressed the cause for concern by having this to say: “As we close in on the end of the network build, scammers are increasing their efforts to take advantage of the NBN brand as a way to steal people’s personal or financial details and using increasingly sophisticated ways to convince people of their legitimacy”.

What You Need to Know

NBN Co will never make unsolicited calls to seek access to your computer, threaten disconnection, or request personal details

This public awareness campaign will involve NBN Co’s community engagement team, hosting a series of information sessions to help Australians discern, avoid and report scammers. The ACCC has previously warned of social engineering attacks where scammers impersonate NBN Co in calls offering to connect them to the NBN for a low price. In some of these cases, impersonators have tricked users into giving remote access to their computers so that they could steal personal information, install malware and demand payment to fix alleged problems. If you run into someone calling you about the NBN remember this: “As NBN Co is a wholesaler, we will never contact residents or businesses to sell phone or internet services”.

Moreover, NBN Co will never make unsolicited calls or door knock for the purposes of seeking access to a person’s computer, threaten them with disconnection, or request personal details. Despite increasing public awareness, Australians are expected to lose a record amount to scams this year, with the ACCC estimating that projected losses for 2019 will surpass $500 million (an unprecedented figure).”Many people are confident they would never fall for a scam but often it’s this sense of confidence that scammers target,” the ACCC Deputy Chair Delia Rickard states. “People need to update their idea of what a scam is so that we are less vulnerable.”

The Damage

The ACCC reports that investment scams were among the most sophisticated and convincing, with nearly half of the reported cases this year resulting in financial loss. Particularly, cryptocurrency investment scams are a serious cause for concern, with net losses reaching almost $15 million between January and July this year. This represents a significant increase from $6.1 million lost to the same type of scams last year.

You can report any suspected scams you come across here.

Need help managing your IT?

4g Failovers for Network Reliability

4g Failovers for Network Reliability

4g Failovers for Network Reliability
IT Support Brisbane

When is Network Reliability Important?

For many businesses it is highly important that their internet connection remains online with as few interruptions as possible. These businesses include those who perform most of their business activities online and where these activities must be performed in a timely manner. These are not the only businesses who may require reliability, and if you are wondering whether your business is one of these, simply ask yourself the following question. Are you often frustrated with internet outages and do they impact your work? If so, yours is indeed one of these businesses.

Such network reliability depends on reliable hardware (such as routers) as well as internet connections and service providers. Unfortunately, all service providers have the occasional outage, but luckily network hardware can be used to ‘hedge your bets’ as it were. Using a router with Failover capabilities can improve the availability of your business’s network connection.

WAN Failover

High Availability Network Setup

Network Failover Diagram

A WAN failover (sometimes termed a 4g failover) is suitable for use when a business has one or more networks which require as little interruption as possible. This feature is available with Network Setup from Key Technologies.

A business may have both a primary and secondary internet connection. This generally uses one traditional copper line or NBN service and a secondary 3g or 4g dongle as a failover, though just about any second internet connection can be used. This secondary (failover) connection comes into use when the first goes down. For example, a business could have a prepaid 4g modem with no ongoing costs plugged into the router on standby mode. Thus, if the primary link goes down the router is triggered to bring up the backup connection. This can take up to 10 seconds, so there may be a brief interruption, but far less than what could alternatively occur. If you would like even less downtime than this, then you may want to ask us about WAN load-balancing routers.

Additionally, with Multi-WAN routers, you can choose when you want to activate the backup or failover service. An example of these options is shown below. You may failover when either:

  • Any selected WANs are disconnected.
  • All WAN’s selected are disconnected.
Network Failover Options: IT Support Network Setup

Need Help Setting Up a Reliable Network

Our IT support staff are able to set up networks with high availability, integrity and confidentiality.

Need help managing your IT?

Smartphone Safety

Keeping your phone safe online
IT support Brisbane

IT Support Brisbane: Keeping your smartphone safe online

A vast abundance of information can be found on our phones. Specifically, they hold an inordinate amount of information about ourselves and the way we live our lives. From banking information, location data, eating and shopping habits, correspondence and, with the emergence of smartwear, even our heart rates are accessible on our phones. Some have even compared them to houses based on the detailed information they contain about us. A 2002 study actually found that when people were shown the rooms of other people who they had never met, they could accurately guess the personality traits of that person (all except neuroticism at least).

It begs the question of what a person may figure out about us if they were given access to our phones. For many of us the thought of this may be as scary, if not more so, than that of a stranger seeing the insides of our houses. This is somewhat unsurprising, based on the seemingly endless slew of news headlines highlighting the prevalence of cybercriminals taking peoples’ private information from phones, computers and cloud storage. It is a pretty clear message really, BE SCARED OF WHAT YOUR PHONE COULD DO, but maybe it should be about what your phone could be made to do. Afterall, smartphone safety would probably be a pretty confusing phrase in a world without hackers. This begs the question, how do you make sure your phone isn’t being made to do something you don’t want it to do?

Some tips from our Brisbane IT support team: How to keep your smartphone safe

Well firstly, you’ll never be able to make ‘sure’ of this. Any type of computer is made to be somehow accessible, and people are bound to misuse that access in some way. It’s like driving a car, or owning a house; sometimes cars crash, even when driven by the best drivers, and sometimes houses get broken into, despite having good security. Likewise, there is always a small possibility that your phone will be hacked, or data will be stolen. The trick is to minimise that likelihood, and if a piece of information is too sensitive, don’t keep it on your phone. Luckily, our IT support team have provided some pointers on how to keep your phone safe online. The following 5 pointers could save you a lot of trouble down the road, enjoy:

Smartphone Safety Tips from KeyTech IT Support Brisbane

  1. Adjust your privacy and security settings, or at the very least look at and try to remember them. These settings control what “permisions” apps have on your phone, and what information they have access to. Think of this like the doors inside your house, if you have someone inside like a tradie doing renovations, you’re likely to close any doors that lead into rooms you don’t trust them in. You would, however, leave open the doors they need open in order to complete the work you want them to do.
  2. Set your apps to update over Wi-Fi automatically. Apps that are not up to date become more of a risk, the longer they are not updated. Yes, we all get fed up with updates from time to time, but many times app developers will update their app when a security vulnerability is found so that people on the latest version are safe. There is no protection for old versions of software. It’s like changing your locks if your keys and wallet get lost or stolen. You wouldn’t feel safe if someone out there knew where you lived and how to get in, and it really should not be any different with a smartphone.
  3. Whenever the app or service allows it, try to use 2 factor or multi-factor authentication. Basically, this stops people getting into your account by having them enter a code that displays on your phone or having a notification show up on your phone that asks you to verify the log in request. On mobile apps, it is more likely that the verification will be a text message with a code you can then enter into the app. Thus verifying that your it is your phone (or a phone with your phone number) signing in. This is like having a lock and an alarm with a code at the entrance to your house. You not only have to know something (the password or alarm), you need to have something (the key or phone) in order to gain access, and those notifications to verify requests, like alarms, can tip you off that your password could be at risk.
    • Fun fact, other multi-factor authentication systems can actually go further than this. Some using such features as the pattern of your iris (the colored part of the eye) or facial structure to add a further step of verification. Thus, to access the account, you’d have to know something, have something and be something, making security breaches highly unlikely.
  4. All of our online apps and accounts require passwords, but we all forget these from time to time. We’ve all had to reset a password, generally by sending a link to our email. Just make sure you use a strong password for this email. It should be unique (different from your other passwords), seemingly random (not using easily guessable components like your place of birth, birthday, favourite pet or another well known personal detail), and relatively long (although it is just as good to make it more random and involving special characters, as long as it has around 10 characters minimum).
  5. We’re all human, and naturally we have fallible memories. So if you want to avoid constantly having to reset passwords (and if you’re like me, realising what the old password was because that’s what you tried to set the new one as), using a password manager might be for you. Do bare in mind however that your password manager holds the proverbial “keys to the kingdom” and should be protected accordingly. That means, a long seemingly random password, and 2 factor authentication are good ideas for this. One helpful password manager service that allows 2 factor authentication and helps you create a strong password is called LastPass. I would reccomend it to those who have trouble remembering all their passwords.

Need help managing your IT?

IT Support Brisbane: How much more you can do after latest windows 10 update

IT Support Brisbane: How much more you can do after latest windows 10 update

IT Support Brisbane: Latest Windows 10 Update Lets You Do More

IT Support Brisbane: Windows 10 latest update lets you do so much more

A lot of the time, from the end-user perspective, windows updates can be a bit of a hassle. Taking time out of your busy schedule to change… something. A lot of the time, however, the computer seems pretty much the same as it was before. Well, this time is a little different if you know what to look for. Here’s an overview from the Key Technologies Brisbane IT support team.

Paste from Cloud Clipboard

Personally, I’ve been waiting for this one for a while. The cloud clipboard allows you to copy and paste text and images between computers. To set it up:

  1. Open Settings
  2. Go to System > Clipboard
  3. Turn on both Clipboard history and Sync across devices
  4. Press CTRL + V to test out the paste

Use emojis from the keyboard

Your favourite emojis from smartphones and social media are moving more and more into the mainstream. In line with this Windows has imported them into their latest Windows 10 release. This makes friendly emails and informal documents a little more fun to write! Simply press Windows + . to use them.

Autosave files as you edit them!

Go to OneDrive > More > Settings. On the AutoSave tab, select Update folders and specify which folders you’d like to automatically sync.

Use the Microsoft UI on Android

If you install the Microsoft Launcher from Google Play, you can have a cool Microsoft style homescreen for your phone.

Customize the mouse pointer

You can now make your pointer bigger or change the colour. Access Windows Settings > Ease of Access > Cursor & pointer.

Make text and other things bigger

Change the text size by going to Settings > Ease of Access > display.

Snip images and take screenshots

The old screenshot keyboard shortcut (Windows + Shift + S) now allows you to snip and copy images and text to the clipboard.

Customize appearance

The new-look light theme allows you to switch between colours. Switch to dark mode to make your apps stand out. Go to Settings > Personalisation > Colours to select your colour mode.

Remove pre-installed apps

Reduce the bloat of your system by removing unused apps such as 3D Viewer, Calculator, Groove Music, Mail, Calendar, Movies & TV, Paint 3D, Snip & Sketch, Sticky Notes, and Voice Recorder. To uninstall go to Settings > Apps.

Pause Updates

Now you have even more control over updates with the ability to pause for up to seven days. To delay updates, go to Settings > Update & Security.

If you’d like any help with doing this contact our friendly Brisbane IT support team!
IT support Brisbane: Windows 10

IT Support Brisbane: Update Now!

IT Support Brisbane: Update Now!

IT Support Brisbane: Critical RDP Vulnerability

UPDATE NOW: Critical Vulnerability in Windows Remote Desktop Services

IT Support Brisbane

Click here for help

Microsoft has patched a remote code execution vulnerability in it’s Remote Desktop Services (CVE-2019-0708). This vulnerability can be exploited remotely, does not require authentication and can be used to run malicious code on the victim’s computer.

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

– Microsoft Security advisory

The advisory includes fixes for Windows 7 and Windows 2008 (see here) which are included in Microsoft’s patch on Tuesday. Additional patches were released for Windows XP and 2003. A further analysis of the patch has been provided by Sophos.

The flaw is considered high risk and ‘wormable’, meaning it can be used to develop self-replicating malware.

Millions of networks have the RDP protocol exposed to the internet so that their machines can be remotely managed. Sometimes this is purposeful, but sometimes it is the result of an oversight or mistake. In both cases, such networks are vulnerable if the machines are not updated.

Due to the vast number of potential targets and the potential for spreading, we suggest that you expect the patch to be reverse engineered by hackers to make ‘worm’ malware. Thus, you should definitely patch ASAP. For more fixes, jump to what can I do?

Because of the potential impact this can have, Microsoft has released patches for systems outside their mainstream support. Since the end of life for Microsoft XP and 2003, Microsoft has released a number of patches to mitigate the most serious vulnerabilities. This is one of them… Another notable case was during the WannaCry ransomware attacks of 2017.

WannaCry was a ransomware attack that affected a huge number of organisations, perhaps most notably the NHS in England. It exploited a flaw in the SMB (Windows Share) protocol and was largely so successful due to the slow rate at which users adopt patches on their systems. You can read more about these attacks in the following articles: Protecting your business from ransomware attacks, and WannaCry Worm causing mayhem.

IT support Brisbane

IT support Brisbane: KeyTech Logo

What to do:

First off, UPDATE! If you can’t update for some reason, you can use these workarounds, or call us to enable them:

1. Enable Network Level Authentication:

This forces a user to authenticate before RDP is exposed to the attacker. Not all affected systems support NLA.

2. Turn of RDP

If RDP isn’t running, the vulnerability can’t be exploited. As obvious as this seems, some organisations are unable to work without RDP, and some are running it without realising it.

3. Block TCP port 3389

Blocking port 3389 (and any other ports you’ve assigned to RDP) at the perimeter will prevent an attack from entering your network but can’t stop an attack from originating inside your network.

IT Support Brisbane: Solve 3 Common Tech Problems

IT Support Brisbane: Solve 3 Common Tech Problems

IT Support Brisbane

IT Support Brisbane | 3 Common Technology Problems and the keys to solving them

It’s no surprise to most of us that small businesses struggle to maintain their IT infrastructure. Though some problems really do require expert intervention to solve, there are some that can be dealt with internally, but rarely do. The following are some of the problems and how to solve them.

Problem 1: Inconsistent or weak email security

Did you know that 92.4% of malware is delivered by email? Not only is it a common vector of attack, but it’s also a successful one too. The same report shows that 30% of those studied open phishing emails, 12% even click the malicious links.

There are two main contributing factors to this issue. As hackers know, email is a very effective way to gain access to your company resources, and many employees aren’t aware of the dangers that posed by email or the precautions that should be taken to mitigate them.

  • Use 2-factor authentication: This is the easiest measure to take. 2-factor authentication hardens your accounts beyond the usual username and password. It works by having users verify their identity in two ways: something they know (e.g. a username and password) and also something they have (generally a smartphone app). This security method has proven invaluable in preventing hacking attacks (e.g. brute-force attacks). Unfortunately, a recent study found that 2FA is not commonly adopted by businesses. There are many different 2FA options out there, generally you will be provided with a backup method like an SMS, phone call, alternate email, and recovery codes to mitigate the risk of losing your device. This risk seems to be the main reason, along with marginally more effort being put into logging in that holds people back from adopting this, however, you can set up alternate methods so you’re protected, even if you lose your device.
  • Train emplayees in email best practices: A good starting point might be to show employess this article along with the basics of recognising phishing attacks. However, as the attacks get more sophisticated, so should your employees defences. Monthly memos about phishing attacks can be helpful in making sure your employees are aware of recent attacks and best practices.

Problem 2: Poor IT Vendor Management

According to a Tech Republic Survey, most companies report spending more time managing their IT vendors than two yars ago. This is driven largely by a growing interest in cloud computing, SaaS, and cybersecurity services. IT vendor management is imperetive to enabling you to deliver positive outcomes in IT related fields and control those services.

For the best outcomes, pick a reliable IT support company and try to sick with the one as much as possible.

Problem 3: Poorly Secured Workstations

Cybersecurity is be a big and important issue. Unfortunately, one area where businesses tend to fall down is in securing their workstations. So what can be done about this?

  • Employ Strong Passwords: According to an interesting data break down by Verizon. The majority of hacking related breaches involve a compromised user device. This highlights the importance of securing employees work devices with such measures as anti-virus software and group policies. Your thinking about passwords probably also needs to be updated. For instance, did you know that mixing lower and uppercase letters is no longer a good way to ensure password security? The person who came up with that rule actually regrets saying it.
  • Secure Administrator Privileges: Administrator accounts can be very useful for performing important tasks on a computer network. They can also be very dangerous to give out unnecessarily on a high value network like a company intranet. If regular staff have access to administrator accounts and privileges, they (and your company) are doubly vulnerable to hacking tactics like Social Engineering.

Need help managing your IT?