(817) 439-3051

Technology

Using Skype Classic? You Need to Upgrade It Soon
Using Skype Classic? You Need to Upgrade It Soon

If your business is using Skype Classic, it is time for an upgrade. After September 1, 2018, it will no longer work. Here is what you need to do.


Many small businesses use Skype to conduct video conferences, send instant messages, hold conference calls, and even share files. If your business is one of them, you need to be aware of an important change. Skype 7 for Windows desktops — also known as Skype Classic — will no longer work after September 1, 2018, as Microsoft is ending support for it. If you want to continue using Skype after that date, you will need to upgrade to version 8. Like Skype Classic, Skype 8 is a free app.

Skype 8 works on Windows 7, Windows 8, Windows 10 version 1507 (the initial release), and Windows 10 version 1511 (November 2015 Update). If your computer is running a later version of Windows 10 — in other words, it has at least the Anniversary Update installed — you do not have to upgrade. That’s because a different Skype program (Skype for Windows 10) comes pre-installed in Windows 10 version 1607 and later versions.

What to Do on Windows 7 and Windows 8 Computers

The first order of business is to determine which version of Skype your computer is running. If you have a Windows 7 or Windows 8 machine, follow these steps:

  1. Open Skype and log in.
  2. Select “Help” on the top toolbar. (If the toolbar is not present, press the ALT key.)
  3. Click “About Skype”.

If the “About Skype” box shows that Skype 7 is installed, you can upgrade to version 8 directly from the app. Simply select “Help” on the toolbar, click “Check for Updates”, and follow the onscreen prompts.

What to Do on Windows 10 Computers

If you are running Windows 10, the steps to determine the Skype version are slightly different:

  1. Open Skype and log in.
  2. Click your profile picture (or your initials if you did not add a picture). Alternatively, you can click the ellipsis (…) icon.
  3. Select “About this version”.

If the “About this version” box lists either Skype 11 or Skype 12, it means that Skype for Windows 10 is installed. Therefore, you do not have to upgrade.

If the box shows that Skype 7 is installed, it means that your computer is running either Windows 10 version 1507 or 1511. Although you could install Skype 8 on the machine, a better alternative is to update Windows 10 to the latest version (version 1803 – Windows 10 April 2018 Update — at this time). In doing so, you will have the latest version of Skype for Windows 10 as well as all the other Windows 10 improvements and security patches installed. If you need help updating Windows 10, contact us.

Adobe Released a Mega Update That Patches More Than 100 Security Vulnerabilities
Adobe Released a Mega Update That Patches More Than 100 Security Vulnerabilities

Five popular Adobe programs were found to be riddled with security holes. Learn about the programs that were affected, their vulnerabilities, and the update created to patch the holes.


In July 2018, Adobe released a major update that patches 112 vulnerabilities in five popular Adobe apps. These programs run on a variety of platforms, including Windows, macOS, and Chrome OS.

The vast majority of vulnerabilities (104) were found in Adobe Acrobat and Acrobat Reader for Windows and macOS. If exploited, the vulnerabilities could lead to sensitive information being leaked or cybercriminals running malicious commands. In one case, the exploited vulnerability could result in cybercriminals gaining elevated privileges, allowing them to possibly gain access to other resources. Security Bulletin APSB18-21 lists all the vulnerabilities patched in Adobe Acrobat and Acrobat Reader.

The July 2018 update also patches vulnerabilities in three other apps:

If you are using any of these five Adobe programs, you should check the appropriate security bulletin to see if the version you are using is affected. If so, it is a good idea to make sure the software has been patched. Although the five Adobe apps are designed to automatically update, that does not guarantee the patches have been applied. An update might not get installed due to an issue on your end (e.g., the program might be configured to never check for updates) or Adobe’s end (e.g., a glitch in the update process). We can make sure that the updates have been installed if you are unsure of how to do so.

Google’s Chrome 68 Web Browser Will Flag All HTTP Sites as “Not Secure”
Google’s Chrome 68 Web Browser Will Flag All HTTP Sites as “Not Secure”

In Google’s eyes, websites using HTTP are not secure, so it is marking them as such, starting in the Chrome 68 web browser. Find out why Google is taking this stance.


If you use the Google Chrome web browser, there is an upcoming change that might be alarming you if you are unprepared for it. Beginning with version 68, the browser will flag all HTTP pages as “Not secure” in the omnibox (i.e., the search/address bar at the top of the browser). Google is planning on releasing the Chrome 68 web browser sometime in July 2018.

This change is part of Google’s push to get more companies to transition their websites from HTTP to HTTPS. Both HTTP and HTTPS are protocols that allow different systems to communicate with each other. Typically, they are used to transfer data between a web server and a web browser. However, these protocols differ in one important respect: HTTPS creates a secure encrypted connection for the data to flow through, while HTTP does not. This means that the data flowing through an HTTP connection can be intercepted by hackers, which can be particularly troublesome when credentials, payment card numbers, and other sensitive information is being sent.

If your business’s website uses HTTP, you might consider making the transition to HTTPS for several reasons:

  • Your website will be more secure.
  • If you do not switch, your website will be flagged as “Not secure” by many Chrome web browsers. This might scare off website visitors, including existing and potential customers.
  • Since 2014, Google has given HTTPS sites slightly higher rankings in Internet searches compared to HTTP sites.

We can help you make the transition to HTTPS if you want to make the change.

3 Ways to Make Your Android Phone Work Better for You
3 Ways to Make Your Android Phone Work Better for You

Google Android smartphones have so many features and functions that you might not be aware of some of them. Here are three features you might want to try if your phone is running Android 5.0 or later.


Google Android smartphones have been around since 2009, so they have numerous features and functions — so many that you might not be aware of some them. Here are three features you might want to try on your Android phone (5.0 and later) to make it work better for you:

1. Disable Unwanted Preinstalled Apps to Improve Performance

Most Android phones come with preinstalled apps (aka bloatware) that smartphone manufacturers and wireless carriers include in hope that you will give them a try. However, unwanted preinstalled apps can consume your phone’s resources, especially if they often automatically update. Freeing up some of these resources can improve your phone’s performance.

You cannot remove preinstalled programs on an unrooted phone. However, this does not mean you should root your device so that you can uninstall them. Rooting refers to bypassing the restrictions that the smartphone’s vendor puts on the device’s operating system. It is best not to root a phone because it removes the security protections built into the operating system, which leaves the device more vulnerable to cyberattacks. Plus, rooting usually voids any warranty that the vendor provides.

A much better and safer option is to disable the preinstalled programs you do not want. To disable bloatware, follow these steps:

  1. Tap the Settings app in your “Apps” list.
  2. Choose “Applications”. Alternatively, this option might be listed as “Apps” or “Application manager”, depending on your Android version and your device’s make and model.
  3. Swipe over to “All”.
  4. Locate and select the preinstalled app you want to disable.
  5. Clear the “Show notifications” check box.
  6. Tap the “Force stop” button if the “Disable” option is grayed out. Apps cannot be disabled if they are running.
  7. Tap “Disable”. You will see a warning that says disabling a built-in app might affect other apps. Android won’t let you disable crucial system apps, but there might be few apps on which others depend. For example, some apps rely on Messenger. Bloatware usually does not fall into this category. Plus, if you find that a problem arises, you can easily reactivate an app from this screen.
  8. Tap “OK”.

2. Make the Screen Easier to Read

Smartphone screens are small, which can make reading them difficult. To make it easier to see and read items on your screen, you can enable Android’s “Magnification gesture” feature. The only items you cannot magnify are the keyboard and notification bar.

Here is how to enable the feature:

  • Tap the Settings app in your “Apps” list.
  • Select “Accessibility”.
  • Tap the “Magnification gesture” option in the “System” section.
  • Move the slider to the “On” position.

Once enabled, zooming in on an item is easy. All you need to do is tap the item three times in rapid succession. You can adjust the magnification level by pinching two fingers together to zoom out or pulling them apart to zoom in. Triple-tapping again will remove the magnification altogether.

3. Encrypt Your Phone to Secure Your Data

If you keep sensitive business data on your device, you might want to use Android’s “Encrypt phone” feature. Once your phone is encrypted, no one can access your data without your personal identification number (PIN) or password. So, if your phone is stolen, the thief will not be able to read your data.

On some Android devices, the “Encrypt phone” feature is already enabled, but most often it is not. Before you enable this feature, though, you need to be aware of several caveats:

  • Encryption might lead to slower performance since the data needs to be decrypted whenever you access it. However, the drop in performance is not usually noticeable, especially on newer, more powerful devices.
  • Only a few Android devices offer a “Decrypt phone” option if you decide you do not want your data encrypted anymore. In this case, the only way to go back to an unencrypted phone is to perform a factory data reset, which will remove all your data.
  • You cannot encrypt a rooted phone.

Encrypting your phone will take at least an hour, so you need to fully charge your battery beforehand. (Android won’t even attempt the process if the battery does not have enough power.) Plus, you will need to have your charger handy since your phone must be plugged in during the process. If the process is interrupted because your battery drains, you will lose all your data.

After you have charged your phone, follow these steps to access the “Encrypt phone” feature:

  1. Tap the Settings app in your “Apps” list.
  2. Choose “Personal”.
  3. Select “Security”.
  4. Find the “Encrypt phone” option in the “Encryption” section.

Note that these steps might vary depending on a device’s make and model. Smartphone vendors are allowed to customize the Android operating system, in which case they might put the “Encrypt phone” option in a different location in the Settings app.

Once you have found the “Encrypt phone” option, tap it to start the encryption process. You’ll be guided through it, so you just need to follow the instructions. You might receive several prompts, such as a prompt to plug your phone into your charger and one to set a PIN or password. If you previously created a PIN or password to secure your lock screen, you will not be prompted to create another one. The same PIN or password will be used.

We can answer any questions you might have about the pros and cons of encrypting your phone. We can also perform the encryption process if you are uncomfortable doing it yourself.

Faceless Cybercriminals Aren’t the Only People Who Might Steal Your Business Data
Faceless Cybercriminals Aren’t the Only People Who Might Steal Your Business Data

Although most companies take measures to defend against external cyberattacks, threats from within are often overlooked. Find out how to defend your business against insider threats.


In June 2018, a disgruntled Tesla employee hacked one of the company’s systems and sent highly sensitive data to unknown third parties, according to an email sent by Tesla CEO Elon Musk. The employee was upset because he did not receive a promotion.

This is not an isolated case. Having someone on the inside perpetrate a data breach is more common than you might think. A 2017 McAfee study found that 22% of data breaches were intentionally caused by malicious insiders, including current and former employees, contractors, and third-party suppliers. Most often they stole customer data, employee information, and intellectual property.

Thus, it is important to protect your business data from malicious insider threats. To do so, it helps to know about the common elements in these types of attacks.

The Common Elements

Three elements are typically present in malicious attacks perpetrated by insiders:

  • Pressure. The insiders feel pressure to commit a crime, usually out of desperation or greed. For example, they might steal data or money because they need to pay off large medical bills or gambling debts.
  • Rationalization. The insiders use rationalization to convince themselves that their actions are acceptable rather than criminal. For example, they might rationalize that the company deserves the attack because of the way it treats employees or customers.
  • Opportunity. The criminals have the opportunity and ability to not only commit the crime but also conceal it. For instance, they might be able to access a database containing customer data because the database has weak internal controls.

These three elements are collectively known as the Fraud Triangle. Being aware of this triangle can help businesses defend against malicious insider threats. However, there is little companies can do to identify and alleviate employees’ personal pressures, such as having large medical bills or a gambling habit. Fortunately, insider attacks usually involve all three elements, so companies can concentrate on mitigating rationalizations and minimizing opportunities instead.

Mitigating Rationalizations

Malicious insiders often rationalize their actions by convincing themselves they are righting a wrong. For example, a disgruntled employee who feels he has been unfairly passed over for a promotion might believe that stealing data is the best way to right that wrong decision.

Letting employees express their frustrations and concerns through feedback forms and anonymous surveys can help mitigate insider threats spurred by disgruntlement. For this to work, though, you have to address their frustrations and concerns in an open and honest manner. Employees need to feel confident that they won’t be penalized for asking why they did not get a promotion or why they did not get a bonus or raise when others did.

You can also mitigate rationalization by regularly interacting with employees. For instance, you might hold company-sponsored events such as picnics or simply walk around the workplace, talking with employees. They will be less likely to attack the company out of spite or anger if you have a genuinely warm attitude toward them.

Minimizing Opportunities

Companies have the most control over addressing the opportunity element. To minimize the opportunities for insider attacks in your business, you might consider implementing the following measures:

  • Follow the principle of least privilege. In other words, limit employees’ access to company resources to the minimal level that will allow them to perform their job duties. In addition, the access should be in effect for the shortest duration necessary.
  • Conduct audits periodically to identify access rights that should be removed because they were inappropriately granted or still exist from previous job roles.
  • Use access control tools to regulate which employees, systems, and apps can view or use a company’s resources.
  • Monitor your company’s network, systems, and resources for unusual activities, such as a sizeable increase in the number of files being printed during off-hours, large spikes in network traffic, and frequent remote access of a system at odd times.
  • Create policies that let employees know you are monitoring the company’s network, systems, and resources for unusual activities.

If you are not sure whether your business is doing all it can to minimize the opportunities for insider attacks, contact us. We can assess your systems and make sure the necessary measures are in place.

4 Annoyances You Will No Longer Have to Endure in Microsoft Edge
4 Annoyances You Will No Longer Have to Endure in Microsoft Edge

Microsoft included a new version of its Edge web browser in the April 2018 Windows 10 Update. Learn about four new features that eliminate some minor annoyances that users often encountered in the past.


Microsoft introduced its Edge web browser in 2015 when it rolled out Windows 10. Since then, the company has been steadily improving the browser.

In the April 2018 Windows 10 Update, Microsoft included a new version of Edge. This browser has many new features, four of which eliminate some minor annoyances that users often encountered in the past. Here are the features and how to use them:

1. Mute a Web Page Instead of Your Computer

Some web pages have ads or podcasts that play automatically, which can be quite distracting if you are trying to concentrate on another part of the page. Instead of muting your speakers to get rid of unwanted audio content on a web page, you can now mute the sound just on the offending page.

To mute a web page, right-click its tab and select “Mute tab”. This option is grayed out until an audio file starts playing. If you want to hear an audio clip after you have muted it, right-click the tab again and select “Unmute tab”.

2. Print Without All the Clutter

Printing web pages that include a lot of ads and other clutter can waste ink and paper. Edge now has a “Clutter-free printing” feature that lets you print a web page’s content without these unwanted elements.

Unfortunately, this feature does not work on all web pages yet. On the web pages where it is available, you will find the “Clutter-free printing” option on the menu inside the “Print” box. You might have to scroll down to see it. By default, it is set to “Off”, as Figure 1 shows. To enable this feature, simply select “On” from the drop-down list.

The “Clutter-free printing” feature works when using Windows 10’s”Microsoft Print to PDF” tool and other PDF-creation software (e.g., Adobe Acrobat). Thus, you can create clutter-free PDF files.

3. Get Rid of Annoying Prompts to Save a Site’s Password

Security experts generally do not recommend letting your web browser save your online account passwords. Hackers could potentially learn those passwords if they physically or remotely gain access to your computer.

In the past, if you refused to let Edge save a website’s password, you would get the box asking “Would you like to save your password for …” every time you logged in to that site. This annoyance has been removed in the new version of Edge. The browser now offers the “Never” option in the “Would you like to save your password for …” box. Once you choose this option for a site, Edge will no longer display the save-password box when you log in to that site.

4. Access What You Need While in Full-Screen Mode

Edge’s full-screen mode lets you view a web page without the browser’s ribbon at the top and Windows 10’s notification bar at the bottom, allowing you a more immersive web experience. But this experience used to come with an inconvenience. If you wanted to access the ribbon to print or bookmark the web page or if you wanted to see the clock or adjust the speakers’ volume in the notification bar, you had to first exit the full-screen mode.

This inconvenience has been eliminated in the new version of Edge. When you are in full-screen mode, you can now access Edge’s ribbon by simply moving your mouse pointer to the top edge of the screen. Similarly, you can access Windows 10’s notification bar by moving your mouse pointer to the very bottom of the screen.

How to Easily Reset a Forgotten Password in Windows 10
How to Easily Reset a Forgotten Password in Windows 10

You can now reset a forgotten password right from your computer’s login screen, no matter whether you have a Microsoft or local account. Here is what you need to do.


To log in to Windows 10, you can use a Microsoft account or a local account. If you have a Microsoft account, your credentials are stored in the cloud. If you use a local account, your credentials are stored in your computer. Thanks to recent enhancements in Windows 10, you can now reset a forgotten password from your computer’s login screen, no matter which type of account you use.

What to Do If You Have a Microsoft Account Password

In the Windows 10 Fall Creators Update, Microsoft rolled out a new feature that lets you reset a forgotten Microsoft account password from the login screen on your computer. Previously, you had to access Microsoft’s password reset web page on another device to reset a forgotten password.

Here is how you can reset your Microsoft account password if you have forgotten it:

  1. Choose the “I forgot my password” option under the password entry box on your computer’s login screen.
  2. Enter your Microsoft account email address, type in the characters you see in the CAPTCHA box, and click “Next”.
  3. Select either the phone number or secondary email address that you associated with your Microsoft account when you created it.
  4. Enter the hidden part of the phone number or email address you selected in step 3.
  5. Click the “Send code” button to receive a security code from Microsoft.
  6. Type in the security code you receive and choose “Next”.
  7. Enter a new password and click “Next”.
  8. Click “Next” again.

You can now use your new password to log in to Windows 10.

What to Do If You Have a Local Account Password

In the Windows 10 April 2018 Update, Microsoft introduced a way for you to reset a local account password from your computer’s login screen. Prior to this update, you had to create a password reset disk or use some other workaround, none of which were easy fixes. Now all you have to do is correctly answer three security questions that you set up in advance.

Here is how to set up the security questions:

  1. Open the Start menu by clicking the Windows button.
  2. Click the gear icon, which is located in the lower left corner of the Start menu.
  3. Choose “Accounts”.
  4. Select “Sign-in options”.
  5. Choose the “Update your security questions” option.
  6. Enter your account password and click “OK”.
  7. In the boxes that appear, select three security questions and enter your answers.
  8. Click “Finish”.

When choosing your security questions and answers, it is important to select questions whose answers are not easily gleaned from social media sites, web searches, or public records. These resources might provide cybercriminals with the information needed to answer your security questions. For example, hackers might be able to ascertain the answer to the question “What’s the name of the city where you were born?” from your Facebook page or public records. One way to avoid this problem is to provide incorrect or nonsensical answers to the security questions.

After you set up your security questions, it is easy to get into your local account if you forget the password. Follow these steps:

  1. When you enter an incorrect password on the login screen, Windows 10 will display the message “Your password is incorrect. Try again.” Click the “OK” button under this message.
  2. Select the “Reset password” option that now appears under the password entry box.
  3. You will be presented with the three security questions you chose. Enter the answer for each question and click the arrow button.
  4. Enter a new password, confirm the new password by entering it again, and click the arrow button.

You can now use your new password to log in to your local account.

Not Sure If You Have the Necessary Update?

To use these password reset methods, you must have the appropriate update installed on your computer. If you are using a local account, the Windows 10 April 2018 Update is required. If you are using a Microsoft account, you need at least the Windows 10 Fall Creators Update, which was released in November 2017, on your machine. We can let you know which updates have been installed on your computer if you are uncertain.

Select the Best Backup Solution for Your Business’s Laptops
Select the Best Backup Solution for Your Business’s Laptops

Although challenging, backing up laptop data is important. Here are some options to keep in mind when you are determining the best way to back up the data in your company’s laptops.


Backing up laptops can be challenging for companies because they often are not connected to the network when network backups are performed. However, it is important to back up laptop data. There are many ways to do so. They often fall into four main categories: manual backups, company-developed backup solutions, on-premises commercial backup solutions, and cloud backup services.

Manual Backups

One backup strategy is to require laptop users to manually perform backups. To back up data, laptop users can:

  • Use a local backup utility and write the backups to a thumb drive or DVD
  • Use an external backup drive
  • Log in and back up to a server on the company network
  • Log in and back up to the company’s private cloud

This type of backup is convenient for laptop users because they can perform a backup when it is convenient for them. However, users might not perform backups regularly. Plus, using thumb drives, DVDs, and external backup drives can be risky if users do not encrypt and physically secure their backups. Not encrypting and securing backups can lead to data breaches. It can even lead to fines if a company needs to meet certain privacy regulations, such as the US Health Insurance Portability and Accountability Act (HIPAA) and the EU General Data Protection Regulation (GDPR).

Company-Developed Backup Solutions

Another backup strategy is to have someone build a custom solution that automatically performs laptop backups. These solutions often use technologies and utilities already present on computers and networks. For example, an in-house IT administrator or an IT service provider might develop a backup solution that uses two batch files. The first batch file could schedule a local backup utility to run each day on the laptops. The second batch file could then use a file-copying utility to copy the backup files to a network server whenever the users log in.

With custom laptop backup solutions, you can control what gets backed up, when it is backed up, how it is backed up (encrypted or not), and where to store the backup files. Plus, they usually do not cost much since they usually use built-in technologies and utilities. However, it takes time and a lot of know-how to build a custom solution. Plus, when users connect their laptops to the network, the laptops’ performance can slow down because copying backup files increases the network load. Slow laptops can hurt users’ productivity.

On-Premises Commercial Backup Solutions

If you want to back up laptop and desktop computers with the same solution, you might consider using on-premises commercial backup software. Some of these software solutions require the installation of agents on the computers so they can be backed up by a server-based tool. There are also agentless versions. Instead of using agents, the laptop and desktop computers log in to the server containing the backup tool.

Like custom backup solutions, agent-based and agentless backup software lets you control what gets backed up, when it is backed up, how it is backed up, and where to store the backup files. Plus, commercial backup solutions often feature deduplication (the elimination of redundant data in backups), compression, and incremental backups to minimize network load and storage space.

With commercial backup software, you do not have to build the solution, but there are some other disadvantages. With agent-based backup software, you need to install and update agents, which can be time-consuming. Further, agents can be hacked. Agentless backup software can also introduce security risks because a privileged account or password needs to be used to log in to the server containing the backup tool. No matter whether the commercial backup software uses agents or not, it requires an upfront investment.

Cloud Backup Services

You can use a cloud backup service to back up just your laptops or back up laptop and desktop computers. Some cloud backup service providers require agents to be installed on the computers being backed up, whereas others do not. The backup service provider is responsible for installing and updating any agents, saving you time and hassle.

With a cloud backup service, you can control what gets backed up and when it gets backed up. You cannot control where the backups are stored, though, as they are stored in the service provider’s cloud. Although the backups are usually encrypted, you also have little control over the measures being taken to secure your encrypted data when it is in the cloud.

Like on-premises commercial backup software, cloud backup services offer deduplication, compression, and incremental backups. These features minimize storage space as well as bandwidth during backup operations. Laptop users can usually postpone a backup if it is scheduled to occur at an inconvenient time. However, if they need to access a backup file stored in the cloud but the Internet connection is down, there is little they can do except wait.

A cloud backup service does not require an upfront investment. You pay a service provider fee. A common approach is to charge a monthly fee based on the number of computers being backed up.

What to Consider When Determining the Best Backup Strategy

There are many considerations you need to keep in mind when determining the best strategy for backing up your laptops. For example, you need to:

  • Make sure the backup solution is business grade. Some on-premises and cloud backup solutions are consumer grade and not a good fit for businesses.
  • Make sure you consider how much data loss is acceptable if a laptop is lost or stolen and what is an acceptable time for users to wait to recover their data from a backup. Backing up data more frequently will reduce the amount of lost data and allow users to resume business faster. However, performing more backups requires more storage and higher costs.
  • Make sure the solution allows for the secure storage of backup files.
  • Make sure the backup files will be available if a disaster strikes (e.g., cyberattack, tornado)
  • Make sure you consider any new backup strategies. Backup strategies are continually changing to meet companies’ needs. For example, hybrid solutions that store backups onsite and in the cloud are becoming more popular.

Choosing the best backup strategy for your laptops is important but not easy. We can help you navigate through the many options.

Watch Out for GDPR Phishing Scams
Watch Out for GDPR Phishing Scams

Hackers are sending out GDPR phishing emails, trying to trick people into entering the kinds of data that the General Data Protection Regulation is designed to protect. Learn about this scam and how to protect your business from it.


Companies that must comply with the EU’s General Data Protection Regulation (GDPR) have been busy emailing customers with information about updated privacy policies, consent forms, and other GDPR topics. These companies are not the only ones sending GDPR-related emails, though. In May 2018, security researchers discovered that hackers were distributing GDPR phishing emails designed to trick people into entering the kinds of data that the regulation protects.

The Scam

Pretending to be from Airbnb, the hackers sent phishing emails, mainly to businesses’ email accounts. The hackers took the time to make the emails look like they were from Airbnb and even included its logo. Perhaps they got the idea and the logo from the email that the real Airbnb sent to customers about its privacy policy changes.

The phishing emails noted that Airbnb had updated its privacy policy. The recipients were told they had to accept the new privacy policy before they could log back into the Airbnb website. To accept it, they had to click a link in the email. The link led to a spoofed Airbnb website, where the victims were instructed to enter their account credentials, payment card information, and other personal data. If they did so, it fell right into the cybercriminals’ hands.

How to Protect Your Business

Phishing attacks like the Airbnb scam are not going away any time soon since hackers have successfully used them to steal money, obtain credentials, and spread malware. Thus, you need a strategy to protect your business from these attacks. You might consider using a strategy that is based on three lines of defense.

The First Line of Defense

The first line of defense is your email filtering tools and security software. By keeping them up-to-date, fewer phishing emails will reach employees. You also need to make sure that your security software is on every computing device in your business, including smartphones.

The Second Line of Defense

Email filtering tools and security software won’t catch every phishing email, so the next layer of defense is your employees. You should educate them about phishing emails. Besides warning them about the dangers of clicking links and opening attachments in emails, you should teach them how to spot phishing scams. Elements to look for include:

  • A deceptive email address. Phishing emails often include a deceptive email address in the “From” field. For example, in the GDPR phishing email, the Airbnb email address was “@mail.airbnb.work” and not a real Airbnb address.
  • A request for personal information. If an email asks recipients to enter a password, credit card number, bank account number, or other sensitive information, it is most likely a scam. In the Airbnb phishing scam, recipients were asked to enter their account credentials and payment card information. The email sent out by the real Airbnb did not ask customers to enter any personal information.
  • A sense of urgency. Cybercriminals like to create a sense of urgency by telling the potential victims there is problem that requires their immediate attention and that there will be unfortunate consequences if they do not take action. In the Airbnb phishing email, the potential victims were told that they wouldn’t be able to log in to their accounts if they did not accept the new privacy policy.

The Third Line of Defense

The third line of defense is to take a few preemptive measures in case an employee falls for a phishing scam, despite your best efforts to prevent it. You can help mitigate the effects of a successful phishing attack by:

  • Using a unique strong password for each business account. As the Airbnb scam illustrates, obtaining login credentials is the goal of many phishing scams. Once cybercriminals get the password for one account, they will try to use that password (or a similar version of it) to access other accounts because hackers know that people like to reuse passwords. If you use a unique strong password for each business account, cybercriminals will not be able to use the compromised password to access other accounts.
  • Keeping operating systems and applications up-to-date. Hackers often exploit known vulnerabilities in software to install malware. By making sure your software has the latest security patches, you might be able to stop a malicious program that was released by a successful phishing attack.
  • Performing backups regularly and making sure they can be successfully restored. Backups can save the day if an employee falls for a scam that unleashes ransomware. You will be able to restore your data and systems from backups taken before the attack.

What’s Your Strategy?

Although developing a strategy to protect your business from phishing attacks takes some effort, it is important to have one. Using the three lines of defense presented here is a good starting point. We can help you create and then implement a strategy tailored to your company’s needs.

Hackers Infected a Half Million Routers with Powerful Malware
Hackers Infected a Half Million Routers with Powerful Malware

Cybercriminals infected small office and home office routers with the VPNFilter malware. Here is what you need to know about VPNFilter, including what to do if you think router might be infected.


Routers are easy targets for hackers. These devices connect directly to the Internet, so accessing them takes little effort. Plus, most routers do not include built-in protection against malware. Further, known vulnerabilities in routers are often not patched by users since updating their firmware takes some know-how. Because it is so easy to hack routers, cybercriminals were able to infect a half million of these devices with a malware variant known as VPNFilter.

Here is what you need to know about VPNFilter, including what to do if you think one of your routers might be infected with it.

What You Need to Know

Security researchers at Talos recently discovered that cybercriminals had implanted the VPNFilter malware into networking devices used by small offices and home offices around the world. Devices found to be infected include Linksys, MikroTik, NETGEAR, and TP-Link routers as well as QNAP network-attached storage (NAS) devices.

VPNFilter turned the routers and NAS devices into a giant botnet. Security researchers and law enforcement surmised that the cybercriminals were planning to use the botnet to carry out a cyberattack in Ukraine since some of the code in VPNFilter was found in a malware strain used to cripple Ukraine’s power grid back in December 2015.

Fortunately, in May 2018, the US Federal Bureau of Investigation (FBI) seized the website that the hackers used to control the botnet, crippling their ability to carry out the planned attack. However, the danger is far from over. A half million devices are still infected with VPNFilter. The Talos security researchers found that one of VPNFilter’s code modules would allow cybercriminals to collect any data passing through a router or NAS device, including sensitive data such as passwords. Even worse, they discovered another code module designed to overwrite portions of the devices’ firmware, which would make the devices unusable. The situation is so serious that the FBI issued an alert about what the owners of small office and home office routers should do to protect themselves.

What You Need to Do

Symantec has compiled a list of routers and NAS devices known to be affected by VPNFilter. However, there is no easy way to tell if a device is infected. So, if your device is on Symantec’s list, it is highly recommended that you implement four security measures. Some security experts are even advocating that anyone with a small office router, home office router, or NAS device take these measures, even if their device is not on the list.

Here are the security measures:

  • Reset the device to its factory defaults. This will remove VPNFilter from your device if it is present and reboot the device. Note that simply rebooting the device removes some but not all of VPNFilter’s code. So, the device will still be infected.
  • Update your device’s firmware. The hackers exploited known security vulnerabilities to infect routers and NAS devices with VPNFilter. Updating your device’s firmware will patch those vulnerabilities and prevent your router from being re-infected in the future.
  • Disable the device’s remote management feature. Many routers and NAS devices have a remote management feature. While this feature offers convenience, it also makes it easier for hackers to break into your network.
  • Change the device’s default admin password. It is relatively easy for cybercriminals to find the default passwords for routers and NAS devices, so you should change the default password. Be sure to select one that is unique and strong.

Give us a call if you need assistance with implementing any of these measures.