Cyber Security Tips: How to Spot Phishing Attacks

Cyber Security Tips preview

Phishing attacks are becoming more prevalent as a form of attack here in the Philippines. More SMS and email scams are being sent to individuals on a daily basis to try and steal credentials from those who are not familiar with it. It has become so prevalent that most Philippine banks have made many campaigns to warn their users how to spot a Phishing attack. Knowledge on these kinds of attacks is the best way to prevent them. We at CT Link are committed to helping spread awareness through cyber security tips that can help to spot fishy SMS or emails.

Cyber Security Tips on How to Spot a Phishing Attack

So what are simple ways to help spot a Phishing attack? Well from the example email example below, we can start looking from top to bottom.

  1. Check the email domain carefully – does it look legitimate? If you are unsure, you can easily look online to see if it is.
  2. Are there any attachments – Always be wary of attachments, never open files until you have confirmation the email is legitimate.
  3. Generic Greetings and Urgency – Emails from your legitimate accounts would not be refer you vaguely and would not push for immediate resolution of a problem.
  4. Wrong grammar or Typos – Emails are professionally made and proofread by bigger companies. If there are typos or bad grammar, it most likely a Phishing attack.
  5. Suspicious links – When it comes to links in an email, it is always best to never open until sure, or preview the link on a desktop if possible to see where its going.
Phishing Sample Email

For more examples and explanations, read further below as we go in better detail on what to look out for!

Examine the Sender’s Email Domain or Number

After reviewing the message, check the sender’s email or phone number. Legitimate companies typically use consistent and familiar domain names or phone numbers. If you notice personal numbers or typos in the email domain, or if it uses generic domains like Gmail or Yahoo, it’s likely a phishing attempt.

Cyber Security Awareness fake domains

Beware of Links and Attachments

Another red flag is the presence of attachments or links in the email or SMS. Exercise caution when dealing with email attachments, and always verify their legitimacy before opening. Be especially wary of files with unfamiliar extensions, as these are commonly associated with malware (e.g., .zip, .exe, .scr). For links, hover your cursor over them to preview their destinations. It’s best practice to ask for confirmation before clicking any link.

Suspicious Links and Files

Be Cautious of Urgency in Messages

If you receive emails or SMS messages claiming that something urgent has occurred with your account, such as “your password has expired,” “unusual account activity,” or “response required,” exercise caution. These messages play on your fears to prompt immediate action. Take a moment to consider their authenticity.

Cyber Security Tip Urgency

Pay Attention to Message Content

If the email or message doesn’t address you by name or contain personal details, it’s likely fraudulent. Legitimate entities should have your information on hand. Additionally, watch for typos or grammatical errors in the message, as professionally crafted communications are carefully proofread. Scammers often rush or may not have English as their first language.

Cyber Security Tips bad grammar

Cyber Security Tips: What to Do If You Suspect a Phishing Attack?

As mentioned earlier, it’s wise to consult your administrator or someone well-versed in security matters. You can also fact-check online to confirm the legitimacy of emails or SMS messages. Taking a moment to verify can prevent significant harm to you and your organization.

For more information and cyber security tips about phishing attacks, please feel free to contact us at marketing@ctlink.com.ph.

Remember that staying informed about phishing attacks and their prevention is vital to your online security. Stay vigilant and share these tips with your friends and colleagues to help protect everyone from potential threats.

Gartner’s Top Cyber Security Trends in 2022

Gartner Trends 2022
Gartner Cyber Security Trends

Looking back, cyber security trends were numerous this 2022. This year had many ups and downs in terms of cyber security in the Philippines as many businesses had to shift from office to remote work and now hybrid. These past few years have shown many businesses that their security solutions need to be able to adapt and handle threats that can pop up at any time. To better prepare for 2023, Gartner has published their top cyber security trends of 2022 that you and your business should be aware of.

Cyber Security Trend: Attack Surface Expansion

Cyber Security in the philippines

According to Gartner, 60% of knowledge workers are working remotely, and 18% of these workers will not return to the office. This opens businesses to many risks as more points of entry are now open to cyber criminals to go through. This includes threats associated with open-source code, IoT physical systems, cloud workloads, SaaS applications, social media and more.

Cyber Security Trend: Identify Threat Detection and Response (ITDR)

Cyber Security examples

ITDR is a new term that Gartner introduced in their recent report. It is best described as a collection of tools and best practices to successfully defend identity systems from endemic level of attacks. ITDR tools are highly recommended by Gartner as a security solution to look for in the coming years. This is due it being able to support discovery and inspection, provide analysis capabilities, enable policy evaluation, and provide incident management and remediation suggestions to restore affected systems.

Cyber Security Trend: Digital Supply Chain Risk

Cyber Security Supply Chain

Gartner predicts that by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains. Businesses should be more wary of these types of attacks in 2023 and the future.

Below are the four main categories that digital supply chain generally falls under:

  • The potential disclosure of sensitive information shared with supply chain partners
  • Compromise of infrastructure shared with supply chain partners such as networks, software, cloud service and managed services providers
  • Attacks through common commercial and open-source software used in business and IT operations
  • The exploitation of security flaws in the digital products sold to customers

Cyber Security Trend: Vendor Consolidation

Vendor Consolidation

Vendors are consolidating security functions into single platforms. This is to reduce the complexity of the growing number of technologies businesses use while creating a more attractive package to businesses. Doing this may introduce new challenges such as reduced negotiating power and potential single points of failure, the reduction in complexity and improved efficiency will lead to a better overall security.

To learn more on the other cyber security trends, you can click here to view the full article or you can contact us at marketing@www.ctlink.com.ph.

Zero Trust Security: 6 reasons Why Companies are Adopting it

Zero Trust Security: 6 reasons Why Companies are Adopting it

As we are more than halfway through the year, we have seen that the Covid Pandemic has accelerated the need of many companies to provide a better remote access solution not just for sales, but for many other divisions. Although many have been concerned with performance of their applications with this new setup, many are also starting to see the need to improve their security for these solutions as well.

A global study was done by Cybersecurity Insiders which showed that many are already looking into incorporating it into their Secure Access Architecture. Below are a few key findings from the study:

  • Over 60% of participating organizations find the Zero Trust tenets of continuous authentication and authorization, trust earned through entity verification, and data protection as most compelling for their organization
  • Over 40% of participating organizations expressed privilege management, insecure partner access, cyberattacks, shadow IT risks, and vulnerable mobile and at-risk device resource access as top challenges to secure access to applications and resources
  • 45% of participating organizations are concerned with public cloud application access security, and 43% with BYOD exposures
  • 70% of organizations plan to advance their identity and access management capabilities
  • 30% of organizations are seeking to simplify secure access delivery including enhancing user experience and optimizing administration and provisioning
  • 41% of participating organizations are looking to re-evaluate their secure access infrastructure and consider Software Defined Perimeter (SDP) – with the majority requiring a hybrid IT deployment and a quarter adopting a SaaS implementation.

On a global scale, we can see that the trend of remote access solutions is becoming the new norm for many organizations. While we move forward, our IT Security team has to deal with the increased security risks as we open new security flaws with unauthorized and non-compliant devices.   

This is where security vendors with Zero Trust Security products and solution providers like us can help your organization. We have been helping many clients throughout the lockdown to find the right solution for them whether it has been for improving remote access performance or security.

The Zero Trust Model can be summarized by the following questions: Can the user prove their identity and of the device they are using? Are they allowed to access this application? Is the network they are using secure? If they cannot answer yes to either of these questions, they should not gain access to the network.

If you are interested to learn more about the solution, you may read more here, or you may contact us directly at 88939515 for us to better assess your situation and find the right solution for you!


Image Provided by Vecteezy

Endpoint Security Redefined: OfficeScan to Apex One

Endpoint Security Redefined: OfficeScan to Apex One

Why Migrate to Trend Micro Apex One?

The threat landscape used to be black and white – you kept the bad stuff out and the good stuff in. Now its harder to tell the good from the bad, and traditional signature-based antivirus approaches alone are a weak defense against ransomware and unknown threats, which often slip through. Next-generation technologies help with some threats but is in no way foolproof, and adding multiple anti-malware tools on a single endpoint results in too many products that don’t work together.

Trend Micro Apex One uses a blend of advanced threat protection techniques to eliminate security gaps across any user activity and any endpoint.  It constantly learns, adapts and automatically shares threat intelligence across your environment.

We invite all our existing OfficeScan customers to join us this coming June 26, 2019 from 11:00 AM – 2:00 PM at Perfect Pint Greenbelt 2 to learn more about the benefits of migrating to Apex One.  To learn more on how to register for this event, you may contact your existing Account Manager or contact us directly at 893-9515!

About Trend Micro

Trend Micro is a leading provider of cybersecurity solutions designed to protect individuals and businesses against various online threats. Trend Micro Security offers advanced security features such as anti-malware, anti-phishing, and anti-ransomware to safeguard against malicious attacks. With easy-to-use interfaces and automatic updates, Trend Micro Security provides comprehensive protection against viruses and other threats while optimizing system performance. With over 30 years of experience, Trend Micro has become a trusted name in cybersecurity, serving millions of users worldwide.

 

Security Advisory: Microsoft Alerts Customers to Patch BlueKeep Vulnerability ASAP

Security Advisory: Microsoft Alerts Customers to Patch BlueKeep Vulnerability ASAP

In case you didn’t hear, another big vulnerability was reported by Microsoft on May 14, 2019 known as “BlueKeep” which takes advantage vulnerabilities of Remote Desktop Services (RDS), Remote Code Execution (RCE), and Remote Desktop Protocol (RDP).  However, BlueKeep only affects older version of Windows, so users of Windows 10 and 8 can rest easy.  The severity of the vulnerability though has forced the hand of Microsoft and they have actually made and released a security patch for its unsupported versions.  They have classified this vulnerability as a critical level threat.

This is why as of June 4, 2019, Microsoft once again urged its customers to apply the patch as soon as possible as more than 1 million devices are still vulnerable to the attack.  This is to avoid another widescale malware attacks like those of the WannaCry ransomware attack back in 2017.  Many companies were affected by the attack and caused many business operations to stop, more notably hospital operations.

What can you do to avoid being affected?

Microsoft has already provided the solution to BlueKeep, make sure you download the latest security patch for your corresponding OS (you can find the patches here).  You may need to reboot your servers to ensure the patch is running properly.

For those who are Trend Micro users, specifically those who use Deep Security, if you are unable to apply the patch due to other reasons, such as being unable to reboot your servers, please make sure that you apply the correct policy for the virtual patching of Deep Security to ensure the security of your servers.  Below is the Deep Packet Inspection (DPI) rule:

  • 1009749 – Microsoft Windows Remote Desktop Services Remote Code Execution Vulnerability

You can view the official Trend Micro article on it here.

For those who are looking into a longer-term solution, you can consider solutions such as Citrix Gateway and Virtual Apps to secure your remote connections to Windows servers.

To learn more about these solutions, you can contact us at 893-9515 and we will help introduce you to different options that you have to help prevent these kinds of vulnerabilities!

Your Data at Large: Some of the Common Security Pitfalls

Your Data at Large: Some of the Common Security Pitfalls

With data mobility’s rise, you would expect that security of data would increase as well.  However, many of the controls to mitigate the risk of data exposure still rely on traditional protection.  Direct attacks, simple mistake, and even negligence are still major reasons as why data is lost.  Below are some of the most common examples of common security pitfalls:

  • Loss or destruction of endpoints
  • Using consumer-grade collaboration and file sharing tools
  • Transferring files over insecure media including USB drives
  • Emailing sensitive information to personal email accounts
  • Social engineering (i.e. phishing) – the human factor and malware

These days, we use new IT services built on multiple cloud infrastructures to work in conjunction with the legacy and custom applications (business critical apps) built on-prem, this results in business data sprawled across multiple devices and locations.  This makes the traditional enterprise perimeter almost completely eroded.  The industry’s response has been to solve each gap in security with slew of security products, which each have their own unique policies, capabilities and limitations.  This creates even more complexity in the already complex problem which can do ultimately do more damage than help.

In the global study from Citrix and The Ponemon Institute, they  discovered that:

  • 64 percent of respondents say their organization has no way to effectively reduce the inherent risk of unmanaged data (e.g. downloaded onto USB drives, shared with third parties, or files * with no expiration date)
  • 79 percent of respondents are worried about security breaches involving high-value information
  • 52 percent of respondents do not feel that their security infrastructure facilitates compliance and regulatory enforcement with a centralized approach to controlling, monitoring and reporting of data

That requires a purpose-built architecture, one that is designed and hardened for security from the ground up. Integral to this architecture is the inherent security Citrix provides by:

The solution to the problem?  Control must be given back to IT while delivering security to the business without affecting the users experience.  This type of architecture is inherent in the security Citrix provides by:

  • Centralizing and keeping data off endpoints
  • Containerizing and encrypting data on mobile devices
  • Controlling access to data contextually
  • Using file level access and control (DLP and IRM) for data in motion
  • Partnering with industry leaders to protect data

At the end of the day, people need and want to work efficiently, if we make data sharing onerous it would create more problems rather than help solve them.

To learn more about Citrix products, please visit our product page or call us directly at 893-9515.

CT Link Systems, Inc. joins Security TRENDs 2017!

CT Link Systems, Inc. joins Security TRENDs 2017!

Enterprises and organizations are facing next-tier, multifaceted threats that are both familiar and uncharted. As the cloud and the Internet of Things (IoT) ecosystem become more interconnected, it is essential for organizations tore-evaluate and redefine their understanding of threats, risks, and solutions in an ever-changing landscape.

With that, organizations and enterprises must ask: what threats should they prepare for? What risks are involved? What processes and procedures should be implemented?

In the face of next-tier threats, businesses must step up their game and LEVEL UP their defence against these threats.

In lieu of this, CT Link Systems, Inc. has joined Trend Micro’s Security TRENDs 2017 Executive Threat Defence Summit as an exhibitor to help educate businesses in the Philippines on the importance of Cyber Security.

To learn more or register to the event, please visit the site Here!

About Trend Micro

Trend Micro is a leading provider of cybersecurity solutions designed to protect individuals and businesses against various online threats. Trend Micro Security offers advanced security features such as anti-malware, anti-phishing, and anti-ransomware to safeguard against malicious attacks. With easy-to-use interfaces and automatic updates, Trend Micro Security provides comprehensive protection against viruses and other threats while optimizing system performance. With over 30 years of experience, Trend Micro has become a trusted name in cybersecurity, serving millions of users worldwide.