The Connection, Inc Blog

The Connection, Inc has been serving the New Jersey area since 1992, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

A Field Guide to Phishing Attacks

A Field Guide to Phishing Attacks

Despite the name being mildly amusing, phishing attacks are no laughing matter. These scams, in all their different forms, wreak havoc on businesses—ranking as the top breach threat in the 2020 edition of Verizon’s annual Data Breach Investigations Report, and successfully impacting 65 percent of United States organizations in 2019 as reported by Proofpoint’s 2020 State of the Phish Report. Avoiding them requires you to be able to spot them, so let’s go over the different varieties of phishing that can be encountered.

0 Comments
Continue reading

Smishing Isn’t as Funny as It Sounds

Smishing Isn’t as Funny as It Sounds

As serious as they are, cyberattacks aren’t always given the most serious-sounding names. We are, of course, referring to “phishing”: the manipulation of the user, rather than of a computer system, to gain access to data. Phishing can come in many forms, with some—like phishing someone via SMS message—doubling down on the silliness of the name. Let’s examine this variety, and why “smishing” is not something to trifle with.

0 Comments
Continue reading

Bad Situations Can Come Down On Your Business Through Phishing

Bad Situations Can Come Down On Your Business Through Phishing

For the past several years, ransomware has been a major thorn in the sides of businesses. Hackers that were once known for “hacking” into networks, changed tactics when encryption just got too strong. Today, these “hackers” use confidence tactics to gain access to accounts. Once they’re in, their strongest tool is ransomware. Let’s look at what makes ransomware so dangerous and how your company can combat the constant attacks that come your way. 

0 Comments
Continue reading

How Has COVID-19 Impacted Cybersecurity Needs?

How Has COVID-19 Impacted Cybersecurity Needs?

Data security is always a challenge that businesses must rise to meet, but the COVID-19 pandemic has complicated things significantly by creating situations that make ensuring this security even more difficult. Let’s go over the impacts that many organizations—especially those in the healthcare industry—have had to deal with due, in part, to the coronavirus.

0 Comments
Continue reading

We’re Seeing an Increase in COVID-19-Related Cyberattacks

We’re Seeing an Increase in COVID-19-Related Cyberattacks

Since the beginning of the COVID-19 situation in March, creating a vaccine has been a major priority. True to form, hackers have begun targeting the very organizations responsible for the vaccine trials. There’s a lesson to be learned, today we’ll discuss it.

0 Comments
Continue reading

How to Avoid the Influence of a Phishing Scam

How to Avoid the Influence of a Phishing Scam

Phishing emails are a real problem for today’s businesses, which makes it critically important that you and your team can identify them as they come in. Let’s touch on a few reliable indicators that a message isn’t a legitimate one.

0 Comments
Continue reading

Social Engineering and Your Business

Social Engineering and Your Business

As prevalent as cybersecurity threats unfortunately are today, many users tend to overlook major threats that they just aren’t focused on nearly as much: social engineering attacks. Social engineering attacks are just another means for a cybercriminal to reach their desired ends, and therefore needed to be protected against.

0 Comments
Continue reading

Tip of the Week: Warning Signs of a Phishing Attack

Tip of the Week: Warning Signs of a Phishing Attack

The modern cyberattack is more of a slight of hand than it is a direct attack. With encryption protecting a lot of business data, hackers need to find ways to circumvent that technology. They often do this though phishing. This week, we will take a look at some of the warning signs of phishing to help give you a little better awareness. 

0 Comments
Continue reading

Don’t Be Snagged by This Google Calendar Phishing Scam

Don’t Be Snagged by This Google Calendar Phishing Scam

Gmail and the applications associated with it seem to have some level of inherent trust among users. We just don’t anticipate threats to come in via something from Google. However, it does happen, as a recent spat of phishing has shown using Gmail and Google Calendar. What’s worse, this particular scam has been around for some time.

0 Comments
Continue reading

For Cybersecurity Awareness Month, Keep Looming Threats in Mind

For Cybersecurity Awareness Month, Keep Looming Threats in Mind

Any business in operation today needs to keep modern realities concerning cybersecurity at top-of-mind if they are going to successfully maintain the business going forward. One major issue to be cognizant of is the increasing prevalence of phishing attacks.


Did you know that, in 2018, phishing attacks had increased by 269 percent as compared to 2017? Furthermore, phishing was involved in 32 percent of all reported data breaches that year. Businesses located in the United States also seem to have the most to be worried about, as almost 86 percent of phishing attacks were leveraged against American targets.

It’s No Wonder that Phishing is Being Addressed During NCSAM

NCSAM, or National Cybersecurity Awareness Month, is meant to encourage awareness of cybersecurity practices and behaviors in an attempt to promote them. This year’s lessons cover many basic cybersecurity practices - including how to identify and avoid phishing attempts, reinforcing the 2019 theme of “Own IT. Secure IT. Protect IT.”

Of course, we can also help you out by giving you some actionable best practices now.

  • Be wary of unsolicited or unexpected messages - One of the biggest clues that something is a phishing message is that it will likely appear out of the blue. If you suddenly get an email “from Amazon” that says suspicious purchases have been made on your account and you need to re-verify your payment credentials, think about it for a second - have you received any other emails from Amazon in regard to these purchases, as in delivery schedules or order confirmations? The same concept applies to emails that come from any sender. Before you interact with one of these emails, try reaching out to the supposed sender through some other means to confirm.

  • Avoid unanticipated links or attachments - Cybercriminals have become irritatingly clever in how they deliver their attacks and malware - not only delivering a convincing argument via phishing, but hiding executable malware inside documents that activate when the attachments are opened or delivered via a bad URL. Unless you were anticipating a link or attachment in an email, you should always be hesitant to click on them - at least until you’ve confirmed their legitimacy through another form of communication.

  • Check the details - Make sure that the email is actually coming from where it should. Cybercriminals will sometimes create fraudulent emails that, at a quick glance, look similar enough to the real McCoy that a user may not spot the difference. Is the address from “contact@gmail-dot-com,” or from “contact@grnail-dot-com”? Look at the second option closely. G-R-N-A-I-L probably isn’t the mail service your contact uses, suggesting that this email is fake.

While this month may be dedicated to improved cybersecurity awareness, it isn’t as though you don’t have to consider it for the rest of the year. The Connection, Inc is here to assist you in keeping your business and its data secure. Give us a call at (732) 291-5938 to learn more about the solutions we have to offer.

0 Comments
Continue reading

Should You Be Holding Your Staff Accountable for Failed Phishing Tests?

Should You Be Holding Your Staff Accountable for Failed Phishing Tests?

It can be a real head-scratcher when one of your otherwise well-performing employees routinely falls for the simulated phishing attacks that you roll out as a part of your cybersecurity awareness strategy. For all intents and purposes, the person is a great employee, but when it comes to acting with caution, they fail. If you’ve made a point to prioritize your staff’s working knowledge of phishing attacks, do you replace this employee? We’ll take a look at it today.

0 Comments
Continue reading

How to Properly Train Your Staff to Avoid Phishing Attacks

How to Properly Train Your Staff to Avoid Phishing Attacks

In the late 1970s and early 1980s, Bell telephone companies were making a mint off of offering the ability to call your friends and family that lived outside your predefined region, charging up to $2 per minute (during peak hours) for long distance calls. The problem for many people was that these regions kept shrinking. Some people decided to combat this costly system by reverse engineering the system of tones used to route long-distance calls, thus routing their own calls without the massive per-minute charges demanded by long-distance providers. These people were called Phreakers, and they were, in effect, the first hackers.

0 Comments
Continue reading

With Phishing Attacks Beating 2FA, You Need to Be Able to Spot Them

With Phishing Attacks Beating 2FA, You Need to Be Able to Spot Them

Unfortunately, one of the most effective defenses against phishing attacks has suddenly become a lot less dependable. This means that you and your users must be ready to catch these attempts instead. Here, we’ll review a few new attacks that can be included in a phishing attempt, and how you and your users can better identify them for yourselves.


How Has Two-Factor Authentication (2FA) Been Defeated?

There are a few different methods that have been leveraged to bypass the security benefits that 2FA is supposed to provide.

On a very basic level, some phishing attacks have been successful in convincing the user to hand over their credentials and the 2FA code that is generated when a login attempt is made. According to Amnesty International, one group of hackers has been sending out phishing emails that link the recipient to a convincing, yet fake, page to reset their Google password. In some cases, fake emails like this can look very convincing, which makes this scheme that much more effective.

As Amnesty International investigated these attacks, they discovered that the attacks were also leveraging automation to automatically launch Chrome and submit whatever the user entered on their end. This means that the 30-second time limit on 2FA credentials was of no concern.

In November 2018, an application on a third-party app store disguised as an Android battery utility tool was discovered to actually be a means of stealing funds from a user’s PayPal account. To do so, this application would alter the device’s Accessibility settings to enable the accessibility overlay feature. Once this was in place, the user’s clicks could be mimicked, allowing an attacker to send funds to their own PayPal account.

Another means of attack was actually shared publicly by Piotr Duszyński, a Polish security researcher. His method, named Modlishka, creates a reverse proxy that intercepts and records credentials as the user attempts to input them into the impersonated website. Modlishka then sends the credentials to the real website, concealing its theft of the user’s credentials. Worse, if the person leveraging Modlishka is present, they can steal 2FA credentials and quickly leverage them for themselves.

How to Protect Yourself Against 2FA Phishing

First and foremost, while it isn’t an impenetrable method, you don’t want to pass up on 2FA completely, although some methods of 2FA are becoming much more preferable than others. At the moment, the safest form of 2FA is to utilize hardware tokens with U2F protocol.

Even more importantly, you need your entire team to be able to identify the signs of a phishing attempt. While attacks like these can make it more challenging, a little bit of diligence can assist greatly in preventing them.

When all is said and done, 2FA fishing is just like regular phishing… there’s just the extra step of replicating the need for a second authentication factor. Therefore, a few general best practices for avoiding any misleading and malicious website should do.

First of  all, you need to double-check and make sure you’re actually on the website you wanted to visit. For instance, if you’re trying to access your Google account, the login url won’t be www - logintogoogle - dot com. Website spoofing is a very real way that (as evidenced above) attackers will try to fool users into handing over credentials.

There are many other signs that a website, or an email, may be an attempt to phish you. Google has actually put together a very educational online activity on one of the many websites owned by Alphabet, Inc. Put your phishing identification skills to the test by visiting https://phishingquiz.withgoogle.com/, and encourage the rest of your staff to do the same!

For more best practices, security alerts, and tips, make sure you subscribe to our blog, and if you have any other questions, feel free to reach out to our team by calling (732) 291-5938.

0 Comments
Continue reading

Fishing for Answers to Keep Phishing Attacks from Sinking Your Business

Fishing for Answers to Keep Phishing Attacks from Sinking Your Business

Phishing attacks have been in the social consciousness now for a while, and for good reason: it is the predominant way that hackers gain access to secured networks and data. Unfortunately, awareness to an issue doesn’t always result in positive outcomes. In this case, hackers get more aggressive, and by blanketing everyone under a seemingly limitless phishing net, 57 billion phishing emails go out every year. If a fraction of those emails accomplish their intended goal, the hackers on the other end of them really make out.

0 Comments
Continue reading

Learn to Use Email Safely

Learn to Use Email Safely

Email is a core component to many businesses. With 124.5 billion business emails being sent and received each day, that doesn’t seem to be in danger of ending. Are the emails that are coming and going from your business secure? That may be another story, altogether. In order to keep your email security at a premium, we have outlined the following tips:


Using Filters
Filters make a lot of things easier to manage and easier to interact with, but since your employees have to stay on top of their company email, having some pretty easy-to-use solutions is important. Spam-blocking can go a long way toward reducing the amount of unimportant emails each employee sees, and a dedicated antivirus software can keep malware and other nefarious entities off of your network.

Be Smarter with Your Email
No spam filter or antivirus will do it all. In order to achieve the best results with securing your email, users have to be well-versed in the best practices of email management. The most important qualification any person can make when trying to secure their personal email from hackers is to ensure that they have the knowledge of what a phishing email might look like; and to make sure that the business’ network security is up to snuff.

Here are few tips to keep your email secure.

  • Know what a legitimate email looks like. For every email sent from a vendor or partner, there are two sent that are there to trick end-users.
  • If you aren’t going to take the time to encrypt your email, don’t put any potentially sensitive information within the email. This goes for heath, financial, or personal information.
  • The less people who have your email address, the more secure your email is going to be. Teach your employees to not give out their email addresses if they can help it.
  • The email solution needs to be secured behind solid passwords, and/or biometrics. Two-factor authentication can also be a good solution to secure an email against intrusion.

End Your Session
There are circumstances that people can’t control, so if you absolutely have to use a publicly-accessible device to access your email, you have to make certain that you log out of the email client and device you access your email on. After you log out, you’ll want to clear the cache. Many browsers and operating systems today want to save your password for user convenience. Better to use a password manager than allow the most public points of your workstation to save your credentials.

The Connection, Inc can help you set up an email security policy that will work to ensure that your employees are trained, and you have the solutions you need to keep any sensitive emails away from prying eyes. Call us today at (732) 291-5938 to learn more.

0 Comments
Continue reading

Protect Your Business From Phishing Attacks

Protect Your Business From Phishing Attacks

Spam is a major hindrance when running a business that relies on email, but it’s easy to protect your employee’s time from the average spam messages with the right technological support. Unfortunately, hackers have adapted to this change and made it more difficult to identify scam emails. More specifically, they have turned to customizing their spam messages to hit specific individuals within organizations.

0 Comments
Continue reading

SMiShing: A New Mobile Computing Scam

SMiShing: A New Mobile Computing Scam

Chances are, you’ve heard of phishing before--emails that promise some benefit or prize if you only click on the included link, that actually only results in trouble for you and your data. Unfortunately, as technology has embraced mobility, so have phishing attempts. This is why you must also be aware of SMiShing scams.

0 Comments
Continue reading

Tip of the Week: How to Foil A Phishing Attack By ID’ing a Bad URL

Tip of the Week: How to Foil A Phishing Attack By ID’ing a Bad URL

Phishing attacks have been around for decades, first being recorded in 1995 where scammers would pose as AOL employees and request a user’s billing information through instant messages. Nowadays, email phishing attempts have tricked users into handing over personal information of all kinds. There are many methods of identifying a phishing attempt, but today we’ll focus on one.

0 Comments
Continue reading

Warning: Google Docs Hit With Phishing Attack

Warning: Google Docs Hit With Phishing Attack

On Wednesday, several users found themselves the victim of a convincing phishing attack. The attack was designed to look like an invitation to view and edit a Google Doc, and is designed to steal your Google credentials and spread through your contacts.


Not only does the email look convincing, it’s also often coming from a contact you already know. Even worse, the link takes you to a Google.com URL with a legitimate-looking login screen. However, once you log in with your Google credentials, whoever is behind the attack will have full access to your account.

Once it has them, it sends the same email to your contact list in an attempt to propagate itself. This attack is well-crafted, to the point where the easiest way to catch it before getting snared is to click the small link on the page that Google hosts to check the developer’s information. Since the attack utilizes legitimate Google account functions, however, who would think to check?

Whenever you get an unsolicited email with links or attachments, it’s critical to think before you click!

Fortunately, Google was able to apparently put the kibosh on this attack within an hour of taking action, but there’s still no indication of who was responsible for this attack or if/when they will strike again. Therefore, it is important to understand how to avoid falling victim to emails like this in general.

First, if there’s ever any doubt of an email’s validity, check out some of the indicators that tend to go overlooked. This attack in particular had some oddities--for example, the email was addressed to “.” Secondly, if an email is unexpected, it never hurts to confirm its validity with the sender through an alternate method of communication.

To protect your business, you need to be sure that your staff understands that threats like this could be a major problem. In the meantime, be sure to keep your eyes out for more email-based phishing scams and other threats. If you do come across questionable messages, don’t hesitate to report it immediately, so that everyone on your team becomes cognizant of the threat.

For more information about phishing scams, social engineering tactics, and other attempts to infiltrate your network, contact the IT professionals at The Connection, Inc at (732) 291-5938 today.

0 Comments
Continue reading

How a Single Hacker Stole $100 Million From Two Major Tech Companies

How a Single Hacker Stole $100 Million From Two Major Tech Companies

An unfortunate fact about the modern business world is that any organization that utilizes technology is playing with fire. Cyber attacks can circumvent even the most well-protected networks through the company’s users. This is, unfortunately, something that business owners often don’t learn until they’re on the receiving end of an attack; just like the two companies that fell victim to phishing attempts that were supposedly operated by Evaldas Rimasauskas, a Lithuanian hacker who has been accused of stealing $100 million from them.

0 Comments
Continue reading

Mobile? Grab this Article

QR Code

Customer Login

News & Updates

  The Connection, Inc is proud to announce the launch of our new website at http://www.tconnection.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our servic...

Contact us

Learn more about what The Connection, Inc can do for your business.

The Connection, Inc
51 Village CT
Hazlet, New Jersey 07730