All posts by Betty Nelson

Defending Yourself Against Covid Related Scams

We’ve shared information more than once in the past about how to avoid phishing and other risks – malware, ransomware, etc.

The “Bad Guys” couldn’t be happier about Covid, I assure you. The pandemic and constant news about it has made most of us stressed and anxious, and more vulnerable to attack.  Consider yourself lucky if you haven’t had one of the Covid related scams show up in your Inbox.

Google has reported more than 18 million daily malware and phishing emails related to COVID-19 scams just in the past week. That’s on top of the more than 240 million daily spam messages it sees related to the novel coronavirus, the company says.

The phishing attacks and scams “use both fear and financial incentives to create urgency to try to prompt users to respond,” Google says. In other words, same email scam, different subject line.

These scams include impersonating government organizations like the World Health Organization to try to solicit donations or trick users into downloading malware; pretending to have information about government stimulus payments; and phishing attempts aimed at workers who are working remotely.

Examples include emails purportedly sent from a governmental agency:

A screenshot of a social media post Description automatically generated

Workplace Policy Emails

Some scams would like you to believe your employer is asking you to review your company’s new “safety measures.”  If you click on this link, your computer/network could be infected with a virus or malware.

A screenshot of a cell phone Description automatically generated

Some go as far asking you to read and acknowledge your company’s new policy:

A screenshot of a cell phone Description automatically generated

Because many of us are working remotely for the first time, it isn’t as easy to stop by your human resources department to confirm if this is a legitimate communication.

Reminders for Recognizing Phishing Emails

  • Like other types of phishing emails, Covid themed email messages usually try to lure you into clicking on a link or providing personal information that can be used to commit fraud or identity theft.
  • Beware of online requests for personal information. A coronavirus-themed email that seeks personal information like your Social Security number or login information is a phishing scam. Legitimate government agencies won’t ask for that information. Never respond to the email with your personal data. The IRS is not going to email you asking for your bank account for your stimulus check.
  • Reminder – you can inspect a link by hovering your mouse button over the it to see where it leads (don’t click!). If it seems sketchy, delete the email.
  • Watch for spelling and grammatical mistakes. If an email includes spelling, punctuation, and grammar errors, it’s likely a sign you’ve received a phishing email. Delete it.
  • Look for generic greetings. Phishing emails are unlikely to use your name. Greetings like “Dear sir or madam” signal an email is not legitimate.
  • Avoid emails that insist you act now. Phishing emails often try to create a sense of urgency or demand immediate action. The goal is to get you to click on a link and provide personal information — right now. Instead, delete the message.

FBI Warnings

 People are also urged to be on alert for attackers selling products that aim to prevent or treat COVID-19, as well as counterfeit sanitizing products and personal protective equipment.

The FBI has also reported there are numerous fraudulent apps available that offer to keep you informed, while infecting your computer or mobile device instead.

Bottom line take the time to scrutinize emails now more than ever. If something seems out of context, take the time to call the sender to confirm the communication is legitimate. Never share personal email via email, especially now.

Terrapin is here for you…

Your Terrapin techs are working and are available to help you confirm whether communications are legitimate. It is always better to be safe than sorry. Be safe!

Staying Connected While Working Remotely

During the past few weeks Terrapin has worked with our clients to successfully change their place of business from their offices to their homes in response to CV-19.  Now that most of us are settled in our new work space, we wanted to share some of the most popular tools we have found to help you stay connected.

Video Conferencing




  • Zoom.  Free account allows a 40 min conference with up to 100 people at one time. Paid accounts get unlimited time and more participants, and a phone number for dial-in.
  • Skype Business (included with Office 365 Business Premium subscriptions).

Internal Communication/Chat




  • Microsoft Teams. (Comes standard with any Microsoft Office 365 account). Allows instant messaging, file sharing, video conferencing and screen sharing within the team/group.
  • Slack. Allows instant messaging and file sharing within an internal group. (No screen sharing/collaboration or video conferencing.)

Cloud Phone/Voice Conference Calls



  • Mitel/Shoretel Cloud. Phones  work  anywhere there is an internet connection, even from home. Conference bridge line built-in and available as part of the service.
  • Ring Central. Conference bridge available as part of the service.

File Sharing/Collaboration



  • 

ShareFile. Share files/folders with external recipients (HIPPA compliant). Send large files securely.
  • HighTail. Send large files securely and allow collaboration on videos, such as video depositions, with annotations.

External Access to Documents

  • If you use a DMS, most offer a web portal to access your files, such as iManage, Worldox and NetDocuments. Contact us to find out what is required to set this up.
  • OneDrive and/or SharePoint are included with most Office 365 suites.

Reach out to your primary Terrapin Tech if you have questions or need assistance implementing any of these tools for your team.

 

1.5 Billion Gmail Calendar Users Are the Target of a Crafty New Phishing Scam

Users of Google’s Calendar app are being warned about a scam that takes advantage of the popularity of the free service and its ability to schedule meetings easily.

In business, we schedule meetings all the time. One-off calls, recurring weekly updates, and the like. The latest warning from researchers at Kaspersky indicates the bad guys are using unsolicited Google Calendar notifications to trick user into clicking phishing links.

Here’s how it works:

Scammers send a Google user a calendar invite complete with meeting topic and location information. Inside the details of the appointment lies a malicious link that looks like it’s pointing you back to meet.google.com for more details.

Once clicked, it’s back to the usual tactics of trying to infect the user’s endpoint with malware and so on.

This kind of attack has a massive attack surface, given the number of users utilizing Google’s Calendar service. It also has that contextual appeal by being hidden within a meeting invite and uses a seemingly valid URL for more information.

Users have long been warned about their interaction with email and the web. Now it’s important to add Calendar invites to the list.

Think carefully before you click “Add to Calendar.”  Reach out to your Terrapin tech if you have any concerns about a Google calendar invite you’ve received.

How Metadata and Redactions Can Cause Law Firms Big Headaches

A typical law firm generates an enormous number of legal documents. The history revealed by those documents—both in the form of user history and uncovered redacted statements—can sometimes lead to a whole lot of unintended drama when mistakes are made. Is your firm doing all it can to ensure you’re minimizing the potential for problems?

Let’s look at the properties of a Word document—its metadata:

Clean Up Your Metadata

This type of information is useful not only in civil disputes regarding estates, plagiarism or stolen trade secrets, but also in criminal cases involving financial crimes such as fraud, or even more serious crimes in which a typed confession or suicide note is involved.

Perhaps the most high-profile case to have involved Microsoft Word was that of the BTK (Bind, Torture, Kill) Killer Dennis Rader, whose identity was unveiled after he tauntingly sent a floppy disk to police. The floppy disk contained metadata from a deleted Word document and analysis of the metadata revealed the location of the computer where it was created and the name of the user who last edited it: “Dennis.”

I’ve seen firsthand the impact of metadata mistakes at law firms. An attorney will send a draft agreement to a client, and receives a call saying, “Why is the name ‘Ralph Smith’ all over this agreement? No one named Ralph Smith is involved in this deal.” Next, I get an angry call from the attorney and have to explain about hidden text and/or metadata. Another situation that comes up is when attorneys use a prior document as boilerplate. They are careful to make sure there’s no hidden text, but they still get an angry client call. Why? Because the client went into the properties of the file (see image above) and saw that the author was another attorney in the firm. Not only that, the document was created in 2012, and the last edits took 10 minutes, but the client was billed 1.0 for the work. Not good.

Invest in Redacting Tools

Redactions are another critical concern for attorneys. A major news story hit recently involving redactions in a case involving former Trump chairman Paul Manafort, because the creators of a key document thought they had properly redacted the information they wanted to hide but hadn’t. If you’ve been involved in litigation, you know that redacting documents is something that is done to remove attorney/client privilege or other information that shouldn’t be shared.

Redaction of the document in the Manafort case appears to have been attempted in Word or PDF by drawing a black box over the text or highlighting it in black. When the document was converted to PDF and distributed, the text layer was still there. Readers quickly discovered they could highlight the ‘redacted’ text under the black boxes, copy and paste it, and thereby reveal the contents.

There are numerous tools for redactions, but only a handful that properly do the job.

At Terrapin, we recommend DocsCorp, which offers both a metadata removal tool and a redaction tool:

  1. cleanDocs removes metadata from documents
  2. pdfDocs has reliable redaction tools

We also work with Litera, which offers Metadact as their metadata removal tool.

Please reach out to your primary Terrapin tech if you have any questions about how to manage metadata and redactions at your firm.

Staying Safe on Cyber Monday

It’s Cyber Monday! A time for great deals online, but also a time to be particularly alert for scams. Terrapin wants to remind you that fraudulent websites are actively trying to obtain your personal/financial information.

The ‘Bad Guys’ are more skilled than ever at creating websites that look legitimate. If you plan on doing any online shopping today, you may miss the warning signs.

Tips to remember:

  • Avoid any online shopping on your company’s computer. Use your personal computer or cell phone to avoid accidentally downloading and installing viruses and malware on your work computer.
  • Be wary of prices that are extremely low. Do your research first and know the price range of the item(s) you want to purchase.
  • Make sure the website starts with https – the ‘s’ stands for secure. This is especially important if you are entering credit card or PayPal information.
  • Avoid making purchases on websites you have never visited before.
  • Be careful on social media: While your Facebook page is likely covered in ads, you need to be cautious about clicking on them. Social media ads often include links that take you to sites off social media, which opens up the potential for malware and viruses to be downloaded onto your computer.
  • Read the fine print, including the features of the product and the company’s return policy.
  • Hover over links to see which websites they lead to once you click. Doing that can keep you safe from malware.
  • Avoid clicking on website ads and links in text messages and emails. If the deal sounds too good to be true, it probably is.

Don’t hesitate to reach out to Terrapin if you believe you have clicked on a malicious link or if you encounter pop-ups that warn you of viruses (never click on these, even to close them). Let’s make this a safe and happy holiday season!

Terrapin’s New Method to Identify Email Spoofing

You’ve probably noticed a significant increase in fraudulent emails pretending to be from someone at your firm. These messages are spoofed, often originating from outside the network, but that’s not always obvious at first glance. These message sometimes often give clients enough pause to inquire about them before deleting them outright.

To make it easier for clients to identify these types of messages, Terrapin can prepend a warning to all incoming messages originating from outside the organization. If a message from your associate down the hall arrives in your inbox with this warning attached, then you’ll know immediately that it’s fraudulent and should be deleted.


Please contact your primary tech at Terrapin if you are interested in adding this warning to your incoming email messages.

 

 

Choosing The Right Office 365 Plan for Your Team

 

Microsoft knew what they were doing when they introduced Office 365. It has been a game changer that has taken businesses of all sizes into the cloud – without a significant amount of pain.

Office 365 is a subscription service providing access to features and services including Microsoft Office applications both online and on multiple devices. One of the recent changes Microsoft introduced is the ability for 365 users to have their software installed on up to five devices.

The type of subscription is what determines which applications and services are available to you. No matter which subscription you choose, it’s great knowing you have the right to download the latest version of Office.

Six Office 365 Plans Available

There are six Office 365 plans divided into two areas: business and enterprise. The business plans cap out at 300 users; the enterprise plans are unlimited. The Office 365 Business Premium plan includes:

  • Full installed Office 2016 applications (Word, Excel, Outlook, PowerPoint, OneNote, SharePoint, Publisher & Access), which can be installed on up to five computers (PCs or Macs)
  • Access to Office Mobile (Word, Excel and PowerPoint) on up to five tables and five phones
  • Access to Office Online (Word, Outlook, OneNote, Excel and PowerPoint)
  • Skype for Business
  • 1 TB of storage on OneDrive for Business
  • Document management functions like archiving, rights management, data loss prevention and document-level encryption
  • Numerous business apps, including Bookings, Invoices and MileIQ

(For a complete rundown of all of the business plan options, visit Microsoft’s overview page.)

Commitment to Security, Privacy & Compliance

With the new lineup of options, Microsoft shows that it is committed to delivering multiple levels of security to safeguard data. These include multilayered physical data center security, encryption, auditing controls, and configurable privacy access controls for users and organizations. These security features are important because you can often be working in an area where various networks come into play.

Collaborating Across Devices

I recently had a chance to perform some real scenario testing with Office 365 across devices and platforms (using a selection of Microsoft, Apple and Android products). Although there are slight differences in how the program appears (ribbons, etc.), the functionality is there. And it goes without saying, the convenience is unparalleled.

I started with a Word document that contained complex formatting. You can see the results below:

For more information about Office 365 and help determining which plan is right for your firm, be sure to reach out to your Terrapin team member.

End of Life: When Microsoft Products Become Obsolete

“End of life” is a daunting term, right? It’s so final, but it’s important to bring up in terms of technology – particularly Microsoft products and specifically Windows 7 and Office 2010.

I’ve worked with Microsoft products for many years. This is going to age me, but I think I started on Windows NT (yikes!). As we’ve cycled through the versions of Windows operating systems, there are things we love, things we didn’t think we could live without, and certainly from time to time, changes that make us wish for a previous version.

You may have also noticed, some versions are very popular and stable, others – not so much.

That brings me to Windows 7. Windows 7 Professional has been a very popular version of Microsoft’s operating system, so much so that not many of us ventured into Windows 8 territory, and some of us are even dragging our feet on moving from Windows 7 to Windows 10. After all, Windows 10 has a completely different look and feel, with tiles that float around, offerings to read the news and options to play Xbox. At times it seems like it was designed for those not working in an office setting.

So why did I call this blog entry “End of Life”? Because it’s coming – not only for Windows 7, but also for a very popular version of Microsoft Office – Office 2010. What does ‘end of life’ mean exactly? It means that you will no longer receive security and program updates, leaving your computer and network vulnerable. It means that if something goes really wrong, you will not have support options available through Microsoft. That’s why it’s important to migrate to a current product soon.

It’s not tomorrow – don’t panic – but it’s going to come sooner than you think. It’s time to start thinking about upgrading your operating systems and version of Office, if you are still using Windows 7 and Office 2010.

Because there are numerous versions of each (you know – Windows 7, Service Pack 1, etc.) the dates vary slightly – but here are the general guidelines:

Product                                                Mainstream Support                            Extended Support

Windows 7 Professional                     Ended 01/13/15                                     Ends 01/15/20

Office 2010 Professional                    Ended 10/13/15                                     Ends 10/13/20

Terrapin recommends that you start planning now for your migration to a new operating system and version of Office. Now, more than ever, there are new considerations. For example, will most firms continue upgrading their on premises Exchange server or migrate to Office 365 and Exchange Online?

Reach out to your Terrapin Technology representative and let’s start planning! If you have questions, we have answers.

 

Scam Alert: Using Passwords and a Threat to Your Privacy

Terrapin Technology has learned of a new scam that has shown up in client mailboxes.

How the Scam Works

The scam involves sending you an email with your current or past password (or something very close to it), and alleging they have seen you watching porn on your web browser and threatening to reveal that fact if you don’t pay. This is a scam. The password referenced may be similar to one you’ve used or are currently using. Please do not fall for this scam, but instead change your password(s) immediately. I am providing links to a few news stories on this topic, some of which include the actual text of the “sextortion” email:

https://nakedsecurity.sophos.com/2018/07/13/sextortion-scam-knows-your-password-but-dont-fall-for-it/

https://blog.knowbe4.com/scam-of-the-day-sextortion-old-passwords-and-you

https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/

What Else Can You Do?

Please forward this newsletter to members of your organization. Take extra care in changing your passwords regularly, especially after a breach happens at a website you frequent (i.e., LinkedIn, Yahoo mail, etc.). If you need assistance assessing the validity of an email or link contained in an email, please reach out to our team at Terrapin Technology.

Times are Changing: Software Purchase vs. Subscription

Just 10 or 15 years ago, if you said the word “subscription,” the first thing that would come to mind would be a subscription to a magazine or newspaper. Today, that’s not necessarily the case, particularly when you’re talking software.

When I first joined an IT team after being in the legal secretarial ranks for 21 years, software was bundled with hardware; it simply came with the computer. Later, we purchased software such as WordPerfect, Adobe Pro and Microsoft Office separately. They came in pretty boxes with CDs or DVDs and a license code.

The Evolution of Software Purchasing

Shortly thereafter, specialized software was introduced, software that really helped us get our jobs done – products like template packages, document management software and document comparison software. We would purchase the software license and then pay a small fee to the company each year for “maintenance.” That meant we could call their tech support team when something didn’t work properly and get minor updates and bug fixes.

Those days seem a distant memory.

About five years ago, SaaS (software as a service) was a buzz word you’d hear frequently when talking about software. We don’t hear that term as much anymore, but the trend has been for some time to purchase software as a subscription. You don’t own the software, but instead subscribe to the software on an annual basis. Each year’s subscription includes maintenance/support and at the end of the year, you do not have a substantial investment, nor do you have an obligation to keep using that software if it no longer meets your needs.

Another change . . . we used to license software to the computer. It didn’t matter if you had cycled through 10 users, the software was happy as long as it was installed on the computer it was first installed on. If your computer died unexpectedly, well, that was a bit of a quandary. Software needed to be uninstalled before it was reinstalled, again to satisfy the license requirements. Now, software is licensed to a user and follows the user.

Today, you can still purchase software, but you will frequently see the term “perpetual” licensing – that is, buying the software and paying for maintenance, which allows you some upgrades, bug fixes, tech support and other services.

However, if you want to always have access to the latest version of the software, a subscription model may be best for you.

Office 365

Office 365 has been a game changer on the subscription front. Rather than buying MS Office with your new computer, you now buy an Office 365 subscription. Office 365 has also helped us move away from the need for Exchange servers, because Exchange is hosted “in the cloud.”

There are other advantages. When we used to purchase MS Office, we were stuck with that version of the program. Now, Office 365 entitles you to download and use the latest version of the program. Not only that, but you are allowed to install Office 365 on up to five computers used by the same user. You also have the convenience of logging into Office 365 on the web, so you can get to your email anywhere, at any time.

End Result: Flexibility

It isn’t always clear-cut whether it’s better to go with a purchase and license arrangement or a subscription. Terrapin Technology’s team is happy to help you assess the options and find a solution that works best for your business model.