<img height="1" width="1" style="display:none;" alt="LinkedIn" src="https://dc.ads.linkedin.com/collect/?pid=239833&amp;fmt=gif">
 

Recent Posts

Cyber Security While Shopping Online

Posted by Mark Nash on Oct 13, 2020 4:00:00 PM

Even since the early days of the internet people have seen the potential of being able to make purchases for just about anything from the comfort of their own homes. Online shopping means that you do not have to deal with traffic, crowds, or even having to transport your purchases. However, despite the benefits of online shopping, it carries its fair share of risks. Just as with any virtual service, online shopping is often targeted by hackers who want to steal personal data and money. Although these risks exist that does not mean that you should never do any shopping online, as long as you keep safety in mind and follow good practices then the risks can be greatly mitigated. There are three primary methods that hackers use in order to steal data from online shopping transactions. 

1. Phishing

The first of these is by phishing, which is the use of fraudulent websites or emails posing as legitimate ones. Common forms of this are when a cyber-criminal makes a fraudulent website that looks just like the legitimate version of an ecommerce website, and attempts to trick the user into making a purchase through this fraudulent site thereby inadvertently giving the cyber-criminal the users data when they attempt to complete the transaction. Additionally, when a cyber-criminal creates a fraudulent email designed to look like it is coming from a legitimate source, often asking the user to follow a link to a fraudulent website to “confirm some information about a purchase the user made,” although in reality this is just an attempt to get the user to give up their information to the cyber-criminal. The best way to prevent falling victim to this sort of scam is to stay cautious and pay close attention. When performing online shopping only use reputable vendors, and always check the address bar of the site that you are shopping on to make sure that it is what it should be. Additionally, always check the sender address of any emails you receive to ensure that they are actually coming from who they say they are, and if the email asks you to follow a link hover over the link and wait for the text box to appear showing you where the link actually leads to so you can determine if you should actually click on it. 

Read More

Topics: IT services, Internet Safety, NCSAM, Ransomware, Malware

TikTok Ban, Chex Quest Revamp and Unilever Experiments

Posted by Griffin Ball on Aug 7, 2020 11:00:00 AM

The Lighthouse IT Podcast - August 7th, 2020

Matt and Griffin discuss the possible TikTok ban, what we currently know about it, and what it could mean for marketers. They touch on the huge rise in mobile game downloads that came from COVID, and they also go over some of the interesting experimental marketing efforts many companies, like Unilever, are pushing to get ahead.

Listen here!

Security & Marketing News

What a TikTok Ban Would Mean for Marketers 

TikTok has gained a reputation for being the least secure social media platform. That being said, it’s also one of the most popular as of right now. TikTok is used to share short video clips that are usually related to a music dance challenge or even just eating a spoonful of cinnamon. This app is owned and originated from overseas, China, in 2017. Now that it has become widely used in the US, the security risks are becoming a concern. Since it is owned by the Chinese company ByteDance, they can request the data collected by TikTok at any time and even the US branch of TikTok must comply. The concern comes in when comparing the security regulations of both nations.  

President Trump is taking action to ban the platform. With that in mind, Microsoft’s interest in the platform could change the outcome of his decision. Trump had agreed that if the company’s ownership is transferred to America, it could potentially be safe to stay.

READ MORE

Read More

Topics: Internet Safety, Cybersecurity, Malware, COVID19, Podcast

Twitter stops Tweets & Hulu offers Sweets

Posted by Griffin Ball on Jul 24, 2020 11:00:00 AM

The Lighthouse IT Podcast - July 24th, 2020

Matt and Griffin discuss Twitter limiting tweets due to some serious scamming, some popular VPNs had their non-existent logs magically released, Snapchat testing out brand profiles, and Hulu targeting the small business market to allow them to advertise on their platform.

Listen here!

Security News

Twitter Limits Tweeting

Last week, Twitter severely limited access to its service while it investigated issues whereas crypto-coin scams were being spammed from verified accounts, in a move that had the microblogging service in confusion. The scams promised to return your money two-fold if you sent it via bitcoin to the verified accounts, including Bill Gates, Apple, Elon Musk, Barack Obama, and more. 

We're still awaiting an official post report, but early responses have indicated that Twitter employees were the target of a massive social engineering attack to gain access to the accounts. 

READ MORE

Read More

Topics: Internet Safety, SEO, Ransomware, Cybersecurity, Malware, Podcast

Flaws in Apple sign-in, Upgrading to Android 10, and Core Web Vitals

Posted by Griffin Ball on Jun 5, 2020 10:59:49 AM

The Lighthouse IT Podcast - June 5th, 2020

Matt and Griffin are back as they discuss how Sign-in with Apple was much easier than we all thought, why it may be a good reason to upgrade to the dreaded Android 10,  and what updates Google has been making to the world of SEO.

Listen here!

Security News  

Apple Security News 

We’ve all used the log-in service on a website or app by supplying our Facebook or Google credentials. Just like these providers, the sign-in with Apple allows site visitors to use their Apple ID credentials to sign-in to other websites. 

A security research from Delhi, India has discovered an account takeover flaw in Apple's Sign-in with Apple system. These systems work by allowing you to login to a popular service and receiving a "token" that authorizes you access to the websites that use the login service. 

The security researcher discovered if he could identify a valid email address of an Apple ID (which was openly contained in an initial login request), he could pass the email address to a publicly accessible web service and retrieve a valid token. No password was required to do this. 

Luckily, because of the bug report being completed properly, Apple was able to very quickly patch the open flaw and states that its investigations did not show any misuse or compromise. Which is good news for services such as Adobe, Airbnb, Dropbox, eBay, Grindr, Medium, Strava, Tik Tok, and even WordPress that utilize this log-in method. 

READ MORE

Read More

Topics: Managed Service Provider, Internet Safety, SEO, Cybersecurity, Multi-factor Authentication, Malware, Podcast