Technology Tips: September 2019 Skyward IT Services by Skyward IT Services Skyward IT Services Network Infrastructure and Security Specialists Read time: Smart Device Malware It’s all fun and games until a hacker burns your coffee. Most of us are well aware of the basics of data security when it comes to our devices. But what about unsuspecting objects like smart coffee makers and DSLR cameras? Hackers have found numerous ways to crack into our cell phones and computers by breaking into the Internet of Things, those at-home devices that use our wi-fi. A smart coffee maker can be a convenient and tech-savvy way to get our morning cup of joe. Being able to brew and schedule our coffee from an app sounds mighty convenient… but how safe is it actually? Hackers can do worse than burn or delay your coffee; they can use your coffee maker as a tool to install malicious code on any device that uses the same wi-fi network. One way to protect your home is to password protect the coffee maker itself, as well as the wi-fi network it is using. Make sure to change any default passwords and keep the firmware on your devices updated. Researchers also found that Canon DSLR cameras are at risk for being hacked and used for malicious activity through the camera’s USB and wi-fi capabilities. Hackers could threaten to delete photos and video files until a ransom is paid. Canon is aware of this potential risk and issued a statement with additional information and tips on keeping your camera safe. Phish Alert Button District staff may experience a lot of hesitation when they receive a phishy-looking email. Is it safe to forward to another staff member for a second opinion? Or should they send it straight to trash? The Phish Alert Button (PAB) is a convenient way for everyone to send their suspicious emails right to IT with the click of a button. This feature can assist your IT team in detecting early phishing attacks or malicious emails. Installation of the PAB depends on your district’s mail environment, and there are guides available for Exchange, Office 365, Outlook, and GSuite. Once your team is aware of the PAB, you can set up phishing tests to help everyone practice their security skills. You can send these tests as often as you’d like, but a minimum of bi-weekly is recommended. For example, you could send an email from someone posing as your organization’s HR Manager, prompting the recipient to click on a web link or open an attachment. You’ll then have the data to see who followed the fake prompts and who used the PAB feature. Social Media Malware Awareness We know we shouldn’t trust everything we see on the internet, but how can we distinguish helpful tools from malicious advertisements? CleanMyMac X is a service offering to clean your Mac for free when you download their program. But before you download anything, it is always worth doing some simple research. First, if you type the weblink “cleanmymac-x.com” in a separate browser you’ll find out that the website doesn’t actually exist. Second, notice the comment from “CleanMyMac.” Their spelling and grammatical structure seems a bit off to be a reputable company. Once a hacker has access to your social media account, they can retrieve your personal information. They can then sell it, spam your account, or get through to your devices to find your financial information. Ads asking you to pay money for a service and suspicious emails or posts from your Facebook friends are all common examples of social media spam. Clicking on links or transferring funds could put you at risk. Never click on a link or download anything, whether it be through text, email, or social media, unless you are confident that you trust the sender. Malware of the Month: CamScanner Trojan Researchers found that an Android app called CamScanner contains Trojan malware. This app just recently started to deliver malware to devices, which is especially dangerous considering it has been downloaded over 100 million times on Google Play since 2010. The malicious code is capable of signing users up for a variety of paid subscriptions. The Google Play store has removed this app, but it is still available at the Apple App Store. Researchers are finding that the app developers may have accidentally used a malicious ad library. Since the discovery of the malicious code, the developers at CamScanner have removed it from their application. While Google Play is the most reputable and safe place to download apps for Android, this scenario still goes to show the importance of keeping tabs on your apps and any financial accounts that your devices are tied to. Skyward IT Services Network Infrastructure and Security Specialists Share this story: Want tips, tricks, and feature updates delivered to your inbox once a month? Sign up here!