Recognizing and Avoiding Phishing Scams

What is phishing?

“Phishing” is what we call an online scam that attempts to extract information, credentials, or money from you, usually by impersonating someone you trust or a trusted organization like a bank or vendor.

Phishing emails and text messages attempt to trick you into clicking on a link, opening an attachment, or sending proprietary information. Often the return address is the name of a person or company you recognize, leading you to believe the message is legitimate. But there are many ways for you to recognize phishing and to avoid falling for scams.

If you have any question at all that an email might not be legitimate, forward it to support@macktez.com. If you do this, please send a second email referencing the first one, because sometimes the original forward can be caught in our spam filter. If you accidentally click on an email that you think was not legitimate, please let us know, even if you didn’t enter any information.

Tips for security

– Exercise your Spidey sense. If the request from someone you know is unexpected or unusual, or if the language used in the email is not typical for the person you think the email is from, be alert and extra careful. Verify the message with the sender some other way (call, text, or chat).
– Remember that return addresses are easily spoofed. It’s as easy to put someone else’s return address on an email as it is to write someone else’s return address in the top left corner of an envelope sent through the regular mail.
– Be aware at all times of links you click in an email message. You can hover your mouse over a link to reveal the actual target of that link — if the target is not what you think it should be, don’t click.
– Be particularly wary of any email that links to a website that asks you to enter credentials.
– You are most vulnerable when you are engaged in something new — starting a new job, using a new communication tool, working on a new project with new vendors. Slow down in these situations and maintain extra vigilance until you have established a routine.
– If you receive an email asking to change a method of payment (for example, a new wire transfer number) verify this change either in person or by phone. Never authorize any electronic payments until you have confirmed the authenticity of the request with the vendor directly.
– Protect your computer by installing security software and keeping it up to date. That way even if you download malware accidentally, your computer will be protected.
– Set your phones and computers to do automatic updates to ensure you are taking advantage of the most recent security updates at all times.
– Do not reuse passwords. If one of your passwords is compromised through a phishing scheme, the hacker will most certainly try to use that password to log into any number of other services. (Use a password manager like 1Password to help you keep track of your passwords.)
– Use strong passwords, at least 12 characters long. Length is more important than complexity, so use phrases if you have trouble remembering passwords. “Ilikemexicanfood4lunch” is a much more secure password than “buRR1t0”. (Again, use a password manager so that you don’t even need to remember your long passwords.)
– Enable multi-factor authentication (MFA) on every critical service, starting with your email account. MFA makes it so that even if someone knows your password, they won’t be able to log into your account.
– If you suspect a password has been compromised, change it immediately.

Have I been hacked?

Receiving a phishing email does not mean you have been hacked. Even when the suspicious email seems to reveal information you think is private (a message from your direct supervisor, or a link to a service you actually use), it’s usually because that information is not in fact private — your company’s org chart, for example, can be easily gleaned from your public website or LinkedIn.

If someone else reports that they received a phishing email from you, that also may not actually indicate a true vulnerability. Adding a fake “from” address to an email is easy to do, and does not necessarily mean the email actually came from your email account.

That said, hacks do occur (especially if you use the same password for multiple services and have not enabled MFA). If you suspect your email account has been compromised, go ahead and change your password right away and let Macktez know. There are clues we can look for within your email account to assess the extent of the hack and take remedial action.

What’s really going on?

Phishing is not a particularly sophisticated form of hacking. It doesn’t take a lot of computing power or a special knowledge of code. It’s a modern form of social engineering, where a con artist takes advantage of your trust or inattention.

Phishing can be very broad — someone sends a thousand generic requests from “Dropbox” via email and hopes to get a small return. Or it can be targeted (sometimes called “spear phishing”) — someone looks up information about your organization, spoofs specific email addresses, and makes specific requests that they think will sound more legitimate. In all cases, hackers are just hoping to trip you up, and then will use the information they get to expand their attempts.

What can you do?

There’s no way to stop phishing entirely. But there are ways to reduce the practice, minimize the risks, and assist those who are also trying to block phishing on your behalf.
– Enroll in Macktez Domain Management. By configuring, enabling, and monitoring industry standard tools for email security (SPF, DKIM, and DMARC) Macktez can help ensure that outgoing email using your organization’s domain is not spoofed, providing email recipients greater confidence that messages from you are authentic.
– Sign up for simulated phishing campaigns from Macktez. We can purposely send (harmless) email to your staff every quarter to train them to recognize phishing.
– Click the “spam” button in your inbox to train your email service to recognize illegitimate emails. Large email providers like Google and Microsoft aggregate user feedback to improve their own filters so that these kinds of emails never reach your inbox.

Electronics Recycling

E-waste can be dangerous if mishandled, releasing toxins and hazardous chemicals (e.g. mercury, lead, and cadmium) that contaminate its surroundings. That’s why in New York City and many other localities, putting your old electronics out with the regular trash is illegal.

Additionally, disposing of old computers without first erasing the files stored on them may be a security risk for your organization or for you personally, as storage drives can be harvested and the data on them may be viewed and used by bad actors.

There are now many options for responsibly disposing of electronics, including commercial and residential building pick-ups and community drop-off events. Computer manufacturers each have their own programs for free return of equipment for disposal, and consumer electronics stores like Best Buy will accept small numbers of drop-offs each day. But not all these methods will provide certified data erasure. You should be clear about your security needs before letting go of old equipment.

Macktez has partnered for over a decade with 4th Bin for e-waste recycling and certified data destruction. To help clients avoid the high minimums required to schedule a pick-up, we can hold equipment securely until we have a full load to turn over to 4th Bin. Or 4th Bin can ship an empty box to your office to be filled and shipped back for proper disposal.

Let us know if you need help the next time you refresh your fleet of workstations, upgrade your network equipment, or prepare for an office move.

Reilly Scull Talks Jumpcloud on ChannelPro Weekly

Macktez CTO Reilly Scull joined ChannelPro Weekly for a discussion about how to take advantage of JumpCloud’s cloud-based directory platform for user and device management.

JumpCloud is an integral part of Macktez Identity Management, which more and more of our clients are using to manage a hybrid workforce on multiple platforms.

Google Drive Changes in macOS

Over the past few months, Google Drive, Dropbox, Box, and OneDrive users on Apple computers have experienced small and not-so-small changes to how files saved to these cloud services appear in the Finder. The notes below address the user experience with Google Drive specifically, but some of these particulars are relevant also for other cloud file storage solutions.

User experience changes in Google Drive for Desktop

Where to find “Google Drive”

In Finder, “Google Drive” no longer appears in the “Favorites” section of the sidebar, and instead is listed under “Locations.” You will still be able to see a link to “Google Drive” from your Home directory, right after “Desktop,” “Documents,” and “Downloads.”

If you have connected more than one Google account to Google Drive for Desktop (for example your business and personal accounts), this link will include your email address to distinguish the different accounts.

Shortcuts broken

As a result of this change from “Favorites” to “Locations,” any shortcuts to Google Drive folders that you created and saved to your Desktop or to the sidebar in Finder will be broken and will need to be recreated manually. What’s especially confusing is that you might still see the files you expect inside these folders when you click these old links, but they will not be the files that are syncing to Google Drive. Be sure to recreate all your Google Drive shortcuts.

Move and copy files in Finder

Previously, if you dragged a file from a Google Drive folder to your Desktop or another local storage space, your computer would copy that file. Now, if you just drag a file from Google Drive to Desktop that file will *move* and get deleted from Google Drive. That’s confusing, and can even be a little alarming, but not if you think about it this way: dragging a file from Google Drive to your Desktop now works the same as dragging any file in your Finder — it moves the file. If you want to copy the file while dragging, hold down the option key.

External references may get messed up

The old version of Google Drive created full file paths for everyone that started with /Volumes/GoogleDrive/ and were the same for all users. Under the new architecture mandated by Apple, the full path goes through your Home folder (/Users/[yourname]/Library/CloudStorage/GoogleDrive/), which is different for every user. This can be a big problem for teams sharing files with externally-referenced files (ex-refs).

When you place images or other drawings into a file in InDesign or AutoCAD, the program is saving a file path to this ex-ref. Whenever possible, that file path is a relative file path that indicates where the ex-ref is in relation to the main file. But in certain situations the file path saved is an absolute path, starting from the top level or root level of your entire directory. When that happens, this full file path to an ex-ref won’t be the same for you as it is for your colleagues, because the absolute path includes the name of your Home folder, which is the same as your computer login name. That means that if you place a drawing into AutoCAD, and then your colleague opens that AutoCAD file to make additional edits, they won’t be able to work on the ex-ref you placed.

The solution generally is to make sure that ex-refs live in the same folder as the main file you are working on, or in a folder below that file. That way the file path for an ex-ref can always be a relative path and won’t need to use the name of your Home folder.

Other bugs

Some users have experienced problems that are not intentional security changes and are more easily classified as bugs. If any of these are happening to you, first try a simple restart of your computer. If that doesn’t help, a reinstall of Google Drive for Desktop is usually the best course of action.

– Google Drive seems to be constantly syncing files and limiting the performance of your computer.

– Google Drive starts saving files locally that are meant to be saved only in the cloud. If this happens with a large folder, you can end up running out of storage space on your computer.

– Google Drive is not reporting the sync status of certain files correctly — files you add to Google Drive in your Finder are not showing up at drive.google.com in your web browser and are not accessible for your colleagues.

What’s really going on?

All these changes are related to a new API for cloud storage providers called File Provider that Apple first released in macOS 12.1 to integrate cloud file storage solutions more securely and consistently in the operating system. While Box responded to Apple’s extension change in 2021, only since September 2022 have we seen Google Drive, Dropbox, and OneDrive rewrite their applications for desktop integration to use the new API.

Cloud file storage solutions that show up as external drives in Finder have been available for years, but were always a bit of a hack, and were implemented in different ways on different systems using “kernel” extensions that were allowed to make deep changes to Apple’s OS. These hacks were incredibly helpful for users, especially when cloud file storage solutions figured out how to show you all the files you had in the cloud without actually downloading them. But kernel extensions presented a security problem for Apple in that they implemented changes to core OS functions and opened up security vulnerabilities that Apple couldn’t cover.

Apple has deprecated support for kernel extensions in general. In order to accommodate the popular and useful cloud file storage solutions, Apple published a new API called File Provider that created integration to these cloud services at the user level, not the system level. As a result, the applications that run the interface for interacting with these cloud files needed to be rebuilt.

Certain changes in functionality are expected and even desired by Apple (like how files are moved, not copied, when you drag them). Others are user-interface bugs that will hopefully get cleared out as Google continues to update Google Drive for Desktop.

How do you know if you’re on the new version?

If you are running macOS 12.1 or higher (Monterey or Ventura) then you are probably already using the most recent version of Google Drive for Desktop and have had these changes implemented. The best way to be sure is to check the preferences of Google Drive.

– Click the Google Drive icon in your menu bar.

– Click the gear icon, then Preferences.

– Click the gear icon in the window that appears. Here you’ll see more detailed preferences for each of the Google accounts you have connected to Google Drive for Desktop.

– Under “Google Drive streaming location,” if the “Change” link is grayed out and you see the notice “Folder location is controlled by macOS,” you are working under the new architecture described above.