How to avoid email phishing scams

According to the security software provider Malwarebytes 33% of businesses have suffered a ransomware attack in the last 12 months.

Their research also revealed that 20% of UK businesses feel they’d have no chance in stopping a ransomware attack.

But actually, there is a lot that a business can do to protect itself, especially since the majority of approaches designed to either get the recipient to share their personal bank details or to install malicious software that locks the machine until a ransom is paid.

Emails that appear to come from a bank, from HMRC (HM Revenue and Customs) or from well-known companies, even social media accounts like Facebook, often either alert you to a problem, such as a suspended account, or to your being due a refund.  The giveaway is that invariably the message will include an invitation to click on a link in the email.

The main thing to be aware of, apart from the obvious one that you may not in fact have ever used that particular organisation’s services, is that in general neither banks nor HMRC will contact you via email with such information.

Unless you have specifically set up e-mail communication with the bank or other organisation an obvious giveaway of a fake is that it will not detail account numbers but also full names and may also contain spelling mistakes or grammar oddities.

Firstly, businesses should make sure every employee is alert to the possibility of emails being fake, regardless of how authentic the branding may look, and make sure they never click on any links contained in a suspect email.

If you have any doubts, the first thing to do is to hover the cursor over the alleged sender’s email address without clicking on or tapping it.  It should reveal the detailed address, and that will usually be enough to make you suspicious.

Your can do the same with any link in the email you are invited to open. If you are still unsure, log on to the organisation’s website from elsewhere, NOT via the email and check what it says about communications security and any specific alerts mentioned in the email.

Alternatively, if an email appears to come from an organisation with which you do have dealings it is always worth a phone call to check whether it is authentic.

Finally, report or flag the email either to your email provider or the organisation named in the email and alert them to the attempted scam.


What your website developer needs to know

Potential clients or customers generally expect a business to have a website and when they are looking for a product or service it is likely to be their first port of call.

Not only that, but these days, particularly in the UK, they are likely to be viewing it on a mobile phone or tablet, rather than a laptop or PC.

So, a website needs to be constructed and designed to be responsive (easily viewable) across all these. These days, website developers and designers will almost certainly build a site with this in mind.

Similarly, to be acceptable to browsers such as Google and Firefox, a website needs to be secure, as in https: not http.  Again, developers should know this and will need to buy a SSL (Secure Sockets Layer) certificate from an authorised supplier to make the website safety compliant.  The SSL provides secure communication over a computer network.

You should also clarify who owns the copyright of your website design to prevent any problems later and ensure that a cookie policy as well as a proper privacy statement are included, both legal requirements, especially if you are going to ask people to sign up to get access to information.

It may be worth checking with your developer that these features are part of their service, but the developer will also need input from you to do a decent job.

Before you talk to a developer

If you want a design that stands out rather than looking like those of your competitors it is a good idea to do some preparation work before you talk to the designer/developer. This will help you give them the information they will be looking for when they visit your website.

Firstly, you should have a customer profile – a description of your ideal client, their tastes and preferences, their ages, lifestyle, professional level and so on.

Everything should be written from the website visitor’s point of view, defining their problem first before showing how your business can solve it. Work with a professional content writer if this sounds like too much to do on your own.

What your developer needs from you

Either you, or your marketing/content writer should put together a design brief, which will detail your budget, how many pages the site needs and their titles, whether you will supply pictures (always better than stock pictures), perhaps also including examples of websites that you like (and dislike). You will also need to provide images of your company logo and details of your corporate colours.

Do you want to be able to add to and update the site yourself?  In that case you will need a CMS (Content Management System) and guidance on how to use it.

Website developers will generally expect you to supply the words. They will also want guidance on the pictures, preferably original ones that you own rather than stock pictures.  That way you keep copyright of the information but it also helps you to define what pages will be needed, covering what subject matter. A basic website generally includes home, about us. Services/products, testimonials, blog/news and contact pages.

Remember, the clearer you are about what you want your website to look like and contain the easier it is not only to get comparable quotes but also for the website builder to discuss with you what is possible within your budget and to provide you with something that fits your needs.

Before choosing between developers, look at examples of their work and remember, cheapest is not always best. Once you have chosen the developer and agreed terms it is always best to get these details agreed and confirmed in writing.

The first decision is whether you intend to update your website yourself, write and load your own blogs or products.  If so, you will need the website to be built with a CMS (Content management system).  Does the developer provide either an instruction document or training to help you get familiar with it?

Most developers will offer some sort of support or aftercare package, which includes hosting, taking care of security updates, perhaps ongoing SEO work and may also include adding new content or changing existing words.  They will charge a monthly fee for this.  You need to know what services are included and whether there are options, such as a basic package (eg hosting and security) and a higher level package.  You also need assurance that if your developer is going to be adding content for you they will do so promptly.

Other questions to ask

Copyright – some website owners have found when they want to move to a new developer or host that the original developer is blocking them, claiming that they own the copyright to your website.  You must clarify this when negotiating the initial contract.

Cookie policy, these days legally websites must contain information about whether they use “cookies” which are pieces of code to gather information about visitor activity and must offer an option to opt out. Make sure you discuss this with your developer.


Online security is a must for businesses

Businesses should be much more aware of online security after last month’s WannaCry ransomware cyber-attack attacked 200,000 computers in 150 countries, causing chaos for the UK’s NHS.

So many businesses these days rely on their IT systems for record keeping and for communications that it makes sense to do everything possible to keep them both secure and running. Ransomware attacks can take over a machine and lock the owner out until they pay a fee to the hacker.

It is estimated that such incidents have increased by 50% in the last 12 months.

The first thing to do is to ensure that the operating system is up to date, and that any security patches issued by the provider are installed promptly.

Also make sure to protect the system with a reputable anti-virus protection programme.

Remember that as Microsoft rolls out new operating systems, sooner or later it will withdraw support for older ones. This was part of the problem with the NHS meltdown, where some of its system was still using Windows XP, long after Microsoft withdrew support.

The second thing to do is to ensure that all data crucial to the business’ operation is backed up elsewhere, either in the cloud or on an external hard drive, preferably both.

Thirdly, all staff should be trained to be on the alert for suspicious e-mails and above all to never click on any links they contain.  Often such emails will appear to come from a reputable organisation, such as HMRC.

If in doubt about a link, hover the mouse over the link and the complete URL will pop up.  That is often a good indication that it is suspicious. Further checks could be done by either calling the sender or checking its website via a search engine not via any links in an email.

Remote monitoring by your IT support company is another option.  We offer remote monitoring and back-up options via AVG.  Better to be safe than sorry when your livelihood is at stake.


Updated Data protection regulations coming into force

From 25 May 2018 GDPR (General Data Protection Regulations) will be in force throughout the EU and the UK Government has confirmed that it will comply regardless of the decision to leave the EU.

The GDPR is designed to improve consistency in protecting and strengthening consumers’ rights over their personal data, although work is continuing on refining the regulations.

Many organisations collect and keep personal information for a range of legitimate purposes, from use in targeted business marketing, to records kept by organisations providing health and other services and also for research.

But rarely a week passes without news of yet another organisation’s customer database being invaded or “hacked”.

Any business or organisation that collects information from people who either work for or use its services has a duty to ensure it is stored securely and safely.

When the new regulations come into force both businesses and those who process digital records for them will now be accountable. They will have to document decisions that are made about processing the data that has been collected. This means showing that the data has been lawfully collected for specified and legitimate purposes, and that the details of what has been collected are specific and limited to those purposes.

Crucially the information must be protected and held securely and must be stored for no longer than required.

Any organisation or business that keeps lists containing people’s personal data will need to look at their data collection, storage and processing systems to be ready in time for the new regulations.  They must ensure they have proper permissions for collecting and holding personal information and can verify this. Silence or pre-ticked boxes are not proper consent.

They must also give individuals a right of access to and correction of the information being held, the right to its removal and to restricting it and the right to object. So, they will need to put in place acceptable governance to ensure all these rights are acted on, on request and in a timely manner.

Opt-outs from the regulations, known as derogation, will be allowed only in some situations – such as for national security reasons.


The End for Windows Vista

No more support for Windows Vista

It is ten years since the Windows Vista operating system was launched and this week on April 11 2017 Microsoft finally withdrew support.

Vista users will no longer receive security updates that can help protect PCs from harmful viruses, spyware, and other malicious software that can steal personal information.

When it was launched, Vista was supposed to revolutionise Windows because of its new file system and user interface.  But the new system was “graphically intense” and took up a lot of space, especially on laptops.  It was also too much for many netbooks.

Users complained about file transfers being slower than Windows XP, video games were sluggish, and on-screen prompts constantly pestered PC owners.

Vista reportedly became one of the most disliked software packages, especially when compared with Windows XP, which was two years older than Vista.

At the time, Microsoft was criticised for failing to understand customers’ needs and for not listening to them.

While those who still have Vista on their machines will still be able to run it, they should be aware that they will no longer be protected and if they store sensitive information, where security is important they should consider changing to a different operating system.

They may also find that their PCs will no longer work with other hardware, such as printers, scanners and cameras that have been manufactured to be compatible with more recent operating systems.

If you want to find out about the life cycles for support on other Windows operating systems there’s a fact sheet here

If you want help to upgrade to a newer system Colchester IT can assess whether your existing computer hardware is powerful enough to cope as Windows 10, for example, is very power-hungry needs at least 1GB of RAM, between 16 GB and 20 GB of free storage, and a display with a resolution of at least 800 x 600 pixels.

Call us for advice and to help you through the process of upgrading.


IT round-up

IT round-up for small businesses and home computer users

Here’s a round-up of some of the latest tech info and issues and this week, it’s mostly, but not all, about security and hacking.

Record levels of online fraud in 2016

The fraud prevention service Cifas has reported that Identity Fraud in the UK reached record levels in 2016 with 25,000 victims aged under 25 out of a total of almost 173,000 recorded frauds. The statistics were collected from 277 banks and businesses and 88% of all frauds occurred online. There’s more on this here.

Young people at risk despite parental controls and filters

A new study published in The Journal of Paediatrics has cast doubt on the effectiveness of parental controls and content filters as a means of protecting teenagers online. Researchers from the Oxford Internet Institute at Oxford University analysed Ofcom data on 515 adolescents between the ages of 12 and 15, and found that the use of content filters in the home – in use in a third of the households involved – “did not appear to mitigate the risk of young people having unpleasant online experiences and that technical ability to bypass these filters had no observed effect on the likelihood of such experiences”.

The most popular cybercrimes revealed

From the Telegraph:

  1. Phishing – The aim is to trick people into handing over their card details or access to protected systems. Emails are sent out that contain either links or attachments that either take you to a website that looks like your bank’s, or installs malware on your system. A report by Verizon into data breach investigations has shown that 23pc of people open phishing emails.
  2. Identity theft – According to fraud protection agency Cifas, the number of victims rose by 31pc to 32,058 in the first three months of 2015. Criminals use online ‘fraud forums’ to buy and sell credit cards, email addresses and passports.
  3. Hacking – In a Verizon study of security breaches there were 285 million data exposures, which works out to about nine records exposed every second – 26pc of these attacks were executed internally within organisations.
  4. Online harrassment – Over half of adolescents and teens have been bullied online, while 73pc of adult users have seen someone harassed in some way online and 40pc have experienced it.

Changes to Google hangouts

Whether you use them for business or personal communication Google have announced they are revamping Hangouts.

The main Hangouts text chat service will receive a Slack-style upgrade, completed with threaded conversations and both web and dedicated app interfaces, to become Hangouts Chat. Meanwhile, the video/voice conferencing capabilities will get a new, less fiddly front end in the form of Hangouts Meet, which is live now. More on this here.

And finally ….

Do you read the Ts and Cs (Terms and Conditions) when you visit a website?  Perhaps you would if they were presented like this graphic novel produced by US artist Robert Sikoroyak?


New ruse by scammers to get control of your computer

In the last couple of days there have been warnings about a sneaky new tactic being used by scammers to get control of people’s computers, as ever with the objective of extorting or stealing money.

The warnings have come from the UK’s National Trading Standards e-crime team.

In this scam the problem starts when the computer owner has a printer that develops problems and then goes online to find a printer helpline, which they then call.

“This printer helpline scam is particularly pernicious because it encourages victims to unknowingly contact the fraudsters of their own accord,” said Mike Andrews, the team’s lead co-ordinator.

This new ruse is a 21st Century version of the psychology used in old-fashioned distraction burglaries, where the criminal depends on the victim’s attention being on something else and therefore not alert to the real danger they are in.

Callers to the fake printer helplines are fooled into allowing remote access to their computers. Then, in the same way as the more well-known scams that depend on an unsolicited phone call claiming to be from Microsoft, victims are persuaded to allow remote access to their computer to fix the problems, only this time supposedly with their printer.

Victims are likely to be less alert to a possible fraud because their attention is not on their PC but on a printer issue.

From there on the victims are trapped by the usual scammer tactics of either refusing to hand back control until the owner pays them some money, or by the scammers inserting malware into the computer that allows them to steal the owner’s bank account details, again to extract money.

The best advice is to either access the printer manufacturer’s own website online and search for its official troubleshooting advice or helpline, or consult the brochure that came with the machine if there is one.

You should never, ever, allow remote access to your computer by someone you have not met and are talking to on the phone. Equally important is to keep virus and malware protection software up to date to protect the computer from the latest scams.

This is the latest variation to add to a growing list of telephone and email scams that also include emails that appear to be from legitimate banks or Internet service providers (ISPs). These usually contain a link for the recipient to click on, at which point the scammer has access to either steal financial information or to encrypt the machine then demand a ransom payment to unlock it.

According to the organisation Action Fraud, there were more than 32,000 instances of various types of computer service fraud in 2016, an increase of 47% since 2014.

If you have been effected by this scam or have any concerns contact us at ColchesterIT for FREE no partial advice. Or simply call us on 01206 634063


No internet access after applying Windows updates

No internet access after applying Windows updates – FIX

We all know that Windows updates can cause just as many problems as they manage to fix, one of the issues we have seen an influx of recently coming into our Colchester-IT is where a computer is unable to connect to the internet after completing a number of updates that have been recently installed. This normally doesn’t cause any issues until the machine has been restarted, luckily this is generally a simple issue to fix.

Upon further inspection, we were able to fix this particular issue simply by disabling the wireless adapter, rebooting the machine, and then re-enabling the wireless adapter upon restarting. This seems to permanently fix the issue, for steps on how to fix this problem please see below.

  1. Right click on the wireless logo on the task bar in the bottom right and click on “open network sharing centre” – Alternatively you can hit the Windows key + X key to open the menu and click on network connections.
  2. Once you are in the network and sharing centre click on the “change adapter settings” this will open a new window which displays your available network connections
  3. Right click on the wireless adapter which may be named “Wi-Fi” and disable the adapter, once you have disabled the wireless adapter it will grey itself out.
  4. Proceed to reboot your machine leaving the wireless adapter disabled, repeat the above process to get back to the adapter settings and you can simply enable the adapter again by double clicking on the greyed-out adapter.
  5. Check that your wireless has connected back to your router (it should still remember your preferred network) and you should be back up and running!




We are Hiring

IT Apprentice job in Colchester

Colchester IT is looking for a new dedicated apprentice to join our professional team in Essex. This role would suit a hardworking individual who is keen to start building a career in IT.

The IT apprenticeship is specifically designed for those aged 16-25, all training will be provided on site. Your role will be for 35 hours per week, based in our busy workshop and also on the shop floor.

Day to day duties will include shadowing and providing support to the IT engineers, to learn about the inner workings of computers. From this, you will gain an extensive working knowledge of various computer services and repairs.

You will also gain retail and customer service experience, offering support to customers both over the phone and face to face on the shop floor.

This will be a hands on role, with lots of exciting tasks and challenges along the way, so you must be willing to learn and get stuck in. You will be a good team player, proactive, and enthusiastic.

If you would like to apply to join our team, please email your CV to:

We look forward to hearing from you.


Will selfies replace passwords for payment?

Will selfies replace passwords for payment?

Card payment company, MasterCard has stated that it will begin to accept selfies as alternative to passwords when authorising IDs for online payments in the future. The firm will also use fingerprint recognition in the same way.

The move comes following successful trials of the process in America and the Netherlands last year. So successful in fact that MasterCard told the BBC that 92% of test subjects actually preferred these biometric payments over manually entering passwords.

Experts have also predicted that selfie and fingerprint payments could potentially wipe out credit card fraud one day. Although, this has been met with criticisms, with some security researchers questioning how easy it could be to trick the system.

MasterCard explained that members of the public will simply need to download an app to their smartphone, tablet, or PC in order to begin processing payments this way. This technology is now officially rolling out, in the UK, US, Netherlands, Canada, Spain, Belgium, France, Italy, Germany, Norway, Switzerland, Sweden, Denmark and Finland.


How do selfie payments work?

When making purchases, users will still be asked for their payment card details, but if a two factor authentication process is required, then they will be asked to use the device’s camera to take a selfie, or use the fingerprint scanner. This is instead of the current system of having to type out selected numbers and letters from their passwords.

Interestingly, if validating their ID by a selfie, users will need to blink into the camera, to prove they are really there, and not just holding up a photograph.


Why has MasterCard brought in selfie payments?

Ajay Bhalla, chief of safety and security at MasterCard, says that passwords are not secure, people frequently use the same password across multiple websites, and we all know that the most commonly used password is 123456. The problem is that if one website gets hacked, then all the websites where you use the same password will get compromised. This is not ideal.

In this day and age, we all own mobile phones, and we all access the internet. It makes sense to introduce biometrics as an extra security level when authenticating ourselves.

There has long been a problem with online payments because there is no card present, and therefore a greater risk of fraud exists. This is why we typically pay surcharges for credit card payments. Introducing biometric payments makes a lot of sense because it is a more secure method than simply asking for a password. Hopefully this will reduce fraud and we can all benefit from lower prices for these transactions.