BOSTON IT SERVICESCall us at (781) 933-9300

Voice phishing is now here. And it costs. Recently, one company’s CEO was out $243,000 after receiving a phone call he believed to be from his boss. The voice – which he recognized – on the line requested funds be sent. Only after sending the funds did the CEO discover he’d been defrauded.

Any technology can be used to help or harm. Today, voice-mapping software can be used to create a voice library from recordings. Those voices can be helpful to companies and customers alike for identification (banks and credit card companies are beginning to do this with telephone conversations). However, by setting artificial intelligence (AI) to work against that library, a more nefarious use can be made, creating dialog so realistic that it can fool the listener.

Any data – that is, any recording – that you post has the potential to be sampled. Instructional videos, conference recordings, over-the-air interviews on the news, even your voicemail contains enough voice elements for someone with malicious intent to repurpose otherwise-helpful communications in a way that can cause you or your company harm.

In short, you need to be careful with what you share on the internet. Any information you post on the internet – data, a picture, or a recording – is just more for bad actors to manipulate and potentially hurt you with.

Is it possible you’re doing business in murky waters? How many of these businesses do you have an account with? These businesses are the top 10 brands most-often spoofed by cyber-criminals, resulting in data breaches, identity theft, and cash losses.

• Microsoft

• PayPal

• Facebook

• Netflix

• Bank of America

• Apple

• CIBC

• Amazon

• DHL

• DocuSign

Consider it your assignment to always check the URL on any site you visit. Use your mouse to hover over the link to see where it really goes before clicking on it (the URL will most often display in the bottom bar of the browser you’re using). Better yet, instead of automatically clicking, just open a separate browser window and go directly to a site you want to visit. Do this for sure if you have any questions, but it’s a good habit to groom even if you’re sure about the link you’re about to click. By the way, always be sure to use unique passwords for each site you conduct business with.

Is your calendar vulnerable? The other day I noticed that I had appointments in my calendar from people I did not know. I was initially concerned I was compromised. However, after a little research I discovered that I was on the hook end of a new phishing/spam technique. Criminals and salespeople are now using calendar appointments to bypass your spam filter by setting appointments directly on your digital calendar.

The sneaky calendar appointment is flagged as tentative/not accepted. It will generally have some details and links in the invite. These details are prime location for credential-phishing and site-spoofing. As always – DO NOT CLICK on any links in these spam appointments. They are as dangerous as any spam/phishing attempt.

How is this possible? By default, Microsoft, Google, and Apple email platforms are open to accept calendar invites from anyone. In most cases this is a very helpful thing that makes doing business easier. If you have not seen an invite from a colleague in your email inbox you can still see a tentative appointment in digital calendar. That helps you manage meeting request on both your calendar and email inbox.

When you do have an unwanted appointment how should you deal with it? You might be tempted to simply “deny” the appointment, but it’s actually best to delete it without rejecting the meeting organizer/spammer. By rejecting or declining, the spammers learn your account is active and will target you even more aggressively.

Till next month stay safe,

Dan Adams
CEO
NENS

shares