Be on the look out for “Password Set to Expire” phishing emails.

Be on the look out for “Password Set to Expire” phishing emails.

Be on the look out for “Password Set to Expire” phishing emails.

Are password reset emails trustworthy? Microsoft365 / Office365 customers, beware of this recent email phishing attack.

The email states your Microsoft365 email password is set to expire. At first glance, it appears to be a typical Microsoft simple text email. Examining the “from” address, however,  we can see it is from a non-Microsoft web “spoofed” email address. Further examination into the header reveals a fake address.

Email “spoofing” is a term where one identifies as another by falsifying the email address posing as a legitimate company, but not the actual company.

Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious software on the victim’s infrastructure like ransomware.

The purpose of such phishing attacks can be twofold.

  • Firstly,  is to retrieve your password. A bot on the other end will then immediately attempt to access the targeted Microsoft365 account where the attacker freely downloads all your M365 information. In some cases, the password is changed so you no longer have access.
  • Secondly, it would be to execute a virus or ransomware on your computer.

Always review the “from” the address before opening any email, selecting any link or opening attachments. Also, if you have a third-party antivirus program like eset, right-click on the attachment and “SCAN” with your antivirus to be sure it is free of malicious content.

A good rule of thumb is, even if you think it might be a legitimate request, do NOT click the link, instead go directly to the account in question through a web browser. If there is truly such a request, typically there will be a notification upon login to the account.

Also, if the account password requires a reset, the website will require a reset upon access.

Mawarebytes Phishing
Malware Malbytes stop phishing attacks.
What is a Gmail 8-digit backup code? Why should I retrieve this 8 digit security code?

What is a Gmail 8-digit backup code? Why should I retrieve this 8 digit security code?

If you or someone you know has a Google GMAIL account you may want to give this a quick read. “How do I get my Google gmail 8 Digit Backup Code?”

Recently, I’ve had a few people contact me who have had their mobile device/phone lost or stolen.

The finder or perpetrator accesses the device due to a weak or no password. This now bad actor has access to the device and begins changing the rightful owner’s Gmail account password, so the rightful account holder no longer has Gmail access. They then begin fraudulently charging on credit cards or withdrawing funds from the owner’s bank accounts.From this point, the rightful owner is not able to gain access to their device or sensitive accounts from even another device or PC.

Even with “Two Factor” authentication, which should always be enabled when possible, the perpetrator was able to access sensitive important accounts, as the “Two Factor” authenticator app is on the phone itself, thus sending the “keys” to unlock the door to the “Multi-Factor” authentication accounts.

To make things even more troublesome, some users had screenshots of photos and/or lists of passwords, bank accounts, credit cards, driver’s license and other important information on the phone itself unprotected by further security methods.This is not uncommon, as most of the people I’ve surveyed do not have these codes or even know they exist.

So, What is a Gmail 8-digit backup code? Why should I retrieve this Google eight-digit code immediately?

A Gmail  8-digit backup code is a unique string of numbers to recover a g-mail account.

You should retrieve the Google eight-digit code immediately before your account is compromised, you lose your mobile device or password.

*These steps are subject to change as cloud providers often change the User Interface Portal frequently.

Android – Create & find a set of backup codes

Create & find a set of backup codes

To store your backup codes somewhere safe, you can print a copy of your backup codes.

On your Android phone or tablet, open the Settings app.

  • Tap Google and then Manage your Google Account.
  • At the top, tap Security.
  • Under “Signing in to Google,” tap 2-Step Verification. You may need to sign in.
  • Under “Backup codes,” tap Continue .

From here, you can:

  • Get backup codes: To add backup codes, tap Get backup codes.
  • Create a new set of backup codes and inactivate old ones: To create new codes, tap Refresh .
  • Delete your backup codes: To delete and automatically inactivate your backup codes, tap Delete Delete.
  • Download your backup codes: Tap Download Codes .
  • Print your backup codes: Tap Print .

Tips:    If you think your backup codes were stolen or you run out of codes, create a new set. To create a new set of codes, tap Refresh .

When you create new codes, your old set automatically becomes inactive.

Obviously DO NOT STORE THEM ON YOUR MOBILE PHONE as an image or other file.
If you use the cloud to store files be sure it has two-factor authentication and a Vault / Private key
From <https://www.google.com/search?q=how+to+get+gmail+8+digit+backup+code&oq=get+gmail+8+digit+code&aqs=chrome.1.69i57j0i22i30j0i390l3j69i64.16506j0j15&sourceid=chrome&ie=UTF-8>

Computer – Create & find a set of backup codes

Create & find a set of backup codes

To store your backup codes somewhere safe, you can print a copy of your backup codes.

  • Go to your Google Account.
  • On the left, click Security.
  • Under “Signing in to Google,” click 2-Step Verification. You may need to sign in.
  • Under “Backup codes,” click Continue,

From here you can:

  • Get backup codes: To add backup codes, click Get backup codes.
  • Create a new set of backup codes and inactivate old ones: To create new codes, click Refresh.
  • Delete your backup codes: To delete and automatically inactivate your backup codes, click Delete .
  • Download your backup codes: Click Download Codes.
  • Print your backup codes: Click Print.

Tips:

If you think your backup codes were stolen or you run out of codes, create a new set. To create a new set of codes, click Refresh.

When you create new codes, your old set automatically becomes inactive.
Find your lost backup code.

Search your computer for: “backup-codes-username.txt with your username. For example, if your username is google123, search for: Backup-codes-google123.txt. You’ll need the codes downloaded to your computer for this to work.

Sign in with a backup code

    • Find your backup codes.
    • Sign in to your Google Account.
    • Click Try another way.
    • Click Enter one of your 8-digit backup codes.
    • Enter one of your unused backup codes.

Tip: As each code can be used only once, you might want to mark the code as used.

From <https://support.google.com/accounts/answer/1187538?hl=en&co=GENIE.Platform%3DDesktop&oco=0>

iPhone & iPad – Create & find a set of backup codes

Create & find a set of backup codes

To store your backup codes somewhere safe, you can print a copy of your backup codes.

On your iPhone or iPad, open the Gmail app -> Tap Menu

Settings -> your account name

Manage your Google Account. If you don’t use Gmail, go to myaccount.google.com.

    • At the top, tap Security.
    • Under “Signing in to Google,” tap 2-Step Verification. You may need to sign in.
    • Under “Backup codes,” tap Continue.

From here you can:

    • Get backup codes: To add backup codes, tap Get backup codes.

Create a new set of backup codes and inactivate old ones: To create new codes, tap Refresh.

  • Delete your backup codes: To delete and automatically inactivate your backup codes, tap Delete
  • Download your backup codes: Tap Download Codes.
  • Print your backup codes: Tap Print

 

Tips:

If you think your backup codes were stolen or you run out of codes, create a new set. To create a new set of codes, tap Refresh.
When you create new codes, your old set automatically becomes inactive.
Find your lost backup code

Search your iOS device for: Backup-codes-username.txt with your username. For example, if your username is google123, search for: Backup-codes-google123.txt. You’ll need the codes downloaded to the device for this to work.

Sign in with a backup code

    • Find your backup codes.

    • Sign in to your Google Account.
    • Tap Try another way.
    • Tap Enter one of your 8-digit backup codes.
    • Enter one of your unused backup codes.

Tip: As each code can be used only once, you might want to mark the code as used.

From <https://support.google.com/accounts/answer/1187538?hl=en&co=GENIE.Platform%3DiOS&oco=0>

I hope you find this What is a Gmail 8-digit backup code article helpful? Why should I retrieve this Google eight digit code immediately?

If  you need computer, website or technology support contact us at 424-532-1633 to get support.

What is a “Managed Firewall” and why do I need one?

What is a “Managed Firewall” and why do I need one?

A Managed Firewall provides protection for devices at the perimeter (local in your home or office) and/or even on your cloud network. These devices are also commonly referred to as endpoints.  Most firewalls installed by your ISP or a junior technician are static or “dumb” firewalls. They provide no real time monitoring or updating as needed to anticipate the latest “in the wild” threats. They are simply configured with some local rules and then left to become outdated as soon as they are installed. Furthermore power outages and field maintenance from your cable company or internet provider often “wipe” or “reset” the firewall with no warning to you leaving you unprotected.

A “Managed Firewall” is regularly monitored, patched and maintained. Firewalls are not a point-and-click or set-it-and-forget-it technology. Like most edge devices these days, firewalls are typically installed “on-site” , however the latest trend is to use configured in the “cloud” and managed via “Remote Support” managed Firewalls.

Managed Firewall

Managed Firewall Schema

Managed Firewalls” allow live security definitions to be updated which help protect against constantly changing threats. Rules can be set in place to block certain websites and social network activity. Cloud Firewalls are virtual firewalls with all communications run through the cloud security provider.

Managed firewalls typically provide for VLAN (Virtual Local Area Network) configurations which keep segments of the LAN separate from the rest of the network. For example security cameras and iOT devices are more easily hacked and there is no need for most employees to have access or even know these devices exist. So they are segregated into their own VLAN.  VLAN’s can also be used to segment departments / business units like accounting, engineering, staff etc, as separate networks altogether.

Make a Virtual Managed Firewall your first line of defense.

SBCS recommends supports several perimeter and cloud  manged firewall systems including Cisco umbrella, SonicWall, Untangle,  Uplevel, O365 (yes, O365 has Cloud firewall capability.)

Protect your Office, Cloud and Remote Workers with a Virtual Firewall like the low Cost High Functioning Untangle. – See Untangle Fire Wall Data Sheet.

Drawing the line that separates internal and external networks, Firewall filters traffic based on IP address, protocol and port, which enables administrators to designate which systems and services (HTTP, FTP, etc.) are publicly available.

Firewall can be run as a transparent bridge to complement a pre-existing firewall and allows you to control inbound and/or outbound access to specific IPs and ports.

Firewalls are a key component in safeguarding your business from malicious threats. Managed firewalls protect not only your “edge” devices, but your “cloud” perimeter “SaaS” and “Storage” areas.

Contact Us if you would like help getting a Managed Fire Wall to protect your network.