How to protect against PayPal and Bank account Phishing emails

We noticed unusual activity in your PayPal account

A typical email you may receive from a rogue PayPal or bank email.

Yes it’s pathetic but don’t be caught out.

  • My real name is not shown in the email message
  • The URI “secureupdate.com” is not PayPal
  • The “Click here” link goes to a redirect pointing to a rogue PayPal loin page
  • They can’t even be bothered to use the correct PayPal logo

Solution

Always delete these emails and don’t click on anything. If you are need to, then go to your PayPal account and login to see if you have any messages – simples!

A security breach caused this.

The “Click here” link goes to a domain “parkwoodcondos.com” which appears to no longer being used, this is then redirected to the rogue PayPal login site. It is most likely that an old version of WordPress has been breached to force the redirect, this makes it easy to change the target rouge domain at any time.

Solution

As it is difficult to remove ALL the version numbers from the web page using plug-ins please ensure your WordPress website is up-to-date and WordPress is configured to “Auto Update”.

Make sure to delete all unwanted WordPress installations.

If a WordPress security alert is announced then you need to check the version and manually update your site if needed.

The Security Risks of Cloud Services

The Cloud

It’s been a while since we looked at the security benefits so it’s time to move on to the security risks of cloud services.

Of course we need to understand that all businesses have a risk appetite which is generally compensated by business opportunity or perhaps wanting to move the risks to a more secure environment. I suggest that any company wishing to use a Cloud Provider for their sensitive or confidential data perform a risk assessment prior to making that commitment and being sure to select a suitable Cloud Provider; I am here to help you with this!

Loss of Control

By using a cloud provider you are losing your security governance which may affect the security or the credibility of your business.

If your company has invested heavily in security related certifications e.g. ISO27001 or PCI DSS then the scope of your information management system (ISMS) will have changed and it might be expected that the cloud provider must provide similar security controls. Service Level Agreements (SLAs) could be put in place but it is difficult for a Cloud Provider to be “all things to all people” whereby the cloud provider will find it difficult or impossible to make commitments to all their clients through SLAs.

The cloud provider may use outsourced services from third party suppliers who are unknown to you which could be a competitor or demographically located outside your preferred supplier areas of operation.

Data Portability. Vendor Lock-in

Cloud Providers need to provide the tools to port data freely to other Cloud Providers and in-house systems. There are presently no standards for data file structures and this can make it extremely difficult for a customer to change providers; of course this suits the Cloud Provider by locking-in customers which may seriously affect the availability of your information.

(Wikipedia) About vendor lock-in

Certification

Perhaps your company is aiming to achieve ISO27001 or Cyber Essentials certification and some security controls belong with the cloud provider, in this case the cloud provider will need to offer evidence of their compliance to the controls. This could become an issue when the cloud provider is unwilling to permit a customer audit or cannot provide any evidence of their compliance.

Remote Access

When access to cloud providers is from a web browser connected to the internet this in itself is a risk, whereby anyone on the internet can try to breach your account with your password and username.
These is a serious risk when using the public cloud providers to support critical or sensitive data and under these cases a private cloud provider may be preferred.

Data Protection

As a cloud customer you may find it difficult to effectively check data handling procedures and processes to ensure the data is managed in a lawful manner and it is not contravening the data protection act. The cloud provider would need to show their data handling practices including evidence of where the customer’s data is stored, transported and replicated.

Shared Resources

Multi-tenancy with shared resources are fundamental attributes of the cloud which may lead to attackers trying to breach the cloud’s hypervisor.

(wikipedia) About Hypervisor

Although this is quite difficult to achieve, if the hypervisor is breached the attacker could get access to confidential and sensitive data from multiple cloud clients using guest-hopping attack practices gaining easy access to many clients’ data.

Shared resources also present an issue with the security or incompleteness of data deletion where multiple customer’s data resides on the same hardware.

Malicious Insiders

Although at this time this is a minimal risk, as cloud services grow the risk of malicious acts caused by employees will also grow.

Cloud provider employees are also likely to become unintentional targets of criminal elements particularly where the provider specializes in high-reward sectors for the criminal such as finance and healthcare.

Next time we’ll look at how questions which can be asked of a cloud provider to help mitigate the risks identified in this blog.

Security and Cloud Services – The Benefits

Over the coming weeks I bring to you a series of blogs which will hopefully make your decision making process more productive and help mitigate the security risks associated when using cloud providers.

We start with the security benefits of using the cloud, leading onto the risks and how great these risks are, next are tips for SMEs to help them select a suitable cloud provider.

Things get a bit harder from now on and subsequent blogs will be aimed at procurement departments interested in procuring cloud services.

Key cloud security vulnerabilities are examined followed by the information assurance requirements for the supply chain, personnel, operations, access management, asset management, portability, business continuity, physical and environmental security and finishing off with the important legal stuff.

This wiki article is a good reference about Cloud Computing.

Six security benefits of using the cloud service “Software-as-a-Service (SaaS)”

1 – Benefits of Scale

Large infrastructure

There’s a fair chance that a cloud provider actually has a larger IT infrastructure than your own and therefore security measures are also implemented on a larger scale which means that the security measures are more cost effective than doing it yourself or outsourcing to an IT company.

Larger infrastructure brings economies of scale which reduces the overall cost for security thus allowing a larger investment than is possible for many companies.

Multiple locations

Cloud providers should have multiple locations which provides much greater network resilience through replication and in this turn reduces the risk of long outage times following a breach.

2 – Incident Management

A major issue for small companies is how they recognise and respond to security incidents. To start, a security incident is usually recognised when it is too late, the IT support needs to be called, the machines are removed from service and disinfected, the “cleaned” machines are then returned to service.

This raises several concerns for in-house IT solutions which should not apply to cloud services.

  1. The lack of security event logging and reporting to recognise security incidents at an early stage.
  2. The actual time taken to get IT support.
  3. Business continuity issues while the machines are being cleaned and brought back into service.
  4. Security breaches need specialists to deal with these incidents rather than IT generalists to ensure that the vulnerabilities of these machines are mitigated through correct re-configuration, otherwise the breach will most likely reoccur.
  5. The lack of security awareness within the company can also lead to breaches when further incidences occur.

3 – Cyber insurance

Most SMEs in the UK are not covered by cyber security insurance. To accommodate insurance companies’ requirements, security controls need to be put in place to reduce premiums, which smaller companies may find tedious and expensive to implement. The use of cloud services may reduce your insurance premiums if a reputable cloud provider is carefully selected.

4 – Security Conscious Cloud Providers

The cloud providers are in a highly competitive industry and their reputation is at stake if a security breach occurs, therefore it is in the cloud providers’ interest to use security as a market driver to retain and attract more customers.

5 – Scaling of Resources

As your business grows more features may be needed, these new features are implemented by subscribing to a higher feature pack and consequently security issues relating to these new features are readily taken into account.

In the event of a security incident such as a denial of service attack is the ability to rapidly dynamically reallocate customer resources to safety thus dramatically reducing periods of customer outage.

6 – Software Patches and Updates

Pre-tested patches and updates are centrally managed which are therefore are more likely to be rolled out faster and more regularly than on client based systems, thus the window of vulnerability is minimised.

Next time – The Security Risks of Cloud Services