Cybercriminals commonly use phishing attacks to trick vulnerable users into giving away sensitive information. The latest threat of this kind targets LinkedIn users who use the Smart Links feature on the social media platform. This guide explains what you should know about the LinkedIn Smart Links phishing attacks and how to protect yourself. 

Basics of This Phishing Campaign

The email security research firm Cofense first uncovered this latest attack to hit LinkedIn. Cofense concluded that this campaign uses at least 80 Smart Links throughout 800 phishing messages. No matter which business or sector you work in, there’s a chance that you could fall victim to this campaign since Cofense reports that these criminals sent phishing pages to workers in the following industries:

• Construction
• Mining
• Healthcare
• Insurance
• Technology

The report points to workers in finance and manufacturing having higher volumes of phishing messages sent their way.

How Threat Actors Execute LinkedIn Smart Links Phishing Attacks

The cybercriminals who carry out this attack devise a plan consisting of a few phases. Below, we break down each phase and how it ultimately leads LinkedIn users to click on suspicious links that give hackers personal account credentials. 

Hackers Create or Hijack Business Accounts

The plan begins with threat actors using a LinkedIn business account to deceive vulnerable users. They either create a brand-new account or use an existing one that was stolen from a previous attack. Once the account is ready, they can use LinkedIn’s Sales Navigator service to send Smart Links to other users. 

This feature works great for benign use because it allows accounts to track how recipients interact with the message. Business leaders can use this to their advantage for pitching new products. However, hackers manipulate the links to steal information. 

Cybercriminals Send Phishing Messages

Using a business account under an actual LinkedIn domain, hackers can use the Smart Links feature to send phishing messages to vulnerable users. These messages aim to trick users by mimicking legitimate senders with content regarding the following:

• Hiring
• Payment
• Security notifications
• Important documents

The message contains a link that will send users to a malicious site. Once hackers get victims to click on these fake links, they can obtain their credentials.

Information Is Stolen

The primary goal of this phishing campaign is to steal Microsoft account credentials from a business’s LinkedIn account. Hackers can get this information once they get people to fall for their scam messages and click the link. Cybercriminals can continue with their attack once someone ends up on the credential-harvesting site. 

Rather than creating a new account, they can steal the information of other businesses and impersonate those brands. This increases the chance of getting more users to believe the phony messages. 

Keep Your Business Safe From Cyber Threats

Staying aware of emerging threats like the LinkedIn Smart Links phishing attacks can help you avoid malicious activity online. Help your business stay safe by contacting our experts for more tips on mitigating attacks. 

Used with permission from Article Aggregator

You can only make an online account with a username and password. The password manager tool in your web browser has an autocomplete function that quickly fills in your password field. This is handy but also makes you vulnerable to dangerous cyber activity. Learn why cybersecurity experts warn against using autocomplete for passwords and learn tips for protecting your account credentials.

Password Manager Programs Are Useful — But Turn Off Autocomplete

Websites that need a password to access the autocomplete feature use an embedded password manager program to do this. These apps make it easy to autofill passwords with just one click instead of having to remember a string of letters and numbers. Hackers who infiltrate a vulnerable website can set up an invisible login form. By using the autofill feature, your login credentials will appear on the hidden form, giving hackers your information without you even knowing.

Password management programs are worthwhile for many business websites. However, using autocomplete for passwords makes you vulnerable to malicious hackers. Turn off this function on your password manager for heightened cybersecurity.

Most Internet Users Lack Password Diversity

Think about how many tools and apps your business uses that are online. Each program needs a different login so your staff can access the account. But in the U.S., only 20% of Internet users make different passwords for each account.

Hackers can easily get into most of your accounts if you use the same password on different sites. When that happens, most of your private information is no longer safe.

Ad Networks Target Your Login Form Fields

Avoiding hackers is the main reason to avoid using autocomplete for passwords. However, there’s another group of Internet users you want protection from. Ad networks use the same techniques as hackers to get your information, but instead of doing something bad, they use it to send you more relevant ads.

If you type out text instead of using autocomplete, advertisers can’t use tracking tools to see your email address. Even though ad networks say they don’t store your password, there is always a chance that your information could be used in a dangerous way if it gets into the wrong hands.

Turn Off Autocomplete for Passwords to Protect Your Information

Experts say you don’t have to stop using a password manager in your business, but you should turn off automatic password inputs. Changing a few settings in your computer browser is all it takes.

Used with permission from Article Aggregator

Keeping up with the latest digital tools can be difficult. Technology keeps evolving with new ways to reach users and streamline processes. Why should you keep track of all these new developments?

With these important technology tools for improving your business, you can boost team productivity and drive your company forward. Discover which platforms are worth using in your business operations.

Social Media

No other tech tools have the global reach and influence social media sites do. Your business can connect with prospective customers throughout the world thanks to the many popular social media platforms that exist today, including:

• Facebook
• Instagram
• TikTok
• Snapchat 

You can create unique content to advertise your brand on these sites and interact directly with your customers. One great thing about the many social media sites is that you can experiment with different marketing strategies and develop a plan for success. Capitalize on various viral trends to introduce your brand to a niche audience.

Data Analytics

One of the most important technology tools for improving your business is the vast amount of data analytics programs available. These tools are excellent at sorting through large sets of data quickly. Data analytics programs save you time by presenting the big picture in a set of various data points, including:

• Page Views
• Organic Traffic
• Paid Traffic
• Conversion Rates

Business owners across multiple industries rely on these platforms to perfect their email marketing strategy, earn conversions, and grow their customer base. The impact data analytics programs have on improving business efficiency makes them worthwhile. 

Email Marketing Tools

Say someone purchases a product from your e-commerce site. To lure them back, you want to send a special promotion for previous customers. Email marketing tools allow you to reach thousands of customers at once.

You can automate your campaigns for easy communication with your customer base.

Cloud Computing

You’ll never have to worry about business interruptions or data breaches when you trust a cloud computing service to house much of your network’s infrastructure. Instead, you can focus on what matters. Prioritize your other projects when you transfer some of your IT operations to the cloud. 

Every business is different. You can decide whether a private, public, or hybrid cloud model is best for your company. Implementing any cloud service into your business can protect your data and simplify daily operations.

Task Management Tools

Running a business when you’re central to many different projects is overwhelming. Task management tools make juggling everything much easier. Their features help you stay organized by tracking:

• Project deadlines
• Assignments
• Overall progress among the team

Using a project management tool eliminates confusion, especially if you’re simultaneously working on several big tasks. Teams can come together and complete what they need to according to schedule.

Take Advantage of These Tools for Your Business

These important technology tools for improving your business can drive your organization forward. Watch for other emerging business technology tools to increase your productivity and performance.

Used with permission from Article Aggregator

Modern technology makes it much easier to operate a business. However, it can also cause major issues if you somehow lose access to critical data within your network. That’s why having a backup solution is important so all your data remains safe and readily accessible. 

Discover the crucial role of data backup and recovery in this helpful guide. 

Why Data Backup and Recovery Is Important

Say a major storm passes through the area and your company’s building floods. The flood ruins all of your computer hardware, and you cannot access necessary data from another location. 

You can do nothing to stop natural disasters, but you can minimize the business impacts. Backing up all your data securely means you can resume business operations even if you suddenly need to work remotely. 

Data backup and recovery are also necessary to protect your business from human error. Say you accidentally delete an important file that is a key part of your latest project—having no backup copy available forces you to delay your project and hurts productivity. 

Performing frequent backups makes recovery times much faster so you can continue routine business operations. Your productivity won’t suffer if you can easily access an external drive or cloud server that contains your files and data. 

How Often Should You Perform Data Backups?

Now that you understand the essential role of data backup and recovery, let’s discuss how often you need to back up your data. Technology experts urge every business leader to perform backups frequently. The longer you go without backing up your data, the longer your recovery time will be if the unexpected happens. 

Overcoming a natural disaster, accidental deletion, or system failure will be much simpler when you know you can easily access your data. For this reason, professionals recommend performing backups either daily or weekly. You can customize your schedule depending on how frequently your critical data changes. 

Data Backups Safeguard Your Business From Cyber Attacks

One of the most important reasons you need to back up all sensitive data is to protect your business from malicious activity. Cybercriminals can perform data breaches that significantly affect companies and their clients. It’s much easier to mitigate the damage when you have a backup copy of files to deploy. 

Business leaders and their employees should habitually back up important data if a cyberattack occurs. Other measures that experts recommend include:

• Using strong encryption methods
• Regularly updating software programs
• Using multi-factor authentication to prevent hackers from gaining unauthorized access
• Teaching employees the best cybersecurity practices

By protecting your data, you can avoid the dangers of cyberattacks. 

Protect Your Business 

Knowing the role of data backup and recovery can help you safeguard your business from physical and virtual threats. Counting on backup services can give you peace of mind regarding involuntary data loss.

Used with permission from Article Aggregator

Distributed Denial of Service (DDoS) attacks are severe cybersecurity threats that bring large amounts of traffic to a network. Hackers carry out these attacks to disrupt targeted users. Google is at the center of one of these online traffic jams, which is said to be the largest DDoS attack ever. The attack can have dire consequences for businesses around the world. 

Thankfully, Google and other industry peers stopped the threat with different protocols and a new patch. Below is a breakdown of what business owners should know about the DDoS attack that Google blocked. Learn how this threat came about and what you can do to protect your business. 

The Attack Is Significantly Larger Than Others Like It

According to Google, this DDoS attack is 7.5 times larger than the previous record-holder. The tech giant says that this attack, which began in August 2023, produced 398 million requests per second. By comparison, the second-largest attack on record garnered 46 million requests per second in 2022.

Aside from its sheer size, the attack has an alarming severity rating. It holds a Common Vulnerability Scoring System score of 7.5 out of 10 and poses major problems for Google and its customers. 

Threat Actors Use the Rapid Reset Technique  

How does one carry out such a substantial attack? Google claims that cybercriminals deployed what’s known as the Rapid Reset technique. This method involves manipulating the HTTP/2 protocol stack in the following ways:

• A cybercriminal opens a large number of streams at once.
• The number of requests in flight causes network disruptions.
• Instead of waiting for a response to each stream request, the bad actor immediately cancels the request.

The geographic distribution and types of unsecured services this DDoS attack has matches the Meris family of attacks. Those previous attacks are known for abusing insecure proxies. The latest attack features encrypted requests (HTTPS) that require outside computing resources. 

Google’s Popular Web Applications Are Targets

The main reason for a DDoS attack is to overflow traffic to a particular service or network so people can’t use it. What business owners should know about the DDoS attack that Google blocked is that many of their daily operations may not be possible if left unnoticed. The attackers targeted popular applications like Google’s cloud infrastructure and a range of other web services, such as:

• Gmail
• Google Docs
• Google Calendar
• Google Workspace

Experts say the best way to mitigate the threat is to investigate all servers that run HTTP/2 and apply Google’s new patch if vulnerable.

Stay Ahead of the Latest Cybersecurity Incidents

This post provides vital information regarding what business owners should know about the DDoS attack that Google blocked. Although Google and other industry leaders put an end to the attack, experts emphasize the importance of being proactive about cybersecurity. Reach out to our technology professionals for tips on boosting your cybersecurity and staying safe from hackers.

Used with permission from Article Aggregator