Blog

March 8th, 2015

You receive a notice that an email message you sent is undeliverable, but you know you did not send the original email. Or someone calls you and says they received a virus-infected email message from you, but you did not send an email messages to them. Could your computer have a virus? Could someone know your password and be sending email messages without your knowledge? What is going on?

This could actually be a case of “email spoofing”. Many computer viruses, spyware and malware spread via email. Once activated, they search the infected computer and send outbound virus-infected email to all the contact names and email addresses that are found in the Contact List, Inbox and/or Sent Items. However, just to be extra tricky, the virus substitutes one of the harvested email addresses for the sender’s display name and email address. This is called email “spoofing” and can make it appear that one person has an infected computer or sent an infected email message, when they really didn’t.

Let’s consider an example outside the world of computers. Imagine someone writes a nasty hand-written letter. They sign your name at the bottom of the letter along with writing your telephone number. And they write your name and home address or business address in the return address section on the outside of the envelope. They address the envelope to someone and they mail it at the Post office. That person receives the envelope in the mail and opens it. They don’t like the tone of your nasty letter and they call you to complain about it. And they later call the police about the threats you wrote. You say, “Hey, I never wrote that letter!”. The same thing can happen in the world of electronic mail. Someone can send an email message and make it “appear” as though it came from you, when it really didn’t.

So let’s say someone calls you and says they received a virus-infected email message from you, but you did not compose or send an email messages to them. Here is an example of what really might be going on:

  1. Person A has a computer and is not using a good antivirus program, or does not have current virus definitions, or is not following good security practices.
  2. Person A’s computer becomes infected with a virus. Both Person B and Person C have exchanged email messages with Person A in the past, and are in Person A’s contact list, or the prior email messages are still in the Inbox or Sent Items.
  3. When the virus executes on Person A’s computer, it finds the names and email addresses of Person B and Person C, along with dozens or hundreds of others. The virus secretly composes an email message with an infected attachment and inserts Person B’s name and email address into the “From” field of the infected outbound message. It adds Person C’s name to the “To” field of the message, and then sends the infected email message to Person C. It also sends hundreds of similar outbound infected email messages to everyone else in Person A’s contact list.
  4. Person C receives the virus infected email message, which appears to have been sent by Person A (because that is the display name and email address shown in the “From” field on the email message).
  5. Person C then contacts Person B and complains they sent him a virus-infected message.
  6. But when Person B scans their computer, the antivirus software does not find anything (as would be expected, because the computer is really not infected). It was actually Person A’s computer that sent the virus infected email message and falsely stamped the message as coming from Person B.

You receive a non-deliverable report (“NDR”) saying the message you sent to Person B was not deliverable. But you know you never sent any messages to Person B. Here is an example of what might be going on:

  1. Same example as above, Person A’s computer is infected with a virus.
  2. You and Person A previously communicated, and your name and email address are in their Contact List, Inbox or Sent Items.
  3. When their computer sends the outbound email addresses, your name and email addresses are randomly selected and inserted in the email message as the Sender.
  4. One of the email addresses in the contact list is no longer valid.
  5. When the email message is sent, it gets rejected by the recipient’s mail server because the email address is invalid.
  6. That mail server sends a non-deliverable message report (“NDR”) to the original sender of the message, which appears to be you.
  7. You receive the NDR reporting the message you sent was not deliverable (even though you personally never sent the original message, it just looked like you did).

Wolf Consulting provides multiple layers of protection to keep the computers and networks of our clients safe and secure from viruses, malware, spyware, etc. So if you ever receive a notice that an email message you sent was undeliverable but you did not send the original email, or if someone ever calls you and says they received a virus-infected email message from you but you did not send an email messages to them, you should think of Email Spoofing as the likley culprit. Someone else’s computer may be sending those messages and just making it appear as through you are the sender.

For more information about Email Spoofing or ways to protect your business from computer viruses, please contact us.

Topic Articles
June 24th, 2014

We wanted to know “What makes Wolf Consulting different?” so we decided to go straight to the source and ask our clients why they chose us. One common theme that came up in their responses was trust. Our clients see us as a trusted business partner because of reliability, proactive approach, caring, experience, knowledge, technology and tools, value and results. To view some client testimonials, please visit our Testimonials page. Here’s what one of our clients had to say:

Though we’re a smaller-size company, several years ago we went through a period of growth requiring a large investment in IT infrastructure that we felt justified having a full-time IT manager on staff. Once our systems were in place and running smoothly for a few years, we assumed they required little attention and allowed our IT manager to take a new job and work for us on a part-time/when-available basis. This arrangement worked for a time, but after a while the problems mounted. Security licenses expired and malware and viruses ran rampant. Server maintenance was neglected and we suffered frequent email outages. Workstations were crashing and being removed from service faster than they could be fixed. As the individual with overall management responsibility for IT, dealing with these issues on a daily basis fell on me. Instead of doing my real job, I was spending all of my time doing IT – a job I’m not qualified to do. We tried to fix some of these issues by replacing an aging server, but there were errors during the migration that left us completely out of commission for the better part of a week. Finally, I had enough and called Wolf Consulting.

The impact the Wolf team had on our organization was immediate and drastic. They fixed what was wrong, allowing our employees to have full days at work uninterrupted by computer downtime. They also identified severe problems with our equipment and data backup procedures and prevented us from having a system-wide catastrophe from which we might have been unable to recover. Wolf’s Comprehensive care program has been hugely effective in making sure that our system continues to operate without major issues. When those rare problems arise, the entire “Wolf Pack” is responsive, capable, and diligent in their follow-through. There are still plenty of things I worry about on my way to work each day, but our IT system is not one of them!

Michael U.
Managing Director
Professional Staffing Firm

Topic Articles
May 26th, 2014

We wanted to know “What makes Wolf Consulting different?” so we decided to go straight to the source and ask our clients why they chose us. One common theme that came up in their responses was trust. Our clients see us as a trusted business partner because of reliability, proactive approach, caring, experience, knowledge, technology and tools, value and results. To view some client testimonials, please visit our Testimonials page. Here’s what one of our clients had to say:

Wolf Consulting has proven to be a valuable partner for us from the very first day. Our previous IT company had not setup a backup solution for our data and they had not built in any redundancy on the server. To make things worse, our server crashed and we were unable to access any data. This put us in a very dangerous situation. Fortunately, Wolf Consulting was able to utilize their partner network to recover most of the data, expedited the purchase of a new server that was properly configured, and got us back up and running in a short period of time. With this type of on-going strategic planning, monitoring, management and support, I know we are in much better position today than we were prior to partnering with Wolf Consulting. I can, without reservation, recommend Wolf Consulting for all your IT management and support needs.

Dave P.
CFO
Medical Supplies and Equipment Company

Topic Articles
May 6th, 2014

Wolf Consulting, Inc. has been named to Nine Lives Media’s MSPmentor 200 North America Edition for 2014, an annual list identifying North America’s top 200 managed service providers (MSPs). MSP’s are firms that provide a variety of computer networking and Information Technology consulting services and proactive support services to keep the computer networks of their client organizations running smoothly.

“It is an honor to have been selected for this award and to be recognized in the MSPmentor Top 200.” said Lloyd Wolf, President and CEO of Wolf Consulting, Inc. “It validates our team members, our management tools, our proactive approach and the effort we have put in to provide the highest level of network management, service and support for our clients – so they get the best results from their Information Technology.”

The MSPmentor 200 North America Edition is based on data from MSPmentor’s national and global surveys, conducted October – December 2013. The MSPmentor 200 North America Edition recognizes top managed service providers based on a broad range of criteria and performance metrics. “Nine Lives Media and MSPmentor congratulate Wolf Consulting Inc. for its leadership position in North America,” said Amy Katz, President of Nine Lives Media, a division of Penton Media. “Qualifying for our MSPmentor 200 North America Edition puts Wolf Consulting, Inc. in rare company.”

Wolf Consulting, Inc. is one of only seven Pennsylvania-based companies to achieve this nationwide honor, and the only firm that is locally owned and operated in the Greater Pittsburgh Area to be named to the list for three years in a row. All of the honorees on the MSPmentor 500 Global Edition list and the MSPmentor 200 North America Edition list can be found by visiting http://www.mspmentor.net/top501.

MSPmentor, produced by Nine Lives Media, is the ultimate guide to managed services. MSPmentor features the industry’s top-ranked blog, research, webcasts and videos. It is the number one online media destination for managed service providers in the world.

About Wolf Consulting, Inc.
Wolf Consulting, Inc. provides computer networking, custom software development, and IT consulting services to small & mid-size businesses in the Greater Pittsburgh area. The firm has been in business for 25 years, and is headquartered in Murrysville, PA. For more information, visit www.WolfConsulting.com.

About Nine Lives Media
Nine Lives Media, a division of Penton Media, defines emerging IT media markets and challenges established IT media markets. The company’s IT channel-centric online communities include MSPmentor, The VAR Guy, Talkin’ Cloud, VARtweet and MSPtweet. For more information, visit www.NineLivesMediaInc.com.

Topic Articles
May 2nd, 2014

We wanted to know “What makes Wolf Consulting different?” so we decided to go straight to the source and ask our clients why they chose us. One common theme that came up in their responses was trust. Our clients see us as a trusted business partner because of reliability, proactive approach, caring, experience, knowledge, technology and tools, value and results. To view some client testimonials, please visit our Testimonials page. Here’s what one of our clients had to say:

We use the staff at Wolf Consulting to augment our small internal IT team. Their WolfTrack system and network management tools help us monitor and manage our geographically distributed computer systems. Knowing that workstation security patching is being done consistently and correctly is a huge benefit for us. They manage the renewals and maintenance subscriptions for our software licenses. The team at Wolf also provides expertise for our strategic planning and our bigger projects – such as server migrations. We consider the Wolf team to be one of the pillars of our internal team. They are great!

Kurt H.
Director of IT
Healthcare Service Provider

Topic Articles
April 9th, 2014

We wanted to know “What makes Wolf Consulting different?” so we decided to go straight to the source and ask our clients why they chose us. One common theme that came up in their responses was trust. Our clients see us as a trusted business partner because of reliability, proactive approach, caring, experience, knowledge, technology and tools, value and results. To view some client testimonials, please visit our Testimonials page. Here’s what one of our clients had to say:

We had used other computer support firms in the past, but were never satisfied with the results that we got. When I talked with the folks at Wolf Consulting in early 2012, I told them that I wanted reliable computer systems and dependable support, provided for a predicable monthly fee. I also said that I wanted to stop spending so much of my personal time dealing with computer issues and babysitting our outsourced IT support firm. I told them that I questioned, based on my past experiences, if what I wanted even existed?

Wolf Consulting said that it did exist, and they could provide it. We checked all of the references provided by all of the support firms we were interviewing. Every single company we spoke with said they were extremely satisfied with the service and support from Wolf Consulting. We decided to make the switch, and we haven’t look back. I can honestly say that Wolf Consulting has definitely delivered on their promises to us. They provide fast, friendly and reliable support. Our computer systems run well. Any support needs that arise are promptly handled. And best of all, I no longer spent my time dealing with IT support issues – everything just works. I highly recommend the team at Wolf Consulting to other small and mid-sized organizations looking for great results from their computer support.

Bob R.
Director of Finance
Non-profit organization focusing on early childhood development

February 24th, 2014

We wanted to know “What makes Wolf Consulting different?” so we decided to go straight to the source and ask our clients why they chose us. One common theme that came up in their responses was trust. Our clients see us as a trusted business partner because of reliability, proactive approach, caring, experience, knowledge, technology and tools, value and results. To view some client testimonials, please visit our Testimonials page. Here’s what one of our clients had to say:

Wolf Consulting is the perfect IT solution for any medical practice incorporating an Electronic Medical Record system. Our office installed an EMR system several years ago, and the team at Wolf Consulting was instrumental in setting up our server and our network. They worked closely with our EMR vendor to make sure the installation was “glitch-free” and set up protocols to ensure that our network was secure and HIPAA-compliant. Since then, they have actively monitored, maintained and supported our system to keep it operating at peak performance. Having an EMR means that IT is “mission critical” and the engineers and team at Wolf Consulting demonstrate their understanding of that every time we interact. Great people; great company; great service!

Bob H.
Practice Administrator
Medical Practice

Topic Articles
January 31st, 2014

We wanted to know “What makes Wolf Consulting different?” so we decided to go straight to the source and ask our clients why they chose us. One common theme that came up in their responses was trust. Our clients see us as a trusted business partner because of reliability, proactive approach, caring, experience, knowledge, technology and tools, value and results. To view some client testimonials, please visit our Testimonials page. Here’s what one of our clients had to say:

We started working with Wolf Consulting over 10 years ago for software development services for our custom database program. We had another company at the time for other IT support. We struggled with our computers and network for many years. Finally, we switched to Wolf Consulting for all of our computer and technology needs.

We wish we had switched 10 years ago! Their service has been superior. They are speedy, efficient and thorough. We especially appreciate the fact that they monitor all of our systems and work on problems before they become critical issues. All of their suggestions have been in our best interest. Everyone at the company is pleasant and extremely helpful. It is so nice to be able not to worry about any IT issues and concentrate on our business. I highly recommend Wolf Consulting!

Sherry K.
President
Landscape contractor and tree nursery

Topic Articles
December 26th, 2013

We wanted to know “What makes Wolf Consulting different?” so we decided to go straight to the source and ask our clients why they chose us. One common theme that came up in their responses was trust. Our clients see us as a trusted business partner because of reliability, proactive approach, caring, experience, knowledge, technology and tools, value and results. To view some client testimonials, please visit our Testimonials page. Here’s what one of our clients had to say:

Wolf Consulting has been a great IT partner for advancing my company to the next level. From my initial meeting with them, they made it clear that client satisfaction is a top priority in their business. The Wolf team really listens to my business needs, identifies options, and explains to me in easy to understand language what each option means. They effectively walk me from IT strategy to solution implementation with all my IT needs. Their responsiveness, positive atmosphere, and knowledgeable staff solidify them as a partner, not just a supplier, to my organization.

Julie W.
Director of Finance and Business Services
Provider of regulatory affairs and quality assurance expertise to medical device organizations

Topic Articles
June 6th, 2013

bigstock-Many-sticky-notes-with-the-pas-17121671There are numerous password threats or tools used to coerce company employees into giving up their password, either knowingly or unknowingly. Hackers wishing to gain access into an account will use a variety of methods including phishing, guessing, shoulder surfing, a dictionary attack or keystroke logging. Each one of these methods is used as a way to capture a password and gain access to company information. It is essential for every employee to minimize their exposure to each one of these threats, which can be defined by:

  • Phishing –This threat often appears as an impostor email that is used to trick an employee into entering a unique username along with the password. It usually appears as a link to a website that poses to be a legitimate, financial service account, payment processor, or auction site. Typically, an employee will type in confidential information to the bogus site without realizing it is not legitimate.
  • Guessing –Human behavior is a funny thing, as it is so often predictable. Without strict company policies firmly in place, an employee will likely create an extensive list of very simple passwords that can be easily guessed. Many passwords are often used by employees including “password”, “passcode”,“12345”, “qwerty”, “admin”, or any row of letters directly off of the keyboard. It might also include names, dates, birth years, or any combination of these choices. Guessing is extremely easy for an online hacker, who understands the predictability of human behavior.
  • Shoulder Surfing –Anytime an employee is out in a public area including the airport, library, café, restaurant, or mass transit, it is easy for others to look over their shoulders and do “shoulder surfing”. By watching the employee type in their password, it is easy to steal this valuable information to gain access to a company account. Even if the employee is not logging in to a company account, they most likely use the same password for their private accounts as they do for the ones at the office.
  • Dictionary Attacks –Using a specialized software program, online cyber-thieves can let their computers easily guess employee passwords by trying every word in a dictionary, along with unlimited combinations of words, and numbers, symbols, and signs.
  • Keystroke Logging –There is an endless variety of Trojan horses, programs and viruses that can instantly, and serendipitously, install themselves onto any computer at the office or at home. These effective programs can easily capture and communicate exactly the type of keystrokes we make while logging on to accounts online. Almost instantly, the keystroke logging software program will send information of exactly what words are used for user ID, followed by the exact typing of a password, passphrase, or password combination.

Great Password Practices

When employees take a proactive approach at safeguarding passwords to deter others from gaining access into company accounts, they can always follow these three great password practices, which include:

  • Guard against Phishing – Never click on a link in an email. Instead, go directly to the company website and login to your account at their location.
  • Guard against Guessing and Dictionary Attacks – Create passwords that are at least eight characters long that include uppercase, lowercase, numbers, and symbols which cannot be easily guessed.
  • Guard One Account from another – Create a unique password for every account. If the hacker gains access to one of your accounts, they will not have access to any others.

Although it is up to the company (with the aid of their IT manager or IT consultant) to direct employees on the best practices and procedures for developing effective passwords and passphrases, it is the responsibility of EVERY employee to safeguard critical, confidential information. By using a password manager and two-factor authentication, companies can minimize the potential for online attacks, while safeguarding their vital data. As an example, Wolf Consulting, Inc. recently implemented the AuthAnvil password manager and two-factor authentication technologies from Scorpion Software.

Which brings us back around to the big question: How many passwords fit on a single sticky note?

The answer is… Zero.

Probably the easiest way for a hacker to gain access into a company account is to watch the employee at their desk. Many employees at their desk often leave their passwords on sticky notes in plain sight of any passerby. Even the ones that do not use sticky notes tend to find common things in their environment at work to create their unique password. An example might be “pottedplant123”. By writing down any password and leaving the information around the employee’s desk, or choosing a password based on something within plain sight, is an easy way to put the company at risk of being hacked from the inside.

If you are looking for help with password policies, practices or technologies, please contact us today to see how we can help.

Published with permission from Dana Epp and Scorpion Software.

Topic Articles