Category: Fresh Mango News

How a Microsoft Phone Scam nearly destroyed a business

How a Microsoft Phone Scam nearly destroyed a business

It was a normal day in Fresh Mango’s BVI office on Tortola when the telephone rang.

It was one of our clients based on the island of Virgin Gorda, and judging by the shouting they were not happy. 

It took a while for our technician to calm him down. Having eventually done so he was able to ask what the problem was. It turned out that the client had received a telephone call from Microsoft. The caller had advised that our client’s computer systems were not secure. They had not been kept up to date and they were in need of urgent security updates, or else our client was at risk of a cyber hack.

‘I mean, for goodness sake, I pay you a monthly retainer to manage my IT systems! What do I pay you for if you can’t do something as basic as updates!!!’

The Fresh Mango technician immediately recognised this for what it was (a Microsoft Phone Scam) but needed more information. 

‘When did they call you?’ He asked.

 

‘About half an hour ago’.

 

‘I see, and how did you leave it with them?’

 

‘I haven’t left it’ said the client. They are on the other line. They needed to access my computer to implement all of the necessary updates.

 

Now very worried, the Fresh Mango Technician asked ‘You mean you have given them access to your computer and they are on it now?’

 

‘Yes, of course’.

At this point our technician had no choice but to tell the client what was going on. ‘You need to disconnect your computer from the internet RIGHT NOW. You are being scammed and hacked.’

 

 

Silence on the other end of the line. Our technician imagined a penny dropping.

 

 

‘You, you mean it isn’t Microsoft?’

 

 

‘No, it’s a scam. Disconnect your device now and hang up the other line to the caller. 

Then confirm to me when you have done so.

A few moments later the client confirmed all had been disconnected.

Our technician then advised he would catch the next ferry to Virgin Gorda and would need to conduct a complete security sweep of the client’s systems.

Epilogue

The ‘Microsoft’ caller had installed key logging software and monitoring software on the client’s systems. Fortunately the hadn’t been able to access financial data or client data since we had that locked down.

A couple of months later I bumped into the client in a local bar. He was most grateful for what we had done, he realised that his business could have been severely compromised financially.

 

‘No problem’ I said. ‘That’s what you pay us for.’

Postscript

Never act on a call from someone claiming to be from Microsoft (or any other company for that matter). Ask them for a reference number and tell them you will call them back. Do not call any number the caller provides (!) – use the number on the website for the company. Or call Fresh Mango.

 

And, for the record, we conduct monthly security patching (as well as emergency patches) for all our retainer clients, diligently.

Why Cyber Essentials has a positive impact for SMEs

Fresh Mango Technologies has been assisting companies in achieving Cyber Essentials accreditation for several years now.

We were recently asked if we could provide examples of how CE accreditation has benefitted clients who we have assisted. Great question! A simple way to find out – we asked them! We’re pleased to share some of their answers below.

Why Cyber Essentials? Client 1 - Move to a Better Solution

A customer prior to achieving CE accreditation had 3 on-premises servers and separate MDM software for mobile devices.

 

Undertaking CE allowed a better solution to be proposed, Intune. This removed the requirement for 3 servers and a separate MDM software, bringing it all into one place.

 

KISS, “Keep It Simple Security”. The importance of simplicity in security measures to make them more effective and easier to manage was achieved by implementing Cyber Essentials.

Client 2 - Upgrading Hardware

Prior to implementing CE, this customer was using basic and unsupported networking equipment.

 

This was upgraded to meet the CE specification and provide constant resilience to provide daily protection from threats before and within the network.

Why Cyber Essentials? Client 3 - Implementing Secure Configuration

Before implementing Cyber Essentials, this customer was using shared accounts and no multi-factor authentication.

 

Subsequently, as part of the CE accreditation, all accounts and permissions were separated out, and multi-factor authentication was enabled.

 

This ensures constant resilience by reducing the threat landscape as no shared accounts, and correct file permissions will always be in place and reduce the risk of unauthorised access.

Client 4 - Compliance with Contracts

Cyber Essentials helps businesses see the importance of cybersecurity and how It affects all their stakeholders, not just themselves.

 

It demonstrates how important it is to have secure systems to protect other people’s data and systems.

 

Increasingly procurement departments are requiring CE accreditation from suppliers. This is because they know that CE helps identify companies who understand how resilience with cyber security is key to successful operations, not just a small add-on.

So there you have it – straight from the horse’s mouth! So, now that you’ve seen how Cyber Essentials has benefitted some of our clients, isn’t it time to get your business CE accredited?

 

Contact Fresh Mango today to commence your CE journey. 

How professional IT Support improves your cyber security

A couple of years ago we were contacted by a local business that we had never dealt with before. They wanted us to take a look at their IT systems because they had been the victims of a cyber attack. 

 

Sure, no problem.

So we visited their site and the story was simple – someone had changed the bank account details in their accounting package for their largest suppliers. So when automatic scheduled monthly payments were made, they did not go to the suppliers, but to a single account that was clearly controlled by whoever had made the changes.

The company did not have anybody managing their IT professionally, and the evidence and consequences of this quickly became apparent.

The most immediately obvious (and concerning) issue was the use of a USB drive. They ran their business using third party software. They suspected that one of the PCs in their accounts department had been hacked, so they had isolated it from the network (good). Unfortunately, on advice from their third-party software supplier, they had copied essential data from that PC, via a USB stick, to other PCs that were on their network. It simply did not occur to them that they could be spreading malware by doing this (and shame on the third-party supplier for their ‘advice’!)

What happened?

We conducted a forensic investigation and we found that there had indeed been a hack. However, it could have been stopped in its tracks had the most basic IT precautions been in place. This is what happened:

An email with an ‘invoice’ attachment was sent to the client’s generic email address, with the message ‘please forward to the accounts department’. The recipient forwarded it. First opportunity to avoid the hack missed.

4 people had access to the accounts@ email address. By chance only 1 person was in that day. She opened the email and attempted to download the attachment. Nothing happened, the attachment would not download. She thought no more about it and left the office at the normal time. Second opportunity to avoid the hack missed.

That evening, the hackers accessed the accounts dept PC remotely. The ‘invoice’ was in fact remote access software that had been installed when the lady in accounts attempted to download it. NB – had the principle of least privilege been applied to all PCs on the network, the software would likely not have been downloaded. Third opportunity to avoid the hack missed. Furthermore, the company did not have a commercial anti-virus software installed, again this would likely have detected the malware. Fourth opportunity to avoid the hack missed.

Since the PC had Administrative rights, the hackers then discovered they could access the server and the accountancy software package, neither of which were password protected. Fifth and sixth opportunities to avoid the hack missed.

The hackers spent just under an hour on the client’s systems, during which time they changed the bank account details for the largest suppliers. They then logged off and waited for the money to roll in, which it duly did at the end of the month.

So, the story shows how just the most basic of professional IT support can help to avoid cyber attacks. The above scenario would be avoided with a professional IT support company implementing the following:

  • Basic user awareness training
  • Principle of least privilege
  • No administrative access for any staff
  • Strong passwords implemented for all systems and software
  • Two-factor authentication on critical systems eg Accounting software
  • A professional anti-virus solution in place

So, the moral of the story is simple – ensure you have professional IT Support in place for your business and you will go a long way to improving your cyber security. 

What happened in the end

If you’ve read this far you’re probably keen to know what happened. Well, we conducted a forensic cyber analysis and handed it to the police. With our evidence, they found and successfully prosecuted the hackers, and all but £9k of the funds stolen (which were in excess of £100k) was recovered. A happy ending in the circumstances, but I’m sure you would agree best to avoid it in the first place!

My first home computer

The Atari 800

This is my latest blog piece delving into nostalgia of how IT was an integral part of my youth and upbringing.

This time I’m writing about my first ever home PC. With the advent of home computers such as the Commodore 64, Apple II and Spectrum ZX-81, the home PC market was created and began to gain traction in the late 1970s and early 1980s.

Atari recognised, rightly, that while these gadgets in the home could be useful for balancing chequebooks, keeping recipes or perhaps writing letters, one of the big uses was going to be computer games. As they were then masters of the computer game business with their 2600 console (which I wrote about here), they decided to build two computers? One could take on the Apple II, but also plug and play cool cartridge games (the Atari 800). The other, a cheaper model, could be marketed as a games machine but could also be used as a real computer (the Atari 400).

Atari 800

So I asked for – and was kindly given – a birthday present of an Atari 800 home computer. It had a ground-breaking 48k of memory (yes that is a k, not an M or a G!). It had a standard QWERTY keyboard with 62 full-travel keys and 4 special keys to the right of the keyboard.

It was easily one of the best-looking models available. It also stood out amongst the other computer offerings of the day with its graphics and sound capabilities. It was capable of producing up to 256 colours. It’s fair to say that in the Atari 800 was in another league compared with any of the competitor models available at the time. Like all home computers of that time, it could be attached to a TV, but uniquely it could also be attached to a high-resolution monitor.

So what did I do with the Atari 800? Well I didn’t play games on it (I had the Atari 2600 for that!). I actually learned to program on it, in the BASIC computing language. This stood me in good stead when I subsequently studied computing studies and took an ‘O’ level in the subject (to younger readers that’s like a GCSE).

Unfortunately for Atari, they got themselves caught in a strategic dilemma in the 1980s, trying to be both game company and home PC company. Ultimately this was to be their downfall, but that’s another story. So there weren’t many Atari home PCs after the 800.

As I sit here writing this blog on a Dell laptop with 64GB of RAM, it’s almost unfathomable that I could ever have written programs on a home PC with 48k of memory. But I did, and one of them carried me through my ‘O’ levels as well as school tests.

 

So there you have it, my favourite computer of all time, the Atari 800.

Atari Game Console

The 'Game changing' Atari Game Console

I’m continuing my theme from last month of influences on me which resulted in a career in Information Technology and computing. This month – the Atari Game Console.

I still remember the feeling of awe when I first heard about the Atari Game Console as a child. It was simply unbelievable!

 

I was playing the state-of-the-art tennis game on my TV – people of a certain age may remember it as ‘Pong’. You plugged the console into your TV and it allowed one or two players to move a ‘bat’ up and down, to ‘hit’ a ball that was bouncing horizontally across the screen.

 

For anyone who doesn’t remember, there is a Youtube link below that demonstrates it.

This was as good as home video games got in the early 1980’s!

 

Then a friend of my parents visited us, saw me playing ‘Pong’ and told me all about the new games that were coming out. He described being able to control a small biplane and shoot at another biplane on screen.

 

For a nascent teenager who was into ‘gaming’ it was mind-blowing!

Before too long I got to hear all about it – it was called Atari and it wasn’t limited to just one game – there were hundreds! You simply plugged in the relevant game cartridge and away you went.

 

The true genius of the Atari game console was that it recreated arcade games in your own home. I was fortunate to receive one for Christmas, and of course, all my friends, and friends of my parents in the older generation, were all completely hooked.

 

There is an interesting Youtube video below on the evolution of the Atari Game console.

I don’t recall all of the games I had, but I think it’s safe to say my favourites were the ones I still remember today:

 

  • Space Invaders (of course!)
  • Defender

 

Clearly some love of science fiction was already built in (I was in the Star Wars generation after all!)

So there you have it. The Atari Game Console was an early indicator of where my eventual career would lie. By modern standards of course the games look  remarkably primitive. Yet I think there is an innocent purity to them. The game designers achieved amazing results with very limited computing power, and they deserve great credit for that.

 

I hope you’ve enjoyed this trip down memory lane. Next month, another Atari….

 

Guy Phoenix

How long have you been in IT?

I’m often asked if I’ve been in IT all my life. In terms of career roles, the answer is ‘no’ since I’ve been fortunate to hold a variety of positions in the companies I’ve worked for and owned.

 

But I thought about the question a bit more recently and realised that I’ve had an interest in electronics/IT/computers for as long as I can remember. I can still remember the surprise (or was it exasperation?!) on my parent’s faces when they asked me what I would like for my birthday, and I told them I would like one of the new electronic calculators that had just come out.

 

I was 7 years old!

 

I’ve turned the house upside down but can’t find that original calculator. I was able to unearth a picture of one like it and attach it here. It’s interesting to see that calculators haven’t actually changed that much, so it was amazingly ahead of its time.

 

So there you have it, my new answer to the question of ‘how long have you been in IT’ will be ‘as long as I can remember’!

 

IT all my life

 

Guy Phoenix is the Managing Director of Fresh Mango Technologies and Their sister company in the British Virgin Islands.

Going to the Dentist

Your IT Team - like your Dentist only without the pain

What on earth is he on about in this blog? What has dentistry got to do with IT or computers? He’s obviously still in the ‘Christmas Spirit’…

 

Well maybe (although in my defence I first thought about writing this in early December, just didn’t get the chance. That’s my story and I’m sticking to it…)

 

OK bear with me here. Try to remember the last time you had to go to the dentist – not for a check-up and clean – but because you were in pain. If you’re anything like me you would have put up with it for a while, in the delusional belief that it will somehow go away all on its own. But it doesn’t, it gets worse and at some point, the pain reaches a tipping point and you finally make an appointment to see the dentist.

 

You get there, explain the problem and they take a look. They identify the offending tooth/teeth and take appropriate action to resolve it.

 

The relief! Suddenly this constant pain that you have been living with has instantly gone!You leave the dentist walking on air, feeling like you’re ten years younger.

 

Drive home, an hour later you’ve pretty much forgotten all about it and are back to dealing with whatever matters you have to deal with in your everyday life or job. Certainly, within a couple of days, the whole thing is a distant memory.

 

Now remember the last time you’re email didn’t work. Or your printer. Sod’s law guarantees that they stopped working at the worst possible time. You need to get an email to your client within the next hour. You’re trying to print a document that you need before heading out of the door to a meeting. Arrgh!

 

Believe me, even though I work in IT I still experience these same frustrations. The simple fact is that computers and their systems sometimes go wrong. And just like your toothache, it’s painful and incredibly inconvenient.

 

So you ring one of the Tech guys at Fresh Mango. They fix your email or printer, and you’re back in business (literally). The only difference with the dentist is that you have almost certainly forgotten the issue within a matter of minutes. After all, we’re all incredibly busy.

 

What’s the point of this blog? Well, there isn’t one really, other than to spare a thought for the IT Technician who just fixed your email or printer.

 

Remember he or she is doing this all day long for people just like you. And just like your dentist, they’re helping you get on with your life as efficiently as possible. Yes, it’s their job, but believe me a simple ‘thank you’ goes a long way to making their day that little bit better as well.

 

Wishing you a Happy New Year and a prosperous 2024!

The importance of cyber awareness aka cyber hygiene

From the outset I want to be very clear. ‘Cyber awareness’ doesn’t mean being aware that there are cyber risks, or that there are hackers ‘out there’.

 

It means being aware of what those actual risks entail. It means being aware of the methods (or vectors) that attackers use to gain access to IT systems. It means knowing how to avoid successful hacks. It means knowing what to do in the event of a breach.

 

But most of all, the absolute number one thing to understand, is that there is no technical solution that can guarantee 100% IT/cyber security. That’s because hackers don’t always look for technical weaknesses. They look for – in fact rely upon – human fallibility.

 

The cyber media conducts annual surveys of cyber threats and attacks and consistently finds that 4 out of 5 successful cyber attacks can be traced back to poor cyber hygiene from internal staff.

 

Believe it or not, your staff can inadvertently allow or help hackers to gain access to your systems.

 

 

That’s why Cyber Awareness (or Cyber Hygiene) for all computer users in an organisation is of paramount importance. It needs to be deployed alongside technical measures. This combination represents the most powerful cyber security defence.

 

Fresh Mango Technologies provides cyber-awareness training to staff in companies across the UK, USA and Caribbean.

 

What to expect from Cyber Awareness Training

Fresh Mango’s Cyber Awareness Training covers all of the areas described above. These include:

 

  • Phishing
  • Passwords and Authentication
  • Responding to a Cyber Attack
  • Staying safe online
  • Reporting cybercrime
  • Malware Attack
  • Protecting your business from cyber attacks
  • Safe Device use
  • Whaling Attack
  • Handling data

 

Cyber hygiene training opens eyes to the threats that are out there; not just in emails, but on Facebook, websites, LinkedIn, pretty much anywhere online! Cyber hygiene refers to how you and your staff conduct yourselves from an online perspective.

 

So, it’s not just about IT usage within your business, but also an individual’s overall approach to internet usage and your internal policies and processes.

 

 

 

The Training event

 

The training can be conducted over Teams video or in person. It typically lasts 2 hours.

 

Provided by qualified and experienced instructors, our cyber awareness training is designed to provide more depth and detail than standard e-learning packages.

 

Our instructors share real-life experiences and examples of the latest cyber-attacks and threats. Current best practices and the best techniques for avoidance of cyber issues are discussed in detail. We’ll advise how to stay cyber-safe within the workplace and at home.

 

There is a test at the end and participants will be issued with certificates on completion of the training.

 

In Conclusion

 

Every organisation should take appropriate technical and procedural measures to ensure that you are as robust as possible against the cyber threat. Achieving Cyber Essentials accreditation is an excellent means of achieving this.

 

In tandem with these measures, regular (at least annual) cyber hygiene training will ensure everyone in your organisation understands what to look for and how to deal with it.

 

Top Three Cyber Security Tips

Cyber Security Tips

 

Cybersecurity is never out of the news these days. A day doesn’t go by without news of a company having a data breach or a threat from a new cyber Actor. With so much in the news, it can be quite overwhelming and difficult to know what to do.

 

So, herewith are our main Cyber Security Tips for maintaining the security of your IT systems:

 

  1. Ensure your server, network equipment and computers are updated with the latest versions of their operating software regularly. The best way of ensuring this is to engage professional IT support.
  2. Implement Two-factor authentication (TFA). Fresh Mango uses Duo TFA on all of our systems, and many of our customers have implemented TFA. The increases in security and peace of mind far outweigh any minor annoyances of having to go through an extra security step when accessing systems.
  3. Don’t fall for scams. It’s so easy to do so, especially when busy. The key issue to look out for is urgency. If you receive a phone call and it relates to anything financial or IT, and the caller is saying it’s an urgent issue, hang up. Call the actual business they claimed to be from (e.g. your bank) to verify. The same applies to emails. If in any doubt call your supplier on the number you have on your records to verify an invoice.

Please contact us to find out more about our cyber security services and to get more cyber security tips!

Cyber Security Tips

Did you forget your Microsoft 365 password?

Did you forget your Microsoft 365 password?

 

In these days of multiple logins, it’s all too easy to forget your password!

 

Here’s how to reset your Microsoft 365 password if you forget it.

Reset your password


If the password you typed is incorrect, you’ll see a message that says:

Your account or password is incorrect. If you don’t remember your password, reset it now.

 

Tip: We recommend following the steps below to resolve your password issues. If you already tried this but it didn’t work, use the Microsoft Sign In Helper tool.

 

1. Select Forgot password


If the Enter password window is still open select Forgot password?

(Or go directly to Reset password and enter the username name again for the account you’re trying to reset and select Next).

 

2. Verify your identity


For your protection, Microsoft must verify your identity before you can proceed with resetting your password.

 

How to verify your identity depends if you previously added security info to your account and if you can still access them. Select from the two options below.

 

Option 1: You received and can select a verification option

Select which option to send the verification code to.

Select Next.

 

Option 2: No verification options are given or you can no longer access any of the options

If you don’t see an option for where to send a code or you no longer have access to any of the verification options shown, you won’t be able to reset your password this way.

Tip: If these steps didn’t work, or you have other account sign-in issues, use the Microsoft Sign In Helper tool.

 

3. Get a verification code

Depending on the contact method you chose, retype the first part of the email address or the last four digits of the phone number hinted at in the previous window.

 

Select Get code.

 

Microsoft will send a verification code to the email or phone number you selected.

Go to the recovery phone or email where you expect to receive the code.

 

Tip: If you didn’t receive a message, check your junk folder or if you selected the phone option, make sure your phone has service and can receive texts, and verify your phone isn’t set up to block texts from unknown numbers.



4. Enter code and reset password


Paste or type the code you received and select Next.

 

Type your new password and select Next.

How Professional IT Support saves money

We’re often asked how professional IT Support saves money for businesses. Clearly, we believe it does (we would, wouldn’t we?!) and in this blog, we set out the reasons why.

 

If you’re reading this then it’s likely that you fall into one of two kinds of business. It could be that you don’t have any professional IT Support in your company, or it could be that you do and for whatever reason, you’re dissatisfied with it. Either way, the savings rationale that follows will apply to you.

 

Firstly, let’s think about your car (Stick with us!). Most modern-day cars have sophisticated engine management systems that pretty much make maintaining the car yourself impractical. So you take it to a garage to do the maintenance work, whenever the next service interval comes along.

 

Even if you have (say) a classic car that allows you to do the servicing yourself, you accept the need for servicing the car, right? Of course, you do. If you don’t maintain the car, its performance will degrade and eventually, it will let you down. You depend on your car. It cant let you down. It’s a no-brainer.

 

So, back to the point. Your business depends on your computer systems, however simple or sophisticated they may be. So why wouldn’t you maintain them? Why would you allow them to gradually degrade in performance, and inevitably let you down? Surely that’s a no-brainer too?

 

If you agree, you’ve understood the first reason why professional IT Support saves money for businesses. 

 

Efficiency

 

So now you’re getting your IT systems maintained professionally, how is it saving you money? Well, one word – efficiency. 

 

Professionally-maintained systems don’t go wrong very often. So that means all your employees can get on with their jobs. We have gotten IT out of the way, as it should be. It should be there to facilitate, not frustrate your business.

 

The other efficiency gains come from having IT Technicians readily available for any issues that may come up. Instead of potentially wasting hours trying to fix them yourself. A huge efficiency gain.

 

We put it like this: there are two aspects to how professional IT Support saves money for businesses.

 

  • The proactive maintenance that we conduct (patching, health checks and so on) to ensure everything is running smoothly

 

  • The reactive support that we provide, when you do need help with something.

 

So there you have it! Professional IT Support, thanks to efficiency savings in your business, more than pays for itself. 

 

If you would like to get in contact for a no-obligation consultancy on how Fresh Mango will help your business save money, please do so here.

Â