MicroData Re-appointed as Microsoft Educational Partner

I’m pleased to announce MicroData’s re-appointment for the 19th straight year as a Microsoft Education Partner.

To be a MEP requires that an organization demonstrate technical expertise in Microsoft technologies by appointment as a Microsoft Partner and then testing backed up by customer references demonstrating expertise in Microsoft Academic products and licensing.

For any organization that isn’t aware of the advantages of Microsoft Academic licensing, the program offers extremely generous discounts to both Primary and Secondary academic institutions – public and private.

I had the privilege of teaching as a Senior Lecturer in Management Information Systems at Boston’s Northeastern University for many years and I continue to enjoy helping educational institutions of any size and type with their important mission. If you know of a school that could use assistance with any facet of information technology, please have them contact me directly.



Fake Windows Update is Actually Ransomware

A new strain of ransomware is making its way around the Internet and what’s so nefarious about this version is that it disguises itself as a Windows update.

What happens is that an attachment in a phishing email, when clicked, actually launches a process that brings up a prompt advising the user that an important Windows update is available. People go along with it thinking that they are doing the right thing by keeping their computer up to date.

The ransomware itself is called “Fantom” and the actual executable that starts the process is “CriticalUpdate01.exe.” Once executed it extracts “WindowsUpdate.exe,” and the screen that displays as it begins to encrypt your files looks very much like the modern blue screen that Windows 8, 8.1 and 10 users are familiar with.

But what’s actually happening is that your files are being encrypted. The next thing you’ll see is a screen telling you all your data has been encrypted:

Fantom ransom screen

At this point your only options will be to restore all data from a backup or pay the ransom.

So what can you do to stay safe? Here are 5 basic steps to take.

  • Remind all your users never to open or click on links in messages they are unsure of
  • Don’t run Windows in Administrative mode
  • Make sure you have a good and up-to-date antivirus/anti-malware product installed
  • Be sure your Windows firewall is working and up to date
  • Don’t run old, out-of-date software. It often contains known vulnerabilities that cyber-criminals exploit

Everyone stay safe out there!


“Your Office 365 statement is ready” Scam – Heads up!

The popular Microsoft Office 365 online service is now being used in a phishing scam to try and steal your personal data and information. Here’s what to look for.

You receive an email that appears to come from the ‘Microsoft Online Services Team’ with a subject of ‘Office 365 billing statement’. The body of the message looks good – there’s an Office 365 logo, no typos or obvious mistakes, and even the Microsoft logo at the bottom of the message. There’s a hyperlink inviting you to ‘Click here to view your statement’. If you do you actually download malware onto your computer.

Advise your users just to delete the message without clicking anything. And remember, with any message about an account you might have somewhere, never access it from a link in a message. Always go to the actual website by entering the address yourself, login, and then review any messages or account details. And if you’re still in doubt, pick up the phone and call the company’s customer service.

Everyone stay safe out there!


SecureCloud Backup – 50% off Through Dec. 31

MicroData is celebrating the holidays and over the next 2 weeks I’ll announce some special offers for our customers and friends.

Special #1: If you’re looking for a secure business-grade Cloud backup solution, a 1-year subscription to MicroData’s SecureCloud Backup is 50% off through December 31. And we’re even throwing in free setup.

SecureCloud Backup works with any PC, Mac, or Server and requires no user intervention or maintenance. Fully HIPAA compliant with military-grade encryption.

And at 50% off, you can start with 250GB of de-duplicated storage for just $34.50/month (new SecureCloud Backup customers only).

This offer ends December 31, so don’t wait to lock in a full year of savings.

Contact us at 800.924.8167 or online to learn more or get started.



MicroData is Hiring!

As we approach the end of 2016, I’m pleased to report that MicroData is growing – and we’re hiring! We’re currently looking for both an Engineer II and Engineer I. We also have a technical and a marketing internship open for the winter/spring.

If you know of anyone that might be interested, please point them to our website or have them contact us today.


RingCentral Spoof – Heads up!

Cybercriminals are now using references to the popular VoIP/efax service RingCentral in an attempt to trick users into taking actions that will infect their computers with malware.

Users receive an email message displaying the sending address ‘RingCentral’, a subject line that contains their name and the text ‘you have a new fax from 314-521-2722’ (or some other number), and the message body telling the user they can view the new fax message ‘on our website.’ Clicking the hyperlink will take the user to a web page that will infect the computer with a Trojan.

Make sure you just delete the message without clicking on any links.

Remind your users to stop and think before they act.

Everyone stay safe out there!



IRS Form 6642 Email Scam

Tell your users to be on the lookout for a new email scam – the subject line is “RE: IRS Form 6642” and the apparent reply address is from a law firm.

The body simply contains Can you print this? and a link labelled “IRS Portal.” Click the link and you download and install malware on your computer that looks for and steals financial account information and passwords.

What makes this scam somewhat different is that it doesn’t threaten or attempt to scare the user to action but instead asks a simple, innocent sounding question.

Just delete the message without clicking on the link or interacting with it in any way. And remind your users to stop and think before acting.


412 Million FriendFinder Accounts Hacked

LeakedSource Sunday reported that 412 million accounts on the FriendFinder network had been exposed, making this one of the largest hacks in 2016. And worse, this is the second time that the FriendFinder network has been breached. The first time was in May 2015.

If you have an account on any of the FriendFinder sites you’ll want to change your passwords and check any credit card info you may have stored with your profile.

Everyone stay safe out there!


What Last Friday’s Denial-of-Service Attack Teaches Us

Most likely you were affected by last Friday’s DDoS attack. Everyone awoke and found many popular Internet sites slow or unresponsive. This was due to a multi-pronged attack against Domain Name Service (DNS) provider DynDNS and on Amazon Web Services. Affected sites included Twitter, Spotify, Soundcloud, and many others.

Without getting into too much technical detail, a DDoS attack utilizes thousands of compromised systems to flood a service – in this case Dyn and AWS – with so much traffic that its servers are overwhelmed trying to respond to it. It took Amazon and Dyn a couple of hours to restore normal operations.

The exact cause and ultimate size of Friday’s attack hasn’t been pinpointed yet, but other recent attacks were conducted by compromised Internet-of-Things (IoT) devices – think toasters and refrigerators with built in connectivity. I’ve been amused by the predictions of how IoT will take over the world without any problems when as yet we can’t even effectively manage security on the much smaller number of devices we already use. IoT devices use very simple embedded operating systems – most with minimal security – and many with undocumented embedded backdoor access mechanisms from their manufacturers.

So what can be learned? A couple of things.

First, a reminder. If you are 100% reliant on Cloud services, you have to be prepared for downtime and have a plan for how you’ll respond.

Second, be very careful with IoT devices on your business network. Heck, be careful with them on your home network. Most offer no option to monitor or manage what they are doing or what information they are collecting. If you have IoT devices that you want to leverage at your business, plan to deploy them securely on an isolated network.

Finally, consider updating your employee policies to cover bringing these devices into your organization. This is similar to employees bringing in their own wireless notebooks/tablets/etc., but now there can be many more varieties of devices.

Check What Facebook Knows About You

Most people are at least vaguely aware that Facebook tracks information about how you interact and use the service. Likes, ads you click on, things you comment on and things you don’t comment on, etc. It’s all data to build a profile about you that can be used for directed advertising.

If this makes you uncomfortable, you want to get rid of some directed ads, or if you are simply curious, here’s how to check on what FB has on you – and clean out items you don’t like.

In Facebook, go to ‘Ad Preferences‘. At the top you’ll see tiles that identify Interests. These are grouped by sports, news, entertainment, etc. If you see something that isn’t an interest, just click the ‘x’ that appears in the upper right-hand corner when you hover your mouse over the tile.

Go through all the categories; People, Lifestyle and Culture, Business and Industry, Hobbies and Activities, Travel/Places, Food & Drink, Education, and Sports & Outdoors. I found quite a few preferences that I couldn’t explain (North Pole?) plus some that were just wrong. Getting rid of these helps reduce ads you’ll see.

Now scroll down to the Advertisers section. You’ll see a list of advertisers that already have your info. Remove any of these and Facebook claims you won’t see their ads any longer in Facebook.


Galaxy Note 7 is Dead

On the heels of the announcement yesterday that they are recalling all Galaxy Note 7’s including the re-engineered replacements for the original models, Samsung has announced they are suspending production of the model entirely. “Taking our customer’s safety as our highest priority, we have decided to halt sales and production of the Galaxy Note 7,” said Samsung in a statement.

So what do you do if you have a Galaxy Note 7? Bring it back to the location you purchased it for a refund/replacement or if that might not be feasible, contact whatever service provider you’re using and they should be able to help you out.

For replacements take a look at the ‘regular’ Galaxy S7. Very nice and no charging issues. And yes, it has a headphone jack.

Here’s How to Do a Deep (and free) Malware Cleaning on your PC

Everyone should already have a good antivirus application on their computer/notebook/tablet. And there should also be some application installed to help protect against malware. But what do you do when you have a system that’s really loaded with spyware, malware, and adware and your software tools don’t seem to be able to get it all off? You should do an Offline Cleaning. Microsoft gives you the tools for free but almost no one knows how to use them. Here’s exactly how to do it.

Windows 10

The tool is Windows Defender Offline. Close all your open files and then in Windows 10, Go to Settings Update & security > Windows Defender > Select Scan Offline. Your system will reboot and the scan takes about 15 minutes to run.

To see what was found select Start, Settings > Update and Security > Windows Defender. Open the History tab, select All detected items, then select View Details. Any items found by Windows Defender Offline will be listed as Offline Detection source.

Windows 7

Windows 7 is a bit more work but not difficult. First, get a blank CD or a USB drive that’s at least 512MB in capacity. Now – on a computer that you’re pretty sure isn’t infected with malware/spyware – download the Windows Defender Offline application. Select either 32-bit or 64-bit depending upon whether your PC is running a 32 or 64-bit version of Windows.

Link to 32-bit version

Link to 64-bit version

Now run the downloaded file.

Windows Defender Offline Setup

It will ask you if you’d like to create either a USB startup device or a bootable CD. Usually a USB drive is easiest but work with whatever you have.

Windows Defender Offline Setup

Let the setup finish then remove your newly created USB drive. Go to the machine you want to clean but don’t install your USB drive yet. Power the machine down normally and once it’s off, insert the USB drive and turn on the power. The computer will boot to the USB drive and Defender Offline will run – usually for about 15-20 minutes. When it’s finished you’ll be prompted to restart the computer. Remove the USB drive and restart normally. Your deep malware cleaning is done!

UPS Phone Scam – Alert Your Users

Not content to rely on just phishing emails, now cyber criminals are using a clever pre-recorded phone call to try and steal your credit card info. Here’s how it works.

You receive a phone call – often on a cell phone – with a very professional sounding recorded message claiming to be from UPS stating that your account (some account number is given but the bad guys are hoping you don’t remember your actual UPS account number and notice it’s different) is seriously past-due. You’re politely asked to call a provided 800-number. If you do you speak to a fake representative who offers to help you by taking your credit card info to ‘take care of’ the past due bill for you. Of course once you give them your credit card info your day is ruined.

Remind your users that cyber criminals are trying to get to them using any technology available – including the telephone.


Still Using IE 7, 8, 9 or 10? Time to Upgrade

Microsoft released its monthly set of patches and updates this Tuesday and of particular note is the fact that over half of the ‘critical’ fixes (those related to security) are not being released for Internet Explorer 7, 8, 9 or 10.

So what this means is that if you’re an Internet Explorer user this is a really good time to upgrade your browser if you’re still using one of those older versions. How do you check? Open up a browser window and pull down the ‘Help’ menu and choose ‘About Internet Explorer’.

If you find you need to upgrade Internet Explorer visit Microsoft’s Download Center for the free update.


Beware New Tech Support Scam

Here’s a new one you should alert your users to be on the lookout for. Over the last few years we’ve all become accustomed to receiving legitimate email alerts from providers such as Google, Yahoo, and Facebook when there was the possibility of a security risk such as a logon to your account from an unknown computer.

While cybercriminals have copied these emails in the past hoping to lure users into clicking on links taking them to infected sites, there’s now a new twist. Now the fake security email includes an 800 phone number that you’re told you need to call.

If you do you’ll either get to talk to a real cybercriminal – usually with a foreign accent – or you’ll bounce around voicemail for a while. But with either, you eventually end up being told that there’s something wrong with your computer and that they’ll fix it for you but need a credit card.

Remind your users to stop and think.

Everyone stay safe out there!


Pokemon Go Ransomware

My wife and I were out on the back roads this past weekend and saw a man with what was clearly his 6 year old daughter stopped beside the road. When we saw him holding up his iPad for the little girl we turned to each other and said ‘Pokemon Go!’

It was cute, but like every popular trend cybercriminals have found a way to use it to try and extort money from you. In this scam, you receive an email with a Pokemon Go game icon as an attachment. If you click on the attachment it installs two pieces of malware that encrypt your files and then demands (in an arabic text file it leaves on your desktop) that you respond to an email address to receive instructions for paying a ransom to decrypt your files.

We haven’t seen any confirmation as to whether or not it will encrypt network files across a LAN or VPN connection but you should assume it will. Yet another good reason not to mix personal computing with work resources!

So spread the word that if anyone receives an email messages that’s Pokemon Go related, they should just delete it.

Everyone stay safe out there!


Why Ransomware Pays

I’ve had many frustrated people as me why cybercriminals create and distribute ransomware. The answer is money, of course. But some new data from a report by Check Point software’s researchers is helpful because it shows just how much money we’re talking about.

Check Point focused on just one product: Cerber. The Cerber platform is software created specifically to be resold to create ransomware. Aspiring cybercriminal affiliates create their own ransomware campaign using Cerber and the deal is that Cerber gets to keep 40% of whatever their customers make with their ransomware attack.

Check Point was able to determine that Cerber had more than 160 participants at current count and that the combined direct sales plus affiliate revenue was almost $200,000 just in July – and this despite a victim payment rate of only 0.3%.

Doing the math means that Cerber is on track to net 2.4 million dollars this year.

So what’s the takeaway for businesses? Ransomware is a highly profitable criminal activity and you should expect to see increases in attacks on your business.

And that means that if you haven’t yet, you should get your organization up to speed both in terms of hardware/software preparedness, but also user training.

If you’d like to learn more, download our Executive Report: Ransomware Prevention Checklist for Your Organization or give us a call at 978.921.0990

Everyone stay safe out there!



Unbelievable Deal on a High End Multifunction Printer from Lexmark

I don’t often write about hardware deals. Quite frankly, there’s almost no money to be made on any of it so we leave it to the large national distributors, but once in a while I see something that actually impresses me enough to put the word out.

Lexmark has an unbelievable deal on their MX511de black and white multifunction printer. Regularly $999 and the best Internet price we’ve seen was $620 at Amazon, as a partner we’ve been offered a very limited number of these workhorses at $349 each (plus shipping). That’s brand new with a 1-year on-site warranty.

So if you’re sick of buying inkjet cartridges, complete the brief form below and we’ll have someone give you a call right back.


How the Chinese Stole the Secret F35 Fighter Plans – and Why it Matters to You

U.S. F-35 Fighter
U.S. F-35 Fighter

Starting in 2011, a Chinese citizen named Su Bin who lived in Canada orchestrated an elaborate hacking operation that stole over 50TB of classified data about the F35, B2, and other highly classified U.S. weapon systems. How did he do it?

It wasn’t elaborate technical penetration of firewalls or middle-of-the-night Mission Impossible-style burglary. It was simple email phishing.

With email phishing, a message is sent to employees appearing to be from a colleague or friend. The message contains a link and when the recipient clicks on the link, they are taken to a bogus website which then infected their computers with malware to harvest passwords and data.

While your company may not have top-secret information, you are almost 100% certain to be targeted in this same way by ransomware – software that encrypts your data – both local and Cloud – and you won’t get it back unless you pay a ransom to the cybercriminals.

The takeaway? Of course you need to implement all the best-practice technical safeguards and monitoring for your network, but equally important is that you need to train your employees to recognize phishing email messages so they don’t act on them.

If you’d like to learn more, click here to download our free Executive Report; Ransomware Prevention Checklist for your Business.


What Notebook Would You Take Into Space?

Think about it for a minute. There’s no FedEx for a quick delivery of replacement parts, so you want the absolute highest reliability and ruggedness in a notebook. So which do you choose? For the International Space Station, NASA selected Hewlett Packard’s ZBook 15 Mobile Workstation.

HP ZBook 15 in Zero Gravity

On April 8 SpaceX delivered (5) HP ZBook 15’s to the ISS aboard their Falcon 9 rocket. Here’s how they perform in space (and on earth):

  • Rugged. Not every computer can handle the demands of space. The ZBook 15 went through lots of tests—including getting blasted with radiation—to make sure it could still function optimally onboard the space station. It also withstood a rigorous battery of Military-Standard 810G testing including drop, shock and extreme temperatures, plus 10 years’ worth of radiation exposure.
  • Powerful processors. The ZBook uses new 6th generation Intel® Core™ processors.
  • Lightweight design. The ZBook 15 weighs in at a svelte 4.18 pounds, which makes rocketing them 240 nautical miles off the planet just a little easier.
  • A massive memory. ZBooks can handle up to 1 TB internal memory that lets astronauts save and organize their valuable research.

Curious about how they use them? According to HP and NASA, the notebooks are used for:

  • Command and control. The ZBooks will interface with the systems to provide command and telemetry functions which support vehicle control, life support and critical maintenance operations.
  • Mission support. The workstations will be used to support more than 500 experiments conducted each year.
  • Physical and mental health. HP ZBooks will be used to monitor and support the health of astronauts enduring the rigors of space. This includes everything from retina eye exams to video conferencing and IP Phone calls to support connectivity with family and friends to support mental well-being.

MicroData customers don’t take their notebooks and tablets into space, but they get some pretty tough use. That’s why MicroData recommends HP products and the ZBook series of notebooks is one of our favorites. If you’d like more info about HP products, please contact us.


Mac Users Beware ‘Easy Doc Converter’

Cybercriminals are increasingly targeting Mac users and the latest is a backdoor malware app which has been identified as ‘Eleanor’ by Bitdefender. This malware installs a backdoor that gives the bad guys almost complete access to the infected machine including all data and control of the built-in webcam.

Mac’s running OS X 10.6 or later can be affected – that’s would be circa 2007 or later.

This malware installs itself disguised as a fake file converter called ‘Easy Doc Converter’ and available on MacUpdate although not at the Mac App Store according to Apple.

Apple says they’ll be releasing an update to Xprotect to block the app but they haven’t detailed how they will patch the underlying vulnerability that permits Eleanor to do its mischief (execution of a script registered to system startup that allows an anonymous attack of the system). But in the meantime if you’ve already installed this app, the free Malwarebytes scanner has already been updated to remove it.

Everyone stay safe out there!


Glenn Mores Interviewed on CBS Pulse

Interested in learning about what the Cloud can cost and how secure it is? Check our Part 2 of my interview with Gillian Burdett on CBS Pulse.

And if you missed Part 1 where I talked about the benefits of Hybrid Cloud deployments, you can find it here.


Use GoToMyPC? Read this

If you are a user of GoToMyPC it’s time to change your password. In their blog this Sunday Citrix said that the service was hit by a “very sophisticated password attack.” Citrix is requiring all users to reset their passwords using the ‘Forgot Password‘ link.

Citrix didn’t go into detail but the implication is that a substantial number of accounts were compromised.

And of course if you used the same account/password at other sites you should change it at those sites as well.

Attacks against websites continue to grow as cybercriminals exploit security flaws. If you haven’t already, start taking a look at enabling two-step verification which many sites are now offering. With two-step verification, you receive a unique code to your cell phone or email each time you want to sign on.


Your TV Can Now Get Held for Ransom?

The concept of the Internet of Things is appealing in many ways. It allows connectivity and interaction with devices which were not capable of being managed/monitored in the past. And when there one platform to link them all together, it gives a nice, consistent user interface and experience. But like most things in life, there’s a dark side to consider.

Consider FLocker – an Android based lock-screen ransomware. This one has been out there for a while but it’s being continuously being updated by the cybercriminals that produced it to keep it one step ahead of the firewall and antivirus companies. The latest version pretends to be from some law enforcement agency and accuses potential victims of crimes they didn’t commit. It now will also infect Smart TV’s that run the Android OS – effectively locking you out of your TV.

Consider a fully ‘smart home’ of connected devices and you can immediately see the possibility of them all getting infected and operation disrupted. Vendors haven’t thought this through yet, but they’ll need to – and soon.

Everyone stay safe out there!


Google’s New Free Website Tester

Everyone wants their website to be friendlier for users and rank better in searches. Now you can quickly see exactly what Google is looking for in terms of how your site delivers pages, both on desktops and on mobile devices.

The neat part is that after running the test (which only takes about 30 seconds for an average business site), Google gives you a report of findings and exactly what you should work on. Just forward that off to your web developer and have them get to work!

You can access the Tester here.


eBay Scam: Alert Your Users

With phishing email messages, the key for cybercriminals tricking you into divulging passwords and account information is to make a plausible-looking message that gets you to click on a link. Then you’re taken to a bogus website where you are asked to ‘log in’ and boom, they have full access to your account.

The latest is a fake eBay message supposedly from a user demanding to know why you haven’t sent them info about something they allegedly purchased from you. They threaten to contact the police and PayPal if you don’t respond.


Remind your users to stop and think. Note that the message isn’t personally addressed to you. A threat in a message is another giveaway as is poor grammar. Tell your users just to delete the message without clicking on anything.

Everyone stay safe out there!


MicroData on CBS Small Business Pulse

Heard about Hybrid-Cloud and wonder what all the hype is about? Check out the Part 1 of the interview I did on May 20 with Michelle Guilbeau of CBS Small Business Pulse.


Just What is a Strong Password?

Most websites now require/encourage you to create a strong password when you set up an account. But what exactly is a strong password? What one site considers a strong password another site will tell you is moderate or weak.

Regardless of what any specific site tells you, a strong password should have the following characteristics:

  • at least 8 characters
  • doesn’t contain your actual name, your user name, or your company name
  • doesn’t contain a complete real word
  • is significantly different than previous passwords
  • contains an upper case, lower case, numerical, and symbol character


Android Phishing Trojan Cleans Out Your Bank Account

From our friends at KnowBe4 comes an alert about a really nasty piece of malware which goes after Android phone users and targeted smartphone banking apps.

It works by inserting a fake login screen over the actual login screen in the app. When you log in you’ve actually just given the cyber criminals full access to your account and they promptly transfer all funds to an overseas account.

Android devices get infected by either installing an app outside of the Google Play Store (called a sideload), or by downloading a ‘Required Flash Update’ needed to view video – usually at an adult site.

So for your smartphone – iPhone or Android – follow these tips:

  1. Don’t sideload
  2. Don’t click on text messages you don’t recognize or expect
  3. Keep your device updated – both the OS and apps you use
  4. Don’t surf adult and inappropriate sites. Risk of infection is very high

If you’re concerned about malware and ransomware threats at your business or organization, check out our FREE download: Ransomware Prevention Checklist for Your Business

Everyone stay safe out there!


Why Using that Old Version of Office Puts You at Risk

I was born in Maine and had parents that clearly remembered the effects of the Great Depression. They weren’t yet born during the actual Depression but growing up, their parents who had lived through it, taught them valuable life lessons from those difficult years. And I got many of the same lessons although as the next generation, less poignantly. One central concept was Yankee-thrift, a big part of which means you don’t waste things and you don’t throw stuff away that could be re-purposed or re-used. Good advice – in most cases.

The problem is that this belief can get you into trouble with information technology. For example, we have many organizations we’ve worked with that use older versions of Microsoft Office. I’ve repeatedly heard over the years, “it works just fine and does what I need it to.” The problem is that it does some things you really don’t want it to do.

One of the biggest problems is the file format. Have you noticed how newer versions of Word save files with a .docx extension rather than the older .doc? There are many improvements that Microsoft built into the new file format, but one huge area of improvement was file security. In the new .docx format, Microsoft removed the ability for users to embed macros into the document. A macro is basically a set of self-executing instructions. Today, many variants of ransomware are being spread by macros in infected .doc and .xls files. With the older version of Word, you can just click and boom, you’ll find all your files encrypted and be looking at a ransom message and the prospect of paying hundreds or thousands of dollars to get your data decrypted.

So Yankee-thrift is a great concept, but not in business where you share files all the time. Keep your software versions current and if you’re not sure how old is ‘too old’, ask your IT professional who can guide you.

Everyone keep safe out there!


Angie’s List Scam – Heads up!

Alert your users to be on the lookout for a phishing email allegedly from Angie’s List. The subject line is ‘Invoice xxxxx from Angie’s List, Inc.’ and the message body looks like a QuickBooks generated invoice for $216.64 or some similar amount. The message body starts with ‘Dear Valued Customer’ which should be your tip-off that it’s a bogus message – legitimate email messages will have your personal info.

There’s a ‘View Invoice’ button which, if clicked, takes you to a website that will infect your computer with malware. Just delete the message without clicking on anything.

Want to train your users to better recognize phishing scams like this? Contact us to learn about online Security Awareness Training. The cost to train and educate your entire company for a whole year is less than $750 for an organization with fewer than 50 employees.

Everyone stay safe out there!


Have QuickTime on Widows? Uninstall it Now

QuickTime on Windows is an Apple product that has been widely used for years to play movie trailers and many Internet media clips.

Last week, Apple announced that it was no longer going to support the product and would not even patch two recently identified major vulnerabilities in the software that can allow hacker access to people’s computers.

The vulnerabilities are so serious that the U.S. Department of Homeland Security has sent out an urgent alert telling Windows customers to remove the program from their computers. So we’re advising everyone to check and see if you have this app on your computer and if so, uninstall it now.

Everyone stay safe out there!


Does Your Endpoint Protection Include this Important Ramsonware Tool?

Unless you’ve been away on a small island for the last couple of years, you know about the problems presented by Ransomware and probably know of an organization that’s been hit. But as a refresher, Ransomware is software that encrypts your computer, network, and Cloud data and your only recourse to get your data back is to pay a ransom, usually in Bitcoin and typically +$1,000.

What’s really tricky about Ransomware is that it isn’t delivered like a typical virus that sneaks onto your computer and runs itself. Ransomware is usually self-inflicted. A user gets an email that looks legit such as an efax or Word document – these are called phishing attacks. The attachment is actually the code and by the user clicking on it, the ransomware application gets started.

While there are many steps your organization can take to protect yourself, at a minimum you want a good quality antivirus/antimalware application on each user’s computer, and you want to make sure this antivirus solution does email content filtering. This is a basic but effective line of defense to stop a large percentage of these phishing messages from getting in to your organization.

Symantec, McAfee, Kaspersky, Sophos, F-Secure, and Vipre do not perform content filtering. Trend Micro’s Worry Free Business Security Advanced does provide content filtering which is why we recommend this solution.

If you haven’t looked at the capabilities of your organization’s Endpoint Protection software lately, with ransomware infections growing each month, now might be a good time.


Data Mishandling Could Cost CA Hospital $25,000 per Patient Record

Think that professional IT services are expensive? How about the cost of your current provider making a mistake? Last month a California state court judge finalized the highest ever per-plaintiff cash settlement in a data breach case. St. Joseph Health System, based in Irvine, is set to pay upwards of $28 million to settle a 31,074-member class action. The dispute arose out of a 2012 incident that exposed over 31,000 patient records to the Internet. The cause was not malware in this case but rather simple mis-configuration of the hospital’s intranet.

The takeaway? Security for your network and data needs to be one of your highest priorities. Even a small business can have thousands of customer records with sensitive information that must be secured.

If you’re not sure about your organization’s IT security, I urge you to take advantage of a special, limited-time promotion we’re offering where we’ll review your IT systems and provide you with a detailed 57-Point IT Systems Security and Performance Assessment – all for FREE. Click here to learn more.


Stealing Data with a Wheelbarrow

I was just reading a fascinating story on the U.S. Dept. of Justice website about a bank robbery and there’s a lesson in there for all of us about IT security. What made this story so interesting wasn’t the use of Mission Impossible-like technology or swarms of armed criminals, but exactly the opposite. Low tech, physical theft by one guy with a wheelbarrow. I’m not kidding.

Over a 2-month period, the defendant stole over $200,000 in quarters from a Federal Reserve coin storage facility at an Alabama Brink’s facility where he worked. He had noticed that the quarters were stored in ballistic bags – think large duffle bags – so he grabbed 4 empty bags, filled them with beads and just enough quarters to show through a small plastic inspection window, then he put them on a skid swapping them for legitimate bags full of quarters.

The lesson for IT? Don’t neglect physical security of your IT assets. Ask yourself how hard it would be for someone who gains access to your facilities to simply pick up a computer or server and carry it off. This is exactly why part of every yearly required HIPAA audit is to verify the physical security of key data processing equipment.

If you have any questions about your IT security – physical or electronic – we’d be glad to help you out. Get in touch here.


Ransomware Comes to the Mac

Ransomware is nasty stuff. Covert software gets onto your computer, encrypts all your files (and network files) with what’s effectively an unbreakable code, then extorts the user into paying a ransom – usually in untraceable bitcoins – to get the data back.

The cybercriminals that develop ransomware have traditionally gone after the Windows market as it’s large and predominately used in business, but now they’ve specifically started targeting Mac users.

This past weekend Palo Alto Networks wrote that they had found the ‘KeRanger’ ransomware app wrapped inside Transmission, which is a free and reputable Mac BitTorrent client. To make it worse, the infected version of the app was signed with a legitimate Apple developer’s certificate.

It’s not know how the hackers were able to upload an infected version of Transmission to the app’s website, but it worked. BTW, if you use Transmission the bad version was 2.90 and you should immediately upgrade to 2.12. This particular variant of malware waits for 3 days after being installed then does its deed.

And to make matters worse, it appears that this ransomware will try to encrypt files on Apple’s consumer cloud backup service, Time Machine. So an infected user could be looking at losing all their local and backed up data.

The ransom? 1 bitcoin or currently about $404.

The lesson? It doesn’t matter what kind of computer or operating system you have. Cybercriminals will target any group that seems profitable to them and they have the expertise and resources to be successful.

Everyone stay safe out there!



Bogus “American Express Fraud Protection Alert”: Heads Up!

Cyber criminals are at it again and this time they’ve come up with an interesting twist. The Phishing email is actually disguised as a fraud alert message from American Express! Here’s what to look for.

You receive a message with the subject line of Fraud Protection Alert with a ‘FROM’ address of American Express Customer Service. The message body looks like an Amex message with the logo and some footer information that seems pretty typical. But if you click on the hyperlink to ‘Verify’, you’re actually taken to a bogus Amex website where they tell you to log in. If you do you’ve just given the criminals access to your Amex account.

What are the giveaways this message is bogus? First, it isn’t actually addressed to you – it’s just Dear Customer. Second, there are some spacing problems in the message body that a real company like Amex would never do. Just sloppy. And finally, Amex and other credit card companies won’t ever include links to log in with any alert messages. They’ll instead tell you to call them at the number on the back of your card or to manually go to the credit card company’s website and log in normally. By the way, if there was a number included in the message don’t call it – those are often manned by fake ‘agents’ who will try to verbally get your credit card info.

Are your employees having difficulty with Phishing messages like this? Contact us about a new and very affordable company-wide training program we now have available to help educate your users.

Everyone stay safe out there!


A Simple Mobile HotSpot for Your Car

At the recent Mobile World Conference Samsung has released a dongle that plugs into an existing connector in your car and gives you and your passengers a mobile hotspot for full-time wifi connectivity.


Called the Samsung Connect Auto, the device plugs into the car’s OBD II diagnostic port which provides power. Any car or light truck made in the last 20 years has an OBD II port – this is the port that your mechanic uses to read diagnostic codes for the car and if your state has an emissions test, that reading is obtained through this port, as well.

Initially it appears this will be available through AT&T at around $10 month and will offer LTE speeds. Look for availability around April or May.

Beware Tax-Season Scams

It’s tax season and the bad guys will use this opportunity to try and scam you – both by email and telephone. Last year over 360,000 people received harassing phone calls demanding payments and threatening jail. And there were millions of similar bogus emails.

By telephone, the routine is that you get a call supposedly from the IRS demanding payment for an overdue balance. The criminals will often even have the last 4-digits of your Social Security number to try and convince you they are legit. They demand immediate payment of the ‘overdue balance’ or threaten you with arrest. Typically payment is requested via Western Union or MoneyGram – both of which are very hard to trace.

The email messages are similar but will add a link to a site where you can ‘make payment’.

The IRS never initiates official business via telephone or email. They will always send a letter.

So if you get one of these phone calls just hang up. And delete the email messages, too.

Everyone stay safe out there!


Stolen iPhone Scam

A new sneaky scam is out there targeting iPhone users. Thanks to our friends at KNowBe4 for this tip.

This scam is proving effective because users are generally pretty upset about losing their phone and often not thinking calmly. So here’s how it goes.

You iPhone is lost or stolen so you jump online and turn on the Find My iPhone Activation Lock. In no time you receive an email  message that the phone has been found but you need to go to a website to verify your Apple ID. You do this and boom, you’ve just given the thieves your account info so they can unlock your phone. Your phone is now for sale somewhere.

The bad guys can do this because an iMessage can always be sent to the address that the phone says it has been locked by.

What’s catching people is that they aren’t noticing the ‘From’ on the email message they receive is spoofed (faked). So make sure you tell your users that if they lose their phone and receive an email message, don’t take any action it suggests. Instead get in touch with your company’s IT department to report the loss.

Everyone stay safe out there!


Comcast Business Internet Slow?

Are you thinking about upgrading to a faster Comcast Internet service because your current connection is slow, sites are timing out, or users are getting kicked off the Internet? Don’t do it! We find that in over 70% of cases, the speed of the Internet connection isn’t the problem.

We’ve helped many New England area organizations fix these types of problems and for a limited time, we’re offering a FREE check of your environment. We’ll review routers, modems, and systems and give you a report detailing exactly any problems found and what’s required to fix them.

We’re receiving a huge response to this promotion and have limited appointments times available, so don’t wait to respond if you’d like to take advantage of this offer.

To learn more or reserve your free audit, go to www.microdata.com/comcast or call us at 978.326.8205. Mention promo code 1215


Dell Tech Support Scam

If you have any Dell computers, here’s a scam you want to be sure to alert your users about.

Users receive a call claiming to be from Dell support. They even have the service tag from your computer and potentially other personal information. The caller then tries to get you to provide them with remote access to ‘fix the problem’. If they get access they will then infect the computer with ransomware and also potentially ask for a credit card for a ‘required service charge’.

At this point it’s not clear where the bad guys have got the Dell service tag information, but with that in hand they have an extra degree of credibility, so make sure your users don’t fall for it.

Everyone stay safe out there!



New MicroData Website is Live!

I’m pleased to announce that our new website is live! It was more than just a refresh although that was certainly part of the motivation for a change. We really wanted to de-clutter, focus our message, and also wanted a fully responsive site that worked much better on tablets, phones, and other mobile devices.

Any feedback is always welcome – plus I’m sure that a few errors are still in there in spite of all the testing (and we haven’t yet migrated all this blog). So let us know what you think!



Apple Phishing Scam – heads up!

Tell your users to be on the lookout for a phishing scam that looks like it comes from Apple. An email is received supposedly from Apple Support threatening to suspend your iCloud and Apple ID account because you did not reply to an earlier verification email. The phishing email has a link that allows you to ‘verify now’ but if you click the link you land on a bogus webpage that looks like it’s Apple but is a fake. The page prompts the user to enter their account and password and then boom, you’re done.

Everyone stay safe out there!



“Your PayPal Invoice is Ready” Ransomeware Scam

This scam is sneaky because the cybercriminals are using the exact same phrase that PayPal uses when monthly invoices are sent out.  Users receive an email with the subject line of ‘Your PayPal Invoice is Ready’ and the body of the message asks you to ‘Please open the attached file to view invoice’. The attachment is a .zip archive which, if opened, executes code that will encrypt your hard drive files (and files on any mapped hard drive) requiring you to pay a ransom in Bitcoin to get your files back. Short of a complete restore of the affected system(s), there’s no other way to avoid paying the ransom.

Aside from training your users not to fall for these types of messages, what else can you do to try and protect your company? Here are a few suggestions.

  • Block all .zip type of attachments in your email system
  • Pre-clean your email by running it through a filtering services such as MicroData’s hosted Barracuda service
  • Install better quality antivirus software that specifically looks for these types of threats. We recommend Trend’s Worry Free Business Security Advanced

As always, we’re glad to help organizations with issues like this. You can learn more or contact us anytime.



“Order” or “Case” Email Viruses Surging: Heads up!

There’s a rash of email messages appearing where the cyber criminals are trying the less-is-more approach. The subject line just has the word ‘Order’ or ‘Case’ and a string of letters/numbers. The message body references a ‘Total Amount’ or $30,000+, a ‘Timestamp’, and a ‘State’ reference. The message then asks you ‘Please open the enclosed Doc file’ – referencing an attached Microsoft Word file.

Opening the file will run a macro infecting systems that haven’t been updated and patched.

Remind your users to stop and think before they act on messages they receive, especially if it’s from someone they don’t know, contains an attachment, or uses fear or greed to try and encourage action.

Stay safe out there!



‘Secure’ Email Message Scam

The bad guys are relentless in trying to steal your information. The latest is a email with a subject line of “You have received a new secure message.” The body of the message has some graphics and prompts you to open the attachment which is a Word file named ‘Secure Message.doc’ (or similar).

Opening the file on a system that’s missing Microsoft Office security updates infects your system via a macro that exploits the unpatched vulnerabilities.

What can you do to help keep your organization safe? From a corporate perspective, make sure you have a good firewall installed, properly configured, and regularly updated. Also make sure that all user endpoints – Mac or PC – have installed, configured, and current antivirus software. And consider using an email filtering device or service to ‘pre-clean’ much of the junk like this scam.

Remind all your users to stop and think before they act on an email message they receive. Everyone stay safe out there!



Is Your VoIP Phone Killing Your Entire Network?

We just finished an audit for a new client and ran into this again, so I thought it might help to explain why using the data loop-through on your VoIP phone is generally a bad idea.

First, most VoIP phones are 10/100 networking devices. Many offices only have a single networking wall jack, so if you plug your gigabit computer network adapter into your phone and then the phone into the wall, you’ve just decreased your computer’s network throughput by a factor of 10. For networking performance, this is really like throwing out an anchor and returning your network to 1995 standards.

Second, having your VoIP phones on the same subnet (network address segment) as your computers can introduce a potentially very serious security problem. Here’s why. When purchasing or leasing a phone system, most companies also purchase an ongoing support agreement from the vendor to help with programming, moves, troubleshooting, etc. This means that your phone system vendor (and most likely the carrier) has access not only to the phone system and phones, but also to the data packets containing your computer networking data. If your organization has mandated compliance (HIPAA, PCI, etc.), this immediately creates a condition where you have uncontrolled 3rd party access to your data. And even if your company operates somewhere with no compliance or privacy laws (hard to imagine where that might be), your organization’s intellectual property is still being put at risk.

The solution? Always put your VoIP phones on their own wiring, connected to their own switches, and the system connected to a separate external IP address. While the additional wiring of a second CAT5e run can add to costs initially, you can recoup much of that immediately. 10/100 PoE switches can be purchased for the phones instead of more expensive gigabit PoE switches, and for the regular network, non-PoE switches can be deployed – another significant cost savings.



‘Email account quote exceeded’ malware

Alert your users that there is another email phishing attack making the rounds of corporate America. Users receive an email with the subject of “EMAIL ACCOUNT QUOTE EXCEEDED…” with a couple or email addresses listed including their own. The body of the message contains a simple bar graph that seems to indicate that the mailbox is running out of space. The message then urges the user to “Sign back in a continue your usage.”

Clicking on the link redirects you to a malicious webpage that will try to exploit your browser (if not updated) and install malware on your computer and will further try to get you to reveal credentials. Just delete the message without clicking on anything.

Remind your users to stop and think before acting. Everyone stay safe out there!



iOS 9 ‘Wi-fi Assist’ Charges Users without Warning

Heads up Apple iOS users. One feature in the recently released iOS9  update has the potential to bite users on fixed data plans. The new ‘Wi Fi Assist’ feature doesn’t do anything to make it’s presence known, but the feature defaults to an ‘on’ state in the iPhone 6S and in earlier iPhones that have upgraded to the latest OS.

Wi-Fi Assist works by supporting the phone’s data connection in weak wi-fi coverage areas by augmenting the signal with mobile data. This can make data usage unpredictable for users on fixed data plans. Some users have found mobile data usage to have doubled or tripled since the update.

If you’re uncertain about your devices settings and have a fixed data plan, find Wi-Fi Assist and toggle it off to be safe.



MicroData selected 7-years in a row to the Best of Beverly Awards

We’re pleased to announce that we’ve been selected for the 7th year in a row to the Best of Beverly award in the Computer System Designers & Consultants category as presented by the Beverly Award Program.

Each year, the Beverly Award Program identifies companies that have achieved exceptional marketing success in their local community and business category. These are local companies that enhance the positive image of small business through service to their customers and our community. These exceptional companies help make the Beverly area a great place to live, work and play.



Walmart Labor Day Voucher Scam

Going into the holiday weekend make sure you tell you users and friends to watch out for this one. You receive an email with a subject of “Use your Walmart Labor Day Voucher” with some referenced date. The message body then references a “$50 Walmart Bonus” available “this weekend only”. The message may come from ‘Walmart_Bonus_Points’ or something similar.

The links in the message take you to a fake page which will try to install password and financial account/credit card stealing malware on your computer.

Just delete the message.

Everyone stay safe out there and enjoy your holiday weekend!



Tips for Using WiFi Hotspots Safely

Having an available wifi hotspot can be incredibly helpful if you need to do some business on the road. But you should take some precautions to ensure that the person on the other side of that coffee shop isn’t stealing your identity, draining your bank account, or having a shopping spree with your credit card. Here are some of the safety tips we give our own customers.

  1. Make sure your laptop or tablet security is up to date. This would include having a fully supported OS with all patches applied, an updated web browser, a personal firewall turned on, and current anti-spyware/anti-malware.
  2. Be aware of the hotspot you’re using. The hotspot at Starbucks is preferable to one you just happen to come across while you’re sitting around the mall. And a hotspot that requires patrons to use a password is better still.A new trend to watch out for is ‘hotspot fishing’. The bad guys target an area where there are many people looking for wifi access. An airport is a great example. They setup with their own laptop with hacking software and then broadcast an unsecured wifi hotspot – sometimes with the name of a nearby store or the airport’s name to try and fool users into thinking its safe. Then they wait for unsuspecting users to connect. Once they do, everything they transmit can be intercepted.
  3. Protect your passwords. When a website or your browser asks if you’d like it to remember your password, we suggest saying ‘no’. For someone that’s frequently on the road, it’s better not to have your password data stored anywhere on your computer. The exception would be if you are using an encrypted password manager like KeePass.
  4. Change settings. The default behavior on Windows systems when connecting to a new network will be to ask you if the network should be trusted or not – choose ‘Public’ or ‘Public Network’. But if your computer doesn’t ask you for some reason, make sure you turn off file sharing.
  5. Use a VPN. A VPN can encrypt your connection to a home or work network so consider connecting this way if possible.
  6. Avoid financial transactions. If at all possible, just have these wait until you get home or to a secure network. If you do have to do some e-commerce shopping, make sure the sites are encrypted and secured. Secure sites begin with an ‘https’ in the address.
  7. Be aware of your physical surroundings. When you’re engrossed in some online work it’s easy not to pay attention of people coming and going around you especially if you’re in a busy location like an airport or coffee shop. Bad guys are in many of these public areas and are ready to grab a briefcase or purse left on the floor when the owner isn’t looking.

Everyone stay safe out there!



Ashley Madison Scams: Warn your Users!

As probably everyone has heard by know, the hackers that stole over 35 millions records from the Ashley Madison site have now posted all the records for everyone to see.

The bad guys will be coming after users in a number of ways; phishing attacks, fake websites where you can ‘check if your spouse has been cheating on you’, or ‘verification’ if your own affair has come to light.

As you would probably expect, any of these 35 million users is a target and will probably be tempted to respond to threats to out them. So what can you do? We along with our friends at CyberHeistNews suggest sending out the following message to your employees and friends:

“Yesterday 35 million names, addresses and phone numbers of registered users at the Ashley Madison site (which makes it easy to cheat on your spouse) were posted on the Internet. All these records are now public, exposing highly sensitive personal information.

Internet criminals are going to aggressively exploit this in many ways, sending spam, phishing and possibly blackmail messages, using social engineering tactics to make people click on links or open infected attachments. Be on the lookout for threatening email messages which slip through spam filters that have anything to do with Ashley Madison, or that refer to cheating spouses and delete them immediately, in the office or at home.”

Everyone stay safe out there!



Windows 10 Keyboard Shortcuts

For those of us that are long-term computer users, we’ve learned many tricks to make our interactions a bit easier. And one big convenience to anyone that actually knows how to type are keyboard shortcuts. If you haven’t yet transitioned to Windows 10, you’ll be pleased to know that your favorite keyboard shortcuts are still there – plus, there are some new helpful shortcuts that Microsoft has given us. Here’s a sampling of some of these new shortcuts:

  • Windows Logo Key + A, Open Action Center
  • Windows Logo Key + S, Open Search
  • Windows Logo Key + C, Open Cortana in listening mode
  • Windows Logo Key + Tab, Open Task View
  • Windows Logo Key + Ctrl + D, Add a virtual desktop
  • Windows Logo Key + Ctrl + Left Arrow, Switch between virtual desktops on the left
  • Windows Logo Key + Ctrl + Right Arrow, Switch between virtual desktops on the right

And some old favorites:

  • Ctrl + C, Copy the selected item
  • Ctrl + X, Cut the selected item
  • Ctrl + V, Paste the selected item
  • Ctrl + Z, Undo an action
  • Alt + Tab, Switch between open apps
  • Alt + F4, Close the active item
  • Windows Logo Key + L, Lock your computer
  • Windows Logo Key + D, Display and hide the Desktop




iCloud/Apple ID Final Warning Scam

Tell your Mac users to be on the watch for this one. You receive an email purportedly from the ‘Apple & iCloud Support Team’ with a subject of ‘iCloud/Apple ID Final Warning‘ telling your that you haven’t reviewed and confirmed your Apple ID details. There’s a link to do this ‘validation’ which takes you to a bogus site where the bad guys hope you’ll actually enter your ID & password – effectively giving them your account.

Remind your users to stop and think before they click.

And did you know that a firewall with an active subscription can block many of these messages from even getting into your organization? Definitely worth considering if you are just using a plain old firewall. New technology in this area is surprising affordable and you can also get this functionality as a service for only a few dollars a month. Contact us if you’d like to learn more.

Everyone stay safe out there!



Tips for Selecting the Right Wireless Tech for your Network

Nearly every organization is now using wireless technology in their network. Here are some tips on how to do it safely and get great results.

Step 1Stay away from retail store products. The simple fact is that the $30 wireless router at Staples or Best Buy isn’t what you want. In fact, you almost certainly don’t want a router anyway – you want a Wireless Access Point (AP). And you want one that supports the latest 802.11ac standard. Consumer products at retail stores don’t have much horsepower and will just disappoint you in a business environment with multiple simultaneous users.

Business-class products support more simultaneous users, seamless roaming from one AP to another, and centralized management. One favorite of ours is the recently released HP M330 dual radio access point. We have special pricing on these if you’re interested – contact us.

Step 2Perform at least a basic wireless audit. Unless you have a one-room office with just a couple of people, you need to do some planning to make sure you cover all the work areas in your organization and also that you have enough capacity for the number of devices you’ll be supporting. Wireless signals don’t like metal and mass. Modern construction with steel stud walls as well as old buildings with brick and foil-backed insulation all greatly reduce wireless signal strength. There are low cost/free apps you can get for a tablet or smartphone that, while not true scientific tools, will allow you to observe wireless signal strength fluctuations as you walk through throughout your office. This will give you a basic idea of how far a wireless signal is likely to reach.

For capacity, a good rule of thumb with a decent quality AP is that it can support about 8 devices at a time.

And be realistic about the number of devices you’ll be supporting. In addition to the notebooks and laptops in your organization, what about everyone’s smartphones? And what about guests? There’s nothing worse that rolling out a new wireless network and finding out it’s maxed out on the first day.

Step 3plan. So once you’ve determined how many AP’s you’ll need, don’t forget that each one needs to be connected to a network jack. And each will need power. Some models have a plug-in wall transformer but many utilize Power-over-Ethernet (PoE) which requires adding a special type of network switch to your network.

Step 4Don’t forget security! Even the most casual non-techie knows that it’s important to secure wireless networks properly. Use at least WPA encryption, put guest wireless networks on a separate subnet, and consider using MAC address filtering. And if your organization is subject to HIPAA, CMR17, or a variety of other compliance laws, you have to get it right. If there’s any part of this you don’t understand, it’s worth getting an expert to help you.



Another Hybrid-Cloud Deployment

We just finished another Hybrid-Cloud deployment for a customer, this time utilizing an HP Microserver for the on-premises component.

HP Microserver
HP Microserver

Not familiar with Hydrid-Cloud? It’s a combination of local, on-premises equipment combined with Cloud resources. For many organizations the advantages are greater control over data, much faster performance, and substantially reduced monthly subscription costs.

In this case the project also took care of replacing old, unsupported software, increased security with a new firewall, and greatly increased secure remote access.

The HP Microserver is a favorite for SMB. Tiny, virtually silent, and inexpensive.








Information Technology Management Survey; We want to hear from you!

If you’re a small or mid-sized business owner or senior manager, we invite you to participate in a 5-minute online survey: Information Technology Management in SMB. MicroData is investigating how SMB manages IT, challenges that are being faced, and how new technologies are impacting organizations.

If you’d like see what your organization is doing compared to others, you may request a free copy of the summary report of the survey.  And as a ‘thank you’, we’ll randomly pick several responses to receive a free Amazon gift card. Any personal information will be kept strictly confidential.

Click here to begin


Walgreen’s Gift Card Scam

Tell all your users to be on the lookout for this phishing scam. You receive an email with the subject “Re: Your Walgreens Gift-Card (Expires 7/20/15)*”. There’s a large red graphic with a big ‘$50’ and even an official looking bar code. Clicking anywhere on the image or on the included link takes you to a foreign site where you’ll get prompted to reveal information to ‘confirm’ your gift card. What you’ll actually be doing is giving your info away to thieves. Just delete the message without clicking on anything.

Remember, stop and think before you click! Everyone stay safe out there!



Windows Server 2003 Survey: Shocking Findings

AppZero surveyed Fortune 1000 companies and reports that the majority won’t finish migrating away from Windows 2003 Server before the End of Service Date (July 14). And while we all know that projects can slip, the statistics from the report are surprisingly depressing:

  • Almost half (47%) are not even aware of the EOS date or have no plans (yet) for remediation
  • Only 21% of respondents have a remediation plan in place
  • Security compliance and vulnerability management remains the largest concern (>50%)
  • Fully one quarter (25%) of respondents still have more than 500+ Windows Server 2003 machines

So even with the multiple years of announcements from Microsoft and warnings from industry writers and support professionals, many organization are clearly going to be caught. As you can imagine the scammers are already gleefully planning to exploit these machines.

Learn more about Windows 2003 options at www.microdata.com/windows2003  or contact us.



‘Dunkin Donuts Customer Loyalty’ Email Scam

Even coffee isn’t safe any more! The latest malware phishing scam is sending out email messages with the subject ‘Dunkin Donuts Customer Loyalty’ that promises a $100 gift card by clicking a link in the message. Except instead of a gift card, you infect your computer with spyware/malware.

Remind your users to stop and think before reacting to email messages. And if you haven’t already, subscribe to our blog with the link below so you can be notified of important alerts and info like this.

Everyone stay safe out there!


Sneaky New Malware Attack; ‘Stop spamming me’

Here’s a nasty new approach by bad guys trying to infect your computer and network and steal your data. You receive an email with a subject of ‘stop spamming me’ and a message body that contains the following text:

stop sending me offers from {your domain} i am not interested.
i have attached the email i received from {a legitimate email address at your domain}.
please stop

A Word document is attached which has a macro virus which, if opened in an unprotected mode on an unpatched computer, will infect your system with malware.

If you receive one of these just delete the message without opening it or looking at the attachment.

Everyone stay safe out there!


Federal Government Chinese Hack Fallout. Action Required!

It’s happened again. Federal employee databases have been hacked and now the cyber criminals have millions of employee records. You can expect this info to get sold quickly and then the email messages will start arriving trying to scare recipients into clicking on a link which will then infect their computer with malware or the message will try and manipulate users into giving out more personal information. If you’re concerned that you or someone you know may be affected, send your friends and users the following:

‘If you receive an email that claims your personal information has been hacked and that you need to click on a link, open an attachment, or even call someone to protect yourself, stop! Never click on such links, don’t open any attachments, and never call someone whose information is only provided in an email message. These messages are scams designed to scare you into taking action that would infect your computer with malware/spyware and potentially release even more of your personal info.”

Everyone be careful out there!

Windows 10 Available for Free Late July

If you’re running Windows 7 or higher, you’ll be able to take advantage of a free upgrade offer to Windows 10 from Microsoft. Look for the upgrade through your regular Windows Update utility.

Available in several versions that roughly correspond to current Windows offerings, Windows 10 will add some familiar operational features back to the current Windows 8.1 experience, plus add a range of neat new security and productivity solutions.

One of our favorite new security features is Windows Hello. Using camera technology, infrared lasers, multiple lenses, and a special processing chip, machines with this new technology will be able to work with Windows to authenticate users visually. Coupled with some other technologies in Windows 10 like Microsoft Passport, the end will be in sight for old-fashioned and vulnerable passwords.


Adult Friend Finder Phishing Alert

Adult Friend Finder is one of the most heavily trafficked sites in the U.S. for adults that are looking for casual encounters and has over 40 million registered users. The owners of the site owed a fairly large amount of money to someone and apparently, they didn’t pay. So in revenge, it appears that the site was hacked and 4 million accounts stolen and the info posted online. The problem is that given the highly personal nature of AFF, this opens up a perfect opportunity for scammers to exploit users who are worried about details of their AFF activities coming to light.

So imagine your users receiving an email blackmailing them or threatening to out them unless they click on a link or take some other action. We suggest alerting all your users to be on the lookout for threatening messages like this and delete them immediately.

Everyone stay safe out there!



Think you know HIPAA? Try our 6-Question Quiz and Get $200 Off

Most business owners know about HIPAA or at least know that it has to do with handling of patient information.

But did you know that if your company works with a organization that must be HIPAA compliant, you might need to be HIPAA compliant too? And if you need to be HIPAA complaint but aren’t, you may lose that business relationship regardless of how happy the customer is. That’s just one of the important facts that you need to know about HIPAA.

Take 3-minutes to complete our 6-question HIPAA Quick Check quiz. You’ll learn more about HIPAA and we’ll thank you with $200-off your next HIPAA Assessment.




Watch out for the ‘Copy of your Invoice’ Scam

You receive an email supposedly from some online company with a subject line of ‘Copy of your {company} invoice (xxx-xxxxxxxxx) and there’s a Microsoft Word attachment. You might recognize the company name or are just concerned about something being ordered in your name so you click and open the attachment. Boom – you just infected your computer with a key logging virus.

We’ll give the same advice we always give our customers; make sure your antivirus software is up-to-date and working correctly, make sure you have a good firewall either for your business or installed locally on your computer, and stop and think before you click.

Stay safe out there!



Windows 2003 End of Life. Rent a Replacement?

The countdown is officially underway as Windows Server 2003 approaches its end of life. On July 14 Microsoft will officially end support for this operating system. Having an unsupported operating system is a significant risk, and for many organizations subject to privacy regulation, not permitted.

Your traditional options are to purchase a new server or maybe lease it, but now there’s a 3rd very attractive possibility. You can rent a replacement server with the latest operating system.

Rentals are available on a month-to-month basis with no long term tie-ins. And prices are extremely affordable.

To learn more, contact us at www.microdata.com



Heads Up! IRS Refund Scam

From our friends at Knowbe4, here’s a nasty ransomeware scam that’s looking for victims. Share this with your friends and colleagues.

Cyber criminals are preying on American tax payers that have made the April 15th deadline and are now waiting to hear about their refund. There is a massive phishing scam going on right now which tries to trick you into opening a Microsoft Word attachment. But if you do, all your files will get hijacked and encrypted. If that happens, you only get your files back after paying around $500 ransom.

Remember, think before you click, and do not open any attachments you did not ask for!



MicroData SafeGuard = Disaster Recovery

Disaster Recovery for Information Technology basically means this; what does your business do when a critical server fails due to a mechanical or electrical problem? Or worse, how does your business recover if that critical server gets destroyed in a fire or flood? Sure, you can restore to a good backup but that can take hours with a local backup (if it also hasn’t been destroyed) or days if you’re using a cloud-based backup solution.

MicroData’s SafeGuard is a 2-part solution. The first part is a MicroData server (like the one below) that gets deployed at your location and takes a snapshot of your server(s) every 15 minutes. If your server(s) goes down for whatever reason, SafeGuard mounts a virtual server of your failed server and everyone goes back to work – often in as little as 15 minutes.

And what happens if that pipe in the ceiling bursts or a fire breaks out destroying everything? SafeGuard covers you by replicating it’s backups to the MicroData data center here in Beverly. We then put the latest snapshot onto a replacement SafeGuard server, deliver it to your temporary work location, and bring up a virtual server with data from the last snapshot.

Here’s a SafeGuard server getting prepped to protect a customer. Contact us to learn more.

MicroData SafeGuard Server
MicroData SafeGuard Server



Tiny PC – Check out the Picture!

We just received one of HP’s new EliteDesk 800 G1 Mini’s for a customer. Small in size but this example has an Intel I7 CPU and can drive dual monitors. Completely silent operation, too. Great way to get back some real estate on your desk!

HP EliteDesk 800 G1 Mini

200GB microSD Card

That’s not a mis-print. Sandisk will soon (late Spring) release it’s 200GB Class-10 microSD card. Aimed at smartphone users and photographers, the card should be good enough for 20 hours of full HD video or tens of thousands of raw digital camera images.

You can find out more info at the Sandisk website.



LogMeIn EMail Phishing Attack

Preying on the popular use of LogMeIn (an online meeting & collaboration service), the cyber criminals are trying a new tactic to infect your computer and steal your information.

You receive an email message from ‘LogMeIn.com’ with a subject line of ‘Your LogMeIn Pro payment has been processed!’. The content looks like a typical ‘Thank you for your payment’ sort of message and references a payment amount of $999. There’s an Excel spreadsheet attached that’s referred to as a receipt. Opening the attachment on a computer with a version of Excel that hasn’t been patched runs some code that infects your computer and begins stealing data.

Remind your users to stop and think before acting on email. And make sure your systems and all your software applications are updated regularly.


“The IRS is Suing You” Scam

Here’s one of a new breed of scams that’s circulating now – telephone. Based upon info that the cyber criminals have obtained about you, you receive a robo-call that goes something like this: “We have been trying to reach you. This call is officially a final notice from IRS, the internal revenue service. The reason of this call is to inform you that the IRS is filing lawsuit against you. To get more information about this case file, please call immediately on our department number 360-362-4254”

Cleverly, the 360 area code is in Washington outside of Seattle but it looks official when you see “Washington” on your caller ID.

Everyone be careful out there!



100GB of Free Online Storage for 2 Years

Do you like to use online storage? How about 100GB of space for free for the next 2 years? If this sounds good check out Bing Rewards to claim yours.

Microsoft is making this offer with really no strings attached. You do need a Bing Rewards account (no charge) and must agree to get promo email messages periodically – although you can unsubscribe to them.

This is a particularly great deal for Windows users as OneDrive is built into the OS. After the default 15GB that Microsoft gives you, after this offer you’ll have 115GB. Not bad.

Click here to sign in to Bing Rewards or to create an account.



Malvertisement Alert! Firefox and IE Users Affected

Trend Micro yesterday announced that they’ve found a vulnerability in Adobe’s Flash Player that permits systems with Internet Explorer or Firefox to become infected with Malware from Flash-based advertisements. This is a so-called Malvertisement.

These are particular insidious because a system can become infected simply by visiting a page – the user doesn’t need to click on anything.

The site where most of these infected ads are running is the popular dailymotion.com

Adobe is aware of the issue and is working on a fix that they’ve promised to release this week, but as of this morning it isn’t yet available (current build of Flash is

What can you do? If your organization can block access to the payload URL, that’s a good action to take. Detailed info on that URL is available in the Trend blog. If your users are running Trend antivirus products with Browser Exploit Protection they are already protected. If you’re not sure have your users disable autoplay of plugins (see our newsletter that explains how to do this here). If you want to be 100% safe, uninstall Flash from systems until a fix is released.

Heads up! Child Predator Email Scam

Proving that cyber criminals will sink to any level to steal your information, here’s another scam to alert your users about. Thanks to our friends at Knowbe4 for an early warning on this one.

Preying on the fears of any parent, users receive an email ‘warning’ them about a child predator ‘living near you!’ The email is delivered based upon zip codes so it might seem to have some legitimacy to a casual reader. The email contains a link to get more information and if you click on it, you infect your computer with malware that will attempt to steal passwords, account information, credit info, and even your identity.

Tell your users to delete the message without opening or clicking on anything.

Remember, stop and think!


HIPAA Technology Assessment Promo

MicroData is pleased to introduce our comprehensive HIPAA Information Technology Assessment service. This is the first solution of its kind; it integrates the mountain of network data that must be collected for the required annual HIPAA Risk Analysis and combines it with photos, observations, and required supplemental data.

If your organization works with patient data or if you work with the IT systems of a company that is required to be HIPAA compliant, then you are required to perform at least an annual IT Assessment.

To introduce this new service, we are offering a 25% discount from the regular price if an Assessment is scheduled and completed in February 2015. Please contact Steve Vozella at 781.608.2705 (mobile), 800.924.8167 x223 (office) or svozella@microdata.com for more information.

Intel Releases Computer on a Stick

Computers continue to get smaller to help us with moving data and processing where and when we need. Intel has now moved this idea to another level with its Compute Stick.

Intel Think Stick
Intel Think Stick

While there have been several small computing devices of this size in the past, what makes this unique is that it is available with either a full version of Windows 8.1 or Ubuntu. And it has a reasonable performance thanks to its Atom Bay Trail processor (by Intel, of course).

The Windows 8.1 version comes with 2GB of RAM, 32GB of storage, and plugs into any display’s HDMI input – instantly converting it into a full fledged computer.

Pricing is $149 – $89 for the Linux version.



Merry Christmas and Happy Holidays!

To all our customers, partners, and friends, I’d like to extend my personal best wishes for a very Merry Christmas and Happy Holidays!

Glenn Mores

Head up! ‘Fuel E-Bill’ Scam

Tell your users to be alert for an email message with a subject of ‘Fuel E-bill’ and a Microsoft Word attachment. Opening the attachment causes execution of some code which, on an unpatched computer, infects your system with malware. Just delete the message.

Make sure your systems are updated and that your firewall and workstations all have current antivirus and malware protection.

Be careful out there and have a good weekend!


‘Tiket Alert’ Email Scam – Heads Up!

Tell your users to be on the alert for an email message with a subject line containing ‘Tiket alert’. It has a .zip attachment with a filename of tiket_number.zip that, if opened, infects the system with malware. Users should just delete the entire email.

Remember to stop and think.

Everyone stay safe out there!


Black Friday Scam Alert!

It’s the Holiday Season for the bad guys too! But not the way you might think. They go into scam-overdrive mode. Black Friday and Cyber Monday are the busiest on-line shopping days and they are out to get rich with your money. So what to look out for?

  1. At the moment, there are too-good-to-be-true coupons that offer free phones or tablets on sites all over the Internet. Don’t fall for it. Make sure the offers are from a legitimate company.
  2. Watch out for alerts via email or text that you just received a package from FedEx, UPS or the US Mail, and then asks you for some personal information. Don’t enter anything. Think Before You Click!
  3. There is a fake refund scam going on that could come from Amazon, a hotel, or a retail chain. It claims there was a “wrong transaction” and wants you to “click for refund” but instead, your device will be infected with malware.

So, especially now, the price of freedom is constant alertness and willingness to fight back. Remember to only use credit cards online, never debit cards. Be super-wary of bulk email with crazy good BUY NOW offers and anything that looks slightly “off”.

If you think you might have been scammed, stay calm and call your credit card company, nix that card and get a new one. Happy Thanksgiving!

Looking for a Cheap Laptop?

While not a business class machine, we came across this Dell 15″ touchscreen notebook at Office Depot for just $219.99. Pretty hard to go wrong at that price. Great second machine for at home or for the kids. Details here.



CryptoWall v2 Virus; Get Infected without Clicking on Anything

In a nasty new twist, CryptoWall v2 now uses infected ads on dozens of popular sites like Yahoo, AOL, and Match.com to infect computers. The worst part is you don’t even need to click on the ads to become infected. Simply visiting the page with outdated software on your computer can infect your system.

For those of you not familiar with CryptoWall and similar ‘ransomware’ viruses, they work by infecting your computer and then encrypting all your data so you can no longer access it. Then it demands a ransom – $500 in Bitcoin in this case – in order to decrypt it. There is no practical way to decrypt it yourself. You either restore everything from a backup or pay the money.

In this particular case, the ads are infecting computers that have an outdated version of Adobe Flash installed that has a known vulnerability. Flash is used to allow many websites to broadcast video content through Web browsers. This vulnerability is exploited by code in the ads which causes your computer to download and install the virus. This is what we in the industry call a ‘drive-by-download’.

What should you do?

If you have Adobe Flash installed and you’re running Google Chrome or Internet Explorer on Windows 8 or newer, you’re probably OK as Flash automatically updates itself so it has already been patched against this exploit. You should still check to make sure you have the latest version as some website restrict software from being automatically installed.

To check if you have the latest version visit Adobe here: https://helpx.adobe.com/flash-player.html

If you don’t have Flash installed you don’t immediately have to worry about this. But you have ever watched a video in your browser, the odds are good you have Flash installed. So check to be sure.

Everyone stay safe out there!


Windows 7 End of Life

Do you like Windows 7? Have you been waiting to pick up another copy? Well, don’t wait too much longer.

Windows 7 Home Basic, Home Premium and Ultimate are going End of Life starting October 31, 2014 — meaning there will be limited availability to purchase them after that date.

So grab a copy while you can.

“Final Alert” shipping email scam

Warn your users to be on the lookout for this one. You get an email with a subject line of ‘Final alert for {your email address}’ with a message body that claims to have shipping and tracking info for something that isn’t identified – except that the claimed ‘order total’ is several thousand dollars.

The hope of the scammers is that the large number will frighten someone into clicking on the link to open the email. Doing that will open a browser window taking the user to a website that will then attempt to install malware onto the computer.

Remind your users to stop and think before they click.

Be careful out there!


Free Cloud Backup Accounts

Yes, free. Our partner, iDrive, offers 5GB cloud backup accounts for free. No strings attached.

Click here for instructions. Works with Macs or PCs.

And while you can purchase more storage space if you’d like, you can fit a lot onto 5GB. So go for it! Backups are good!



Heads up for Hacked eBay Accounts

If you use eBay watch out for the following scheme.

The bad guys use a phishing email to infect a user’s computer with a keylogger that records keystrokes. When an eBay login is detected, those credentials are used to access the account, set up a fake listing for a smartphone, TV, or some other popular item, and then the eBay account password is changed thereby locking out the legitimate owner of the account.

Unsuspecting buyers see a cool item at a great price and they check the feedback of the seller and see a 100% rating. So they click to buy but are instead taken to a fake eBay site where the victim is asked to log in and give out their bank details. Once they do this their bank account is cleaned out.

Remember – always keep your antivirus software up to date and current and stop and think before you click!



HP Microserver!

Another HP Microserver is getting ready to go to a customer. These are great solutions for a small business and for a hybrid-cloud option. Small, virtually silent, and uses less power than a typical light bulb. But powerful enough to run the latest versions of Windows Server!

HP Microserver
HP Microserver

Did you know that your organization can rent a Microserver from MicroData for as little as $49/month? Give us a call if you’d like to learn more. 800.924.8167


Home Depot Security Breach – What to Know & Do

Home Depot recently announced that info from thousands of customer’s credit cards had been stolen from its systems. It appears that the breach was carried out by the same group that hit Target earlier this year. If you’ve shopped at Home Depot in the U.S. or Canada anytime from April of this year onward and used a credit or debit card for payment, you are likely affected. Here’s what you need to do.

Home Depot has been very upfront about the problem and is offering free identity protection services to its customers for a full year through AllClear ID. You can read the official Home Depot statement here, and sign up for the free identity protection services at https://homedepot.allclearid.com

What else? Watch your card statements closely. If you haven’t done so already, sign up with your card provider’s online service so you can check charges before your paper statement comes in the mail.

Also, watch out for calls or emails claiming to offer some type of identity theft protection but are actually phishing schemes to try and get even more personal information from you.



5 Million Gmail Passwords Exposed

CNN yesterday afternoon reported that approximately 5 million Gmail addresses and passwords showed up on a Russian Bitcoin forum this Wednesday. Google says that it’s servers weren’t breached, but it’s unclear how the data in such large amounts was obtained – and how much of it is actually good.

It’s not uncommon for collections of such info to be summarized from multiple phishing and keylogging malware exploits and then offered for sale.

So if you have Gmail accounts, it’s probably a good idea to update your passwords.


iCloud Nude Photos Hack: Lessons to be Learned

With the news of dozens of female celebrities’ nude photos being stolen off iCloud over this past weekend, there are a couple of lessons to be learned.

  1. Apple devices aren’t somehow ‘safer’ or ‘immune’ to being compromised. Most likely the accounts in question were compromised by phishing attacks – targeted emails or sites designed to trick users into revealing account information.In some ways Apple users are more vulnerable because Internet legend tells them that Apple devices are immune to viruses and malware. Apple themselves does little to dispel this myth – most likely as it works so well for them.

    The reality? Any device including web-only appliances like Chromebooks are susceptible to phishing attacks. The only defense is to educate users.

  2. When you sync data from a local device to a cloud service then later delete it, the cloud data probably still exists. People tend to think about data as residing in the device that generated it but once you link to the cloud that isn’t the case. Just look at the IRS email scandal where it was claimed that Ms. Lerner’s email was ‘lost’ because her computer hard drive crashed. Only a copy of email makes it to the user’s local computer. All the email really exists on email servers which is why this claim is so ridiculous to people in the tech community.Remember that if you have any device linked to the cloud, a copy of everything is probably somewhere else.
  3. When your data is in a shared Cloud, you no longer control it. Apple has robust security on its cloud service. As does, Microsoft, Amazon, Yahoo, etc. But it’s still not in your control.This is one of the reasons we developed our Private Cloud service. With Private Cloud, your data is exclusive to you and isn’t co-mingled with anyone else’s data. Your organization maintains control.
  4. Think before you create data. It’s probably not a good idea to snap those nude photos or write that manifesto if you’d ultimately be uncomfortable about it get out into the public. Once created, data has a way of moving easily and silently around the Internet.


MicroData’s President Glenn Mores Featured in the MRC Blog

MicroData’s President Glenn Mores, was recently featured in mrc’s Cup of Joe Blog story9 Signs that your Business Applications Need Replacing



Robin Williams Scam

As if the events surrounding Robin William’s death aren’t sad enough, the bad guys out there are already trying to use it to steal your data. Users get an email or see a social media post with a subject line with something like ‘See Robin William’s Last Words’. Clicking on the link gets the user’s system infected with malware/spyware.

So alert your users to stop and think before clicking!



HP 400 All-in-One’s Have Arrived!

Just in the shop for a customer – nearly 20 of the recently released HP 400-series all-in-one systems. The computer is built into the monitor so these save a ton of space. Plus, they are completely silent when operating. Built-in camera for Skype or Lync videoconferencing.

Electricity savings compared to a 5-year old clunker completely pays for these in a couple of years.

HP 400 AiO
HP 400 AiO



Personal Computers Making a Comeback

A recent report from Gartner about shipments of PC’s, Tablets, Ultramobile, and Mobile Phone shipments sheds some light on what technologies people are using. And what’s interesting is that we are seeing a revitalization in traditional desktops with an actual forecast increase in PC shipments of 5.3% in 2015. This meshes with HP’s recent announcement that they are seeing activity up in their Personal Systems Group.

So what about tablets and smartphones? It seems that as that technology matures growth has slowed. We’ve seen these same trends here at MicroData.

What’s driving this shift? We believe that while portables and smartphones continue to have utility, for the worker that has to go to the office every day and work on a spreadsheet, a desktop computer is still a much more useful solution. Like any new technology, tablets and smartphones had a certain momentum when they were new because they were different. It appears that ‘shine’ has worn off now.

E-ZPass Email Scam

In a relatively new twist, we’re now seeming a phishing scam by the bad guys centered around the popular E-ZPass toll system. Here’s how it works.

You receive an email with a subject line of ‘Indebted for driving on toll road’ or something similar. The message itself has an official looking E-ZPass logo and a brief message claiming that you have failed to pay tolls and that you need to take care of it right away.

Of course, there’s a link which if clicked takes you to a fake website where you are asked to verify your account by entering your credit card info.

The giveaways that it’s bogus? Poor grammar, non-personally addressed, a direct link to a document rather than a request that you just log in to your account normally, and if you hover your mouse over the included link, you’ll see that the destination has nothing to do with E-ZPass.

Remind your users to stop and think before they respond to email messages.




Kindle Unlimited; A Great Idea for Information Junkies

Amazon just announced Kindle Unlimited – access to over 600,000 books for a flat $9.99 per month. If you’re like me and read 3-4 books per month, this is a great deal. Particularly as there are many business & technical titles available. More info is available on Amazon