Identifying IT Fraud & Scams

 According to the Federal Bureau of Investigation (FBI), the top fifteen common scams and crimes are:

1. Adoption Fraud
2. Business and Investment Fraud
3. Business Email Compromise
4. Charity and Disaster Fraud
5. Consumer Fraud Schemes
6. Elder Fraud
7. Election Crimes and Security
8. Health Care Fraud
9. Holiday Scams
10. Money Mules
11. Ransomware
12. Romance Scams
13. Sextortion
14. Skimming
15. Spoofing and Phishing

Of these 15 scams and crimes, at least five of them directly relate to the criminals using IT to deceive their victims.  For example, business email compromise, also known as BEC, is when a scammer targets a business and attempts to get money from them typically by wire or through fake invoices.

Another scam related directly to IT is ransomware.  This is one of the most costly scams, and here's how it works.  Criminals attempt to get potential victims to install ransomware on their PC using common social engineering techniques like emails that appear to come from legitimate sources, or leaving an infected USB thumb drive in an open area, hoping someone will plug it into their PC.  Once the ransomware is installed, it begins to encrypt the hard drive, and then depending on the ransomware variant it may or may not send the files back to the criminal.  The victims are met with a screen of instructions on how to decrypt the hard drive, but only after they've provided payment to the criminal, typically in the form of Bitcoin or some other untraceable digital currency.  Even if the victim pays the ransom, there's no guarantee that the information will not be leaked to public.

Although consumer fraud schemes are very broad, one common technique used by scammers is to call people and pretend to be from Amazon and Microsoft.  When calling as Microsoft, the caller is told that they purchased Windows support, and because support for their product is going to be ending, they are due a refund of the remaining balance.  Once the caller provides their bank information, the fraudster can debit their account.  This promise of unexpected money lures the victim into a false sense of legitimacy.  They want to believe it's real and that they're due a refund.  But once someone has their bank information, the only choice is to immediately close that account.  But don't worry, all hope is not loss.  There are ways to protect yourself.

Verify, Verify, Verify
Even if you know the person that sent you the email, if it was unexpected, reach out to them (not by email) and find out if the message is legitimate.

Don't Click Links
Even if you receive an email from a trusted source, don't click any links inside of it.  Instead go directly to the website to ensure that you're taken to the right place.

Never Give Out Your Credentials
This one should be a no-brainer, but I'm going to say it anyways.  Never give out your credentials to anyone, even if they claim to be from the company or service you are attempting to login to.  Your bank will never ask you for your credentials.

Diversifying Beyond IT Knowledge

The best thing about being in IT is that you can work basically anywhere.  There will always be a need for IT professionals.  And of course understanding the fundamentals of IT is important in an IT career; however, the value of gaining knowledge in other areas of general business practices makes you more rounded and can be the difference between an IT professional and a specialist.

One common trait in CEOs are they typically have a financial background.  Some of the largest companies in the United States such as Berkshire Hathaway, UnitedHealth Group, McKesson, CVS Health, and AT&T, all have college degrees relating to finance.  And although the focus of this post is related to IT professionals, understanding what makes a successful career and CEO will help any profession.

"I work on computers, why do I need to know anything other than computers?".  Well, the answer is simple, growth.  If you want to grow within your career, it's important to be able to discuss intelligently with your superiors and peers on all aspects of the business you're in.  For example, if you work at a bank in the IT department, it's vital to understand banking rules and regulations in order to be successful and provide the most useful contributions to your company.  The banking industry uses technology such as ACH (automated clearing house) to process electronic transactions.  Understanding how ACH works, even though it's not what one may consider IT, is vital to ensure that you're providing the highest level of support available.  You don't need to know every single aspect of your employer, but enough to provide meaningful contributions.

I recommend people in the IT industry take as many soft skill courses/seminars as possible.  Soft skills are interpersonal or people skills such as time management, public speaking, leadership, teamwork, flexibility, and communication.  They're different from hard skills, which are acquired through formal education or training, basically the knowledge on how to perform your job.  These soft skills will allow you to speak with confidence to your superiors.  Being able to communicate effectively could make the difference in being able to obtain a $10k piece of IT equipment, and having to settle for what you already have.

An IT professional will sometimes need to get large purchases approved by the company's CEO or board of directors.  Having the skills to present information in a method that will be understood by your audience is key to a successful request.  Because let's face it, explaining to another IT professional that understands what you're talking about is easy, but tailoring your discussion to non-IT people takes practice.

But don't get caught up too much in the non-IT related side of the business, so much so that you lose touch with the technology aspect, because this is an easy thing to get trapped in.  Pigeonholing yourself into one particular non-IT industry can be dangerous and make you less valuable in the job market place.  In summary, here are some things to diversify and continue to grow your worth:

• Obtain Soft Skills
• Learn About Your Business
• Use Your Newly Found Business Knowledge to Find Technological Efficiencies

These tips will allow you to easily switch employers if needed, and will show your perspective employer that you are willing and able to learn things beyond IT.

Information Outsourcing Risks & Benefits

In the world of information technology, small and medium size businesses don’t have the resources or capital to perform necessary tasks in-house.  For this reason, outsourcing certain processes or activities can be beneficial.

Outsourcing is when a business contracts with a vendor to perform a specific function, typically information related in nature.  For example, a bank may outsource their core systems, or a small business may outsource their website, so they don’t need to maintain a hosting server in-house.

When referring to processing, in-house means that the business maintains the hardware (servers) or software on their premises and are responsible for maintenance, applying security updates, and the basic overall operation of the process.

There are many benefits to outsourcing:

• No need for additional staffing
• Continued operation during disasters
• Allow managers to focus on core tasks
• Scalable

However, there are also some downsides to outsourcing:

• Not having control over who has access to your data
• The vendor may not have the same security standards that the business has
• Sometimes more expensive overall than in-house processing
• Limited to the schedule and capabilities of the vendor

One of the big things to focus on is security.  Businesses should take serious consideration of where their information will be stored, in terms of geographic location.  For example, some cloud computing vendors may store information in the USA, but also maintain backups in China, Russia, or other countries.

Also, depending on the type of processing the vendor is performing, they may have an audit performed and outline the results in a report called a SOC report (system and organization controls).  There are different types of SOC reports:

• SOC 1:  Service organization that do or may impact the business’ financial reporting
• SOC 2:  Service organization that holds, stores, or processes information for their clients, but is not significant to financial reporting (would not affect income statement or balance sheet)
• Type 1:  Report of procedures / controls in place
• Type 2:  Report of audit period and provides evidence of how an organization operated its controls over a period of time

A SOC report is either SOC 1 or SOC 2 AND type 1 or type 2.  And vendors typically won’t provide copies of the report until a non-disclosure agreement (NDA) is signed.  A NDA basically says that neither party will disclose any information discovered to anyone else.  Even if a NDA is signed, vendors may still not provide a copy of a SOC report until the business is an actual customer of the vendor.

It’s vital that businesses are fully aware of the operations of their outsourcing vendor.  The more critical the outsourcing process, and the more sensitive the information, the more the vendor should be scrutinized.  Too often we see in the news where a company was infected by ransomware and private customer information was leaked online.  Although it’s impossible to guarantee 100% security, businesses must perform due diligence to ensure all proper security measures are in place.  Because when an outsourced vendor gets compromised, it isn’t them that looks bad, it’s the business that trusted them.  Always be cautious, and don’t do business with an organization that you can’t trust.

Aukey Graphite Lite Q 10W Wireless Fast Charger Review

Aukey sent me a Graphite Lite Q 10W Wireless Fast Charger to review.  There really isn't much to say about it, other than it works.  The package includes the charger, USB cable (for power), user manual, and a key sticker.  The charger itself is black and has a light on the front that indicates whether a device is charging or an error has occurred.

In a world full of wireless chargers, there are many to choose from.  I will actually use this one because the overall design of the charger is sleek with rounded edges which makes it look nice when there is nothing on top of it.

You can purchase the charger on Amazon for $16.99.

Aukey 10000mAh Power Bank with Power Delivery Review

As a member of TeamTECHKey, Aukey sends me products to review and keep.  They sent me a 10000mAh Power Bank with Power Delivery, PB-Y13 to review.  In standard practice, I received minimal packaging, the power bank, a key sticker, manual, and a USB-C cable that can be used for charging the power bank.

The power bank contains an on/off button, and four lights to indicate the battery level of 25%, 50%, 75%, and 100%.  There really isn't too much to say other than the product works and it comes with a 24-month warranty.

Aukey touts a quick charge 3.0 port that can charge up to 4 times faster for compatible devices.

USB- PD enables compatible devices to charge at higher voltages and supports bi-directional charging and data transfer from both host and peripheral. Charge your USB-C phone at 5V 3A and your MacBook with the same cable and PD compatible charger. Get more detailed information from our Power Delivery blog post. (https://www.aukey.com/usb_power_delivery) (Aukey)

Engineered to refuel devices up to four timesfaster than conventional charging. Powered by INOV (Intelligent Negotiation for Optimum Voltage) Technology for fine-tuned power output & more optimized charging cycles. Up to 45% more efficient than Quick Charge 2.0 & compatible with a full range of USB connection types, from A to C. (Aukey)

You can buy this power bank on Amazon for $29.99.

Aukey DRA1 1080p Dash Cam Review

Aukey sent me the DRA1 1080p Dash Cam to review.  I’ve already had an Aukey DR01 1080p Dash Cam for about 6 months, and I love it.  There are a few differences between the two, but for now I’m just going to discuss the DRA1.

I always appreciate minimal packaging, which you can see from the pictures (don't mind the dirty mouse pad) is an Aukey staple.  The box comes with:

-The Camera (obviously)
-13 ft Car Charger
-Suction Mount
-Sticker Mount
-Two 3M Stickers
-Six Cable Clips
-Trim Removal Tool (I had to look at the manual to discover what this was)
-User Manual
-Aukey Sticker

The camera itself measures 3.2 inches wide by 1 inches tall, with the mounting hole at the top of the unit.  Also at the top is the USB port and GPS input port.  The screen itself is 2.7", which is a descent size, and the lens captures video at 140 degrees angle.  4 physical push buttons on the bottom make navigating through the menu a breeze.  The user interface isn't anything fancy, it's simple easy to view menus.

You'll need to purchase a class 10+ microSD card, as the camera does not come with one.  At the time of this post a 64GB SanDisk MicroSD card is $17.75 on Amazon.  I mounted the camera directly below my rear view mirror and because of its compact size, it was barely noticeable.  The cable clips and long cable allowed me to run the cable along the best route to my car's cigarette lighter (do they even call these cigarette lighters anymore) leaving a clean look.

I live in Pennsylvania, and the winters can get pretty cold.  In the cold weather I found the suction mount wouldn't stick to my window very well, and ended up falling off.  If your going to make this camera a permanent fixture, the sticker mount is the best option.  Just be sure to align the mount where you want it before applying pressure to the mount, because it does stick.

The nighttime recording is very good.  I didn't have any trouble viewing the day or night recordings.  There was no need to switch modes or make any adjustments, the camera adjusted automatically.  The camera can automatically overwrite recordings as the memory card gets full.  This allows the user to only grab footage if necessary.

The Aukey DRA1 1080p Dash Cam is available on Amazon for $39.99, it is well worth the price for someone that wants a little extra security when driving.  I highly recommend it.

Aukey Lightning Cable Review

I recently purchased an Aukey dash cam, and joined their TeamTECHKEY community.  It's a group of Aukey product owners that the company sends products to for review.  Aukey sent me some lightning cables to review.  A USB-C lightning cable 3.3 ft, and a 2 pack of 90 degree lightning cables 3.3ft.


The 90 degree lightning cable has a braided cord, which I'm always more drawn to, because they seem to last longer than their plastic counterparts.  The unique thing about this cable is the connectors at both ends are at 90 degrees.  If you're a neat freak, this cable is definitely for you.  It allows for you to easily hide the cable as it won't stick out of your PC or power supply like the regular cables do.

Aukey 90 Degree Lightning Cable (CB-AL04)

A red and black cable came in the box, along with a circuit key sticker, something that Aukey puts in every one of their products.  Since most USB cables are pretty much the same, it's the extra features like the 90 degree connectors, braided cords, and Aukey branded velcro wrap-around that make it stick out.

The 2-pack is selling on Amazon for $14.99.

The next cable is a USB-C lightning cable that is 3.3ft long.  There really isn't much to say about this cable.  It has the plastic coating, which is fine for a cable, but again I prefer braided.  It sells on Amazon for $17.99.  The only reason I would buy this over the 2-pack would be if I needed a USB-C connector.

Aukey USB-C Lightning Cable (CB-CL01)

All Aukey products are backed by a 45-day money back guarantee and 24-month product replacement warranty.

Thank you to Aukey for sending me these cables to test, review, and keep.  You can visit their website at https://www.aukey.com