Is this the most dangerous phishing scam yet?

Is this the most dangerous phishing scam yet?

Picture this: You’re going about your day, checking your emails, when suddenly you see a message from a company you trust.

You think, “Great! That’s safe to read”. But hold on just one minute… this email is not what it seems.

It’s part of yet another scam created by cyber criminals to trick you into clicking malicious links or giving up sensitive info. It’s called “SubdoMailing,” and it’s as dangerous as it sounds.

What’s the deal?

Just like regular phishing attacks, cyber criminals pretend to be trusted brands.

But here’s how it works: These cyber criminals scour the internet for subdomains of reputable companies. You know those extra bits in a web address that come before the main domain? Such as experience.trustedbrand.com. That ‘experience’ bit is the subdomain.

They find a subdomain that the brand is no longer using and is still pointing to an external domain that’s no longer registered.

Then they buy the domain and set up the scam website.

So, you believe you’re clicking on experience.trustedbrand.com… but you have no idea it automatically redirects to scamwebsite.com.

The criminals are sending out five million emails a day targeting people in businesses just like yours.

And because these emails are coming from what seems like a legit source, they often sail right past usual security checks and land in your inbox.

Here’s our advice to keep you and your data safe and sound:

  • Be wary of any emails that seem even remotely suspicious. If something looks fishy, it probably is.
  • Before clicking on any links or downloading any attachments, take a moment to verify the sender. Look for red flags like spelling mistakes or unusual email addresses.
  • Make sure your employees understand the latest phishing tactics and know how to spot a scam. A little knowledge goes a long way in keeping your company safe.
  • Consider investing in top-notch security software to keep the cyber criminals at bay. It might seem like an extra expense, but trust us, it’s worth it.

As always, if you need help with this or any other aspect of your email security, get in touch.

Read more

The little things that make a big difference

The little things that make a big difference

Microsoft’s latest Windows 11 update has dropped, and it’s got a small change that could make a big difference to you and your team.

Microsoft has given Copilot, its handy AI assistant, a new place on the taskbar. No more hunting around for the button. Now it sits on the far right of the taskbar, in what we tech folks call the ‘system tray area’.

If Copilot isn’t your thing, no worries. You can easily remove it from the taskbar altogether. But having an AI assistant at your fingertips can be a real boost for productivity, so we’d recommend you give it a chance before giving it the boot.

Before you rush to check if your Copilot button has relocated, let’s talk details.

First off, this update has been rolling out over the last few weeks.

It’s known as Patch KB5034765 (catchy name) and isn’t just about moving buttons around. It’s also packed with important security and bug fixes, including a crucial one for Explorer.exe. This was causing some PCs to freeze up when restarting with a game controller attached.

Probably not an issue in your business, but you never know…

There was also a problem with slow announcements from Narrator, the screen reading tool. That’s been fixed.

While this Windows 11 update may seem like small fry, it’s these little tweaks that can really streamline your workflow and stop your team from being interrupted by problems while they work.

Has your business switched over to Windows 11 yet? Our team can look at your set-up and advise whether you’d benefit from upgrading, or you should stay on Windows 10.

Get in touch and ask us for a tech audit.

Read more

And the award for most common phishing scam goes to…

And the award for most common phishing scam goes to…

If there’s one thing that’s 100% certain when it comes to protecting your business data, it’s that you need to be aware of phishing emails.

First things first, what exactly is a phishing email? Picture it as a wolf in sheep’s clothing, posing as a legitimate communication to deceive unsuspecting recipients. These emails often contain malicious links, attachments, or requests for sensitive data, all disguised as a business or person you already know and trust.

And you know what they say: Knowledge is power. One of the best ways to stay safe is to stay informed. We can do that by looking at the most common phishing emails of last year.

There are three main categories of phishing themes: Major, moderate, and minor.

Major themes

The biggest category is finance-related phishing emails, making up a huge 54% of attacks. These emails often contain pretend invoices or payment requests, aiming to lure recipients into giving away financial information.

Following closely are notification phishing emails, making up 35% of attacks. These emails prey on urgency, claiming your password is about to expire or you must take some urgent action.

Moderate themes

Document and voicemail scams take centre stage here, accounting for 38% and 25% of attacks respectively. These tactics involve deceptive files or messages designed to trick you into compromising your security.

Minor themes

While less common, minor phishing themes still pose a risk to people who don’t know what to look out for. These include emails related to benefits, taxes, job applications, and property.

Why should you be concerned about phishing emails? Falling victim to these scams can have serious consequences, including financial loss, data breaches, and damage to your company’s reputation. It’s essential to educate your employees about the dangers of phishing and put in place robust cyber security measures to protect your business.

Awareness and vigilance are your best defences against phishing attacks. By staying informed, training your employees, and using strong security protocols, you can safeguard your company’s valuable assets from cyber threats. We help businesses like yours stay safe. If you’re not 100% sure you’re fully protected… let’s talk.

Read more

Bridging the trust gap between your employees and AI

Bridging the trust gap between your employees and AI

You’ve probably been considering how to harness the potential of AI to boost your company’s efficiency and productivity.

But there’s a small problem. A recent study revealed something fascinating but not entirely surprising: A trust gap when it comes to AI in the workplace.

While you see AI as a fantastic opportunity for business transformation, your employees might be sceptical and even worried about their job security.

Here’s a snapshot of the findings:

  • 62% of C-suite executives welcome AI, but only 52% of employees share the same enthusiasm.
  • 23% of employees doubt their company’s commitment to employee interests when implementing AI.
  • However, 70% of business leaders believe that AI should include human review and intervention, showing they view AI as an assistant rather than a replacement.

Now that we understand the situation, how can you introduce AI gently and reassure your employees that their roles are safe?

Start by having open and honest conversations with your employees. Explain why you’re introducing AI and how it will benefit both the company and individual roles. Show them that AI is meant to be a helping hand, not a jobs terminator.

Invest in training that helps your people acquire the skills they need to work alongside AI. Make them feel empowered by showing that it can make their jobs more interesting and valuable.

Emphasise that your AI initiatives are designed to enhance human capabilities, not replace them. Let your team know that it will handle repetitive tasks, allowing them to focus on more creative and strategic aspects of their work.

Develop clear guidelines for responsible AI use in your business. Highlight your commitment to ethical practices and ensure that employees are aware of these policies.

Involve your employees in the implementation process. Seek their input, listen to their concerns, and make them part of the solution. This shows that you value their contributions.

Encourage a culture of continuous learning. Let your employees know that they’ll have opportunities for ongoing education and development, ensuring they stay relevant and valuable in the AI-driven workplace.

Introducing AI into your workplace doesn’t have to be a cause for concern among your employees. AI is a tool for growth and innovation, not a threat to job security.

If we can help you introduce the right AI tools in the right way, get in touch.

Read more

Microsoft wants you to pay for updates

Microsoft wants you to pay for updates

Microsoft has announced that starting on 14th October 2025, they will no longer provide free support and security updates for Windows 10.

While the idea of paying for updates might raise some eyebrows, let’s put this into perspective. By 2025, Windows 10 will be a decade old, and Microsoft is likely to have introduced Windows 12. And as we know, Windows 11 is available today.

Supporting multiple old operating systems can be quite a handful, even for a tech giant like Microsoft.

2025 may seem like a way off, but it’s a good idea to start weighing up your options now. Here they are:

Option 1: Upgrade to Windows 11

Microsoft’s preferred option is for you to switch to Windows 11. It’s got some fantastic features and free updates until its end of life.

Option 2: Stick with Windows 10 and pay

You can choose to stay with Windows 10, but you’ll need to pay for security updates (no new features, though). The exact cost isn’t known yet. It’ll likely be a subscription for monthly updates.

Option 3: Stick with Windows 10 and don’t update it

Sure, you can continue using Windows 10 without paying, but this isn’t advisable. Without updates, your business’s PCs will become vulnerable to threats and security issues. And without Microsoft’s support to fix problems, even tech experts like us have nowhere to go for help. Please don’t take this option!

You’ve got until October 2025 to decide, so there’s no rush. But if you want your business to thrive this year, we’d highly recommend upgrading to Windows 11 sooner than later. You’ll immediately benefit from some features that could improve your processes and make your team’s jobs easier. 

If you’re considering the move to Windows 11, or exploring other options, we’re here to help make the transition smooth and hassle-free. Get in touch.

Read more

Are you ready for next-gen email security? (YES!)

Are you ready for next-gen email security? (YES!)

Google has unleashed a powerful new tool to make your Gmail inbox a safer and spam-free haven, and it’s called RETVec.

But what exactly is RETVec?

Well, let’s break it down in simple terms. RETVec stands for Resilient and Efficient Text Vectorizer. Fancy. In plain English, it’s a tool that makes Gmail even better at spotting annoying spam emails that try to sneak into your inbox.

Did you know that the people behind spam emails can be very smart to try to avoid detection? Some use invisible characters, something called LEET substitution (like “3xpl4in3d” instead of “explained”), and intentional typos to get past our defences. But RETVec is trained to be resilient against all these tricks.

Google explains it as mapping words or phrases to real numbers and then using these numbers for further analysis, predictions, and figuring out word similarities. In short, it’s like giving Gmail a supercharged spam radar.

How does this benefit you? Gmail’s spam detection rate shot up by an impressive 38% with RETVec on the scene. Plus, Gmail’s false positive rate dropped by nearly a fifth (that’s 19.4% fewer false alarms).

What’s the catch?

I know that some of you might be wondering if there’s a catch. Well, there’s a tiny caveat you should be aware of, especially if your business sends promotional emails.

With RETVec’s increased vigilance, some legitimate emails might get caught in the crossfire. It’s a good idea to keep an eye on your email analytics to ensure your messages reach their intended recipients.

RETVec isn’t just about better security. It’s more efficient too. Google reports that the Tensor Processing Unit (TPU) usage of the model dropped by a whopping 83%. Smaller models mean reduced computational costs and faster delivery, which is a game-changer for large-scale applications and on-device models. So, it’s a win-win situation.

Spam is a go-to weapon for cyber criminals and now RETVec can help keep us better protected. It blocks malicious emails, keeping our data safe and our inboxes clutter-free.

If you don’t use Gmail, don’t feel too left out. It’s likely we’ll see other email providers including Microsoft bringing similar protection in the future.

In the meantime, if you’d like us to review your business’s email security, get in touch.

Read more

It’s time to say goodbye to traditional passwords

It’s time to say goodbye to traditional passwords

Did you ever imagine a world where the lengthy, complicated passwords people often forget would become a thing of the past?

It seems that day might be arriving sooner than we anticipated.

Google has officially made Passkeys the default sign-in method for all personal accounts on its network, signalling the beginning of a new era in online security.

What’s a Passkey, you ask?

It’s the next big thing in internet safety. And as a business owner with staff, you should pay attention to this game-changing innovation.

Here’s everything you need to know.

What are Passkeys?

Imagine logging into your account using just a four-digit PIN or your biometric data like fingerprints or facial recognition. That’s precisely what a Passkey is.

Simple, isn’t it?

But don’t let the simplicity fool you. This new technology significantly reduces the likelihood of having your credentials stolen or your account taken over by cyber criminals.

How do Passkeys work?

Creating a Passkey is easy. Head over to Google’s official Passkeys website, create a PIN or connect your biometrics (fingerprint or face), link your smartphone, and you’re done.

Just remember, your PC needs to run at least Windows 10, or your Mac should have macOS Ventura or above. And on your phone, you need Android 9 or iOS 16.

As of now, this tech works only on Microsoft Edge, Safari, and Google Chrome browsers.

What are the benefits of Passkeys?

According to Google, 64% of people find Passkeys easier to use than traditional login methods.

Not only are they simpler and more secure, they’re also faster. Logging in with a Passkey is 40% quicker than using a regular password.

What’s next?

Google’s decision to make Passkeys the default sign-in method is just the beginning. The tech giant is already working with select partners to make this new login usable across Chrome and Android. It’s already available on Uber and eBay, with plans to expand to WhatsApp soon.

So, it might be wise to start thinking about how Passkeys can benefit your business. After all, Google could soon roll out this feature for business accounts too.

Meantime, if you’re not quite ready to embrace Passkeys, you can still opt-out. Just head to the Sign-in options page, find “Skip Password When Possible”, and toggle off the switch.

We’d recommend you give it a try and see how much easier – and more secure – it can make things. And of course, if you need any help, get in touch.

Read more

Never mind “can’t teach an old dog new tricks”…

Cyber Risdks!!

New research has uncovered an unexpected twist in the tale of cyber security risks – your tech-savvy younger employees may be your biggest vulnerability.

Shocked? Let’s dive into the details.

More than 6,500 employees across the globe were surveyed, with an almost equal representation of demographics. The results were rather alarming.

The study found that younger office workers, those 40 or under, are more likely to disregard standard password safety guidelines. Can you believe that 34% admitted to using their birth dates as passwords, compared to just 19% of those over 40?

And it doesn’t stop there.

The habit of using the same password across multiple devices was also more prevalent among younger workers, with 38% admitting to doing this.

And let’s not even get started on phishing scams. A whopping 23% of the younger demographic didn’t report the last phishing attempt they received. Their reasoning? “I didn’t think it was important”.

But surely they understand the gravity of security threats against businesses, right? Well, not quite.

While ransomware and phishing were acknowledged as critical threats by 23% and 22% of employees respectively, the overall attitude towards cyber security leaves much to be desired.

Here’s the kicker: a staggering number of those surveyed revealed that their organisations did NOT provide any mandatory cyber security training.

From the US (30%) to the UK (17%), Netherlands (32%), Japan (35%), India (31%), Germany (22%), France (43%), Australia (29%) and China (65%) – the numbers speak for themselves.

So, are we really to blame our young workforce when it’s clear that businesses aren’t doing enough to equip their employees with the necessary cyber security skills?

It’s high time we stopped treating cyber security as an afterthought and started investing in regular cyber awareness training for everyone in our businesses. Yes, EVERYONE. Not just the tech team or the executives, but every single employee.

At the end of the day, it’s not just about protecting your business; it’s about creating a safer digital world for us all.

We can help you do that. Get in touch.

Read more

Are Your Business Tools Ticking Time Bombs For A Cyber-Attack?

Are Your Business Tools Ticking Time Bombs For A Cyber-Attack?

In June a popular file-sharing software amongst big-name companies likes Shell, Siemens Energy, Sony, several large law firms, a number of US federal agencies such as the Department of Health and more was hacked by Russia-linked cybercrime group Cl0p. Security Magazine reported that, to date, there are 138 known companies impacted by the breach, resulting in the personal information of more than 15 million people being compromised. More are expected to emerge as the investigation continues.

If you’re reading that list of company names thinking, “I’m just a small business compared to these big guys – that won’t happen to me,” we’ve got news for you. Many of these companies have cyber security budgets in the millions, and it still happened to them, not because they were ignoring the importance of cyber security, but because of a piece of software they use to run their business.

Progress Software’s MOVEit, ironically advertised as a tool you can use to “securely share files across the enterprise and globally,” “reduce the risk of data loss” and “assure regulatory compliance,” was exploited by a tactic called a zero-day attack. This occurs when there is a flaw in the application that creates a gap in security and has no available patch or defense because the software maker doesn’t know it exists. Cybercriminals quickly release malware to exploit the vulnerability before the software maker can patch it, essentially giving them “zero days” to respond.

These attacks are dangerous because they are difficult to prevent and can quickly and easily ruin smaller businesses.

Depending on the organization’s motives, the stolen data can be deleted, held for ransom or sold on the dark web. Or, if you are lucky enough to recover your data, you might still end up paying out thousands or more in fines and lawsuits, losing money from downtime and coming out on the other end with a damaged reputation that causes clients to leave anyway. In MOVEit’s case, the cybercrime agency Cl0p has claimed on their website that their motivation is purely financial and has allegedly deleted data obtained from government agencies as they were not the intended targets.

What does this mean for small businesses?

For starters, it underlines the harsh reality that cyber security isn’t just the concern of big businesses and government agencies. In fact, small businesses can be more vulnerable to cyber-attacks, as they often dedicate fewer resources to protection.

It also means that even if your organization is secure, the third-party vendors you work with and the tools you choose to use in your business still pose potential risks. Most of MOVEit’s customers that were affected likely had strong cyber security measures in place. Even though it was no direct fault of their own, at the end of the day, those companies still must go back to their clients, disclose what happened and take the verbal, legal and financial beating that comes with a data breach.

The MOVEit hack serves as a grim reminder of the critical importance of cyber security for businesses of all sizes.In the face of an increasingly sophisticated and fast-moving cyberthreat landscape, businesses cannot afford to ignore these risks. Cyber security must be an ongoing effort, involving regular assessments, updates, monitoring, training and more. As this terrible incident shows, a single vulnerability can lead to a catastrophic breach with severe implications for the business and its customers.

In the digital age, cyber security isn’t just a technical issue – it’s a business imperative.

If you have ANY concerns about your own business or simply want to have a second set of eyes examine your network for vulnerabilities, we offer a FREE Cyber Security Risk Assessment. Click here to schedule a quick consultation to discuss your current situation and get an assessment on the schedule.

Read more

ICT excellence in Education

School ICT Support and Services

We’ve been really busy recently with our Education customers. So I thought I would jot down some ramblings of why we’ve been successfully winning contracts.

  • We don’t treat these Academies, or schools any differently to any of our business clients, we provide the same reliable speedy service regardless of our clients being a school, or any business.
  • We love working within schools to help teachers use technology to improve the learning outcomes of the pupils.
  • Multi Academy Trusts like our services we can help in cost reductions.
  • We can help design a strategy, as well as providing first class support.
  • We help the Trust to stay on track, by designing a long term plan. Helping them budget for the future.

With this in mind we have been on a bit of a crusade recently, and have grown from 1 school to pushing to 20 schools (at time of writing).

What to do next?

How does this help you, well we are currently looking for even more Schools and Multi academy trusts in Devon and Cornwall who’s currently ICT Support agreement expires in the summer, or before.

I think we are really good, but don’t take my word for it. Read the thoughts of the CEO of our first MAT here.

Read more