fbpx

The Amazon Scam: What You Need to Know

Stay Alert: How Scammers are Targeting Your Address

You might have noticed an increase in social media posts from people claiming that their Amazon parcel has been delivered to the wrong address. While these posts might seem like harmless mistakes, they’re often part of a sophisticated scam designed to exploit both the person whose account was hacked and the unsuspecting individual who receives the parcel.

How the Scam Works

Here’s a step-by-step breakdown of how this particular scam typically unfolds:

  1. Account Compromise:
    The scam begins with a cybercriminal hacking into someone’s Amazon account. This could happen through phishing attacks, weak passwords, or other means of gaining access to account credentials.
  2. Placing an Order:
    Once they have control of the account, the scammer places an order for a high-value item, such as a 60” TV or other expensive electronics. However, instead of sending it to the hacked account’s address, they choose an alternate delivery address—this is where the scam starts to get tricky.
  3. Avoiding Detection:
    If the item were delivered to the hacked account’s address, the legitimate account holder would likely notice the unauthorized purchase and initiate a return or report the fraud. By sending it to a different address, the scammer avoids immediate detection and increases their chances of successfully completing the scam.
  4. Social Media Deception:
    After the order is placed, the scammer posts on social media, claiming that their parcel was mistakenly delivered to the wrong address. The post often includes a plea for help, asking if anyone has received a parcel by mistake and offering a screenshot of the order as proof.
  5. Collection Scam:
    When an unsuspecting person sees the post and checks their own delivery, they might realise they’ve received a package that doesn’t belong to them. When the scammer shows up at their door claiming to be the rightful owner of the parcel, the person, believing it was an honest mistake, hands over the item.
  6. The Aftermath:
    The scammer walks away with the expensive item, and the hacked account holder is left dealing with the financial loss and the hassle of securing their account. Meanwhile, the person who handed over the parcel may never realise they were part of a scam.

What You Should Do

It’s important to be vigilant and aware of these types of scams. Here’s how you can protect yourself:

– Ignore Suspicious Posts:
If you see a post or message on social media claiming that an Amazon parcel was delivered to the wrong address, be cautious. It’s better to ignore such posts, especially if the person is asking you to hand over a parcel you received in error.

– Check Your Deliveries:
If you receive an unexpected parcel, double-check the order details and contact Amazon directly if something seems off. Never hand over a parcel to someone claiming it was delivered by mistake without verifying their story.

– Secure Your Accounts:
Ensure that your Amazon account and other online accounts are protected with strong, unique passwords and enable Multi-Factor Authentication (MFA) where possible. This reduces the risk of your account being hacked in the first place.

Scammers are always finding new ways to exploit the trust and goodwill of others. By staying informed and cautious, you can protect yourself and your community from becoming victims of these deceitful tactics. If you suspect you’ve encountered a scam like this, report it to Amazon and avoid engaging with the scammer.

Stay safe, and remember: if something doesn’t feel right, it probably isn’t!

Windows 10 & Windows Server 2019 End of Life: What You Need to Know

Important Updates on Windows 10/Windows 2019 EOL

As many of you may already be aware, Windows 10 is approaching its End of Life (EOL) phase. Microsoft has set the official EOL date for Windows 10, which means that after this date, the operating system will no longer receive updates, security patches, or technical support from Microsoft. This can leave systems vulnerable to security risks and compatibility issues.

Welcome To Our Newsletter

Bringing you quarterly news on IT topics that will help your business!

We are excited to launch the first edition of our quarterly newsletter, designed to bring you the latest insights, updates, and advice on IT topics that matter most to your business. At Carden IT Services, our goal is to help you get the best return on your investment, keep you informed about important changes in the IT world, and ensure your systems are secure.

How Office 365 Token Theft is Putting Businesses at Risk

Learn about the latest cyber threat

A new threat has emerged that is putting businesses at serious risk: Office 365 token theft. This sophisticated form of cyberattack has the potential to bypass even the most robust security measures, including Multi-Factor Authentication (MFA), which many organisations rely on to protect their sensitive data.

Must-Have IT Services to Streamline Business Operations

Staying competitive in the modern business environment requires companies to be agile, streamlined, and able to adapt to changes in technology. This has made the IT department one of the most important parts of any company, not just for Silicon Valley businesses, but for every business. 

From enhancing their cybersecurity to harnessing the power of IT services and artificial intelligence, modern businesses are leveraging technology to stay ahead of the competition.

What Is MESH Email Security and How Does It Work?

Imagine your email security as the front gate to your house. Just like you’d want a strong gate to keep out unwanted visitors, businesses need email gateway security to keep out harmful stuff from their emails. Effective email security is like having a guard that checks every email coming in and going out to make sure they’re safe. This guard looks for things like viruses, spam, or hackers trying to sneak in. If it finds something suspicious, it blocks it from getting in or going out.

Why Email Security Is Important for Businesses:

  1. Protects Your Business Data: Your emails probably have sensitive stuff in them, like customer info or business plans. Email gateway security acts like a shield, keeping all that info safe from hackers who might try to steal it.
  2. Blocks Nasty Stuff: You know how you sometimes get spam or junk mail in your mailbox? Well, businesses get a lot of that too, but sometimes it’s not just annoying – it’s dangerous! Email gateway security filters out all the bad stuff, like viruses and phishing scams, so they never even reach your inbox.
  3. Keeps Operations Running Smoothly: Imagine if your mailbox got so jammed with junk that you couldn’t find your important letters anymore. That’s what can happen to businesses if their emails get flooded with spam or malware. Email gateway security keeps everything flowing smoothly, so you can focus on running your business without interruptions.
  4. Boosts Trust with Customers: When your customers email you, they want to know their messages are safe. Having strong email security shows them you take their privacy seriously, which builds trust and loyalty.
  5. Saves Time and Money: Dealing with email problems can be a huge headache and cost your business time and money. Email gateway security prevents those problems from happening in the first place, so you can avoid all the hassle and expense.

The Main Features of MESH Email Security:

  1. Decentralization: Instead of relying on just one guard (or server) to protect all emails, MESH email security spreads out the guards across many places. This makes it harder for hackers because they can’t just break through one gate. Imagine instead of having a single security guard at your front door – you had a team of security guards instead.
  2. Peer-to-Peer Communication: Imagine if your team of security guards could talk to each other in real-time. That’s what MESH email security does. If one guard spots something fishy, it can quickly tell all the other guards to watch out too.
  3. End-to-End Encryption: It’s like putting each email in a special locked box before sending it out. Only the sender and receiver have the keys to open these boxes, so nobody else can peek inside, even if they try.
  4. Adaptive Threat Detection: This is like giving the guards superpowers. They can learn from past attacks and get smarter over time. So, even if a new threat comes up that they’ve not seen before, they can still recognise it as a threat and catch it.
  5. Redundancy and Resilience: If one guard falls asleep or gets overwhelmed, there are many others ready to step in and keep the place safe. It’s like having backup guards always on standby.
  6. User Privacy and Control: Businesses can decide who gets access to their emails and how they’re protected. It’s like giving them the keys to their own security system, so they feel safe knowing they’re in control of exactly who has access – and they can remove it at any time.

In simple terms, MESH email security is like having a team of security guards spread out across your business, working together to keep your emails safe from the bad guys.

 

What is DMARC and why should companies have it?

DMARC is part of a suite of email security features that work together to give your domain extra layers of protection.

SPF (Sender Policy Framework): Think of SPF like a bouncer at a club who checks the guest list before letting people in. SPF is a protocol that verifies whether an email sender is allowed to send messages on behalf of a specific domain. It works by publishing a list of authorised mail servers in the domain’s DNS records. When an email is received, the recipient’s server checks this list to see if the sending server is authorised. And like every bouncer says “If it’s not on the list, it’s not coming in”

DKIM (DomainKeys Identified Mail): DKIM is like adding a digital signature to your email. When an email is sent, DKIM adds a unique signature generated by the sending server to the message header. When the email is received, the recipient’s server can verify this signature by checking it against a public key published in the sender’s DNS records. If the signature matches, it proves that the email hasn’t been tampered with during transit and that it genuinely came from the domain it claims to be from.

DMARC (Domain-based Message Authentication, Reporting, and Conformance): DMARC is like the boss overseeing the bouncer and the VIP list. It builds on SPF and DKIM to provide an extra layer of protection against email spoofing and phishing attacks. With DMARC, domain owners can specify how they want email servers to handle messages that fail SPF or DKIM checks. They can choose to quarantine them, reject them, or even monitor them for potential threats. DMARC also allows domain owners to receive reports on email authentication failures, giving them valuable insights into potential abuse of their domain.

Why Companies Should Have DMARC:

  1. Prevents Email Spoofing: DMARC helps prevent cybercriminals from spoofing a company’s email addresses to trick recipients into revealing sensitive information or downloading malware. By enforcing strict authentication policies, companies can ensure that only legitimate emails are sent from their domains.
  2. Protects Brand Reputation: Email spoofing can damage a company’s reputation and erode customer trust. With DMARC in place, companies can demonstrate a commitment to email security and protect their brand reputation by reducing the risk of phishing attacks and fraudulent emails.
  3. Compliance Requirements: Many industries have regulations and compliance requirements related to email security. Implementing DMARC can help companies meet these requirements and avoid potential penalties for data breaches or non-compliance.
  4. Industry Trends: Major email providers like Google are increasingly adopting DMARC authentication and starting to reject emails that fail DMARC checks. As more companies follow suit, emails without DMARC authentication may be more likely to be flagged as spam or rejected, potentially leading to delivery issues and communication problems.

In summary, implementing DMARC, along with SPF and DKIM, is essential for companies to protect their email domains from spoofing and phishing attacks, safeguard their brand reputation, comply with industry regulations, and ensure reliable email delivery in an evolving email security landscape.