Holiday Season Spam and Phishing Emails

As we start to move into the holiday season, it is a good time to remind your employees to be aware of spam and phishing emails. Both of these increase greatly at this time. Many people are, of course, ordering more from on-line retailers, and shipping more packages themselves. The bad guys know this, too, and know that people may be more susceptible to those false package delivery notices, and fake invoices, that they receive in their email inbox.

Additionally, more customers and more products moving through the stores will, of course, mean that your employees are busier. Therefore, they may not take as much time to evaluate any emails that are received and be more likely to open malicious emails and attachments or click on those deceptive links.

If this is the busiest time of the year for you, then you know that it would also be the worst time of the year to get hit with something as potentially damaging as malware or ransomware. So, before the holiday season hits hard, it may be a good time to remind your employees to be extra vigilant.

Reviewing your systems to ensure that the latest system updates are in place, that your anti-virus is up-to-date, and that your systems are as secure as you can make them, is also a good idea. As always, we are available to help you and can review your system if you would like.


Retail Theft Is On The Rise

Retail Theft Is On The Rise

In the USA, for 2018, the summary breakdown for retail theft was in the following areas.

  • Shoplifting loses is now a staggering $50.6 billion dollars a year.
  • Return fraud is an estimated $15 billion a year.
  • Gift card fraud is an estimated $5 billion a year.

The NFR (National Retail Federation) 2018 survey of over 500 Major retailers returned some significant numbers, and 2019 is expected to have an even higher increase. Some notable highlights are:

Survey respondents indicated that 91.6% had been victims of ORC (Organized Retail Crime) during the year.

Areas where the most fraud is occurring:

  • In-Store Only Sales: 42.9%
  • Online Only Sales: 30.2%
  • Multi-channel Sales( i.e. buy online, pickup in-store): 22.2%

In 2018, ORC represented $777,877 for every $1 billion in retail sales.

Thefts coalesced into the following areas:

  • Ease of Theft/resale ability: Ease of the ability to steal products and ease of being able to resell it via multiple channels, including online and social media.
  • Gift Cards: Ease of theft and internal policies that make using or reselling the Gift Cards easier.
  • Laws: Raised thresholds for what classifies and felony theft, and stores being unwilling to prosecute offenders.
  • Lowered defenses: Inability to do anything due to staff shortages, or internal “do nothing” policies, and lowered supply chain security.
  • Product: Brand names and/or high demand products that can easily be resold. – Here’s a list of some of the most common items stolen:
  1. Designer clothes
  2. Laundry detergent
  3. Infant formula
  4. Razors
  5. Designer handbags
  6. Denim pants
  7. High-end Liquor
  8. Deodorant
  9. Teeth whitening strips
  10. Cell phones
  11. TV’s
  12. Tools (Power Tools and Kits, hand tools)
  13. Toys
  14. Video Games and accessories
  15. Lumber
  16. Portable Generators
  17. Lawnmowers
  18. Power lawn/yard equipment
  19. Plumbing parts and accessories

Most retailers are planning to increase spending to combat crime in the following areas:

Estimates for 2019:

  • Burglar Alarms: 92.1%
  • Digital Video Recorders: 84.%
  • Armored Car Deposit Pickups: 68.3%
  • POS data mining: 65.1%
  • Live customer visible CCTV: 61.9%

Some retailers have opted to simply let the thieves go, documenting the theft, and then later filing insurance claims for the losses.

The major issue with these non-responsive methods is that it only further emboldens the thieves.

The bottom line here is that ultimately the retail consumer pays for all of this in the form of increased prices.

For more information go to:

– John

Security Concerns of Phishing Attacks

Security Concerns of Phishing Attacks

I am re-visiting the security concerns of phishing attacks in this posting. These remain the largest vector for delivering malicious software, such as ransomware attacks. The reason that it remains the preferred method of attack in many cases is that it works: People are still opening those phishing emails, and clicking on those links.

Training employees to recognize phishing emails should be an ongoing process for all companies. By periodically reminding them of the dangers, and what to look for, it keeps the idea fresher in their minds, and hopefully, they will be more on the alert for these dangerous attacks. Also, as those conducting such attacks are getting evolving, also, and getting more sophisticated. These attacks are increasingly using more targeted approaches, and are less obvious that they are not legitimate.

Many use such things as having links to websites that are only a letter, or so, off from the legitimate site. If the legitimate site is a “.com”, for example, the nefarious site may be a “.co”. Or, if the site is something like “”, then the fake site might be “”.

By making data security an ongoing process, your employees will not only have it kept fresh in their minds, but they can also be trained on how to spot the increasingly sophisticated attack emails. The more likely that they are to think about it before opening an email, or clicking on a link, as well as being better able to spot emails that just are not quite right, the safer your data is. The bad guys are not taking it easy, so that means that the rest of us have to constantly keep our guard up.


Having a good backup saved me and could save you too!

I know I have blogged about this before, but I have to again as having a good backup saved me and could save you too

So, the other day I noticed that I needed to update Windows on my work PC. So as usual, I installed them and waited to reboot as I had some projects going on. Once my projects were complete, I rebooted. That’s where the trouble begins. No matter what I did, I could not boot back into Windows, I tried everything I could, looked online for things I may not have tried, made changes to this, to that, run commands in a recovery mode, nothing would work. So as a last resort, I used my last backup from the day before, to restore my system from bare metal.

I am using a Cloud/local backup product from Solarwinds. It is kind of a “set it and forget it” program, although there is not much to do once it is setup, it is still a good idea to check on the status of your backup. Knowing I had a good backup, I started the restore utility and started downloading my backup from the previous day. It did take some time being it was downloading some 400GB+ of data (If I was using an external drive it would have been faster), but when I came into the office Monday morning, the restore operation was complete. I removed the recovery disk and rebooted. Next thing I know, my PC is backup and running. It was very easy, everything worked as before and with the exception of a couple of emails, all my data was there too.

The nice thing about Solarwinds backup is that it can be both local and cloud-based at the same time. As mentioned before, If I had a local external hard drive, the amount of time it would have taken would probably be a third of what it did take, but with the ease of the whole process, I cannot complain. Besides doing a full restore as I did, there is also an option for just restoring 1 file or a whole folder if necessary. The backup can even backup SQL databases (perfect for CPSQL customers).

So, if you are not currently backing up your system to the cloud or otherwise, please look into getting this setup. CCS can get you setup, have a status email sent you daily and help you any way we can.


Cryptojacking is on the rise again

Cryptojacking is on the rise again

After dropping off last year, the prevalence of cryptojacking is on the rise again. Cryptojacking is where the bad guys hijack your computer to mine cryptocurrency. That is, they use your computer hardware, and electricity, to mine cryptocurrency for their pockets.

While this is not as invasive, or devastating, as more malicious attacks such as ransomware, it still is taking money out of your pocket as well as impacting the use of your computer. By using the time that your CPU would normally be idle, the cryptojackers cause your system to use more power. That is in addition to slowing your system when you are actively using it.

In a simple form, your system could be hijacked by simply browsing a web site with a cryptojacking javascript. In that case, while you are on that website, your computer will be participating in the mining scheme and will stop when you go to another site, or close your browser. However, if the site can successfully infiltrate your system, it may load a persistent mining payload, and your system will then be mining until it is removed.

Of course, other avenues of an attack like phishing emails common, also. So, the usual warnings apply here, too, such as be very suspicious of any emails from people that you don’t know, keep your patches and anti-virus/anti-malware up to date, and so on.

If you are infected with a cryptojacker, the most likely thing that you will see is a general slowness using your computer. That is, until your electric bill arrives, which may be very much higher than you expected. Another indication, especially on a laptop, is that your cooling fan constantly runs at a higher rate than normal, indicating that your system is running hotter.

While cryptojacking software is typically not difficult to remove, it may be that other malicious software has also been loaded. Therefore, a good inspection of your system is in order.


Shimming to Clone the Mag Swipe Data that can be used to commit fraud


Everyone has heard of “skimming” when it comes to credit card fraud. But have you ever heard of “shimming”?

Shimming is the new “skimming” in the world of EMV chip cards. Shimming is done by inserting a paper thin card sized shim containing an embedded microchip and flash storage into the credit card slot where it intercepts data from the EMV chip of your credit or debit card. Although the data that is captured cannot be used to clone the chip itself, it can be used to clone the mag swipe data that can be used to commit fraud.

How can you protect yourself from this type of fraud? For starters, you can start using the “contactless” feature of the card if available (NCR Counterpoint supports this feature). Another way would be to use Apple Pay or Google Pay, or any of the smartphone-related payment apps if the retailer your shopping at supports these payment methods.

Another smart move, that you should already be doing, is checking your bank and credit card statements for any transactions not made by you and report any fraud immediately to your bank or card issuer. Most banks and credit card issuers already have apps that can be setup to alert you via text, email or both if any transaction over a certain dollar occurs.

For more information about the EMV capabilities of NCR Counterpoint or upgrading your system to be able to use EMV and contactless payments, contact the CCS Retail Systems Support Department at 800.672.4806 or email us.


No More Passwords?

No More Passwords?

No one likes those clunky passwords we use at work, home, and online. And most of us tend to forget a lot of them, especially with auto-save features on so many platforms. But now there’s good news for forgetful web users with a new standard that could do away with your old passwords.

The World Wide Web Consortium is the organization that creates internet standards and arbitrates major disputes. They’ve approved a new protocol called “web authentication” which could soon replace traditional passwords online with things like USB keys, smart devices, or biometrics like face I.D. or fingerprints. The Consortium says passwords that are stolen, are too weak, or left as “default” are to blame for 81% of data breaches.

Now, if a site supports the new “web authentication”, you can get in using USB or biometric confirmation, with no need to type in a password, giving us a look at what a password-free world might look like.

Many big companies are already joining up to create new password-free authentication protocols led by Silicon Valley. Google has already replaced most of its password-driven security with a set of physical security keys to access computers, and it’s paying off big, eliminating breaches throughout the company. And experts say the technology has the potential to go even farther, with a set of standards possibly spurring innovation and lowering the cost of the devices to access sites without passwords. “Web authentication” is already enabled system-wide on Chrome OS and Windows 10, and on the most commonly-used web browsers, like FireFox, Chrome, and Safari. So if you’ve been wanting to ditch your passwords, we are almost there.


Securing Your Network

Securing Your Network

One of the things that you should do in securing your network, is to limit internet access to only the sites that a particular station needs. For example, a Point-Of-Sale workstation usually only needs to be able to access the internet in order to validate credit and debit transactions. When that is the case, then your firewall should be configured to only let those stations through to the sites they need for authorization.

By limiting the access of those stations to only the card processor site, it prevents users from randomly browsing web sites during slow times. Thus, they cannot be checking their personal email or checking out the latest funny videos. This is not to punish them, but rather to eliminate those common vectors of attack. It prevents those viruses and malware-bearing emails from being read, and their payload potentially being unleashed on your workstations. It also prevents those drive-by downloads from malicious sites, from doing the same.

Obviously, there will be stations that need to access additional sites. However, if these sites can reasonably be limited to just those sites that need to be accessed, they should similarly be limited. It may be possible to limit those stations to only your company email, vendor sites, your store web site, etc. Additionally, those stations should be restricted to use by only those users that need to be accessing the sites that the stations are being allowed access to. Those users should also be trained on what to be aware of when accessing outside sites. In particular, the user or users that are accessing the company email should be trained on how to recognize potential phishing, or other malware, type emails.

Limiting the avenues that expose your network to outside contact, can go a long way towards preventing the network from being compromised. Such limits are often evaluated from the perspective of limiting outside access in. Access restrictions should be evaluated, and restrictions imposed from your network out, as well.


New Twists Ransomware and Spear Phishing Attacks

New Twists on Ransomware Spear-phishing Attacks

In recent years we have seen an increase both the number of spear phishing campaigns, and increased ingenuity as to the ways that scammers try to assist you in getting your systems infected, or attempt to fleece you out of money.

In the past, this may have been something sent via emails that used official-looking emails complete with a financial institution’s corporate logo, or they could get phone calls from a fake bank account executive. The email or caller could tailor an email to the customer with personalized information they downloaded, making it seem like it was a legitimate email.

The fake bank account executive or emailer would then indicate there is an urgent problem with the customer’s account, and then ask for birthdates, Social Security numbers or passwords. The virtual trap could also be set by the official-looking email asking customers to click on a link embedded in the email to, say, update their account information. However, the link takes the unsuspecting victim to a fake but legitimate-looking website, where the customer is then tricked into listing passwords, bank account numbers, Social Security numbers, user ID’s, access codes, and PIN’s.

Some recent twists on the above are:

An email that spoofs your email account in the emails “sent from” field. The body of the scammer’s email claims that they have already hacked into your system via a porn or adult dating website that you “supposedly” recently visited. The email indicates a direct threat to email explicit photos or videos to all of the contacts in your email system, specifically to your employer, and/or the police, if you don’t send money to a specific destination as of a specific date and time.

One or both of the following may be included:

  • Instructions on where to go to pay the ransom.
  • Clickable links that direct you to site to pay a ransom, and/or a link that actually infects your system with encryption malware, which subsequently locks you out of your system, with another ransom demand in order to get a key to un-encrypt your drive(s).

Typically, the best thing to doing in these situations is to immediately delete the email, and clear it out of your mail deleted mail folder and the follow-up with staff on how to be diligent about recognizing and handling these sorts of threats.

– John

Beware of Fake Emails

Beware of Fake Emails

Recently, I have noticed a great increase of emails, both at home and at work, that appear to come from legitimate sources, but are bogus emails. Sent under recognizable names, either personal or professional, the sender wants you to open the attachment so your information can be stolen, a virus installed, and your computer shut down for a ransom.

The fake emails that come to me most often are supposedly from my daughter, who lives in another state and works for a university. The email address looks correct, yet the subject information is something that I know my daughter would never say to me. The first thing I did, before opening the first one like this, was to call her and ask if she sent me an email. When she said, “No,” I immediately set my computer to block further emails from this address. That worked for a while, but now they have returned with a small change from the original email address used. Hackers can be very sneaky.

Other malicious emails I have received say they are from UPS about a package that may have been lost, from the Internal Revenue Service about a tax I supposedly owe, and from DHL about a delivery.

The best way to deal with fake emails is to install a good anti-virus program, and also use extreme caution before opening any attachment that looks even remotely “fishy.” Carefully assess the email address, subject line, and even the language used. Ask yourself if this is an expected email, or something unexpected. Be careful and be safe!

If you ever think you may have been hacked, call us at once for help. Our techs can work with you to get you back on track! Our number Is 425-672-4806 or you can email us.