Connecticut’s Liberty Bank Customers Targeted in Phishing Attack


Liberty Bank, the third largest bank in Connecticut with 55 branch offices located throughout the central and southern parts of the state, sent out a fraud alert Monday morning.

A phishing email was successfully sent to their customers, stating that a bill of over $2,000 had been paid to a fictitious name and contained a link to supposedly log into the bank’s online portal to dispute the fund transaction. The link most likely redirected to a fake webpage that looked like the bank’s portal, but collected the customer’s banking credentials to be used for later.

While it is unknown how many of Liberty Bank’s clients fell victim to the cybersecurity scam, this isn’t the bank’s first phishing scare.

Back in October of 2009, Liberty Bank’s Vice President, Jill Hitchman, stated that the FBI was investigating an automated phone-call phishing scam referencing the Connecticut-based bank. Hitchman reported that Liberty Bank customer information had not been compromised, and quickly implemented preventative measures, as well as made customers aware of the scam.


What Can We Learn?

With this local attack being so close to home, it only confirms the fact that email phishing scams are on the rise. Wombat Security’s “State of the Phish 2018 Report” found that phishing attempts have grown 65% in the last year, and 95% of all attacks on enterprise networks are the result of successful spear phishing, according to the SANS Institute.

Unfortunately, it only takes one wrong click to leak vital business data and online banking credentials that can either be sold on the dark web or used to process money transfers directly.

Thankfully, Liberty Bank quickly educated their clients on the malicious email and has procedures in place when phishing scams do happen. However, it’s important to ask yourself if you have the same protections in place as a small business? What if one of your employees had opened the email or what if it had a malicious email attachment? If not, we highly suggest Employee Cybersecurity Training that educates your employees on the difference between legitimate emails and targeted phishing attacks like this one.


Were You Affected by This Phishing Scam?

The bank is suggesting that the safest way for customers to log in to their online banking services is to go to the Liberty Bank website and use the login box in the upper right corner.

Customers who believe they may have fallen victim to the scam should call Liberty Bank immediately at 888-570-0773.


How to Protect Your Business

If you’re constantly being sent phishing emails like this one, or have employees that aren’t exactly discerning when it comes to emails, attachments, or websites, feel free to call us for a free quote on our affordable, online Employee Cybersecurity Training program at (860) 785-6233. We also provide in-depth Cybersecurity Risk Assessments for businesses to determine their IT infrastructure protection and security. Gain a peace-of-mind while navigating today’s treacherous cybersecurity landscape.



Mobile Malware: The Forgotten Cybersecurity Gap


With the growing reliance on computers and technology, businesses establish Computer Use Policies to standardize cybersecurity measures and decrease the likelihood of data breaches. However, they tend to forget about other types of devices, such as smartphones and tablets.

Almost everyone has a smartphone, yet businesses have little to no cybersecurity standards on them.

Unfortunately, some business owners tend to forget that the smartphones in our hands are basically mini computers and haven’t stopped to consider the disadvantages of mobile use. With more and more employees relying on their tablets and cellphones to sneak in a few emails here or work remotely there, the risk of mobile malware only increases.


Mobile Malware Continues to Surge

According to Symantec’s 2018 Report, new mobile malware variants have increased 54% since 2017. Even though user error is a huge issue with mobile cybersecurity, there are ways to be proactive against hackers and malware.


Here are a few tips on how to combat mobile malware and keep your devices secure:


1. Get Antivirus and Malware Apps for Your Device.

Avira is a great option since it automatically scans other apps for malicious activity as you download them. Malwarebytes Security is another great option. You should definitely have both on your phone, if possible.


2. Run the Updates on Your Phone iOS or Android OS Versions.

Even though smartphones and computers are often thought of as two different types of technology, they are very similar when you take them apart. Both pieces of technology use an OS (operating system) and require updates that install new security patches of code to block cyber attacks. Updating to the latest operating system is good cybersecurity hygiene. However, Symantec’s 2018 study found that only 20% of Android users are running the newest version of the Android OS, and only 2.3% are on the latest minor release. Minor releases in any OS contain security patches which help plug the security holes that developers find over time. That’s why it’s essential to make sure you’re installing the newest updates whenever you can.


3. Only Download Apps from the Google Play Store or iTunes App Store.

These popular apps stores have specific regulations and tests that apps have to pass in order to be listed and distributed on the store. These tests usually include a malware test, but they don’t always pick up everything. However, it’s still better than downloading an app directly off a website or “software” store.


4. Choose Apps That Have High Ratings, Download Numbers, and are Trusted Companies.

It’s very rare that an application with tons of high ratings and download numbers have malware. Chrome, Gmail, Yelp… These are larger companies that maintain their app’s security to protect both their users and themselves.


5. Pay Attention to Those Permissions.

If a PDF viewing app is asking for permission to access your microphone/phone calls, it might be good uninstall it. The application could contain malicious software created to “spy” or record data to use for blackmail. Mobile users also face privacy risks from “grayware” or “bloatware” apps that aren’t malicious, but can be troublesome. These apps devour CPU usage, storage, and RAM on your phone.


6. Delete Any Accounts and Apps that You Don’t Use.

Not only does this help keep your phone tidy, but it saves space and reduces the likelihood of stolen data. Your forgotten accounts and apps that you don’t update or use can become cybersecurity vulnerabilities. If you use similar passwords for your accounts, it would only take one gaming app to leak the password and be used on all of your other financial accounts.


7. Listen to Your Instincts.

Immediately delete apps that ask for personal information, such as social security numbers or bank account information. If the application is glitchy or won’t provide the functionality you downloaded it for, delete it. Be wary of apps that immediately take you to a fishy, specific URL in your internet browsing app.


When was the last time you considered the cybersecurity of your smartphone or mobile device? If you need help locking down your cybersecurity or creating a new Computer Use Policy that includes mobile devices, feel free to call Encompass IT Solutions at (860) 785-6233 for a Cybersecurity Risk Assessment for businesses.


Why Your Employees are Your Top Cybersecurity Vulnerability


#1: Undereducated in Cybersecurity/Human Error

Even though employees are the greatest asset for any business, undereducated workers can exist as a company’s top cybersecurity vulnerability.

With the widening gap of tech-savvy and tech-illiterate workers, it’s difficult to assess every employee’s understanding of cybersecurity. Employees who are comfortable with Microsoft Office and Google are often thought of as “tech savvy”, but they are usually unaware of the cyber attack tactics hackers use today.

One of the most devastating cyber attacks is spreading ransomware via a computer worm. This attack can easily be introduced by a loyal employee by one wrong click in an email or to a website with malicious software. Worms can infect every device on your entire network, including phones, tablets, computers, and servers. Side effects include encryption, lock you out from everything on your hard drive and rendering your computer system unusable. The scary thing is ransomware and worms can even infect your data backups, depending on how it’s setup.

Since a disaster is just one click away, it makes it even more important to train employees on topics like phishing emails, malicious websites, and company Computer Use Policies. Communication and training are often the best forms of cybercrime prevention.

After all, a system is only secure as its weakest link.


#2: Questionable Ethics

When money gets tight and the bills begin to stack up, people can become desperate. Think about how often people get their credit card stolen at a restaurant. A trusted waiter at a restaurant can easily collect credit card information and use it fraudulently– It’s the same thing with employees are your business.

Your employees often have access to databases, CRMs, billing, email accounts, or servers, and it’d be very easy for them to export data to a USB flash drive to sell or exploit later. Businesses that handle PII (Personal Identification Information), like social security numbers or birth dates, know this all too well. Medical records and social security numbers fetch a pretty penny on the dark web, the digital version of the black market.

However, it’s not just credit card information or bank records that a desperate employee can exploit. Sharing company trade secrets and intellectual property outlined in an NDA can also be detrimental to a business.


#3: Disgruntled Employees or Ex-Employees

It’s surprisingly popular. An employee will leave a company for whatever reason, and decide to delete vital company records for whatever reason. We’ve witnessed many companies that had to deal with data loss due to this scenario, and some business owners have taken the ex-employee to court over it.

Unfortunately, many business owners don’t give a second thought to how much information they share with their employees and provide individual user login accounts with separate passwords to track their online activity. Universal passwords entrusted to a disgruntled employee can easily be remembered or written down for off-site use when it’s harder to prove who did what and when.


Education is the Best Defense

If you’re concerned about your employees and how educated they are in the ways of hackers and cybersecurity, feel free to contact us at 860-785-6233 to learn about our in-depth Cybersecurity Employee Training program and Cybersecurity Risk Assessments to see how you’d fend against a malicious cyber attack.