Heads Up, Gmail Users Need to Do This Now!

 

Just when you think you've got a handle on online security, something else will appear on your feed. This time, it's a new Gmail attack that's got everyone talking. Google has confirmed a new attack that uses weaknesses in their system along with clever scams. 

This latest attack first surfaced on X and in the crypto circles, which makes sense since the initial victim was none other than an Ethereum developer, Nick Johnson. He described it as an "extremely sophisticated phishing attack" that "exploits a vulnerability in Google’s infrastructure." What's even more concerning is his warning that because Google hasn't fixed it yet, we're likely to see a lot more of this.

The attack itself is disturbingly clever. It starts with an email that looks completely legitimate, coming from a genuine Google address. Johnson pointed out that it was sent from no-reply@google.com, passed all the security checks, and Gmail happily placed it right alongside his other real security alerts.

Even if you have two-step verification (where you get a code on your phone), it's not enough anymore, especially if those codes come by text message. It's too easy for these attackers to steal your password and those text message codes.

The scary part is how they pulled this off. Apparently, these attackers found a way to send a correctly formatted Google email to themselves from Google. They can then forward copies, and because it retains that original legitimate signature, it looks the real deal. But the end goal is the same old trick: a fake login page designed to steal your credentials.

Thankfully, Google has acknowledged this. They've said they're "aware of this class of targeted attack" and have been rolling out protections over the past week, promising a full deployment soon to shut down this method of abuse. In the meantime, their advice is blunt: get on two-factor authentication and, even better, start using passkeys. They emphasize that these offer much stronger defense against these kinds of phishing attempts.

What really helps? Passkeys. These are like digital keys linked to your phone or computer. To log in, you need to unlock your device – so if an attacker doesn't have your phone, they can't get in, even if they have your password. Google isn't getting rid of passwords completely yet, but you should stop using them to log in.

These smart attacks, and the ones we've seen lately, can be stopped if you update your security. And with AI getting better, these kinds of attacks will become much more common. Microsoft even warned that AI is making it easier for criminals to create believable scams.

You can find out how to add a passkey to your Google account – you should do it today.

The news is full of this latest Gmail problem, but the main point is simple: Google will never email you out of the blue about security issues or ask you to do something to stay safe. Also, if you follow their security advice, your account will be much safer.

Set up passkeys now if you haven't. And remember, just like with bank scams, if someone contacts you pretending to be Google and asking you to do something, it's a scam. It's a constant fight, and it's getting tougher. Google's old advice to just use two-step verification isn't good enough anymore, especially if it's just text messages.

Don't just rely on two-step verification, especially not text messages. There are other security keys you can use, but passkeys are the easiest. If you use Gmail, all three billion of you should set up passkeys now. Google is moving away from text message codes, and you should too. In your account settings, turn on an authenticator app or Google prompts on your other devices as well – and definitely use a passkey.

If you have strong security like this, you don't have to worry as much about how clever the attacks are. But you need to stop typing in your password to log in, and make sure your two-step verification is stronger than just text messages. Google and others still let you use passwords as a backup, even with passkeys, and that's a weak spot.

Think about it: if someone gets into your email, they can probably get into everything else linked to it, like your bank or social media. They can ask for password resets and see security alerts.

You've been warned. Do this now to protect yourself.

Thinking of Moving from OneDrive to Google Drive?

 

Thinking about switching from OneDrive to Google Drive? Now's the perfect time. Google's powerful migration tool is generally available, and with the added customization features, moving your business data is smoother than ever. Interlock IT, a proud Microsoft and Google Partner, is ready to guide you through the process.

Why Choose Google Drive?

Many businesses are making the switch to Google Drive for its powerful collaboration tools, seamless integration with the Google Workspace ecosystem, and enhanced security features. If you're looking to boost team productivity and streamline your workflow, Google Drive is a compelling option.

Google's Enhanced Migration Tool: Easier Than Ever

Google's migration tool is now generally available, giving admins the power to move files for up to 100 users simultaneously while preserving crucial file sharing permissions. And with the latest updates, you get even finer control:

• Migrate only the files you need by specifying a date range.

• Exclude unwanted file types and large files to streamline the migration.

• Let Google automatically match users between OneDrive and Google Drive (no manual mapping needed) meaning save time and effort by letting Google automatically map users.

Interlock IT: Your Migration Partner

Migrating your business data can be a complex undertaking. Interlock IT, as both a Microsoft and Google Partner, simplifies the process. We offer:

• Personalized Planning: We'll work closely with you to understand your unique needs and develop a tailored migration strategy.

• Expert Execution: Our team will handle the technical aspects of the migration, ensuring a smooth and efficient data transfer.

• Minimized Downtime: We'll work to minimize any disruption to your business operations during the migration.

• Ongoing Support: We'll be there to support you after the migration, answering your questions and helping you maximize the benefits of Google Drive.

Ready to Make the Switch?

If you're a business considering a move from OneDrive to Google Drive, Interlock IT is here to help. Contact us today for a free consultation. We'll help you navigate the migration process and ensure a successful transition to Google Workspace. Let us help you unlock the full potential of Google Drive and drive your business forward.

Secret Weapon Against Phishing? This Simple Email Check Could Save You!

The recent news about Ethereum developer Nick Johnson being targeted by a sophisticated phishing attack serves as an important reminder of the ongoing threats we face online. Johnson, the lead developer of the Ethereum Name Service (ENS), fell victim to a cleverly designed email that bypassed Gmail's security filters.

The attack utilized a "DKIM replay" technique, making the malicious email appear to be a genuine security alert from Google. The email, which claimed a subpoena had been issued for Johnson's Google account, used a spoofed "no-reply@google.com" address and even passed the DKIM signature check, causing it to be grouped with legitimate Google security notifications.

Image Source: https://x.com/nicksdjohnson/status/1912439023982834120

The email urged immediate action via a link to "Review Activity," which led to a fake Google support portal hosted on a legitimate Google subdomain (sites.google.com). This added to the deception, as the URL appeared trustworthy at first glance. The attackers exploited a vulnerability in Google's OAuth system to create this convincing fake communication.

This incident highlights the increasing sophistication of phishing attacks, which are now leveraging legitimate infrastructure and authentication methods, making them harder to detect.

Understanding How to Spot Phishing Emails

While these attacks can be sophisticated, there are still key indicators that can help you identify a potential phishing scam:

• Sense of Urgency: Phishing emails often try to create a feeling of urgency, pressuring you to act quickly without careful consideration. Be wary of phrases like "Immediate Action Required" or threats of account closure.
• Examine the Sender's Email Address: Don't just look at the name displayed. Hover your mouse over the sender's name to see the actual email address. Verify if the domain matches the legitimate organization. For example, emails from Google should typically end in @google.com.
• Inspect Links Before Clicking: Before clicking any links, hover your mouse over them to see the actual URL. Check if it matches the expected website address and look for any unusual characters or misspellings. In Johnson's case, the link directed to sites.google.com instead of the primary accounts.google.com for account-related actions.
• Check the "Mailed by" and "Signed by" Information: This relates to email authentication protocols like DKIM (DomainKeys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting & Conformance), which help verify the sender's identity. Ideally, for a legitimate email that has passed these checks, the "mailed-by" and "signed-by" domains should be the same. If these domains are different or appear suspicious, it could be a sign of a phishing attempt. 

Image Source: https://x.com/nicksdjohnson/status/1912439027224944676

• Look for Grammatical Errors and Typos: While not always the case with sophisticated attacks, many phishing emails contain grammatical mistakes or typos. Legitimate organizations usually have professional standards for their communications.
• Be Cautious of Attachments: Avoid opening attachments from unknown or unexpected senders, as they may contain malicious software.
• Verify Through Official Channels: If you are ever unsure about the legitimacy of an email, do not respond to it or click any links. Instead, contact the organization directly through their official website or phone number to verify the communication.

The phishing attack on Nick Johnson underscores the importance of staying vigilant and informed about online security threats. By understanding the tactics used by cybercriminals and knowing how to identify potential phishing attempts, individuals can significantly reduce their risk of becoming a victim.

Conclusion

Having strong email security measures in place is more critical than ever. At Interlock IT, we understand these challenges and are committed to empowering you with the tools and knowledge to stay protected. That's why we offer comprehensive DMARC report analysis to help you understand and improve your email authentication setup, a crucial step in preventing email spoofing and enhancing your overall security posture. As a trusted Google Partner and Microsoft Silver Partner, we provide expert guidance and solutions tailored to your specific needs. Don't wait until it's too late – take proactive steps to secure your cybersecurity today.

Contact us today for more information.

Interlock IT's Insider Secrets to Outsmarting Big Bank Fees

At Interlock IT, we're always looking for ways to optimize our operations and save money. And as it turns out, one of the biggest drains on our resources was something many Canadian businesses face: exorbitant banking fees and poor exchange rates, especially when dealing with US dollars (USD). Our owner, a seasoned CPA, was tired of seeing hard-earned money disappear into the pockets of big banks. So, we made it our mission to find and implement the most efficient, cost-saving Canadian payment and banking solutions.. And we’re here to share our story, because we believe everyone deserves to keep more of their money.

The Hidden Costs of Traditional Banking

Let’s face it, traditional banks can be costly. We noticed this firsthand when converting USD to Canadian dollars. For example, when we needed to convert $8,514.23 USD, the amount we received from our regular bank was noticeably less than what we could get elsewhere. We found that we were losing money due to hidden fees and less-than-ideal exchange rates. It felt like we were paying for convenience, and not getting much in return.

Testing Canadian Payment and Banking solutions

We decided to explore alternatives, and what we found was eye-opening. Here's what we did:

• Wise: For currency conversions, Wise became our go-to. It offers transparent fees and much better exchange rates. We saved a significant amount on every USD to CAD conversion.
  
  
• Venn: For Canadian dollar and USD electronic payments, Venn is our top choice. Their fees for EFT payments within Canada are much lower than Wise's, and they offer monthly plans with unlimited local payments. It's more cost-effective for electronic payments within Canada. We switched from Plooto to Venn because of the cost savings. 
  
  
• EQ Bank: We moved our primary banking to EQ Bank. It’s a completely digital bank with no monthly or transaction fees, and it pays us 3% interest on our operating funds. That’s a huge win compared to the zero interest and fees at RBC and other traditional banks.
  
  
• Wealthsimple: An alternative to EQ Bank for 2.75% interest on business savings accounts but with the added option of investing in their managed stock portfolios. Self directed investment accounts are coming soon.
  
  
• RBC: We still maintain an account with RBC for legacy reasons, to receive payments from long-term customers who have been using it for 15 years. However, we transfer our RBC receipts daily to EQ bank to earn that 3% interest.

Why This Matters to You:

You might be thinking, "What does this have to do with me?" Well, the same principles apply to everyone. Whether you're a business owner or just managing your personal finances, you can benefit from:

• Saving money: By using platforms like Wise, you can get better exchange rates and avoid hidden fees.
• Earning more: Digital banks like EQ Bank offer higher interest rates, allowing your money to work harder for you.

Our Experience is Your Benefit

At Interlock IT, we've seen firsthand how these changes can make a real difference. We’re not just talking about saving a few dollars; we’re talking about significant savings that add up over time.

Want to Try It Yourself?

We’re so happy with these services that we’re sharing our referral links. We’re sharing these links because we truly believe these platforms are beneficial. 

• Wise: https://wise.com/invite/dic/blairc78 (Use this link to save on your first transfer, and we'll receive a small bonus.)
• Venn: https://app.venn.ca/signup?referral=4h38zhwc&utm_source=app&utm_campaign=referral
• EQ Bank: https://join.eqbank.ca/referral;code=SBLAIR6182
• Wealthsimple: www.wealthsimple.com/invite/RDEZHG

We want to be clear that these referral fees are not our main motivation. Our primary goal is to share useful insights. If our guidance has proven valuable to you, we see no reason to decline them.

Key Takeaways:

• Don’t settle for high bank fees and poor exchange rates.
• Explore other banking tools to save money and simplify your finances.
• Every little bit of savings adds up.

A User-Friendly Guide to Microsoft 365 Support

If you're running a business, you're likely using or thinking about Microsoft 365. It's not just the familiar Office programs anymore, it's a complete cloud system that helps teams work together.

Microsoft 365 makes teamwork easy. You can work on files together at the same time, save automatically, and get to your files anywhere. Teams is like your online office, where you can talk, meet, and share. OneDrive stores your files in the cloud, and SharePoint helps your team stay connected.

While Microsoft 365 gives you a lot of power, keeping all its parts working well can be difficult. That's where reliable support becomes essential.

Understanding Support's Role

Microsoft 365 support is like your tech safety net. It's not just about troubleshooting issues, but it also includes:

• Preventing Issues: Instead of reacting to crashes, skilled support teams prevent them, ensuring uninterrupted productivity.
• Maximizing Efficiency: They act as guides, showing advanced features you might not know about which can optimize your workflow.
• Strengthening Security: Keeping your digital security strong is crucial. Support teams can help you understand and implement the right security measures.
• Providing Training: Good support includes teaching you how to use advanced features and leverage the full power of Microsoft 365, making your team more efficient.

Different Types of Microsoft 365 Support

Getting help with Microsoft 365 doesn't have to be a maze. No matter your Microsoft 365 challenge, there's always a support solution.

Direct Technical Assistance: For immediate issues, Microsoft's technical support is your first point of contact. Whether it's a quick chat or a more detailed phone call, they're ready to help. Larger businesses can even get dedicated support managers.

Microsoft's Own Learning Hub: Microsoft provides a wealth of free training and resources through its Learn Platform. From beginner guides to advanced certifications, it's a great place to boost your knowledge.

The Power of Community: Microsoft's online forums are a goldmine of information. IT pros and experienced users share their insights, offering solutions and tips you might not find elsewhere.

Personalized Partner Support: For a more tailored experience, partnering with a Microsoft 365 expert like Interlock IT means getting personalized solutions and dedicated support to maximize your productivity and security. Also, dealing with Microsoft's general support can often mean waiting for answers, which isn't ideal when time is crucial. In contrast, partnering with Interlock IT, a Microsoft 365 Silver Partner, means immediate access to a team of dedicated specialists which eliminates the hassle of long wait times and ensures your productivity and security are never compromised. 

Get the Help You Need

Don't face Microsoft 365 challenges alone. Use available support - from official channels to expert partners, leverage these resources. Even experienced users need help. A strong support system boosts productivity and saves time. 

Ready for Expert Support?

If a partnership with expert Microsoft 365 support and timely responses sounds good, then let’s talk. Reach out to our team at Interlock IT, and we can get started.

How Reliable is Your Cloud Data Backup?

Is your Business Continuity and Disaster Response (BCDR) a safety net or a gamble? More and more businesses use cloud services to store their important files. Data loss can happen anytime. This means we need new ways to protect that data. 

Afi.ai helps businesses keep their cloud data safe and get it back quickly if something goes wrong. Afi.ai provides the reliable cloud data protection you need to ensure business continuity, no matter the crisis.

What Afi.ai Does 

Afi.ai gives you a way to back up and protect your important data in the cloud. This includes emails, files, and shared documents. It's like having an extra copy of everything, just in case something goes wrong. This is crucial for disaster recovery, so you can get your business running again quickly.

Why Afi.ai is Different 

• Quick recovery: If you lose data, Afi.ai helps you get it back fast, even during a disaster, which is essential for disaster recovery and maintaining business continuity. 
• Instant Offline Data Export: Afi offers instant offline data export, unlike other backups that cause delays with cost-saving storage. This ensures quick data access without compromising affordability.
• Offsite Storage: Afi's off-site cloud storage, with locations across the USA, Canada, EU, UK, and Australia, safeguards data from local disasters. This geographical distribution ensures business continuity by keeping backups secure regardless of regional incidents.
• Data Retention: Cloud data retention means managing data storage and disposal according to platform rules, ensuring compliance with environments like Google Workspace and Microsoft 365. Afi enhances this by offering versioning, deleted item recovery, and unlimited data retention.

Afi.ai is for All Businesses

While IT companies find Afi.ai invaluable, it's designed for any business that relies on cloud data, offering simple yet powerful BCDR solutions for everyone, regardless of size.

The Future of Data Protection

Afi.ai is important because it helps businesses keep their data safe in the cloud. As more businesses use the cloud, tools like Afi.ai will become even more important for effective Business Continuity and Disaster Recovery (BCDR).

Final Thoughts

As data concerns and the risk of losing it are on the rise, having a good cloud backup solution is crucial. Afi offers top-notch features like easy backup and recovery, ensuring one's data stays secure. For more information on how Afi can further enhance data protection journey, feel free to reach out to our team for a demo.