Hurricane Preparedness Tips

As Hurricane Milton approaches central Florida, it is important to review your disaster preparedness plans as well as your network and data status and backups.  There are many things to consider in the event of a major hurricane/tornado or storm.  The most likely risks for many locations are loss of power, flooding, building damage and power surges.  Below are some things you should review as soon as possible:

Backups:  Check your data backups or work with your I.T. provider to ensure you data is backed up.  If you have a Cloud-backup, that is good.  If you are backing up locally, consider taking a copy of your data to a trusted location off-site.

Communication.  Are you able to communicate with your staff in the event your office is closed?  E-mail, Microsoft Teams and SMS (text) are all good communication options.  Make sure your staff knows how to access the ones you use and make sure you have at least two different methods of communication.

Power:  Battery backups are important.  Even the best ones only provide temporary power, however.  Depending on the size of the backup and the equipment load, typically battery backups may last 10 to 40 minutes.  They are designed for short power-outages and to allow the graceful shutdown of equipment, not for sustained power outages.  If a power loss is likely, it is suggested that equipment is gracefully shutdown well head of expected high-winds to ensure that equipment is less likely to have an unplanned shutdown.  These shutdowns often necessitate someone going onsite for power-up, so plan this ahead so you know what to do.   Unplugging equipment from AC outlets can be an additional step if high lightning or power surge activity is expected.  If you want your I.T. provider to assist with these shutdowns, plan ahead to ensure they have capacity to support you.

Equipment Protection:  If you have doubts about your roof or structure, consider moving equipment away from windows or covering it with tarps or trash-bags (only if equipment is completely shut-down – never with running equipment!).

Remote Work:  In the event your office must be closed or cannot reopen for a time, do you have a remote work plan?  If your data is entirely cloud-based, you only need to ensure that staff have laptops or personal computers they can work from.  If you have on-premises servers, consider what you will do if your office is damaged or without power.

Insurance:  While not an I.T. specific item, you should ensure your business insurance is up to date and covers not only your office property but potential data loss as well.

Employee and personal Safety:  Systems and data can be repaired or replaced.  Take personal precautions for yourselves and your employees and ensure that you all stay out of harm’s way.  Never travel in unsafe conditions or to an unsafe structure to reach I.T. or other business systems.

Ideally these items have been thought out well in advance, but it never hurts to review and update your plans and procedures.  While there may not be time before Milton to make changes, if you want to review or improve your I.T. disaster planning and recovery steps for the future, please let us know.

UPS Text Scam – How to Avoid getting Phished?

Today I received a text on my business phone that peaked my interest. It said:

#UPS EXPRESS
– Your package has arrived but we were unable to deliver it. Follow the link for details (weblink)

I do receive a number of packages on a regular basis, both for personal and business purposes so getting a text from UPS is not out of the ordinary. The caller ID on the text looked strange, but I decided to click the link.

Lesson 1: Look and the phone numbers and caller-ID info for the sender. While not always accurate, it can give you a heads up to scams.

I was presented with a UPS tracking page that had a tracking number and indicated that a package had been received at a warehouse, delivery was attempted and now the package was back at the warehouse. It looked very official.

UPS Unable to Deliver - Text Scam

I’ve received a lot of business packages recently, but I couldn’t think what was still on the way. I have a splitting headache today, but still I noticed my Spidey-sense tingling…something wasn’t right. I looked at the message again —

Lesson 2 – look twice (or more) before clicking!

Because I do look at a lot of tracking info, I noticed that there were no locations in the updates — Warehouse? Where? In what state? This was too vague. Time to look this over with more scrutiny..

That URL… UPS.8359834236.com – that’s UPS, right? NO. Domains are not about the start — they are are about end. It’s the last two bits that matter – in this case, 8359834236.com – that’s NOT UPS. Still…let’s be sure. At this point I copied the legit looking tracking number and put into Google…nothing. So, I opened a new web browser and went directly to UPS.com and put in that tracking number…no such number!

Lesson 2b – Always check the URL carefully. Legit companies have legit URLs…check them carefully.

Now knowing 100% that this was a scam, I decided to “schedule a new delivery” because I wasn’t sure of the scam type yet. Clicking the link opened an new “UPS” page with a Captcha — you know the things you have to click to prove you are a human? Why would a scam site have a Captcha? This was a nice touch! Next I was presented with the following:

This is logical — if there was a delivery issue, it would make sense to update the address. This gives the scammer a wealth of information that they didn’t have before. Now they have your name and address (billing address) and possibly a new phone number.

Oh, and what’s that? A $2 charge for a package redirect? Well, of course, I want my package (even though I don’t know what it is) – $2 is a small price to pay… I filled out the form with fake (but harmless) information and went to the next step.

And there we go – you enter your credit card number and pay the scammer. Remember, you just gave them all your billing info on the prior page. Will the charge be $2? More? Who knows. Might only be $2 — but if they get away with this many times, that’s a big win. Plus, they now will sell all the information you just gave them, including your credit card information on the dark web.

Oh, and if you were wondering, the website is supposed registered to a company in Reykjavik. That’s not UPS headquarters. 😉

As always… stay skeptical and safe out there.

Copyright © 2019 KellTech Services, LLC. All right reserved