Login

Who’s who? Verifying identities in the digital workspace

Phishing is becoming more common as a vector of attack for businesses in today’s digital environment and not even major corporations are safe. Just last week, several major Las Vegas casinos were successfully phished and brought to a standstill, costing them millions in both lost revenue and ransoms paid out. The hackers claim that these attacks were achieved with only a 10 minute phishing phone call whereby they were able to get full access to the casino networks. With virtual interactions being an increasingly common method of communication in the business world, it’s crucial to be vigilant about the authenticity of the people you communicate with online. Cybercriminals and scammers are constantly devising new ways to deceive and manipulate unsuspecting individuals. To protect yourself and your business, it’s essential to know how to verify if someone is real and not a phish. In this blog, we’ll explore some practical steps to help you stay safe online.

Analyze the Communication Channel:
Start by considering the platform or communication channel you’re using. Legitimate organizations often have official websites, email domains, and social media profiles. Verify that the person you’re communicating with is using the official channels associated with their identity. Be wary of individuals who insist on using unconventional or unofficial platforms such as WhatsApp or Paypal instead of your businesses’ messaging app or payroll service.

Check the URL and Email Address:
Pay close attention to website URLs and email addresses. Phishers often create fake websites and email domains that closely resemble legitimate ones but have subtle differences. Look for spelling errors, unusual characters, or additional subdomains that could indicate a fraudulent website or email address. JohnDoe@nullCompanyName.com is not the same as JohnDoe@nullCmpanyName.com

Verify Identity Through Social Media:
If you’re interacting with someone on a social media platform, take a few moments to investigate their profile. Look for signs of legitimacy, such as a verified badge or a history of interactions with known contacts. Be cautious of profiles with limited or no activity and few connections or followers.

Cross-Check Information:
If someone claims to represent an organization or institution, cross-check their information. Visit the official website of the entity in question and compare the details provided by the individual with the information on the official site. Scammers often struggle to replicate all the intricate details of a genuine organization’s web presence.

Be Skeptical of Unsolicited Messages:
Phishers often initiate contact with unsolicited messages, whether through email, social media, or other platforms. Be skeptical of messages from unknown sources, especially if they request personal or financial information. Legitimate entities typically won’t ask for sensitive data through unsolicited messages. Phish attacks may also try to impersonate authority figures in the business as well as create a sense of urgency to pressure the victim into a hasty action. “Hi John, this is Derek, the CEO. I am texting from a new number because my old phone broke today. Can you pay an invoice for $2500 to our vendor ASAP? We are three months behind and they will shut off our service if we don’t pay before end of business day today”

Beware of Urgent Requests:
Phishers often create a sense of urgency to pressure victims into taking immediate action. Whether it’s a limited-time offer, a prize that must be claimed right away, or a warning of dire consequences, take a step back and critically assess the situation. Scammers rely on your impulsive decisions when they push you to act quickly. “Dale, this is Amarita the CFO. Why didn’t you pay the vendor invoice last week? I am attaching a copy of the invoice to this email. Pay it before the end of the day or you’re fired!”

Use Multi-Factor Authentication (MFA):
Whenever possible, enable multi-factor authentication for your accounts. MFA adds an extra layer of security by requiring multiple forms of verification, such as a password and a one-time code sent to your mobile device. This can help protect your accounts even if someone does manage to obtain your login credentials. Do not ever give out MFA codes to unknown entities! Bad actors are counting on you to give them the MFA codes so they can hack your system. It is much more difficult for them to hack an MFA code than it is for them to just ask the victim for the code instead.

Educate Yourself Continuously:
Staying informed about the latest phishing techniques and scams is crucial. Cybersecurity awareness and education are your best defenses against online threats. Regularly update yourself on common scams and phishing tactics to stay one step ahead of cybercriminals. Websites such as https://www.csoonline.com/ and https://therecord.media/ are great online sources for up to date information on the latest online threats. Tech companies such as Microsoft also regularly post about newly discovered threats on forums such as https://learn.microsoft.com/en-us/security-updates/

Report Suspicious Activity:
If you encounter someone you suspect is a phisher or scammer, report the activity to the relevant platform or authority immediately! Your report could help prevent others from falling victim to the same scheme.

Have a passphrase for verification:
When dealing with a suspected phish, it helps to ask questions that have agreed upon answers that only members of the organization would know. Q:”What is the CEO’s favorite flavor of ice cream?” A: “He is lactose intolerant and doesn’t eat dairy. “
Q:”What time does the Narwhal bacon?” A: “Midnight!”
Having passphrases with secret answers can successfully prevent a phish from gaining access to your businesses’ systems.

In conclusion, the internet offers incredible opportunities for communication and collaboration, but it also presents risks from malicious actors. To verify if someone is real and not a phish, use your critical thinking skills, verify information, and stay vigilant. Remember that it’s okay to be cautious online, and when in doubt, prioritize your safety by verifying the authenticity of individuals and organizations you interact with. By following these guidelines, you can navigate the digital world with confidence and protect yourself from falling victim to phishing scams. If you would like to know more, give our cybersecurity experts at Shammam Consulting a call today!

A ransomware virus is loose in the system! Now what?

In our increasingly online world, the threat of cyberattacks is a constant concern. One particularly menacing form of cyber threat is the cryptovirus, also known as ransomware. This malicious software can lock you out of your own system and demand a hefty ransom for access to your files, usually an amount in the tens of thousands of dollars! If you ever find yourself in this unfortunate situation, it’s essential to know what steps to take to minimize damage and protect your data. Let’s walk through the steps together.

  1. Isolate Infected Systems: The moment you suspect a cryptovirus infection, disconnect the infected computer from your network. Power it off, unplug the internet cable, disconnect the WiFi, whatever you have to do to minimize the spread, do it, and do it fast! This prevents the virus from spreading to other devices and servers on your network. Isolation is crucial to limit the damage and contain the infection. The longer the virus can run free in your network, the worse off your company will be.
  2. Don’t Pay the Ransom: It’s tempting to pay the ransom to regain access to your files quickly, but it’s highly discouraged. There’s no guarantee that the hackers will unlock your data, and paying them only encourages their criminal activities. Focus on finding alternative solutions. Often times the criminals will take the payment and disappear, leaving you with no recourse!
  3. Identify the Cryptovirus: Determine which variant of ransomware has infected your system, if possible. Some ransomware strains have decryption tools available, while others do not. Knowing the specific variant can help cybersecurity experts in your efforts to recover your data.
  4. Report the Incident: Contact your IT department or a cybersecurity expert to report the attack immediately! They can help assess the extent of the infection and provide guidance on the next steps. It’s also essential to report the attack to law enforcement agencies, such as your local police and the FBI.
  5. Restore from Backup: If you have regularly backed up your data as recommended, restoring your system may be the most effective way to recover. Ensure that your backup is clean and unaffected by the ransomware before proceeding with the restoration. This is why routine backups are critical. Be sure to check the backups before restoring however as some ransomware viruses infiltrate backups too.
  6. Scan and Clean Affected Systems: Once you’ve restored your system, run a thorough antivirus and anti-malware scan to remove any remnants of the cryptovirus. Ensure that your software is up-to-date to defend against future threats.
  7. Enhance Security Measures: Strengthen your cybersecurity measures to prevent future attacks. Regularly update your operating system and software, employ robust security software, and constantly educate your employees about the dangers of phishing emails and suspicious downloads.
  8. Consider Professional Help: Depending on the complexity of the attack, you might need to consult with a cybersecurity specialist or a digital forensics expert. They can help with the investigation and provide insights into how the attack occurred, aiding in further protection. Here at Shammam, we have multiple cybersecurity experts who can assist with this.
  9. Stay Informed: Keep up-to-date with the latest cybersecurity threats and trends. Knowledge is your best defense against future attacks. Regularly educate yourself and your team on how to recognize and respond to potential threats.
  10. Backup, Backup, Backup: We can’t stress this enough. Regularly backup your data to a secure location, preferably offline or in the cloud with robust security measures. A solid backup strategy can save you from data loss in the event of a cryptovirus attack. Regular backups can be the difference between a few hours downtime and catastrophic data loss.

In conclusion, dealing with a cryptovirus infection is a challenging and stressful situation. However, by following these steps and being proactive in your cybersecurity efforts, you can minimize the damage and protect your valuable data. Remember, prevention is the best defense, so invest in robust security measures to avoid falling victim to cryptovirus attacks in the first place. Give our experts at Shammam Consulting a call today to see how you can better protect your business network from ransomware threats!

Backups, The Data Saver

Don’t you hate it when a file gets modified or saved over by someone else in a shared drive and it ruins all of the changes you have made? Or even worse, your servers crash and all of the files you need to work are nowhere to be found! In an era driven by data, the importance of safeguarding critical information cannot be overstated. From corporate servers to personal desktops, and extending to offsite storage, having effective backup solutions in place is paramount. In this short guide, we will explore the world of backup strategies tailored to servers, desktops, and offsite environments, while also providing step-by-step instructions for setting up personal backups on workstations by using Shadow Copies on Windows and Time Machine on Mac.

Businesses today rely heavily on servers to manage their operations, making the backup of server data a crucial component of business continuity. Modern backup solutions for servers have evolved beyond traditional tape backups to more sophisticated methods.

  1. Redundancy through RAID: To guard against hardware failures, RAID configurations are employed. These configurations store data across multiple drives, ensuring that if one drive fails, data remains intact on others.
  2. Local Backups: Regularly creating backups on local servers or dedicated storage devices offers a quick recovery option in case of data loss. This method is especially effective for rapidly restoring operations.
  3. Virtualization-based Backups: Virtualized environments have become a staple in modern server setups. Snapshot-based backups capture the entire system state, enabling quick recovery by restoring to a specific snapshot.

Desktop computers serve as personal productivity hubs, housing valuable data and creative endeavors. Loss of data on desktops can be incredibly disruptive, especially if the data is time sensitive. Implementing effective backup strategies for desktops is crucial:

  1. Cloud Backup Services: Leveraging cloud backup services like Dropbox, Google Drive, or OneDrive automates the synchronization of files with the cloud. This ensures that even if the local system fails, files remain safe and accessible.
  2. Time Machine (Mac) and File History (Windows): These built-in tools create periodic backups of your system, enabling you to revert to a specific point in time if files are lost or corrupted.
  3. External Drive Backups: Regularly backing up important files to external hard drives or network-attached storage (NAS) devices adds an extra layer of protection against data loss.

Windows offers a powerful feature known as Shadow Copies, which enables you to create point-in-time snapshots of files and folders, allowing you to recover previous versions. Here is how you can enable them on your own Windows machine!

Step 1: Open File Explorer and right-click on the drive or folder you want to enable Shadow Copies for.

Step 2: Select “Properties” from the context menu, then navigate to the “Shadow Copies” tab.

Step 3: Click on the “Enable” button to turn on Shadow Copies for that drive or folder.

Step 4: Configure the schedule for creating shadow copies, set the maximum storage space, and click “OK” to apply the settings.

Mac users have a powerful backup tool at their disposal as well, called Time Machine. Time Machine creates automatic backups of your entire system, allowing you to restore files, applications, or the entire system to a previous state. Perform the following steps to enable Time Machine on your Mac device:

Step 1: Connect an external hard drive to your Mac.

Step 2: A prompt will appear asking if you want to use the drive for Time Machine backups. Click “Use as Backup Disk.”

Step 3: Time Machine will start backing up your system automatically. You can also access Time Machine settings to customize backup frequency and exclude specific files.

Sometimes having a local backup is not enough. The importance of offsite backups cannot be overstated when it comes to this. They safeguard data against physical disasters and ensure data accessibility even in adverse scenarios such as fires, earthquakes, flooding, or other natural disasters.

  1. Cloud Backup Services: Cloud providers offer scalable and secure backup solutions. Data is stored across geographically diverse data centers, providing redundancy and accessibility.
  2. Remote Replication: This technology mirrors data in real-time to a remote location, ensuring minimal data loss and swift recovery in case of a disaster.
  3. Cold Storage: For data that doesn’t require immediate access, cold storage solutions offer a cost-effective option. Data is archived in low-cost storage mediums and can be retrieved when needed.

In conclusion, a comprehensive backup strategy is the cornerstone of data management in today’s digital landscape. From server resilience to safeguarding personal desktops and securing data offsite, having the right backup solutions in place is vital. By tailoring your approach to meet the unique demands of each environment, you can ensure that your data remains protected, accessible, and resilient, even in the face of unexpected challenges. We here at Shammam Consulting pride ourselves on being able to offer a large variety of local and remote backup solutions. Reach out today to our team to see how we can help you protect your organizations data!

The Importance of Using Antivirus Software: Safeguarding Your Digital World

In today’s rapidly evolving digital landscape, our lives are increasingly intertwined with technology. While this connectivity offers unparalleled convenience and productivity, it also exposes us to cyber threats that can compromise our personal and professional data. This is where antivirus software plays a critical role in fortifying our defenses against malicious attacks. In this blog, we will explore the importance of using antivirus software and how it helps protect our digital world from the ever-growing threat landscape.

The cyber threat landscape is constantly evolving, with cybercriminals developing sophisticated techniques to infiltrate systems, steal data, and disrupt operations. Viruses, malware, ransomware, and phishing attacks are just a few examples of malicious software that can cause substantial harm to individuals and businesses. Antivirus software acts as a shield, detecting and preventing these threats from infiltrating your devices and networks.

Antivirus software works proactively to provide real-time protection against known and emerging threats. It continuously monitors your system, identifying suspicious activities, and blocks malicious code before it can execute and cause harm. By keeping your antivirus software up-to-date, you ensure that it can recognize the latest threats, offering you enhanced security.

Personal information is the currency of the digital age, and cybercriminals actively seek to steal this data for illicit purposes. Antivirus software safeguards your personal and financial information by preventing keyloggers and spyware from recording your keystrokes and capturing sensitive data, such as login credentials and credit card details.

For businesses, antivirus software is a fundamental aspect of cybersecurity. It safeguards not only sensitive customer data but also proprietary information, financial records, and intellectual property. The consequences of a successful cyber attack on a business can be devastating, ranging from financial losses to reputational damage. Antivirus solutions form the first line of defense against such threats.

The internet is a vast expanse filled with valuable resources, but it is also riddled with dangerous websites and malicious downloads. Antivirus software integrates with web browsers to block access to known harmful sites, ensuring a safe browsing experience for users. It can also prevent drive-by downloads, where malicious code is automatically downloaded from compromised websites.

Email remains one of the most common vectors for cyber attacks. Antivirus software scans email attachments and links, detecting and neutralizing malware before it reaches your inbox. This proactive approach significantly reduces the risk of falling victim to phishing attacks, where attackers attempt to trick you into revealing sensitive information.

In an increasingly interconnected world, the importance of using antivirus software cannot be overstated. Whether you are an individual user or a business owner, the protection offered by antivirus software is indispensable in safeguarding your digital world from the myriad of cyber threats. It acts as a vigilant guardian, monitoring your devices, networks, and online activities, to ensure a safer and more secure digital experience. Embrace the power of antivirus software and fortify your defenses against the ever-evolving landscape of cyber threats. Your data, privacy, and peace of mind depend on it.

The Future of Login Access

In the ever-changing landscape of technology, login access is undergoing a transformative shift. Traditional usernames and passwords are gradually making way for innovative and secure authentication methods. In this blog post, we will delve into the exciting possibilities and advancements awaiting us, including passwordless authentication and the convenience of Single Sign-On (SSO).


Biometric authentication, once confined to science fiction, is now a reality. With rapid technological advancements, fingerprints, facial recognition, iris scanning, and voice recognition have emerged as reliable means of login access. These methods offer enhanced security, as biometric features are unique to individuals and nearly impossible to replicate. In the future, we can expect these biometric measures to seamlessly integrate into our devices and online services, providing quick and hassle-free access while significantly reducing the risk of unauthorized account breaches.


Multi-Factor Authentication (MFA) has gained popularity as an additional layer of security. In addition to traditional login credentials, MFA requires users to verify their identity through secondary means, such as a one-time password (OTP) sent via email or SMS, physical security keys, or mobile authenticator apps. As technology progresses, we can anticipate the emergence of more sophisticated MFA methods, including wearable devices, location-based verification, and a combination of biometric and behavioral patterns. These multiple layers of authentication fortify login access, making it more resistant to unauthorized access attempts.


Passwordless authentication offers an exciting prospect for the future of login access. This approach eliminates the need for traditional passwords, which can be cumbersome and prone to security risks. Instead, passwordless authentication relies on cryptographic keys, biometrics, or other secure means to verify a user’s identity. For instance, a user may log in to their account by scanning their fingerprint or using facial recognition technology.

In addition, Single Sign-On (SSO) simplifies the authentication process by allowing users to access multiple applications and services with a single set of login credentials. Once authenticated, SSO enables seamless navigation between different platforms without the need for repetitive logins.

The combination of passwordless authentication and SSO streamlines the user experience, enhancing convenience, and mitigating security risks associated with weak or compromised passwords. Organizations that embrace these solutions can provide their users with a seamless and secure login experience across various platforms and services.


The future of login access holds great promise with passwordless authentication and Single Sign-On (SSO). Biometric authentication, multi-factor authentication, and the elimination of traditional passwords will unlock enhanced convenience, heightened security, and a more seamless digital experience. As these technologies continue to evolve, users can look forward to a future where accessing their accounts is both secure and effortless. Let Shammam Consulting help strengthen your login access today! Reach out to our helpdesk and our experts can help get you and your company more secure against online threats.