In a little more than one year from now, Microsoft will end support for Windows 10. The operating system has been on sale for nine years. It currently accounts for approximately 65% of desktop market share.

As I have written, the security and hardware requirements for Windows 11 mean I cannot upgrade most older computers, and you will need to purchase a new computer. Some new computers may require additional memory. In all cases, I will contact you after I run a detailed Windows 11 readiness check and schedule a preliminary review of your requirements before next year’s deadline.

Now, if you see a screen like the one below, please stop what you are doing. Please DO NOT CLICK the Get it button, and call me. You should NOT see this screen — unless Microsoft changes the code in the background in the upcoming months. If you do see this screen, something is wrong, and I would like to learn what it is and how to correct it.

Thanks, and safe computing!

Microsoft has been the subject of many jokes about the security of its Windows operating system for decades. Some criticism is warranted; however, the Redmond, Washington-based organization has maintained a steady cadence of stating they will improve Windows and deliver something that approximates the management objective.

All that increased security in Windows made resolving the problem that the failed definition files CrowdStrike released much more difficult. Let me explain.

CrowdStrike offers a security product called Falcon. Its job is to protect an enterprise computer from being taken over by malicious software. One set of files deployed globally on July 18, 2024, were corrupt. When Windows performed normal operations, several elements failed, and the operating system gave up, resulting in what is known in the IT industry as a BSOD – or Blue Screen of Death.

The instructions CrowdStrike eventually provided to systems administrators after they recognized the problem was to boot the failed computer into Safe Mode, delete the bad files, and reboot the computer. That way, when the computer resumed regular operation, it would obtain a clean set of files from CrowdStrike and behave normally.

So, what’s the big deal? These steps — at least at first glance — seem elementary. Well, there are some problems with this approach.

Safe Mode

Microsoft introduced Safe Mode as a mechanism to let people resolve problems in a stripped-down form of the operating system. When you start Windows in Safe Mode, the operating system does not load start-up programs or third-party applications and drivers. Only the most essential device drivers and files necessary to run the operating system are activated.

You could access Safe Mode shortly after starting your computer by repeatedly pressing the F8 key. This process worked for generations of operating systems, from Windows 95 through Windows 7.

The mechanism to access Safe Mode changed, starting with Windows 8 and continuing with Windows 10 and 11, which Microsoft touts as more secure operating systems. Most people need to access Safe Mode because the operating system won’t start properly, so the fact that Microsoft provides two very different ways to access it from within Windows indicates that someone wasn’t thinking about actual problems faced by the masses.

To access Safe Mode from a “cold start” means turning on the computer and immediately holding down the power button so the start-up is interrupted and the computer shuts down. Do these steps two more times, and you should see a pop-up with the words Startup Repair. You then must select Advanced Options, Troubleshoot, Advanced Options, Start Up Settings, Restart, and then choose from the available Safe Mode options.

It seems as if Microsoft developers designed this process to prevent anyone from accessing Safe Mode. And yes, that means that technicians had to jump through these hoops just to get started to fix the CrowdStrike problem.

But that wasn’t all that stood in the way of quickly resolving the issue.

BitLocker

BitLocker is a Windows security feature that will encrypt the contents of the hard drive on which the operating system is installed. This advanced functionality mitigates unauthorized access to a computer’s operating system drive. By password-encrypting a computer’s operating system drive, you can keep your files (and personal information) secure and protected from unwanted access.

When you activate BitLocker, Windows creates a recovery key for your hard drive so that each time you start your computer, you must provide a PIN to gain access. In an enterprise environment, that recovery key is stored in the site’s Windows Server Active Directory. And therein lies the problem.

To gain access to any device with a BSOD, a technician requires the 16-digit BitLocker key. The problem is that most of those keys are securely stored in Windows Servers, which were likely unavailable because they also experienced a BSOD. Even after technicians restored those servers, a corporate environment has hundreds or thousands of computers, and no script can automate the entry of a device’s BitLocker key – the work must be done manually.

And that is why the CrowdStrike problem was so challenging and time-consuming to resolve. The requirement to increase Windows’ security prevented a simple fix. Teams of IT specialists worked throughout the weekend to attempt to recover their company’s computers by repeatedly — and manually — going to Safe Boot, entering the BitLocker key, deleting files, and rebooting.

Several pundits have commented that CrowdStrike Falcon’s use of definition files is no better than Norton Antivirus and its signature files. As many of you know, I have stressed the need for a more thorough and heuristic approach to computer security, and using definition files is not the way to handle this.

I am incredibly proud that my choice of security vendor, SentinelOne, does not use any form of definition file. For years, it has been fantastic at keeping all my clients’ computers and servers safe. Having dodged a significant bullet, I don’t want to jinx things by saying nothing bad will ever happen. Ultimately, we all want a secure Windows operating experience and do not have to go through an unexpected nightmare.

Thanks, and safe computing!

US government officials have placed a deadline of September 29, 2024, for all users of Kaspersky software to find an alternative before a ban occurs.

Here’s why this is important. Kaspersky uses signature files to identify threats. In 100 days, they will no longer be updated. As bad actors continue to evolve their threats, the software will not be able to keep up. In effect, it will become useless. Computer users running Kaspersky antivirus will no longer be protected.

As a Managed Services Provider, I have never suggested or promoted using Kaspersky as an antivirus or internet security product. I recognize it comes preinstalled on many computers sold by big box stores (e.g., Staples, Best Buy). Starting a subscription to a product that came with your computer is much easier than figuring out a new or different one.

However, the latest generation of threat protection doesn’t use signature files. It uses artificial intelligence to recognize valid programs from rogue software. These security products view the totality of your computer’s operations to determine if something unusual is occurring (like encrypting files or contacting a foreign command and control center) and stop that activity.

As you know, I have evaluated many security products over the years and rely on SentinelOne and Huntress as the most practical combination to protect computers in a home and business environment. These products take unique approaches to identify and eliminate threats without using old-fashioned signature updates. SentinelOne uses the activity of known programs to identify those operating in an aberrant or unsafe manner. Similarly, Huntress will quash any activity that appears to be suspicious.

If you know anyone who has Kaspersky installed on a home computer, I suggest you tell them to take the following actions:

  • Access your Kaspersky portal and stop auto-renewal and auto-payment on your credit card.
  • Uninstall the Kaspersky software using the Windows Control Panel > Programs > Uninstall a program function. This action should automatically re-enable Microsoft’s built-in Defender application.
  • Go to the Windows Security Center, ensure Microsoft Defender is activated and updated, and scan your computer. Defender, while it uses signature updates, gets those automatically from Microsoft.

If you know of any small business owners that have Kaspersky installed on their office computers, please ask them to get in touch with me immediately. When they sign up for a SentinelOne and Huntress subscription between now and September 29, I will waive the $95 implementation fee!

Thanks, and safe computing!

As a small business owner, you have worked hard to get to where you are. You have overcome obstacles to build your business. You have achieved a certain measure of success. If you are like most business owners I have met, you are not entirely satisfied with the results of your efforts and are actively seeking to expand your opportunities. Yet, I get many blank looks and head shaking when I question how prepared you are to deal with a cyber-attack or a data breach.

  • Do you have the procedures to respond to a ransomware attack or a data breach?
  • Do you have the business savvy to handle the repercussions of such an attack on your business?
  • Do you have the available capital to handle the effort involved in a cleanup?
  • Do you have a cyber liability policy?

I have researched and found reports that more than 30 percent of small businesses do not have procedures to mitigate a known risk that can put them out of business. More importantly, most business owners do not understand what they must do when they become victims of a cyber-attack or data breach.

In the scheme of things, most small business owners are not thinking ahead and building a buffer of financial credit to work through any cyber threat. Many small business owners do not have insurance coverage to help provide resources for a breach or cyber-attack.

Ransomware attacks and data breaches are risks. Those are facts. As a business owner, if either occurs, you will be subjected to significant financial challenges and potential damage to your reputation.
According to Ryan Replogle, an attorney specializing in cybersecurity for Beckman Lawson, a law firm in Fort Wayne, Indiana, “Data thieves routinely exploit human judgment lapses, physical security weaknesses, and business process loopholes to steal sensitive data.”

Does your business create and store personal information about your clients? If so, you need to be alert to the inevitability of some form of data breach. Cybercriminals highly covet records that contain bank account information, credit card numbers, dates of birth, email addresses, or social security numbers. However, you must be especially cautious if you have any health-related information on your computer system. On the dark web, medical records draw a far higher price than credit cards.

The cyber risk assessment and data breach services company NetDiligence issued their 2023 Cyber Claims Study, which analyzed more than 9,000 claims for incidents from 2018 through 2022. They found that the business sectors most affected by data breaches are:

  • Professional services
  • Healthcare
  • Manufacturing
  • Financial services
  • Retail

Ransomware and business email compromise (BEC) attacks were the leading causes of loss across sectors.
When preparing for – and responding to – a cyber-attack or data breach, it is critical to have comprehensive insurance coverage. Cyber liability insurance generally covers financial losses resulting from data breaches and other cyber events. There are two aspects to these policies:

  • First-party coverage applies to losses sustained by your business.
  • Third-party coverage applies to claims against your business by people (your clients) affected by your business’s actions or inactions.

Be aware that cyber insurance comes in many forms. I implore you to shop around for your policy and negotiate with your agent for the appropriate coverage for your business. Keep in mind there is no standard form of cyber insurance. While most contain first-party and third-party coverage, the scope varies widely among insurance carriers, as do the monthly premiums.

Getting the right insurance broker is of paramount importance. A qualified specialist broker will save you time determining what is appropriate for your business. I should also note that this may not be the broker you use for other business insurance needs.

An insurance company’s underwriter will want to know about your business’s ability to detect and respond to a data breach or cyber-attack. If you rely on technology for your business, how quickly would you be able to resume your normal operations after an event? Do you have backup plans or any operational redundancy? Appropriate documentation of your business’ procedures is critical to getting the proper coverage.

Insurance carriers want to reduce their expenses however they can. Commensurate with this kind of action is the other side: cyber liability insurance rates are rising rapidly and at almost astronomical levels.

I am investigating a new set of products that combines a multi-layered security suite with cyber insurance coverage. I hope to have a reasonably priced offering available for my small business clients by the third quarter of 2024.

This month’s article is an excerpt from a draft version of my new book, “12 Ways to Protect Your Business from a Cyber Attack.”

Thanks, and safe computing!

In mid-March 2024 I landed in a quandary.  There are 18 months until Microsoft ends support for Windows 10 in October 2025.  Until now, I have planned to migrate my clients’ computers to Windows 11 because that is a standard industry approach.

In addition, Microsoft stated that Office 2016 and 2019 would also go out of support in October 2025.  Without a long-term replacement (e.g., Office 2024), Microsoft has forced me to consider establishing a Microsoft 365 subscription for every client requiring any Office application because there is no alternative.

Well, call me gob-smacked when I learned that Microsoft is planning a Windows 12 announcement by mid-2025 and the probability of a non-subscription version of Office 2024 before the end of this year.

Unfortunately, I did not obtain this information directly from Redmond-based Microsoft.  Instead, I read about these offerings in various blog posts and Reddit forums.  And – I’ve got to admit – that is NOT how I want to operate my business.

I will convey what I know about this situation as clearly as possible.

In October 2025, Windows 10 will no longer receive any further updates, and I will no longer support computers with that operating system.  If I can upgrade your computer’s Windows 10 operating system to Windows 11, I will discuss the implications of performing that upgrade with you.  If your computer cannot run Windows 11 (mainly because it is too old), I will discuss replacing it with new hardware, possibly a new monitor, and even a new printer.

In the past, I was strict about replacing your computers when they reached the end of their five-year warranty.  However, I have been lax about upgrading your hardware for the past few years.  Because of the pandemic’s effect on the global supply chain and the resulting lack of computer components, I give most clients an extra year’s grace on replacement.  Sometimes, I let things go out for a full seven years.  But, as I have regrettably learned, when a computer breaks now — and is required immediately — getting a replacement when you don’t have a warranty can cost more than six times the cost of an extended warranty.

Microsoft isn’t planning to announce Windows 12 until mid-2025; therefore, I will not consider that option for any client.  As I see it, this will be an offering I could only recommend well into 2026 — after I put it through at least six months of testing on my lab computer.

As far as Microsoft Office is concerned, I will have to hold my breath, and I hope you will join me on a small adventure.  The retail price of the home user version of Office 2021 is $150, and the retail price of the business edition is $250.  A one-year subscription to Microsoft 365 is $70 for home users and $150 (at a minimum) for business users.  I’m asking you to throw that money away in October 2025 and then purchase the Office 2024 version.  According to all accounts, the price for each version will be approximately 10% higher.

Of course, I would prefer you to spend a one-time charge for up to five (or more) years of software use than to subscribe to an annual reliance.  However, if you must purchase a new Windows 11 computer, I will work with you to obtain a solution that best fits your needs and keeps your expenses within reason.

If you do not have a fierce requirement for a Microsoft product, I will point out that the free LibreOffice product suite will let you work with your Office files with close to 100% fidelity.  I will also let you know there is a learning curve, so if you don’t like change, stay with what works for you.

Thanks, and safe computing!

I genuinely want to keep you safe and secure, but I realize it is a considerable task that gets more formidable with each passing day.

Last month, I sent you a brief email describing a threat posed by the ScreenConnect software. A researcher discovered a flaw that could allow unauthorized access to the software. While the vendor quickly confirmed and then fixed the problem, the true breadth of the issue soon became apparent. With two versions extant, ConnectWise had to ensure they patched the cloud version quickly and notified everyone who had purchased licenses for the server-based version to patch their instances.

I am grateful to use the cloud-based version because I didn’t have to lift a finger to install the patches. On the other hand, during a blizzard of pop-up webinars given by various security providers, including Huntress, I learned that hundreds of systems are running older versions of ScreenConnect, and ConnectWise has no contact information. Emails they sent to alert people were treated by Microsoft’s Exchange and Outlook as spam, thus not reaching the intended recipients promptly.

In some cases, servers were compromised, and bad actors accessed attached client computers. No one knows what information was exfiltrated, nor what hidden threats were left behind. I work in a world of acronyms, and one that I frequently heard last week was IOCs. That abbreviation stands for “indicators of compromise,” meaning the digital and informational “clues” that incident responders use to detect, diagnose, halt, and remediate malicious activity in their networks.

By the end of the week, a significant news story was that the healthcare giant UnitedHealth Group had to shut down the IT systems at its subsidiary Optum because of a ransomware attack. Optum Solutions operates the Change Healthcare platform, the largest payment exchange platform among doctors, pharmacies, healthcare providers, and patients in the US healthcare system. As more information came to light, analysts believe a group of bad actors took advantage of an unpatched ScreenConnect server and ran roughshod over the entire network.

I will assume an organization as large as UnitedHealth Group has a valid incident response plan (IRP) and that pulling the network plug on their computer systems was the first step. Next, of course, was to contact their insurance company and establish a remediation task force. But what about smaller organizations?

How does a one-person MSP or a 10-person firm handle this? I will spend the next few months making certain that my IRP is updated to account for such an incident. As I edited a penultimate version of this newsletter, an email arrived from the New Jersey Cybersecurity & Communications Information Cell (NJCCIC) about Russian SVR actors targeting cloud infrastructure. The email goes on to say:

The NCSC has previously detailed how SVR cyber actors have targeted governmental, think tank, healthcare, and energy targets for intelligence gain. It has now observed SVR actors expanding their targeting to include aviation, education, law enforcement, local and state councils, government financial departments, and military organizations.

Even though I don’t use a server-based version of ScreenConnect, I now feel it necessary to include additional “what if” scenarios in my IRP to ensure thorough coverage.

Thanks, and safe computing!

We are coming up to the end of 2023. During the past year, only one product has been released in the computing environment that I think will change our future: ChatGPT, the artificial intelligence (AI) bot released by OpenAI. It is now in its fourth iteration from its original release in November of 2022. Yes, you can prank ChatGPT by asking repetitive questions. Yes, it still has hallucinations and will give incorrect answers. Yes, you are only now getting recent data in responses (rather than the outdated original data set). And yet, people are using it in myriad ways.

Microsoft has already spent $13 billion to provide OpenAI with the resources needed to build the product. I believe that amount will likely double in the next two years. Satya Nadella, CEO of Microsoft, is “all in” on AI because he knows the more you and I use bots to help us operate our computers, the fewer people will be required to do more work. If someone can document a process and then have the AI read all the documentation associated with a topic (e.g., how to fix the problem when your computer can’t print on your wireless printer), then you don’t need a human being at a call center in India or the Philippines.

You can have a computer user open a Windows 11 CoPilot application, type their question, and engage in a question-and-answer session. The cloud-based software will walk that person through all the known steps to fix the problem. Am I worried about my job because of this? No, because despite the computer-provided hand-holding, sometimes you need a human being who has experienced “real world” problems to ask questions no one asked the AI bot. As I have seen in many demonstrations, when ChatGPT doesn’t know an answer, it cannot even say, “I don’t know,” so it provides incorrect or misleading information. That is a significant problem that still consumes the minds of the data scientists who build these models. And it is why I think we are far from having AI “take over” things.

In the same way, businesses will create AI-based products for more and more fields. Do you need an insurance quote? Of course, the preliminary questions and responses you receive will be from an AI bot. You’ve all seen the silly commercials for “Limu Emu and Doug.” After all, Liberty Mutual extols the virtues of customizing insurance so “you only pay for what you need.” How do you think they are going to handle that soon? It is simple: they will develop an AI bot to work with you. For instance, you’re a young married couple in Livingston, NJ. You own an $875,000 house with 25 years on your mortgage. You have two kids (ages 9 and 6) and lease a Tesla Model 3 and a Toyota RAV 4. Liberty Mutual will have loaded all of the ISO (Insurance Services Office) documents into their LLM (large language model) and all the appropriate New Jersey amendments. One, two, three, and you’ll have your quote. I’m not sure you will need an insurance broker until the end of the chat session (and probably only as a matter of law — which the insurance companies will try to change). Of course, a human being may find a different rate structure based on their industry knowledge — but who will you ask to qualify which one is appropriate, correct, or even valid?

Likewise, calls you would make to your primary care physician about your existing health conditions might soon be answered by a “MedChat” AI bot. Need help from Spectrum or Verizon for a problem with your TV, phone, or internet? First stop an AI bot. (I didn’t think anything could be more annoying than the IVR Spectrum has now — but that will change.) Do you need to get a mortgage from your bank? Yes, there’s going to be a bot for that. The list of applications with generalized artificial intelligence will be extensive and pervasive, so much so that some speculate that AI modeling and development will become a $63 billion industry in the next year, growing into the trillions within a decade. And what about those people who looked forward to getting call center jobs to raise themselves out of poverty? They will need to pursue completely different career paths. There is no “next level” for many of these people because building the bots is so complex they won’t have the skills necessary to get hired.

Let’s take a moment to discuss what AI will do in the education field. It isn’t going to be pretty. That’s because what you “feed” the artificial intelligence engine is what provides the basis of responses. Currently, in the United States, high school history textbooks in California contain vastly different explanations of events than those in Texas. This linked article from the New York Times is a few years old but depicts the massive “disconnect” in the study of US history. Guess what? Those same divergent viewpoints will arrive in AI history bots. Will we have a uniformly educated America? No, in fact, it will become even more divergent (and undoubtedly more strident) because some communities will not accept any artificial intelligence software in their educational system.

Two years from now, Windows 10 will go out of service. Microsoft claims that CoPilot applications will be available for Office 365 users for an extra $30 per month. Redmond has designed these apps to help businesses by reading through emails, Word documents, Excel spreadsheets, and PowerPoint presentations. The AI bots will perform data mining of a company’s internal resources to provide additional insight and — they hope — business opportunities and streamline business deals. As an aside, I upgraded my laptop to the latest version of Windows 11 23H2 and saw that CoPilot is in beta mode on my Taskbar. I will report the results of testing in a few months. Having seen this latest change, I realize that all new Windows 11 computers require more memory than I had planned (i.e., 16 GB of RAM instead of 8 GB).

For all we know, Windows 12 will be a cloud-based AI-based agent that allows you to run Windows in any browser on any platform you want. The monthly subscription will probably put off mass adoption — because we know that the folks at Redmond are greedy. But after a while, with appropriate discounts, mass uptake will undoubtedly occur. Then, you can use an AI bot to browse your email, view websites recommended by your reading profile, and work with documents that “understand” who you are.

Yep, that’s pretty freakin’ scary stuff. I’m going to continue to guide you through this huge transition.

Thanks, and safe computing!

Your Windows PC’s Snap feature is either the best part you’re not using or the best feature you’re probably not using to its full potential. Sure, you may have snapped some windows, but do you know about all the keyboard shortcuts, Snap Layouts, and Snap Groups — and have you tried Microsoft’s even more powerful alternative to Snap?

Microsoft initially introduced Snap in Windows 7, where it was called Aero Snap; it let you snap two windows side-by-side on your screen. It got an upgrade in Windows 10, allowing you to snap up to four windows in quarters rather than two in halves.

It’s even better in Windows 11 with new features like Snap Layouts and Snap Groups, which makes it easier to find — and more powerful.

I’ll show you how to take advantage of Snap on Windows 11 and 10 and go beyond Snap for even more powerful multitasking and control of your open windows.

Snap basics on Windows 11 and 10

Snapping is easy. Just click a window’s title bar, hold down the left mouse button, and drag it to either the left or right edge of your screen or one of the four corners. You’ll see a preview of the shape the window will take when you release the mouse button — either taking up the left or right half of the screen or one of the four quadrants, depending on where you drag it.

In Windows 11, once you’ve dropped the window in place and snapped it to your desired shape, Windows will prompt you to choose from other open windows to fill in the other regions of your Snap layout. Microsoft calls this Snap Assist.

You can snap windows with keyboard shortcuts, too. Press and hold the Windows key on your keyboard and press the arrow keys to move the current window around. If you have a maximized window and press the Windows key + the Right arrow, it will snap to the right half of your screen. If you keep holding down the Windows key and press the Up arrow key after the Right arrow key, it will snap to the top-right quadrant of the screen.

When you grab the handle between multiple snapped windows and drag it to resize a window, Windows will resize both windows simultaneously.

Snap Layouts and Groups on Windows 11

Windows 11 makes Snap much easier to find and use. You can mouse over the Maximize button at the top-right corner of any window to see Snap Layouts. Windows will show you a variety of layouts; click a position to snap the window into that position on your screen immediately.

There’s a keyboard shortcut, too, using the Windows key + the capital letter Z. If you press Windows + Z to open Snap Layouts, you can press the number keys that appear in the overlay to quickly assign the window to a location on the screen without touching your mouse.

You can also drag a window to the middle of the top edge of your screen. You’ll see the Snap Layouts options, then drop the window wherever you like on one of the layouts to snap it to attention.

Windows will show different layout options depending on your screen size. If you have a big widescreen monitor, you may see options to snap three windows side-by-side in columns, while you may see options to snap only two windows side-by-side on a typical laptop screen.

These grouped windows will appear together on the taskbar. You can use Alt + Tab to switch between groups of multiple windows simultaneously quickly. Just hover over a taskbar icon of one of the applications snapped in the group to see the group.

Let’s say you have two windows snapped side-by-side and another four in a grid. You can go back and forth between these two groups with Alt + Tab or by selecting one of the applications on the taskbar — you don’t have to manually pull up all two (or four) windows each time you switch among them.

Fine-tuning your Snap settings

So many of these behaviors are customizable. By default, Windows has all these Snap settings turned on, but you can deactivate any of them individually — or even disable Snap entirely. (I don’t see why you would want to, but Windows is powerful and customizable; the choice is yours if it gets in the way.)

You’ll find the options for controlling Snap in the Windows Settings app. Launch Settings from the Start menu and head to System then Multitasking to find them. On Windows 11, click the “Snap windows” header to see various options. On Windows 10, you’ll see the options under “Work with multiple windows.”

You can turn off the Snap Assist suggestions after you snap a window, prevent the Snap Layouts pane from appearing when you hover over the Maximize button, or stop seeing groups of snapped applications when you press Alt + Tab.

Snap is for everyone

I’m a huge fan of Snap. Assuming you have multiple windows on the screen simultaneously, you should use Snap constantly. It’s hard to believe we had to live without it back in the Windows XP era, resizing our windows by hand to take proper advantage of all that desktop real estate on our PCs.

Thanks, and safe computing!

For the past eight years, I have used a software product called Reflexion (from Sophos) to scan my email for threats. The product offered some wonderful features that enabled me to pursue my business without major threats of ransomware and business compromise emails. Regrettably, Sophos decided to retire the product earlier this year. I was not satisfied their replacement had all of the features and functionality I had become used to, so I searched for an appropriate replacement.

I found Proofpoint and, despite a significant effort on my part to transition, really like how this product is helping keep me and my computer network safe from email-based threats.

Proofpoint scans all incoming emails and rates them on a threat score. This cloud-based product holds the suspect emails in quarantine, and I receive an activity summary each morning. When I review this list, I can block or release (and approve) as needed. This functionality gives me great peace of mind that nothing malicious will hit my computer.

Another significant product feature, URL Defense, analyzes and re-writes hyperlink URLs. The feature scans and refactors all URLs to protect people from malicious websites. For example:

https://www.reddit.com/subreddit/article/topic

would become:

https://urldefense.proofpoint.com/v2/url?u=https-3A__click.redditmail.com_CL0.

The other day I received an email that made it through the standard filter. It was for “pre-approval of a $372K loan” for my company. I was surprised it made it through, but there was nothing inherently wrong with the email contents. I looked for and found the link to unsubscribe from their garbage. At this point, I was so grateful to be using Proofpoint because I received a pop-up window (shown below) indicating the link was for a malicious website.

Proofpoint block

Honestly, this is the first time I’ve seen Proofpoint pop up, and I was both thrilled and scared simultaneously. It was obvious that the bad actors had taken advantage of my normal human response to subject my computer to malicious software based on my decision to avoid getting more emails from this organization. I shook my head at the audacity of the threat and how I had circumvented it.

My SonicWall firewall would have prevented malicious code from being downloaded. SentinelOne would have reacted immediately had any unwarranted programs started taking abnormal actions and reaching out to websites out of my ordinary purview. The bottom line is: I dodged a bullet, and my computing environment is still safe.

I have to wonder: What would have happened in an unprotected computer? What might have occurred in a small business that didn’t have a firewall or SentinelOne? I’m guessing the results would not have been good. The business owner would have called some IT person or company asking if they could help recover a computer — because someone thought they were doing the right thing.

I have blocked the sender’s address to ensure I don’t receive any more emails; however, countless other bad actors will continue to attempt to gain access and run roughshod over any willing victim.

My final words on this are simple: If you do not know the sender of an email, you must consider them suspect. In the past, I would have assured you that clicking the Unsubscribe link was sufficient to remove your name from a mailing list. Now, I’m changing that advice. If you don’t know who sent it, delete it. That will save you endless heartache and grief from potential problems.

For small business owners who own their web domain or email accounts, even if you use Google Workspace or Microsoft Office 365, I recommend you add Proofpoint to your existing SHADE subscription. This low-cost, high-value offering is something that could help prevent problems from occurring on your network.

Thanks, and safe computing!

ChatGPT, the artificial intelligence (AI) agent rocking all news channels will be a threat factor very soon. A recent SonicWall webinar stressed IT Security Providers must be aware of, and repel, phishing attacks. The presenters gave examples of several forms of emails that would get by most office administrators and even some high-level employees.

I was curious about how easy it is to create a phishing email from the two available versions of ChatGPT (versions 3 and 4).

My prompt in both cases was:

Write a false pretext phishing email for educational purposes

Here are the two responses the AI software generated:

Subject: Urgent Account Verification Required – Prevent Data Loss!

Dear Valued User,

We regret to inform you that our system has detected some unusual activity on your account. In order to ensure the security of your personal information and prevent any potential data loss, we require your immediate assistance to verify and update your account details.

As part of our ongoing commitment to protect our users from cyber threats, we have implemented a new security protocol that requires all users to verify their account information periodically. Failure to comply with this request may result in a temporary suspension of your account and the loss of important data.
To initiate the verification process, kindly click on the link provided below:

[Malicious Link: example.com/verify-account]

Once you click on the link, you will be redirected to our secure server where you will be prompted to enter your login credentials, including your username and password. Rest assured that this process is completely secure, and your information will be protected.

This step is necessary to verify the authenticity of your account and ensure its ongoing protection.
Please note that this verification is mandatory and must be completed within the next 24 hours. We kindly ask for your cooperation to prevent any potential security breaches and protect the integrity of our system.

If you have any questions or concerns, please do not hesitate to contact our support team at support@example.com. Our dedicated professionals are available 24/7 to assist you.

Thank you for your prompt attention to this matter. We value your partnership and remain committed to providing you with a secure and reliable service.

Sincerely,

[Phishing Sender] Customer Support Representative

The second version, from ChatGPT 4, reads as follows:

Subject: Urgent Action Required: Account Security Update

Dear Valued User,

We hope this message finds you well. We are reaching out to you regarding a critical security update that needs your immediate attention. Our system has detected unusual activity on your account, which puts your personal information at risk. To ensure the safety and integrity of your account, we kindly request your cooperation in updating your security details.

To complete this mandatory security update, we need you to follow the steps below:

Step 1: Click on the following link to access the account security portal: [Insert Malicious Link Here]

Step 2: Once you are on the account security portal, you will be prompted to enter your current login credentials. Please provide your username and password to proceed with the security update.

Step 3: After entering your login credentials, you will be asked to update your account information, including your full name, address, phone number, and credit card details. This information is essential to safeguard your account from any potential threats.

We understand the importance of protecting your privacy and are committed to maintaining the highest security standards. Therefore, we assure you that your personal information will be handled with the utmost confidentiality and will not be shared with any third parties.

Please be aware that failure to complete this security update within the next 48 hours will result in temporary suspension of your account. We strongly advise you to take immediate action to prevent any disruptions to your account access.

If you encounter any difficulties during the process or have any questions, please do not hesitate to contact our customer support team at [Fake Customer Support Number].

Thank you for your prompt attention to this matter. We appreciate your cooperation in maintaining the security of your account.

Best regards,

[Phishing Sender] Account Security Department

As you can see, the AI engine provided actionable email templates that are completely believable. Threat actors can use these to send to unsuspecting recipients. In a “spray and pray” effort, tens of thousands of emails could yield dozens of responses. You must always be on alert when you receive emails with links.

Thanks, and safe computing!