AVOID Citizens Bank At All Cost

Standard

CitizensNoThis is a follow-up to my post Alert for Citizens Bank Customers from November 2018.  For nearly the past six months, I have been trying to recover funds withdrawn from two different accounts with Citizens Bank that were the victim of check fraud.  In the process, I have come to realize that Citizens Bank is perhaps the worst bank I have ever worked with in my life.  The amount of obstacles and delays that I have encountered is almost unbelievable.  The lack of concern for a client, who is the victim of a crime that looks like an inside job at the bank, is astounding.  Here is an update, based on the original post linked above:

  1. The check fraud perpetrated against my personal account has been refunded.
  2. The ACH fraud perpetrated against my mother’s account has been refunded.
  3. Six fraudulent checks drawn on my mother’s account amounting to almost $5,000 have NOT been refunded.
  4. Funds were withdrawn from my personal account in January 2019 that were not initiated by us.  Citizens charged that same account $90 in overdraft fees as it was at a zero balance, because it was permanently closed on November 5, 2018 when we reported the fraud.

So, where does this stand?

Citizens Bank is now asking that I sign new affidavits to even investigate the fraud on my mother’s account that has yet to be returned.  My mom passed away in late November 2018, so this ongoing matter prevents us from moving forward to complete the affairs of her Estate.  The day we reported the check fraud on our account and hers, we signed and notarized affidavits at Citizens Bank.  Citizens Bank investigated and repaid the check fraud on our personal account, but hasn’t done a thing with the check fraud on my moms.  They have sent me new affidavits two prior times, each of which were wrong.  They asked me to attest that we had not signed the checks in question.  The signature is not the issue.  Another set asked that we send the affidavits to the payee, who is the criminal that perpetrated the fraud.  Sure, lets send the crook an affidavit to sign and notarize.  That makes sense.  The internal controls at Citizens Bank seem to be nonexistent.  Below are copies of the backs of all of the fraudulent checks that Citizens Bank paid.  They look remarkably similar, don’t they?

These images represent six fraudulent checks, presented against two different accounts over a period of a few days.  The original post shows the front of these checks.  These backs clearly show it is the same persons handwriting.  So, given that one fraud case was able to be researched and refunded using the original affidavit, why is it that the larger fraud case is not?  This is the same type of fraud and the same perpetrator, yet Citizens Bank seems unable to even research this.  Why?  They know who they paid these checks to.  Why haven’t they demanded these funds back from that bank, where the thief is doing their handywork?

We also have a letter from Citizens Bank, on their letterhead, signed by the Assistant Branch Manager confirming that our accounts were permanently closed due to extreme fraud.  Here is a slightly redacted copy of that letter, as I do not hold the manager who signed this at fault for this terrible situation.

CitizensLetter.jpg

I post this letter, becuase how could Citizens Bank process charges and assess us overdraft fees on a permanently closed account?  They did and then charged it off and reported us to an agency that monitors delinquent checking accounts.  Clearly, no one is paying attention to what is going on within the bank.

Over the last six months, I finally was able to get this case escalated to the Office of the Chairman and have been in contact with a woman there for the last month.  It is under her escalated watch that this charge off took place and the fourth request for new affidavits has been received.  Throughout, we the victims are made to feel like this is our fault and the burden is solely on us to push and push and push for resolution.  Not once has Citizens Bank accepted responsibility for this ongoing saga, not even when refunding two of the fraud cases.  The funds just appeared, with no admission of responsibility.

Just this week, I requested to speak with the manager of the person in the Office of the Chairman as I am at my whits end with how to make progress.  Would you believe that she would only provide the managers first name?  A very common first name no less.  There must be hundreds of Citizens Bank employees with this persons name.  I had to push hard before she would finally provide me with this persons phone number, but never her last name.  I left this manager a message yesterday, after waiting over 24 hours to hear from her.  I have yet to have my phone call returned.

This is the type of bank Citizens Bank is.  I urge anyone who banks with them to find another bank before you become victimized by their lack of internal controls and accountability.

Fortunately, our local police department has assigned a detective to our case and the State AG’s office has engaged the State Banking Commission and the US Comptroller of the Currency to try to help us.  I’m hoping by increasing the pressure on the bank that someone of reason will become involved and refund the money that has been illegally held from us for the past six months.  Any bets on whether or not they pay us interest on these funds they have illegally withheld from us?

How Do We Fill Millions Of Open Tech Jobs?

Standard

Todd Thibodeaux is the CEO of CompTIA, the Computing Technology Industry Association, the non-profit, global tech trade association connecting innovators with
experienced technology solution providers, who together, are actively redefining the state of business technology.

I have had the pleasure of knowing Todd for past 10+ years, since the time when he interviewed for the CEO job.  We have worked together in many capacities, most recently during my service to the Board of the Directors of CompTIA.  I consider Todd a valued professional colleague and a friend.  His vision for tech and how CompTIA can advance tech on the global stage is inspiring.  Todd and his team do amazing work, every day, to help more people enter the tech workforce and to help tech play an ever more important role in just about every aspect of our personal and professional lives.

One of the critical issues facing the tech industry in recent years is a severe skills shortage.  In my own professional life, hiring is one of the most difficult things we deal with as the labor market is so tight.  As a nation and a global society, the amount of open tech jobs poses a real threat to our ability to progress and confront new challenges.

Todd wrote the following “Last Word” article for the current issue of CompTIA World magazine, the member magazine of CompTIA.  I think what Todd has written is so important, that I wanted to share it here on my blog.  I hope you find it as valuable as I do.

If you’d like to read this piece online, you may access CompTIA World’s online edition here and jump tp Page 80.  Otherwise, read on…

CompTIA CEO Todd Thibodeaux describes 10 ways we’re going to get there.

ToddT

by Todd Thibodeaux

There are 36 million people in the global workforce today, and four million open tech positions globally – a gap of about 10 percent.

Expect that number to get even bigger.
The number of open tech jobs has hit almost 800,000 in the U.S. All those people are not going to come from university degree programs and the traditional places from which we’ve been able to source our tech workforce in the past. We have to think of new things to do now to feed the tech talent pipeline as we go forward. Here’s how we’ll get there – in 10 steps.

1. Bridge the Confidence Gap
We need to get more people to recognize they can work in the industry; to realize it’s
not this mysterious, magical place that requires you to be Einstein or Stephen Hawking.
Anybody can acquire the skills to come into tech. I ask everybody to talk to young people,
to talk to people who are transitioning from one career to another, someone who’s not
satisfied with their career, to say “Hey, you should actually look at tech, because you can
acquire the skills to work in this industry.”

2. Realize Parents Are Part of the Problem and the Solution
Parents a lot of times will mirror the things that they think they’re capable of, and then
they’ll impress those upon their kids, thinking “Well, I was doing this type of job, my kid
can do that.” So, we’re doubling our efforts this year to target parents to get that message
more effectively to kids that they can work in the tech industry. We have to get parents
to think more broadly about the industry and the types of people who can work in the
industry.

3. Stop Emphasizing Math and Science as Integral to Success in a Tech Career
Speaking on CNBC last year, LinkedIn CEO Jeff Weiner recommended we stop focusing
so much on coding, math and science and focus more on developing soft skills in our
incoming workforce. People who start with strong sets of soft skills tend to do better when they get out into the workforce and can then acquire tech skills. Soft skills are so important; you don’t see people sitting down doing differential equations and calculus, or algebra even, in their day-today jobs.

4. Devote A Lot More Attention to Teacher Training
We’re going to dramatically see the brain-drain that we’ve seen in other industries in the tech learning space. Teachers who are teaching tech today are in their fifties and sixties and they’re going to be retiring. We don’t have that young pipeline of teachers coming
up who have the technical knowledge and skills to fill that gap. We need to do a lot more right now to build the next generation of tech teachers.

5. Reintegrate a Full Tech Curriculum in Pre-University Education Programs
When you think about tech companies in general, the majority of people who are working for pure tech companies aren’t even in tech roles. They’re in marketing, sales, logistics, finance – you name it. From an education standpoint, we need to move away
from the idea that you can do everything with just coding. We see more and more schools coming around to the idea that they need to reintegrate a full tech curriculum. We need this full perspective of what the industry really has and what it means, so kids see the full breath of jobs.

6. Deemphasize University Degrees and Emphasize Pre-Employment Training
In my opinion, there’s virtually no entry level job that requires three to five full years of school. You can take just about anybody and give them six to nine months of training in a particular field and, if they have the ambition and drive, they can do it without having to go through the whole university degree process accumulating all this debt. We prove
that every day in our IT-Ready program, where we take people who have no tech background – some of them have never even turned on a computer – and eight weeks later they’re job ready.

7. Start Building an Education System Now for a Future of AI, Robots And VR
Emerging technologies can change an entire industry environment; to where we might have 40 percent of the workforce globally being disrupted, losing their jobs entirely or being asked to completely re-skill. The education system that we have today is unequipped and this idea that you have to go back to school if you want to shift career fields just doesn’t make sense if it’s on a huge scale. So, we need to create a system that can accommodate disruptive technologies like AI, robotics and VR.

8. Grades 9 to 12 Should Be More About Helping Kids Find Out What They’re Good At
Schools are doing what they think is a really good job of preparing kids but spending all this time cramming them full of knowledge that they’ll probably never use. Today, so much of that information, if you need it you can find it almost instantly – we’re in a
Google-era and all this information is available. We can do a lot better job of helping kids understand what things they might be good at and, because we know what kinds of skills are needed in particular jobs roles and industries, steering kids in that direction.

9. Employers Have to Step Up and Do Their Part
Right now, we have employers being extremely picky; tending to only hire people who meet their exact qualifications and specifications for a job. But all those people are already working for somebody else. The market is tapped out. You have to be willing to take people who are only halfway there. Further, employers need to start looking in non-traditional places in nontraditional ways. They just keep posting ads in the exact same spots with the exact same qualifications – including college degrees.

10. Soft Skills Are More Important Than Entry-Level Knowledge In Most Cases
In any industry, if you ask employers what’s the most important skills they see coming in, it’s not degrees, it’s not certifications … it’s soft skills and the ability to come in and be a functioning, communicative part of the team from day one. That’s the most important skill-set that we need to have for kids. So, if you know young people who seem to be
great communicators and have soft skills, absolutely encourage them to work in the industry because it’s one of the best places that you can go.

Be Sure Office 365 Is Secure

Standard

This article was published in the March 17, 2019 editions of Foster’s and Seacoast Sunday.

0365-security-and-complianceIf your business uses Office 365, you need to be sure that you secure your tenant. As more and more businesses embrace Office 365 for email and the host of other services that comes with it, hackers have increased their attempts to compromise the service. You’d be surprised how frequently Office 365 tenants are compromised due to a lack of best practices to ensure its security.

Some of the most common compromises involve email phishing attacks, when hackers send you an email that looks amazingly legitimate, but is not. The email often asks you to login to your Office 365 account to reset your password, check your email quarantine or some other reason. Unless you check the links to confirm where they are taking you, you could very easily login to a compromised web site that exists soley for the purpose of capturing your username and password. Once captured, a hacker is able to mirror your email account or worse.

In some cases, hackers may use specific code to insert rules into your mailbox to forward every email you send and receive to the hackers email account. In this example, hackers monitor your email traffic with the intent of spoofing your email and sending email messages that look to be from you, but are really from the hacker. This is how many hackers steal money, but impersonating an actual user and sending requests for funds to be electronically transferred that may seem legitimate, but are far from it. While on the surface, this may seem hard to believe as you would think common sense would prevent someone from doing this. However, millions of dollars are lost every year to scams like this.

So, with increasing attacks against a very robust and popular email service, what should you do? For one, be sure you have an experienced resource to setup your Office 365 accounts that knows how to properly secure them. In its default configuration, Office 365 offers reasonable protections, but it is not hardened to prevent targeted attacks like the one described above and countless others.

It should go without saying that your user accounts should be setup with complex passwords that are required to be changed every 90 days. In most organizations, these accounts should be tied to your organizations Active Directory as well. It should also go without saying that you should enable 2 Factor Authentication, which is included with Office 365, to further secure your accounts and prevent most of these attacks from being successful.

There are many advanced hardening techniques that should be used. These include things like enabling all logging on the accounts. Should you ever suspect and issue, these logs will be critical to finding the data to validate whether or not you have been compromised. There are several highly technical elements to hardening Office 365 that I will not go in to here as it will not mean much to non-technically oriented readers.

A simple technique you can employ to help limit your risk of suffering a successful phish is to brand your Office 365 logon screen. Most hackers will not go through the added effort to determine if your organization is using a branded login page. By changing this page from its defaults, you can help avoid the risk of users being tricked into entering their username and password in to a compromised web page.

Like any online service, even those exposed to the Internet from internal networks, it is critically important to properly secure your systems. These risks are in no way unique to Office 365. The point is, you can’t settle for default configurations. Once hardened, you then need to be sure you have proper monitoring and alerting in place, so that you know of any and all attempts to compromise your systems.

 

Technology And The Modern Conference Room

Standard

Conference rooms used to be a safe haven from technology. Not any longer. When was the last time you were in a meeting in a conference room that didn’t include a large monitor displaying some content, or sitting around the table with most people on their laptop or tablet? Probably not recently.

Conference room technology has come a long way in a short amount of time. This means interactive, content rich meetings have become the norm. No longer relegated to expensive conference rooms only found in the offices of Fortune 500 companies, even the smallest organizations now sport technology-driven conference rooms.

Microsoft-Surface-Hub-in-Use

From touchscreen monitors to fully interactive electronic whiteboards and wireless display capabilities, businesses of all sizes can now affordably outfit their conference room with up-to-date technology. Companies like Microsoft, Sharp and Infocus make some of the easiest devices to implement. The Infocus MondoPad, Microsoft Surface Hub and Sharp Aquos Board are among the market leaders for small and mid-size organizations. They range in price from around $2,000 to upward of $10,000, depending on the features. Some of these units, like the Microsoft Surface Hub, can be strung together to create an entire smart wall of monitors, though that can get quite expensive. Using a single unit to replace a traditional whiteboard or monitor will introduce interactive touchscreen capabilities as well as the ability to run applications and get online.

Video conferencing solutions like GoToMeeting, WebEx and Zoom really come to life on these large screen interactive monitors, allowing you to see the remote parties and interact with applications and presentations for a truly rich meeting experience.

For those organizations who may want an even simpler solution, you can consider installing a large smart TV on your conference room wall, adding a webcam to it and using wireless display technologies to connect a computer to the smart TV without having wires dangling all over the room. There are several brands of smart TVs that can be purchased for well under $1,000 in sizes as large as 65 inches or more. These devices have embedded apps and browsers that allow you to get online with a web browser and in some cases, connect a computer to the display wirelessly.

If you have a smart TV that does not include an app to wirelessly connect your computer, you can purchase an inexpensive adapter to do this. Microsoft makes a wireless adapter that plugs into an HDMI port on the smart TV that will allow any Windows 10 PC to wirelessly connect. Several other companies make similar adapters that range from $50 to $200, depending on quality and distance needed. For Apple devices, if your smart TV supports AirPlay, you may use that. If it does not, AppleTV will allow you to connect or any number of adapters are available as well for similar prices as the Windows adapters previously mentioned.

There are also any number of fully integrated conference room solutions that combine a motion-activated camera with an online meeting solution that connect to any type of monitor, but like some of the first options mentioned, these can become expensive quickly.

As collaboration platforms like Slack and Microsoft Teams, the two market leaders, continue to evolve, they will become more important interactive meeting tools. From scheduling the meeting to check and avoid conflicts, to hosting the meeting within the collaboration tool on a conference room monitor like one of the options mentioned previously, technology is embedded in nearly every conference room you enter.

This article originally appeared in the March 3, 2019 editions of Foster’s and Seacoast Sunday.

A Sophisticated Phishing Example

Standard

I wanted to share this email that I received today.  It’s a sophisitcated example of a phishing attack.  An email that looks remarkably legitimate and aims to trick you to click a link and log in to what may look like a legitimate site, but is actually a site designed to capture your login credentials.  Once captured, the hackers use your credentials to compromise your account and impersonate you.  Check out this message…

New-Office-365-Phishing-3047459221-1552525451126.png

This is a remarkably well crafted message.  Many users would click on the Click Here link and get caught by this phish.  Let’s look at this message more deeply and see how we could learn that this is not legitimate.

Email Address

When you hover you mouse over the link with the email address, you will see that this is a correct link showing the right email address.

However…

Click Here

When you hover your mouse over the “Click Here” link you will see a long URL that is actually malicious.  The domain is not Microsoft, nor Office 365 and will take you to the compromised web site that will capture your login information and compromise your identity.

Set-Your-Preferences.png

Hovering over the “set your Message center preferences” reveals the same malicious link.

Privacy-Statement.png

As it does when you hover over the Privacy Statement.

Fake-Address.png

If you have received communication from Microsoft in the past, you may recall that Microsoft’s address in One Microsoft Way, not One Micro Ave.  This would be an indicator that this email is not legitimate.

Unsubscribe

Finally, don’t fall for the “Unsubscribe” trick.  You might think that unsubscribing would be a good idea to try to stop these phishing messages.  But when you hover your mouse over the unsubscribe link, you will see it links to the same malicious site as all the other bad links.

To summarize, the first link in this email is legitimate, all the rest, are not.  This is a sophisticated phishing message that looks very real.  You simply can’t be too careful.  Don’t get caught falling for this attack.  Stay safe online!

Ask The Board

Standard

This article was published in the March 1, 2019 edition of Channel Executive Magazine.

Q | Many distributors and some channel vendors are adopting a “marketplace” approach to the solutions they sell through channel partners, particularly in the rapidly expanding cloud services space (Ingram Micro and ConnectWise provide good examples). How are channel-dependent IT service providers responding to the marketplace concept?

A | THIS ALL DEPENDS ON THE MSP. Some love the marketplace idea, especially through a partner like ConnectWise, as it allows them to leverage larger scale than they will have on their own. This translates into more offerings, as the MSP potentially does not have to meet sales and/or training requirements from each potential partner, as well as better pricing than they may be able to gain on their own. Larger MSPs don’t tend to gravitate toward these marketplaces in the same way. They are often able to obtain the pricing levels they require based on commitments or volume, and they have the technical expertise in-house to be able to work with a specific vendor partner directly. Where I see a blending of the two is with the distribution marketplaces. Distribution has incentive to drive volume in terms of sales and the number of engaged partners, to maximize their own margins. In turn, MSPs procuring through distribution may find it easier to work through this channel than it would be in a direct relationship. There may also be incentives to the MSP in terms of distributor support and training made available to them.



Q | What potential new business or additional solution set opportunities do you anticipate leveraging as a result of the host of new applications coming available to the channel through marketplaces?

A | I SEE MORE MSPs LAYERING IN ADDITIONAL SECURITY SERVICES to their offerings through these marketplaces. AV/AM and email spam filtering have long been staples of these marketplaces. I’m starting to see more security-focused services like web filtering gaining traction here as well. As MSPs try to offer more security-focused services, without necessarily declaring themselves an MSSP, I’m starting to see more security-centric offerings in the marketplaces. As MSPs become more security-focused, these marketplaces are uniquely positioned to help smaller MSPs embrace these technologies to help their clients.



Q | What organizational or managerial adjustments must IT service providers consider as the “marketplace” tech acquisition/distribution model takes hold?

A | I’M NOT SEEING MUCH NEED FOR ADJUSTMENT IN THIS AREA, outside of the core procurement function. This is just another channel through which these acquisitions are made. That said, a marketplace through an organization like ConnectWise holds a unique advantage for their customers as they often bundle in the integrations required to account for the usage of the various marketplace services that address usage, billing, and reporting. Regardless of how these technologies are procured, the MSP must be able to accurately account for utilization, for both costing and sales pricing, as well as reporting, to show the customer the value of paying for these services.