Microsoft: Criminals can access your accounts without your password

Microsoft: Criminals can access your accounts without your password

Have you ever felt like just when you’ve nailed your cyber security – BAM! – something new comes along to throw a spanner in the works?

That’s exactly what’s happening right now.

There’s a new scam doing the rounds. And it’s catching out businesses just like yours.

The worst part?

Cyber criminals don’t even need your password.

Scary…

It’s called device code phishing. It’s a clever trick that’s becoming more and more popular. Microsoft recently flagged a wave of these attacks, and we’re likely to see many more.

This one’s different to the usual phishing scams you’ve probably heard about. Normally, phishing is all about tricking people into giving away their usernames and passwords on fake websites.

But with device code phishing, scammers play a smarter game.

Instead of stealing your password, they get you to voluntarily give them access to your account. And they do it using real Microsoft login pages, so it looks totally legit.

It usually starts with a convincing email. Maybe it looks like it’s from your HR person, or a colleague, inviting you to a Microsoft Teams meeting. You click the link, and it takes you to a real Microsoft login screen.

Nothing seems out of place.

You’re asked to enter a code. Just a short one, called a “device code.” This code is supplied in the email, and you’re told it’s needed to join the meeting or finish logging in.

Here’s the catch: By entering that code, you’re not logging yourself in… you’re logging them in.

You’re unknowingly giving the attacker access to your Microsoft account on their device. And because the login goes through the proper channels, it can even bypass multi-factor authentication (MFA).

Yep, even if you’ve got extra security in place, they might still get in.

Once they’re in, they can do a lot of damage. Reading your emails, accessing your files, even using your account to trick others in your company. It’s like handing over the keys to your office and you don’t even realise it.

It’s dangerous because it doesn’t look suspicious. You’re on a real Microsoft site, not some suspicious fake. You didn’t click a weird link or enter your password into a phishing form. Everything looks above board… except it’s not.

And because attackers are using legitimate Microsoft login flows, traditional security tools don’t always catch it.

Plus, once they’re in, they can stay in. They don’t need to keep logging in if they’ve captured your session token (that’s a sort of digital “pass” that keeps you logged in behind the scenes). So even changing your password won’t necessarily kick them out right away.

A big question then: How can you protect your business?

Start by getting your team to be extra cautious with login requests. Especially ones that involve entering codes. If you get a device code from someone, stop and think: Did I request this? Do I know for sure this is real?

If you’re not sure, don’t go through with it. Use a separate method, like a direct phone call or your company’s messaging system, to double-check with the person who sent the email.

Remember, real Microsoft logins don’t involve someone else giving you a code to enter. If that ever happens, it’s a red flag.

From a technical side, your IT team (or IT provider) can also tighten things up. If your business doesn’t need device code login as part of its daily operations, it’s safest to turn it off altogether. They can also put in place extra security rules that only allow logins from trusted locations or devices.

And finally, keep training your people. Good cyber security is about awareness. If your team knows what to look out for, they’re much less likely to fall for these kinds of tricks.

Can we help you tighten up your security? Get in touch.

Searching in Windows 11 is about to get easier… for some

Searching in Windows 11 is about to get easier… for some

How many times have you tried searching for a file, only to forget what you called it?

You know it’s there. You remember writing it, maybe even roughly when.

But Windows search just stares blankly back at you. Or worse, throws up ten random web results and a document from 2019 that has nothing to do with anything.

Sound familiar? So annoying.

It’s a common pain point, especially for teams juggling multiple files, folders, and projects.

Well, get your hands ready to applaud: Microsoft is finally doing something about it.

A new update for Windows 11 promises to make search feel a lot more like a conversation. Instead of needing to remember exact file names, you’ll be able to type something like “find the notes I made for the July project meeting”. Or “show me pictures of the team at the summer BBQ”. And your PC will understand what you mean.

It’s called natural language search, and it’s a big step forward. But only if you’re using what Microsoft calls a Copilot+ PC.

These Copilot+ PCs are Microsoft’s new breed of AI-powered computers. They come with a special chip called an NPU (Neural Processing Unit). This is designed to handle AI tasks locally, right there on your computer, without needing the internet. It’s not just faster, it’s also more private. It powers new features like this smarter search and taps into Microsoft’s Copilot assistant.

Copilot’s built into Windows 11 and Microsoft 365. It can help with everything from drafting emails to generating images. And now, even finding files with vague descriptions.

The feature’s still in testing, but it’s showing up in preview builds of Windows 11 for Copilot+ devices. That means it’s likely not far off from a full rollout. It even works with cloud files in OneDrive, so if your business uses that, you’ll get an even smarter experience.

Of course, if you’re not using a Copilot+ PC, you won’t see this update. At least not yet. But if you’re thinking about refreshing your hardware this year, this might be one of those features worth keeping an eye on. It’s exactly the kind of everyday improvement that saves time and frustration. And gives your team one less thing to wrestle with.

Curious about whether a Copilot+ PC is a smart move for your business? My team and I can help you weigh up the pros and cons… and make sure you’re getting tools that work for how you work. Get in touch.

Beware these free tools – they may be hiding ransomware

Beware these free tools – they may be hiding ransomware

Ever needed to quickly convert a file, say, from a Word doc to a PDF? And found yourself Googling for a free tool to do it?

It seems harmless enough, right?

A quick download, a fast conversion, job done.

But what if I told you that one small click could secretly open the door to ransomware or data theft?

That’s exactly what the FBI is warning about right now. Yes, the FBI.

A file converter does exactly what it says. It takes a file in one format and turns it into another. Maybe you’ve got a PowerPoint that needs to be turned into a PDF for a client. Or you’ve got a bunch of images you want to bundle into a single document.

These tools are often free, and they work. But that’s where the danger lies. Because some of them come with strings attached.

Cyber criminals are using some of these free converters as a cover for more sinister activity. While the tool does what it promises, behind the scenes, it may also be installing something nasty on your system. Such as malware or even ransomware.

What does that mean?

Malware is malicious software. It’s designed to do something harmful without your permission. It might steal your data, spy on your activity, or mess with your files.

Ransomware is one of the worst types of malware. It locks your files so you can’t access them, then demands a payment (usually in cryptocurrency) to unlock them. It’s like someone sneaking into your office overnight, putting all your important documents in a safe, and then charging you to get the key.

Worse still, these tools can also scan the files you upload and scrape them for sensitive information. That could be things like your passwords, banking details, or even personal data. If you’ve ever uploaded something with a customer list, an invoice, or employee details, that’s the kind of gold cyber criminals are after.

The problem is these tools often look perfectly legitimate. And they do what they say on the tin, which makes them hard to spot. That’s why it’s so important to be cautious.

If your business needs quick file conversions, it’s far safer to use trusted, professional tools. The kind that come from known software providers, not random websites you find in a pinch.

Knowing how these scams work is your first line of defence. So, if you or your team ever use online tools like this, it’s worth reviewing where they come from… and whether they’re putting your business at risk.

Need help setting up safe, secure software alternatives for your team? We can do that – get in touch.

This tiny tweak to Teams will make meetings smoother

This tiny tweak to Teams will make meetings smoother

Have you ever sat in a Teams meeting and found yourself gritting your teeth every time someone said, “next slide, please”?

Me too.

And if your business runs a lot of online meetings or webinars, you’ll know the frustration of clunky handovers and awkward pauses when switching between presenters.

Well, there’s good news. And it’s about time.

Microsoft is rolling out a small but mighty update to Teams that’s going to make a surprisingly big difference to how your meetings run.

First, if you’re not too familiar with Teams, let’s quickly cover the basics. It’s Microsoft’s all-in-one communication platform. Video calls, chat, file sharing, and collaboration tools are all combined in one place.

Whether your team is remote, hybrid, or all under one roof, it helps everyone stay connected and productive without needing to jump between lots of different apps.

Back to the update. Microsoft’s introducing a feature that will let multiple people control the presentation slides during a Teams meeting or webinar.

Right now, if you’ve ever tried to co-present in Teams, you’ll know that only one person has control of the slides. Everyone else is stuck asking the presenter to move things along. That’s not only frustrating, but it also breaks the flow of the meeting.

This new feature will let the meeting host hand over slide control to more than one person.

That means if you’ve got a few people presenting different parts of a deck, each of them can take control of the slides when it’s their turn, without stopping the meeting or awkwardly calling out instructions. It sounds like a small thing, but in practice, it’ll make meetings feel much more natural and professional.

This feature has started to roll out already, beginning with the Windows desktop version of Teams. It’ll likely involve the host selecting co-presenters when setting up the meeting. Hopefully, the setup will be as smooth as the presentations will be.

To me, this is one of those updates that should have been added years ago. But hey, better late than never, right?

Alongside other recent improvements like real-time text messaging during calls (great for those who prefer typing over talking), it’s clear Microsoft’s working hard to make Teams more flexible and intuitive.

Need help getting the most out of Microsoft Teams or other tools in Microsoft 365? That’s what my team and I are here for. Get in touch.

Overconfident employees: Your hidden cyber security threat?

Overconfident employees: Your hidden cyber security threat?

You trust your team, right?

They’re smart, capable, and they know better than to click on suspicious links or open unexpected attachments.

They already know that phishing emails look trustworthy on purpose. To trick them into giving away sensitive data or downloading malicious software.

So, they’re not the type to fall for it.

At least, that’s what they think…

Here’s the problem: Just because someone’s confident they could spot a phishing attack, it doesn’t mean they can. It’s a false sense of security – and it’s exactly what cyber criminals count on.

New research has found that a huge 86% of employees believe they can confidently identify phishing emails… yet over half of them have fallen for some form of scam in the past.

Think about that for a second.

These are people who knew about phishing, felt sure they wouldn’t be tricked, and yet still got caught out. That’s because cyber criminals aren’t just sending out the obvious “foreign prince” emails anymore. They’re using sophisticated tactics like:

  • Emails that look like they’re from your bank or suppliers.
  • Fake invoices that appear totally legitimate.
  • Messages that seem to come from your own colleagues.

Because phishing scams have evolved, they’re much harder to spot. And when someone thinks they’re too smart to fall for one, that’s when they’re most at risk.

Overconfidence in cyber security is a classic case of the Dunning-Kruger effect – a psychological phenomenon where people tend to think they know more than they do.

What’s the problem with being too confident?

Well, when people believe they’re invincible to scams, they don’t take the necessary precautions. Instead of double-checking links or questioning unexpected emails, they just assume “I’d never fall for a scam” and carry on clicking. This is how cyber criminals end up accessing business systems and data.

So, what’s the good news?

You can lower the risk of getting hit by a phishing attack. But it starts with a shift in mindset. Instead of assuming your people know what they’re doing, make sure they’re properly informed. Regular phishing awareness training can make a massive difference, helping your staff to recognise newer and more subtle scams before it’s too late.

Training alone isn’t enough, though. Your employees also need to feel comfortable reporting anything suspicious, or they might stay quiet about a potential scam. And that gives cyber criminals the upper hand. Creating a workplace culture where security concerns are welcomed (not criticised) is just as important as education.

Cyber security isn’t about intelligence; it’s about vigilance. Even the most tech-savvy employee can be caught off guard by a well-crafted scam. The key is to assume a threat is real, remain cautious, and never rely on confidence alone. 

The moment someone thinks “I’d never fall for that” is often the moment they do.

Could automation save you from spreadsheet headaches?

Could automation save you from spreadsheet headaches?

Spreadsheets have been a go-to business tool for decades now. They’re familiar and easy to use (and if we’re being honest, we can all feel like a bit of a genius when we get that one formula to work, right?).

The problem is, 90% of businesses are still relying on outdated spreadsheets to manage important data, even though they’re slowing things down and increasing the risk of errors.

Think about it: How often do you get stuck manually entering data, fixing mistakes, or trying to figure out if you’re looking at the latest version of that important spreadsheet? It’s so frustrating – and you’re not alone.

Research shows that although 82% of businesses have automation on their roadmap, only 43% plan to implement it in the next year. This means that many businesses are still dealing with the same spreadsheet-related headaches, when they could be working much more efficiently.

So, how could automation help your business?

Instead of spending hours plugging in numbers and double-checking calculations, automation tools can handle data collection, processing, and reporting for you. That means fewer mistakes, less time wasted, and real-time updates that keep everything running smoothly.

Automation tools also come with built-in security features, so you don’t have to worry about who has access to what.

Despite all these benefits, a lot of businesses are hesitant to make the switch. Spreadsheets feel safe and familiar, and change can be intimidating. But sticking with outdated tools is holding you back.

The good news is you don’t have to overhaul everything overnight. Start small. Look at the areas where automation could save you the most time and hassle, like payment tracking, customer data, or reporting.

Once you see how much easier things get, you’ll wonder why you didn’t switch sooner.

If you’re ready to see how automating some of your business processes could improve productivity, we can help. Get in touch.

Did you notice Incognito mode’s improved privacy?

Did you notice Incognito mode’s improved privacy?

If you’ve ever used Incognito mode in Chrome, you probably know the basics: It lets you browse without saving your history, cookies, or other temporary data.

But was it ever truly private?

Not entirely…

Until recently, if you copied something from an Incognito tab, like text, an image, or a web address, Windows could still save it in your clipboard history and even sync it to other devices.

Not exactly what you might want from a “private” browsing session, right? 

Microsoft has quietly stepped in to fix that loophole, making Incognito mode even more private.

When you open an Incognito tab in Chrome (or InPrivate mode in Edge), your browser stops saving: 

  • Your browsing history (so nobody else using your device can see what websites you’ve visited) 
  • Cookies and site data (so websites won’t remember you after you close the tab) 
  • Form data (so your browser won’t autofill your details next time) 

This can be handy for things like: 

  • Checking flight costs or hotel bookings without tracking cookies causing price hikes 
  • Logging in to multiple accounts without having to sign out 
  • Using a shared computer without leaving a trail 

Let’s say you’re copying confidential business information or a personal message while in Incognito mode. Before this update, Windows would have saved that copied text in your clipboard history, meaning anyone who pressed Windows Key + V later could see it. 

Even worse? If you had Cloud Clipboard enabled (which syncs clipboard data between Windows devices), your copied content could end up on another device entirely.

Microsoft spotted this issue and patched it, making sure that when you copy something in Incognito mode, Windows won’t save it to your clipboard history or sync it to the cloud.

So, now your activity truly disappears when you close the tab (Google has since picked up this change and rolled it into Chrome updates for everyone.) 

Meanwhile, Microsoft has made another small but useful privacy improvement: Media previews are now hidden when using Incognito mode. 

Normally, when you play a YouTube video (or any media) in Chrome, Windows shows a preview of what’s playing whenever you adjust the volume or check the media panel. If you’re on the lock screen, it even shows details like the video title and artwork. 

Watching something in Incognito? Thanks to the update, now it just says, “A site is playing media”. No titles, no thumbnails, no details. 

This means that if you’re watching a sensitive video (business-related or otherwise), there’s no accidental exposure if someone else glances at your screen. 

If you use Incognito mode for private browsing, you’re now getting better protection than before, even if you didn’t realise there was a problem in the first place.

But remember: Incognito mode still doesn’t hide your activity from your internet provider, work network, or the websites you visit. It’s great for local privacy on your device, but it won’t make you completely anonymous online. 

If you need help making sure your sensitive business data stays private, get in touch.

Copilot could soon auto-open in Microsoft Edge

Copilot could soon auto-open in Microsoft Edge

Microsoft is really leaning into AI lately. And its latest idea is to make Copilot open automatically when you launch Microsoft Edge. Right now, if you want to use Copilot in Edge, you must click the little icon in the sidebar. No big deal.

But the auto-open feature would mean Copilot is there, ready and waiting in the sidebar, as soon as you open your browser or start a new tab.

Some people would love this, and some people won’t. But either way, it’s looking more and more like Microsoft wants Copilot to be an everyday part of using Edge. 

Another feature being tested is an “Ask Copilot” button in the Settings menu. This would mean if you ever got stuck trying to change a browser setting, for example, you could just ask Copilot for help instead of digging through all the options. If it works well, it could become a great time-saving feature for businesses.

If your team uses Edge, here’s how you could benefit: 

  • Faster troubleshooting: Something in Edge not working? Instead of searching Google (or calling IT), you could just ask Copilot for help. 
  • AI on standby: Whether you need help summarising a long article, brainstorming an email, or even writing a quick message, Copilot would always be open and ready. 
  • Better security: Microsoft is also testing “Scareware Blocker”, an AI-powered feature that helps detect and block scam websites in real time. 

It’s hard to say when these updates could roll out, if they roll out at all. Microsoft loves to test features in Edge Canary (its experimental version of Edge), but not everything makes the final cut. 

That said, Microsoft has been pushing AI hard, so there’s a good chance this will stick. 

Auto-open for Copilot could be helpful if you like AI and want a built-in assistant that’s always ready to go. But if you prefer your browser to be just a browser, then this update might be annoying.

And of course, there’s the question of privacy. Microsoft hasn’t said how this will work yet, but if Copilot is always open, some people might feel a little uncomfortable with that. 

If this rolls out, Copilot could become a permanent fixture in Edge, helping you work smarter, troubleshoot issues, and stay safe from scams. If Microsoft considers privacy concerns and gives you the option to turn it off (which is possible), it could be a great new addition.

Need a hand getting started with Copilot? We can help – get in touch.

How concerned should you be about cyber attacks?

How concerned should you be about cyber attacks?

Do you feel like you’re constantly hearing about cyber attacks lately?

You’re not imagining things.

Cyber attacks are on the rise. And they’ve overtaken other risks as the number one concern for many businesses worldwide. From ransomware and data breaches to IT disruptions that bring operations to a standstill, cyber threats are keeping business owners up at night – and for good reason.

Imagine losing access to your customer database, having sensitive information leaked, or being locked out of your systems until you pay a large ransom. These aren’t just hypothetical scenarios… this is the nightmare faced by businesses of all sizes every day.

If your business becomes a victim of a cyber attack, the impact could be devastating. It can lead to everything from financial loss to a damaged reputation, not to mention the cost of downtime while your business recovers.

Advancements in technology – especially artificial intelligence (AI) – have given cyber criminals access to more sophisticated tools, making it easier for them to launch attacks.

Cyber incidents are one of the main reasons for business interruption, which is where operations grind to a halt due to unexpected events (like glitches and cyber attacks). As our dependence on digital tools grows, so does the need to protect them.

We bring good news. While cyber threats are evolving, so are the tools designed to combat them. AI-powered technologies can provide better insights, help detect threats earlier and allow for faster responses.

But even with advanced tools, the human element remains crucial. Your employees need to understand the risks and be trained to recognise potential threats, whether it’s a suspicious email or unusual activity in your systems.

So, how concerned should you be about cyber attacks?

Very.

We see that as a good thing. The more aware you are about how serious these threats are, the better you can protect your business. The key is to be proactive. Stay informed, invest in strong security measures, and make your team one of your greatest defences.

If that sounds overwhelming, don’t worry; we can help prepare your employees and make your systems safer. Get in touch.

Beware these common ‘malvertising’ attacks

Beware these common ‘malvertising’ attacks

Think about the last online ad you clicked…

Did you just assume it was genuine?

If you said yes, you’re not alone – and this is exactly what scammers are counting on.

“Malvertising”, or malicious advertising, is where scammers use online ads to trick you into downloading malware (malicious software), sharing sensitive information like passwords, or even handing over money.

These attacks are becoming more sophisticated, and they’re a growing threat to businesses of all sizes. Worse yet, you don’t even need to click on these ads to become a victim; just loading the ad in an out of date browser can be enough to compromise your device.

The three most common malvertising techniques are known as scam malvertising, fake installer malvertising, and drive-by download malvertising. Here’s a little more about them:

  • Scam malvertising is where an ad claims that your computer is infected and urges you to call for support. Once you do, the scammers convince you to install software that gives them control over your system. Then they charge you to “fix” the fake issue.
  • Fake installer malvertising often uses ads that lead you to cloned websites of brands you trust. You download software, thinking it’s legit… but, instead, you’re downloading malware onto your device.
  • Drive-by download malvertising is where ads infect your computer without you even clicking on anything. This type of malvertising exploits outdated browsers and installs malicious files or extensions automatically.

Recognising these scams is the first step to keeping your business safe. If you see an ad claiming you’ve been hacked or urgently need to act, stop and think: How would this company even know anything about your computer?

Also, make sure you double-check links before you click. If the link isn’t sending you to a legitimate domain, steer clear. And most importantly, make sure you’re running the latest version of your browser, as updates patch vulnerabilities that malvertising often exploits.

Don’t forget to share this knowledge with your employees, too. They’re your first line of defence – and training them to spot suspicious ads can save your business from serious trouble.

Scammers want you to trust without thinking. But a healthy dose of scepticism can make all the difference. Next time you see an ad that feels wrong, trust your gut… and ask yourself if it’s safe before you click.

Want to train your team to protect your business from malvertising and other online scams? We can help, get in touch.