top of page

search results

79 items found for ""

Blog Posts (8)

  • Corporate Identity Theft

    Over the past year, business identity theft has increased dramatically. Criminals carry out phishing attacks on companies to make illegal profits from the success of brands, leaving affected companies with detrimental repercussions. PwC data revealed that 47% of businesses worldwide have experienced fraud in the past 24 months. Therefore, it is more imperative than ever for business owners to take immediate action when faced with any form of corporate identity theft. One of the methods that have been developed to achieve a successful scam is what we know as P.I.C.O. which, below, we explain: PRETEXT It is the impulse that is the biggest trigger for purchases or acquisitions, therefore, the first objective is to create a situation that serves as a pretext to make a decision that is clouded by emotion. IMPOSTOR It is here that an individual impersonates the identity of a recognized organization or company to build trust or exploit elements such as brand loyalty or the illusion of belonging. CONTEXT Depending on the temporality or the specific situation of the victim, it is likely that important dates or junctures of events will be used to exploit the need and the moment of need. OPPORTUNITY The sense of urgency creates a very direct mitigating factor about the possibility of losing the opportunity to take advantage of or consume within a limited period. Haste leaves very little room for logical and conscious reasoning. With BeyGoo you can receive an alert that makes it visible when someone is impersonating your organization on social networks, websites, or entire domains and the corresponding measures can be taken.

  • How do we expose our data and those of our organizations?

    When we talk about identity and credential management, many doubts jump about the correct management of access and privileges that an organization must grant to its collaborators, partners or suppliers. It is clear that today, the vast majority of attacks that put at risk the access to information of companies are associated with the management and management of identities, and this risk becomes more extensive the larger an organization is. Therefore, in addition to having adequate control of the income and expenses of credentials, there are other items that must be considered to mitigate the risks associated with theft, impersonation, or misuse of identities. What are the challenges we face in the field of identity protection? Privileges and permissions granted to identities – Neglecting the access levels of identities opens up the possibility that any identity could become a high-level risk. Expired Identities – Any credential that no longer requires access automatically becomes a free pass for unauthorized access and without immediate visibility. External access – All accounts that are not managed by the organization and that have access to some (if not all) parts of the organization's network. Shared identities – All those credentials that are shared in a human/bot/system way increase the chances of leaving a digital footprint in the accesses they make to the network. What aspects should be considered to correctly configure identity and access management? To strengthen the security configuration in access and identity management (IAM), we can consider the following recommendations that, in addition to helping us with the desired order in the data handled, can represent a significant saving in reactive solutions to an incident or security breach. Perform continuous mapping and analysis on all identities in the organization, review their situation, level of access granted, and the accesses they are actually using. Withdraw all permissions that are not used in the different areas and levels of the organization. Determine and comply with a reasonable period of time to delete all expired accounts that are in disuse. Prevent users from registering in the system or self-granting access and/or permissions. Avoid creating shared accounts, this broadens the spectrum of possible security breaches, multiplies the digital footprint, and makes the account a target more susceptible to attacks. Today, there are integrated solutions that turn the IAM into a unified security block, manage credentials and access in an automated way, in addition, they allow to maintain real-time visibility of the state that saves the entire directory of the organization. On the other hand, unifying security based on identity allows you to maintain total hygiene in terms of the accounts, identities and credentials that are used to maintain the optimal workflow; approaching security concepts such as Zero Trust, which drastically reduces the risks associated with identity and access management. For more information, write to us at so we can support you with your needs. Valente Aguilar is currently Marketing Manager at Onistec.

  • Have you been a victim of Vishing?

    Raul Velez is currently Director of Engineering and Professional Services at Onistec. As technology advances to make the tasks of our daily lives easier, cybercriminals are one step ahead in taking advantage of these conveniences to commit their criminal acts and make them unpunished and victims vulnerable to their attacks. Such is the case of Vishing which is the combination of two words in English, Voice, and Phishing, which translated into Spanish is the impersonation through the telephone. In these types of attacks, criminals use social engineering to detect potential victims and manipulate human emotions such as fear, compassion, or greed to achieve their goals. Particularly with Vishing, they seek to trick victims into providing their sensitive personal data over the phone. It is generally recognized that this type of attack has a greater degree of effectiveness compared to traditional phishing (emails) since through the call, more direct and personal communication with the victim is achieved and people are more likely to respond openly and sincerely during a conversation and more if the criminal manages to create a certain Emotional bond such as that it is a relative, will help us solve a problem or that has for us an economic or in-kind benefit. Phishing deception is usually very elaborate as they can use VoIP, Voice over Internet Protocol. This technology allows them to transmit voice calls as digital data packets over IP networks instead of using the traditional method that sends analog signals over the public switched telephone network. And this technology allows to create numbers that supplant the identity of some mainly financial institutions, making the victim believe that the call is real. This makes it easy for scammers to spoof caller ID to look like they're called from a local number or even a company they have contact with. These criminal groups can even have Call Centers with personnel who recruit with experience having worked in these types of centers in such a way that they know the procedures and how to penetrate with people. Many times, in case of not answering the call, they leave a voice message requesting that the call be returned and to see that it comes from a number of an institution with which it is related, it is answered either out of curiosity or to know the reason why they are looking for us. These calls are answered by automated voice systems that will request information and personal data, and many people do not hesitate to provide them since these systems are part of our daily lives. Generally, the purpose of these Vishing calls is to obtain personal data such as credit card details, dates of birth, account access credentials, or electronic banking or simply collect telephone numbers of our contacts so that they can contact them using the information extracted from on the call to appear more legitimate. These calls keep a pattern and usually occur at times of the day when we may be busy so we are less alert to the possible signs that tell us that it is a scam. Some examples of Vishing calls that exploit some of the emotions are: Greed - Through the impersonation of the distant relative who calls us to tell us that he has just arrived from abroad with gifts for the family but that he was stopped by the authorities at the airport because of the high value of the items he brings and that he needs us to send him money to let him pass. They even put us in contact with the "authority" to explain the situation. When the call starts, this type of contact, they take advantage of the condition of some people who out of shame do not accept that they do not know who is calling and often give the scammer's questions information that they use in the conversation to support the presumption of their identity and kinship with the victim. Compassion - As in the previous case, we have a distant relative who is in trouble and who needs us to deposit a certain amount to get out of trouble. And with the intention of supporting you, the request is fulfilled so that you can respond to your need. Fear - The call from the fraud area of our bank, where the caller ID of the phone "confirms" that it originates from the institution. In this, they inform us that in some remote place a purchase is being made with our credit card of a luxury item with a high value and that they need to validate with us if the purchase is legitimate and if not (which is the case) they need some data to be able to block this. To make us trust, in addition to giving our full name and some data they may already have from a stolen database such as date of birth, they give us the first 4 digits of our card, taking advantage of the fact that there are users who do not know that these numbers identify the institution that issues the card and that they are the same for thousands of users. Once the link is established, as part of the process (and to generate more trust) they contact us with the "specialized area" and during the call they play the background messages or music used in real calls of the institution. So, for fear of having to pay for this purchase and with the confidence that they will help us cancel this "purchase", personal data ended up being given that include the validation codes of real SMS messages from the financial institution that reach our phone and that allow them to directly access our electronic banking and with this, they can empty The S accounts. In the latter case, the bank assumes no responsibility if we, even illegitimately, gave access to our account to a third party and they had extracted the resources from the account or purchased items with our line of credit with our valid passwords and access codes. This makes us automatically responsible for purchases and we must pay for them, even if we did not do it personally and for our benefit. While we recognize that the clearest and most immediate objective of Vishing is to access our economic resources for a direct benefit, there are some other benefits for criminals such as using personal data to later request some credit on our behalf. use them to try to deceive our relatives or contacts by taking advantage of the personal information that was shared during the call. While social engineering supported by Vishing seeks to exploit our human nature to fall into the plots of scammers, there are certain actions we can take to prevent us or our family members who, not having a good knowledge of technology, are victims of this type of crime. The first and most important recommendation is that when receiving a call, validate that it is a real call, this can be done by contacting the bank directly through institutional channels (and not with some number that the scammer may have given us). We must always distrust who makes the call and validate that it is whom they say they are and not for the penalty, fall into their guessing game and that we end up giving the information with name and surname and tell them who it is. You have to be aware that, although it is difficult to win in a public raffle or some prize of significant value such as a car or a property, in case you have not purchased a ticket, this becomes impossible and that, if true, they are not going to make a phone call to notify us of the prize but we first have to pay so that they can assign it to us. You must remember: if it's too good to be real, it's most likely not.

View All

Other Pages (71)

  • Home | Onistec

    Together for a safe digital world Leer más Somos una compañía mayorista de Valor Agregado especializada en ciberseguridad, entrega soluciones de alta calidad a empresas de Latinoamérica, Estados Unidos y Canadá de distintos tamaños y segmentos corporativos, a través de un ecosistema de canales que consta de aproximadamente 300 asociados de negocios a nivel regional. Innovation in cybersecurity solutions More than 10 years helping businesses grow! We develop strategies that satisfy the client through protection that allows business continuity and we focus on generating growth opportunities for the channel network in the region. our solutions Recognized for leadership by recognized industry analysts, our solutions are designed to strengthen IT security posture, efficiency and agility with next-generation, proactive, online protection; providing business continuity and adequate protection against new types of threats and business risks. Móviles y Endpoints Centro de datos Seguridad en datos IAM Continuidad del negocio Rendimiento web AML Advanced mobile and endpoint security Advanced Endpoint Threat Hunting, Detection, and Response (ETDR) Extended Detection and Response (XDR) threat intelligence Unifies EDR across mobile devices, endpoints, and cloud workloads. IT hygiene Incident response and proactive services for fully managed endpoint security Endpoint Detection and Response (EDR) for iOS and Android Speeds up and simplifies triaging and responding to mobile threats. Real-time visibility into vulnerable mobile devices and risk settings Protects user privacy and conserves device resources. Our experience We are an extension of your work team Consulting services based on industry regulations and its security frameworks. ​ Next generation technological solutions and leaders in the market​. Proven technical leadership.​ Healthy financial ecosystem that guarantees a long-term business relationship.​ Internet security, efficiency and productivity solutions Brand positioning Channel sales management market penetration business growth Your objectives are also those of Onistec We generate trust and satisfaction from our customers, we work on protection strategies that allow business continuity and growth opportunities for the channel network in the region. Internet security and efficiency solutions. Cloud-based security and productivity solutions (SaaS)​ Security consulting and professional logical security services, as well as advice for international security certifications and regulatory compliance.​ Our services The range of professional services and cyber security consulting options we offer is strengthened by a portfolio of solutions that support our clients' business growth, objectives and investments. Security Consulting and Risk Management Trainings, qualifications and certifications IT audit services and information risk assessment Planning, design and implementation Implementation and administration of security services. Educational seminars on information security Virtual Director of Information Security. (vCISO) Operational security tests Computer Forensics and Incident Response Risks of mobile channel Benchmarking and risks to third parties We work with great technologies We want to know your needs

  • About Us | Onistec

    Our history ONISTEC was founded in 2011, as a Provider of Value Added Solutions. Currently our team has experience in business and channel development, with a strong focus on identity access management, business continuity, disaster recovery, web visibility, content control and infrastructure, data center network security, mobile and data protection, IT governance, risk management compliance consulting services, with a network of specialized channels managed. Based on three axes EXECUTION OF LAUNCH TO THE MARKET see more VALUE OF THE CHANEL see more BUSINESS DEVELOPMENT see more Mission Regional Value Added Wholesaler, specialized in cybersecurity and highly recognized in the region, with high-level attention to our ecosystem of channels and broad market penetration. Vision ‌Be the sales force in Latin America of important new generation cybersecurity brands and business continuity. Affirming the value of each one and their corporate thinking in different business settings. Values Excellence in the result of our work (Business development, efficiency, efficacy, effectiveness, passion). . Integrity in our way of working (Transparency, culture, credibility, trust, honesty). . Commitment to our clients and suppliers (Teamwork, interest in the objectives of the partner and the manufacturer, associated growth, long-term commitment). Presence in Latin America Follow us on social media

  • Onistec | Mayorista de Soluciones de Ciberseguridad, Eficiencia y Continuidad de Negocio BC/DR

    excellence, come to ONIS TEC When you expect We are a wholesaler specialized in next-generation solutions in cybersecurity, efficiency, and business continuity (BC / DR), with a focus on: market penetration, brand positioning and sales management, with a regional ecosystem of highly competent channels. More Info Menu principal Innovation in solutions Cybersecurity More than 10 years helping businesses grow! We develop strategies that satisfy the client through protection that allows business continuity and we focus on generating growth opportunities for the network of channels in the region. Know our solutions Onistec solutions are designed to strengthen your security posture. IT efficiency and agility with proactive and online protection, as well as business continuity with the best Internet security, efficiency and productivity solutions that maintain a clear leadership in the technology market, allowing SMEs and business organizations to respond better to your business needs. BUSINESS CONTINUITY / DISASTER RECOVERY (BC / DR) More info WEB VISIBILITY, INFRASTRUCTURE & CONTENT CONTROL More info DATA PROTECTION More info IDENTITY AND ACCESS MANAGEMENT (IAM) More info DATA CENTER & NETWORK SECURITY More Info DATA CENTER & NETWORK SECURITY More info IDENTITY AND ACCESS MANAGEMENT (IAM) More info Soluciones Our Experience Security, efficiency and productivity solutions on the Internet Positioning branded Sales management to channel Penetration to Market Increase Commercial We are an extension of your work team Consulting services based on industry regulations and their security frameworks. New generation technology solutions and market leaders. Proven technical leadership. Healthy financial ecosystem that guarantees a long-term business relationship. Your goals are also those of ONIS TEC We generate trust and satisfaction of our clients, we work on protection strategies that allow business continuity and growth opportunities for the network of channels in the region. Internet security and efficiency solutions. Cloud-based security and productivity solutions (SaaS) Security consulting and professional logical security services, as well as advice for international security certifications and regulatory compliance. The range of professional services and cybersecurity consulting options we offer is strengthened by a portfolio of solutions that support our clients' business growth, goals, and investments. Contact us Our services Security consulting and risk management Trainings, trainings and certifications IT audit and information risk assessment services Planning, design and implementation Implementation and administration of security services. Information security educational seminars Virtual security director of the inf. (vCISO) Operational safety tests Forensic Analysis and Incident Response Risks of mobile channel Benchmarking and risks to third parties Servicios Partners We work with great technologies Contáctanos We want to know your needs

View All
bottom of page