Driz Group Blog

Stay up to date with the latest cybersecurity research, news and alerts.
Search Engines Blacklist Fewer Sites, Study Shows

Search Engines Blacklist Fewer Sites, Study Shows

Search Engines Blacklist Fewer Sites, Study Shows

A study conducted by SiteLock showed that search engines are blacklisting fewer sites.

Blacklisting happens when a search engine removes a website from its results due to the presence of a malicious software (malware).

In the second quarter of 2018, SiteLockanalyzed over 6 million websites through the use of malware scanners. SiteLock’s analysis showed that search engines like Google and Bing only blacklisted 17.5% of infected websites with malware in the second quarter of 2018, a 6% decrease from the previous year.

Prevalence of Website Malware

Website visitors and website owners alike rely on search engine warnings. On the part of website visitors, they rely on search engines to flag malicious websites that may leave them unprotected as they surf the web.

According to SiteLock, when website owners rely mainly on search engine warnings and outwardly facing symptoms, they may be missing malware that’s attacking their website visitors.

Even as search engines are blacklisting fewer sites, malicious websites aren’t getting fewer. SiteLock’s study showed that 9% or as many as 1.7 million websites have a major security vulnerability that could allow attackers to embed malware on them. The 3 most common security vulnerabilities on websites identified by SiteLock are SQL injection (SQLi), cross-site scripting (XSS) and cross-site request forgery (CSRF).

SQLi security vulnerability allows attackers to inject malicious database code into website text fields or forms. In an SQL injection attack, an attacker can gain full access to the website’s MySQL database, administrative back end or the entire website. MySQL refers to an open source management system that makes it convenient to add, access and manage content in a website’s database. 

XSS security vulnerability allows attackers to inject malicious code into a web form or web application. In a cross-site scripting attack, the web application is tricked into doing something that it isn’t supposed to do. CSRF, meanwhile, is often used with social engineering – tricking victims. In a cross-site request forgery attack, an attacker forces authenticated users to do unauthorized actions while logged into a vulnerable web application.

SiteLock’s sampled websites showed that 7.19% of sites have an SQLi vulnerability, 1.56% of sites have an XSS vulnerability and .19% of sites have a CSRF vulnerability.

Browser-Based Cryptojacking

SiteLock’s study also found that sampled websites experience an average of 58 attacks per day, with 1% of the sites infected with a malware. The study further found that website attacks are becoming increasingly sneaky and difficult to detect. An example of a symptomless attack on websites is the browser-based cryptojacking, which doubled (2%) in number compared to last year’s number (1%), according to SiteLock’s study. In browser-based cryptojacking, an attacker hijacks a browser to mine a cryptocurrency.

McAfee’s Blockchain Threat Reportshowed that nearly 30,000 websites host the Coinhive code for mining cryptocurrency with or without a user’s consent. This number, according to McAfee Labs, only accounts for non-obfuscated sites, which means that the actual number is likely much higher.

As it stands, Coinhive resides in a gray area of legitimacy. In an ideal world, both the website owner and website visitor must consent to Coinhive’s browser-based cryptocurrency mining. 

A website owner or, in the case of a cyberattack, an attacker may embed the Coinhive code into a website. When a user visits a website with an embedded Coinhive code, the cryptocurrency called “Monero” is then mined from the user’s browser using the computing power or CPU of the website visitor. As of October 21, 2018, the price of one Monero coin is $103.

When the Coinhive code is embedded into the website by a website owner, the cryptomining income goes to the website owner. When the Coinhive code is embedded by a cyberattacker, the cryptomining income goes to the attacker.

Coinhive code made its way to YouTube. In January this year, Trend Microdiscovered that attackers abused Google’s DoubleClick ad platform, enabling the attackers to display ads on YouTube that contain the Coinhive code. YouTube visitors in select countries, including Japan, France, Taiwan, Italy and Spain were affected, with 80% of the affected visitor’s CPU resource was used to mine the cryptocurrency Monero.

“Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we’ve been monitoring actively,” a Google representative said in a statement. “We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms.”

Check Pointranked 3 browser-based cryptocurrency mining scripts Coinhive (ranked #1), Crypto-Loot (ranked #2) and JSEcoin (ranked #4) as “February 2018’s Top 10 ‘Most Wanted’ Malware”.


Here are some of the security measures that need to be put in place in order to prevent attackers from installing malware into your website:

Use a Website Malware Scanner

A website malware scanner allows website owners to check their sites for web-based malware.

Keep All Website Applications Up-to-Date

Ensure that your web applications are up-to-date. Using outdated web applications with known security vulnerabilities can leave your website vulnerable to exploitation by cyberattackers.

Use Web Application Firewall (WAF) 

Filtering web traffic via WAF is one of the measures in protecting your website from a successful cyberattack. Your traditional perimeter firewalls don’t protect your website.

Contact ustoday if you need assistance in protecting your website against cyberattacks.

Latest Phishing Campaign Attempts to Install Remcos Remote Access Tool into Victims’ Computers

Latest Phishing Campaign Attempts to Install Remcos Remote Access Tool into Victims’ Computers

Latest Phishing Campaign Attempts to Install Remcos Remote Access Tool into Victims’ Computers

Thousands of Icelanders have been targeted in the latest phishing campaign that attempts to install the Remcos remote access tool into the victims’ computers, this according to the recent report by Cyren. 

While the actual victims may seem low, Cyren said, this could be the largest cyberattack to hit Iceland, a country with just close to 350,000 population.

Latest Phishing Attack Modus Operandi 

Magni Reynir Sigurðsson, senior threat analyst at Cyren, reported that the phishing campaign targeting Icelanders, which has been observed since October 6th, begins with an email impersonating the Lögreglan – Icelandic police. The email requests the recipient to come to the police station for questioning. The email also threatens the recipient that an arrest warrant may be issued in case of non-compliance.

The attackers registered the domain name www[dot]logregian[dot]is. This domain name, on the first glance, is very similar to the official domain name of the Icelandic police www[dot]logreglan[dot]is. The only difference is that the “l” in the official site is changed to “i”. Buying this similarly named domain enables the attackers to send emails with sender address ending in “logregian[dot]is”, which on the first glance, closely resembles the emails from the official Icelandic police ending in “logreglan[dot]is”. 

The link provided in the phishing email that purportedly leads to additional information about the case leads to the phishing site www[dot]logregian[dot]is that strikingly resembles the official site of the Icelandic police www[dot]logreglan[dot]is. 


In the phishing site, the victim is asked to provide an Icelandic social security number. Unlike other phishing sites which can be fooled by entering wrong data, this phishing site knows whether the victim is entering the wrong social security number or not. When a wrong number is entered, an error alert is shown, and when the number entered is correct, this leads to a new phishing webpage that displays the victim’s actual name. Sigurðsson hypothesized that the phishers used a database, containing Icelanders’ social security numbers and actual names, that was leaked years ago.

Being able to match the social security number with actual name further give credence to this phishing campaign. To give further credence to this campaign, the attackers ask the victim to enter the authentication number contained in the email that was sent to him.

Entering the authentication number leads the victim to another phishing webpage that automatically downloads a .rar file that purportedly contains additional document about the case. When this .rar file is extracted, a .scr file (Windows Screensaver) disguised as a Word document with file name “Boðun í skýrslutöku LRH 30 Óktóber.scr”, roughly translated to English as “Called in for questioning by the police on October 30th” is shown.

When this disguised Word document is executed, a file called “Yfirvold.exe” and “Yfirvold.vbs” are dropped into the victim’s computer. Sigurðsson said that the Yfirvold.vbs file is placed in the Windows Startup folder so that in case the victim reboots his computer the .vbs script will execute Yfirvold.exe – a malware that uses the code and components from a known remote access tool called “REMCOS”.


REMCOS stands for Remote Control & Surveillance Software. This software is sold online by the company called “Breaking Security”. Remcos’ price ranges from €58 to €389. Buyers of Remcos can also pay using a variety of cryptocurrencies.

Breaking Security markets Remcos as a legitimate software that allows users to remotely control and monitor Windows operating system, from Windows XP and all versions thereafter, including server editions. In addition to selling Remcos, Breaking Security also offers Octopus Protector, keylogger and mass mailer. Octopus Protector encrypts a file laden with malware on the disk, allowing it to bypass several antivirus protections. Keylogger records and sends the keystrokes made on a computer, while a mass mailer sends large volumes of emails.

In the case of the phishing attack targeted against thousands of Icelanders, according to Sigurðsson, the Remcos that’s installed into the victims’ computers comes with keylogging capability, collecting input from the victims’ keyboards and storing them in logs and then uploading them to the command and controller servers controlled by the attackers. These servers, Sigurðsson said, are located in Germany and Holland.

The Remcos that’s installed into the victims’ computers in the Iceland phishing attack also comes with a fact checker that checks if the victims are accessing the largest online banks in Iceland. According to security researcher MalwareHunterTeam, this fact-checking capability is a selective keylogger feature of Remcos.

According to researchers at Cisco Talos, Remcos was also used to attack international news agencies, diesel equipment manufacturers operating within the maritime and energy sector, and HVAC service providers operating within the energy sector.

“Since Remcos is advertised and sold on numerous hacking-related forums, we believe it is likely that multiple unrelated actors are leveraging this malware in their attacks using a variety of different methods to infect systems,” researchers at Cisco Talos said.

Similar to the phishing attack targetting Icelanders, the cyberattacks mentioned by Cisco Talos started with a phishing email, purportedly coming from a government agency and comes with an attached document.

Embedded into the attached document is a small executable. “The extracted executable is simple and functions as the downloader for the Remcos malware,” Cisco Talos researchers said. “It is a very basic program and is used to retrieve Remcos from an attacker-controlled server and execute it, thus infecting the system.”


While the company behind Remcos claims that its software is meant for legitimate use, data in the wild, including the cyber incidents reported by Cyren and Cisco Talos demonstrate that Remcos is being used by malicious actors.

Remcos is a powerful remote access tool that’s being regularly modified to include new functionalities to remotely control and monitor any Windows operating system.

Make sure that your organization is implementing security measures to combat Remcos and another phishing modus operandi.

When you need help, we are a phone call away. Connect with ustoday and protect your business.

Difference Between Malware Outbreak and Ransomware Attack

Difference Between Malware Outbreak and Ransomware Attack

Difference Between Malware Outbreak and Ransomware Attack

Are malware outbreak and ransomware attack the same or are they totally different?

The Canadian restaurant chain Recipe Unlimited prefers using the phrase “malware outbreak” over the phrase “ransomware attack”. In a statementissued last October 1, Recipe Unlimited said that it has been experiencing a partial network outage as a result of a “malware outbreak” since September 28, this year. The company didn’t go into details what type of malicious software (malware) infected its IT system.

Recipe Unlimited, formerly Cara Operations, franchises and/or operates more than 1,000 restaurants across Canada, including Swiss Chalet, Montana’s, East Side Mario’s, Harvey’s, St-Hubert, The Keg, Milestones, Kelseys Original Roadhouse, New York Fries, Prime Pubs, Bier Markt, Landing, Original Joe’s, State & Main, Elephant & Castle, The Burger’s Priest, The Pickle Barrel and 1909 Taverne Moderne.

To prevent further spread of the malware, Recipe Unlimited said it took precautionary measures such as taking a number of systems offline and suspending internet access to affected locations. These precautionary measures resulted in the temporary closure of some of Recipe Unlimited’s restaurants, while those open can only accept cash.

CBC, on the other hand, got hold of a screencap of the ransom note that appeared on the computer compromised by attackers in the Recipe Unlimited’s attack.

The ransom note states, “As soon as we get bitcoins you’ll get all your decrypted data back.” Regarding the actual ransom amount, the ransom note states, “Every day of delay will cost you additional +0.5 BTC [Bitcoin]”. As of October 4, 2018, the price of one Bitcoin hovers around $6,500. The ransom note also states that aside from decrypting all the encrypted data, the company will also “get instructions how to close the hole in security and how to avoid such problems in the future”.

When contacted by CBC, the spokesperson of Recipe Unlimited denies that the company’s data is being held for ransom by attackers. “We maintain appropriate system and data security measures,” Recipe Unlimited spokesperson told CBC. The spokesperson also told CBC that the ransom note is a “generic” statement associated with the malware called “Ryuk”. In its earlier statement, Recipe Unlimited said it conducts “regular system back-ups to enable us to restore impacted systems”.

What Is Ryuk?

Ryuk is categorized as a ransomware – a malware that encrypts or locks files in hundreds of computers in each infected company and asks for a ransom payment in exchange for the decryption key to unlock the locked files. This ransomware targets organizations that are capable of paying a lot of money.

Some of the victims paid exceptionally large ransom in order to retrieve their files. Back in August this year, Check Point researchers reported that Ryuk attackers earned over $640,000 from ransom payments paid in varying amount (ranging between 15 BTC to 50 BTC) from victims worldwide.

According to Check Point, the source code of Ryuk closely resembles the source code of another ransomware called “HERMES” – the malware used in the attack against the Far Eastern International Bank (FEIB) in Taiwan. In the FEIB attack, $60 million was stolen in a sophisticated SWIFT attack, though this amount was later retrieved.

The difference between HERMES ransomware and Ryuk ransomware, Check Point said, is that while HERMES ransomware was delivered to FEIB’s network as a diversion, Ryuk ransomware is “by no means just a side-show but rather the main act”.

What Is a Malware Outbreak?

Malware outbreak refers to a large-scale malware attack that causes widespread damage and disruption to an organization and necessitates extensive recovery time and effort. Ryuk ransomware’s impact on its victims amounts to a malware outbreak.

Preventive Measures

Here are some measures in preventing a malware outbreak or ransomware attack, as well as some of the security best practices in handling such outbreak or attack:

Keep All Software Up-to-Date

Keep all your organization’s software up-to-date as cyberattackers are known to infiltrate networks using known software security vulnerabilities that are already patched by software vendors.

Practice Network Segmentation

Network segmentation refers to the practice of dividing a computer network into subnetworks. One of the advantages of network segmentation is that in case one subnetwork is infected by a malware, the other subnetworks won’t be infected.

Contain the Outbreak

It’s important to contain the outbreak. Many ransomware programs have a worm capability. This means that the ransomware has the ability to spread itself within networks without user interaction.

One of the effective means of containing the outbreak is by quickly disconnecting infected systems from the overall network infrastructure. Physically disconnecting network cables and applying access controls on network devices are examples of disabling connectivity. One of the side-effects of containment is that this will affect the operation of other non-infected systems in the network.

Full Malware Eradication Process

Containment only stops the spread of the malware. The fact that the malware is still inside your organization’s IT system is a security risk. Full eradication process is necessary in parallel with the containment process.

Backup Critical Files 

Make sure to conduct regular backups of critical files so that when an outbreak or cyberattack happens, your organization can get back up again by restoring the impacted systems. Backups also ensure that attackers won’t have a leverage in your organization’s impacted systems as backups can easily be restored, rendering the attackers’ demand for ransom futile.

When you need help, contactour cybersecurity experts and protect your data.

Why Your Organization Should Replace All TLS Certificates Issued by Symantec

Why Your Organization Should Replace All TLS Certificates Issued by Symantec

Why Your Organization Should Replace All TLS Certificates Issued by Symantec

October 2018 is a crucial month for anyone owning a website as two of the world’s biggest browsers, Chrome and Firefox, will “distrust” TLS certificates issued by Symantec.

What Is a TLS Certificate?

TLS stands for Transport Layer Security. This technology is meant to keep the internet connection secure by encrypting the information sent between the website and the browser, preventing cybercriminals from reading and modifying any information that’s being transferred.

The more popular TLS isn’t free. A website owner has to buy this technology – referred to as TLS certificate – from any of the companies trusted by browsers. Symantec was once a trusted issuer of TLS certificates by Google, the owner of Chrome, and Mozilla, the organization behind Firefox.

HTTPS, which stands for Hyper Text Transfer Protocol Secure, appears in the URL when a website uses a TLS certificate. Google has also been rewarding websites using TLS certificates with improved web rankings. As of July 2018, according to Mozilla, 3.5% of the top 1 million websites were still using Symantec TLS certificates.

When a visitor attempts to connect to a website, the browser used by the visitor requests the site to identify itself. The site then sends the browser a copy of its TLS certificate. The browser, in return, checks if this TLS certificate is a trusted one. If the browser finds that the TLS certificate can be trusted, the browser then sends back a digitally signed acknowledgment to start the TLS encrypted session.

Reasons Behind the Distrust of Symantec TLS Certificates

In March 2017, Ryan Sleevi, software engineer at Google Chrome, posted on an online forumGoogle’s findings, alleging that Symantec failed to properly validate TLS certificates. Sleevi said that Symantec mis-issued 30,000 TLS certificates over a period spanning several years.

“Symantec allowed at least four parties access to their infrastructure in a way to cause certificate issuance, did not sufficiently oversee these capabilities as required and expected, and when presented with evidence of these organizations’ failure to abide to the appropriate standard of care, failed to disclose such information in a timely manner or to identify the significance of the issues reported to them,” Sleevi said.

Symantec, for its part, said that Google’s allegations are “exaggerated and misleading”. “Google’s statements about our issuance practices and the scope of our past mis-issuances are exaggerated and misleading,” Symantec said. “For example, Google’s claim that we have mis-issued 30,000 SSL/TLS certificates is not true. In the event Google is referring to, 127 certificates – not 30,000 – were identified as mis-issued, and they resulted in no consumer harm. We have taken extensive remediation measures to correct this situation, immediately terminated the involved partner’s appointment as a registration authority (RA), and in a move to strengthen the trust of Symantec-issued SSL/TLS certificates, announced the discontinuation of our RA program.”

Mozilla, for its part, conducted its own investigation surrounding Symantec’s issuance of TLS certificates. Mozilla said it found a set of issueswith Symantec TLS certificates. A consensus proposalwas reached among multiple browser makers, including Google and Mozilla, for a gradual distrust of Symantec TLS certificates.

On October 31, 2017, DigiCert, Inc. acquired Symantec’s website security business, and on December 1, 2017 DigiCert took over the validation and replacement of all Symantec TLS certificates, including TLS certificates issued by Symantec’s subsidiaries: Thawte, GeoTrust and RapidSSL.

“DigiCert will replace all affected certificates at no cost,” DigiCertsaid in a statement. “Additionally, you don’t need to switch to a new account/platform. Continue to use your current Symantec account to replace and order your SSL/TLS certificates.” 

Implications of the Distrust of Symantec TLS Certificates

Mozillasets October 23, 2018 as the distrust date of all TLS certificates issued by Symantec. Googlesets October 16, 2018 as the distrust date for all TLS certificates issued by Symantec to non-enterprise users, while January 1, 2019 is the distrust date set by Google for all TLS certificates issued by Symantec to enterprise users. Apple, the owner of the Safari browser, sets “Fall 2018” as the date of complete distrust of Symantec TLS certificates.

In the case of Chrome, if website owners fail to replace their Symantec TLS certificates beyond the prescribed period by Google, the message below will be shown instead:

chrome tls warning

Image by Google

In the case of Firefox, the message below will be shown instead:

firefox tls warning

Image by Mozilla

As can be gleaned from the distrust notices by Google and Mozilla, failure to replace Symantec TLS certificates runs the risk of attackers trying to steal information from your organization’s website, including passwords, messages and credit card details.

According to Mozilla, whenever it connects to a website, it verifies that the TLS certificate presented by the website is valid and that the site’s encryption is strong enough to adequately protect the privacy of the visitor. If Firefox determines that the TLS certificate can’t be validated or if the encryption isn’t strong enough, the connection to the website will be stopped and instead, the message, “Your connection is not secure” will be shown, Mozilla said.

“When this error occurs, it indicates that the owners of the website need to work with their certificate authority to correct the policy problem,” Mozilla added. 

Contact us today if your organization needs assistance in replacing legacy Symantec TLS certificates.

Most Universities at Risk of DDoS Attacks

Most Universities at Risk of DDoS Attacks

Most Universities at Risk of DDoS Attacks

The recent distributed denial of service (DDoS) attack on the online services of the Scotland-based University of Edinburgh adds to the growing list of universities hit by DDoS attacks.

Last September 10th, University of Edinburgh’s online services, including wireless services, websites and many online student services were disrupted for several hours as a result of a DDoS attack. The attack was done during the busy “Welcome Week” period of the university.

“I apologise for the disruption to this service, particularly during the busy Welcome Week period,” Gavin Ian McLachlan Chief Information Officer at the University of Edinburgh, said in a statement. “I realise how frustrating this must have been.”

DDoS Attacks on Colleges and Universities: Who, When and Why

A recent study conducted by Jisc provides a picture of who may be launching these DDoS attacks, in particular, on UK’s colleges and universities based on the specific time these attacks were done. 

Jisc is a UK not-for-profit company that offers internet service via the Janet Networkto UK research and education community, including the University of Edinburgh.

Jisc said, “there is evidence both circumstantial and from the justice system to suggest that students and staff may well be responsible for many of the DDoS attacks we see on the Janet Network.”

The Jisc study found that DDoS attacks on colleges and universities were usually done during school period and attacks dramatically decrease during holiday times, such as summer breaks, Christmas, Easter and May half term breaks.

“This pattern could indicate that attackers are students or staff, or others familiar with the academic cycle,” Jisc said. “Or perhaps the bad guys simply take holidays at the same time as the education sector. Whichever the case, there’s no point sending a DDoS attack to an organization if there’s no one there to suffer the consequences.”

Several students had been prosecuted in the past for attacking their colleges or universities. Adam Mudd, a student at West Herts College, pleaded guilty for launching DDoS attacks against his college; while Paras Jha, a student at Rutgers University, pleaded guilty for launching DDoS attacks against his university.

These college and university students don’t just target their own schools. In April 2017, Adam Mudd received a 2-year jail sentence for running “Titanium Stresser”, a DDoS-for-hire service that launched 1.7 million DDoS attacks against victims worldwide.

In December 2017, Jha with two college-age friends, pleaded guilty for creating the Mirai botnet – referring to the hundreds of thousands of IoT devices compromised by Jha’s group using 62 common default login details and using them as a botnet or zombie army to conduct a number of powerful DDoS attacks.

According to the U.S. Department of Justice, Jha’s involvement with the Mirai botnet ended when he posted the source code for Mirai on a criminal forum in the fall of 2016. In October 2016, internet infrastructure company Dyn became a target of DDoS attacks, which resulted in bringing down a big chunk of the internet on the U.S. east coast. The DDoS attacks against Dyn temporarily took offline major websites, such as Amazon, Twitter and Netflix. “We are able to confirm that a significant volume of attack traffic originated from Mirai-based botnets,” Dynsaid in a statement.

The Jisc study also showed a significant decrease of DDoS attacks on the Janet Network starting in April 2018. Jisc theorized that this reduction of DDoS attacks could be a result of the Operation Power Off, a coordinated operation conducted by the Dutch Police and the UK’s National Crime Agency with the support of Europol and a dozen law enforcement agencies from around the world.

Operation Power Off took down the DDoS marketplace webstresser.org and resulted in the arrests of the site’s administrators located in the UK, Croatia, Serbia and Canada.

According to the European Union Agency for Law Enforcement Cooperation (Europol), webstresser.org was the world’s biggest marketplace to hire DDoS services, with 4 million recorded attacks as of April 2018.

For as low as EUR 15 a month, individuals with little to no technical knowledge launched crippling DDoS attacks via webstresser.org, the Europol reported.

Jisc said that beyond disgruntled college and university students and staff, there are far more serious criminal players at work that these institutions ignore at their peril.

Jisc added that some of these more sophisticated DDoS attacks are designed, not just to bring down an online service offline but also to steal intellectual property, targeting valuable and sensitive and information held at these educational institutions.

Preparing for DDoS Attacks

Here are some security measures that can fortify your organization’s IT defenses in case a disgruntled student, a staff or other criminal elements decide to launch a DDoS attack against your organization:

Monitor Traffic

Look for abnormal incoming traffic, including sudden traffic rise and visits from suspicious IP addresses and geolocations. These could all be indicators that criminal elements are testing your organization’s IT defences prior to conducting a crippling DDoS attack or attacks.

DDoS Testing 

Consider conducting your very own DDoS attack against your organization’s IT infrastructure. This simulated cyberattack, known in the cybersecurity community as pen testing, can prepare your organization when the real DDoS attacks happen.

Contact us today if you need assistance in protecting your organization against DDoS attacks.


To reduce the cybersecurity risks, enabling business growth through education and awareness, vulnerability management and the implementation of cutting-edge cyber defence technologies.

Our goal is to make sure that you stop worrying about cybersecurity and concentrate 100% on growing your business.

Driz Group Inc. | 349 Bathurst Glen Dr., Vaughan, ON, Canada, L4J9A3 | Toll-free: 1 888-900-3749