Advice My Clients Probably Won't Read » Security

Google Adwords Phishing Attempt

admin — Fri, 21 Oct 2011 13:38:18 +0000

If you advertise on Google, read this please.

A client received an email that appeared to be from Google Adwords saying that her campaigns had been stopped and it had a link to follow so she could review the issues.

The link went to google-uki.com. I could easily see that since I have my email program set to display emails as plain text, not HTML. I searched for the message of the subject and found this

http://www.google.com/support/forum/p/AdWords/thread?tid=55788c79f07b2959&hl=en

Read the last paragraph of the first posting, which is from a Google employee. Great advice!

Stupid Spam of the day

admin — Mon, 03 Oct 2011 20:55:13 +0000

These people didn’t even try to hide their URL which obviously doesn’t go to Google.

Please update your primary and backup payment information,
even if you

plan to use the same information. Please follow the steps

below to update your payment information.

Your credit card will only be used and stored as part of
re-enabling your

account.

We will not display or share it without your permission.

1. Log in to your account at http://www .googlcnm .com/Select/login

2. Enter your new or updated payment information.

3. Click ‘Save Changes’ when you are finished.

NEVER click a link in an email unless you are absolutely sure that the sender is legitimate and, even then, it’s better to type in the address you want to go to. I get stuff from my bank and credit card company and never click the links in such emails. Instead, I go to their sites via my “Favorites” bookmark which I know is safe.

And, just as a reminder, if no one ever responded to spam, like buying some service that sounds really great, we wouldn’t get spam.

Security & Hacking

admin — Sat, 03 Sep 2011 20:11:04 +0000

You would think a magazine named Vanity Fair might be all about fashion and culture and rich people – which it is, but it’s also one of the best resources I have for in-depth articles about Internet Security, or the lack thereof.

A few months ago, they had an article on Stuxnet, a hacking type program (trojan horse) that some government allegedly created to interfere with another country’s nuclear weapons program. Fascinating. And terrifying.

The most recent issue had another article about hacking and how all the major companies and government agencies and Google, etc. have all been hacked, with the implication that the culprit is the Chinese government and that cyber warfare has been with us for some time, but no one wants to admit it because shareholders might get upset. Please – let us get upset. We couldn’t get much more upset than we already are.

Even scarier!

What I’ve taken away from all my reading is that:

If someone wants to hack your website, they will
The fact that they can is not a reason to make it easy for them.

I seriously doubt I or my clients need to worry about a government hacking our websites, but there is more than adequate evidence to support our worrying about everyday crooks hacking our website, bank/credit card accounts or home computers.

So, make sure your passwords are difficult. “Difficult” means that until you have typed a password 30 or 40 times, there’s no way in the world you could ever memorize it.

Your name with the last character capitalized and then 3 digits from your zip code is not “difficult”.

jdfFf21$1dj!!VCV —Now that’s difficult. (It’s also not my password for anything)

It’s your life. And it’s your bank account. And it’s your website. You might not be able to make it hack-proof, but you can darn well make it really difficult for a hacker to get in.

It’s just like protecting your home. You can leave the front door open. You can leave the front door closed but unlocked. You can leave the front door closed and locked. Or, you can lock the front door and have a deadbolt and a yappy dog and a motion detector security light and an alarm system. Which one do you think the burglar is going to like?

Be safe.

Privacy (Photos)

admin — Sun, 26 Jun 2011 19:04:16 +0000

How important is your privacy? Some folks care; some don’t. If it’s important to you, I encourage you to check your privacy settings on every online service you use, including Facebook, Twitter, LinkedIn, Google and so forth.

Facebook is now building a database of photos based on those photos that have been tagged with someone’s name. They will even show you a bunch of photos that might be you. And the default Privacy setting is to allow that function. The whole thing creeps me out.

I really don’t need everyone in the world to know what I look like. …Not that the whole world – or even a tiny portion- really cares, but one has to draw the line somewhere and Facebook just stepped over mine.

Emailing Information Securely

admin — Wed, 09 Mar 2011 23:50:01 +0000

I read this in a LoJack for Laptops newsletter:

Avoid sending tax documents by email, even to your spouse-mail them instead

You’re going to send tax documents by email anyway, aren’t you? OK, then at least encrypt and/or password protect those files

Cute. But how do you send emails encrypted? Assuming that most people use Outlook, here’s an article that explains the process. Unlike some Microsoft tomes, this one is pretty readable.

http://office.microsoft.com/en-us/outlook-help/encrypt-e-mail-messages-HP001230536.aspx

Stupid spam of the day

admin — Wed, 06 Oct 2010 21:31:08 +0000

Here’s one of the dumbest spams I’ve seen today–with the most glaring errors in red. I didn’t bother to point out the grammatical errors.

Dear Valued Customer : We are unable to active your account because we have upgraded our online service, we are sorry for that but you have to reactive your Chase online bank account to be able to send and recive money online.

Then, there was a link to “Chase” but when I looked at the source code, it was really going to: https://www.hipoparts.com.

Looked that up and it’s owned by Hipoparts and obviously has nothing to do with Chase. (Do NOT go there just to see what the site is like. It probably downloads malware without your knowing.)

I just love how stupid spammers are.

About Passwords

admin — Fri, 03 Sep 2010 22:40:18 +0000

Oh, people, people. Given half a chance, I know that at least half of you will use a password like your child’s name or your favorite cartoon character or, if you’re really ambitious, your spouse’s initials plus his or her birthday.

I know this because so many of you have given me your passwords so that I can do my work.

But, ta-dah! I’m here to save you from those crooks trying to hack your online bank account or credit card. Here are the requirements for a safe password:

At least 8 characters. Twelve is better. Twenty is fabulous!
A combination of upper case and lower case letters
At least one number
A character, if the site allows it, like # or $
No string of letters that has any meaning, such as “AcE” or “pIn”
Especially, no numbers or letters that have anything to do with you. If your name is George and you live at 4162 Smith St., don’t create a password like “gEo4162#” Too easy!

Do what I do. I have an Excel spread sheet (my cheat sheet) that I keep my passwords on. And that spread sheet is on a jump drive that doesn’t go in my computer unless I need to add a new login or change something. Then, and only then, it’s in my computer just long enough to make changes and print a new cheat sheet.

On my computers I use Norton Internet Security, and I’ve set up the Identity Safe and Browser Protection and the master password is a ridiculously long combination of numbers, letters and characters that have no meaning at all. It took me 2 months of entering it, over and over, every time I opened my browser, to finally remember it, but having to refer to that cheat sheet for a couple of months was a lot easier than having to deal with identity theft.

Don’t you agree?

Faked Emails & Text View

admin — Mon, 14 Jun 2010 21:36:10 +0000

An advantage to setting up your mail program, such as Outlook, to view text only, no HTML, is that you can more easily spot fraudulent emails.

I received an email that said it was from Bank of America, but since I always view the text version, I saw that the email was really from:

From: “Bank of America”
Subject: [Norton AntiSpam]Alert: Account Resolution Required
Date: Mon, 14 Jun 2010 05:10:09 +0100

And I’m pretty sure that Bank of America’s webmaster isn’t in Germany (.de).

NEVER ever click a link in an email from a financial institution or any company that has your financial or credit card information. Always go to a website directly by typing the URL in the Address bar of your browser.

Is Your AntiVirus Working?

admin — Thu, 18 Feb 2010 22:50:17 +0000

Check your antivirus program to be sure it’s actually running the scans that I’m sure you have scheduled to occur nightly.

I use Norton Internet Security and I decided to check the scan reports one day and found that my scheduled scans weren’t running. It seems the Windows’ scheduling program interferes on occasion with Norton’s scheduling and for a week Norton was running only the built-in Quick Scan. Yikes!

I immediately ran a full system scan and then started researching why this would happen. Norton, of course, blames Microsoft for the problem but whoever is at fault, the fix is to open the Windows Control Panel and then Scheduled Tasks and then delete the scheduled scan. Then open Norton and reschedule the scan.

Since I learned of this issue, it’s happened on my husband’s computer twice. It hasn’t happened to me again so who knows what triggers the situation.

Computers. Gotta hate ‘em.

Stay safe!

How Stupid Are People?

admin — Wed, 10 Feb 2010 17:29:58 +0000

The following email came to me. How stupid are people that they would actually respond to something like this from someone they don’t know? I guess pretty stupid since this type of thing has been going around since the Internet started. This one made me laugh, though, since it’s not from the exiled prince of some African nation.

Hello,
How are you doing? I hope all is well with you. I know this might be a
surprise to you but I’m writing this email to you in an hurry and in a
confused state of mind. I want to say I’m really sorry that I didn’t inform
you about my traveling to Scotland for a Seminar. It was something urgent
and i didn’t even inform anyone about this traveling. But I just got myself
in serious mess here. I got my wallet misplaced on my way to the hotel and
all my money, phone, bank cards, diary, my return ticket and other vital
documents are all in the wallet.
(ALL HIS VITAL DOCUMENTS ARE IN THE WALLET -EXCEPT HIS PASSPORT??)
I’m so confused right now as I have lost all contacts.
(FUNNY HOW HE DIDN’T LOSE MINE SINCE HE NEVER HAD MINE TO BEGIN WITH)

I need to get out of this mess. Please I need $1,500 USD to sort myself out
and to pay for the hotel bills but I will appreciate any amount you could
afford. I will pay you back as soon as I get back home.
(IF HE HAS HIS PASSPORT, WHY NOT GO TO THE EMBASSY AND THEY’LL HELP HIM WIRE MONEY FROM HIS BANK TO HIMSELF??)
Let me know if you will be able to help me with any amount and you can help me send the money with my details below at any western union money transfer office and i will get the money over here within an hour.

*Name: Christian Entwistle
Address:  14 Porteous pend, Edinburgh, EH1 2HP Scotland
Country: United Kingdom*

Kindly help me to make the transfer as soon as you receive this email and
you should get back to me with the 10 Digit Money Transfer Control Number,
exact Amount sent with details used in sending it. I still have my passport
to prove my identity at Western union here when receiving the money, and I
will email you with the return flight details immediately I receive the
money.
Your reply will be appreciated.
Thanks so much
–
Christian Entwistle
(NOTE: No one in Winnsboro has ever heard of Christian Entwistle)
Winnsboro Area Chamber of Commerce
GNTX Gun Show & Outdoors EXPO
Marketing/Promotions Staff
(He gave some website addresses that are legit, but I’ve removed them)

So, the moral is – if you feel the urge to help anyone, help your webmaster (me). I’d love to go to Scotland and I promise not to lose my important documents.

If you receive an offer via email from someone claiming to need your help getting money out of Nigeria — or any other country, for that matter — forward it to the FTC at spam@uce.gov per the government’s website:

http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt117.shtm