Category Archives: Don't Get Scammed

Breaches, Hacks, and Lessons to be Learned

This guest post is contributed by my Aussie mate, Jim Hillier. Jim is the resident freeware aficionado at Dave’s Computer Tips. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele… as well as writing for DCT, of course.


wps_clip_image-30209

Seems every new day brings news of yet another database breach or two. There was a time when I followed news of these hacks and breaches with interest but they are now so frequent that, unless one is personally involved, it has all become rather mundane.

However, the whole situation begs a couple of important questions and, at the same time, re-enforces the critical nature of how we choose and manage our passwords.

Important Questions

1) Why are companies/site owners not treating users’ data with the utmost care?

I don’t know about you but I am fed up with the lax way in which companies and site owners treat sensitive data which is entrusted to their care.

In today’s internet world, database breaches are a matter of fact yet site owners continue protecting sensitive data using outdated and weak security protocols. Only just recently a new breach came to light involving 40 million passwords extracted from over 1000 sites associated with a Canadian company called VerticalScope. What security protocol did the sites employ to hash and encode users’ passwords… MD5… a known weak and insufficient algorithm.

2) When will governments legislate to ensure that companies/site owners are accountable?

Surely it is incumbent upon these companies/site owners to protect their patrons’ data with the best and most effective security protocols available. However, as many (if not most) seem apathetic to this most basic of duties, then perhaps it’s time for legislators to consider introducing serious punitive measures for  those who fail to do so.

By the way: in response to news of the breach mentioned earlier, VerticalScope’s vice president of corporate development Jerry Orban was quoted as saying:

“We are reviewing our security policies and practices and implementing security changes related to our forum password strength and password expiration policies across certain forum communities.”

How many times have we heard that pathetic  response – I believe it’s commonly referred to as shutting the stable door after the horse has bolted. Message to site owners: perhaps these steps might be better implemented before a breach rather than after.  Duh!

Lessons to be Learned

wps_clip_image-5330

How many times have you read the following advice regarding passwords:

· Choose strong passwords and use a different password for each log-in/account.

· Change passwords for critical accounts, such as banking,  PayPal, etc., frequently.

· If two-factor authentication is available, use it!

If there’s one lesson to be learned from all these breaches and hacks it is the absolute need to follow these basic principles. Remember, if you use weak passwords and/or the same password across multiple accounts, if one account is hacked all the rest are at serious risk.

Too many people just glide along ignoring the dangers until it actually happens to them, however, this is surely a lesson better learned from other people’s mistakes rather than from our own.

Advertisements

2 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Internet Safety, Password Control, Safe Surfing

Valentine’s Day – Malware Love Is Coming Your Way

From the – here we go again files. Love in your inbox – malware on your computer.

imageLike clockwork, spammers and cybercrooks ramp up the volume of Valentine’s spam emails aimed at unsuspecting users – every yearstarting just about now.

You know the ones –  “Falling in love with you”, “Sending you my love”, “Memories of you”, “I Love You Soo Much” …………. (saccharin sells I guess  Smile  ). Since cyber crooks are opportunity driven, you can expect much more of this type of cybercriminal activity again this year.

Maybe you’re a very cool person who’s significant other is always sending you neat little packages in your email. MP3 files, screensavers, cartoons, YouTube videos, and the like. You get them so often, that you just automatically click on the email attachment without thinking. If you are this type of person, here’s a word of advice – start thinking.

The hook, as it always is in this type of socially engineered email scam, is based on exploiting emotions. The fact is, we’re all pretty curious creatures and let’s face it, who doesn’t like surprises. I think it’s safe to say, many of us find it difficult, if not irresistible, to not peek at love notes received via *email.

The reality.

The truth is, these emails often contain links that deliver advertisements – or worse, redirect the victim to an unsafe site where malware can be installed on the soon to be victim’s computer.

Would you be fooled?

A couple of years back, a friend, who is an astute and aware computer user, fell for one of these carefully crafted teasing emails. Clicking on the link led him to a site which had a graphic of hearts and puppies – and of course,  the teaser.

image

Luckily, common sense prevailed and he backed out of this site. If he had clicked on the teaser, he would have begun the process of infecting his machine with a Trojan. A Trojan designed to connect to a remote command and control center.

Unfortunately, being smart is often NOT enough to protect yourself. At a minimum – make sure you have an effective security solution installed; capable of detecting both known and new malware strains.

You know what to do, right?

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar.

If they come from an untrusted source, simply ignore them – they could take you to a web site designed to download malware onto your computer.

* Cyber crooks have moved on from using just emails as a malware delivery vehicle. So, be on the lookout for fraudulent Valentine’s Day greetings in:

Instant Messenger applications.

Twitter

Facebook

Chat forums, etc..

6 Comments

Filed under Don't Get Scammed, Don't Get Hacked, email scams, Malware Alert

EULAlyzer – A Free Tool To Help “Uncomplicate” End User License Agreements

imageI’ve always considered that reading a EULA (End User License Agreement), is sort of like reading the phone book; and who reads a phone book?

I must admit that I get bored and distracted when reading EULA text; especially since I’m forced to read reams of small text, in a small window, which requires me to scroll continuously. I suspect, I’m not alone in this, and that most people just skim over the text; or more to the point – don’t bother reading the EULA at all.

However, there’s a downside risk in not reading the EULA carefully. By not reading the EULA carefully, we may let ourselves in for some unwelcome, annoying, and potentially dangerous surprises.

One of the most important aspects of any software license agreement is, the information it provides concerning the intentions of the software, and whether there are additional components bundled with the main application.

Additional components that could potentially display pop-up ads, transmit personal identifiable information back to the developer, or use unique tracking identifiers.

Not all software applications contain these additional components of course, but you need to be aware of those that do when you are considering installing an application.

Software developers who choose to employ these tools (to gather information for example), are generally not underhanded, and in most cases there is full disclosure of their intent contained in the EULA. But here’s the rub – virtually no one reads EULAs.

EULAlyzer, a free application from BrightFort (formerly: Javacool Software), the SpywareBlaster developer, can make reading and analyzing license agreements, while not a pleasure, at least not as painful.

This free application quickly scans a EULA, and points out words, statements, and phrases, that you need to consider carefully. Results are rated by “Interest Level” and organized by category, so it’s easy to zero-in on the issue that concern you the most.

image

Working similar to an anti-spyware program, EULAlyzer flags suspicious wording on a scale of 1 to 10 – based on how critical the disclosed information can be to your security, or privacy.

Let’s take a look at the license agreement for Piriform’s CCleaner.

You’ll note that there three areas of limited concern that have been flagged – as shown in the screen shot, below. Clicking on “Goto” icon will expand the related wording.

I’m very familiar with Piriform’s freeware applications – nevertheless, as is my habit, I read the EULA carefully.

image

Let’s take a look at the license agreement for GOM Audio Player.

Again, EULAlyzer has flagged a number of issues – but, in this case, these are issues that I considered very carefully before installation this application.

image

If you, like me, download freeware frequently, then you need to read the software license agreement carefully. EULAlyzer will make it easier for you to focus on the important aspects of the agreement.

There is no doubt that we could all use a little help in working our way through these wordy, but necessary agreements. The reality is, all software EULAs should be read carefully.

Fast facts:

Discover potentially hidden behavior about the software you’re going to install.

Pick up on things you missed when reading license agreements.

Keep a saved database of the license agreements you view.

Instant results – super-fast analysis in just a second.

EULAlyzer makes it simple to instantly identify highly interesting and important parts of license agreements, privacy policies, and other similar documents, including language that deals with:

Advertising

Tracking

Data Collection

Privacy-Related Concerns

Installation of Third-Party or Additional Software

Inclusion of External Agreements By Reference

Potentially Suspicious Clauses

and, much more…

System requirements: Windows XP, Vista, Win 7, Win 8.

Download at: Major Geeks

12 Comments

Filed under Don't Get Scammed, downloads, Freeware, Software, Utilities

Comodo IceDragon – A More Secure Firefox?

Comodo IceDragon Browser This is not 1985 when the only thing you had to worry about was what might be on the floppy disks you exchanged with your friends. Today, your Browser is the conduit into your computer – that’s the route by which the majority of malware spreads.

In an age when Internet threats present an ever-evolving, and increasingly sophisticated danger, to a user’s security, privacy, and identity, specialty Internet Browsers like Comodo IceDragon, are becoming much more popular.

Why should this be so – and, what’s the difference between Comodo IceDragon, and regular old Firefox?

First: You’ll notice during the installation process (screen capture shown below), you’ll have the option of choosing Comodo’s secure DNS servers. You may choose to implement this security feature system wide – or, you may choose instead to protect IceDragon only.

There’s not much point in choosing to opt out – since doing so, defeats one of the primary benefits of running with IceDragon.

While the developer points out that you may have potential issues to address, should you choose to run through a VPN – I didn’t experience any problems running through my favorite VPN – TunnelBear – free edition.

Do not be influenced by my choice (as shown below) – choose a setting that reflects your usage pattern.

image

FYI: If you’re concerned with DNS security, you do have choices over and above running with a Browser which incorporates a DNS security feature. There are a number of free, beefed-up DNS services – including  Google Public DNS.

Second: Comodo has built into the Browser, it’s Site Inspector – a feature which must be manually launched by clicking on the related Icon, as shown in the following screen capture. My Australian mate Mal C., swears by this feature.

image

A quick click (either on a link – or, while on a page), will provide the user with a report as to whether “malicious activity or malware has been detected on the site in question.”

Here’s a shot of a probe on Yahoo.

image

So, is this being overplayed – or, is this really an issue?

The very small sample of malicious sites, shown in the following screen shot, should help convince you that it is an issue.

image

So, what about my site – how’s it doing?

You’ll note in the screen capture below, that we’re free of malware or malicious activity here. Not surprising, since I use Comodo’s Web Inspector alert as a line of defense to protect this site.

image

Third: If you’re a social media site affectionado then, Comodo has you covered with the addition of a social media button. A quick click will launch a log-in page for Facebook, Twitter, or Linkedin (user selectable).

On the face of it, this feature may not seem as if it means very much. But, if it helps stop users from logging in using links contained in emails, for example – then, potentially it has substantial value.

image

So, how does it look when compared with a “regular” version of Firefox?

Running with IceDragon – no add-ons or customization – yet.

image

My regular Firefox with selected add-ons.

image

The options menus appears slightly different that that in Firefox – but, the only noteworthy difference I found was, a user has an additional opportunity to turn on/turn off – the DNS feature as described earlier.

image

Additional features:

Fully compatible with Firefox plug-ins and extensions – according to Comodo.

image

Fast facts:

Fast, easy to use and light on PC resources

Scan web-pages for malware right from the browser

Lightning fast page loads with integrated DNS service

Privacy and performance enhancements over Firefox core

Full compatibility with Firefox plug-ins

System requirements: Windows 7, Vista, – 32/64 bit. Tested on Windows 8 for this review.

Download at: Comodo

User Guide: Should you need help with CID, check out the online user guide.

You may be are aware that Comodo initially developed a version of Chromium/Chrome (Comodo Dragon), which has essentially the same features as described in this review of IceDragon.

I reviewed that version in February 2010. It’s worth noting, that substantial improvements have been made in the application since that review. Further information on this browser is available at the developer’s site, here.

8 Comments

Filed under Browsers, Comodo, Don't Get Scammed, Don't Get Hacked, downloads, Freeware

How To Avoid Online Scams – PC Tools Lays Out A Plan

From this morning’s Tech Thoughts Daily Net News column – “Some of these campaigns consist of emails that are so effectively crafted that they could fool even some of the more advance users, while others look so obviously fake that they are spotted by all but the most inexperienced ones.”

Does this sound like “new” news to you? If, you’re a long time reader here – I suspect, not. Still, at the risk of sounding like a broken record – I’m reposting one of the most read posts from 2012, that can help users (especially less aware users), avoid being scammed online.

Yes, it’s repetitive – Yes, it’s repetitive – Yes, it’s repetitive! But that’s the point. In order to achieve a change in behavior (and, average users must change their online behavior) – repetition of the correct behavior, is fundamental to achieving that goal.

_______________________________________________________

imageCyber crooks and scam emails – a natural fit – aimed at the significant number of Internet users who remain unaware of the very real dangers that scam emails  hold for their safety, security, identity – and, their wallet.

Cyber criminals are experts at crafting “attention grabbers” designed to reel in the unwary and undereducated Internet surfer. Here’s a few attention grabbers that consistently pay off – targeted towards the blissfully unaware Internet user. Especially those users who seem to have a natural tendency to “just click”.

Online shopping offers e.g. bargains from unknown stores.

Get rich quick schemes/work from home offers.

Offers to download mobile protection software.

Offers to download antivirus software.

Offers to win a prize e.g. answer this survey ‘for your chance to win’…

Movie offers e.g. search for a popular movie such as Twilight and an offer comes up to download the movie for free.

Online donations.

Occasionally, I’ll post an article directed at the “just click” crowd and, I can say without any hesitation – users who fall into this category of Internet user are ripe for the taking – it’s like picking apples from a tree. It couldn’t be easier.

Here’s a couple of past articles which continue to draw huge numbers of the “just click” crowd.

Kate Middleton Nude – As If!

Nude Pics Of Your Wife/Girlfriend Attached – Click Here

Frankly, I fail to understand how anyone with a lick of common sense, would be drawn in by those nonsense article titles. On the other hand, maybe common sense has nothing to do with it.

It could just as easily be that innate sense of overconfidence that seems to have infected society as a whole – most particularly the “tech savvy” generation.

Mark Twain had it right, I think, when he said – “It aint what we don’t know that hurts us. It’s what we do know that ain’t so – that does.” The “tech savvy” generation in a nutshell – maybe.

My friends over a PC Tools, recognizing the continuing need to educate users, have put together a Top Tips article – How to Outsmart Online Scammers – designed to help the unwary (overconfident) Internet user, to identify online scams.

Richard Clooke, PC Tools online security expert reveals in this article – how to avoid being scammed online:

1. ASK – is this too good to be true?

$50 here, a holiday there, unlimited online offers from the world’s biggest brands – if you’re tempted by any of these free offers, then the answer is probably yes.

Many online scams trick us into revealing our personal information to secure something in return. It’s important to be aware of ‘fake offers’ to avoid being lured by savvy scammers.

2. DON’T – dish your details unless the site is secure.

Never provide personal or financial information in exchange for online offers.  Details such as your mobile number, address, and credit card or banking details should never be entered on a non-secure site. When in doubt:

  • Double check the URL before typing a link into your browser.
  • Check there is a padlock icon in your browser before using your credit card online.
  • Check you’re on a secure site and that the address starts with ‘HTTPS’.

3. THINK – it can happen to me.

Many of us think we are savvy online, but the reality is cybercriminals are cashing in on relaxed attitudes to sharing personal details online. Results from the PC Tools study also showed that most people think scams are more likely to happen to others, rather than themselves.

We need to educate ourselves about online scams and be aware of the risk.

4. DO – invest in scam protection software.

What most of us don’t realize is some online scams don’t involve malware and while traditional Internet security is still essential, we now require additional protection to prevent cybercriminals gaining personal information via other methods.

Regular readers here are familiar with this old request – still, it’s as pertinent as ever.

Be kind to your friends, relatives, and associates, particularly those who are inexperienced Internet users – let them know that there is an epidemic of this types of scam on the Internet. In doing so, you help raise the level of protection for all of us.

6 Comments

Filed under Cyber Crime, Cyber Criminals, Don't Get Scammed, Internet Safety, PC Tools

Paul Lubic Jr. – A Man on a Cybersecurity Mission

imageStaying malware free on the Internet – managing privacy issues –  reducing exposure to predators and scam artists (a seemingly inexhaustible list of threats) – takes effort. Increasingly – a major effort.

That effort must include a serious, conscientious, and effective commitment to becoming educated in both the technical, and sociological issues, that  impact your relationship with the Internet. Oh yes – you have a relationship with the Internet. Who knew?   Smile

How successful you are likely to be, will depend to a large extent on the source material you reference. Unfortunately, the nature of the Internet is such, that not all resources will be equally as effective in helping you reach your goal.

Citizen Journalism is a good thing – but, in the real world of Internet and system security – expert opinion, coupled with the ability to convert technical information into human readable form (not so easy) – is critical. If you can’t understand what’s being said………

One expert that I’ve come to rely on (and, you can as well), is my good friend and fellow blogger, Paul Lubic Jr. (Paul’s Internet Security Blog).

Paul, a cyber-security expert whose professional background includes cyber-terror prevention and preparedness (Homeland Security), is committed to his mission to cultivate a new level of cyber security awareness in his readers.

In a major effort to help educate that readership base, Paul has just completed a four part series that should be on all Internet users’ “must read” list. I’ve taken the intros (as posted below), from Paul’s site, so that you can easily judge your interest level in any one of those articles. Simply click on – “Continue reading” – to uh, continue reading.   Smile

Target: Social Networking Sites

Plastic Social Media ButtonSocial Networks is the first in a series of “Target” articles, discussing the various areas the cybercrime organizations are attacking. Unfortunately for computer users, our Internet environment is, as the military would say, “a target rich environment”. By social networking sites we refer to Facebook, Twitter, and LinkedIn.

As we’ve mentioned in the past, global cybercrime is organized and the organizations resemble a hybrid of a mafia and a large corporation. Continue reading →

Target: Mobile Devices

SmartphoneTarget: Mobile Devices is the second installment of the series of “Target” articles, discussing the various areas the cybercrime organizations are attacking. Unfortunately for computer users, our Internet environment is, as the military would say, “a target rich environment”. See Target: Social Networking Sites, the first article, to get some background on the tactics and strategies of cyber crime organizations.

Mobile devices include smartphones, tablets, PDAs, or any small, handheld computing device that can access the Internet. Continue reading →

Target: Cloud Storage Databases

Security Binary DataCloud storage databases are large server (computer) farms, accessible over the Internet, and owned by a service company for storing customer data for a fee. See The Cloud: A Definition. Companies rent storage space in the cloud to lower their local storage requirements, or as a backup of their data, thus saving them money. Cyber criminal organizations target these very large databases to steal information Continue reading →

Target: eBay, Amazon, & Credit Card Processors

Blue Dollar SignThe last (for now) installment of our Target series of articles addresses the large repositories of credit card information such as eBay, Amazon, and of course credit card processors for MasterCard and Visa. They’re huge, they use computers and the Internet to conduct their business, and there’s a market for credit card account information; and…you guessed it: personally identifiable information (PII).

Yes, we’re talking about extremely well-known, successful companies who undoubtedly have the best computer and Internet security money can buy. However, those attributes also make them more of a target in terms of Continue reading →

13 Comments

Filed under Don't Get Scammed, Don't Get Hacked, Internet Safety

Put BitDefender Safego Between You And Facebook, Twitter Scammers

It’s an awesome summer day here, and the sum-sum-summer time lazies have gotten a stranglehold on my motivation to stay connected. Since it won’t be all that long until it’s back to snowstorms and blizzards, today is a day to just hang out, crash in the sunshine – and maybe pour a jar or two – or three.   Smile

So, in order to assuage my guilt somewhat (feeling guilty over disconnecting from the Internet – who knew?), I though I’d rerun a post from August of last year – BitDefender Safego – A Free Social Network Cyber Criminal Defense System – since, it’s as timely now, as it was then.

imageNo matter my own thoughts on Facebook and Twitter (which are not entirely positive), it’s impossible to ignore the impact social networking has had on how we communicate.

It’s hardly surprising then, that Facebook and Twitter, and sites like them, have proven to be the perfect channel for cyber criminals to “communicate” with potential victims.

In the past hour alone, over 25,000 articles dealing with Facebook malware have been posted to the Net – as the following screen capture indicates. Ponder on that – 25,000 articles dealing with Facebook malware in one hour! That number certainly reaches the threshold of what I consider an epidemic.

image

Just for a reference point – the “any time” total, using the same search string, is 44 Million results.

image

My usual skeptical observation:

You might think, given those numbers, that a typical social network user would take minimum precautions to ensure that their privacy, and computer system security, are protected against compromise by employing a sound safety strategy. But no, typical social network users’ are #####, ********, !!!!!!!!!! , ………… Unfortunately, given that this is a G rated blog, I’ll have to leave the expletives deleted.

Still, for the sake of fairness, I will note – cyber criminal craftiness should not be underestimated. The video below is just one example of how an unaware user can be misled; leading to a perfect storm of malware issues.

Click on the following graphic to play the video.

image

There is no perfect safety solution in an open system like Facebook, or Twitter – but, there are steps that can be taken to reduce the likelihood that cyber criminals will successfully disrupt your piece of mind.

A few months ago, Bitdefender released a free application – Safego for Facebook- which has just been updated to offer the same level of protection to Twitter users. If you are a Twitter or Facebook users, I urge you to checkout this free application.

From the Bitdefender site:

Bitdefender Safego for Facebook:

Using in-the-cloud scanning, Bitdefender Safego protects your social network account from all sorts of e-trouble: scams, spam, malware and private data exposure. But, most importantly, Safego keeps your online friends safe and …close.

By installing the BitDefender Safego app, users will receive:

Privacy protection – users are warned when they should modify their Facebook privacy settings so personal information isn’t exposed

Automatic scanning –users simply press the “scan now” button to get a snapshot of their Facebook security status

24/7 protection– Facebook accounts are protected even when users are not logged in to Facebook

Protection for friends – users will have the ability to warn their friends about infected links in their Facebook accounts

Bitdefender Safego for Twitter:

Initially launched for Facebook users, Bitdefender Safego is now ready to protect Twitter accounts as well. Bitdefender Safego uses the Bitdefender antimalware and antiphishing engines to scan URLs in the cloud.

Bitdefender Safego keeps your Twitter account safe by:

Checking unknown users before you follow them
Checking the accounts you are following
Scanning your direct messages for spam, suspicious links or highjacking attempts.

See BitDefender Safego in action on YouTube.

BitDefender Safego dashboard shown below.

image

For additional information on BitDefender Safego, please visit the BitDefender Safego app page on Facebook, or the app page on Twitter.

Comments Off on Put BitDefender Safego Between You And Facebook, Twitter Scammers

Filed under BitDefender, Don't Get Scammed, Don't Get Hacked, downloads, FaceBook, Freeware, Malware Protection, Twitter