Tag Archives: embedded

Twitter, Tweets, Cyber-Criminals And You

imageI like the idea that technology makes it easier to stay “connected”, but Facebook , Twitter and the like, take that connected feeling well past my comfort zone. While I do have several Twitter accounts, those accounts are dedicated to professional tweets only.

Despite my personal reluctance to be “hard connected”, I can certainly understand the attraction of social networking – particularly for the “wired” generation. I have no problem accepting that the social relevancy of Twitter and Facebook, is substantial.

Although, I must admit, I fail to see the social relevancy of the inane “look at me” tweets, posted to Twitter by celebrities like Demi Moore, or Ashton Kutcher. I’m just not driven by the paparazzi mentality, I guess.

Despite the obvious benefits of social networking, these sites are not without risk. Twitter, Facebook and other social networking sites, are now a veritable snake pit of nasty socially engineered malware attacks.

The “wired” generation, who are anything but “wired”, in my view, when it comes to good security practices, have taken their inadequate security habits over to Twitter, Facebook, and elsewhere. As a result, social networking sites have proven to be a gold mine for cyber-criminals.

Not a day goes by, where I don’t report in my Tech Net News column, on another virus, worm, or Trojan, targeting Twitter and Facebook users. Despite constant warnings NOT to click on embedded links, or respond to social network generated emails, a considerable number of users blithely ignore this critical advice. Go figure!

On balance, social networking is a good thing – it’s opened new doorways of opportunity to stay connected. But, with those positive opportunities, comes a new set of opportunities for cyber-criminals. Now, more than ever, if you are a social network aficionado, you need to be aware of the risks.

Minimum social networking safe practices:

Don’t let your guard down – assume every link in Twitter is potentially unsafe – including links from friends.

Be particularly cautious of shortened URLs.

Don’t trust social network e-mails – including emails that are purportedly from Twitter support.

Be aware that a single wrong click can lead to a drive-by-download infection.

It should go without saying that you must keep all applications (including your operating system) patched.

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

5 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Email, FaceBook, Interconnectivity, internet scams, Malware Protection, social networking, Social Networks, Twitter, Windows Tips and Tools

If Your Bank Doesn’t Know Your Name – Maybe That’s A Clue The Email Is Fraud – Huh?

image I can’t imagine receiving an email from my bank that didn’t include my name and other pertinent personal details. After all, how difficult would it be for my bank to personally address an email to me, given the size and complexity of their database?

So receiving an email like the one below, instantly raises my fraud antenna – as I’m sure it does yours. Right?

“Dear Chase member,

You were qualified to participate in $50.00 credit reward surwey. – (When are these people going to learn to spell?)

Just take part in our quick 5 question survey:

http://survey.chase.com.damn3lo.com/chase/survey.htm?id=3852”

Chase Fraud

Who couldn’t use an extra $50 – especially these days, with the economy in the tank? Unfortunately, there is no $50. This email is a phishing attempt.

If you’re unfamiliar with phishing, it is defined as the act of tricking unsuspecting Internet users into revealing sensitive or private information. It relies for its success on the principle that asking a large number of people for this information, will always deceive at least some of those people.

Most of this activity is automated, so phishing is considered an opportunistic attack, rather than the targeting of a specific person. You can relax – they’re not after you personally.

In a phishing attack, the attacker creates a set of circumstances where the potential victims are convinced that they are dealing with an authorized party; in this case, Chase. What makes this particular type of scam so potent is, the average person on receiving an email from an authoritative source, generally lowers their defenses.

Although it may be true that the Internet has the potential for safe, and secure transactions, staying safe online relies on you making good choices and decisions that will help you avoid costly surprises, or carefully crafted scams and phishing schemes such as the one just described.

The type of attack described above, is occurring with such frequency that the IC³ (the Internet Crime Complaint Center, a partnership between the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C), and the Bureau of Justice Assistance, has called the situation “alarming”, so you need to be extremely vigilant.

Be kind to your friends, relatives, and associates, and let them know that these types of scams are now epidemic on the Internet. In that way, it raises the level of protection for all of us.

Minimum safety precautions you should take:

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them.

Consider every email, telephone call, or text message requesting confirmation of your personal and financial information as a scam.

When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source.

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Keep your computer protected. Install a security solution and keep it up-to-date.

An additional key point offered by my Internet friend Georg L. – Do not use any e-mail client like Outlook, Outlook Express, Thunderbird, or others. Instead, rely exclusively on the webmail facility of your service provider, even if this is less comfortable. In this way, e-mail cannot be misused as a vector for malware, because nothing is downloaded to your computer in the first place. By going without an e-mail client, you also save computer resources.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

14 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Email, email scams, Internet Safety, internet scams, Phishing

If Your Bank Doesn’t Know Your Name – Maybe That’s A Clue The Email Is Fraud – Huh?

image I can’t imagine receiving an email from my bank that didn’t include my name and other pertinent personal details. After all, how difficult would it be for my bank to personally address an email to me, given the size and complexity of their database?

So receiving an email like the one below, instantly raises my fraud antenna – as I’m sure it does yours. Right?

“Dear Chase member,

You were qualified to participate in $50.00 credit reward surwey. – (When are these people going to learn to spell?)

Just take part in our quick 5 question survey:

http://survey.chase.com.damn3lo.com/chase/survey.htm?id=3852”

Chase Fraud

Who couldn’t use an extra $50 – especially these days, with the economy in the tank? Unfortunately, there is no $50. This email is a phishing attempt.

If you’re unfamiliar with phishing, it is defined as the act of tricking unsuspecting Internet users into revealing sensitive or private information. It relies for its success on the principle that asking a large number of people for this information, will always deceive at least some of those people.

Most of this activity is automated, so phishing is considered an opportunistic attack, rather than the targeting of a specific person. You can relax – they’re not after you personally.

In a phishing attack, the attacker creates a set of circumstances where the potential victims are convinced that they are dealing with an authorized party; in this case, Chase. What makes this particular type of scam so potent is, the average person on receiving an email from an authoritative source, generally lowers their defenses.

Although it may be true that the Internet has the potential for safe, and secure transactions, staying safe online relies on you making good choices and decisions that will help you avoid costly surprises, or carefully crafted scams and phishing schemes such as the one just described.

The type of attack described above, is occurring with such frequency that the IC³ (the Internet Crime Complaint Center, a partnership between the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C), and the Bureau of Justice Assistance, has called the situation “alarming”, so you need to be extremely vigilant.

Be kind to your friends, relatives, and associates, and let them know that these types of scams are now epidemic on the Internet. In that way, it raises the level of protection for all of us.

Minimum safety precautions you should take:

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them.

Consider every email, telephone call, or text message requesting confirmation of your personal and financial information as a scam.

When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source.

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Keep your computer protected. Install a security solution and keep it up-to-date.

Elsewhere on this site there are additional articles dealing with other current email and financial scams.

See: Bank of America Alert – Update Your Account Scam!

See: Online Banking – Be Safe, Not Sorry!

See: Avoid Trojans/Viruses – Stop with the Crazy Clicks Already!

3 Comments

Filed under Don't Get Hacked, Email, email scams, Interconnectivity, internet scams, Internet Security Alerts, Malware Advisories, Online Safety, Windows Tips and Tools

Hotmail Account Phishing Warning – Again!

If you were to Google “Hotmail scam”, you might be surprised to learn that these scams go all the way back to December, 1997 – at least that was the earliest one I could find. Not surprisingly, the hackers/scammers are at it again. Well why not? Hotmail account users’ are such an easy target.

The most recent email scam, currently in circulation, which appears to come from the Hotmail Customer Care team, is in reality just a poor attempt at a phishing con. This is not the first time we’ve seen this – the last time we saw this one was in August, 2008.

If you’re unfamiliar with phishing, it is defined as the act of tricking unsuspecting Internet users into revealing sensitive or private information. In a phishing attack, the attacker creates a set of circumstances where the potential victims are convinced that they are dealing with an authorized party, in this case Hotmail’s Customer Care team.

The newer email (as opposed to the older one pictured above), states in part: “We are having congestions due to the anonymous registration of Hotmail accounts so we are shutting down some Hotmail accounts and yours was among those to be deleted – We are sending you this email to (sic) so that you can verify and let us know if you still want to use this account”

The email goes on to request that the recipient provide Username, Password, Date of Birth, and Country. It seems to me that Hotmail would already have at least 2 pieces of this information already – user name and password.

Like so many scam emails like it, this one contains the usual spelling and grammatical errors, which should act as a tip-off that the recipient is looking at a fraudulent email.

Unfortunately, the old expression “I learn the hard way every time”, will come into play here with enough recipients falling for it, to make this scam profitable for the cyber-criminals behind it.

Advice that’s worth repeating:

Consider every email, telephone call, or text message, requesting personal information of any kind, as a scam

Never, ever, ever, click on embedded email links

3 Comments

Filed under Email, Interconnectivity, Internet Safety, internet scams, Malware Advisories, Online Safety, Spyware - Adware Protection, System Security, Viruses, Windows Tips and Tools