• Posted on February 8, 2017 11:55 am
    Joseph Forbes
    No comments

    Do you suspect your email account has been hacked? Can't login to your email account? Are you getting undeliverable and bounce messages for email you never sent? Are friends and family complaining of receiving email you never sent? Is it malware? A hacker? Here's how to tell. Undeliverable and Bounce Messages Spammers frequently spoof the From sender on the email they send. They just substitute their real email address with a random email address found on a mailing list or one just randomly made up. Some poorly configured email gateway products don't distinguish between the manually editable "From" address and the actual sender origin, so they simply send any undeliverable messages to the spoofed From address. To better understand how this works, and help you track down the real origin of an email, see: Reading Email Headers. Best defense: Simply delete the undeliverable/bounce messages. In other cases, email worms will send themselves disguised as an undeliverable/bounce message. The bogus email contains either a link or an attachment. Clicking the link or opening the attachment leads directly to a copy of the worm. Your best course is to learn to overcome curiosity. Best defense: If you receive an undeliverable or bounce message for an email you know you did not send, resist the temptation to open the attachment or click the link. Just delete the email. Unable to login to your email account If you are unable to login to your email account due to an invalid password, it's possible that someone has gained access and changed the password. It's also possible that the email service is experiencing a system outage of some sort. Before you panic, make sure your email provider is functioning normally. Best defense: Prevention is key. Most email providers offer a password recovery option. If you have even a hint of concern that your email password has been compromised, change your password immediately. If you specified an alternate email address as part of the password recovery, make sure that address is active and be sure to monitor the account regularly. In some cases, you may need to call your email provider and request a reset. If you go that route, be sure to change your password from the one provided during the phone call. Be sure to use a strong password. Email appearing in Sent Items folder If copies of the sent email are appearing in your Sent Items folder, then it's likely that some type of email worm might be involved. Most modern-day malware won't leave such tell-tale signs behind, so it, fortunately, would be indicative of an older, more easily removed threat. Best defense: Update your existing antivirus software and run a full system scan. Email is sent to address book, does not appear in the Sent folder, and it's a webmail account The most likely cause is phishing. Chances are at some point in the past, you were tricked into divulging your email username and password. This enables the attacker to login to your webmail account and send spam and malicious email to everyone in your address book. Sometimes they also use the hijacked account to send to strangers. Generally, they remove any copies from the Sent folder to avoid easy detection. Best defense: Change your password. Make sure you've checked the validity of any alternate email addresses included in the password recovery settings first. Symptoms don't match the above Best defense: Make sure you do a thorough check for a malware infection. Fully scan your system with installed up-to-date antivirus software and then get a second opinion with one of these free online scanners. Receiving complaints from friends, family, or strangers One of the problems with spoofed, hijacked or hacked email is that it can also lead to responses from angry recipients. Stay calm - remember, the recipients are just as much a victim as you. Best defense: Explain what happened and use the experience as an educational opportunity to help others avoid the same plight.

    Blog Entry, Data Recovery, Hacking
  • Posted on January 9, 2017 11:11 am
    Joseph Forbes
    No comments

    How your online habits leave you and your computer at risk Keeping safe online takes more than just installing a few security programs. To protect both you and your computer, here are the top ten bad habits you need to avoid. Browsing the Web with javascript enabled by default Today's attackers are more likely to host their malicious files on the web. They may even update those files constantly using automated tools that repackage the binary in an attempt to bypass signature-based scanners. Whether through social engineering or through website exploit, the choice of browser will be of little help. All browsers are equally susceptible to Web-based malware and this includes Chrome, Firefox, Opera, and the much-maligned Internet Explorer. Disabling Javascript on all but the most trusted sites will go a long ways towards safer web browsing. Using Adobe Reader/Acrobat with default settings Adobe Reader comes pre-installed on most computers. And even if you never use it, just the mere presence can leave your computer at risk. Vulnerabilities in Adobe Reader and Adobe Acrobat are the number one most common infection vector, bar none. Making sure you stay up-to-date with the latest version of Adobe products is imperative, but not foolproof. To use Adobe Reader (and Acrobat) safely, you need to make a few tweaks to its settings. Clicking unsolicited links in email or IM Malicious or fraudulent links in email and IM are a significant vector for both malware and social engineering attacks. Reading email in plain text can help identify potentially malicious or fraudulent links. Your best bet: avoid clicking any link in an email or IM that is received unexpectedly - particularly if you do not know the sender. Clicking on popups that claim your computer is infected Rogue scanners are a category of scam software sometimes referred to as scareware. Rogue scanners masquerade as antivirus, antispyware, or other security software, claiming the user's system is infected in order to trick them into paying for a full version. Avoiding infection is easy - don't fall for the bogus claims.   Logging in to an account from a link received in email, IM, or social networking Never, ever login to an account after being directed there via a link received in an email, IM, or social networking message (i.e. Facebook). If you do follow a link that instructs you to login afterwards, close the page, then open a new page and visit the site using a previously bookmarked or known good link.   Not applying security patches for ALL programs Chances are, there are dozens of security vulnerabilities waiting to be exploited on your system. And it's not just Windows patches you need to be concerned with. Adobe Flash, Acrobat Reader, Apple Quicktime, Sun Java and a bevy of other third-party apps typically host security vulnerabilities waiting to be exploited. The free Secunia Software Inspector helps you quickly discover which programs need patching - and where to get it.   Assuming your antivirus provides 100% protection So you have antivirus installed and are keeping it up-to-date. That's a great start. But don't believe everything your antivirus does (or rather doesn't) tell you. Even the most current antivirus can easily miss new malware - and attackers routinely release tens of thousands of new malware variants each month. Hence the importance of following all the tips provided on this page.   Not using antivirus software Many (probably infected) users mistakenly believe they can avoid malware simply by being 'smart'. They labor under the dangerous misconception that somehow malware always asks permission before it installs itself. The vast majority of today's malware is delivered silently, via the Web, by exploiting vulnerabilities in software. Antivirus software is must-have protection. Of course, out-of-date antivirus is almost as bad as no antivirus software at all. Make sure your antivirus software is configured to automatically check for updates as frequently as the program will allow or a minimum of once per day. Not using a firewall on your computer Not using a firewall is akin to leaving your front door wide open on a busy street. There are several free firewall options available today - including the built-in firewall in Windows XP and Vista. Be sure to choose a firewall that offers both inbound and (as importantly) outbound protection.   Falling for phishing or other social engineering scams Just as the Internet makes it easier for legitimate pursuits, it also makes it easier for scammers, con artists, and other online miscreants to carry out their virtual crimes - impacting our real life finances, security, and peace of mind. Scammers often use sad sounding stories or promises of quick riches to hook us into being willing victims to their crimes. Exercising common sense is one of the best ways to avoid online scams. For extra help, consider installing one of the free anti-phishing toolbars

    Blog Entry, Hacking, Internet
  • Posted on December 27, 2016 9:08 am
    Joseph Forbes
    No comments

    [ALERT] Scam of the Week: George Michael Dies at 53. Watch out for Phishing Attacks Yesterday, news broke that George Michael was found dead on Sunday at his home in Goring in Oxfordshire, England. He was 53. A police statement said: “Thames Valley Police were called to a property in Goring-on-Thames shortly before 2 p.m. Christmas Day. Sadly, a 53-year-old man was confirmed deceased at the scene. At this stage the death is being treated as unexplained but not suspicious.” Mr. Michael’s manager, Michael Lippman, told The Hollywood Reporter that Mr. Michael had died of heart failure “in bed, lying peacefully.” This is a celebrity death similar to Prince that the bad guys are going to exploit in a variety of ways. You have to warn your users right away that a series of scams are underway using the George Michael death as social engineering trick. Earlier celebrity death scams show there will be a high click rate on scams that claim to show Michael's last words on video. Whatever ruse is being used, your users will wind up with either infected workstations at the house or in the office, giving out personal information or unleashing ransomware on the network. Give them a heads-up that especially now they need to Think Before They Click. I would send your employees, friends and family something like the following. You're welcome to copy/paste/edit. "Yesterday, news broke that pop star George Michael was found dead in his home in Oxfordshire, England. He was 53. Internet scum are going to exploit this celebrity death in a number of ways, so be careful with anything related to George Michael's death: emails, attachments, any social media (especially Facebook), texts on your phone, anything. There will be a number of scams related to this, so Think Before You Click! For KnowBe4 customers, as you read this, there will be a new template "George Michael Dies at 53" in the Current Events campaign that I suggest you send to everyone more or less immediately. If you are not a KnowBe4 customer yet, at times like this, it is very good to know what percentage of your users are vulnerable to emotional manipulations like this. We recommend you do your complimentary Phishing Security Test and find out what your phish-prone percentage of your users is. https://info.knowbe4.com/phishing-security-test-chn Let's stay safe out there.

    Blog Entry, ENTERTIANMENT, Hacking
  • Posted on December 18, 2016 12:30 pm
    Joseph Forbes
    No comments

    Request Did some gorgeous model just send you a friend request? You search your memory but just can't seem to remember the person trying to add you as their friend. Are they for real or is this a fake friend request? Why Would Someone Bother to Create a Fake Friend Request? You may receive fake Facebook friend requests for any number of reasons, some harmless, some malicious, here are some types of people that might send you fake and/or malicious friend requests: Social Engineering Methods Scammers Scammers may create fake Facebook profiles and request to be your friend in order to gain more access to personal information that you restrict to "friends only". This information may include your contact information (for spamming), or other personal information that might be useful in setting you up for a phishing attack. Malicious Linkers You may also get requests from attackers that post malicious links to malware or phishing sites which may end up in your Facebook newsfeed after you accept their friend request. Catfishers As the MTV television show "Catfished" has shown time and time again, the person behind that sexy profile pic may be nothing close to what they advertised. Catfishers may create elaborate online profiles using pictures of models, in an attempt to hook victims looking for love online. They may send out random friend requests to huge numbers of people before they find a willing victim. Ex-wife / Husband / Girlfriend / Boyfriend If a relationship ends badly, you may end up unfriending that person. You may think that they are gone and out of your circle of Facebook friends, but they may try to find their way back in by creating a false profile and befriending you using their new alias. This allows them to keep up with what you are up to without you knowing that it's them on the other side of the screen. Also, never forget, you may have 'unfriended' the person, but your friends may not have. Through those friends information about you can still be obtained. Current Wife / Husband / Girlfriend / Boyfriend If your spouse or significant other is trying to test your fidelity in an unscrupulous manner, they may resort to creating a false profile using an attractive profile picture to entice you into becoming their friend so that they can further test you by trying to get you to respond to their suggestive posts or chats. They could record this information with the intent of using it against you later. You see, this is why we can't have nice things. Private Investigators Private investigators could also use false profile friend requests to help them learn more information about you. The kind of information that you normally would restrict from public view and reserve for friends only. These types of investigations are the pinnacle of social engineering tricks used to obtain information you normally would never give. How Can You Spot a Fake Friend Request? There are several clues that the friend request you received might not be genuine. Here are five questions you should ask yourself to help determine if the friend request might be from a fake profile: 1. Do You Know the Requester or Have Any Friends in Common With Them? Although obvious, this is the first clue. If you can't recall ever meeting this person in real life or meeting through any mutual friends, then it is likely a friend request sent to you under false pretenses. Check their friends list (if it's viewable) and click the "mutual" list to see whom you both know. Check with your mutual friends to see if they know them. It only takes one friend to not realize they are helping the scam. 2. Is the Friend Request From an Attractive Person of the Opposite Sex? If you're a guy and you get a random friend request from a beautiful woman, then this is your first tip-off that it might be a ruse. Same holds true for the ladies. A friend request with a picture of an attractive person posing in a provocative way is often the bait used by those creating fake friend requests. 3. Does the Request Come From a Person With a Very Limited Facebook History? If, according to their Facebook timeline, the person just joined Facebook an extremely short time ago, then this is a huge clue that the friend request is bogus. Most legitimate Facebook users will have a long history on their timeline dating back several years. Fake profiles are often created hastily and most profiles will indicate when the person joined Facebook. If their Facebook timeline says they joined Facebook 12 days ago then the person is most likely trying to scam you, unless it's your grandmother, who is very late to the Facebook party and has a legitimate reason for having a limited history. 4. Does the Person Have a Unusually Small or Large Number of Friends, and Are They All the Same Sex? Fictitious profiles may have an extremely small, or possibly a large number of friends on their friends list. The reason? They have likely spent very little effort on setting up the fake profile, or they have 'shotgunned' a ton of friend requests out and received a ton of responses. Another clue is the sex of those on their friends list. Depending on who the person behind the fake profile is targeting, you will likely see friends that are predominantly of the opposite sex of the requester since that is likely who they are targeting when they send out their fake friend requests. If the request is from a lady targeting men, expect almost all men in the friends list, instead of a mix of men and women like you would expect from a real person. 5. Is There Very Little Personal Content on Their Timeline?  You likely won't see a lot of day-to-day activity on a fake profile because of the effort required to generate 'real' content.  You may see some pictures, perhaps some links, but you probably won't see a lot of location check-ins or status updates. This may or may not be true for scammers of the Catfishing-type, as they may spend a lot of time and effort making their online persona seem as real as possible. Next time you receive a random friend request, ask yourself the questions above. If the answer is yes to more than one or two of them, then you may have just spotted yourself a fake friend. If you are like me, you have no friends  (unhappy-face)    No really, I have friends (happy-face)

    Blog Entry, SOCIAL ENGINEERING