October 18th, 2013
Everyone has heard warnings about the dangers of spam. The term ‘spam’ is pretty general, however. The best way to stay protected from it is to understand what it looks like and avoid it.
A post on the All Spammed Up blog breaks down the different types of spam and the tell-tale signs of each.
Not all types of spam are malicious in nature. Some emails that end up in your spam filter are examples of overzealous marketing. They’re usually from a trusted company that you’ve given your email address to at one time or another. There’s a reason they’ve been marked as spam, however. That’s either because their marketing messages come far too often, or they offer little to no value. Whether these are arriving in your inbox or spam folder, you’ll probably want to unsubscribe.
This type of spam isn’t from reputable companies but is hocking some sort of product. Usually it’s supplements, education or financial services. They’re sent out in bulk and not personalized to a single user. Usually, you’ll even be able to tell that there’s a long list of email addresses listed as recipients. These are sent out by individuals who get money each time someone clicks the links in the emails or signs up for the products offered. The products are worthless, if they exist at all. If one of these arrives in your inbox, mark it as spam and move on.
This type of spam email attempts to steal information from users. Many have malware attached to them, or direct you to a malicious website that will download malware to your machine. They use social engineering to convince you to give up information like account log-ins and passwords. There are more specific attempts called spear phishing, that target small groups of people in order to obtain specific information. These types of attacks will appear to know a great deal about you. In order to avoid these scams, it’s a good idea not to follow links provided in emails and never download attachments unless you are expecting them from a trusted source.
This is similar to phishing and can even be combined with a phishing scam. An email arrives claiming to be from a legitimate source that you have an account with, like Facebook, Verizon or even a credit card company. It usually tells you there’s a problem with your account and you need to log-in by following the link provided. This link will take you to a different site where your log-in information will be recorded and used to hack your account. Again, don’t follow links provided in emails. If you want to check out the legitimacy of an email, go to the source’s site directly, or call them. Also, check the sender’s email address. A representative of Facebook, for example, will have an email ending in @Facebook.com. Many of these scammers have email addresses like FacebookHelp@ccvs.com.
Knowing what to look for is key to avoiding email scams. Improving the security on your email and your computer are also important.
For help bolstering your cyber security, either at home or at the office, contact Geek Rescue at 918-369-4335.
October 17th, 2013
Nearly every day, there’s a new report about a corporation being hacked and experiencing downtime or losing account information for thousands of customers. These attacks and the subsequent fallout are incredibly costly. Debbie Cohen-Abravanel, of Seculert, reports that network security for most businesses is shockingly lacking and it allows targeted attacks to easily slip past defenses.
Spear phishing, SQL injections and cross-site scripting are fairly basic attacks that have been surprisingly successful recently. Hackers have been able to spot weaknesses in security and attack them with these basic tactics. This makes attacks much less labor intensive for criminals, which in turn makes them much more attractive.
Some suggestions for closing up potential holes in security are :
- Keep all software, not just antivirus programs, updated.
- Perform an audit on server login security.
- Regularly delete unused and unnecessary browser plug-ins.
- Enable “click-to-play” in browsers to protect from drive-by attacks.
- In Microsoft Office, disable ActiveX.
These measures won’t keep you completely secure, but they do fix common weaknesses in a company’s security. A more serious investment in security goes a long way to protecting you against attacks. Hackers are usually looking for easy exploits, so if your security is difficult to by-pass, most criminals will move on to an easier target.
For help improving the cyber security at your home or office, contact Geek Rescue.
October 17th, 2013
Passwords are a constant object of concern for security experts. We’ve used this space previously to talk about the potential weakness of passwords to protect your online accounts. Robert Lemos, of Dark Reading, reports that the habits of users creating easily guessed passwords and an upgrade in hackers’ capabilities for breaking them have made password protection increasingly weak.
When creating passwords, even seemingly strong ones that include upper and lower case letters, numbers and symbols, most users still use similar passwords so they’re more memorable. This use of mnemonics makes passwords predictable.
Hackers have tools capable of brute force password guessing. These programs guess billions of possible password combinations until they’re able to gain access to an account. Some top of the line programs can guess about 1-billion passwords per second.
When a user’s password is predictable because of recurring habits, hackers are able to make intelligent assumptions about what your password will look like. That narrows down their list of possibilities considerably, making their password guessing tools even more effective.
Add that to how many websites don’t have ample security on their customers’ passwords. There have been multiple examples over the past year of hackers stealing huge lists of passwords in one attack. This not only gives them access to those accounts, but also gives them real world examples of the types of passwords typically being used.
These brute force attacks are actually fairly rare. Most criminals won’t take the time to launch an attack against a single account. For that, they prefer to use phishing scams and social engineering to get users to send them their passwords unknowingly.
Having a secure password is still important, but it’s even more important to understand where secure passwords will do you the most good. For example, banking sites usually put the most security on their users’ passwords and they’re very rarely compromised. Using a secure password for your bank account is a given, but you want to be sure not to re-use that account on a less secure site. That’s how many bank website’s are compromised. A user will use the same password on a site that isn’t very secure, then a hacker will steal a large number of passwords from the unsecure site and use them on more secure sites.
Using a password manager is one way to enable you to use unique passwords for each account, but never have to worry about forgetting them. However, even this method is hackable.
Although it’s probably impossible to be completely secure, avoiding phishing scams and social engineering and having strong passwords in place will serve you well.
For more information about how to keep your accounts and your computer safe, contact Geek Rescue. We not only fix devices that aren’t working right, we also protect them against future attacks.
October 15th, 2013
Spam and other malicious email threats are a steadily growing problem, but some recent headlines suggest that spam email is actually on the decline. In a post on the All Spammed Up blog, the author notes that these headlines are inaccurate due to a flaw in their researching methods.
One reports claims that 68-percent of all email traffic in August was unsolicited, or spam, emails. That still looks like a daunting number, but it’s actually a decrease of more than 3-percent from previous months. These numbers aren’t wrong, but they only take into account spam emails that are caught by spam filters. As any experienced email user knows, there are still plenty of other threats that end up in their inbox.
In actuality, phishing scams went up by 10-times since August of 2012 and emails containing malicious attachments were 2.5 times higher. These threats are even more dangerous because they’re able to by-pass many spam filters and appear with trusted messages in the inbox.
Rather than email becoming safer, the true message is that spam is getting smarter. Hackers study the way typical spam filters work, then design their malicious emails to get around them. This will prompt an update to spam filters, which will be countered by a change in hackers tactics and on and on.
The other issue with claims that spam is on the decline is that it ignores spam outside of email. SMS spam sent to users’ smartphones is becoming more of a problem. Spam messages over social media like Facebook and Twitter has been a successful endeavor for hackers and is reportedly up 355-percent in the first half of 2013. These new threats don’t show that email is being forgotten by criminals, but instead shows that email is not the only target.
Spam and other malicious attacks are a profitable business so cyber criminals won’t be slowing down their efforts any time soon. For help improving the security on your computer, smartphone, tablet or other device, contact Geek Rescue.
October 10th, 2013
Phishing scams are attempts to trick users to give out personal information so hackers can then use it to break into accounts and steal their identities. Most phishing scams start with an email that directs users to a website where they’er asked for information like their phone number, physical address and even social security number or banking information. There are a number of tell-tale signs of a phishing email, which makes many people believe they could never fall for one. As Sam Narisi of IT Manager Daily reports, a recent study by the Polytechnic Institute of New York suggests otherwise.
The study consisted of 100 science and engineering students. The students were given a personality test and asked about their computer use and proficiency. The researchers then anonymously sent a phishing scam to their personal accounts. The email included the usual signs of a scam, including misspellings and other errors. Still, 17 students fell for it and willingly gave out personal information.
What this study uncovers is that everyone is at risk to become a victim of a phishing scam. Due to social engineering when developing these scams, and a carelessness by users, even the most educated individual could still be a victim.
This extends to other threats, like malware, that infect your system through careless user actions. When a user isn’t extremely cautious online, bad things happen. This is costly for users on their personal computers at home, but it’s a huge risk for businesses who have to safeguard their entire network from numerous careless users.
Education is a great place to start to protect yourself and your office. Knowing what to look for in a potential cyber threat is important, despite the results of the study. Additional security measures also need to be put in place, however, with the knowledge that, eventually, someone is going to click on the wrong link.
To improve the security on any of your devices, at home or at the office, contact Geek Rescue at 918-369-4335.
October 8th, 2013
Is your home WiFi network secure? Unfortunately, there’s a lot of bad information out there that convinces users that they’ve secured their home network, when in actuality it’s still as vulnerable as ever.
Eric Geier, of CIO, set out to debunk some popular myths regarding WiFi security in a recent article. The items on this list have been proven to be inconsequential for protecting you against potential threats.
You’ll find many individuals across the web suggesting you stop broadcasting your wireless router’s name, known as its SSID, or Service Set Identifier. This is to keep your network invisible from those you want to keep out. However, it will still be visible to most users and the SSID is easy to discover for hackers. Plus, trying to stay invisible can make you a target as criminals believe there may be valuable data on your network that you’re trying to conceal.
MAC stands for Media Access Control. A MAC address is an alphanumeric code used to uniquely identify each device on your network. You’re able to configure your router to only allow certain MAC addresses access to your network. In theory, this would keep out unwanted network users, even if they have your network’s password. However, hackers have tools to easily see the list of accepted MAC addresses and can then change their device’s address to match one of those. This makes MAC address filtering little more than a time waster.
In addition to the MAC address, each device on your network has a unique Internet Protocol, or IP, address. Your router issues an IP address to each device when they join the network. By changing configuration so your router only has a limited number of IP addresses to issue, you should be able to limit how many users your network can possibly have. Hackers are able to scan for IP addresses being used by your network, however. They can then assign an acceptable one to their device and by pass this security measure.
Another myth is that reducing the power of your wireless router will make it harder to be accessed by anyone outside your home. The theory is that since the WiFi network won’t be visible from as far away, not as many people will be able to penetrate it. Hackers use high-powered antennas, however. So, having a low powered router will only limit your use of your network.
If you’d like to truly secure your network, consider encryption and firewalls. Coupled with regularly updated antivirus software, this is the best way to keep your network and computer safe. For help improving the cyber security at your home or office, contact Geek Rescue at 918-369-4335.
October 7th, 2013
As previously mentioned, antivirus programs can’t be expected to fully protect your computer. Hackers produce hundreds of thousands of new malware every day and even the most up to date security software can’t possibly keep up.
That’s why it’s important to do your part and keep your machine out of harms way as much as possible. Shay Colson, of Information Space, has some tips on how to avoid malware and other potential threats online.
Just as in the forest it’s important to watch where you step, online it’s important to watch where you click. Most malware is downloaded to a computer when the user clicks on something they shouldn’t have. Particularly when you’re on a less reputable website, it’s important to avoid clicking on ads or links as much as possible. Also, make sure any security software you have installed is up to date. That way, if you do encounter malware, you’ll have the best chance of having it detected before it does any real damage.
The simple solution for making all of your accounts online more secure is to improve your password. Make sure it is 8-characters or longer and includes both upper and lowercase letters, numbers and symbols. Some advocate using your least secure passwords for throwaway accounts, medium passwords for social media, but if you want to avoid a potential hacking, use unique, strong passwords for each account. Using all of those different passwords can get confusing, so it’s also a good idea to use a password manager.
Almost everyone makes purchases online. It’s a good idea to use a credit card, rather than a debit card, however, since it’s easier to dispute fraudulent charges on a credit card. Most eCommerce sites give you the option to save payment information for your next purchase. This is a time saver, but it puts your account information at risk. It’s much better to enter your card number each time than have it available to anyone who gains access to your account.
Your mobile device also has access to sensitive data. Keep it safe by utilizing the lock screen. As seen with an iOS bug that allowed users to bypass the fingerprint scanner, or Android’s notoriously easily hacked lock, this doesn’t fully protect your device. However, it offers some protection and is easy to use. Also, be sure to enable services to remotely disable and wipe your phone in case it’s stolen. Both Apple and Android offer this service. It’s extremely useful in keeping your data out of a criminal’s hands.
These tips keep your information safe without installing additional security software. However, you should always have antivirus programs and other security in place. To improve the security on any of your devices, contact Geek Rescue at 918-369-4335. We also remove viruses and other malware from infected machines.
October 7th, 2013
It seems like everyday there’s a new story about a major company or website that’s been hacked or attacked by malware. Many times, as Steve Johnson of the San Jose Mercury News reports, these attacks stem from initial infections that slip past security software and remain undetected for days, weeks or even months.
The New York Times recently encountered 45 pieces of malware that had remained on their computers for about 4-months. Only one of those was detected by their antivirus protection. Security company Kaspersky reported that a global malware attack that stole individual’s data had eluded antivirus software for five years.
Globally, an estimated $8.4-billion is expected to be spent on antivirus software alone this year. So why doesn’t it offer better protection?
The reason is in the sheer volume of malware being produced. Kaspersky finds 200-thousand new pieces of malware every day, which means there are likely several thousand more being produced each day that avoid detection. That number is up significantly from only 700 piece of malware daily in 2006 and 7-thousand in 2011.
Keeping antivirus programs updated protects you from known threats, which means you’re safe from the majority of the malware that’s out there. However, there are varieties of malware that have been produced, but not yet discovered that pose a significant threat.
In addition to the unknown malware is new techniques by hackers that disables antivirus products all together. Security software is continually getting smarter to protect against these hacks, but it’s an uphill battle.
One way security is improving is to expand the capabilities of antivirus programs. Rather than scanning systems for known malware, they’re able to scan for suspicious behavior from any program, whether it is suspected of being malware or not.
Unfortunately, creating malware is a big, lucrative business. Security software will always be behind the curve in keeping up with new ways for hackers to attack your computer. To stay safe, it’s important to practice safe surfing. Be careful of what you download to your computer, don’t open emails you suspect to be spam and don’t click suspicious looking links.
Even though antivirus programs can’t offer impenetrable security, it is still vital to have updated security in place. To improve the security for your computer at home or at the office, call Geek Rescue at 918-369-4335. If you think you’ve already been infected with malware, we fix that too.
October 4th, 2013
A troubling trend is growing for the creators of malware. More and more malicious programs with legitimately signed digital certificates are being discovered. As Ellen Messmer, of Tech World, reports, this makes malware more likely to slip past security provisions and infect a computer or network.
Security company McAfee starting seeing a significant amount of malware with legitimate certificates in 2010 when they accounted for about 1.3-percent of all malware. That has risen steadily to more than 6-percent now. That actually signifies a huge increase in the sheer number of malware with legitimate certificates since the amount of pieces of malware is estimated to double each year.
This is a problem for mobile users as well. About 24-percent of all malware for Android devices has a legitimate certificate.
These certificates are used to verify that the programs they’re attached to come from a reputable source. There are only a few companies able to sign these certificates and, in the past, many malware programs were using fake or stolen certificates. Now, it seems that hackers have been increasingly successful at obtaining legitimate certificates and using them for multiple pieces of malware.
Many of these certificates were seen attached to malware used in a specifically targeted attack. Hackers knew the type of security being used and used a certificate that would allow the malware to be undetected.
An option available to deal with this growing threat would be to a service in place that would check the “reputation” of a certificate. Those that are being used to by a large number of programs would alert the system to the possibility of malware. As one security expert notes, however, that would only force hackers to obtain a new certificate for each piece of malware, not stop the threat entirely.
Using safe browsing techniques and being extremely cautious about what you download to your computer are the best tactics to take to keep you safe from malware infection. To improve your security, or to check and clean any malware currently on your machine, contact Geek Rescue at 918-369-4335.
October 3rd, 2013
A new threat is emerging for both desktop and mobile internet users. It’s called malvertising and, as Adam Greenberg reports for SC Magazine, is a way to spread malware to unsuspecting users through online advertising.
These malicious ads are placed individually by hackers on otherwise legitimate websites. The hackers must convince companies through email and by using false identities to agree to put up the malvertising. When visitors to the site click the ads, it downloads malware onto their machine.
The criminals are specifically targeting sites with a lot of traffic and security experts estimate each malicious ad averages about 100-thousand views before it’s taken down. Users have to actually click the ads to be affected, but with so many views there’s the potential for a large number of users to be infected with malware. These threats are fairly widespread also with an estimated 10-billion malicious advertisements seen in 2012.
Because hackers are using fraudulent credentials, it’s difficult, or nearly impossible, to track them down even after an ad is found to contain malware. The key to stopping these attacks is for companies to be more judicious in selecting the ads they place on their websites. Asking about corporate and individual identities behind these ads before allowing them on a site is vital to avoiding potential headaches down the road.
Be aware that, while there are some legitimate advertisers who will contact you directly to place ads on your website, there are others who are attempting to spread malware. A safe option is to use PPC ads from a trusted source like Google or Bing.
For users, clicking on ads is a natural part of the web surfing experience, but some caution is needed. Clicking only on ads from reputable companies doesn’t always keep you safe, but it is a start. If your computer is infected with malware, call or come by Geek Rescue and we’ll clean it. Call us at 918-369-4335.