October 3rd, 2013
When there’s a major event that captures the attention of the media, you can bet that a related scam will be developed quickly. The royal baby’s birth was one of the latest historic events to be taken advantage of by cyber criminals. As Anand Muralidharan reports at the Symantec blog, spam emails related to the government shutdown is the current threat.
You may be curious to know how the government shutdown can be misappropriated for use by spammers. The answer is that it requires some creativity. The spam emails that have been reported so far have claimed to offer vehicles at half-price for the duration of the shutdown. The emails bear no markings from car manufacturers or car lots, but offer a link to follow for half-priced 2013 model cars and trucks.
Many of these emails are able to slip past spam filters. This may be in part due to their changing email header, or subject.
“Get half-off our autos for each day the US Govt is shut down”
“Get half off MSRP on new autos for each day of govt. shutdown”
These email subjects, or something similar, should alert you that the message is spam and the link will likely take you to a malicious website.
That no official brand logo or company name is used makes these emails much easier to spot and avoid. This likely won’t be the only government shutdown related scam appearing in your inbox, however. And the longer the shutdown lasts, the more opportunities for scams.
Being aware that scams like this are out there makes you less likely to become a victim. Always be cautious of unsolicited emails from untrusted senders.
If you’d like to upgrade your spam filters, or improve the overall security on your computer, call Geek Rescue at 918-369-4335.
October 2nd, 2013
Your Facebook profile is an appealing target for cyber criminals. With access to your profile, they immediately have access to all of your friends also. A hacked Facebook account has led to the hacker asking for money from Facebook friends, posting malicious links on friends’ walls and other suspect behavior.
Andy O’Donnell, of About, notes that you’re usually not the first to find out you’ve been hacked. A friend may text you to ask about an odd status update or message. When you try to sign into your account, either you’ll notice that someone else has been posting messages as you, or you’ll be locked out completely. If you believe you’re account has been hacked, follow these steps.
- Go to facebook.com/hacked, which is the Facebook Account Compromise Reporting page.
- Click ‘My Account is Compromised.”
- You’ll be taken to the ‘Identify Your Account’ page where you’ll be asked to enter your email address, phone number, or your name and the name of a Facebook friend.
- Follow the on-screen instructions.
Once you’ve re-gained access to your account, you’ll want to un-do anything that the hacker did. First, change your password. Take this opportunity to make it stronger by using upper and lowercase letters, numbers and symbols. Check your apps page to delete any suspicious apps the hacker may have added. Be sure to tell all of your friends that your account was hacked so they don’t follow any links the hacker may have sent them.
After you’ve taken care of any issues on Facebook’s site, take some time to think about how your account was compromised. Malware on your computer can result in hacked accounts, so a full-scan of your hard drive may be in order.
If you believe your computer is infected with malware, call Geek Rescue at 918-369-4335. We remove malicious programs like malware, Trojans and viruses from any device and have security options to help protect you from future attacks.
October 1st, 2013
Facebook officially launched Graph Search to all users, which makes it possible to search for, well, anything that’s ever been posted on Facebook. Every comment, status update, check-in, photo and more can be turned up by a simple search. For those who have had a Facebook account for nearly a decade, you might not want people to easily be able to see what your 20 year old self was saying.
Ashley Feinberg, of Lifehacker, posted a privacy guide that let’s you lock down your old posts so they’re not available to just anyone. This way, you won’t have to go through and individually select privacy for each and every status update and comment you’ve made on Facebook.
- Click the ‘Privacy Shortcuts’ icon, which looks like a padlock in front of three lines and is located in the top right corner of any Facebook page.
- Click the ‘See More Options’ link at the bottom of the drop down menu.
- Now click ‘Limit Past Posts’, which is found on the far right about half way down.
- You’ll encounter a warning from Facebook that anyone who isn’t your friend won’t be able to see your old posts. Click ‘Limit Old Posts’.
- Facebook will again ask you if you’re sure. Click ‘Confirm’.
Just like that you’ve made it impossible for strangers to unearth your old Facebook posts. There’s still the problem of friends coming across something embarrassing you may have posted in your younger days. If you’re worried about that possibility, find the specific post by searching for it yourself, or going to the year on your timeline it occurs, if you remember of course. Then you can adjust the privacy settings for that specific post and make it visible to only you.
Privacy on any social media platform is important because cyber criminals are able to use personal information against you. What you share on Facebook helps them hack into other online accounts, or target you in a spear phishing scam.
Be careful about what you are sharing online. For help improving the security on your computer, or mobile device, contact Geek Rescue at 918-369-4335.
October 1st, 2013
A botnet is a way for cyber criminals to use your computer to perform tasks like sending spam emails, spreading malware and other fraudulent uses. Infected computers will be able to communicate and form an entire network of zombie machines, which are all under the control of hackers.
Tom Espiner, of the BBC, reports that security company Symantec recently disabled 500-thousand infected computers that were acting as part of a botnet. The ZeroAccess botnoet, used for advertising and online currency fraud, was previously made up of 1.9-million machines.
The ZeroAccess botnet uses people’s computers to execute click fraud. Online advertisements generate income for websites that host them based on how many users click on them. This botnet used zombie machines to generate false clicks, which made them money.
By disabling 500-thousand of the infected machines, the hackers will lose about a quarter of their income. However, the identity and location of these criminals is unknown so experts warn that they’ll be working to restore their numbers quickly.
Symantec initially stepped in to take down the ZeroAccess botnet when it noticed an updated form of the Trojan program, which ZeroAccess installs on infected machines, being distributed. This malware made it more difficult to disrupt the botnet’s communications. Symantec felt they needed to act now, before updated malware made it impossible to disable any infected computers.
Perhaps the most troubling part of a botnet is that most users won’t know their computer is being used by a third-party. Infected computers will experience a decrease in performance. Your computer will be slower because a portion of its resources are being used as part of the botnet.
It’s also a good idea to check the sent messages folder in your email. If there are messages that you didn’t write being sent from your email address, you’ve got a problem and may be part of a botnet.
If you’re experiencing computer trouble or want to upgrade your cyber security, contact Geek Rescue at 918-369-4335.
September 30th, 2013
You’ve probably taken some precautions to make sure your computer is protected from malware, viruses and other potential security issues. But have you taken precautions to protect your router?
A recent post on NewsFactor notes that there are router-specific malware threats capable of reconfiguring it. A malware infected router is able to redirect users to malicious sites in order to steal data or infect them with more malware and viruses.
Imagine you are using your computer to check your bank balance. If your router is infected with malware, it could redirect you to a similar looking site that is actually designed to steal your log-in information. Minor differences will alert you that something is wrong, but you have to be looking for them. A slight difference in the way the site looks, or a missing option in the menu are tell-tale signs that this site isn’t legitimate.
Thankfully, most banking websites offer security specifically designed to alert you if you’re not on their official website. However, other websites don’t take the same precautions.
Your browser also has security tools available to help keep you safe in these situations. When the warning pops up that a website’s security certificate isn’t recognized, don’t ignore it. This is a warning that using this site puts your data at risk. If you see that warning, don’t use that website. If needed, contact the business directly by phone and ask them about their website.
To protect yourself, make sure your router is updated continuously. Newer models usually update automatically, but it’s worth checking to make sure. Also, use the password protection options. Not only should your router be password protected, but that password should be changed often and not easy to guess.
To find out how to improve the cyber security at your home or office, contact Geek Rescue at 918-369-4335.
September 30th, 2013
Creating an adequate, effective security infrastructure for your business is difficult. It becomes impossible, however, if you don’t take the time to consider where your weaknesses are.
Patrick Budmar, of ARN, reports that security experts estimate that 80-percent of IT security spending at an average company is focused on only 30-percent of the problem.
Firewalls, intrusion protection systems and endpoint security are noted as receiving the bulk of most security budgets. However, diverting funds to increase prevention and detection of threats is a more efficient practice.
Regardless of the amount of security software in place, there will be breaches and gaps in your security. That’s why experts recommend focusing more attention on monitoring data and constantly checking for abnormalities within your network. Many times, a security breach goes unnoticed for weeks or months at a time. This allows for an exponentially higher amount of damage than if the breach was detected immediately.
An audit of your company’s cyber security exposes the potential flaws. It also shows where more attention or funding is needed, and where funds can be diverted from. This way, you’re able to upgrade security by spending more intelligently, not necessarily by spending more.
Geek Rescue provides security audits and the tools needed to improve security. Call us at 918-369-4335 before an attack to avoid costly damage and data loss.
September 27th, 2013
Antivirus vendors are reporting that a new piece of malware is being used in infection attempts hundreds of times per day over the past few weeks. It goes by the name Napolar or Solarbot and is used to steal information.
Lucian Constantin, of PC World, writes that this new malware started infecting computers in mid-August, but was put up for sale to cyber criminals weeks before the first infection. For $200, hackers are able to buy the Napolar binary code and launch their own malware attack.
While infections have mostly been reported in South America so far, security experts fear this malware will spread quickly, due to its affordable price tag. It appears Napolar is being spread through compromised Facebook accounts.
Napolar is similar in functionality to a Trojan, which has been around for years. Experts speculate it could actually become more popular, however, because of its ease of use and because it is upgradeable with plug-ins.
The tell-tale signs of the malware are pop-up images of women appearing on screen after downloading an infected photo-file.
With more hackers purchasing Napolar and more Facebook users being infected, it’s only a matter of time before the malware reaches North America.
Be sure to keep your antivirus software updated. If you discover that your computer has been infected by malware, bring it to Geek Rescue. We disinfect any device and help you improve your security to protect against future attacks. Come by or call us at 918-369-4335.
September 27th, 2013
You’ve heard how important robust cyber security is for your business. You’ve read the articles, you’ve seen the statistics and heard the urging from IT professionals. Unfortunately, for many small business owners, the warnings don’t truly sink in until after they become a victim of an attack.
Ericka Chickowski, of Dark Reading, writes that a cyber attack doesn’t have to solely be a negative on your company. It is costly and it could hurt your credibility with your customers and prevent you from offering your services for a time. But, it’s also a chance to learn a lesson and become stronger.
During the recovery process, it’s important for companies that have been victimized to take time to study why they became a target in the first place. The exploit is like a real-world audit of your security infrastructure and, unfortunately, your security failed. Take this opportunity to improve the holes and the day-to-day processes of your company.
Be sure to take this opportunity to address your entire security infrastructure, not just the part that was exploited. Your security likely doesn’t have only one flaw. And even if you find that the software in place is adequate, you may discover that you employees actions put data at risk.
You should also critique your recovery plan. Think about the company-wide actions after the attack took place and consider how they could be improved. Your goal should be to cut downtime and restore data as quickly and fully as possible.
If your security is breached, you definitely can’t afford to ignore it. Let it be a message to you that a more serious investment in cyber security is needed.
For a security audit, or to find out what your options are for improving security, contact Geek Rescue at 918-369-4335.
September 27th, 2013
Every business has adopted some form of cyber security, but is your security truly aimed to keep you safe from a full-scale cyber attack? Too often businesses believe they won’t be a target of hackers and make that an excuse for not dedicating more resources to true security. Those with minimal security, however, make themselves a target because of how easy it is to attack their network.
Catalin Zorzini, of Inspired Magazine, suggests taking the necessary steps to take your security from minimal to robust. Here’s what to consider when trying to implement adequate security.
- Audit your current security
Conducting a security audit will reveal where you are most vulnerable. This informs you what your security is lacking and specifically what data is at risk. Knowing that will allow you to put into real terms what is at stake. Contact Geek Rescue to perform a thorough audit of your security.
- Consider disaster recovery
Keeping security threats like malware out is only one aspect of good security. You also need to have a plan in place for a disaster that wipes out your data. This could stem from a cyber attack, or it could be a natural disaster that destroys your servers. Regardless of the cause, you need a plan that will minimize the amount of downtime you suffer and how much data is lost.
- Don’t forget about mobile
Mobile technologies create complications for your security infrastructure. Employees sharing data with cloud systems or through email and connecting on unsecured WiFi cause headaches. There’s also the growing bring your own device, or BYOD, trend. That is also a potential problem as employees could bring infected devices to the office and infect the whole network.
By thinking about potential security problems and patching holes, you’ll avoid large scale data loss and downtime in the future.
Geek Rescue helps you improve cyber security. Call us at 918-369-4335 to set up a security audit, make a disaster recovery plan or more.
September 26th, 2013
Using a cloud system to store and share files has become a common business practice. The cloud makes data available from practically anywhere and makes it easy for employees to collaborate on projects. However, not enough attention is being paid to the security of these clouds and who could potentially have access to valuable information.
Yorghen Edholm writes on his ComputerWorld blog that these security issues are of a particular concern when employees use a public cloud. Services like Google Drive and Dropbox are easy to use and have free options. They present a security risk, however.
It’s not necessarily these public clouds themselves that pose the problem, although they aren’t nearly as secure as private cloud options. The real problem stems from employees using public clouds without supervision from superiors or the IT team. That means others are unaware of potential risks and unprepared to solve problems.
Many employees use a public cloud because it’s convenient. They may be planning to temporarily store a file, or quickly share it with other team members. Usually, they lose track of exactly what is being shared and believe that they’ve only added files to the public cloud that don’t contain any potentially damaging information.
There’s also a concern over who exactly will have access to a public cloud. Recent headlines have enlightened the public about the government being able to snoop on files stored this way. Storing your data more securely doesn’t necessarily restrict the government’s access, but at least you’ll be able to keep track of what they’ve seen.
It may not be possible to keep every piece of data stored privately. But, you should strive to gain oversight of all the data being shared, and how it’s being shared.
For help implementing a cloud computing system at your business, or to enhance security, contact Geek Rescue at 918-369-4335.
