Tag Archives: links

ALERT!-Google Docs Phishing Attack-ALERT!

Right now millions of email users are getting a seemingly innocent email asking them to view a Google Docs file. DO NOT CLICK ON IT! DELETE IMMEDIATELTY!

The email takes the user to an excellent replica of the Google Docs page you would normally see. The hackers are so clever they have copied the newest version of the page. To make matter worse the URL or web address is very close to the real Google Docs web address. The email itself will look as if it came from a legitimate email address and even uses a .gov email address.

The email does not deliver any malicious malware that we know of. But it does steal user names and passwords.

In a statement a Google PR representative said; “We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”

Google sent out another statement, this time directly from Google that read; “We realize people are concerned about their Google accounts, and we’re now able to give a fuller explanation after further investigation. We have taken action to protect users against an email spam campaign impersonating Google Docs, which affected fewer than 0.1% of Gmail users. We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications, and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems. We were able to stop the campaign within approximately one hour. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed. There’s no further action users need to take regarding this event; users who want to review third party apps connected to their account can visit Google Security Checkup.

If you have recieved the suspect email there are a few things you can do.

  1. Do not click on it even if it comes from someone you know. Always be suspicious of links and attachments you are not expecting or do not know where they come from. Anytime you get an email containing a link or attachments contact the sender and ask what is it. They may not know their email is being used to send out spam or malware.
  2. Use multi-factor authentication. Many websites offer multi-factor authentication. It is simply and extra step to protect you on the web. The system often works by sendng a second code via a text message to your smartphone. This is great when you are using a computer you don’t normally use and can prevent hackers from accessing your accounts or stealing passwords.
  3. If you have already clicked on the suspect email or are not sure then you can cancel third party access by visiting this Google site. Also change your Google passwords.
  4. Finally report the incident by clicking the downward arrow at the top right of your inbox and selecting “Report Phishing.”

Remember, try to avoid catching “click around fever.” This is the compulsion to click on links or attachments in your email or visit websites just out of curiosity. Many malware infections and viruses can be had by what’s commonly known as a drive by download.  This means the instant you click on the wrong thing or visit the wrong website you’re infected.

How Not to Get Hacked in Six Easy Steps

canstockphoto22219067Getting hacked is so easy that it is almost comical. Black people need to be aware that most hackers take advantage of human kindness, weakness, curiosity and even stupidity to get inside computer networks. Hacking is simple when the victim is willing to give the hacker a helping hand. Understand how easy it is not to get hacked and you’ll feel a lot better and safer online.

Step 1) Don’t take the bait! Phishing is the first simple step to getting hacked. A Verizon Data Breach Investigation Report revealed 23 percent of phishing recipients open malicious messages and 11 percent open attachments. The report showed that it only takes 82 seconds from when a phishing campaign is launched to when people start biting on the phony lures.  One of the the cardinal rules of email security is to not click on any link or download attachment that you are not absolutely certain of what it is and where it came from. If you receive an unexpected email with a link or attachment then call the person who sent it to you if you know who it is. Ask them what they sent you. Avoid any cute pictures, prayers, or jokes. That is how malware gets in your computer along with getting your email on spam lists. If you don’t know who sent it then delete instantly.

Step 2) Don’t fall for the phoney phone call! Much the same as phishing, the simplest way for attackers to gain access to users machines is to just ask for it. The age-old method of social engineering is still reliable.  This is when a hacker talks their victims out of information sometimes without the person even knowing it. On the phone they pretend to be an executive or someone in authority. Sometimes they smooth talk their victim into giving up information using compliments and encouragement. Or they may bully their victim and frighten them into doing or saying something they shouldn’t.

One of the most popular and effective scams is the IT support scam. A caller contacts the victim posing as IT help and asks for the user’s login and password. Sometime they will tell you things like your computer has a virus and it is spreading to your friends and family. Sometimes they may pretend to be a fellow employee or business partner and ask the employee to open a specific document that is actually something like a remote access Trojan or other malware.

Something to think about is that anti-virus software makers do not make outgoing calls to alert an individual that their computer is spreading viruses. Never, ever, share your user name and password with someone on the phone you do not know. Finally, if they claim to be working in the same company with you make damn sure they are who they say they are. Do not open any attachment or click on any link unless you know for sure that it is your company’s IT department you are dealing with. Most companies suffer hacking attacks as a result of employee actions. And most companies will not hesitate to fire you if you violate computer security rules.

Step 3) Stay up to date! Users are often hacked because their systems are not up-to-date and patched for common attacks. Hackers know what software is vulnerable. They look for computers that are using old outdated software to attack. The simplest way to protect yourself is to make sure your software is up to date. Learn to set your computer to perform automatic updates of all software. And stay up to date on the latest scams. According to Verizon hackers are still finding vulnerabilities in computers that are as much as eight years old.

Step 4) Get a strong a password!  Is your password just stupid? An easy to guess user name and password is simply begging to be hacked. Your user name and password is the key to your computer and all the information contained therein. In addition easy to guess user names and passwords also allow access to your bank and other sensitive online activity.  A good strong password is vital. You may even want to switch to two factor authentication if you conduct sensitive business online.

Step 5) Use caution on free WiFi! Researchers with Cylance recently provided solid evidence why you should consider taking an extra security step when utilizing public WiFi connections.The company strongly suggests using VPN on public WiFi networks.  Cylance discovered 277 hotels, convention centers and data centers in 29 countries used routers  with known vulnerabilities to offer WiFi to guests. Public and free hotspots are wide open for starting man-in-the-middle attacks and other means of establishing footholds in unsuspecting users’ machines. Hackers love to hang out in Starbucks, Panera Bread, public libraries and other places that offers free Internet access. They are waiting and watching you log into your bank account.

Step 6) Don’t put your business in the street!  You talk to much! Social media such as Facebook is another favorite hacker hunting ground.  Hackers do their homework.  The information you share on social media sites is exactly what makes a hacker’s jobs easy.   Sharing the name of your pet, your birthday, place of work and special relationship makes it easier for an attacker to guess passwords or the answer to password reset challenge questions.  For example the question “What city were you born in?” is an easy one to answer just by looking at your Facebook page.

This information can be used against you in order to create an extremely effective spear phishing message. Learn to stop sharing so much information on social media. The more you give away the more that can be taken away.

Now you know

 

Ebola Scams Hits Email In Boxes

Has Ebola hit your email inbox?  The latest Internet scams, malware and viruses come in the form of email related to the Ebola virus. These emails come from various sources claiming to be agencies of the federal government, health insurance companies, charities, and news services.  All claim to have vital information about the outbreak. Some claim to provide information about either avoiding the Ebola virus, what to do if you think you have it and how to buy insurance against a possible infection. Some emails claim that your medical insurance will not cover you if you get infected. But you can buy Ebola insurance. Many of the emails contain links or attachments that may download malware or viruses into a users computer. Some of the malware has locked up computers and demanded payment to release the computer back to the owner. Others install malware that copies user names and passwords.

Another email is being sent to people who have recently traveled stating that they may have been infected and they need to click on a link or complete a form to report their name, address and other sensitive information to health authorities. This is a classic phishing tactic.

People are sharing Ebola news via email so look out for email with links or attachments that come from friends. Many viruses and malware programs are designed to email themselves to all the names in the email contacts list. If your friend sends you an unexpected email with a link or attachment don’t open it. Call them and ask if they did indeed send it and what is it? 

The US-CERT (United States Computer Emergency Readiness Team) has issued warnings regarding Ebola scams. The organization has warned Internet users to be alert for fraudulent emails of this kind to avoid malicious cyber campaigns.

Internet users are warned to be careful if they receive these types of email messages, If you do receive an Ebola email keep yourself safe by taking the following steps:

Simple common sense will spot many of these scams. Many cyber criminals are not native English speakers.  So they give themselves away with poor writing and English with various typos, grammar mistakes, an odd sender’s email address or a link to a suspicious domain. These are among the most common signs of a scam.

“Ebola scams will continue to push strong emotional triggers, so we advise users to double check online warnings, news updates and videos. Getting news straight from reputable sources and media agencies is always the right thing to do,” said Bitdefender Chief Security Strategist Catalin Cosoi.

Another Ebola scam will tug at the heart of many victims. Fake charities are starting to pop up for Ebola victims and soliciting online donations. Some people have reported receiving calls from charities asking for donations. Before you give a dime to anybody verify the legitimacy of the charity or just donate to the good old Red Cross

Breaking It Down

Lets admit that some people have no qualms about doing whatever they have to do to rip you off. People are suffering and dying with this horrible disease but somebody is thinking about making money off it. Don’t play into that. Use caution when dealing with any email about the Ebola virus. Same for anyone calling asking for donations. As a matter of fact, treat both as if they do indeed have the virus. Keep your anti-virus software up to date. Make sure your friends and family are aware of the scams that are out there.  If you believe that you may have been exposed then stay at home and call 911 for help. And don’t buy Ebola insurance. C’mon; Ebola insurance? Really?

For more information about Ebola scams please see;

Better Business Bureau Warns of Ebola Scams

Scammers are Cashing in on Your Ebola Fears

FDA Warns of Ebola Scams

Ebola Scams Hit the Web