Posts

The Signs to Look for When Looking at a Possible Phishing Attack

One of the common ways that hackers can trick their victims is through a phishing attack. They can do this by writing and sending an email that looks like it comes from a real source. This email might ask you for things like your username or password for a certain account, or it might have an attachment or link, which downloads malicious software to your network or computer. Some of these attacks even look like they are coming from a client, an employee, or your boss.

phishingHere are some signs that you might be the potential victim of a phishing attack.

You are Asked for Personal Info

 One of the signs that an email is a phishing email is if you are asked for personal info. Most of these emails look extremely real, and they seem like they are being sent from a trusted source, like your bank, a local hospital, or a site like PayPal. But they are scams. Think of it this way; your bank won’t ask for your bank account information. It already knows your account info, so if something seems weird, it’s probably a scam.

You are Asked for Money

 If you get an email asking for money, even if it looks legit, it is probably a scam. For instance, if a client emails you and asks for a wire transfer, call them up and ask if it’s real. What makes this such a good scam is that in most cases, the scammer has logged into the person’s account because they steal the credentials. So, you may actually be getting an email from the account of your company’s CEO…but it’s not the CEO who is writing the email.

You Sense Urgency

 If you get an email that has a sense of urgency, like an urgent transfer, it is probably a scam. As soon as you see that something is “urgent,” bells and whistles should go off in your head. Hackers like to cause panic because they know people are more likely to rush to do as asked. Let’s look at this example: you might get an email from your back saying that your bank account has been compromised, and it’s urgent that you go to a certain site, enter your account details, and confirm your account number. Well, guess what? If you do this, the scammer now has access to your bank account information.

The Website or Email Address Look Weird

 You might also get an email that has a weird looking address or website. In general, hackers try to put the name of a company you might recognize in the email address. But that doesn’t mean it’s real. For example, you might bank with Chase Bank. You get an email from @chasebank1.com but guess what? That’s not really Chase. All Chase emails will simply be from @chase.com.

Think About Your Relationship with the Company

 You also should think about the relationship you have with the company you are getting an email from. For example, any email you get from your bank or your health insurance company should come from the company’s system, not from a weird looking email address. Also, if you don’t even have an account with a company you are getting emails from, it’s certainly a scam.

You Get an Email from Yourself

Look at the email closely. Is it coming from…you? Technically, of course, it isn’t, but scammers do this trick a lot.

There are Many Emails in the “To:” Area of the Email

You also want to look at who the email is going to. If there are a lot of email addresses in the “To:” section, it is likely a scam.

Keep an Eye Out for Links

One of the ways that people fall for scams is because they click on the links that are found in emails. Some of these links will download malicious software to your computer and others might take you to a page where someone will try to trick you into giving personal information. Before clicking on a link, hover over it and take a look. If the address is weird, don’t click it.

Spelling or Grammar Errors

Most of these emails that are trying to scam you come from overseas, so it’s very common to see spelling or grammar errors in the email. If you see this, it’s very likely a scam.

Look for Attachments

Finally, if the email has an odd-looking attachment like a Zip file, a PDF, or Word doc, don’t ever open it. It is very likely that there is malware, or a virus, attached. If you believe the attachment could be real, scan it with your antivirus software to be safe.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Your ransomware profile: passwords, profiles and protection

If your computer password contains the name of your dog, your favorite vacation spot, and an easy-to-remember numerical sequence, then you are breaking some basic rules of password safety. Even though “BusterBermuda789” might seem impenetrable to you, this is a password security experts say is vulnerable.

ransomwareHere are five things to know about passwords:

  • A long, strong password goes a long way in helping prevent hacking.
  • Every account should have a different password.
  • A hacker’s password-cracking software can easily expose any password composed of an actual word or proper name, or keyboard sequences. (i.e. Mike123)
  • Passwords should be a jumbled mix of upper and lower case letters, numbers and characters.
  • A password manager tool will make all of this easy for you. Here is one of password manager tool that can help you get started creating stronger passwords.

Need to Know: Four data protection tips

  1. Look out for suspicious emails: Hackers send out phishing emails to trick recipients into clicking a link or attachment that downloads a virus. Or, the link may take them to a website that tricks them into typing out login information. Fraudulent e-mails that look as if they could be from your bank, employer, medical plan carrier, the IRS, UPS, etc. But these will typically ask you do things the IRS and your bank would not. It’s unlikely that your bank lost your account information, and now needs it urgently. Also ignore any email claiming you won a prize, or inherited money. Make sure not to click on any attachments in an email. Attachments are a common way that cybercriminals spread ransomware.
  2. Use 2FA when available. Always choose 2FA – two-factor authentication – option whenever it’s available. Two-factor authentication is when a login attempt to an account prompts a text known as a One-Time Password (OTP) or voice-call to your phone with a unique numerical code that you can enter in a login field. Sign up for it if your account offers it. Yes, hackers have been known to lure users into texting them that special code. Always be suspect of any requests for your OTP.
  3. Protect online profiles. Many hackers get personal information from social media and then use those data pieces to figure out user names and your answers to security questions on your various accounts. Think about it: Do you really need to post the names of all your kids and pets, your wedding anniversary date (which you then might use in a password combination) and tell everyone where you work? It might be time to consider more carefully what you make public. And always make sure your settings are kept private, not public.
  4. Web and Wi-Fi safety. Consider multiple email addresses – not just multiple passwords – to distinguish from business and social contacts. Avoid Wi-Fi at hotels, coffee shops, etc. These are prevalent and convenient, yes, but extremely vulnerable. Never conduct financial transactions on public Wi-Fi. Use a VPN to secure Wi-Fi in remote locations. Your home network should use WPA-2 and not WEP connection. Ignore pop-ups.

A new level of awareness is needed as computer users navigate their professional and personal lives, and realize they are vulnerable – and their data is at risk – every time they log on to a system. Keep simple tips like this close by in order to avoid ransomware and other cyber threats.

Robert is a security analyst, author and media personality who specializes in personal security and identity theft and appears regularly on Good Morning America, ABC News and The TODAY Show.

Beware of Apple ID Phishing Scams

You may have been scammed after you responded to an e-mail that appears it came from Apple. When hackers send e-mails that appear to come from a legitimate company like Apple (or Google, Microsoft, PayPal, etc.), with the objective of tricking the recipient into typing in passwords, usernames, credit card information and other sensitive data, this is called phishing.

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294Many phishing scams are in circulation, including the Apple one. Hackers know that tons of people have Apple accounts. So if they robotically send 10,000 phishing e-mails to random e-mail addresses, they know that they’ll reach a lot of Apple account holders. And in any given group of people, there will always be those who fall for the scam. Not me, though. Recently I received the following scam e-mail:

Your Apple ID was used to buy a iOS App “TomTom Canada” from the App Store on a computer or device that had not previously been associated with your Apple ID.

Order total: $ CAD 44.99

If you initiated this download, you can disregard this email. It was only sent to alert you in case you did not initiate the download yourself.

 If you have not authorize this charge, Click here to login as soon as possible to cancel the payment!

When the payment will be canceled you will get a full refund.

Sincerely,
Apple Support
apple.com/support

A tip-off that this is fraudulent is the typos: “used to buy a iOS App…” (Hopefully you can spot the typo right away.) Another typo: “If you have not authorize this charge…”

 

A legitimate e-mail from a reputable company will not have typos or mistakes in English usage. And it’s unlikely it will have exclamation points, especially after words like “payment.” This e-mail really reeks of rotten phish.

Another red flag is that when you hover over the link, you get an unintelligible URL, or one that’s simple not Apple.com

Forward Apple phishing links including their headers to reportphishing@apple.com.

Unfortunately, many people are ruled by shot-gun emotional reactions and promptly click links inside e-mails. Once they’re taken to a phony website, most are already sucked in too deep to recognize they’re about to be scammed.

Additional Information for Apple Account Holders

You can quickly change your password at Apple ID.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

How your Brain is affected by Phishing Scams

A recent study says that people are more mindful of online safety issues than what experts had previously believed. An article on phys.org says that Nitesh Saxena, PhD, wanted to know what goes on in users’ brains when they come upon malicious websites or malware warnings.

13DSaxena points out that past studies indicated that users’ minds are pretty much blank when it comes to malware signs. Saxena and colleagues used brain imaging (functional MRI) for their study.

Study subjects were asked to tell the authentic login pages of popular websites from phony replications. A second task for them was to differentiate between harmless pop-ups while they read some news articles and pop-ups with malware warnings.

The fMRI showed brain activity as it corresponded to the users’ online activity: attention, making decisions, solving problems. The images lit up for both tasks, but of course, fMRI can’t tell if the user is making the right decision.

That aside, the results were that the users were accurate 89 percent of the time with the malware warning task. When users were met with malware warnings, the language comprehension area of the brain lit up. Saxena states in the phys.org article, “Warnings trigger some sort of thought process in people’s brains that there is something unusual going on.”

The accuracy rate of telling an authentic website from a phony one was just 60 percent. Saxena believes this might be because users don’t know what to look for. For instance, they don’t know to look at the URL, which can give away the phoniness.

This study also had the participants complete a personality evaluation to measure impulsiveness. The fMRI images revealed differences based on impulsivity. Saxena says there was a “negative correlation” between brain activity and impulsive behavior. The impulsive user is prone to hastily clicking “yes” to proceed, when a malware warning pops up.

There was less brain activity in the key cerebral areas of decision-making in the users who had greater degrees of impulsivity.

This study has potential applications for the improved design of malware warning systems. These results can also assist company managers by identifying impulsive workers who need stronger online security training.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention.

6 Ways to remove Junk mail forever

If you’re sick of junk mail, stop putting off putting a stop to it, because you can actually make a difference by implementing the following 6 strategies. Though you won’t be able to completely eliminate junk mail, the following approaches will considerably de-clutter your mail box.1P

  1. Get off marketing lists. This is done by having the Direct Marketing Association contact direct mail companies and instruct them to stop sending you mail. Go to DMACHOICE.org to get started and free yourself of mail offerings from magazines, catalogues and credit card companies, to name a few. To stop credit card offers only, sign up with OptOutPrescreen.com. For optimal results, sign up for both.
  2. Look for a “privacy notice” in the mail from your credit card issuer or bank, because this notice has an opt-out choice to avoid getting marketing material. However, you may have tossed this notice, thinking it was junk mail (it’s actually not), so contact your bank or credit card company and inquire about their privacy policy. Don’t stop there; contact any entity that deals with your money, such as your auto insurance company.
  3. Sign up for the free TrustedID Mail Preference Service. This provides companies that you can seek the opt-out instructions for.
  4. For $35, 41pounds.org will stifle mail offers.
  5. Do not get a print magazine subscription. Otherwise you’ll set yourself up for reams of third-party junk mail. See if there’s a digital version of the magazine or if your gym has it available.
  6. Go electronic. To stop junk mail from coming with your snail mail bills, switch to electronic billing.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

10 Ways to protect your Gmail Account

Protecting your Gmail account means you must activate some tools that Google offers, and you must increase your scam savvy intelligence in order to spot phishing scams. If you do both, you can have a very well-protected Gmail account.

2D#1. Google 2 Step Verification. This is the Holy Grail of account security. Not really, but it’s the best they have available. With 2 Step you get a onetime log in code to a secondary device like a mobile phone via text or the “Google Authenticator” app. I like text best. This will surely protect your Gmail account because a hacker would need access to this secondary device to bust into your account, since Google would require a six-digit unique code for this second device to access your account.

Speaking of codes, you can generate a number of one-time codes that you can use in the event of a mishap such as losing your device; you can use these codes to access your account from a temporary device.

#2. Stay out of Googles spam folder. Learn to ignore spam.Must you open every e-mail? Google does a pretty good job of spam/phish filtering. Leave the phishy/spammy messages alone and you’ll be in good shape.

Most malicious or “phishing” e-mails are very obvious, with any of the following in their subject lines:

–       Get back to me

–       Your money is waiting

–       If you don’t read this now you’ll hate yourself

–       Claim your reward

However, some subject lines look less suspicious, like “Your Amazon.com order has shipped.” If you use a unique e-mail account solely for Amazon or eBay, and then promise yourself never to click on a link inside the e-mail, you’ll be fine.

#3. Never give out your password.

Remember: If someone requests your Google account password, it’s malicious. If you think Google wants your password, don’t give it via any link in an e-mail. Instead go to https://www.gmail.com or https://accounts.google.com/ServiceLogin and login.

#4. Account recovery options: Keep up to date. Always keep your mobile phone number current because it’s what Google uses to send you a security code. So if a hacker gets your Gmail account password, it’s useless unless they have your smartphone number, which Google will use to send you that code to prove your identity.

#5. Have a recovery e-mail address that’s also up-to-date because Google uses this strictly for sending security codes for when you forget a password. You should have this second e-mail address also because Google will use it to send important security information.

#6. Secondary e-mail address. This is in addition to the recovery address mentioned prior because you can use this alternate to sign into your Gmail account. Note, however, that this alternate address must not be part of your Gmail account or even associated with a second Google account.

#7. Use secure connections. Gmail should always be set to use a secure connection, denoted by HTTPS before the URL. Go to Settings, General, Browser Connection to set it up. Use a secure VPN for logging in. Hotspot Shield protects and encrypts your wireless connections.

#8. Strong & long is the name of the game. Enough of passwords like Puppylover1, carfiend1979 and Darlingmama. Don’t use words that can be found in a dictionary. Include symbols like #, * and $. The more nonsensical and longer the password, the better. Next, do not ever use your Google password for any other account. Your e-mail passwords should be equally nonsensical.

#9. Incognito. Use the “incognito” or “private” mode in browsers when you’re on a public or shared computer such as at a hotel. These modes will prevent cookies, web history and other data formation from getting stored. If these modes are not available, clear your cookies and browsing history when you LOG OUT.

#10. Finally, to protect your Gmail account, keep your system up-to-date and secure with anti-virus and anti-malware.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Phishing Scam: Using the U.S. General Commander in Iraq as Phish Food

Fishing of course is the sport of tossing a tasty wormy baited hook connected to a fishing line and patiently waiting for a fish to take the bait.

Phishing is the sport of tossing a wormy baited tasty lie connected to a wormy human and the degenerate patiently waits for a naïve victim to take the bait.

A phisher can send thousands of phish emails a day and eventually someone will get hooked.

Phishing is a $9 billion business. Unlike the ongoing depleting of the oceans fisheries, there are PLENTY of people out there to phish. Many of them today are from developing nations like India and China who are just getting a broadband connection to the internet and are considered fresh meat to the bad guy.

The New York Times reports “if you get an Internet appeal from Gen. Ray Odierno, the senior American commander in Iraq, asking you to pay lots of money to get your son or daughter out of combat duty, don’t believe it. And certainly don’t send the $200,000. General Odierno acknowledged that he is but one more victim of a social networking scheme offering a big — but fake — benefit, if you send big amounts of real money.

“I’ve had several scam artists on Facebook use my Facebook page and then go out asking people for all kinds of money: ‘If you pay $200,000, your son can get sent home early,’” General Odierno said at a Pentagon news conference.

Criminals may seek out military families and target them one by one or send a blast to thousands at a time and use a ruse that pulls at the heart strings of unsuspecting families who simply want their loved-one back home.

The General posted a large warning on his social networking site. “I have this big thing on my Facebook that says, If anybody asks you for money in my name, don’t believe it,” he said. “But it’s a problem.”

Frankly, I don’t like the idea of an American General having a Facebook page. It weird’s me out. Hopefully the high commander isn’t uploading pictures of himself doing shots of tequila while driving a tank.

My guess is there is someone out there who has the money and is probably acutely unaware of this type of scam, then is probably capable of getting hooked.  But more than likely nobody will cough up $200,000. But the scammers know to start high and they will go low. They will take a $1000.00 when it comes down to it. But they also know that people won’t argue with a General and nobody will “discount” the value of their loved-ones life. So overall it’s a pretty good scam. Just don’t take the bait.

Robert Siciliano personal security expert to ADT Home Security Source discussing Facebook scams on CNN. Disclosures.