If you use Netflix, like me and 10 million other people, watch out for a phishing scam. Barracuda Labs pushed out this warning today:
Just yesterday, Barracuda Labs intercepted thousands of copies of a spammed phishing attack aimed at customers of the popular online video rental service Netflix. While phishing attacks are nothing new, especially against financial institutions, this attack is particularly well done.
Their blog post is comprehensive, and worth a read.
Barracuda Networks today released their 2010 mid-year security report, and they’re looking askance at some big names. For one thing, the headline on Barracuda’s site reads:
Google Crowned “King of Malware” – Has Two Times More Malware than Bing, Yahoo! and Twitter Combined
So, search with care, friends. We encourage you browse the report and see what they mean.
The finding are worth a read, and you can get through the report quickly. The payoff is learning things like: of every 100 Twitter users, 90 have less than 100 followers. (I’m in that top ten percent, if you’re wondering, and so is the WSG Twitter account.)
A client of ours sent this over to me today asking if it was legitimate or not. We get questions like this quite often, and we always tell folks to reach out to us in moments of doubt, rather than doing something potentially harmful. We’re always, always glad you asked. Here’s what was sent over this morning.
Look below for the rest of the post.
From: C Web Mail Team [mailto:firstname.lastname@example.org]
Sent: Tuesday, April 13, 2010 8:00 AM
Subject: Attn: webmail Owner
Attn: webmail Owner
We just confirmed that you have not upgrade to the new web-mail version. That is why we are sending
you this massage to upgrade your account now. This is because we are preventing your web-mail from
closure. And also we have notice that your mail have been used for send spam mail to other mail.
To prevent your account from this you will have to send a verification massage so that we will
confirm from our computer system that you are the rightfully owner of this mail and also to upgrade
your account to the version. To upgrade your account you have to send us the following information
so that we can upgrade as soon as possible.
CONFIRM YOUR EMAIL IDENTITY BELOW
Email User name : ……….
EMAIL Password : ………..
Date of Birth :………….
Warning!!! if you refuse to send this information to us within (1) weeks of receiving this warning you will
lose your account. Warning Code: PX2G99AAJ
Thank you for using webmail
NOTE: This message is authorize by the webmail Project email account protector unit.Notification message will be send back to you after verifying your account before account could be reset.
C All right reserve.
This is a common occurrence, and a nasty potential threat so let’s look at how this played out. Someone – let’s call them Janice – receives an email asking her to click on a link, submit personal information, reply with answers to questions and so on, all in the name of making sure something bad doesn’t happen to her. Things like the protection of her bank account, the continuity of her webmail access, a shinny opportunity like free tickets or an iPod and so on. The request is presented in ambiguous enough a manner as to keep Janice from dismissing it out of hand. If it was something more cartoonish like a Viagra solicitation or an invitation to a gambling web site, Janice might have been able to click ‘delete’ and move on.
In this case, Janice is left to wonder – should she or shouldn’t she. Should she send her birthday, password and username to the system administrator or not? What if her webmail access was turned off? How would she re-activate it?
We hope that Janice and everyone else will consider a third option – ask for help. We can quickly answer the question for you. Avoid, avoid avoid complying with requests like this, no matter now legitimate it might look. Just ask us. We can help you stay out of hot water.
The Saratoga Economic Development Corporation debuted this video today at an event with the Saratoga County Chamber of Commerce. I was not at the event.
I don’t mean to be critical, but I’m going to be critical.
What is the point of this video? I’m serious. Watch it and let me know. Is there new information? Is there a call to action? Is there really a compelling case made for anything? The only URL included in the video is to SaratogaEDC.com, which – quite frankly – is a static site lacking personalization, and appears to have been designed in 2002.
There is so much potential for organizations and businesses to tell their stories on the web. Video, photos, interesting content, social conversations held in the open. Putting bland, irrelevant content out there is a flat. Waste. Of. Time.
The Internets are a nasty, foul, disorganized place full of people and systems designed to steal what you have and who you are. Whenever you are about to do something on-line ask yourself if an idiot would do that thing. If the answer is yes, do not do that thing.
Every time you lower your defenses you become an easier and easier target. Never forget that your common sense if one of your best defenses. Do not suspend your skepticism and common sense when you open up a web browser or read your email. Instead, keep these things in mind:
1. Do not be an idiot.
You are a target, and don’t ever forget that fact.
Just because you can’t write or read HTML, or can’t describe a packet of data doesn’t mean you don’t know enough to protect yourself. Not to be cruel, but spammers, phishers and scam artists thrive on naive and unguarded users and their behaviors. A Google search for “Nigerian Prince” brings you this 2002 post on the InformIT blog about the notorious phishing scam where someone posing as a Nigerian Prince asks users to divulge their personal and banking information. Why do spammers keep sending these spam emails long after the Nigerian Prince’s pleas have become a punch-line? Simple: Because people keep falling for it. We call these people idiots.
Ask yourself – do you know a Nigerian Prince? How about anyone at all from Nigeria? Do you have the phone numbers of any Princes in your mobile phone? No. You don’t. You also don’t know 97% of the people who send you email, and you likely know none of the senders of emails found in the junk or spam folder of your email inbox. If you don’t know the email sender’s name on sight, don’t open the email. If a random box pops up on your machine asking you to enter your credit card number or allow a download you did not request, don’t allow it.
2. Use strong passwords, not ‘password123’ and use fake answers for security questions
A password is intended to restrict access to a given resource, such as your personal or work computer or a password-protected web site. To keep out everyone who is not you. How secure are those systems if you select passwords which are easy to remember and easy to crack?
Create random passwords which are highly secure and extremely difficult to crack or guess due to an optional combination of lower and upper case letters, numbers and punctuation symbols. So, like this:
Good passwords are more difficult to remember. That’s the point. One would also do well to change their password every few months or so, and avoid using the same password across the board. Your bank account login should be different from your email login, which should be different from your Amazon.com login.
Also, when establishing answers to security questions, be careful not to use real information. Don’t enter your mother’s real maiden name. Use names and answers to security questions which are not connected to your identity.
3. Keep protection systems current and use them regularly
The protections systems around you include the security suite on your home network as well as everything around it – including your telephone, mailbox and garbage cans. Here’s a quick rundown of the big things to be aware of in your home.
Bills and other personal documents: Shred what you do not need to save. Store what you need to save in a private, preferably locked location.
Computer anti-virus and anti-spyware: Keep your subscriptions up to date, and utilize them. Run scans on your machine; keep your software firewall running. We are often asked which security suite is the best, and we usually give the same boring answer. Using a free tool the right way is better than using an expensive tool the wrong way. If you are going to purchase a system, we recommend checking out these reviews first:
Wi-Fi: Always, always, always have your wireless internet connection encrypted and not open to the public. This involves usage of an encryption key which is required Each wireless router has a factory default username and password, and will say so in the manual. Follow the instructions, or seek advice on how to change these credentials.
When discussing the topic of personal security online, I’m reminded of early childhood expert Dr. Benjamin Spock’s advice to new parents. In the preface of his long, detailed book on caring for young children, he implored parents to trust themselves. He tells them they know more than they think they do. The same advice hold true when protecting yourself online. If something doesn’t make sense to you, don’t risk your personal data to avoid feeling dumb. You may feel dumb erasing the email which appears to be from your old schoolmate, but not as dumb as if you handed over your wallet and keys to a crook. When you give in to on-line predators, that is excatly what you are doing. Stay safe; don’t be an idiot.