The Archives

Posts Tagged ‘Security’

Bad Catch of the Day: Phishing

In order to protect yourself it’s important to understand how a phishing attack occurs. Phishing basically comes down to this: An identity thief composes an email that looks official and sends it out to a huge lists of emails that may be either generated by a computer or obtained by other sources. This official looking email ends up in your inbox and usually prompts you to do something like re-verify personal information, like your email address and password. There may be a link in the email that appears to take you to a legitimate website.
So how do you know if an email is a potential phishing attack? Most legitimate institutions that contain sensitive information will never send you an email and ask you personal questions. This includes banks, email services, internet service providers and stock traders. As a matter of fact, many times you’ll notice legitimate businesses attach a clause at the end of them email which reads: “we will never ask for your personal information.”
When in doubt, pick up a phone. Don’t call a phone number listed in the email, either. Use the good old yellow pages or as a last resort hit up a search engine for contact information. There is no substitute for a live human being on the other end of the line!
One of the most popular questions I receive in the field from the usually upset customer who has been affected by this is “why??” Well honestly it usually comes down to monetary gain. Eventually someone somewhere is getting money in the end. The persons responsible for the attack may want to use your email address to spread a remote-control virus. Or perhaps they want to launch an attack from your email address, thus protecting themselves from authorities behind your identity. Maybe they are going straight for the jugular, your online banking information.
There are several things to keep in mind in order to protect yourself. First, it’s important to know that these phishing attacks may not involve a virus or spyware infecting your computer and therefore will usually NOT be blocked by your antivirus software. Second, if you see a suspicious email asking for information or stating that your information has been compromised, thus asking you to “do something” via the internet to fix it…DON’T. Contact your institution directly from a phone number not obtained in the email. Do not delete the email until after you contact them, they may want you to send a copy to them for further investigation.
Lastly, make sure your password is strong. Do not use birthdays, common phrases (like “admin,” “password,” “1234,” etc) for the password. Instead try something crazy that mixes up letters, capitals, and numbers. Example: g0AwayM1ne! Change your passwords every once in a while too.
If you suspect you have fallen victim to a phishing attack, contact your institution and/or your email address provider and let them know what has happened. This should help you from falling victim to this dangerous social engineering scam.

Rogue Ads

“What is a rogue ad?” you ask? These types of internet advertisements try and trick you into purchasing, downloading, or installing some sort of application onto your computer that can do some pretty nasty damage to your PC. Think of it like the Trojan Horse. The ad tells you to ‘click here and make your computer faster’ or ‘you have Windows problems, click here to fix them.’ This sounds good until you realize that the payload of this promised application is really something that displays ads on your computer or redirects your web browser to objectionable sites.

Use Halibut to Protect Your Identity

Geek Squad 2MM: Password Tips

Passwords keep our precious data and information safe and secure online, making it more important than ever to ensure your passwords remain known only to you. In this Two Minute Miracles video, Geek Squad Agents Daniel Campbell and Gerald “Chip” Underwood provide password tips, including things to avoid and ways to make your password even more secure.