Category Archives: Internet Security

3 Easy Ways to Protect Your Passwords

The allure of having just one password for everything is that you can do away with having to write down different passwords for different accounts.

However, having the same password for all your important online accounts jacks up the risk of having them all corrupted and taken over at the same time.

Working with multiple unique passwords should be made a common practice. Below are 3 ways to help you think of different passwords and remember them without having to write them down.

1. Come up with your own password system
Password systems vary from one individual to the next. For this tip, we’ll give you an example just to illustrate a system. Later on, you can tweak certain elements of the sample system to suit the way you remember things. Remember, alpha-numeric passwords are still the best as they are tougher to crack.

Step 1: Pick a common phrase. For this example, we’ll use the cow jumps over the moon.

Step 2: Take the first letter of each word from your phrase. This leaves us with tcjotm.

Step 3: Count the number of letters that make up your host’s or service’s name. If you’re making your password for Yahoo, then you use the number 5. Put the number between the letters from your phrase. You now have tcj5otm.

Step 4: Use the consonant letters of your service’s name and attach them at the end of your password. You can choose to separate this with a slash. This leaves you with tcj5otm/ym.

2. Use a password management software
A password management software keeps a database of all your passwords and their corresponding accounts. This beats listing down your passwords on a sheet of paper that others may easily see. Loose sheets of paper are also prone to getting lost.

However, it is still wise to make sure you have multiple updated backup copies of your password database.

Hard drives may crash while laptops and portable storage devices may get lost. Backups allow you to immediately change your passwords for all your accounts in one go.

It is important that you safeguard your password database with a strong master password. Having multiple unique passwords in your database is useless if your master password is a giveaway.

3. Have your passwords randomly generated
Randomly generated passwords are almost impossible to compromise. There is no pattern and there are no personal references involved.

Random passwords may be generated by an online service, by software, or by you. Using online password generators requires skilled caution—make sure the service is credible, so as not to put your accounts at risk.

Software and self-generated passwords require a password management software because it is challenging to manually keep track of multiple unique passwords.

However, it is recommended that your master password be something that you remember. Keep in mind that your unique passwords in your database are only as strong as the master password you come up with.

Again, make sure that you regularly update your database and back it up.

Apple Releases iPhone OS 2.2 and iPhone OS for iPod touch 2.2

Apple has now released OS 2.2 for the iPhone and iPod touch to address multiple security vulnerabilities.

These vulnerabilities affect CoreGraphics, ImageIO, Networking, Office Viewer, Password Lock, Safari, and Webkit.

Please review the Apple Article HT3318 for more information and apply any necessary updates to your devices.

Apple Article HT3318

Fake Google Adwords Phishing Emails

This is a warning against phishing emails appearing to come from Google Adwords so if you have used Google Adwords at some point then please be on the lookout!

I just received a very authentic looking email just a few minutes ago which leads you to a very authentic looking Google Adwords page where the criminals can steal your adwords details.

The email encourages me to click on a link in the email which redirects me to a fake google adwords login page and as you can see below, its a pretty impressive setup.

This is the email I have received in my inbox. To the untrained eye, its very authentic looking with the email address appearing to come from google, the subject line is a security warning so that it prompts you to read the email and the body of the email prompts you to take action by clicking on the link within the email which will take you to a fake login page.

Authentic Looking Phishing Email

The image below shows the headers of the fraudulent email and as you can see the email address is not a google email address.

Completely Fake Headers

This is the source code for the email and as you can see the domain name or link to the login page is not even for google.

Email Source Code with Fake Link

The image below shows a screenshot of the actual login page and its amazing how similar it looks to the real thing. Again, to the untrained and unsuspecting eye, this login page looks authentic.

Authentic Looking Login Page

I always urge my friends and clients to make themselves aware of these types of illegal phishing emails and not to succumb to social engineering techniques such as these.

What are the benefits of an inverse email hunt?

While it may be easy to understand what an email inverse hunt is, many people wonder why they may need to perform such a task.

The answer simply is that an inverse email hunt may allow you to prevent not only spam, but slanderous materials and eliminate the threat of infectious emails.

Regardless of how you are being threatened in your email inbox, the only way you can prevent it is by finding out who is responsible for the harmful emails in the first place.

If you are still confused about how an inverse email hunt can help you, here are a few of the more popular circumstances that you may find yourself in.

Be aware however, that most of the time you will have to be a web professional or hire one to perform an inverse email hunt because it can be hard to backtrack through email without prior knowledge and training.

One of the most common reasons you may want to conduct an inverse email hunt is if you are receiving threatening emails that deface your character.

Since social networking is so popular now, an old acquaintance of business competitor may be trying to defame your character by altering content that contains your picture and mass emailing it.

The only way to contain the harm this can hold against you and the slanderous conduct in general, is to find who is behind it.

Another reason you may want to perform an inverse email hunt is if you keep receiving confidential work related material that is fake or misleading. In this case, you may be the target of a co-worker who is trying to discredit and humiliate you, so you will want to place a face to the individual behind this quickly before it affects your work image.

Additionally, somebody who wishes to be destructive may continually be sending you email that contains viruses one after another.

Eventually a virus will slip through the email filter so you want to stop an individual who is infecting your computer repeatedly before any permanent damage is created.

Avoid Online Fraud, a Few Tips to Help Make your Shopping Experience Fruitful

Many people who enjoy shopping have turned online for all their shopping needs because the Internet can offer much more diversity and lower prices.

In fact, since you can do anything online now, from renewing magazine subscriptions, transferring money, purchasing mp3s, and even more, there is no reason to every shop for in store items again.

However, while the Internet may offer you many ways to save money, it also can offer you a gate to online fraud unless you are careful.

One of the best ways to protect yourself from online fraud is to know the warning signs that may tip you off to a scam before you get involved.

First of all, if it sounds too good to be true, it probably is. Thus if you find a wonderful deal for a high ticket item that seems out of this world, it probably is so navigate away before you throw your money out the door.

When dealing internationally you should always double check all the verifications a merchant offers, and it never hurts to check up on the sources they say they work with before shelling out your money.

After all, waiting a few days to receive confirmation email is not going to hurt you if in exchange you receive comfort of mind that you are not going to lose hundreds of dollars.

Finally, you should read the testimonies of other people before you choose to use a merchant you are unfamiliar with yourself.

The best way to know if a source is legitimate is to read about other people’s experiences. Simply double checking the actual existence of people who left positive comments can help put your mind at rest.

Also, remember, sometimes the best ways to find a review of a site is outside of the actual webpage, since the content is not going to be controlled by a one sided party.

Proxy vs. a Proxy server, what is the difference?

If you have been using the Internet for a decent amount of time, you may have heard the technical terms proxy and proxy server tossed around casually by people.

However, many people interchange the word and phrase assuming they are the same thing, but in reality they are actually two separate things.

To fully understand what either of these terms really mean, you should know that literally translated a proxy is an agent who completes a task so that the first person can stay anonymous.

In Internet terms, a proxy, or proxies are defined as websites that allow you to access information on the web without having to reveal your true identity.

An example of how one may choose to use a proxy website is a person at work who wants to have access to social networking websites that are otherwise blocked by access points on the server at work.

Therefore, people use proxies so they can access any information they want without having to reveal their identity and without leaving a trail that their bosses can find.

This brings up what a proxy server is, which is most likely what is installed at work to keep you off of the social networking websites in the first place.

A proxy server usually works somewhat like a firewall allowing you to only access certain websites that are in accordance to the guidelines set by the workplace. Many educational universities also operate and allow their users access to the internet through proxy servers.

While many people think that proxy servers are a nuisance because they limit your abilities, proxy servers can also be useful since they block users from accessing websites that contain spyware and other viruses.

For this reason, sometimes surfing the internet from a proxy server is the best way to protect yourself and your computer from infection.

Make Sure you are Safe in the Growing Social Network Climate

Social networking has mixed reviews among many people.

Typically the people who are deeply involved in the social networking scene feel that MySpace, the Facebook, and the dozens others are perfectly safe.

On the other hand, many parents and people who do not visit these websites seem to think they are nothing but a load of trouble that aims to trick children and adults into dangerous situations.

However, simply saying that social networking sites would be similar to saying you should never meet anyone new in your life because talking to strangers is dangerous.

At some point in your life you learn to use discretion and wisdom when approaching people who may help benefit your future, you simply have to learn how to do the same thing online.

After all, you cannot stay shut inside your whole life communicating with your family, and you will not be able to reap the benefits of Internet networking if you refuse to use any social networking websites.

To clarify, avoiding social networking is like avoiding driving, simply never getting behind the wheel does not guarantee you will never get in a car accident, but it will make your hard a whole lot harder.

Therefore, the trick to staying safe while using social networks is just to use common sense and know your limits online about what information you should divulge and what information you should keep to yourself.

For instance, it may be ok to tell people what state you are from, but posting your address or phone number is only going to lead to trouble, and is information nobody needs to know about you.

Additionally, giving out your first name only will also keep you out of trouble, since it is hard to find you without the knowledge of a last name.

Be Extremely Wary of this Nigerian Inheritance Scam

One popular wire transfer scheme that is picking up steam in America and Europe is an urgent email that you receive from Nigeria telling you that you are entitled to a large amount of money.

Usually they will reference a relative or friend that you may have known in passing and then go on to detail what a great person they were and how much they contributed to the Nigerian society.

After they finish patting you and your friend or relative on the back, they will tell you that you are entitled to a large sum of money either because of inheritance or some other tax law.

One thing they will emphasise is that you have a limited amount of time to claim this large sum of money and so have to act fast and provide your bank account so that they can transfer the money.

Most of the time people are fooled because they will send you a large amount of notarised forms, and even ask you to give them a couple making the effort on your side seem balanced as well.

These people are looking for a large sum of money to steal from you, so they have taken the time to make everything appear as legitimate and fool proof as possible.

The downside, after you complete all this paperwork, you will not receive any amount in your bank account, but have simply given them all the information they need to withdraw a large sum of money from yours.

If you want to avoid getting scammed you should be wary of anything that comes your way from Nigeria.

Second, in general since there are sure to be copycat scams from other sources soon, you should never give out your banking information unless you are absolutely sure you know the source in question.

Paypal is Great but a few things you should know

Before I start, dont get me wrong, I have been a member of Paypal since 2000 and I have never had a problem with them, mainly because I conduct myself in a professional manner and in general dont get sucked in by fraudulent transactions.

So here are a few things YOU should know about using paypal….

When you deposit money into a PayPal account, PayPal exercises control over your Paypal account and not your bank account. (this is actually a good thing but shows that they have the power)

PayPal enjoys the right to freeze your PayPal account immediately and drain all your money even if it remotely suspects the authenticity of a transaction.

They also are at liberty to pull your money directly out of your personal bank account, often without any prior warning.

Now, if you think PayPal treated you unfairly and want to dispute their decision, you will be helpless as PayPal is the supreme investigator, judge, jury and executioner in all disputes regarding your account.

PayPal is not acting as a big brother.

You agreed to all these conditions, when you signed up to PayPal.

PayPal quite often is unwilling to listen to your side of the story. What many people term unfair is PayPal’s refusal to provide you with detailed information about their investigation and their unwillingness to disclose documents they relied upon to make their decision. There is an agonising suspense of at least six long months before you can expect to see your money again.

If you unfortunately choose to complain, Paypal has an unacceptable or one may say even distasteful way of responding.  You will have to contend with extra long hold times, delays, and dead-end auto-responder e-mails which normally reads:

“Thank you for contacting PayPal. We apologise for the delay in responding to your service request. After review, the decision has been made to keep your account locked. This decision cannot be appealed. If you have any further questions, please reply to this email.”

If you are still hopeful and pursue matters further, you may at best convince them to further investigate.

However, do not be naïve to imagine that PayPal will favorably consider your version of the story.

So there you have it. A few things about Paypal you should know.

Like I said, I have no beef with Paypal, they, as far as I am concerend provide a sterling service. Its only natural for us to like only what we hear. If we are told something we dont like, then we deem it unfair.

7 Warning Signals for a Paypal Identity Theft Scam

Paypal is a virtual payment processor which has really become popular these days.  Internet users now prefer paypal over other processors for their online transactions.

The Reason? Obviously, it is easier and safer to process payment with a merchant website like paypal.

You can also use credit cards for electronic payments via paypal. But, despite all the security and flexibility, unfortunately, scams do happen with a website like paypal.

So, if you are using a paypal account, then you must take proper care of your account. The only thing you need for this is to remain constantly alert to the threat of identity theft, which is becoming more and more common place these days.

You can easily identify any scam with a little information and some common sense.

Here are 7 warning signs of scams that are more likely to happen online:

Warning sign 1
Quite often you may get emails from paypal asking you to verify your account or, asking you to provide some personal information. This is the first warning signal of Identity theft scam. Never, ever provide any information, because paypal will never request for any personal information from you.

Warning sign 2
The email for account verification, which you get in the name of paypal, will be sent to an email ID which is not in the paypal files.

Warning sign 3
The email uses forged headers. Forged headers are not easy to detect. Check if your email provider has options for blocking forged headers. If not, then ask them if its possible to do so.

Warning sign 4
Paypal will never greet you with ‘Dear Paypal Member’ or ‘Dear Paypal User’. It will always greet you with your name that is registered on the paypal account.

Warning sign 5
The fifth warning sign is the threatening email which might be informing you that paypal is going to suspend your account.

Warning sign 6
Do not click on a link that leads to a non-secure page, with no https and no secured browser, without a padlock in its lower left hand corner.

Warning sign 7
The seventh sign is bad English. Paypal will never use a bad english for communication.

If you observe any of these signs, then beware. It’s quite possible it’s a scam. If you have any kind of suspicion, then contact paypal for assistance.

The only person who you can balme for identity theft is yourself, so make sure that you are “street wise” in terms of online fraud and identity theft.