Category Archives: Internet Security

Spotting Fake Facebook Emails

An email has just arrived to my inbox and even though I have a high level of spam protection, the email has slipped through the filters, so “clever” are these spammers these days.

The email at first glance appears to be from facebook saying that someone has commented on one of my photos, but looking closer I can see that its a total phishing/scam email.

Even me with over 15 years of using email, I nearly got caught out.

The subject of the email is:  “Sara made a comment about your photo”… which if you receive such updates on a regular basis (remember, facebook in 2010 has 500 million members) you would not think twice about clicking on the links in the email..

So here are some basic clues on how to spot the fake facebook email.

I think my advice would be, is that if you receive ANY emails no matter where they appear to be from, just mouse over any links first and usually the real link will appear in your status bar, so if you get an email from Paypal, make sure the url really is paypal, same for facebook, moneybookers, pretty much any email with links in it.

Just by visiting a site, you can be subject to a “drive by” install of spyware or worse. Such software can steal data from your computer without you even knowing it.

How Secure is Your Password?

I was really was not surprised the other day when a client contacted me and asked me to reset his password to “something easy to remember” as the one I had created for him was a bit difficult. (I set him a password with 7 characters starting  with 3 alphabet characters and 4 numbers on the end…this is a reasonably random and difficult password to guess)

I tried to explain that this is the whole point of complicated passwords is so that they cant easily be guessed and in the end he did get the point but BOY its amazing that people will still use easy to guess passwords.

So I looked around at some way to give people an idea of how to understand if their password is strong enough or not.

Below is a diagram from the nice people at which I think goes a long way to explain in visual terms how strong your passwords are.

making sure your password is strong can go a long way to protecting you from identity theft or worse

3 Easy Ways to Protect Your Passwords

The allure of having just one password for everything is that you can do away with having to write down different passwords for different accounts.

However, having the same password for all your important online accounts jacks up the risk of having them all corrupted and taken over at the same time.

Working with multiple unique passwords should be made a common practice. Below are 3 ways to help you think of different passwords and remember them without having to write them down.

1. Come up with your own password system
Password systems vary from one individual to the next. For this tip, we’ll give you an example just to illustrate a system. Later on, you can tweak certain elements of the sample system to suit the way you remember things. Remember, alpha-numeric passwords are still the best as they are tougher to crack.

Step 1: Pick a common phrase. For this example, we’ll use the cow jumps over the moon.

Step 2: Take the first letter of each word from your phrase. This leaves us with tcjotm.

Step 3: Count the number of letters that make up your host’s or service’s name. If you’re making your password for Yahoo, then you use the number 5. Put the number between the letters from your phrase. You now have tcj5otm.

Step 4: Use the consonant letters of your service’s name and attach them at the end of your password. You can choose to separate this with a slash. This leaves you with tcj5otm/ym.

2. Use a password management software
A password management software keeps a database of all your passwords and their corresponding accounts. This beats listing down your passwords on a sheet of paper that others may easily see. Loose sheets of paper are also prone to getting lost.

However, it is still wise to make sure you have multiple updated backup copies of your password database.

Hard drives may crash while laptops and portable storage devices may get lost. Backups allow you to immediately change your passwords for all your accounts in one go.

It is important that you safeguard your password database with a strong master password. Having multiple unique passwords in your database is useless if your master password is a giveaway.

3. Have your passwords randomly generated
Randomly generated passwords are almost impossible to compromise. There is no pattern and there are no personal references involved.

Random passwords may be generated by an online service, by software, or by you. Using online password generators requires skilled caution—make sure the service is credible, so as not to put your accounts at risk.

Software and self-generated passwords require a password management software because it is challenging to manually keep track of multiple unique passwords.

However, it is recommended that your master password be something that you remember. Keep in mind that your unique passwords in your database are only as strong as the master password you come up with.

Again, make sure that you regularly update your database and back it up.

Apple Releases iPhone OS 2.2 and iPhone OS for iPod touch 2.2

Apple has now released OS 2.2 for the iPhone and iPod touch to address multiple security vulnerabilities.

These vulnerabilities affect CoreGraphics, ImageIO, Networking, Office Viewer, Password Lock, Safari, and Webkit.

Please review the Apple Article HT3318 for more information and apply any necessary updates to your devices.

Apple Article HT3318

Fake Google Adwords Phishing Emails

This is a warning against phishing emails appearing to come from Google Adwords so if you have used Google Adwords at some point then please be on the lookout!

I just received a very authentic looking email just a few minutes ago which leads you to a very authentic looking Google Adwords page where the criminals can steal your adwords details.

The email encourages me to click on a link in the email which redirects me to a fake google adwords login page and as you can see below, its a pretty impressive setup.

This is the email I have received in my inbox. To the untrained eye, its very authentic looking with the email address appearing to come from google, the subject line is a security warning so that it prompts you to read the email and the body of the email prompts you to take action by clicking on the link within the email which will take you to a fake login page.

Authentic Looking Phishing Email

The image below shows the headers of the fraudulent email and as you can see the email address is not a google email address.

Completely Fake Headers

This is the source code for the email and as you can see the domain name or link to the login page is not even for google.

Email Source Code with Fake Link

The image below shows a screenshot of the actual login page and its amazing how similar it looks to the real thing. Again, to the untrained and unsuspecting eye, this login page looks authentic.

Authentic Looking Login Page

I always urge my friends and clients to make themselves aware of these types of illegal phishing emails and not to succumb to social engineering techniques such as these.

What are the benefits of an inverse email hunt?

While it may be easy to understand what an email inverse hunt is, many people wonder why they may need to perform such a task.

The answer simply is that an inverse email hunt may allow you to prevent not only spam, but slanderous materials and eliminate the threat of infectious emails.

Regardless of how you are being threatened in your email inbox, the only way you can prevent it is by finding out who is responsible for the harmful emails in the first place.

If you are still confused about how an inverse email hunt can help you, here are a few of the more popular circumstances that you may find yourself in.

Be aware however, that most of the time you will have to be a web professional or hire one to perform an inverse email hunt because it can be hard to backtrack through email without prior knowledge and training.

One of the most common reasons you may want to conduct an inverse email hunt is if you are receiving threatening emails that deface your character.

Since social networking is so popular now, an old acquaintance of business competitor may be trying to defame your character by altering content that contains your picture and mass emailing it.

The only way to contain the harm this can hold against you and the slanderous conduct in general, is to find who is behind it.

Another reason you may want to perform an inverse email hunt is if you keep receiving confidential work related material that is fake or misleading. In this case, you may be the target of a co-worker who is trying to discredit and humiliate you, so you will want to place a face to the individual behind this quickly before it affects your work image.

Additionally, somebody who wishes to be destructive may continually be sending you email that contains viruses one after another.

Eventually a virus will slip through the email filter so you want to stop an individual who is infecting your computer repeatedly before any permanent damage is created.

Avoid Online Fraud, a Few Tips to Help Make your Shopping Experience Fruitful

Many people who enjoy shopping have turned online for all their shopping needs because the Internet can offer much more diversity and lower prices.

In fact, since you can do anything online now, from renewing magazine subscriptions, transferring money, purchasing mp3s, and even more, there is no reason to every shop for in store items again.

However, while the Internet may offer you many ways to save money, it also can offer you a gate to online fraud unless you are careful.

One of the best ways to protect yourself from online fraud is to know the warning signs that may tip you off to a scam before you get involved.

First of all, if it sounds too good to be true, it probably is. Thus if you find a wonderful deal for a high ticket item that seems out of this world, it probably is so navigate away before you throw your money out the door.

When dealing internationally you should always double check all the verifications a merchant offers, and it never hurts to check up on the sources they say they work with before shelling out your money.

After all, waiting a few days to receive confirmation email is not going to hurt you if in exchange you receive comfort of mind that you are not going to lose hundreds of dollars.

Finally, you should read the testimonies of other people before you choose to use a merchant you are unfamiliar with yourself.

The best way to know if a source is legitimate is to read about other people’s experiences. Simply double checking the actual existence of people who left positive comments can help put your mind at rest.

Also, remember, sometimes the best ways to find a review of a site is outside of the actual webpage, since the content is not going to be controlled by a one sided party.

Proxy vs. a Proxy server, what is the difference?

If you have been using the Internet for a decent amount of time, you may have heard the technical terms proxy and proxy server tossed around casually by people.

However, many people interchange the word and phrase assuming they are the same thing, but in reality they are actually two separate things.

To fully understand what either of these terms really mean, you should know that literally translated a proxy is an agent who completes a task so that the first person can stay anonymous.

In Internet terms, a proxy, or proxies are defined as websites that allow you to access information on the web without having to reveal your true identity.

An example of how one may choose to use a proxy website is a person at work who wants to have access to social networking websites that are otherwise blocked by access points on the server at work.

Therefore, people use proxies so they can access any information they want without having to reveal their identity and without leaving a trail that their bosses can find.

This brings up what a proxy server is, which is most likely what is installed at work to keep you off of the social networking websites in the first place.

A proxy server usually works somewhat like a firewall allowing you to only access certain websites that are in accordance to the guidelines set by the workplace. Many educational universities also operate and allow their users access to the internet through proxy servers.

While many people think that proxy servers are a nuisance because they limit your abilities, proxy servers can also be useful since they block users from accessing websites that contain spyware and other viruses.

For this reason, sometimes surfing the internet from a proxy server is the best way to protect yourself and your computer from infection.

Make Sure you are Safe in the Growing Social Network Climate

Social networking has mixed reviews among many people.

Typically the people who are deeply involved in the social networking scene feel that MySpace, the Facebook, and the dozens others are perfectly safe.

On the other hand, many parents and people who do not visit these websites seem to think they are nothing but a load of trouble that aims to trick children and adults into dangerous situations.

However, simply saying that social networking sites would be similar to saying you should never meet anyone new in your life because talking to strangers is dangerous.

At some point in your life you learn to use discretion and wisdom when approaching people who may help benefit your future, you simply have to learn how to do the same thing online.

After all, you cannot stay shut inside your whole life communicating with your family, and you will not be able to reap the benefits of Internet networking if you refuse to use any social networking websites.

To clarify, avoiding social networking is like avoiding driving, simply never getting behind the wheel does not guarantee you will never get in a car accident, but it will make your hard a whole lot harder.

Therefore, the trick to staying safe while using social networks is just to use common sense and know your limits online about what information you should divulge and what information you should keep to yourself.

For instance, it may be ok to tell people what state you are from, but posting your address or phone number is only going to lead to trouble, and is information nobody needs to know about you.

Additionally, giving out your first name only will also keep you out of trouble, since it is hard to find you without the knowledge of a last name.

Be Extremely Wary of this Nigerian Inheritance Scam

One popular wire transfer scheme that is picking up steam in America and Europe is an urgent email that you receive from Nigeria telling you that you are entitled to a large amount of money.

Usually they will reference a relative or friend that you may have known in passing and then go on to detail what a great person they were and how much they contributed to the Nigerian society.

After they finish patting you and your friend or relative on the back, they will tell you that you are entitled to a large sum of money either because of inheritance or some other tax law.

One thing they will emphasise is that you have a limited amount of time to claim this large sum of money and so have to act fast and provide your bank account so that they can transfer the money.

Most of the time people are fooled because they will send you a large amount of notarised forms, and even ask you to give them a couple making the effort on your side seem balanced as well.

These people are looking for a large sum of money to steal from you, so they have taken the time to make everything appear as legitimate and fool proof as possible.

The downside, after you complete all this paperwork, you will not receive any amount in your bank account, but have simply given them all the information they need to withdraw a large sum of money from yours.

If you want to avoid getting scammed you should be wary of anything that comes your way from Nigeria.

Second, in general since there are sure to be copycat scams from other sources soon, you should never give out your banking information unless you are absolutely sure you know the source in question.