Category Archives: spam

Protect your Black Friday and Cyber Monday shopping with a quick PC tune-up

Before embarking on online shopping trips, it’s worth the few minutes required to make sure your computer does not enable the theft of your identity.

Tens of thousands will have their identities stolen in the next few weeks, because malware was able to help steal valuable information from you such as credit card numbers, online userids and passwords. A few minutes work will go a long way towards preventing this.

That, or you can do nothing, and potentially have to take days off of work to cancel credit cards, write letters, get credit monitoring, and get back to where you are right now with perhaps forty hours’ work.

It’s up to you.

Ready?

1. On your PC, connect to http://update.microsoft.com/ .  Go through the steps required to check that all necessary security patches are installed.

Note: If you are able to connect to Internet sites but are unable to successfully install updates at update.microsoft.com, your PC may already be compromised. If so, it is important that you seek professional help immediately to rid your computer of malware. Delays may be very costly in the long run.

2. To eliminate the need to periodically visit update.microsoft.com, confirm that Automatic Updates are properly set. Use one of the following links for detailed instructions (all are Microsoft articles that open in a new window):

Windows XP | Windows Vista | Windows 7 | Windows 8 (automatic updates are turned on by default)

Note: If you are unable to successfully turn on Automatic Updates, your PC may already be compromised. If so, it is important that you seek professional help immediately to rid your computer of malware. Delays may be very costly in the long run.

3. Ensure that your PC has working anti-virus software. If you know how to find it, make sure that it has downloaded updates in the last few days. Try doing an update now – your anti-virus software should be able to successfully connect and check for new updates. If your Internet connection is working but your anti-virus software is unable to check for updates, it is likely that your PC is already compromised.

Note: if any of the following conditions are true, it is important that you seek professional help immediately to make sure your computer is protected from malware.

a. You cannot find your anti-virus program

b. Your anti-virus program cannot successfully check for updates

c. Your anti-virus program does not seem to be working properly

Several free anti-virus programs are worthy of consideration: AVGAvastZone Alarm Free Antivirus + FirewallPanda Cloud Anti-VirusI cannot stress enough the need for every PC user to have a healthy, working, properly configured anti-virus program on their computer at all times.

Include safe computing in your list of New Years Resolutions

Bookmark This (opens in new window)

The New Year is a time of reflection, and traditionally a time to consider changing one’s habits.

Our reliance upon computers and networks has exceeded our means to safely use and control them. Every computer user has some responsibility to make sure that their computer and use of the Internet does not introduce unknown and unwanted risks. By following these recommendations you will greatly reduce your risk to fraud, identity theft, and other risks related to Internet usage.

1. Change your passwords. Use strong passwords, which cannot be easily guessed by others, even those who know you. Do not share your password with any other person. If needed, store your passwords in a protected vault such as Password Safe or KeePass. I recommend you not use an online vault for password storage: if their security is compromised, so are your passwords.

2. Scan for Viruses and other malware. Configure your anti-virus software to scan your entire computer at least weekly. Make sure that your anti-virus software is checking for updates at least once per day. Also scan your computer with one of several online virus scanners at least once per month.

Panda: http://www.pandasoftware.com (look for the ActiveScan link on the home page)

Symantec: http://security.symantec.com/default.asp?productid=symhome&langid=ie&venid=sym

Trend Micro: http://housecall.trendmicro.com/

Kaspersky: http://www.kaspersky.com/virusscanner

CA: http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

3. Block spam, and don’t open spam messages. The majority of spam (unwanted junk email) is related to fraud. Spam messages advertise fraudulent or misleading products, or lure you to websites that contain malware that will attempt to take over your computer (without your knowing it) and steal valuable information from you.

4. Get a firewall. If you use Windows, turn on the Windows Firewall. Ask your broadband service provider to upgrade your modem/router to one that contains a firewall (most newer modems / routers do have firewalls or other similar protection).

5. Remove spyware. Obtain a good anti-spyware program and use it to find and remove spyware from your computer.

6. Update your software. Obtain up-to-date copies of browsers and tools on your computer, as many older versions are no longer secure. This includes Firefox, Internet Explorer, Opera, Microsoft Office, OpenOffice, Java, and other programs.

7. Install security patches. If you are using Windows, turn on Automatic Updates, and configure it to automatically download and install security patches and updates.

8. Use separate accounts on shared computers. If more than one person uses your computer, set up separate accounts for each user. Make each user an ordinary user or power user, but never an administrator. Making each user an administrator makes the entire computer more vulnerable to malware (viruses, etc.).

9. Browse Safely. Change to Firefox and use the NoScript add-on. This is the only combination designed to block the new “clickjacking” vulnerability present in all other browsers. Also consider using Flashblock (works only with Firefox) if you want to control the use of Flash content in your browser.

10. Protect your wireless WiFi network. The old an still-common “WEP” protocol designed to encrypt your wireless traffic has been broken, and is no longer safe. Upgrade to WPA, even if it means buying a new wireless access point.

11. Back up your data. All kinds of bad things can happen, from mistakes to hardware failures. If you cannot afford to lose your data, then you need to copy it to a separate storage device. External hard drives and high capacity USB thumb drives cost well below US$100. You’ll be glad you did, sooner or later.

12. Encrypt your hard drive. Mostly important for laptop computers, but also important for desktop computers. The TrueCrypt tool is by far the most popular one available, and it’s free. If you don’t encrypt your data, then anyone who steals your computer can (and will) read all of your private data.

13. Check your credit reports. Fraud and identity theft can result in thieves opening new credit card and loan accounts in your name. They run up a balance and then never pay the bill, making that your problem instead. Consider a credit reporting service as well, which will alert you to inquiries and changes to your credit accounts, limits, and balances.

Annualcreditreport.com

Federal Trade Commission information on free credit reports

Equifax

Experian

Transunion

Recommended Tools:

Secunia Personal Software Inspector – free tool that examines your computer and alerts you to all of the unpatched and older versions of programs that need to be upgraded.

Password Safe – safe and secure storage of all of your Internet passwords. Also remembers userids and URLs.

NoScript – the only way to control third-party javascript and clickjacking. Works only with Firefox.

TrueCrypt – safe and free encryption of your PC’s hard drive.

ETrade: phishing or not?

Bookmark This (opens in new window)

Financial institutions are very in tune with the phishing threat and how it can damage their brand.

Or are they?

I received this e-mail from ETrade yesterday.  I’m a security expert and I recognize spam and phishing. I had to look this one over a few times to distinguish whether it was real or not.

This isn’t helping customers. Instead, it’s training them to respond to *real* phishing mail by making phishing and real messages indistinguishable.

Here is the spam – um, I mean, e-mail:

* * *

Special Pricing Expiration Notification

Your discounted commissions on stock and options trades will expire in 7 days.

You can still get extraordinary value when you trade with E*TRADE. We customize our commissions(1), making it easy to qualify for our best pricing.

If you have any questions, please call 1-800-ETRADE-1 (1-800-387-2331) or log on to your account at http://www.etrade.com and contact us through the Help Center.

View our current commission schedule (https://us.etrade.com/e/t/estation/pricing?id=1206010000)

PLEASE READ THE IMPORTANT DISCLOSURES BELOW

1. For details and additional information about our trading commissions and options contract fees, please visit http://www.etrade.com/commissions.

(c) 2007 E*TRADE Securities LLC, Member NASD/SIPC (http://www.sipc.org). All rights reserved. The information contained in this Smart Alert does not constitute a recommendation by E*TRADE Securities, and is subject to the Smart Alerts Terms and Conditions (https://us.etrade.com/e/t/estation/help?id=1209038000) and the E*TRADE Securities Customer Agreement (https://us.etrade.com/e/t/estation/help?id=1209031000). We cannot respond to e-mails sent to this mailbox. If you have questions, please contact us through the Help Center (https://us.etrade.com/e/t/estation/help?id=1203000000).

New spam: forwarded mail?

Bookmark This (opens in new window)

Starting on August 28, I’ve been getting tons of email from people I don’t know, and I wasn’t in the recipient list either.  Among the messages I received were the usual e-mail messages to groups of friends as well as e-mail from websites.  Yesterday I saw a pattern when two specific recipients’ e-mail addresses were always in the To: line.

I conducted a short experiment: I created email messages to each of the two recipients, and voila, those messages ended up in my inbox!  In both cases, the user accounts were changed to forward all e-mail to me.

Is this a new type of spam, or just coincidence?

In both cases I have sent e-mail to abuse@<domain> asking them to turn off the forwarding.  We’ll see what happens.

ETrade teaching its customers to respond to phishing scams

ETrade is teaching its users to respond to phishing scams. I am an ETrade customer, and last week they sent me the message below.

ETrade isn’t helping its customers by sending messages like this, because it makes it all the more difficult for customers to distinguish genuine messages from phony ones.

* * *

Thu Mar 13 14:48:00 2008 – Account Service Fee
Dear PETER ,

Account #: XXXX-nnnn

On 03/26/08, your E*TRADE Securities account will be charged a $40 Account Service Fee (ASF) (https://us.etrade.com/e/t/estation/pricing?id=XXXXXXXX).
If your account does not have enough funds to pay for the fee, E*TRADE Securities may sell securities in your account to cover the charge.
If you have questions about your account, call 1-800-ETRADE-1 (1-800-387-2331) or send a secure e-mail through the Help Center (https://us.etrade.com/e/t/estation/help?id=1203000000). (To call from outside of the U.S., dial +1-678-624-6210).
Learn how to avoid incurring an Account Service Fee (https://us.etrade.com/e/t/estation/pricing?id=XXXXXXX)

Review all the ways you can deposit money (https://us.etrade.com/e/t/estation/help?id=XXXXXXXXXXX)
PLEASE READ THE IMPORTANT DISCLOSURES BELOW
The E*TRADE FINANCIAL family of companies provides financial services that include trading, investing, cash management, and lending.
Securities products and services are offered by E*TRADE Securities LLC, Member FINRA(http://www.finra.org/)/SIPC(http://www.sipc.org/).

(c) 2008 E*TRADE FINANCIAL Corp. All rights reserved. The information contained in this Smart Alert is subject to the Smart Alerts Terms and Conditions (https://us.etrade.com/e/t/estation/help?id=XXXXXXXX). We cannot respond to e-mails sent to this mailbox. If you have questions, please contact us through the Online Service Center (https://us.etrade.com/e/t/accounts/servicecenterhome).

* * *

Fraudulent Microsoft Update

Bookmark This (opens in new window)

There is lots of activity around an email and a fraudulent Microsoft Update web site (that the email directs you to), claiming that there is an urgent Microsoft update.

The web site looks like a legitimate Microsoft site and contains an “Urgent Install” button that, when clicked, attempts to download and install malicious software on your system. The file that attempts to download is not signed by Microsoft and is called “WindowsUpdateAgent30-x86-x64.exe”.

This web site is using fast flux DNS for its web hosting. That make it hard to track and close down, so we expect it to be around for awhile.

Please advise your users, if they receive this type of email, they should just delete it. Microsoft does not distribute updates by sending emails directly to individuals or distribution lists.

Credit to NW WARN for the contents of this advisory.

Beware the latest IRS phishing scam

Bookmark This (opens in new window)

U.S. taxpayers will almost certainly fall victim to the latest IRS tax refund phishing scam. I received one in my spam trap this morning. The message reads:

“After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $134.80.

Please submit the tax refund request and allow us 6-9 days in order to process it.

A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline.

To access the form for your tax refund, click here.

Regards,
Internal Revenue Service”

The message contains an authentic IRS logo, but of course the website is phony. Here is an image of the message (click on it to see a full size view):

IRS phishing scam

When you receive messages like this that claim to be from a government institution or financial institution, it’s probably a phony. The best thing to do is mark the message as spam and delete it.