Newsletter Archives

  • Extra security for all your devices

    ON SECURITY

    Susan Bradley

    By Susan Bradley

    These days, I don’t have just traditional PCs that I must protect — I have iPads, iPhones, Kindles, Chromebooks, and others. And these don’t run Microsoft operating systems.

    Not to pick on her, but my sister used to randomly surf with her Windows PC and, after searching, would end up with some sort of infection or malicious browser plugin. But when she did the same on her iPad or iPhone, I was spared the chore of cleaning up those devices — they were less targeted and less likely to end up compromised.

    Read the full story in the AskWoody Plus Newsletter 19.09.0 (2022-02-28).

  • Falling for the click

    ON SECURITY

    Susan Bradley

    By Susan Bradley

    After watching the technology-related advertisements from this year’s Super Bowl, my takeaway was that we are a gullible population that will absolutely and utterly click on anything without verification.

    For Super Bowl LVI, cryptocurrency companies were a major advertising presence. Coinbase ran an ad with a floating QR code moving around the screen. So many people scanned the QR code that Coinbase couldn’t handle the load, crashing the website and the app.

    Read the full story in the AskWoody Plus Newsletter 19.08.0 (2022-02-21).

  • Don’t click those pop-ups that say you’ve been infected!

    PUBLIC DEFENDER

    Brian Livingston

    By Brian Livingston

    It’s been said before, but it bears repeating — when you see a pop-up window on your desktop, laptop, or smartphone screen that says you’ve been infected with a virus and must act immediately, don’t click it!

    These frightening warnings are invariably “bad ads” that use advertising networks to insert these pop-ups into websites and phone networks. Their goal is to get you to click a link and download malware, whether it’s a fake “antivirus program,” a malicious “virtual private network,” or some other backdoor into your personal life.

    Read the full story in the AskWoody Plus Newsletter 18.20.0 (2021-05-31).

  • The web has a padlock problem

    Danny Palmer (ZDNet) has just written about recent changes to websites showing “security padlocks” in browser bars, in a very easy-to-digest article.

    Internet users are being taught to think about online security the wrong way, which experts warn might actually make them more vulnerable to hacking and cyberattacks.

    HTTPS encrypts that information, allowing the transmission of sensitive data such as logging into bank accounts, emails, or anything else involving personal information to be transferred securely. If this information is entered onto a website that is just using standard HTTP, there’s the risk that the information can become visible to outsiders, especially as the information is transferred in plain text.

    Websites secured with HTTPS display a green padlock in the URL bar to show that the website is secure. The aim of this is to reassure the user that the website is safe and they can enter personal information or bank details when required. Users have often been told that if they see this in the address bar, then the website is legitimate and they can trust it.

    “This is why phishers are using it on phishing sites, because they know that people who use the websites think that means its OK when it’s not,” said (Scott) Helme. “The padlock doesn’t guarantee safety, it never has, that’s just a misunderstanding of the interpretation of what this actually means.”

    …the (cybersecurity) industry needs to improve its messaging, because cybersecurity can be complicated for the average web user and changing advice all the time isn’t going to help, especially if people stick to adhering to the first thing they were told – like believing the padlock automatically means the website is safe.

    I’m sure many of us will have seen information by Troy Hunt and Scott Helme in recent months, on browser security. Changes are afoot in how browsers indicate websites’ security; e.g. Firefox’s recent changes on how padlocks work is related.

    WSJ indicate the depth of the problem here:

    The use of security certificates, once a badge of authenticity for the internet, among phishing websites has almost doubled, rising to 15% in 2019 from 8.5% in 2018

    Even CASC (Certificate Authorities Security Council) recently published, in a very interesting article:

    The padlock is putting users in danger

     
    We all need to get used to these changes, for our own safety.
     

  • Patch Watch: Office 365 – The trendy new phishing target

    Here phishy, phishy, phishy…..

    Attacking Windows 10 is so yesterday. Malicious hackers have known for some time that phishing is a fruitful and cheap method for stealing data. And the bigger the mark, the better the returns. So it should be no surprise that Office 365 has become a tempting target.

    Patch Lady Susan Bradley offers the first in a series of articles about Office 365’s vulnerable underbelly, and what you can to do protect yourself and your organization.

    Details in this week’s AskWoody Plus Newsletter 16.11.0, out this morning to AskWoody Plus Members.

  • Microsoft targeted by phishing attack

    Probably by Syrian Electronic Army.

    Man, if MS can’t protect itself, how can any organization?

    InfoWorld Tech Watch

  • How well does IE’s phishing filter work?

    This will undoubtedly change shortly, but…

    In the past hour I’ve received several messages from people here in Thailand saying that they’re receiving phishing mail from their bank, SCB. The mail instructs people to click  on a link and log in. The link goes to the site new11010scb dot com (no, I’m not going to link to it).

    If you go to that location with either Firefox or Chrome, you get the standard phishing warning message. But if you go there with either IE 9 or IE 10 (on Windows 8), you sail right on through to an ad…

    #Fail IE Smart Screen.

  • PayPaI phishing scam

    I don’t write about phishing messages that I receive very frequently because most of them are poorly done, amateurish and (even if they’re enticing) you can see through most of them in a New Yawk minute.

    Not so this one. I just got a message, seemingly from PayPal Inc. [noreply1@paypal-community.com], titled “Your regularly scheduled account maintenance !” In typical phishing fashion, it says that my PayPal account needs to be verified “to protect your identity.”

    Attached to the message is an HTML file called “PayPal_Limited_From.html” The mis-spelling was the first thing that tipped me off.

    I double-clicked on the HTML file and up came a form inviting me to provide my credit card information and click a button marked Submit Form. The form admonishes “By clicking the button “Submit Form” you confirm your identity with us. The form is submitted instantly. Your session will be closed after you verify your information.”

    Of course I didn’t fill in any of the information, but for the heck of it, I clicked the Submit Form button. The screen flashed a little bit and I ended up on the PaylPal Refund page. Not a bogus page. The real thing.

    Delving a little deeper, I looked at the program behind that Submit Form button, and discovered all sorts of references to a site called vitgrim.org. Sure enough, vitgrim.org is registered to a fellow in GyeonGi, Korea.

    The moral of the story is the same as always: don’t click on anything you receive in the mail. But this particular man-in-the-middle phisher is particularly well done.

  • 100 arrested in giant phishing sting

    Wired reports that 100 phishers have been arrested in a sting spanning the US and Egypt.

    A gang of more than 100 alleged phishers has been charged in the U.S. and Egypt in connection with a global scheme to steal bank credentials of victims and siphon money from their accounts.

    A total of 53 defendants ranging in ages 18 to 44 are charged in a thick indictment unsealed Wednesday in federal court in Los Angeles. An additional person is being charged at the state level, and another 47 alleged co-conspirators have been charged in Egypt.

    The indictment is the culmination of a two-and-a-half-year investigation, dubbed Operation Phish Phry.

  • Beware phishers

    I”m always admonishing people to be careful about phishers, but it looks like Hotmail, Yahoo Mail and Gmail are getting a particularly nasty dose at the moment. Neowin reports that 20,000 Hotmail users have already given up their userids and passwords. BBC says that they have “seen two lists that detail more than 30,000 names and passwords from e-mail providers, including Yahoo and AOL, which were posted online.”

    It’s always been a problem, but the phishers are getting much more clever these days.

    Of course, you’re savvy enough to pass by those emails that say you underreported your income to the IRS, the ones that say your package couldn’t be delivered because it had the wrong address, and the ones that say you better pay for that new Mac or else…

    I’ve tried clicking through on several of those phish mails as soon as I get them (hey, who can resist running down somebody who says I’m due a tax refund?), and have been pleasantly surprised to discover that Firefox is blocking the sites, just like it should.

    SANS Internet Storm Center recommends that you immediately change your passwords on Hotmail, Gmail, Yahoo Mail and AOL accounts.