News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Blog Archives

  • The web has a padlock problem

    Posted on November 30th, 2019 at 13:29 Kirsty Comment on the AskWoody Lounge

    Danny Palmer (ZDNet) has just written about recent changes to websites showing “security padlocks” in browser bars, in a very easy-to-digest article.

    Internet users are being taught to think about online security the wrong way, which experts warn might actually make them more vulnerable to hacking and cyberattacks.

    HTTPS encrypts that information, allowing the transmission of sensitive data such as logging into bank accounts, emails, or anything else involving personal information to be transferred securely. If this information is entered onto a website that is just using standard HTTP, there’s the risk that the information can become visible to outsiders, especially as the information is transferred in plain text.

    Websites secured with HTTPS display a green padlock in the URL bar to show that the website is secure. The aim of this is to reassure the user that the website is safe and they can enter personal information or bank details when required. Users have often been told that if they see this in the address bar, then the website is legitimate and they can trust it.

    “This is why phishers are using it on phishing sites, because they know that people who use the websites think that means its OK when it’s not,” said (Scott) Helme. “The padlock doesn’t guarantee safety, it never has, that’s just a misunderstanding of the interpretation of what this actually means.”

    …the (cybersecurity) industry needs to improve its messaging, because cybersecurity can be complicated for the average web user and changing advice all the time isn’t going to help, especially if people stick to adhering to the first thing they were told – like believing the padlock automatically means the website is safe.

    I’m sure many of us will have seen information by Troy Hunt and Scott Helme in recent months, on browser security. Changes are afoot in how browsers indicate websites’ security; e.g. Firefox’s recent changes on how padlocks work is related.

    WSJ indicate the depth of the problem here:

    The use of security certificates, once a badge of authenticity for the internet, among phishing websites has almost doubled, rising to 15% in 2019 from 8.5% in 2018

    Even CASC (Certificate Authorities Security Council) recently published, in a very interesting article:

    The padlock is putting users in danger

     
    We all need to get used to these changes, for our own safety.
     

  • Patch Watch: Office 365 – The trendy new phishing target

    Posted on March 25th, 2019 at 06:48 woody Comment on the AskWoody Lounge

    Here phishy, phishy, phishy…..

    Attacking Windows 10 is so yesterday. Malicious hackers have known for some time that phishing is a fruitful and cheap method for stealing data. And the bigger the mark, the better the returns. So it should be no surprise that Office 365 has become a tempting target.

    Patch Lady Susan Bradley offers the first in a series of articles about Office 365’s vulnerable underbelly, and what you can to do protect yourself and your organization.

    Details in this week’s AskWoody Plus Newsletter 16.11.0, out this morning to AskWoody Plus Members.

  • Microsoft targeted by phishing attack

    Posted on January 27th, 2014 at 20:34 woody Comment on the AskWoody Lounge

    Probably by Syrian Electronic Army.

    Man, if MS can’t protect itself, how can any organization?

    InfoWorld Tech Watch

  • How well does IE’s phishing filter work?

    Posted on April 25th, 2012 at 12:23 woody Comment on the AskWoody Lounge

    This will undoubtedly change shortly, but…

    In the past hour I’ve received several messages from people here in Thailand saying that they’re receiving phishing mail from their bank, SCB. The mail instructs people to click  on a link and log in. The link goes to the site new11010scb dot com (no, I’m not going to link to it).

    If you go to that location with either Firefox or Chrome, you get the standard phishing warning message. But if you go there with either IE 9 or IE 10 (on Windows 8), you sail right on through to an ad…

    #Fail IE Smart Screen.

  • PayPaI phishing scam

    Posted on May 16th, 2010 at 06:44 woody Comment on the AskWoody Lounge

    I don’t write about phishing messages that I receive very frequently because most of them are poorly done, amateurish and (even if they’re enticing) you can see through most of them in a New Yawk minute.

    Not so this one. I just got a message, seemingly from PayPal Inc. [noreply1@paypal-community.com], titled “Your regularly scheduled account maintenance !” In typical phishing fashion, it says that my PayPal account needs to be verified “to protect your identity.”

    Attached to the message is an HTML file called “PayPal_Limited_From.html” The mis-spelling was the first thing that tipped me off.

    I double-clicked on the HTML file and up came a form inviting me to provide my credit card information and click a button marked Submit Form. The form admonishes “By clicking the button “Submit Form” you confirm your identity with us. The form is submitted instantly. Your session will be closed after you verify your information.”

    Of course I didn’t fill in any of the information, but for the heck of it, I clicked the Submit Form button. The screen flashed a little bit and I ended up on the PaylPal Refund page. Not a bogus page. The real thing.

    Delving a little deeper, I looked at the program behind that Submit Form button, and discovered all sorts of references to a site called vitgrim.org. Sure enough, vitgrim.org is registered to a fellow in GyeonGi, Korea.

    The moral of the story is the same as always: don’t click on anything you receive in the mail. But this particular man-in-the-middle phisher is particularly well done.

  • 100 arrested in giant phishing sting

    Posted on October 8th, 2009 at 22:12 woody Comment on the AskWoody Lounge

    Wired reports that 100 phishers have been arrested in a sting spanning the US and Egypt.

    A gang of more than 100 alleged phishers has been charged in the U.S. and Egypt in connection with a global scheme to steal bank credentials of victims and siphon money from their accounts.

    A total of 53 defendants ranging in ages 18 to 44 are charged in a thick indictment unsealed Wednesday in federal court in Los Angeles. An additional person is being charged at the state level, and another 47 alleged co-conspirators have been charged in Egypt.

    The indictment is the culmination of a two-and-a-half-year investigation, dubbed Operation Phish Phry.

  • Beware phishers

    Posted on October 7th, 2009 at 05:06 woody Comment on the AskWoody Lounge

    I”m always admonishing people to be careful about phishers, but it looks like Hotmail, Yahoo Mail and Gmail are getting a particularly nasty dose at the moment. Neowin reports that 20,000 Hotmail users have already given up their userids and passwords. BBC says that they have “seen two lists that detail more than 30,000 names and passwords from e-mail providers, including Yahoo and AOL, which were posted online.”

    It’s always been a problem, but the phishers are getting much more clever these days.

    Of course, you’re savvy enough to pass by those emails that say you underreported your income to the IRS, the ones that say your package couldn’t be delivered because it had the wrong address, and the ones that say you better pay for that new Mac or else…

    I’ve tried clicking through on several of those phish mails as soon as I get them (hey, who can resist running down somebody who says I’m due a tax refund?), and have been pleasantly surprised to discover that Firefox is blocking the sites, just like it should.

    SANS Internet Storm Center recommends that you immediately change your passwords on Hotmail, Gmail, Yahoo Mail and AOL accounts.