The Peril of the Default

Default settings can be risky.

Unbelievably, on a new Mac, or if you re-install the Mac Operating System (OS) by default, the firewall is OFF!

It's such a trivial thing, but so important. If you have a new Mac, or find yourself re-installing from scratch, head over to System Preferences, Security & Privacy, Firewall, Turn on firewall.

Facebook is another dreadful example of the default setting. By default your privacy and sharing settings are wide open. Check out the Locking Down Facebook video for full instructions.

So remember, if you get anew computer, device or software, spend a little time to check exactly what the default settings are set to.

Posted on January 12, 2013 by Jonathan Green and tagged default Mac OSX Facebook.

Linkedin Emails

We are receiving a lot of emails that appear to be coming from LinkedIn

These have all been fake and re-direct you to a malicious website if you click the link in the email.

Unless you absolutely recognise the name, just delete these emails.

The best policy is to visit the LinkedIn website by manually entering it in your browser & check for Inbox messages there.

Stay safe online.

Posted on January 12, 2013 by Jonathan Green and tagged email linkedin.

Finances

It's really important that you regularly check all your bank and credit card statements to make sure nobody has got hold of your details and made fraudulent purchases or withdrawals from your accounts.

Finding these problems quickly can stop potential thieves before they wreak havoc with your savings and your identity.

With that in mind, I've just come across You Need A Budget.

And because I've been going through my spending with a fine tooth comb, I recently picked up a fraudulent Direct Debit to Sky TV.

Thankfully, that's been cancelled and the funds refunded by the Bank, but it's a real lesson learned.

Seems to me an odd scam to pull off, because the Sky subscription will be linked to a physical address, making tracking and prosecuting that much easier.

But anyway, be vigilant, and I actually urge you to try out YNAB yourselves.

It's a great bit of software available on Mac, PC and iOS devices, and they have a fantastic website.

And as a little gift to all our readers, if you decide to purchase a copy, use this link below for a 10% discount.

So you have budgeting and bill payment issues, or just want to save more money, it really is life changing:

YNAB 10% Discount

Posted on October 30, 2012 by Jonathan Green and tagged money banking fraud.

Backup, Backup, Backup

Three things that you absolutely must do. Backup.

It doesn't matter how good your security setup is, or how careful you are about viruses. If something goes wrong, if you have a good backup in place, you can literally start again without any problem.

We would recommend a 3 pronged attack:

Backup or clone your main hard drive to a second hard drive installed in your computer. Use some backup software to daily sync the 2 disks, then if one drive gives up, you can immediately boot to the other one.

Backup to a removeable drive - use this for a full disk backup, so buy a removeable drive that's as big as your main hard drive. This is good for problems that might affect your main computer hard drive, be it disk failure or a virus attack

Backup all of your data files: music, photos, documents, banking data, videos, movies, to a cloud based back up solution. There's a number of them, which I'll review shortly. The advantage of this backup is that it's away from your physical computer, so if your computer is stolen, lost, destroyed, all of your important data will be safe.

It's not hard to do, but please don't wait until it's too late.

Protect the data that is essential and critical to you.

Posted on October 30, 2012 by Jonathan Green and tagged backup.

New Year, new resolutions

In the hope that you will all be safe and secure in 2012, I urge you to follow just 3 simple rules this year:

Don't ever click links in emails, social network sites or links on suspicious web pages
BACKUP all the data you can't afford to lose: Photos, videos, music, documents, passwords, serial numbers, maybe emails too
Run a decent anti-virus, anti malware software on your computer

That is really basically it. Most infections arrive through email, so this is a major source of concern for you.

If you're backed up, you can wipe your hard drive of any infection and start again. A pain, yes, but the only sure way to remove anything nasty (and hidden)

If you run a good anti-virus, it can detect things that aren't even known yet. there's so many on the market. Do some research and spend the time to find the best one for you. But remember, it's no guarantee to prevent infection.

The weak link in your online security is YOU.

Best of luck people.

Posted on January 16, 2012 by Jonathan Green and tagged Advice.

SMS Scam

We just received an SMS today asking us to claim money for an accident.

After some research it seems as though these have been doing the rounds for a number of years now.

This has since been reported to O2, but our advice is to never interact with these types of unsolicited texts, nor text back STOP as per their request.

Posted on April 29, 2010 by Jonathan Green and tagged SMS accident claim scam spam text.

Six Examples of Scam Emails

1) Verify your account before it's closed.

These are almost NEVER real. If the email contains urgency, asks for personal details, has bad spelling/grammar or is addressed to Dear User or similar, you know it's a scam. Delete these immediately without clicking any links.

2)A large sum of money is due to you.

These are NEVER real. Honestly, why would a person you've never heard of want to give you a vast sum of money? These take the form of an email saying you are the beneficiary of a will, a compensation, or from somebody who needs to transfer some money to your account. Delete these immediately without clicking any links.

3) You've won something!

Surely you're not that gullible, especially if you never entered the completion in the first place?!

These often take the form of news that you've won a lottery or sweepstake and they need you to call a certain number (which will cost you a fortune if you do) or they need your personal details. Delete these immediately without clicking any links.

4) A sudden emergency

There's a lot of these emails doing the rounds recently. They take the form of an email, usually from somebody you know (because your email address has been scraped from your friends infected computer) saying that they are in trouble, have been mugged or have lost all their money and would like you to wire transfer some money to them to help them home. You can spot these are bogus by the very fact that you probably know if your friend is abroad or not, but more importantly by the language the email uses, not tallying with the type of language your friend uses. You can always call your friend and check! Delete these immediately without clicking any links.

5) The Disaster Fund

Whenever there's a major global disaster like an earthquake or famine, scammers will send out emails pretending to be from charities. They will ask you to click a link to make a donation. Don't do it, charities will never cold email random people asking for money. If you're subscribed to a charity's mailing list, then they might send you information, but these emails will always address you by name, and you'll know that you support that charity. Be suspicious, always.

6) The Chain Email - 'If you don't send this on to your friends something bad will happen'

Any email that asks you to forward it to a number of others is always bogus. Even if it pretends to alert you to some terrible scam.

These often take the form of free services or products from major vendors, free discount vouchers, free phones etc., or are medical appeals for sick children, petitions or news of an impending computer virus. Don't EVER forward these emails. Firstly go to Snopes.com and search for the email you've received. You'll almost always find it here. Secondly, delete the email without interacting with it.

We hope this page has been useful. If so, please please let your friends and family know (but not by mass email asking them to forward to all their friends!)

Posted on April 17, 2010 by Jonathan Green and tagged email scam spam.

Phishing Email Examples

Here are two phishing emails.

Sent to us recently, but good examples of why they are obviously bogus.

Firstly, as we've always said, the email is not addressed to a single person by name, but as a generic "Valued Customer" for example.

Secondly, the addressed to line: One is addressed to some random person, the other to 'undisclosed-recipients'. Banks will never send a mass email or even include the email address of somebody else.

Thirdly, and most importantly, if you hover your mouse over the link they supplied, you can see clearly the real URL hidden in the link, which is very obviously nothing to do with the bank. In fact in these two examples, it is clear that they are coming from the same source, even though they are different emails received on different days.

And finally, the language used is fairly obviously not 'bank speak'.

Notice the little '?' where an image should be? That's because we have our Mail client set up to not automatically download images (to prevent malicious images being downloaded): In Apple Mail, Go to Mail, Preferences, Viewing tab and uncheck 'Display Remote Images in HTML Message'

If you want to view an image in an email from a trusted source, you can always click the 'Load Images' button in the mail preview pane.

Posted on April 16, 2010 by Jonathan Green and tagged apple mail email mail phishing.

Dropbox

If you haven't come across Dropbox yet, you really must take a look.

It's completely free, and allows you to backup up to 2GB of data. You can pay for more, but 2GB is a great amount for small files you'd like to keep offline. It's secure, and best of all, allows you to synchronise files between computers.

Posted on April 13, 2010 by Jonathan Green and tagged Dropbox backup.

Half of you are still responding to spam emails

Even with all the publicity around spam, around half of all email recipients are still responding in some form to socially engineered mail messages, according to a survey released this week by the nonprofit Messaging Anti-Abuse Working Group.

A response was counted as opening the spam, clicking on a link within it or opening an attachment within the spam.

This is a worrying statistic. If you come to this site, hopefully you'll know not to even open the message in the first place, let alone, heaven forbid, opening an attachment, which will almost certainly lead to your machine contracting a virus, trojan or other exploit.

Apparently half of those who responded, did so on purpose, meaning that there is still a market for enhancing male genitalia.

Posted on April 10, 2010 by Jonathan Green and tagged email spam.

WhatApp?

Here's a great little site for checking the security issues for mobile and internet enabled apps.

This is what they say about themselves:

"The goal of the WhatApp project is to establish an online resource where experts and other users can assess, discuss, and rate the privacy and security of mobile and Internet-enabled applications. Now in Beta, the website combines traditional consumer reporting and review tools with wikis and news feeds to allow users to make informed choices about the applications they download.

We want WhatApp to be a useful tool for both savvy Internet experts and novices to pool resources and share insights about the privacy features of a wide variety of applications, including Facebook and iPhone Apps, office suites, online maps, toolbars, and media players. The project’s aim is to fill the current market gap between consumer demand for privacy friendly applications and anti-privacy practices employed by the developers and thereby to foster better privacy practices Net-wide."

Go have a look:

WhatApp

Posted on April 10, 2010 by Jonathan Green and tagged apps security.

And another scam email that is even more unbelievable

This is too good not to share. Have a read of this beauty:

------------------------------------------------------------------

From The Desk of Reverend James Michael,
Director Inter-Switch Unit.
Direct Tel: +2347092623554.

Attention

Based on our investigation of your payment, we want to find out if you're still alive or did you assign any (Grace Jackson) to receive your fund, reply to us with:

Your Full Names:
Your Home Address
Your Cell Phone
Your Occupation:
Your Age/Sex:

This is because US$7.1 Million has been approved, so provide the above information unfailingly today or your fund will be released to Mrs. Grace
Jackson.

Regards,
Reverend James Michael,
Direct Tel: +2347092623554
Chairman, Investigation and Debt Settlement Committee

---------------------------------------------------------------------

Please do NOT ring the above number. This is a real scam.

Posted on April 8, 2010 by Jonathan Green and tagged email scam spam.

Hard to believe these emails are still around

We received this today, and I thought it would be worth posting online for all to see.

I'm sure we've all had them, but it's hard to imagine that anybody could ever be taken in by this.

-------------------------------------------------------------------------------------

Hello Dearest,

I know this might come to you as a surprise, but please do accept it in good faith and treat as a matter of urgency with utmost confidentiality.

I am Miss Ariana Hani from Khartoum-Sudan; Northeastern Africa, now seeking political asylum in Dakar Senegal under the UNHCR as a refugee.

I am searching for a true friend, kind and honest to stand as my foreign representative to help me receive my inheritance funds so I can leave this camp and come to your country to continue my education.

Please kindly reply if you know in your heart you would want to help me. Remain Bless.

Ariana
*kisses**

--------------------------------------------------------------------------------------

Posted on April 8, 2010 by Jonathan Green and tagged email scam spam.

Simple Tip: Change your passwords TODAY

Here's a little Easter Egg tip for you.

Change your passwords, and do it now.

With the huge rise of social networking scams, give yourself a little bit of peace of mind by changing your Facebook and Twitter passwords.

It'll only take a second, and it gives you the security of knowing that if somebody has taken hold of your password, they can no longer do anything with it.

If you're dead set on keeping the same password because you can remember it, just add a few digits or letters at the beginning or end (or both) to make it different but still memorable.

And why not go the whole hog and changing your banking passwords too. These are by definition even more important, so do yourself a favour, and get changing.

CHANGE PASSWORDS REGULARLY

Posted on April 2, 2010 by Jonathan Green.

Phishing Example

Here's a screen shot of a phishing email we recently received.

It's not a particularly good one, but the routine is the same. The bank asks you to 'log-in' via the link they provide, to reset your password.

It's an old trick and we would hope very few people would fall victim to this. Clearly the spammer is relying on you being a customer of HSBC, but there is so little branding or instruction that it's far too obvious a hoax.

One immediate flaw which is present in all of these types of email is the use of 'Dear Customer' rather than your actual name.

Notice the tooltip that appears when the mouse hovers over the link (in Apple Mail). Clearly the url has nothing in it to convince us it's legitimately from HSBC. It will run a PHP script which will cause no end of trouble for the unsuspecting victim.

Be aware, be suspicious, be safe (and use a Mac ;) )

Posted on March 18, 2010 by Jonathan Green.

Users 1 - Spammers 0

In a recent victory for the net user, a US Federal Court judge ordered the takedown of nearly 300 domains this week.

These domains were being used to control malware infected computers, under the Waledac botnet which accounted for more than 650 million spam emails a month.

Microsoft filed the lawsuit after the botnet, which appeared toward the end of 2008, infected hundreds of thousands of computers, and sent millions of spam emails to Hotmail accounts.

The judges action now allows researchers the opportunity to cloesly study the botnet activity at the domain level.

Effectively all communication from the botnet has been terminated.

In an article from SC Magazine, the sheer scale of spam was reported:

"At its peak, the impact of Waledac was stunning. Microsoft found that between Dec. 3 and 21, more than 650 million spam messages directed to Hotmail accounts were attributable to the botnet.

And researchers at security firm ESET reported last summer that PCs infected with Waledac were capable of sending 6,548 spam emails per hour, or two emails per second. The company found that if, for example, 20,000 computers were infected with Waledac, then the botnet was capable of sending three billion emails per day, if all infected computers were working to full capacity."

With figures like that, most users should see a reduction in the amount of spam hitting their inboxes.

Lets hope that after years of misery and inaction, finally the tide will turn against the spam community.

Posted on February 26, 2010 by Jonathan Green and tagged Microsoft Waledac botnet spam.

Telephone Safety

Not really a topic on its own, but think about this:

Whenever you call your bank, they ask you a number of security questions to verify your identity.

If your bank ever calls you, please ask them something similar.

Don't assume that just because the person calling you says they are calling from your bank, that they are legitimate.

Your bank should never ask you for your full online banking password, so be very suspicious if they do!

Posted on February 24, 2010 by Jonathan Green and tagged online banking scam telephone.

Annual Safety Spring Clean

With Spring fast approaching, what better than to give your personal computer a complete safety overhaul.

It's a little time consuming, but if you can set aside a day, we would recommend backing up your hard drive (first and foremost) and then completely re-format the drive and start with a fresh clean install of your OS of choice.

If by chance you've picked up some malware, or have some hidden rootkit or other hidden malware on your computer (that you would be blissfully unaware of), the safest way to ensure you have a clean system, is to wipe the disk and re-install.

That way, you will know for sure that no nasties could be present on your system.

For this reason, we would recommend that you don't import all your settings and data, in case you bring over any malware. We suggest you take the following steps in order:

Backup your entire drive (separately from any backup procedures you currently follow)
Verify that the backup is viable and has worked
Check that you can import all of your emails if you want to (make sure you know the procedure to get all your emails and accounts back to how they were before you start)
Make a note of all your program serial numbers and activation codes
Format your hard drive
Re-install your Operating System - do not connect to the internet yet (leave network cables unplugged and w-fi off)
Boot into your new system and make sure it's firewall is enabled.
Connect to the internet and run OS software updates (re-boot as required)
Install your current anti-virus, anti-spyware and firewall programs (make sure they are legitimate programs and download the latest versions direct from the manufacturers website)
Run a scan on any other hard drives connected to your system
Re-install only the programs you really need (it's a good chance to leave out all the stuff you have but don't use)
Update (or upgrade if you feel the need) all of those programs, from the manufacturer, to make sure you are running the latest versions.
Re-install all your backed up data and emails
Run a scan on your new clean hard drive
Keep all software up to date

Having done this, we would then recommend changing all your email passwords.

It's a time consuming exercise, but well worth the trouble, to know that you are now clean and secure, with all the latest protection in place.

You will also have the added bonus of having a more speedy responsive (as new) computer.

(This tip is for personal computers and is not intended for corporate use)

Posted on February 24, 2010 by Jonathan Green and tagged reformat tip.

Thoughts on laptop security

So much is written about firewalls and anti-virus etc, but so little is written about physical theft.

Literally hundreds of thousands of laptops are stolen every year. Forget the risk of a hacker getting your private information, you have a far greater risk with a thief who steals the physical hardware.

With this in mind, here are two very simple tips to help prevent data loss by theft or casual snooping:

Firstly, buy yourself a Kensington Lock cable. These are readily available from places like Amazon.com and Amazon.co.uk (often cheaper than buying in a shop)

Fix it to a piece of solid furniture/wall/pipework and lock to your laptop. All but the hardened theives will be thwarted, with an unprotected laptop being a much simpler target.

Compared to the price of your laptop, this is such a small financial outlay for a lot of protection.

Secondly, password protect you laptop and set a keyboard shortcut, or on a Mac, a hot corner to activate your password protected screensaver whenever you get up to leave your laptop unattended - even if it's for 2 minutes.

It's very easy to do and once you've get used to it, will become second nature.

That way, nobody can easily (unless you have a stupid password, or leave the password written on a sticky note in view) casually look through your data on screen.

If your laptop contains very sensitive or private information, you should seriously consider some level of encryption. That way, if you are the victim of theft, the thief cannot access your data.

Please consider not only the value of your laptop, but the value of the data if it were lost forever.

You will be far better prepared if you expect the unexpected!

There you have it: two very simple and cheap ways of easily protecting your valuable laptop and data.

Posted on February 13, 2010 by Jonathan Green.

Worth a visit

Here's a great webpage that was sent to me on a security forum.

It's simple to read and is definitely worth a look.

http://www.dshield.org/diary.html?storyid=7783 (as of time of posting, this link appears to be safe)

Posted on February 12, 2010 by Jonathan Green.