We're seeing a LOT of phishing emails pretending to be from Dropbox.
The general rule is this: The email heading begins: "(name) sent you an invitation"
The body of the email contains a link (to sign up to Dropbox, but as you would (hopefully) guess, it's a bogus link.
Please be aware.
Please do NOT click on links in emails.
Be safe......
This is a big deal. If you have a Twitter account, please do yourself a favour and follow the steps below to enable two factor authentication. It will give you a huge security boost.
Check out the link on Twitter: https://blog.twitter.com/2013/getting-started-login-verification
It was recently announced that a vulnerability has been found that allows people to change a users iCloud login credentials.
It seems as if a hacker can gain access to your account using a combination of birth date, email address and a "modified url"
At time of writing, Apple has taken down it's iForgot link that allows you to answer security questions to reset your password.
Apple also just announce a two step authentication process for accessing your account which we would strongly urge you set up. It currently takes 3 days from setting up to implementation to protect your account.
Here's the link from Apple that describes the process: Two Factor Authentication
Just as a little simple reminder, if you ever receive an email from a courier company, a financial institution, PayPal, Bank, Tax refund, and it starts with the phrase "Dear User" or " Dear Account Holder" ALWAYS be suspicious.
These companies will ONLY ever use your full name, and thus anything else must not be trusted.
That's also not to say you should immediately trust an email from your bank that uses your full name. You should always be suspicious first, because in general, these people will not write to you via email very often, and certainly not for updating your account details by clicking a link.
If you believe the email to be real, the safest option is to go directly to their website by manually typing in their URL into your browser. That way you know for sure it's taking you to the website you expect to be going to.
As ever, be very wary about emails with links embedded that asked to be clicked on.
ALWAYS BE SUSPICIOUS OF EMAILS ARRIVING IN YOUR INBOX
How often do you see something pop up in your Facebook stream asking you to hit like in 5 seconds to see what happens?
Most of the time I'm guessing.
There's also the posts asking you to forward to at least 10 people.
It's all nonsense. Please don't participate.
Often these posts are offensive, and generally just plain wrong. There's nothing that happens if you hit like within a specified time, except generating a post with vast numbers of coverage. It's the chain letter/email syndrome and benefits nobody, especially as most of the posts are totally incorrect in their assertions.
So firstly, don't be a spammer poster, secondly, don't hit like, don't hit share and generally don't interact with this net garbage.
Please pass this on to all your spammy Facebook friends in the hope that this net clogging rubbish goes away....wishful thinking...
Here's a great post from Kaspersky Labs shwoing how to lock down and secure your Facebook account.
It's a must see for anybody on Facebook.
Check it out here:
Here's a new one on us. An email pretending to be from Discover.com
Nicely, (or stupidly) they've included a real link to Discover, if you were lucky enough to click that, but every other link re-directs you to a bogus website.
You can see from the tooltip below.
NEVER click links in emails especially from banking and financial institutions.
Be aware....
There are a ton of bogus emails doing the rounds right now designed to appear to come from Santander.
Do not click any links within these emails.
Here are 2 examples:
It seems like there's been a number of Twitter accounts hacked in the last few days.
If you've received a password reset request from Twitter via email, we urge you to change your password immediately, BUT, as ever, go direct to the website through your browser, rather than clicking a link in an email....just in case.
It's also worth reminding you of the importance of not using the same password for Twitter as you do for your online banking or any other sensitive website.
As in this case, if your password is stolen, it can potentially be used wherever else you log in, if you use the same password.
Even if you haven't had a recent password reset request, it might just be worth thinking about changing yours anyway. Think of it as a bit of house-keeping.
Also consider adding something to your password that is particular to that site, that you can easily remember, and that will make it different to your other passwords.
Don't delay - do it today!
There's been so many of these over the years.
The basic premise being that it's hilarious to forward the email to 7/10/15 of your friends to see what happens.
Guess what? Nothing happens EXCEPT, all of your emails are harvested and sent to spammers as live email addresses.
The purpose of these chain emails is to bypass spam filters. They get sent out by your friends, therefore arrive in your inbox un-impeded.
Often they will contain hidden maliious code which harvests everybody's emails addresses and sends them to the spammers.
Do everybody a favour, and just delete these emails when they arrive, and reply to the sender with a polite comment about how bad they are.
Educate your friends!
Best of luck....
We've just received 2 seperate emails purporting to be from Google about YouTube
Don't click on any of the links, otherwise you'll be re-dirceted to a malicious site.
Here's a screen shot showing the real URL links (images were prevented from being downloaded for security)
There's a large number of emails doing the rounds that appear to come from YouTube.
They appear to have been sent from service@youtube.com and tell you to click a link.
If you've been on this site at all, you'll no that you must never click links in emails, especially from service providers.
This is a bogus email so delete it.
Apple have released an update that fixes the Flashback Trojan vulnerability:
Got to Software Updates and install it as soon as possible -
This Java security update removes the most common variants of the Flashback malware.
This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets.
This update is recommended for all Mac users with Java installed.
For details about this update see: http://support.apple.com/kb/HT5242
As announced, Microsoft have updated a number or Windows files. if you run a PC please ensure you run Windows Update to take advantage of these.
The following files have been patched
Apple released a second security update on Friday in its continuing battle against the Flashback trojan, which already has infected nearly 650,000 Macs worldwide.
Check your Software Update right now and stay up to date and safe.
This Trojan is installed via exploitation of a flaw in Oracle Java (CVE-2012-0507). The Mac OS X - based malware masquerades as an Adobe Flash Player install.
Upon infection the malware will install fake/rogue security software, and allow for the downloading of additional malicious components, sensitive data extrusion, and other malicious control methods.
Infected hosts report back to an external server and can receive further instructions/payloads via that method (C&C / bot-based control). CVE-2012-0507 is an Oracle Java vulnerability, which was patched by Apple (as a 34rd party component) in April 2012.
Therefore....make sure your OSX software is up to date
Google have just updated Chrome for Mac.
On your Mac go to the Chrome menu bar, Chrome; About Chrome, Update Now
Don't click a link from a DM if it says the following:
"Hi this user is making very bad things about you...LINK"
Hopefully the bad English would alert you to suspicious content, but the link would probably take you to a website full of Malware and nastiness.
BE VERY CAREFUL ABOUT CLICKING LINKS, especially when received from somebody you know.
Just to wish you all a happy and secure break over the holidays.
It's early days for us here at SimpleNetSecurity.com and we only want to encourage online safety & security.
So please do what you can to spread the word and pass on our link to all your friends & family.
Please feel free to link to us if you have your own website, or 'Like' us on Facebook and let's all try to make the Internet a happier safer place.
All comments most welcome.
Many thanks
|
Updating Word for Mac to the latests version protects you against this: Exploit-OLE2.gen MTIS12-053-A |
|||||||||||||||
|
|||||||||||||||
