The New Twitter Spam Scheme

September 17th, 2013

Spam on smartphone

If you’ve used Twitter, you’ve likely encountered Twitter spam. There are unfortunately a large number of profiles whose sole purpose is to send out messages with URLs that are phishing sites or infect your machines with malware. Twitter has taken steps to rid their users of this spam nuisance, but spammers now have new tactics that are more difficult to deal with.

Kit Eaton, of Fast Company, reports that the latest spam technique involves Twitter’s lists. Twitter overcame their initial spam issue by adding a “Report Spam” button for users to use when they encountered an obviously malicious tweet or profile. Overcoming list spam is more complicated.

When your Twitter profile is added to a list by another user, you receive a notification. Lately, users have been seeing list add notifications from spammers masquerading as reputable companies. Accounts trading on the names of Paypal or Facebook appear to have added your Twitter handle to a new list. The idea behind this scheme is that users will have questions about this action and want to know more.

Naturally, you’ll click on the name of the account that’s just added you and you’ll arrive at a barren Twitter profile. No profile picture, only a few tweets sent and almost no followers. Their bio will contain a URL, however. Don’t click it. The urge might be to follow the link and find out what this strange Twitter profile is all about, but the URL points to a malicious website. This could be a phishing scam or a website designed to infect your device with malware.

Twitter has yet to announce a plan to deal with this latest spam threat. You can avoid any problems, however, by being suspicious. Understand what a spam Twitter profile looks like and don’t click any links in their bio or tweets.

If you find that you computer or mobile device has been infected with malware, bring it to Geek Rescue. We rid any device of viruses and malware. Come by or call us at 918-369-4335.

Malware Threat Targets Android Devices Through Email

September 12th, 2013

Malware on smartphone

A new form of malware attack on Android phones has security experts on the look-out. This form of scareware infects your computer through a phishing email and malicious link.

Chris Brook, of ThreatPost, reports that the emails will appear to be from the United States Postal Service.

The message informs you that the USPS was unable to deliver your package because the postal code contains an error. You’re then prompted to print a label. When you follow the “Print The Label” link included in the email, a malicious Android Package File, or .apk, is downloaded to your device.

This particular scam seems poorly constructed. After all, most of us know when we’ve sent a package recently and understand that printing a label for a package that isn’t in our possession wouldn’t do much good. However, there are plenty of users who will click the link to try to gain more information, even if they haven’t sent a package in months. Hackers play on our curiosity and even thin attacks like this one will claim victims.

This form of malware has been used before. Security experts note that a previous scam using it in a scam that asks users to pay a subscription fee to keep their devices clear of malware. What’s noteworthy is the way the malware is being distributed. Cyber criminals are adjusting to the number of users who access their email on their Android devices and are attempting to exploit that fact.

This malware is reportedly even capable of intercepting both incoming and outgoing calls. It also is capable of changing file names to look more innocent. Instead of a suspicious .apk file, it will appear as a .zip file with a tantalizing name like vacationphotos.zip.

Android users should go into the settings on their device and disable the option to “allow installation of apps from unknown sources”. Users will also be able to enable a “Verify Apps” option, which will warn them before any potentially malicious app is downloaded.

These two options help keep your device safe, but you’ll also want dedicated security apps as well. To upgrade the security on any of your devices, or to rid them of existing infections, come by or contact Geek Rescue at 918-369-4335.

Secure Your Business With These Easy Tips

September 11th, 2013

Security

Many small business owners believe that they won’t be the target of a cyber attack simply because there are larger companies that present more value to hackers. However, this belief leads to more relaxed security protocols, which makes small businesses an attractive target because of their ease of access.

Susan Solovic posted on the AT&T Small Business blog how to immediately improve your company’s security without having extensive expertise.

  • Strong Passwords

As with any account, you need to protect your business by having each employee log-in with a secure password. This password should be long, have upper and lower case letters and symbols and numbers and be changed often. 

  • Sign Out

It’s a basic step that pays big dividends. Don’t make it easy for a criminal to steal your information or infiltrate your network. When you’re not sitting at your computer, sign out. This erases the possibility that someone in the area could walk by and immediately access valuable data. This is especially important for mobile devices. 

  • Regular Updates

There’s a reason your antivirus software requires regular updates. Hackers are constantly changing tactics and using new techniques. Each update is an attempt to stay ahead of the curve. So, when any of your regularly used applications prompts you to update, do it. 

  • Create Back-ups

Nothing keeps you 100-percent secure. Even if you are able to avoid a cyber attack, natural disasters could still wipe out data. Regularly backing up vital data is important in order to avoid a catastrophe. Should any of your files be lost or corrupted, you’ll have back-ups to replace them quickly without suffering any down time. 

  • Limit Employees

Each employee and each position at your company is different. Some will require different access to different applications. Think of it like a government security clearance. There are different levels depending on your pay grade. For your business, give employees the access necessary for them to do their job, but no more. This way, if their account is compromised, you won’t be allowing access to your entire network. 

Keeping your business secure is an important and time consuming job. For help, contact Geek Rescue at 918-369-4335. We offer data storage and back-up, security solutions and more.

 

The Problem With Your Password

September 11th, 2013

Password security infographic

Would you call your passwords to the various accounts you have online secure? It depends on how many characters your password is, if you use upper and lower case letters, symbols and numbers, if you use full words, recognizable names or places from your life and whether you reuse passwords on multiple sites.

Ping Identity’s Christine Bevilacqua published a blog along with the included infographic that speaks to the problem with password security.

Many of us have experienced a compromised online account and a broken password is often to blame. There is software readily available that is capable of breaking even incredibly long passwords. Sometimes, the strength of your password isn’t even the issue.

In the case of the latest attack on the New York Times, a spear phishing scam resulted in an employee giving out their password. Cyber criminals have become increasing intelligent about creating ways to hack into your accounts.

If you aren’t scammed into giving out your password outright, you may be guilty of clicking a link or downloading an attachment you shouldn’t have. This could infect your computer with malware capable of monitoring your activity, stealing passwords and infiltrating your accounts.

Some online accounts are moving to require a log-in with social media accounts, but what protects your social media accounts? A password does.

One of the latest innovations on the new iPhone is the use of biometrics. In order to unlock the phone, users will use their fingerprint. This seems like a foolproof plan. Afterall, no one will be able to hack into your phone unless they have your fingerprint. However, the problem becomes the unreliability of biometrics. For example, what happens if an error occurs and your phone won’t recognize your fingerprint? For most similar systems, the fall back is simple password protection, which brings us back to square one in terms of security.

The key to avoiding a hacker cracking your password is to practice safe surfing techniques and to have the latest security software in place.

To make any of your devices more secure, contact Geek Rescue at 918-369-4335.

New iPhone Presents New Opportunity For Scam

September 10th, 2013

Apple iPhone

Apple plans to announce their newest models of the iPhone on September 10, which has millions eager to see their newest offering. Among those millions are cyber criminals looking to take advantage of the latest trend.

As Merianne Polintan writes for TrendMicro, phishing emails promising free, new iPhones have already begun to show up in some users inboxes. Most of these early occurrences were spotted in SouthEast Asia, but users in the US should also be on the lookout.

The iPhone phishing email looks like it’s sent to you from the Apple Store. The message tells you that your email has won in a drawing and you’re entitled to a new iPhone 5S. You’re then asked to log in at the link provided to claim your prize.

If you look closely at these emails, you’ll notice the tell-tale signs of a scam. For example, there are a number of spelling or grammatical errors. You’ll also likely find that although the sender is identified as “Apple Store”, the actual email address is probably not “@Apple.com”.

So, unfortunately, you didn’t win a new iPhone. By avoiding this scam, however, you will at least keep your identity from being stolen.

To improve the spam filter on your email or improve the security on any of your devices, contact Geek Rescue at 918-369-4335. We keep you safe from malware, viruses, phishing scams and spam emails.

Text Message Scams Threaten Your Smartphone

September 9th, 2013

Smartphone scam

You’ve probably heard of phishing and even spear phishing. But have you heard of smishing?

Criminals are using text messages, or SMS, to send phishing scams directly to your smartphone. Dubbed smishing by some, it’s another way for hackers to steal your money, information or monitor your activity.

Just like phishing and spear phishing, smishing relies on social engineering to play on your fears. Most smishing messages offer you money or gift cards, or claim to be your bank or credit card company.

About.com’s Andy O’Donnell published some tips to help you avoid becoming a victim of a smishing scam.

  • Know Your Bank’s Texting Policy

If your bank sends you a text regularly, it might be harder to decide when it isn’t legitimate. However, if you’ve never received a text from your bank before, you should be extremely wary when a text from a bank shows up on your phone. This goes for any accounts you have with any company. If a text comes to you, don’t respond to it. Instead, look up the customer service number for that business and contact them directly. 

  • Beware 4-digit Numbers

When an email-to-text service is used, a 4-digit number will usually be shown as the sender. Not all email-to-text users are malicious, but criminals use them to mask their actual location. If you get a text from someone without a typical phone number, be extra cautious.

  • Use The Text Alias Feature

If you seem to be getting a lot of spam texts, or just don’t want to worry about them, your phone provider likely offers a text alias feature. This allows you to use an alias number to send and receive text messages and you can then block texts from coming to your actual number. This alias will only be known to those you give it out to, so scammers won’t have access to it.

  • Block Internet Texts

As mentioned earlier, email-to text and other internet text relay services help scammers mask their identity and allows them to send a high volume of messages. Your cell phone provider will allow you to block all texts coming from these services. This will reduce the number of smishing texts you receive, but you might also miss out on legitimate texts from companies using these services.

 Putting additional security on your mobile device is another great way to ensure your safety. To find out more about mobile security, contact Geek Rescue at 918-369-4335. 

Firewalls: Here’s What You Need To Know

September 6th, 2013

Firewall

Most everyone has heard of a firewall, but few really know what it is and what it does. The first thing you need to know is that you need one.

A firewall is a line of defense that monitors and filters data entering and leaving your network or computer. Andy O’Donnell describes a firewall for About.com as a “network traffic cop”.

It’s simple to understand that there are criminals outside of your network that want to get in and steal your data. Keeping them out is important, just as keeping criminals out of your home is important. A firewall is the first line of defense for keeping the criminals out and your data safe.

The other job of a firewall is ensuring that outbound traffic of a malicious nature is also blocked. This is a little harder to understand. Outbound data usually refers to what you are sending out of your own network, so why would you want to limit that direction of traffic? Well, if you do get a malware infection or allow access to your network to a malicious program, data can be sent from your computer to download more malware. A hacker is much more limited if the data sent from the infecting malware is limited by your firewall.

There are hardware-based firewalls that exist outside your computer. It would be a dedicated piece of hardware you add on to boost security. Many people already have a hardware firewall contained in their wireless router. To make sure it’s active, you’ll want to check the router’s settings.

There are also software-based firewalls. Most operating systems, like Windows for example, come with a standard firewall that is active by default. There are also a number of antivirus programs that also include software-based firewalls.

If you don’t have an active firewall, your operating system has probably alerted you to that fact. To improve your system’s security, contact Geek Rescue at 918-369-4335. We have a variety of security solutions to keep all of your devices safe.

Hackers Are Targeting Your Smartphone, But Why?

September 6th, 2013

Smartphone Danger

You’ve likely heard how cyber criminals can hack your smartphone and gain access to your accounts, or even take over functions of your phone. But do you understand why your smartphone is such a coveted target?

Marshall Honorof, of TechNews Daily, writes that “your smartphone contains as much sensitive information as your wallet” and is always on, connected to the internet and vulnerable.

Your smartphone has a number of vulnerabilities, which makes it a challenge to protect. You’re probably always logged into social media and email accounts on your phone. This means that anyone who gains access to your phone also gains access to all of these accounts. With the information gained from social media and email, an intelligent hacker is able to gain access to almost any account you have online.

Smartphones also present the unique problem of text messaging vulnerability. A text message is practically impossible to block since phones open them as soon as they’re connected to a network. This means text messages containing malware are a near-perfect weapon.

There have even been demonstrations of infecting iPhone’s with malware through charging. Once a phone is infected with malware, any number of bad outcomes is possible. Your data could be collected, activity monitored, accounts hacked and phone functions hijacked.

When Bluetooth, Wi-Fi and GPS are activated, phones broadcast a shocking amount of information. Your location and the model number of your phone are available to anyone who cares enough to look for it. Retailers are actually beginning to use this information to tailor ads to you.

Turning off functionality like GPS and Wi-Fi when you’re not using it not only grants you more privacy, it also saves your battery. Experts also suggest uninstalling social media and email apps from phones. These apps are less secure than the websites they represent and keep you logged in at all times.

In addition to better usage habits, you’ll need robust security software to keep your phone safe. Contact Geek Rescue at 918-369-4335 to find out how to improve the security on any of your devices.

How To Spot and Avoid Phishing Emails

September 5th, 2013
How to Detect a Phishing Email
Explore more infographics like this one on the web’s largest information design community – Visually.

 

Phishing scams are producing some unbelievable statistics. 500-million phishing emails are sent every day. 250 computers are hacked each minute. These statistics are why it’s important to protect yourself not only with the latest security software, but also with an understanding of how to avoid the scams.

Phishing emails are attempts to gain access to your accounts or steal some information a hacker deems valuable. They often appear to be from reputable businesses and will ask you to respond with your account information or personal identifiable information. The best thing to do is not respond. Mark the email as spam and delete it.

Many phishing emails will end up in your spam folder. So, the first step in avoiding these scams is to trust your spam folder. Unless you find an email you were expecting to receive in the spam folder, it’s best to leave them alone. Even emails from your contacts could be malicious. There are numerous cases of an individual’s email being hacked and a malicious email being sent to their entire address book.

If a phishing email does end up in your inbox, be aware of the sender’s usual behavior. For example, your bank probably only sends out emails for specific reasons and never asks for your account information over email. If you receive a message that seems out of the ordinary from a company you do business with, it’s always better to call them to find out what’s going on. Be sure to look up the number for yourself also. Many times, a false number will be included in the phishing email.

Links and attachments are a popular way to attempt to infect your computer with malware, which then allows hackers to gain access to your accounts. Be wary of any links and attachments sent to you from unknown sources. If you’re expecting a file to be sent to you by a friend or coworker, it’s probably safe. But, if someone you don’t know sends you an email with an attachment, or even a friend sends you a link you don’t recognize, it’s better not to open them.

For help keeping phishing scams out of your inbox, call Geek Rescue at 918-369-4335. We offer state of the art spam filters and the latest in security software to keep you safe.

Hackers Only Need One Android To Breach Your Network

September 4th, 2013

Angry Android user

The growing trend of BYOD, Bring Your Own Device, means that more and more employees are using their personal smartphones on company networks. The initial concern surrounding BYOD is that sensitive and valuable information will be stored on personal devices and potentially lost or stolen. But, as Sam Narisi points out for IT Manager Daily, there’s another significant threat to consider.

A security researcher for Tripwire recently demonstrated how a single compromised Android device could be used to hack into a company’s IT infrastructure. This is possible through Google apps, which many companies use for cloud computing and email.

Android uses a “single sign-on” feature, which means that users aren’t asked to continuously authenticate their Google account with a password. Instead, the Android device stores a cookie the first time you authenticate your account and remembers that your device and your account are linked.

The problem is similar to forgetting to log-out of your email or social media account on a shared computer. For example, if you’ve ever checked your Facebook page at a computer lab or library and forgotten to sign-out when you left, you probably ended up with some joke statuses on your account. College students know exactly what we’re talking about.

For this Android flaw, when an employees device is lost or stolen, their accounts remain active. Whoever holds that device has access to everything stored in Google apps, including the employee’s email account.

An intelligent hacker, however, doesn’t even need to physically hold the Android to access Google apps. If they are able to infect the device with malware, they could also gain similar access to Google accounts.

The simplest fix for this security flaw is to keep anyone from accessing corporate Google apps with their Android device. Failing that, keep from downloading any extraneous apps, especially outside of the Play Store. That will go a long way in keeping malware off your smartphone.

For more help keeping your smartphone or other device safe and secure, contact Geek Rescue ta 918-369-4335. We offer a variety of security solutions for both home and business.