What is the difference between: Spam, Phishing and Spoofing

Hello and welcome to another installment of the Kesar Tech blog. I have received several emails asking what the difference between Spam, Phishing, & Spoofing is? Here is what I found out.

Spam

Also known as unsolicited bulk e-mail messages or any email messages irrespective of content that is unwanted or unrequested by the recipient. Spam messages are mostly commercial advertising, although chain letters, political mailings and other forms of non-commercial mailings are often included under the same categorization. A large portion of spam has also been found to be comprised of ads for products of dubious quality and services of questionable legality.

There are two types of spam: intentional and unintentional.

• Intentional spam comes from spammers who are soliciting products or attempting to commit fraud.
• Unintentional spam originates from computers that are infected with a virus or worm that activates e-mail distribution processes in the background. The virus or worm attempts to send bulk messages from the infected computer without the awareness of the computer owner.

Phishing
Phishing is a special type of spam that is intended to trick you into entering your personal or account information for the purpose of breaching your account and committing identity theft or fraud.
Typically, a false e-mail message is delivered to you. The e-mail appears to come from a legitimate source, for example eBay, your bank, government departments etc. The message may contain a legitimate corporation's logo, and appear to be sent from the corporation's e-mail address. The message may ask you to click a link in the message to update your account, or run a software program to upgrade your computer.
Although the message looks legitimate, it is really trying to compel you to submit your personal and confidential information, which will be used to steal your credentials. Normally you are asked to enter information such as your name, date of birth, place of birth, social security number, mother's maiden name, bank account number, and bank account PIN. Web sites that are frequently spoofed by phishers include PayPal, eBay, MSN, Yahoo, BestBuy, and America Online.


Spoofing

Spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source. Spoofing is often used by spammers and can be accomplished by changing your "FROM" e-mail address.
E-mail spoofing may occur in different forms, but all have a similar result: a user receives email that appears to have originated from one source when it actually was sent from another source. E-mail spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information, such as a password. E-mail spammers often use spoofing in an attempt to get recipients to open, and possibly even respond to, their solicitations.
To send spoofed e-mail, senders insert commands in headers that will alter message information. It is possible to send a message that appears to be from anyone, anywhere, saying whatever the sender wants it to say. Thus, someone could send spoofed e-mail that appears to be from you with a message that you didn't write.

I know this is a lot of information, but I hope it helps.
As always, keep your questions & comments coming.

Read More

Fake phone call from Microsoft

The following is an email that I received and responded to. This is the second time in a month that I have had to address this phone scam. As you will read, someone posing as a Microsoft rep. calls the house and says you are loaded with viruses and they need access to your pc to clean it up. You are given a web address to go to and they will “take care of the rest.” As far as I can tell, this is a scam to get control of your pc and steal personal info. Bill Gates & Microsoft have much more important stuff to do then let you know you have a virus. Be on the look out for this and don’t become a victim.



“IT'S A SCAM!!! A friend of mine's daughter got the same phone call in South
Carolina about a moth ago.
As far as I can figure out, they want you to give them access to your pc.
Probably to steal any personal info you have stored on it.
Microsoft has no way, that I know of, to monitor your system. Even if they
did, I really don't think they are going to call you about a virus.
You did the right thing by not giving him any info.
Defender is most likely off because of Comodo. It should give you the
option to turn it back on.
FYI: I think you have Vista & not Windows 7 or 8.
Hope this helps.

Keith”

-----Original Message-----
To:
Kesartech@live.com
Subject: weird phone call.

“New question I just got a phone call from someone (India sounding)
saying I have a virus on the Windows program . He wanted me to turn on
my computer and he would lead me through fixing it. I checked the *69
and could not get the number that called me. I did tell him I had no way
to know who I was talking to or to prove he was legal nor did I get a
letter form Microsoft. I checked and Microsoft defender is off is this
because I have comodo? He had my name and knew I had windows, I do not
remember if he knew I had 7 or 8.”

Read More

Barnes & Noble pulls PIN pads after fraud ring hits stores

Have you used a credit or debt card at Barnes Noble lately? If so, read this article.

http://www.scmagazine.com/barnes-noble-pulls-pin-pads-after-fraud-ring-hits-stores/article/265235/

Read More

Beware of malicious Blackhat SEO poisoning.

The following article talks about how sometimes when we search with Bing, Google, Ask, etc.. we can get redirected to a bad website full of scareware. (http://en.wikipedia.org/wiki/Scareware ). Most of these come when you search "hot topics." So be careful what you search for and look for redirects.

http://nakedsecurity.sophos.com/2012/10/05/bing-image-blackhat-seo-poisoning/?utm_source=facebook&utm_medium=status+message&utm_campaign=naked+security

Read More

The All-In-One PC.

I have been ask about the All-in-one pc a lot lately. Attached, you will find an article about them. Here are my thoughts on them.  They are neat, space saving little machines and I don’t have enough experience with them to give an honest answer. Based on the research I’ve done on them, I can give my opinion. When dealing with them, an old saying comes to mind., “Don’t put all your eggs in one basket.” If one item goes bad , it all goes bad. Just like the 4-in-one copier/fax/scanner/printer. If the copier goes out, maybe the scanner will still work, maybe not. Same thing goes here. If the screen gets damaged, you just can’t run to Best Buy and buy a new monitor. Heaven forbid an internal devices goes bad like the hard drive or video card. You need to be a surgeon / auto body man to change it out. First you have to use a dent puller (suction cups) to carefully remove the glass that covers the screen. The glass is held on by about a dozen magnets. Too much pressure one way or the other and CRACK you just broke the glass. If you successfully remove the glass, now you have another dozen T-5 torque screws to remove. Then open the case about an inch and with a pair of long tweezers, unplug a wire (which you must use the same tweezers to plug back in when reassembling it.) Now unscrew the LCD screen and unplug two more wires to tilt the screen forward to get to the “guts’ of the pc. A few more steps and you are ready to reassemble it. Sounds like fun, doesn’t it? Next comes cost, which can range anywhere from $900 up to $1300. I think these computers serve a purpose for a certain group of people, like college kids and people with limited space. The choice is yours. Just make sure you do your homework before purchasing one. Hope this helps.

http://www.pcworld.com/article/262078/hp_tries_to_trump_imac_with_spectreone.html

 

Read More

3 New Stories.

Here are three new stories to check out:

1.) Is about the flaws in Java and how to disable Java to avoid any problems.
http://nakedsecurity.sophos.com/2012/08/30/how-turn-off-java-browser/


2.)  This one also talks about the Java zero-day vulnerabilities, but also about a "Blackhole exploit kit.
http://nakedsecurity.sophos.com/2012/08/30/java-flaws-already-included-in-blackhole-exploit-kit-oracle-was-informed-of-vulnerabilities-in-april/?utm_source=facebook&utm_medium=status+message&utm_campaign=naked+security


3.) Malware warning: There’s a bot going around Facebook Chat, Skype, other IM services.
http://thenextweb.com/facebook/2012/08/30/malware-warning-theres-bot-going-around-facebook-chat-skype-messenger-im-services/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+TheNextWeb+(The+Next+Web+All+Stories)

Hope these are helpful.

Read More

Seem that there is yet another attack on your Android phone. It is a Trojan Horse virus that starts out as a GIF wallpaper app and if you made the mistake of agreeing to install the app, the Trojan would have full access to the personal details you store on the device, as well as the ability to send SMS messages to a premium rate number.Check out the following article for more details.

http://nakedsecurity.sophos.com/2012/08/21/nude-wallpaper-apps-infect-thousands-of-android-devices-with-malware/?utm_source=facebook&utm_medium=status+message&utm_campaign=naked+security

Read More

It seems that one of Yahoo's affiliates got hacked and 450,000 passwords & user names were stolen.
Read the following link to see how this affects you.


http://cl.publicaster.com/ViewInBrowser.aspx?pubids=7889%7c7900%7c909706%7c991374&digest=T74y0QIt4Zu6zbEyGIY0zg&sysid=1

Read More

Check out this article about the possible loss of Internet access to thousands on Monday July 9th. This is all linked to the FBI shutting down malware websites and if you are infected you will be cut off.


http://online.wsj.com/article/SB10001424052702304141204577509211364560838.html?mod=dist_smartbrief

Read More

Facebook account cancellation malware poses as Adobe Flash update

Something new to look out for on Facebook.  It appears that you receive a cancellation notice from Facebook, but when you follow the link to void the cancellation, it plants malware on your computer. The malware allows remote hackers to take control of your system and watch your every move. Be careful.

http://nakedsecurity.sophos.com/2012/05/21/facebook-account-cancellation-malware-adobe-flash-update/?utm_source=facebook&utm_medium=status+message&utm_campaign=naked+security

Read More

More Adobe & Microsoft critical security fixes.

Once again, Adobe and Microsoft have to release "critical fixes" to their products. Check out the following article to find out more.

http://nakedsecurity.sophos.com/2012/05/09/adobe-microsoft-critical-security-fixes/?utm_source=facebook&utm_medium=status+message&utm_campaign=naked+security

Read More

12 Steps for Staying 1 Step Ahead of Online Security Threats

The following is an article on how to stay safe when surfing the Internet. Hope you find the article informative.

Pop-up windows are a common form of online advertising and often appear so quickly that users are caught off-guard. However, some pop-ups, when clicked, trigger spyware that can cause serious damage to computers. That's why it's important to never click "agree" or "OK" to close a pop-up window, and only click on the red "X" in the corner or Alt + F4 to close it safely.
With the explosion of Web-based communications in the form of applications, blogs, podcasts, and social networking sites like Facebook and Twitter, new security threats that can cause serious damage to computers are emerging. As they access these Web-based services from both work and personal computers, many users are unaware that they may be exposing themselves and their organizations to risk.

In this increasingly social and interactive world, organizations must take the necessary steps to strengthen their defenses and protect their online property. While the Internet continues to offer exciting new ways to collaborate more interactively, it is also introducing highly targeted threats to the mix.

Recent data breaches -- such as the Zappos incident early this year, which involved the theft of personalized customer information -- are reminders that both individual users and organizations must have security measures in place to actively protect themselves from the latest cyber threats.

Following are 12 simple steps to ensure that your personal information is protected online.

1. Surf and Download Safely
Yes, we've heard this advice before, but online behavior is critical to ensuring the protection of your computer. When browsing the Web, be sure to visit only websites that you trust. Free, file-sharing programs are often bundled with sneaky spyware, and it's important to read all End User License Agreements and privacy statements carefully before installing new software.

2. Beware of Email Attachments and Links
You're likely familiar with the warning, "Don't Click That Link!" and there's a reason it's still appearing. Email attachments and links present in both email and instant messages can contain malware. Use caution even when a message appears to come from a safe sender, as identity information in messages can easily be spoofed.

3. Close Pop-ups, Don't Hit Agree
Pop-up windows are a common form of online advertising and often appear so quickly that users are caught offguard. However, some pop-ups, when clicked, trigger spyware that can cause serious damage to computers. That's why it's important to never click "agree" or "OK" to close a pop-up window, and only click on the red "X" in the corner or Alt + F4 to close it safely.

4. Select Strong Passwords
News of password-related security breaches has dominated the headlines over the past 12 months, as in the recent T-Mobile incident, when names and passwords of staff members were published. The company's administrators had delegated the same password to each employee. It sounds simple, but the more complicated a password is, the more difficult it is to crack. A good rule of thumb is to avoid using birthdays, family or pet names, the word "password," or other obvious choices, and to select passwords that include both numbers and letters.

5. Update Software
Check regularly to make sure you have all the latest critical software updates and security patches. Online attacks are only becoming more sophisticated, so be sure to do your part in investing in proper, updated security software for your computer.

6. Take a Defense-In-Depth Approach to Security
In addition to having antivirus and antispyware protection on your computer, it's important to also use a two-way firewall. If you use Windows, be sure auto-update is turned on.

7. Store Sensitive Data Securely
You keep sensitive paper documents under lock and key, right? Be sure to secure your sensitive online information through file encryption software.

8. Use an Updated Web Browser
Adjust your browser security settings to medium or higher to ensure that you're taking advantage of its current safety features. Also, consider using an alternate browser, which may lower your risk of malware attacks.

9. Keep Your Private Info Private
Be cautious about giving out your personally identifiable information to anyone. Find out why the information is needed, and then determine if it's absolutely necessary to give out.

10. Shred Personal Digital Documents
Before discarding personal or financial information, be sure to shred it first. This prevents hackers from bypassing information that has not been permanently deleted from your computer.

11. Access Financial Information From a Secure Location
Never log into your bank or other financial accounts from public computers. Don't access them on any wireless networks where login information can easily be stolen.

12. Stay Educated
In order to effectively protect your online data, you need to know what you're protecting it from. Awareness and caution are effective methods to counter fraud, and share security tips you learn with friends and family.

The key to securing a network is to stay ahead of the new security threats before they appear. To do this, enterprises and users must evaluate their security infrastructure and properly plan for the future, proactively thinking of how hackers will attack next, as threats will only become more sophisticated.

Read More

Latest Facebook scam.

Here is an interesting article I found about the latest scam on Facebook. Evidently, you receive an e-mail stating that there are nude pictures of you, a friend, or even a loved one online and if you click on the attached link, you can see them. Once you click on the link, a Trojan horse in uploaded to your PC.

On a side note, I think it is kind of ironic that the site I found it on is titled: "Naked Security."

http://nakedsecurity.sophos.com/2012/04/20/photo-facebook-malware/?utm_source=facebook&utm_medium=status+message&utm_campaign=naked+security

Read More

Privacy concerns after Instagram's acquisition by Facebook.

Yet another issue of privacy with Facebook.

http://nakedsecurity.sophos.com/2012/04/11/instagram-facebook-concern/?utm_source=facebook&utm_medium=status+message&utm_campaign=naked+security

Read More

A free Antivirus removal tool, with support.

In my efforts to stay ahead of the "computer gremlins,"  I came across the following free antivirus removal download. This link comes from an IT firm in the UK called Sophos. I have been following them for awhile and have even posted several other links from them in the past. I personally haven't tried this program YET, but one thing that did stand out to me was the fact that you don't have to remove or disable your current antivirus program to run it. Most antivirus/malware/spyware programs don't "play" well together and most, will only run effectively by themselves. So if you do decide to try this, make sure you set-up a system restore point first, then let me and Sophos know how you liked it.     

http://nakedsecurity.sophos.com/2012/04/11/free-virus-removal-tool-for-download-from-sophos/?utm_source=facebook&utm_medium=status+message&utm_campaign=naked+security

Read More

A critical vulnerability exists in Windows. Patch it now.

It seems that a worm is targeting a vulnerability in the Remote Desktop Protocol (RDP) of windows. As you can tell by the name, this involves accessing your desktop by Remote control. If this happens, your computer turns into a "zombie" and re sends the worm to all your email contacts. Don't fear though, Microsoft has a patch and the quicker you install it, the better. Read the following article for more info and the link to the patch or just do a Windows Update. .


http://nakedsecurity.sophos.com/2012/03/16/rdp-exploit-china/?utm_source=facebook&utm_medium=status+message&utm_campaign=naked+security

Read More

Here's How a Thief Can Steal Your Wallet without Even Touching You!

Good Morning and welcome to another installment of the Kesar Tech blog. Today I have attached an article about the latest way theives are stealing your stuff. They can steal your your money, your identity, and invade your privacy and all of this can be acheived without even touching you. Read on and findout how.

 

Imagine a thief stealing your wallet simply by waving his hand over your pocket or purse... it's possible in today's world, here's how (and how to stop it)...

Let me explain.

Thieves have found one more way to bypass supposedly "secure" technology to steal your money, your identity, and invade your privacy. In this case, they don't even need to touch you – just get close to you.

What's worse, this technology is rolling out into wider use by government agencies, both state and federal, adding one more area of risk for you and your family.

In this Executive Bulletin, we let you in on the threat and a simple step you can take to protect yourself.

Picking Your Pocket with a Wave of the Hand –

The radio frequency ID (RFID) chip is used primarily in commerce to track inventory. Applied in this respect, it's very efficient. According to the RFID Journal (an industry trade magazine): "Radio frequency identification is the next wave in the evolution of computing. Essentially, it's a technology that connects objects to the Internet, so they can be tracked..."

The problem: RFID technology is popping up on the items we carry on our own physical bodies, such as our driver's license, credit card, and passport.

For example, touchless credit cards are being issued more frequently by credit-card companies. The reason is because it makes purchases quicker, which is good for business. Just float your credit card above the touchless-equipped reader and pay; It's even faster than swiping your credit card!

It also makes theft fast and easy. Demonstrations by security experts show how a pickpocket hides a touchless credit-card reader, bought online and connected to a small netbook computer or smartphone, tucked inside a handheld organizer easily "steals" the credit-card information right through a victim's purse or pants pocket.

Armed with this information, the crook can create a fake credit card or simply use the information collected to make purchases online. One security expert says if he goes to a sports game, the mall, or movie theater on a busy day, he could someday steal thousands of credit cards without anyone ever knowing. A similar threat exists with the RFID on a driver's license and passport.

How Are Such Elaborate Thefts This Possible?

Two primary variations of the RFID chips exist, active and passive:

• The active chip has its own power source (like a battery) and sends out a signal (on a radio frequency). This signal contains information. For inventory tracking, it would be the serial number, contents, destination, name of the manufacturer, etc. The signal is captured and read by an electronic reader, stored, and integrated with the rest of the computer network. This technology is in use to track rental cars, for example.
• A passive chip doesn't have its own power source. Instead, the electronic reader sends out a radio signal that activates the chip, then the RFID chip bounces back the stored information (your credit card, driver's license, or passport information) to the reader.

Since information is floating on radio waves, any electronic reader tuned-in and at the right distance can capture your data. That's all the touchless pickpockets really do. An active RFID chip can be read up to 300 feet away, a passive chip from 30 feet!

Is There Really a Risk for You?

The more this technology is used and the more information RFID chips contain, the more reason criminals have to abuse it, compromise it, and render it useless. Today, many driver's licenses, passports, and credit cards already contain RFID chips, so the security risk is real and growing.

• Security researchers argue it's possible to read RFID chips from inside a passing car!
• Even government encryption used to protect data has already been cracked;
• Information can be copied, as in the case with the credit card example above;
• In some instances, information on an RFID chip can be changed by the reader itself. In other words, researchers rigged readers to write over and change information stored on an RFID chip. Someone with bad intentions could conceivably corrupt the information on your driver's license or passport and cause you much grief with the authorities while trying to cross a border, for example;
• Regarding RFID-equipped passports, each country's passport sends out its own unique radio signal. This poses a security threat while traveling if you happen to carry a non-politically correct passport – even if it's safely stored in your luggage or jacket pocket.
• Privacy advocates fear governments will use these chips more for surveillance and identity verification. Reports from China suggest government officials are already using this technology to scan crowds of protesters to help stifle anti-government activism.

What Can You Do about It?

One individual demonstrated how he destroyed the RFID chip in his new credit card by hammering a small nail through it. He reasoned the magnetic strip still worked, and he didn't need or want his credit card broadcasting his information. (You could go this route, but it's probably not advisable with your government-issued RFID documents, because it could come with a penalty.)

Your other options are to wrap the document in a metal like aluminum foil or buy a protective sleeve or stylish wallet designed to block the radio signals from the RFID chip. In fact, the State Department actually recommends doing this with your passport.

RFID may have some benefits, but it is a major threat to your privacy. Be wary.

 

Read More

Pink Facebook App.

The following is a link to an article about the latest scam going around Facebook. A message comes across Facebook offering to change the color of your page. But, it's a scam just trying to get access to your information.

http://nakedsecurity.sophos.com/2012/02/27/pink-facebook-survey-scam/?utm_source=facebook&utm_medium=status+message&utm_campaign=naked+security

Read More

What is Malware & how do I avoid it?

Recently, I've had a few people ask me what the difference between Malware & a virus is. I thought that maybe someone out there way have the same question, so here is my answer:

• MALWARE VS. VIRUS: The first thing you need to know is that malware is a generic term used to describe any malicious program. If it's unwanted and insidious, it's malware. Even though they're often confused, malware is not the same as a virus, though a virus is a common form of malware. Viruses are pieces of unwanted code that latch on to legitimate programs and can self-replicate. They're often unwittingly spread though email attachments, USB thumb drives, and file sharing.

• WORMS: Like a virus, a worm self-replicates, but it doesn't need to attach itself to a host file. Worms burrow into your network looking for vulnerabilities to exploit and spread to other systems.

• TROJAN: Like the horse of Greek mythology, a trojan masquerades as something awesome—a psychedelic screensaver or card game, for instance—but hides a terrible surprise. In other words, it appears to be something that it's not. Trojans can't replicate themselves like a virus, but once you run or install a trojan, it gets to work opening back doors or whatever evil deed the author intended it to do.

• SPYWARE: Just what it sounds like, spyware is any unwanted program designed to spy on your activities. It might be a program that logs your keystrokes (keylogger) or tracking software that gather information about you without your knowledge or consent.

• ADWARE: To keep it short and simple, adware bombards you with ads. Some examples include random pop-ups, unwanted banner ads, and browser redirects.

Now that you know the difference between the different things that can take over your computer, here is how you avoid getting them in the first place.

The best protection against malware isn’t security software, it’s you, the user. You should consider antivirus software as your last line of defense, and if you really want to avoid malware—you should steer clear of high-risk situations altogether. Here are some tips:

• Above all else, keep your software up to date. It starts with Windows but extends to all of your system software, especially programs that connect to the Internet. If you have a lot of programs installed, Secunia PSI (free, bit.ly/DW9u) will sift through them and let you know which ones are out of date. It will even fetch updates for you.

• Be extra cautious when connecting to open Wi-Fi networks like the ones you find at coffee shops, airports, and other public places. It doesn’t take much effort for a hacker to set up a fake free Wi-Fi hotspot in hopes that you’ll connect to his laptop instead of the real hotspot.

• Whenever possible, try to avoid using someone else’s computer to check your webmail. Can you really trust that their system isn’t infected with a keylogger or a screen‑capture utility? It just isn’t worth the risk. If you simply must, don’t forget to log out.

• Finally, check the file extension before you open what you think is a JPEG or some other picture format. We’ve seen dirty executables hide behind picture icons. Right-click and select Properties, or configure Windows to “Show hidden files, folders, and drives” by opening a folder and going to Tools > Folder Options > View.

Well, there it is, the tools you need to begin your fight for a clean and trouble free PC. Keep your questions and comments coming and see you soon.

Read More

10 Reasons to Root Your Android Device

Hello & Happy New Year.
For those of you with Android devices, here is a way to take control of your device.
It's called "Rooting." Rooting is the process by which you regain administrative access to your phone.
The following links are:

1. A beginners guide on how to root your phone or tablet.
2. Reasons you may want to root your device.
3. A How & Why guide to root your device.

I hope the following links help you take control of your device and make it into what you want it to be.

 ****WARNING****
Before performing any of the following suggestions or procedures, be aware that if done incorrectly, you may damage your device or decrease it functionality.
Becareful what you do and if you don't feel comfortable doing it, DON"T DO IT.


http://www.androidauthority.com/rooting-for-dummies-a-beginners-guide-to-root-your-android-phone-or-tablet-10915/

http://www.maximumpc.com/article/features/10_reasons_root_your_android_device

http://www.tomsguide.com/us/Root-Your-Android-Phone,review-1688.html

Read More