Sunday, May 22, 2011

boo! ahhhh! scareware!!

a few months ago i got a call from my dad, asking if dan could help him with some computer problems. he said a box popped up telling him that his computer was infected with viruses and needed to do a scan. what we had to explain was that he was being tormented by something called "scareware". maybe you've heard of it, maybe it's happened to you. it's another threat to our online experience, but you can educate yourself on it, and learn to not fall for the tricks.

scareware is what it sounds like. something that is supposed to scare you and get you to do something (no, not chainletters, though those are questionable too). in most cases, a box will pop up on your screen, warning you that your computer is infected with viruses. it will say you are infected and you need to run a scan with this antivirus program. it will look all official, and because it's flashing and has lots of !!!!!'s, it scares you into believing it's lies and you fall for the trap. in reality, it was just a harmless pop-up, but once you click on the "ok, please save me" button, it downloads it's junk, and then continues scaring and scamming. your newly downloaded virus will now make your life a living hell.... yes... zombies will be involved.... and we all know that's never good.

you thought you were being a smart surfer and conscientious computer user by following your computer's warnings, but unfortunately, The Malicious Ones are at it again. they scare you into thinking something bad is on your computer, and then ever so kindly offer you a solution. one that costs money. YES! your hard earned money! to clean off the crap they put on there in the first place! but sometimes, they don't even actually clean it off! they just tell you they do, and then months later, you get another pop-up warning you that your computer is infected and the cycle starts again. their trick is to scare you into something that, in all seriousness, is legitimately scary. no one wants viruses on their computer. most of our lives are on the there! pictures, videos, school stuff. so they get you with that. then, in your worried state, they get you again by offering a solution to your problem. "we have this amazing program that will solve all your virus problems! just pay us $$$ and your worries will be gone!" so now they lied to you, and took your money...  it's not a very good day, is it? :(  

but!! we can prevent this from happening! yaaaaaaaaaaay! i'm here to offer you a solution... and it's free! :) anytime something questionable pops up like that, "x" out of it. there should always be an "x" for you to get the heck outta there that will be safe to click. never, ever ever ever, click on the 'ok'. always "x" in the upper right corner. i sometimes even get freaked out clicking the x, so i'll go so far as to control-alt-delete it instead, and close it from there. closing it out right then and there will prevent many a headache from happening for you! now chances are you had that pop-up, pop up from a compromised website you went to. you should steer clear of that website. the pop-up will continue to happen. as far as it infecting your computer, nothing should actually have happened.. it was just out to scare you. unless you actually clicked "ok", your computer should have a clean bill of health from this attack. always a good idea to run your own antivirus and spyware program though, just to be safe. you do have something protecting your computer, right? make sure it's updated and run a scan of your computer from time to time. it never hurts. i'll post a blog about all of that another time.

also... never trust what you don't know. unless it's your actual antivirus program warning you something is wrong, it could just be a scam. know your programs, and how to use them! TMO's are lurking around everywhere online, so be careful! watch what you click on, educate yourself, and keep your computer clean!

Monday, May 9, 2011

phishing.....not like the good ol days...

it's common knowledge these days that e-mails can contain viruses or other harmful things in them. are you aware that some e-mails are sent as a way to gain personal information about you, such as account numbers, credit card numbers, and other identity threats? e-mail boxes have long been the victim of spam e-mail (i seem to have 50 to 200+ spam e-mails in my junk folder every time i log in), but with the ever growing "phishing" attempts, even e-mails you think look reputable, can be riddled with harm. are you as e-mail smart as you think? below is a link to a test to your ability to identify legitimate e-mails and ones that are fake. my boyfriend was sent this link by his college professor for one of his cyber crime classes. he took it, and though he aced it, he said overlooking little things could have easily made him answer wrong. he then proceeded to have me take it, which i too aced (thank goodness i have such an amazing teacher teaching me about all this!). but how do you do? i encourage you to take it first, and then read on with the rest of my blog. test your basic knowledge first, and then come back and i'll explain! ready set go! -->Phishing Test! <--

soooooo... how'd ya do?...... don't feel bad if you got some, or a lot, wrong. there was someone in his class that got 1/10 correct... majority of his class missed 3.. only one other aced it. and these are people majoring in this stuff!!! so don't feel bad. pick yourself back up and lets put a stop to this, shall we? we must not let these phishers conquer us *fist shake*! here are some tips on how you can become a smarter and safer e-mail user.

first off... i keep saying this word... phishing... what is it you inquire? it is any attempt to steal or trick a person into giving up personal information, usually by e-mail (lets keep in mind, this can be used on websites as well, but i'm going to talk mostly about e-mail for this post).  it poses as something legitimate to get you to give up your information to *dun dun dun*... 'the malicious ones'... without you even knowing you gave it up willingly.

the 3 things you should check with every e-mail you should open.
1.) who is it from, and what is the sender's e-mail address
2.) what does the e-mail say
3.) are there attachments and/or links

so lets explain those all in more detail.

1.) who is it from? do you know this person? is it an e-mail you were expecting or is it unsolicited? i tend to have the rule, if i don't know who it is, i don't even bother opening it. it goes straight to the trash folder. but sometimes you're unsure. if it is from a company, they will never use a free email service such as yahoo, hotmail or gmail. so there is your first clue of someone attempting to trick you. if the e-mail is from, say,, it's soooooo not legit. don't trust it. even your friends' e-mails can become compromised though, and send you malicious things under their name, so you always need to be cautious.

2.) what is the e-mail about? are they saying something is wrong with an account you have? or you need to verify personal information with them? how are they asking you to do this? if it says "click on this link and fill out your info so we can confirm" don't do it! i'll explain more about that in section 3 though. are they asking you to call this 1-800 number of theirs to confirm your info? eh.. double check the number first. check the number on your card or statement to make sure it is the companies real number. are they asking you to do anything at all from this e-mail they sent you? be cautious. if a reputable website does need you to verify something, they will never do it over e-mail. they will tell you to log into their website (which you should type in yourself) and make the necessary changes from there. a reputable company will also have things spelled correctly. if the message is full of typo's, you know "tmo's" are up to no good.

3.) i'll start by saying this... rarely should you trust links in an e-mail. you should get in the habit of not even clicking on them. "tmo's" are very good at hiding evil things in their links. one second you're reading an e-mail warning you there is a problem with your bank account being compromised and that you need to log in to their website following such and such link to sort the matter out, then...... aaaahhhhhhhhhhhhhhh... you've been duped! nothing was actually wrong with your account! they got the information they wanted as you tried to "fix" it! so we need to learn what links are safe, and which ones we should ward off like a non sparkly vampire.

lets talk about secure websites to get our basics. have you noticed that when you log into a website that stores personal information about you, such as banking websites, credit card websites, you cellphone carrier website, etc, that up in the address bar, the link starts with https://?  that "s" at the end of the normal http stands for "secure". secured from what you ask? from people viewing your stuff! ok, so that's not a good enough explanation is it, so lets take a little technical detour for a moment. i promise, this won't be dan technical, afterall, this is layneman's terms, so follow me on this. when you enter something, such as log in information into a website, it needs to send that info back to the webserver. during that process, your info takes a journey. now, if you're not using an https website, that info is sent 'as is', unprotected, for "tmo's" to intercept. however, if the website you are using IS an https website, the info you send is encrypted, meaning it scrambles itself so the information can't be viewed, much like the chocolate bar scene from willy wonka. so, https = very good when entering personal information you don't want others to see.

ok, out of technical land, and back to stomping out the bad guys and learning which e-mails to trust. 

often times, when phishing e-mails give a link to follow, you won't see that https. so that could be your first clue that you could be looking at a fraudulent e-mail. (though the lack of an https website doesn't necessarily mean the website is bad, but that is for another blog post)  but i already said you should make habit of not clicking on links in e-mails, didn't i!? so you weren't going to click it anyway were you? gooood! you should still know the difference from a real link and a malicious one though. now, i want you to try something for me.. scroll back up to the top of the post and put your mouse over top of my "phishing test" link. don't click on it again... just let the pointer hover over top of it. you'll notice, in the bottom left corner of your browser the web address of that link will be displayed there. that is where all your clues are my friends! make sure you check that before you click on annnnything! is the https there if you're supposedly being transferred to a site where you'll need to type in personal information? does the link in the left corner match up with the link they said in the e-mail? even one letter change can mean you're going to a site that can cause harm. are you even going to a site that remotely deals with what the e-mail said? or are you thinking you're going to your bank login, but the link provided is sending you to ""? be careful of what you click on! using my "phishing test" link again as reference, you'll notice that i could type in what i wanted instead of putting what the link is. i could write anything there! if you didn't check the lower left corner, you wouldn't even know until it was too late! something that says "click here" to review your account info, could really be covering up the fact that they're sending you to "". always check the lower left corner people!

now, this should be common sense, but never EVER ever ever ever, download an attachment from someone you don't know. and unless you were expecting said attachment from someone.. be cautious. i cannot tell you how easy it is for someone to break into your computer remotely if you click on something bad. i've witnessed it myself, (under a controlled setting of course.. for learning purposes only.) but again... that's another blog post for another day.

when in doubt, don't click. companies know scams like this are out there, so they will never ask you to follow a link from an e-mail and enter personal information. always type in the address of the website you know you can trust, and log in from there. don't be lazy people! this is your identity we're talking about!

whew.... that was long, but hopefully informative! any questions, feel free to leave in the comments, as well as your test scores!

Thursday, May 5, 2011

clickjacking madddddddness!

alright... so we all have a facebook account now days, right? it started off as a great way for friends and family to stay connected.. but if your page is like my page, it's getting taken over by JUNK! ok, well, maybe not so much MY page, but my feed is filled with it, and many of my friends have fallen victim to something called "clickjacking". what is clickjacking you ask? it's all those posts about links that sound pretty sketchy. "omg, you will not believe what this girls dad said to her to make her commit suicide!!!!!" "see the official videos of the death of osama bin laden!!!!!" "father walks in on his daughter!!!!" "see what you'll look like in the future!!!" tempting to click on... i know.... but don't! once you do, the link automatically "likes" whatever you clicked on, and then proceeds to post it on your profile...without asking nicely.... BAM! you are the victim of clickjacking!

there are also different ones, that once you click on it, it will do all the stuff i already explained, but then... oooooooh then!!!!! it sends it to everyone on your friends list. so it infects even more people. not good. it makes for several unhappy friends. and probably get you blocked...and no one wants that! the cycle then repeats, because your friends, thinking you sent them this 'awesome' link directly, and wanting to be a good friend and check out what you recommended, click on it themselves, and the spiral of clickjacking continues.

but fear not... there is something you can do!! first off... just be careful what you click on.. not just on facebook, but anywhere on the web. there is so much spamming going around on facebook now, you really need to look at the links before you click on them. is it a link from youtube that allows you to play the video right there in your feed? if so, that's a safe thing to check out. go ahead and watch. is the link going to take you to another website you've never heard of? probably not a good choice to click on. also, be sure to look at what the message your "friend" wrote on the link posted. does it sound like something they'd say? is it spelled correctly? or did some foreign taxi driver from queens probably write it? when in doubt, don't click! simple as that. or, if it's really something that interests you, do a search of it first. make sure you trust the websites you're looking at. anything serious will always be reported on news sites, or yahoo features etc.

if you do happen to fall victim to a malicious website that posts automatically on your page, simply report the post as spam or delete it. to do this, hover your mouse over the upper right corner of the post and a little "x" will pop up. click on that and it will bring up some options. click on the 'report as spam' tab and voila! you've helped report malicious posts on facebook, and it should delete it automatically. if it doesn't, just click on the "x" again and click remove post. it's very important to make sure you take the junk off your page so others don't accidentally fall for the same thing!

so hopefully this little blog can help some of you navigate the scary world of the internet. my goal is to post things that anyone with basic computer skills can follow and learn from or just open your eyes to things. i have several ideas already in mind, but if there is an internet topic that you're curious about, feel free to comment and ask questions! i'll talk it over with my resident computer nerd to get my facts straight, then reply back as best i can! comment as you see fit, for i'd love to get some discussions going! surf smart!