Tag Archive | Spam

CISPA Bill Passed by Representatives Again – Trouble on the Horizon!

The Cyber Information Sharing and Protection Act, AKA CISPA, has once again passed in the US House of Representatives. Reminder that this bill gives government agencies and their other agencies access to personal, private user data to help monitor for the presence of hackers.

Now, when CISPA was first passed, Senate said NO! Also, President Barack Obama has said that he’d veto the bill if it came through his office. Because of the different privacy issues, many advocates against this bill will fight it to the end.

This bill has been backed by bigwig business for a long period of time, almost since the beginning of the talks of this bill. Maybe it could be the big government contract ($$$) for these big businesses that seem attractive or maybe could be the fact that these business truly believe to end hackers’ abilities.

Will it completely stop hacker initiatives? Probably not. However, it would provide the ability to try to limit some of the bigger initiatives.

Government sectors of China, Russia, etc. are a bit of a cyberthreat to the United States, information access is what the US will need if it wants ahead of the game. Do you agree?

Of course the president of the US doesn’t want it passed if it violates the rights of citizens. But, in the end, realize that if money among other things, like personally-identifiable-information were to be stolen every year — and people would realize this, then people should have no problem with their data being accessible to US authorities rather than hackers.

The bright side would be, is if government authorities have access to your private data, it isn’t going to spread around like wildfire, unlike what’d happen if a hacker got a hold of it.

It’s easy to do an Internet search for lists of email addresses, and pull up loads upon loads of private email addresses that hackers posted in public to humiliate those that haven’t been smart enough to keep it secret.

Spammers and phishers, all the time, access your private information on Facebook, if you accidentally click the wrong link or follow a malicious email link – which asks you to ‘enter your Facebook username and password to continue.’

Some people argue that the government doesn’t care for internet users but rather cares for the money they’d get. Well, actually, if you think about it, the government is paying these big businesses to participate in the information sharing process, so the American people’s pocketbooks/wallets can be protected, and their own privacy.

Who else has protested this? Anonymous:

Even the Reddit co-founder is urging the US Government to NOT pass it.

What should be our take? You decide. My vote is neutral. I see this bill as a good thing in spots (because of potentially ending hacker initiatives and malware/virus threats), however, it poses a major privacy threat. For most advocates of privacy, I agree with them.

Your opinion matters too! Contact your local senator and let your voice be heard. It’s usually best to write a letter, which provides good results. Providing written documentation of a fair but firm protest is the best way to go.

Advertisements

Security Threats to Monitor throughout the beginning of the New Year

There is a lot to look out for this holiday season, and into the New Year…and many Grinches want to steal your joy. But, as long as you keep an eye on them, there shall be nothing to worry about!

 

  1. Spam – as always. Have you gotten emails from “FedEx” lately or UPS? You know, those fake emails stating you have a package to be tracked, but they need another payment method to process it? Or how about some free or cheap Rolexes? All of these are scammy spam, fraudulent, or just wanting to distribute malware! Remember, if you didn’t order it, don’t believe it! What is spam can also lead to number 2…
  2. Phishing attacks… as millions of people shop online and shoot up the revenue of online shopping to the billions of dollars, there are also tons of scammers and fraudulent websites wanting your personal data, credit card, or to waste your time. Remember, if it doesn’t look legitimate, or does not have a secure transaction process, it probably is not a good idea to make the purchase (no matter how attractive it looks). Usually, trusted stores are the best to shop from, and that’s all that’s best.

    When you go to check out and enter your personal information, first look at the address bar and make sure it highlights green in some area and has the following at the beginning of the web address: https://. By looking for that, or even looking for a padlock icon in the lower right or left corner of the browser will help ensure you have a secure connection where your personal information will be transferred privately.

  3. Social engineering attempts – you can find these on social networks. They attempt to entice you with different ads or offers, or show a shocking story in attempts to get you to click on it. Once you do, you may be asked to login to Facebook, verify personal information, or make a payment to get access to information.

    When it comes to shocking stories, safely ignore them if it didn’t come from what looks like a trusted source. Instead, stay out of trouble and don’t click. “If in doubt, throw it out”, perspectively can be used to help let you think about what you click on. Also, be careful about charity apps. On Facebook, and application called “Causes” is the only legitimately popular app to use for charity donations. Most correct charity ideas are routed through Causes because of how trusted the app is.

  4. TMI on social networks – be careful about how you tell others about places you’re currently staying, eating, or being by yourself (at the office or at home). Using apps such as Foursquare or related, don’t bother using. They are highly insecure to your personal privacy and can result in burglary or worse.
  5. ATM skimmers – fake debit or credit card readers are popping up in random ATM machines around major retailers everywhere. Always look closely before swiping your card, or pressing any buttons. If anything seems out of place, loose, or just doesn’t feel right…Don’t swipe your card, don’t press any pin number, etc. If anything seems funky, ask the cashier to run your card under the counter, or just go to a bank.

    It’s best also to either tell the bank owning the ATM or call the number on the ATM. Let them know the machine can be modified for illegitimate purposes. Lastly, always spread the word to the cashier that the ATM could be modified and to tell customers not to use it.

  6. Unprotected computers and tablets… here’s the solutions for those matters:

PC:

MAC:

ANDROID:

Buy Kaspersky Mobile Security and protect your Android smartphone for 1 Year – only $19.95

Battle.net Account Verification Email Spam Continues, More Users Compromised

More spam is lighting up for Battle.net account users, Diablo, and World of Warcraft members. The latest spam update is below, where once again, the spammers are using a fake email account (diablo@email.com) as the sender, and stating that you are trying to sell your Battle.net account and need to verify it so it will not be suspended.

However, the link it gives looks real, however, it is fake.

Greetings!   It has come to our attention that you are trying to sell your personal World of Warcraft account(s). As you may not be aware of, this conflicts with the EULA and Terms of Agreement. If this proves to be true, your account can and will be disabled. It will be ongoing for further investigation by Blizzard Entertainment's employees. If you wish to not get your account suspended you should immediately verify your account ownership.   You can confirm that you are the original owner of the account to this secure website with:   hxxps://www.battle.net/account/support/password-verify.html  If you ignore this mail your account can and will be closed permanently. Once we verify your account, we will reply to your e-mail informing you that we have dropped the investigation.   Regards,   Account Administration Team World of Warcraft , Blizzard Entertainment 2012

Here are the technical details:

Return-path (email address the email actually came from): ab[at]vlrpc.com

IP address: 112.65.228.185 belonging to an unknown/private user (WHOIS states the IP master’s name: yanling ruanof) China Unicom, a telecommunications company governed by The People’s Republic of China. They seem to either ignore abuse reports, or do not know much about their users’ activities. We know a private user sent this spam, because the message header clearly states the application used to send the email: Microsoft Outlook Express 6.00.2900.5512.

Known blacklisting: Spamhaus.org (listed as “Illegal 3rd party exploits, including proxies, worms and trojan exploits”), abuseat.org, barracudacentral.org, uceprotect.net

Now, it’s believed that the recent spam outbreak (like the one above, for example) is a result of the latest Blizzard lawsuit. However, spam like this has happened before (also look in the comments for a user who posted about Diablo 3 spam).

The only thing to best protect against spam is having an anti-spam program. Please visit the vendor below for more information.

Caretaker Antispam download link

Video “OMG I just hate Rihanna…” Facebook scam spreading

Messages are spreading between Facebook users, claiming that members of the social network have lost all respect for popular songstress Rihanna after watching a video.

However, if you’re careless enough to click on the link you will find yourself lured into a survey scam that attempts to earn affiliate cash for fraudsters.

A typical message trying to tempt users into falling for the scam looks like this:

If you were fooled into participating in this scam remove the message from your newsfeed, and delete any messages you may have inadvertently shared with your friends. That way at least you are no longer spreading it with your online chums. You can also report the link as spam – hopefully if enough people do it, Facebook will begin to stop the scam from spreading.

Rihanna Facebook scam

Read more on Naked Security

 

Prevent scams like this and other social network scams/issues:

Get the review of Malwarebytes’ Anti-Malware

More celebrity sex tapes (Hulk Hogan), more security problems

Now, spam makers have more juice with a sex tape leak on Hulk Hogan. The alleged porn tape appeared earlier this year, place in at least one studio, and now it is a key spam topic in email/IM/SEO spamming.

If that isn’t bad enough, Heather Clem, one alleged to be involved in the footage, and is “completely devastated” by it.

There are many other stories popping up about the tape and it’s becoming a big buzz. What’s sad is, with the rise of social networking, contributes to the rise of celebrity problems, which was predicted I’m sure. Celebrities don’t belong with normal people, because either the celebrity goes crazy, or the fan goes crazy.

As usual, if you receive any emails containing information about the Hogan sex tape, kindly ignore it, and do not download the attached EXE file or video that apparently has the footage. Doing so can cause malware to take control of your computer.

To prevent spam from causing problems on your computer, it’s best to secure your computer Surfright Anti-Spam.

October is National Cyber Security Awareness Month

NCSAM official image (Department of Homeland Security)

Cyber security awareness is so important, and we’re going to display a few things you should be aware of this month, for you to try to make capable changes to your personal or business security perspective. You will notice some of the information below is linked to different posts here on the blog. This should help you understand each topic better! Please don’t be afraid to use each of the links below to learn more about protecting your system(s).

  • Email is one of the biggest attack methods. Since users are still highly dependent on email, it is so critical that email systems get fixed. Spam can be so cunning that it may disguise itself as your friend, someone you trust, or a bank. The main target in these spam attacks is phishing, which will allow an attacker to trick you into doing something or giving away personally identifiable information.The goal is to also download malware on to your computer, which can be used to take control of your computer and steal much more personal information. Some emails may claim to be a legitimate organization sending you an attachment, but it’s purpose is to distributed malware on your computer. It is best to secure email systems against spam. This can be done using a variety of products whether hardware or software. Make sure to secure your system(s) with the latest spam fighting utilities. Also, securing Outlook or Windows Live Mail is beneficial.
  • Instant Messaging still seems to be a vector for malware attacks. Just when people drop their guard about IM security, a new band of threats affects users. Most IM attacks come in the form of spam, a message from an apparent trusted friend, or a phishing attempt/scam from a legitimate looking company. A lot of the time, when the message appears from a trusted friend, it usually means that person’s IM account or email account has been hacked and the attacker has mined the email addresses or IM addresses in order to send you these attacks. It is important to have a good Internet Security product that protects against IM attacks along with network defense.
  • Exploits are the most common cause of infections on computers these days. Many of the exploits have been caused by out-of-date Java plugins or Adobe Flash Player plugins (or even fake Flash Player), among other types of plugins for your browser. Other exploits come in the form of advertisements that are catered to your interests, by the use of tracking cookies, which when you click on the ads it can lead to a site that will immediately download malware and attempt to take control of your computer.Those are just a couple of examples of why you need Internet Security protection as declared just above in the explanation for IM security. Also, having a second-opinion malware scanner can make sure that things don’t get missed, giving you maximum protection. Working on a defense-in-depth strategy for your computer can be a great way to avoid exploits.
  • Downloading and installing untrusted software products is a good way to get infected with viruses, spyware, and other threats and malware. Using tools such as Web-of-Trust for your browsers is a key idea in managing whether a site is safe. Also, reading reviews for the product you are getting ready to download and purchase will help you make an informed decision. It is important to have Total Internet Security protection, as stated above in IM security. Please refer to the “Internet Security product” link for more information on securing your system(s) with protection mechanisms.

There are many more vectors of cyber security problems. It is important to use the methods described above as well to secure your system(s) from attacks from cybercriminals.

Summary of mitigating most attacks:

LifeLock

Fake Chase account summary emails now widespread

Be careful of new spammy emails from (apparently) Chase.com. These emails state that your account has been locked out, and to “click here” to unlock your account. However, doing so can compromise your computer. Only click links that appear to be real, which means when you hover over the link, it should show the same address in the status bar at the bottom of the browser. If it really is from Chase.com, you should see https://www.chase.com/ as the first part of the address. If there is anything extra placed after the .com part, except for a forward slash (as noted in the link example highlighted red), distrust it. Don’t click on it. If anything, call Chase customer support about the email rather than clicking the link.

It’s also very obviously a spammy email, because of the grammar/spelling errors involved. And also because of the following (when I view the full header):

  • Return-Path: <armagedo@c12.iservidorweb.com>
  • Received-SPF: none (domain of c12.iservidorweb.com does not designate permitted sender hosts)
  • Received: from armagedo by c12.iservidorweb.com with local (Exim 4.77)
    (envelope-from <armagedo@c12.iservidorweb.com>)
  • Message-Id: <e1tf5am-00009j-dx@c12.iservidorweb.com> id 1TF5am-00009J-DX
  • X-AntiAbuse: Sender Address Domain – c12.iservidorweb.com
  • IP: 69.175.87.58

See for yourself:

Fake Chase email

You can avoid spammy issues like this coming to your inbox by downloading the following tool:

Spam Filter for Outlook and Outlook Express

%d bloggers like this: