CyberCrime | Briscoe Network Solutions

Simple Security

September 8, 2010 By Phill Briscoe 1 Comment

Last month, shortly after finishing a telephone call with my friend “Lucy” I got an email from her saying that she was stranded in London, her suit cases and passport had been stolen and although she had found refuge at the US consulate she needed some money to tide her over until problems could be resolved there. I know spam when I see it so I deleted the message.

Later that day I got a panicked call from Lucy relating how her Hotmail account had been hacked, her account password had been changed, and the problems she encountered with Hotmail trying to regain control of her account to change her password and eventually delete the account. Lucy uses this account as one of her business email accounts and she was much chagrined when a spam/solicitation email was sent to all of the addresses in her email address book. Besides of the embarrassment, Lucy had to contact all of the people on her list to explain and apologize for some criminal’s actions.

I tell this story not to point a finger at Lucy but to illustrate that crooks and thieves use any method possible to gain control of your personal information though hacking, viruses, spam, and other malware. My message is to be careful. I’m often angered when I talk with clients who don’t get that point. Although nothing is fool proof, may I make the following suggestions?

Change your user passwords several times a year (ideally change passwords every 90 days). More often than I’d like I’m confronted by a client who finds that passwords are too much of an inconvenience. Even if you only have one computer at least put a password on it to keep the kids out.
Not using your computer? Log out or shut it down. Before we became so environmentally conscious it was customary to always leave business computers on to allow for operating system updates and remote access but in today’s world if your aren’t going to remote into your workstation over the weekend shut it down. If you are going to use the machine at least log out to break the direct link to the server and your user profile.
When was the last time you updated and ran your antivirus or antimalware software? Yes I know that these applications are automated but other than just a maintenance check are they running properly?
Do you have a personal software firewall installed on your computer? Many of us laptop users are at home sitting at the neighborhood coffee shop. Although the major coffee vendors include some sort of authentication and have monitored systems most local coffee houses do not; which gives rise to a concern for added hacking security. Most major personal antivirus and personal firewall vendors now offer Internet security products which include anti-virus, anti-spam, and firewall protection. I like the additional firewall protection but it requires that you learn how to use it as to not block you favorite programs. I’ll discuss this more next month.

With the convenience of the Internet comes added responsibility; quite often the most secure thing you can do is turn off your computer or change your passwords every several months.

Filed Under: Blog, CyberCrime, Maintenance, Network Security Tagged With: Basics, computer maintenance, cyber crime, IT support, Network Security, small business

Corey’s Corner | Avoiding Scammers

August 5, 2010 By CoreyY Leave a Comment

Usually I write about getting your website up and running. I’m going to take a little detour this time around and talk about a persistent and seemingly never ending problem them plagues businesses and private residences alike: scammers/spammers.

We’ve all gotten the gibberish emails, the “male enhancement”, Russian dating and Nigerian prince emails. We all know they’re spam and opening them or downloading a file from them can spell our computer or network’s doom. Did you know, however, about Tab Nabbing? I sure didn’t. Apparently, the new way scammers get your information is by opening a new tab with a dummy site loaded in it mimicking Amazon.com or your bank website. The goal is to trick you into putting your information into the fake site and giving the scammers your password. With that in hand, they can drain your account, buy expensive items, or, in the case of Facebook and your email, send distressed emails to the people in your address book asking for money to get you out of a jam.

With new scams being born every minute in cyberspace, it’s hard to keep up with all the possible dangers. Just this last weekend, I received an email telling me that one of my friends on Facebook recommended a page. I clicked on the link and thankfully nothing happened. I heard later that day from that same friend letting me know that his account had been hacked, and that any emails from him via Facebook should be ignored. (I of course immediately changed my password and kept vigilant for any unusual activity on my account for the next week or so.) With all these new dangers being born any moment, what can we do to keep our information safe?

Two excellent tips offered by scambusters.org is to always pay attention to the icons in your browser. For secures sites such as bank sites, Amazon.com, etc, the padlock, located on the lower right side for many browsers, should be lit up. Also, the URL should look like it normally does. (ie Amazon.com/a long string of characters that allow you to log in.) If the URL doesn’t look right, or you are suspicious, re-enter the URL. If you’re super paranoid, like me, you can also search for the company using Google or Bing. Search Engines are usually pretty good at not recognizing dummy URLs, and Google especially is harsh on scammers when it can. So when in doubt, simply close the tab and try to get to the site in another way. Another excellent resource is snopes.com. You can search urban legends, chain letters and many other possibly shady things using their database of information. They also usually have fairly up to date information on new scams.

While it’s hard to keep on top of keeping your information safe in cyberspace, vigilance is key. While the internet can seem like an endless playground of information, toys and entertainment, you can never let yourself forget that there are people out there that will take your information and use it for nefarious purposes if they can get a hold of it. Pay attention, close tabs when you aren’t using them, and you should be all right.

Filed Under: Blog, Corey's Corner, CyberCrime, Network Security Tagged With: Busines networking, Corey's Corner, crime, Network Security, small business

Recognize and avoid fraudulent e-mail to Microsoft customers

April 21, 2010 By Phill Briscoe Leave a Comment

Below is a message included in the latest Microsoft security bulletin:

If you receive an e-mail message that claims to be distributing
a Microsoft security update, it is a hoax that may contain
malware or pointers to malicious Web sites. Microsoft does
not distribute security updates via e-mail.

To receive automatic notifications whenever Microsoft Security
Bulletins and Microsoft Security Advisories are issued or revised,
subscribe to Microsoft Technical Security Notifications on
http://www.microsoft.com/technet/security/bulletin/notify.mspx.

Please make sure all of your staff is aware of this matter.

Filed Under: CyberCrime, Microsoft, Network Security, Security News Tagged With: anti Virus, Microsoft, Network Security, small business

Are Cyber Criminals Stealing from You?

March 19, 2010 By Phill Briscoe Leave a Comment

How redundant can we be regarding safe Internet communicating and web browsing? As much as we preach maintenance, I’ve noticed that in the current year all of our clients have had at least one malware infected computer; granted, most of those infected machines have been laptops which are used out of the office but no one environment has been safe from infection. Quite often I’m asked what spammers, hackers, and other malcontents hope to gain. In the old days, the purpose was a tech arrogance and a sense of dominance and destruction, you know, striking out against Microsoft and the corporate world. At some level we seemed to put up with cyber vandals and their ilk but so much for computer bad boys and girls. That complacency has opened the doors for cyber criminals who seek to steal your personal information: i.e., social security numbers, credit card numbers, bank account information, and passwords. This criminal assault has increased not only with spam and infected websites but also with instant message programs and social network sites, not to mention file sharing sites.

More specifically, recently I was discussing this matter with John Joynt, Manager of Data Network Services for NPower, a non-profit organization which provides technology support to non-profits in this area. He related a story of one of their long time clients, Evergreen Children’s Association, which had $30,000 removed from their checking account. Please read the full story in the NPower Blog, http://community.npowerseattle.org/npowering/cyber-theft-p1/. Better yet please review the NPower blog periodically about security and tech tips. In addition to the story, John turned me on to a couple of security sites that you might find helpful:

Security Fix: http://voices.washingtonpost.com/securityfix/2009/09/online_bank_robbers_target_hea.html (Brian Krebs’ coverage in his blog)
Krebs on Security: http://www.krebsonsecurity.com (new blog home since he left Washington Post in December)
CNET.com, Seattle rated #1 for Cyber Crime: http://news.cnet.com/8301-1009_3-10469979-83.html

On the other hand, you know that there is danger out there and you work at being careful. Yet you still get infected, so what do you do? At this point your existing antivirus didn’t catch the culprit in time and you need to run a removal tool. I’ve found the following utilities helpful most of the time:

Free removal utilities

Malwarebytes, http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button
Ad-Aware, http://download.cnet.com/Ad-Aware-Free-Anti-Malware/3000-8022_4-10045910.html?tag=mncol;pop
Spybot, http://download.cnet.com/Spybot-Search-amp-Destroy/3000-8022_4-10122137.html?tag=mncol;pop
Microsoft Malicious software removal tool, http://www.microsoft.com/security/malwareremove/default.aspx

Free Antivirus Utilities

Microsoft Security Essentials, http://www.microsoft.com/security_essentials/
AVG Anti-Virus Free Edition, http://download.cnet.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10320142.html?tag=mncol;pop
RUBotted, http://free.antivirus.com/rubotted/ (Bot detection only)
Bot Hunter,
http://www.bothunter.net/ (Network Bot scanner)

Online Scanners

Trend Micro HouseCall, http://housecall.trendmicro.com/
Bit Defender Online Scanner, http://www.bitdefender.com/scanner/online/free.html
ESET Online Scanner, http://www.eset.com/onlinescan/

No system is immune to pirates and scalawags but I think these tools can help. Download a tool of your choice and run a scan on your system. If you are infected, restart your computer in “Safe Mode with Networking”, disable “system restore”, update the tool of your choice, and run a scan. If your system is clean, restart in normal mode and run a second scan or two; if you are still clean, enable “system restore”. If you can’t restart in “safe mode” or install or update the removal definitions on your removal utility, either find a tech who will spend the time to find a way to remove the infection or, best yet, reformat your hard drive and reinstall. Find your re-installation media now and backup or image your computer tonight.