Security Archives - Computer Doctors

9 Tips to Stay Safe When Shopping Online

November 27, 2016 by admin

Americans plan to do as much as 15% of their holiday shopping online this year. USA TODAY asked computer security experts for their tips on how to stay safe as you buy.

1. Just say no to free Wi-Fi

Resist the temptation to use free public Wi-Fi. It is a trivial matter for hackers to eavesdrop on your connection and steal your information.

Florindo Gallicchio, Optiv

2. Avoid e-mails offering deals

Don’t click on email offers. Instead, go directly to the retailer’s website to find deals. Same thing goes for promo codes — don’t click those links to copy the code, but instead copy it and use it directly on the retailer’s website. Even the most legitimate-looking email could be from hackers phishing for account info.

John Kuhn, IBM Security

3. Don’t be lazy

If you need to create an account with an online retailer, do not use the same email address and password you use anywhere else. This is such old advice it may seem obvious, but many attacks are still successful because people reuse the same combination of email address and password in multiple sites, and attackers know it. It’s not worth the risk.

Geoff Webb, NetIQ

4. Use apps, not your phone’s web browser

Apps for sites like Amazon and Wayfair typically have an extra layer of security and encryption, making them safer to use when you’re out in public.

Morey Haber, BeyondTrust

5. Eschew convenience for security

Never save your credit card information in retail sites and web browsers. If they haven’t stored it, it can’t be stolen from them.

John Kuhn, IBM Security

6. Credit, not debit

When shopping online, use your credit card instead of your debit card. If something goes awry such as making a bad purchase with a malicious online retailer, it is usually easier to resolve any issues with your credit card company than with your bank (or at least the money is not deducted from your checking or savings account).

Lane Thames,Tripwire

7. Open your statements

Pay extra attention to your bank and credit card statements come January and February. Even small charges you don’t remember making can be a sign of fraud. If you see an unknown charge, call your bank immediately and report it.

Tim Erlin, Tripwire

8. Embrace phone-based payments

Retail data breaches have led to the compromise of millions of credit cards. Mobile payment technologies, like Android Pay and Apple Pay, cannot be cloned like traditional magnetic stripe cards. Consider using these technologies in your holiday shopping to keep your cards safe from thieves.

Ryan Olson, Palo Alto Networks

9. Don’t leave your phone unlocked

For God’s sake, set your phone to require PIN or fingerprint to access it!

Jeff Schilling, Armor

Source: USA Today – http://www.usatoday.com/story/tech/2015/11/17/9-tips-staying-safe-you-shop-online/75878958/http://www.usatoday.com/story/tech/2015/11/17/9-tips-staying-safe-you-shop-online/75878958/

Avoid this Apple Invoice Phishing Scheme

October 23, 2015 by admin

Coming soon to a mailbox near you: a blatant attempt to swipe your payment information. Couched in the well-worn guise of a supposed Apple Store refund, the mail wants potential victims to hand over their Apple ID / password and then a chunk of personal / payment details.

The email, currently in circulation, reads as follows:

Your invoice No.69513279

Dear Apple ID

Thank you for buying the following product on 10/22/2015 9:03:55 a.m.

Product Name: CoPilot Premium HD
Order Number: 57620731
Receipt Date: 10/22/2015 9:03:55 a.m.
Order total: 34.99 GBP.

If you did not authorize this purchase, please: Click here for Refund

Of course, you probably did not authorise any sort of purchase for a “CoPilot Premium HD” which is exactly the “Oh no my money, I must retrieve it” reaction they’re banking on (unless you actually did buy one of these, in which case things might get a little confusing). Nothing will have people rushing to click buttons and hand over information faster than the possibility of someone making unauthorised payments – clicking the refund links will take them to a fake login, via a redirect on a potentially compromised t-shirt website.

After handing over Apple ID credentials, the victim is taken to the next step which involves them giving name, address, DOB and full payment information.

Confirm your personal and billing information in order to cancel and refund the transaction above:

For your protection, we verify credit card and debit card billing details. The process normally takes about 30 seconds, but it may take longer during certain times of the day. Please click the Confirm button to confirm your information..

Unfortunately, hitting the “Cancel Transaction” button here would be pretty much the exact opposite of cancelling a transaction and victims could expect to see many more actual payments suddenly leaving their bank account. If you have this sitting in your mailbox, delete it. If you’ve already sent the scammers your details, notify your bank and cancel the card – while keeping an eye out for any dubious payments.

Apple themed phish scams are a popular choice for criminals, and whether faced with iTunes logins, “Find my phone” fakeouts, iCloud shenanigans or payment receipts such as the one above, recipients should be wary and – if in doubt – head to official Apple pages to find out if a payment really is being processed.

Christopher Boyd – Malwarebytes

Credit – https://blog.malwarebytes.org/fraud-scam/2015/10/steer-clear-of-this-apple-invoice-phish/

A New Twist on Tech Support Scams Pop Ups

February 21, 2015 by admin

Tech support scams are not going anywhere any time soon. The number of fake pop ups and bogus 1-800 numbers keep popping all over the place.

This usually happens while you are browsing the web, or perhaps if you make a typo in a site’s name. This is a classic scare tactic with the goal of tricking you into calling for “tech support”.

Miscreants operating out of boiler rooms will impersonate Microsoft and ask you to pay hundreds of dollars for non-existent. Worse, they may hijack your PC and infect it with malware before running away.

The following screen will probably look familiar:

In an interesting twist first reported by How-To Geek, one such scammer is trying out a different scare tactic. Rather than direct victims to a phone number, it pushes a piece of software, which appears to be AdwCleaner. [Read more…]

Bash Shellshock Bug Could Be Even Worse Than Heartbleed

September 26, 2014 by admin

Shellshock is newly discovered vulnerability in software that’s in computer systems we use everyday. It’s kind of like Heartbleed, the Open/SSL bug that scared everyone senseless a few months ago and remains unpatched on thousands of systems. According to some experts, however, Shellshock could be way worse, and it’s been around for decades.

Shellshock affects a piece of software called Bash. Bash is a “Unix Shell,” a command line interface that allows a user to talk to a Unix based system. Originally written in 1980, Bash has evolved from a simple command line interface into one of the most widely used utilities out there. Even though you probably don’t see Bash daily, there’s a good chance that it’s running in the background on your system. OS X and Linux both use Bash, and it has been ported over to everything from Windows to Android.

Discovered by a team from the open source software company Red Hat, the Shellshock bug allows attackers to inject their own code into Bash using specially crafted “environment variables” that have Bash functions in them. (Red Hat’s servers were having problems, here’s a cached version of their explainer.) [Read more…]

5 Million Online Passwords Leaked

September 10, 2014 by admin

According to the Daily Dot, nearly 5 million usernames and passwords associated with Gmail accounts have been leaked on a Russian Bitcoin forum.

The list has since been taken down, and there’s no evidence that Gmail itself was hacked—just that these passwords have been leaked. Most sources are saying that lots of the information is quite old, so chances are they were leaked long ago—though others are claiming 60% of the passwords are still valid (not to mention really, really horrible).

Your best bet is to just change all of your passwords right now. No matter what you do, make sure you using a strong password on all your accounts. [Read more…]

How to Stop Facebook From Using Your Browsing History

July 8, 2014 by admin

Earlier this week, Facebook announced that it was going to start using all of that ever-so-illuminating app and website data it collects to serve us with more targeted ads. In other words, Facebook is getting ready to use your browsing history to benefit advertisers. Here’s how to stop them.

Of course, just because you’re getting some new (and highly necessary) controls over how Facebook shares your data doesn’t mean it’s going to stop collecting the data in the first place. So while we can at least somewhat limit how all of our salacious internet habits are being used, it doesn’t mean the cache of data itself is going away.

What’s more, the new feature is opt-out, so in order to keep your browsing history away from prying third-party eyes. You’ll need to actively head over to the Digital Advertising Alliance here and let them know you’re not willing to share.

Note: if you’re using AdBlocker Plus or anything else that disables cookies, you’re going to need to turn that off before you’ll be able to opt out.

Read the Full Article at Gizmodo.

Vulnerability Found in Samsung’s Galaxy S4

December 28, 2013 by admin

Researchers from Ben-Gurion University’s security lab (BGU) discovered a vulnerability in the Samsung Galaxy S4’s Knox architecture. If exploited, the attacker could capture all communications like email and file activity; leaving no data secure.

The Knox security suite is Samsung’s answer to business security concerns when it comes to Android.

A key component of this security layer is using an application container to separate corporate and personal applications so users could freely use personal apps without worrying about cross-contamination. According to BGU’s discovery this is no longer the case. [Read more…]

Windows XP Users Six Times More Likely To Be Hacked

November 7, 2013 by admin

Microsoft Windows XP Support ends in…

[ujicountdown id=”Small” expire=”2014/04/08 00:00″ hide = “true”]

SEATTLE — Microsoft’s venerable Windows XP operating system is six times more likely to be successfully hacked than newer Windows 7 and Windows 8 personal computers.

Microsoft disclosed that metric at the RSA Conference in Amsterdam this morning. The software giant hopes to compel XP users to dump XP and upgrade to Windows 7 or Windows 8 — before it ends all XP support, including issuing security patches. That will happen come April 8, 2014.

“XP has been a beloved operating system for millions and millions of people around the world, but after 12 years of service it simply can’t mitigate the threats we’re seeing modern-day attackers use,” says Tim Rains, director of Microsoft Trustworthy Computing. [Read more…]