Category Archives: Security

Beware World of Warcraft Cataclysm Beta Opt In Scam

In yet another new and trendy spammer and phishing ploy, I have been getting a few copies of a message claiming to be from Blizzard regarding Beta access to the Cataclysm expansion coming out soon.  This one did give me pause at first because I am signed up for the Beta, waiting to see if I get in.  Luckily, I noticed some blatant signs when I inspected the message.  The biggest thing was not only the Cataclysm website they wanted to send you to for account information harvesting being wrong, as in the wrong URL (not even close LOL), but I received several of these and they had different URLs between them.  One other thing was that I received this to several email addresses, none of which were the one actually associated with my WoW account.  Obviously these guys (or gals?) are carpet bombing and hoping they snag a few of the 10 or 12 million or so WoW players.  Just wanted to pass this on, be on the lookout if this fits you in any way!  In the words of Mad Eye Moody “CONSTANT VIGILANCE!!”

Watch out for SPAM and PHISH(ing)

I have written before about spam and phishing attacks, but I thought it would be a good idea to re-visit this topic since there seems to be a concerted effort by senders out there to blast our collective Inboxes with not only hideous amounts of spam (which is bad enough), but also with a whole new class of phishing emails.  I get tons of them “from” Amazon (that’s where the phrase Spamazon came from!), Newegg, Bank Of America, PayPal, and eBay just to name a few.  Basically, they are likely to send one of these phishing emails from pretty much any online e-commerce type of store that they think the can trick someone with.  That’s why you have to be careful and check these messages out thoroughly!  Because the ones I have been getting lately have been really, really well done.  They have been pretty hard to tell from the real thing.

The idea here is that the phisher will send you something from … let’s use Amazon, saying that your order went through successfully and your credit card was charged X amount of dollars.  Well, you look at that and right away know you didn’t order anything recently (or maybe you did, but the amount charged shows different from what you just ordered) and it makes you think that someone maybe got into your credit card account or your Amazon account maybe.  You feel that rush of excitement and fear as your mind starts doing the mental tally of how much money you are losing for every second that ticks off.  So you immediately click the link in the email so you can log into your account at Amazon and see just what the heck is going on.  Only, that link you just clicked isn’t taking you to Amazon, the phisher sends you to his own web page that looks like Amazon and is counting on that excited fear feeling to get you to rush into action without thinking.  Once you are on the version of Amazon that the phisher sends you to, you try to log in.  You might get an error or the phisher might go ahead and re-direct you to the real Amazon now, it doesn’t really matter because he has what he wants.  He now actually does have your username and password that he just snagged from you attempting to log in at the fake site.  Plus, if you use the same password for a bunch of different sites, he now has your password and probably username for those as well!!!

In a case like I described above, be sure to take a deep breath and act calmly.  Even if you are sure that the email really is from Amazon, open up your web browser and go to Amazon directly and then log in there to check your account, where you can be sure that it really is the correct site.  When you get these suspect emails, check them out closely because as good as I have seen them, there is always something that isn’t exactly right.  For example, when I get a legitimate email from Amazon it will start with a greeting that includes my name.  In the fake but really good one, one thing that stood out was the greeting was to my email address and not my name.  Another was that there was a total dollar amount for the order, but no itemized list.  The real ones from Amazon always have an itemized list.  So, keep an eye out and use your head and you’ll be just fine.  Be safe!!

Beware Website Repair Wizards

We have all seen them, the commercials for fixit web sites that declare all you have to do is visit their site and they will magically fix your computer or make it run faster or any of a number promises.  Well, I don’t want to sound like the Grinch on Christmas, but these sites just don’t live up to all of the hype that they promise.  When you go to one of these sites, you are going to have to have some type of software to download, you just cannot do all that much solely through the web browser.  So, just how much can these guys cram into a small, probably activex plugin?  My guess is not near as much as some of the better known and trusted applications like Symantec’s Norton Utilities, System Mechanic , and Fix-It Utilities to name a few.

I am sure that there are some of these web based tune up sites/companies that are legit and are trying to help people, but I would be careful because I have seen a few that look pretty shady and for all we know, instead of scanning for and removing spyware and such, they could be installing more!  The real bottom line here is that even if these sites are trying to do right by you, there is a limit on what can be done by software, especially software delivered over the web and made generic enough to work on a wide range of platforms.  It’s like the old joke about a mechanic in a can for your car, there just isn’t one, just like there is no magic bullet for your PC.  You just cannot beat a trusted technician, who is well trained and experienced, and has your best interests in mind.  Someone there looking at the screen, analyzing what they find and making good decisions on what to do to make it better versus a script that boils down to a bunch of If/Then questions and loops.

I just wanted to make sure that people think before they use these sites, and don’t go blindly forth, sucked in by slick commercials and ending up with computers that are worse off than when you started.  There may be some good sites out there, and if/as I find them I will post them on the site so everyone will know.  Good luck!

Internet SPAM, Scams, Viruses and Phishing attacks are on the rise

This is just a heads up to everyone out there to be extra careful when handling email.  We have seen an explosive increase in the number of attacks brought about to every day citizens through email.  From SPAM with fake links, to Internet Scams that these fraudsters want you to invest your time and money in, to Viruses/Trojans/Back doors, and of course Phishing attacks where someone pretends to be from some place familiar to you like your bank, eBay or PayPal in an attempt to get your account information.

There are some basic steps to take like using good anti-virus software, and making sure it is kept up to date, that can help you stay safe.  We posted an article a while back with these explained, and I believe we should take a look at updating it since it’s been a year or two.  The basic principals stay the same, and there is still lots of good info there, we will most likely just be adding more stuff to deal with new threats.  Take a look at it here, it’s called Web Surfing Safety, and we hope you find it useful.  In addition to that, be sure to check out the Library, since we have lots of other good information and tidbits in there too!  Thanks.

Verizon Cripples Users Email

Guess what kiddies, in troubleshooting an email connection for a customer that was unable to send any email through one of my servers, I found the problem was not quite what I expected.  The good news is that the problem wasn’t my mail server, or even on my end at all for that matter.  After some testing and digging I found that the problem is that Verizon has now blocked ALL out bound port 25 traffic.  Period.  As you know, port 25 is the standard RFC compliant port for SMTP communication, and Verizon has blocked all port 25 traffic as a means to fight SPAM.  Uh-huh.  Sure.

This means that you cannot use any other email provider for sending mail unless they support a non-standard port for their SMTP service, or you are using webmail exclusively.  This, to me, is wrong on so many levels.  First off, it’s not helping in the SPAM wars as far as I can tell.  I am told the same thing by some Verizon customers I surveyed.  Second, it’s just wrong to cut out basically all other mail providers like that.  This is yet another example of how stupid Verizon is, and how they cannot manage their service at all.

I have done business with many, many telco’s over the years, and Verizon tops the list by a mile of the worst service providers to deal with.  Some of the most incompetent people, bone headed mistakes and plain batshiat crazy experiences have all been at the hands of Verizon.  I hope this is just the first of many nails in their coffin.

One last thing, conveniently enough, the only way around this is to upgrade to FIOS (or other non-specified broadband service) and pay extra for a static IP address.  How nice.  Read more here.

Piggyback App On Java Update

Here is a heads up that we are seeing the online backup application Carbonite, put out by the company of the same name, bundled with a Java update. If you aren’t careful, when you click through the Java update installer, you get Carbonite and a 30 day trial subscription to the service. Not sure if the trial subscription is automatic or if that’s an extra step. Now, I am not saying anything bad or good about Carbonite, I haven’t ever used the service (naturally I prefer MYfilesanywhere), but any time an application gets installed automagically without my express consent, it sets off a red flag in my book.