Today someone was awesome enough to send me an email to make sure that it was valid before they clicked on anything. I cannot express to you how happy that makes me!!! It saves me so much work!!!! Of course, we now have Cylance as our Anti-Virus(AV for short) and that in itself has made my job so much easier!!!! We’ve had it nearly a year and NOT 1 computer has become infected with ANYTHING! If you are a business thinking of changing your AV product, I cannot recommend this product highly enough!!!!
First, let me break down the beginning of the email:
From: Media Player <email@example.com> <———– This is NOT an Apple address
Subject: New version of Mac Media Player available for download!
Apple and Microsoft will NEVER send you an email about this!!!!!! They would send it to your device through an update! Sometimes phishers will fake the email address or make it look so close to the real thing. I’m actually surprised at how bad this email address even looks! Even if it looks real, and you think it might be a valid email from your bank, Paypal, Amazon anything like that go to the website directly. DO NOT CLICK on the link!
Then we go into the guts of the email: It’s a bunch of pictures with links attached to them:
Looks fairly realistic huh? This is actually very easy to do!!! I just did this with a screenshot! Anyone with minimal computer experience could do this!
Now, for the most important part. If you just hover over the Download link or anywhere over the pictures, this link comes up:
First off, this is NOT an Apple link! The link here is to a domain named flymail.cf. The portion of the address that is wrong is the .cf. That is not a legitimate top level domain name, like .com, .org, gov or .edu. To see a list of actual top level domain names, you can find it here: http://www.domainsherpa.com/top-level-domains/ .
The other portion of this link that bothers me is track-url. Now, this leads me to believe that this link is going to track your urls (websites) that you visit. I’m going to say that this tracking will happen through cross-site scripting. Essentially this site will inject code into your browser that will capture your sessions on the websites you visit after this website, including your usernames and passwords!!!
This means if you go to an unsecured website the hacker can easily capture your username and password with this code. It’s one of the most frequently used types of hacking, it’s called session hijacking. Later on you start to wonder why you are getting spam, or why did people just get friend requests on Facebook from me when I am already friends with them? If you use the same password for one site, then the hacker can go to several websites and try that password and have remarkable success!
This is why you need to have different and complicated passwords for all sites you visit. There are password managers that you can use to help you with this. Let’s face it our brain can’t remember all of our passwords and writing them on a piece of paper and saving them in your desk, or under your keyboard at work are HORRIBLE options! I will do more research on what password managers are the safest and best to use for my next Tech Tip Thursday.
Oh yeah, and if I find your passwords written on a sticky note taped to your monitor I’m rippin’ that bad boy off and throwing it out!
This month is National Cyber Security Awareness Month. I will try to post something weekly in regards to the campaign. This week’s theme is STOP. THINK. CONNECT.
Here is a helpful video telling you some basics steps to stay secure online! Stay Safe Online!
For more information please visit: http://staysafeonline.org/ncsam
What is Ransomware? According to Wikipedia it is the following:
Ransomware is a type of malware that restricts access to the infected computer system in some way, and demands that the user pay a ransom to the malware operators to remove the restriction. Some forms of ransomware systematically encrypt files on the system’s hard drive, which become difficult or impossible to decrypt without paying the ransom.
I’ve dealt with CryptoWall and it worked fast and rendered the computer useless after a few hours.
It’s shocking how easy it is to do. Cylance a newer Anti-Virus(AV) with Artificial Intelligence instead of Anti-Virus Definitions listed this picture on their website.
This is from a website on the Dark Web. No I’ve never visited there! Essentially it’s a form to fill out that will create the Ransomware code for you. NO CODING INVOLVED on their end!!!!! Frightening!!!
So now that I have officially scared you, how do you prevent it?
- ALWAYS keep your whatever Anti-Virus you use up to date! Don’t have money for Anti-Virus software? There are a quite a few excellent free Anti-Virus programs. Avast, AVG, Panda, Sophos, ZoneAlarm and Bitdefender to name a few!
- Run a software firewall like Windows Firewall, ZoneAlarm AV has a firewall built into it, or Sophos XG Firewall Home Edition. Still don’t feel secure, buy a physical firewall. Like the Netgear ProSafe or the Cisco RV110W-A-NA-K9 (who came up with that name??)
- Make sure your Operating System has all the latest updates!
- Use a Malware solution like Malwarebytes. Bitdefender has a solution that you pay for your Anti-Virus, Firewall and Malware Protection all in one product, it’s called Total Security 2016.
- Disable Macros on all Office files.
- Never open an email attachment from someone you don’t know.
- Carefully open email attachments from someone you do know.
- Don’t click on links that you know look sketchy on unfamiliar websites
- Download this very helpful Ransomware Prevention Kit from Third Tier. They ask for a small donation to fund and pay for certifications for women in IT. We NEED more women in IT!!!!
- Backup your important files on an external hard drive and then only connect it when you need to back up again!
- Backup frequently
If you should get infected with Ransomware, paying the ransom doesn’t necessarily mean that the criminals doing this will give you your files back.
There is a “Vaccine” available for some flavors of Ransomware provided by BitDefender.