Tag Archives: phishing

Email, Hotmail, Keep Safe Online, Phishing Scams, Security

Viruses, Malware and Worms, Oh My! – Part 1

November 11, 2013 Computers Made Simple Leave a comment

All this week we’re posting tips on ‘safe computing’; how to keep safe online. While we write about PCs mostly, these tips will apply to Macs too, most of them anyway. If you use an Apple computer (a Mac), don’t assume that you’re safe from these exploits. You’ll need to stay on your toes no what what type of computer you use.

Email – Threats in your Inbox:

We all get large amounts of spam email every week. Normally any junk email easy to spot. Some types of phishing emails are a little bit harder to pick out. Here’s an example of a phishing email in one of our junk folders:

Photo of Phishing Email 1 — **We don’t have a Discover card but if we did, we just might open this.**

Out of the millions of people who receive an email like this, a certain percentage would almost certainly have a Discover card, right? Let’s see what the email is all about:

Photo of Phishing Email 2 — **Oh no! ‘Irregular activity’ on our non-existent Discover card.**

Whether these emails mention Discover cards or bank accounts or airline tickets, there is one simple way to check if they are phishing emails. Aside from the fact that your credit card would call you on the phone to report ‘irregular activity’ on your card or account, don’t you think they would know your name? Any emails from these kinds of institutions, and they don’t send out many at all, would always have your name in the subject line as well as in the body of the email.

We get a notice once a month about our account statement being ready, complete with our name in the subject and our name in the salutation of the email. We also get emails from PayPal about different specials they are running and, again, our name is right up front in the subject line.

Obvious Clues:

Aside from the name issue, this email has a couple of other clues that it’s a fake. At the top, you’ll see that it purports to be from ‘discover@email.discover.com, which is probably a legitimate address. If that’s the case, why would the link in the body of the email lead to ‘cicfif (dot) cn’? That .cn is the top level domain for China, in case you didn’t know. When did Discover start using a domain in China for their security office?

Besides that, as we mentioned before, credit card companies don’t email their customers when there is a problem. Speed is of the essence in these situations. The companies don’t want to interfere with their customers activities but they do want to minimize any fraudulent use of the credit card in question. There’s nothing faster than a phone call to settle these issues. An email would never be used.

Phishing. What the heck is it?

Any unofficial (fake) email or website that asks you to fill in your personal information is said to be phishing for that information. While a virus is bad and malware can really slow down your computer, phishing can hit you right in the purse or wallet. If someone gains access to your bank account or credit card details, they can clean you out in a matter of minutes. Depending on which bank or credit card company you are with, you may or may not be liable for these losses. It’s always a good idea to check out the fine print before something like this happens.

How to Protect Yourself:

1. We strongly suggest that you use an online email account, as opposed to one that is with your ISP (Internet Service Provider). We use outlook.com (formerly hotmail), gmail and yahoo for our various accounts. Why is this important? Primarily because none of the emails from your online accounts are actually stored on your computer. Since you have almost unlimited storage space with these companies, as opposed to the limits set by your ISP, you don’t have to download the emails to read them. As a matter of fact, outlook doesn’t even let you download your inbox. Dangerous or phishing emails never reach your computer, they stay on the online servers.

All of these online email companies have very strong anti-virus/malware filters in place, far stronger than what your ISP probably uses. Before an email gets into your inbox, it must pass through very strict screens. If you have set up your account correctly, most junk emails will end up in your junk folder. You will not be able to click on any links contained in them until you certify that they are safe.

2. Don’t click on any link in email that is not from someone you know or a company that you do business with and has mentioned you by name in the email. Even if the email is from a friend, we’d suggest not clicking on it until you can verify that they actually sent you something. If their email account has been compromised, whatever form of malware that did it will now be accessing your contact list and sending out emails as soon as you click on the link.

3. Since email links can be faked, think about alternative ways to access your credit card or bank account online. Type the address into your browser yourself if you feel the email might be legitimate. Here’s how a link in an email can be faked, in case you didn’t know. Click on this link (it is totally safe, believe us): www.freestuffforyou.com What? No free stuff? Not today, just free information.

4. Here’s a trick for you, one that might keep you safe in the future. Your browser has a cool feature in it that you probably never use. Hover over any link that you see, no matter if it’s in an email or on a website. Don’t click on it, just hover over it with your cursor (mouse). Down on the lower left, right at the bottom of your screen, you’ll see where the link really leads. Try it with our fake link just above this.

That’s it for today, just some simple tips on keeping out of trouble with email scams and phishing. These are things that you actually have to try to get stung with. Your actions in these situations control whether you get into trouble or not. Later on this week, we’ll deal with things that are out of your control. Stick around. Better yet, like us on Facebook and keep up with our tips, tricks and posts: Computers Made Simple on Facebook

Thanks for reading!

Email, Phishing Scams

Track Down a Suspicious Email

November 15, 2012 Computers Made Simple Leave a comment

We received a very suspicious email this morning. On the surface, it looked innocent enough but the clue that told it was a ‘phishing’ email was simple. The email was from Air Canada, Canada’s national airline but the person who received it does not fly…ever. Here’s how we figured it all out. This is the email we received:

Photo of Email 1 — ***Here is the subject line.***

Photo of Email 2 — ***Here is the email itself. Hotmail has prevented some of it from loading.***

If we had recently booked tickets, this email might have tricked us into clicking the links in it. Where do the links lead? Let’s check. If you hover your cursor over each link, you will be able to see the actual link that it leads to. Please don’t make a mistake and click on the link. Ever! This is what we saw when we hovered over the links:

Photo of Email 3 — **Look down that the very bottom of your browser. See where it says ‘www.lakewoodpool.com/PDF/ticketRX749CA.zip ? Nothing to do with Air Canada there.**

Photo of Email 4 — **This one has a contact PDF file which probably has a piece of malware in it.**

Neither link leads to the Air Canada website. We didn’t click on the links but we did open up a new browser window and typed in ‘www.lakewoodpool.com’. This is what we found:

Photo of Email 5 — ***This website is real but it’s out of date. It hasn’t been updated since January 2010.***

We showed you how to check the IP address of a suspicious email here: Check IP Address First we checked the email source by right clicking the closed email in the junk mail folder. (This is how to do it in Hotmal/Outlook/Live but your email system may vary. It may not be the same as this but EVERY email system allows you to check the source of any email you receive.) Here is the menu you’re looking for:

Photo of Email 8 — **Choose ‘View message source’.**

This is what you see next. Yes, it looks like gibberish but all you have to look for are the numbers that are marked in blue here. Highlight them (click just to the left of the first number, keep the mouse button pressed and drag to the right until you get to the end of the last number, then release your mouse:

Photo of Email 6 — ***Near the top, look for ‘(sender IP is …) That set of numbers is the sender’s IP address.***

Next, we headed to http://whois.net/ip-address-lookup/ to find where that IP address is in the world. Whois is a Unix term which is a command, asking literally ‘who is this?’ Here’s what we found:

Photo of Email 9 — **This IP address is in France…a long way from Canada.**

We went through this exercise to prove to you that the email in question is a fraud, a phishing email. The senders expected us to click the links and subsequentlydownload their malware. Once our computer is infected with the malware, they could either take control of our computer or gather information about our identity. Identity theft is much more common now than any other kind of criminal activity.

Besides all of this, the email had many clues in it that, hopefully, would make you suspicious.

Clues that an email a fraud or a phishing scam:

1. If indeed we had purchased a ticket from Air Canada, they would have our name, right? Air Canada or any other company would not send us an email with the opening line: Dear customer.

2. We hadn’t purchased a plane ticket. That’s simple but important. If you haven’t purchased anything from a company but they send you an email which says you have, you can be pretty sure that it’s spam or a phishing scam. This goes for banks, shipping companies and ticket outlets.

3. The links in the email did not lead to an Air Canada site. Hover over any link in the email, then look down near the bottom of your browser window. The real link address will be there. Whatever you do, do not click on any link in any email that you think is suspicious.

4. One of the links contained a zip or compressed file. Malware can be sent via PDFs but usually it is sent in a zip file.

The Lakewoodpool.com site has been hacked by someone, that’s obvious. It hasn’t been updated for two years but someone has guessed the administrator’s password and taken control of the site. Once inside the host server, the criminal is able to send out emails such as this from anywhere in the world.

Hopefully, we’ve educated you a bit in figuring out what an fraudulent email looks like. If you have questions or comments, use the form at the bottom.

Thanks for reading!

Avoid Facebook Email Scams, Facebook, Facebook Secrets, Facebook Tricks

Best Protection for Facebook Hacking

July 19, 2012 Computers Made Simple Leave a comment

If you’re concerned about the security of your Facebook account, here’s how to eliminate the biggest threat. It’s easy, fast and once you set it up, you can rest a lot easier knowing that one route into your account has been plugged.

Facebook loves to send you emails. If you let Facebook have it’s way, your inbox would be chock full of notifications about this and that. Right now, there are many email scams out there. You might get an email that looks like it’s from Facebook, but it’s a very clever attempt to get your password in order to hijack your account. Here’s how to stop those emails in their tracks:

1. From any page on Facebook, look up on the top right and click on the arrow beside Home to bring down this menu:

Photo of Facebook Account Settings menu — **Click on Account Settings**

2. Once you are there, click on Account Settings then Notifications and you’ll see this menu next:

Photo showing notifications in Facebook Account Settings — ***Notifications is the one you want now.***

3.Start with clicking on the word Edit to the right of Facebook. This is what you’ll see:

Photo of Facebook Account Settings showing unchecked boxes — **This is what you want the menu to look like, all boxes unchecked.**

4. If you use Facebook every day, why do you need an email to tell you that something has happened inside Facebook? You’re going to sign in and see the notices anyway, why do you need a follow-up email? We would strongly advise you to uncheck every box here.

5. Move down the list for each of the sections: Photos, Groups, Notes, Pages and so on. Make sure each box in each section is unchecked.

6. Now, look up on the top left for the word Apps and click on it. This is what you’ll see next:

Apps Menu in Facebook Account Settings — **Make sure that the Apps never notify you.**

7. Here you will see that we have prevented Words With Friends from notifying us. See the word ‘never’ on the bottom right? Make sure that is showing and click Close to ensure that you will not get any notices from this app. Move down the list and do the same for every app that you use.

You’re done! Now, you won’t get any email from Facebook. Whatever email comes to your inbox or your junk box will be a scam. Guaranteed. If you follow our directions here, you’ll be safe from phishing emails. Phishing is where an email tries to get information from you in order to hijack your Facebook or your bank account.

If you still want Facebook to email you, you’re on your own. You risk getting tricked by one of these clever emails. Good luck! It’s scary out there sometimes.

Thanks for reading!

a little bit of hi-tech, a little bit of common sense and a lot of fun