June 20, 2018

THE WEEK IN REVIEW

We all know that sometimes bad things happen to good people, or in this case, good businesses.  We recently looked up the phone number of our local bike shop only to see this appear in a Google search…

It was pretty obvious that this website was hacked, not just “may be hacked.”  We copied that Chinese text appearing under this business domain, pasted it into Google Translate and were pretty surprised by the translation…

We ran multiple malware checks on the bike shop website but found nothing threatening.  It appears that Chinese hackers are using this web site to host a retail shop….of knock offs?  The bike shop owner told us that he has a WordPress website and doesn’t routinely keep the website software updated.  That’s what hackers hope for! If you have a WordPress website, vulnerabilities are discovered all the time to both the Word Press software itself and plugins used with your site.  Be sure that someone is getting notifications regularly whenever updates are needed and then install them! Also, we strongly recommend having at least one, if not two, highly rated security plugins set up for your site.  Also, if you are a local business with no plans to sell your products or services to the world, use a security plugin to prevent most of the world from getting to your website. While this trick won’t stop hacks, probes and threats to your website, it will limit them!

Have you noticed a decrease in spam hitting your inbox or spam folder?  We’ve notice the biggest drop, beginning on June 12, that we’ve ever seen during our nearly 4 year history.  And we don’t know why. While trying to find an answer that might explain this enjoyable circumstance, we did find recently published research by Delft University of Technology and SIDN Labs stating that new global domain names (“gTLDs”; for example website.review, website.date, website.bid and website.loans) are ten times more likely to be used by spammers/scammers than traditional domains like website.com or website.net.  That’s no surprise since spammers purchase domain names by the thousands and those gTLDs can often be purchased for pennies instead of dollars each.  In March, Symantec published a list of the top 20 sktechy gTLDs based on their analysis of scams and malicious emails.

[hr_invisible]


[hr_invisible]

Phish NETS: If You Log Into a Phishing Site, What Next?

TDS found no phish at all in last week’s sea of emails.  So we present you with this problem, posted on Reddit.com a few days ago by someone who entered his personal login information into a phishing page before realizing it was a phishing page…

Posted on Reddit by Jibberfinger on June 16:

“I accidentally entered my Apple ID password into a phishing website, but I changed my password almost immediately after I realized it was a scam. Is this enough?  I got an email about an unauthorized sign in attempt from a “trusted sender,” so I clicked on the link and I was sent to a website that looked very much like the Apple website. The website said that my account was locked from the sign in attempt. However, after I was an idiot and entered my Apple ID and password, I noticed that it was asking for my social security number and credit card information, so I knew it was fake and left the site. However, because I had entered my password, I went online and changed my Apple ID password on the official site as soon as possible. Is this enough to prevent the scammers from getting onto my Apple account?”

What should Jibberfinger do to better protect himself?

  1. Besides changing his password for his Apple ID, he should change his password to every other account where he uses that same password.
  2. He should log into his Apple account and make sure that it has not been set up for any additional email addresses, or 2-factor authentication sent to the hacker’s phone number, or set up to forward his emails somewhere else.  Hackers will often set up a “back door” –another method to get back into an account once they’ve hacked it, in case the front door gets locked again.

[hr_invisible]

[hr_invisible]

YOUR MONEY: Pandora Sale Ends at Midnight and Shark Tank’s Mark Cuban Endorsement

We’ve seen many fake name brand emails before, like this one claiming to be from Pandora.  Notice the urgency in the subject line… “[Hurry] Flash deals end at MIDNIGHT” That urgency is just social engineering.    The email came from julia “@” bruce[.]adlzy[.]com.  A WHOIS lookup shows that this domain was registered 2 months ago to Chen Chang Wen from Beijing, China who claims to represent the company Xinnet Technology.  We previously reported on Mr. Chen Chang Wen in the Top Story of our May 30 newsletter.  At that time, Mr. Wen claimed to represent a ghost company called Nexperian Holding.   Does any of this seem legitimate to you? It certainly doesn’t represent the real Pandora Company!

Once again, this endorsement from Mark Cuban is not real and is just click-bait.  “This drink is your answer to becoming skinny” says an email from the domain klikmbcandalusia[.]date.    The Zulu URL Risk Anaylzer rated this domain and the links in the email as 80% malicious.  We can guarantee they are 100% malicious. Notice the tiny, tiny text characters at the bottom of the email that we highlighted?  We copied and magnified that text to discover that these scammers pasted the following….

“longevity So one day last July, Dr. Timothy mildly Ley, associate director of the universitys genome consequently institute, summoned his . Why not throw algin everything we have at seeing if we roots can find a rogue gene spurring Dr. acquaintance Wartmans ,  acute lymphoblastic leukemia, he stile asked? Its now or never, he recalled stelling them. We will only get one toll . Dr. Leys tried a type quickly of analysis that they had never done pleased before. They fully sequenced the genes of…”

We found that same text on a web page selling fake viagra and cialis.

Just delete.

[hr_invisible]

[hr_invisible]

[hr_invisible]

TOP STORY: Google “Check Activity” Notification

This week’s Top Story came to us from a young man who asked for our help.  He wanted to know whether or not this email that appeared to come from Google, was legitimate.  And, was his email account hacked?

The good news, we informed him, was that this email was absolutely legitimate.  Though the source of an email can be spoofed, we confirmed that this one came from accounts.google.com like it says.  “Security alert”  “Your Google account was just signed in to from a new LG K8(2018) device.”  And the link connected to “Check Activity” points directly back to google.com without any hidden redirect inserted into it.

This email was legitimate!

 

However, there is bad news.  The young man informed us that he DID NOT sign into his Google account from an LG K8(2018) phone.   Sadly, the hackers quickly locked him out of his account and he was trying to contact Google to get access again.  Considering all the private information and contacts in our email accounts, this can be frightening and create a lot of anxiety in our lives.  To reduce the chances that this ever happens to you, we strongly recommend the following do’s and don’ts….

  1. Use strong passwords of at least 10 characters or more. Read our article Creating Strong Passwords.
  2. Never log into any personal account while using a free, public wifi service where many people congregate such as a Starbucks, outdoor cafe or hotel lobby. (It is much safer to log into a hotel wifi signal from your hotel room, than the lobby or courtyard area.)
  3. If you choose to use public wifi provided by a local business or hotel, ask for the exact name of the wifi network and be sure to select this name when connecting to it.  Some criminals will sit in a public wifi space and open their own “wifi network” using their laptop and disguised as the business. If you connect to their fake service, they are able to capture everything you type including your usernames and passwords.
  4. Never, EVER, log into any personal account from a publicly available computer such as those typically found in a hotel business center, local library, or conference kiosk.  It is common for these computers to be compromised with malware that collects your personal information.

These suggestions may seem a bit paranoid but it isn’t worth taking the risk.  Too much is at stake to have your email compromised. Finally, if you are hacked, here are some tips how to recover from a hacked email account.

[hr]

FOR YOUR SAFETY: Windows Warning Alert

We recently visited a website while looking for an article and were immediately redirected to this web page below that was being hosted in the South Pacific Islands called Tokelau. (See the 2-letter country code “.tk” in the link after “somehowhehad.”  It is for Tokelau.) According to this Windows Defender Alert, our computer was hit with malware and we were asked to call the “Help Desk” at 888-480-6877. All of this was very funny to us since we were on an Apple Computer, not Windows. If you take a moment to read the text in this popup, it’s very funny, especially that list of things being stolen from our computer.

The safest thing to do in this instance is quit the browser application.  If that is not possible, then force-quit it. And if that is also not possible to force quit, then shut down the computer and restart it.

[hr_invisible]


Until next week, surf safely!