Mar 112012

Sometimes all you have to do is open an e-mail and malware is deployed.  Many times clicking a link in a spam message will cause malware to be downloaded to your computer.

You can stay ahead of the curve by checking the message header before you open an e-mail.

Message headers is information that travels with an e-mail and is chock full of information about where an e-mail came from. It doesn’t take long to zero in on the key information.  The Reply To field (if you clicked reply) is often a dead giveaway.  Looking at the routing information is another.

Previous versions of Outlook had a really handy tool to help you look at the message headers by selecting a message, right-clicking, and selecting Options from the contextual dropdown menu.  In Outlook 2010, Message Options are still there, you just have to create a shortcut manually.

Here’s how:

  1. Go to the File Menu
  2. Select Options.  This brings up the Outlook Options dialog box.
  3. Click on the Quick Access Toolbar (that’s where we will put the Message Options icon)
  4. In the Choose Commands From dropdown, select Commands Not in the Ribbon
  5. Scroll down to Message Options and select it
  6. Press the Add button.  Message Options will now appear in the Customize Quick Access Toolbar side.
  7. Click OK.

You will see the new Message Options icon in your Quick Access toolbar that appears at the top of Outlook.

Now you can select a message (but don’t open it!) and then click the Message Options icon to see the message headers.

Analysis of a span header will give you an idea of how to interpret the information.  If you are in the United States and see a domain name with a country extension like .cz (Czech Republic) or .ru (Russia), and the company does not have an office there, chances are very high that this is a nasty malware waiting to happen. 

If you have an Exchange Server-based network, ask us about installing a spam firewall.

May 112010

Watch out for those pop-ups and be very careful about the websites you visit.  Despite current patches and anti-virus software, one of our clients got hit with some nasty malware recently.  They did not fully explain, but it could have been accidentally clicking on a pop-up or visiting a website that delivered it unknowingly or deliberately.  Either way, we spent a good bit of time removing it.

The problem is that so many websites deliver ad content dynamically, including pop-ups, and sometimes the servers that deliver that content can be infected either unknowingly or deliberately.  Personally, I run a utility on my computer that blocks all server delivered ad content.  It not only protects me from the drive-by ad content and infection, I find it a lot more pleasurable to view a page with the small word “Advertisement” in place of a big flashing ad. 

The only drawback is that you sometimes receive an error when you click on a “sponsored” link.  That is easily enough bypassed with a management utility or simply copying and pasting the link.

If you are interested in learning more about protecting yourself, please contact us.

Nov 042009

Passwords are required for  many things in our daily lives: computers, phones, voice mail, bank accounts, and the list goes on.  How secure is your password?  A group of programmers who write password breaking software published a list of the top 500 worst passwords.

Are you guilty of keeping the default password that comes with your computer or device?  Many hackers take advantage of people who do not change default passwords; some demanding ransom.

Remember some of these basic password guidelines:

  1.  Select a password that you can remember, don’t keep written passwords in your wallet or desk drawer.
  2. Use at least 8 characters, mixing letters (upper and lower case), numbers, and characters such as $, #, %, and so on.
  3. Don’t use a word found in a dictionary, English or foreign.
  4. Don’t use passwords based on personal information such as: name, nickname, birth date, wife’s name, pet’s name, friends name, home town, phone number, social security number, and so on.
  5. Be creative.  Misspell words, string together phrases.  For instance, if you are a pet lover, you could turn “a tail and four paws” into “tayl4Paz”.
Aug 112009

I received this phishing e-mail which was so funny, I just had to share:

Dear Bank of America Account Holder,Due to multiple login attempt error while login in to your Bank of America Account , We have believed that someone other than you are trying to access your account.For security reasons,we have temporarily suspend your account and your access to login into your online banking Account. There by you are required to re-confirm your membership details.Confirm your Bank of America Account now to enjoy the benefits of online banking and finance and to avoid fraudulent activites on your account.To initiate the verification process: _bofacom If your membership details are not re-confirmed within 48 hours then your ability to access your account will become restricted.. Thank you. Sincerely, Bank of America Account Review Department. Bank of America, N.A. Member FDIC. Equal Housing Lender © 2009 Bank of America Corporation. All rights reserved.

If you are going to try to scam people, you might try to find someone with a better grasp of the English language for starters.  And while I removed the actual link, the letters in blue are exactly the way I received the link.  Notice a problem?  If the sender was phishing for a laugh, mission accomplished!

Jun 252009

We suggest you read the full article about Vishing from the FBI, but here is the Executive Summary version:

“Vishing starts with an e-mail, like phishing, but requests that end-users contact a particular institution by phone in order to resolve an issue or re-secure personal data. . . . Ironically, vishing e-mails may even attempt to reassure recipients of their legitimacy by stating that the institution in question would never request customer financial data via e-mail or IM. 

“Vishing attacks are rising as voice-over-IP services become more popular. VoIP users (both commercial and residential) aren’t required to provide valid Caller ID information, which makes it an ideal platform from which to launch vishing attacks.”

Always use your common sense concerning e-mail.  Visit a website from your own bookmark, not links provided in the e-mail.  Same with phone numbers, call your institution using a phone number provided on a statement or other verified source, not from a number provided in an e-mail.  Always be cautious and never provide any personal information over the phone if you did not originate the phone call.

Jun 252009

The FBI has come out with a list of New E-Mail Scams and Warnings.  We install e-mail firewalls at our client offices with Exchange Servers and have found this to be a very effective method of screening out most of the junk mail, but no filter works 100% of the time.  These firewalls, however, are not installed on personal e-mail accounts and we highly recommend a healthy dose of skepticism when screening your own personal e-mail.

Aug 202008

Finally!  Microsoft Outlook has greatly improved the Junk E-mail filter with the addition of an International tab.  While most junk e-mail originates in the United States, Russia, Turkey, China, and Brazil are not that far behind.

Since invoking this feature, my own personal spam has decreased significantly.  Just go into your Junk e-mail Options and see the International tab.

Junk email International tab options

May 192008

Most people are well-intentioned when they forward on messages they’ve received about tips or dangers of all sorts, but please, it’s really important to check the veracity of the message you want to share.  Not all messages are outright lies, but often contain a mix of truth and fiction.

Even if you receive a message telling you how to save on gas, it might not be all that great.  What I like about the About site is that they often point you in the right direction.

UPDATE: 7/15/2012: A site I like even better is called Truth or Fiction.  No matter which site you use, just check before you pass it on.

May 062008

I just ran across this:  Back in May of 1978 the very first spam e-mail was sent by Carl Gartley for a DEC marketing representative, Gary Thuerk, in order to advertise a new line of DEC computers. Not surprising is that people back in ‘78 were just as annoyed with receiving spam as we all are in the present. Today of course the spam problem is much worse with spam being estimated at 80 to 95 percent of all e-mail traffic depending on who you talk to.