Don’t Unzip Dangerous Zip Files

Mailbox messages with dangerous zip files.

These can appear in your mailbox disguised as a legitimate fax from a reputable company, in this case Xerox. . In fact, the link to Xerox is valid and will send you to their website. However, the same cannot be said about the attachment. Although innocent looking, it may contain dangerous zip files. A zip file can be used to get past email filters that will not allow an executable file to be delivered. This can properly be used to send a legitimate file to someone.

An Email with a Dangerous Zip File

Dangerous Zip Files
An email like this can contain malicious code that can cost you your identity.

What are the clues that indicate that this email may contain dangerous zip files? Continue reading Don’t Unzip Dangerous Zip Files

Phishing Email Experian

This is an example of a phishing email.  It came with an attached ZIP file which as you see below  claims to contain a key change to your credit report, but will no doubt contain malicious code. The usual purpose of this a phishing email is to either get your personal information or install a rogue program on your computer.

A warning from Experian is here. Also note that the attachment may not be picked up by malware or anti-virus scanners, but that doesn’t mean it is safe,SO DON’T OPEN IT!

A phishing email can be very well disguised. The corporate logos can be found and copied and email links can appear to be from the company, but lead to the phishing site.

Always be cautious and realize that legitimate companies will not ask for personal information, nor will they supply a link in an email, but rather ask you to log into their site directly from your browser and check your account.

If you receive an unexpected email with an attachment be very suspicious.

 

Text from Phishing email shown below.

This email was sent because it contains important information about your account. Please note that if you have previously unsubscribed from Experian.com, you will no longer receive newsletters or special offers. However, you will continue to receive email notifications regarding your account. To ensure that you’ll receive emails from us, please add support@exprpt.com to your address book.
Experian
Membership ID #780313491
A Key Change Has Been Posted to One of Your Credit Reports
A key change has been posted to one of your three national Credit Reports. Each day we monitor your Experian®, Equifax and TransUnion Credit Reports for key changes that may help you detect potential credit fraud or identity theft. Even if you know what caused your Report to change, you don’t know how it will affect your credit, so we urge you to do the following:
View detailed report by opening the attachment. Phishing
You will be prompted to open (view) the file or save (download) it to your computer.
For best results, save the file first, then open it in a Web browser.
Contact our Customer Care Center with any additional questions.
Note: The attached file contains personal data.
Your Experian.com membership gives you the confidence you need to look after your credit. We encourage you to log-in regularly to take full advantage of the benefits your membership has to offer, such as unlimited access to your Credit Report and Score Tracker. Notifications like this are an important part of your membership, and in helping you stay on top of your credit.
*If it has been less than thirty days since you joined Experian.com, your monthly credit statement includes your information for the period of time you have been enrolled.
freecreditreport.com

 

6647-100345-33-1003

Ouch! Newsletter – Email Phishing Attacks

How would you feel if your best friend turned on you? If email is your best friend you better know how to deal with it. Otherwise you could end up being betrayed. February Ouch! Newsletter teaches you how to avoid the pitfalls of email phishing attacks.

http://www.securingthehuman.org/blog/2013/02/06/feb-ouch-newsletter-is-out-email-phishing-attacks

To view this newsletter in a different language, click here.

Public WiFi – Convenient – But safe and secure?

public wifiPublic Wifi is available in many of our favourite coffee shops and restaurants. You may be greeted with a sign, “Free WiFi”. That is a convenient service that lets us check our email or surf the web while we eat or have a drink. But what surfing can you safely do there? Continue reading Public WiFi – Convenient – But safe and secure?

HTTP vs. HTTPS

In an age when security on the internet is of the utmost importance, secure transmission of data is often an issue especially financial or other sensitive information.
That is why websites will begin with either http or https.

WHAT is HTTP and HTTPS?

HTTP stands for “Hypertext Transfer Protocol”. Add the “s” and you have “Hypertext Transfer Protocol Secure”.
HTTP is a request-response protocol. This means that the server is answering a request for information, and sends it without controlling how it gets there.
HTTPS uses a series of communications between the client (for example, your computer) and the server (the computer which will send you the information) to be sure that you are sending your information to only the server and to verify the source of the information and to ensure its security by using Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL).

Using your computer at the coffee shop? Check out Using Public Wi-Fi Continue reading HTTP vs. HTTPS

The Confidence Man

Many advancements in computer and internet security have been made. Anti-virus, anti-malware, firewalls, rootkits scanners, spam filters and much more have made it increasingly difficult for the bad guys to get into your computer and steal your information.

So they are the “confidence man” of the 21 century. The confidence man of the past would devise a scheme where he would get you to trust him, sometimes by posing as someone you already trust, like a friend, local official or  business person, and then get you to give them what they want, whether it be money, information, or whatever.

Today they are using technology to fool people into giving them what they want, which is usually based on the ultimate desire to take your money.

One of the modern tools is social engineering. Here is a great video of how to avoid some of the snares used by these people.

Thanks to www.securingthehuman.org