True Story – Hacker Using Users Email Account to Steal

A person I know recently received a phone call from his bank asking him if he had sent a particular email. The email asked for some banking information but asked the reply be sent to a different email account. The bank was calling to see if the information was correct.

It turns out his email account had been hacked because of a poor password. Once the email account had been hacked, the thieves set up a rule in account to send a copy of all emails to the email account they created. (He was using an account that uses an online version of Outlook to manage the email.( The thieves (or would be thieves) were actually sending emails from his account to make the emails look legitimate.

So the lesson here is if you have any account online, please you good passwords. Also if you have accounts that use a mail manager that allows you to create rules or auto-forward email that you check it periodically. You might find your email going to someone else.

 

Qualys Browser Check

Screenshot of Qualys Scan
Screenshot of Qualys Scan

Those who design malware, viruses, etc. know one of the best ways to infect a computer is through the web browser. After all, there are literally thousands if not millions of people surfing the web each day.

So what can you do to defend yourself? A: Stay away from questionable sites and B: Patch you browser and all your add-ons.

If you set you computer is set to “Automatically Update Windows” you get all the latest patches for Windows. But unfortunately, it doesn’t do anything for your add-ons and you non-Microsoft browsers such as Chrome or Firefox. Fortunately, there is an easy way to see if you have everything up-to-date.

Looks like I need to update
Looks like I need to update

I have been using Qualys Browser Checker and it has been great letting me know if there is a newer version of a browser out there as well letting me know there are updates to Apple Quicktime, Java Runtime, Adobe Reader, Adobe Flash….and more.

In most cases, if you need a update, all you need to do is click on the blue “FIX IT” button and it will either take you to the site to download the update or it will run the update for you. There are times you are taken to a site, such as Chrome, and it will tell you that Chrome is set to update automatically and you just need to wait for the update to be pushed out to your computer.

While patching does not guarantee your computer will not be infected by a website, but it can prevent some infections and can limit the damage done by a virus.

 

What is Layered Security

Drawing of Castle
Wikipedia Public Domain

Earlier, I mentioned “layered security,” and felt it would be good to expand what I mean when I use that term.  Layered security, to me, means that you do not depend on one method of protecting your computer, laptop, or phone.

Often I have heard people say, “I have an antivirus program, so I am protected.” Well, yes you have protection, but an antivirus program is not a 100% guarantee that your computer will not get a virus. Why? Because it is a cat and mouse game when it comes to virus protection. Antivirus companies work hard to make better ways to stopping viruses,  but the problem is that there are people working hard to make better, sneakier, and stronger viruses.

Am I saying don’t get an antivirus program? No! Just don’t act like bulletproof when you read emails, downloading, and surfing the web. One of the first layers of security I recommend is being smart and on the defensive when using your computer. (More on this in another post. Also see my post on WOT – Web of Trust.) Note: MAC users, despite what you might thinks, MACs get viruses too! See http://www.maximumpc.com/article/news/flashback_trojan_responsible_nearly_600000_mac_attacks_and_counting**

Another layer I always recommend is patching your software aka installing updates. While most of the newer OS (Operating System like Windows) have the auto update setting turned on, your other programs may not automatically update. So it is a good idea to check your software vendor’s website from time to time to see if there is an update for your program.

So now you have three layers of security, not just one protecting your computer. In the future I will share with you even more.

** Footnote: Don’t use more than one antivirus program. In other words, three antivirus programs are not better than one. Just like taking more than the prescribed medication can be bad for you, too many antivirus programs can be hazardous for your computer.

 

 

Recommended Article: How to Set Up A PC

Rather than rewrite or rehash a perfectly good article, I suggest the following article from Maximum PC. It show you how to clean up a brand new computer and then configure it they way you want it. It is a lot cheaper than paying someone else to do it.

Logo for Maximum PC

How to Set Up a PC

 Posted 07/08/2013 at 5:45pm | by Gordon Mah Ung and David Murphy

Suspicious URLS’s and Files?

One of my new tools in my layered security blanket is a site called virsustotal. What is great about virus_totalthis website is that you can take a link in an email, copy and paste it into the search field and then scan it without harming your computer. (Note: you have to click on the scan URL link below the scan button to switch from the default scan file mode.)

The other plus is you can download a file from a website, and have it scanned by not one many different antivirus vendors.

virus_total_2It should be noted that this website application does not “guarantee” that the program you download is not a virus, worm, trojan, or malware. In fact no antivirus program can provide 100% protection, but it does provide another layer of security.