beware of email scams

Several years ago, the most common email scam was the lure of the Nigerian Prince who needed help in moving millions of dollars from his account to a safer account outside his country. And all he needed was a kind-hearted soul who was willing to provide him their bank information to make the transfer. In return, the good samaritan would get a percentage of that money.

What is the aim of these email scams? Money. It is always about money. For the Nigerian prince, once your bank account is compromised, the hacker behind the facade, can siphon off whatever balance you may have in your bank account.

Email Trends

I heard in a conference I attended several months ago, that a white hat hacker put an end to the Nigerian email scam years ago, and that’s why you and everyone else isn’t hearing much from the prince. However, there are a new breed for email scams out there, and they fall into these general categories:

  • phishing
  • impersonation
  • extortion

Like the Nigerian prince scam, these email scam trends are all about money–stealing your money or money you have access to.

Phishing

Phishing’s goal is to steal your account information. It is done through a simple but official looking email from a trusted organization–except it is really bogus. The email might say something to the effect that you need to verify your account at your bank in order to ensure security. To do this, all you need to do is click on a link which takes you to a nice looking web page that looks like the bank’s web page. But it isn’t. It asks you for your account name and password, and after you submit it, it may say something like page can’t be found, something went wrong, redirect you to the actual bank web site, or something else. Regardless, once you click submit, they got your account. That is pure phishing.

If it was your email account that was compromised, then the result of this phishing hack could result in more phishing hacks on your contacts or other folks in your organization if the email account if for work.

Phishing is really the entry point for a hacker’s ability to monetize their efforts.

Impersonation

Anyone can impersonate anybody else on the Internet through email. How? Because anyone can create an email account with almost anyone’s name–provided the account isn’t already taken. And even then, anyone can use anyone’s name as their email display name; that is, if my email address is xyz123@gmail.com, I can use, for example “Prince Charles” as the display name. And if I was in anyway associated with or related to the actual Prince Charles, I may think that the email actually came the the prince.

Impersonation can be monetized in many ways. Two of the most common ways are:

  • asking for a favor by requesting gift cards
  • asking for a list of employee information

For the case of the gift cards, the way the perpetrator gets money is by pretending to be a person’s manager or some high ranking official in an organization. The hacker scouts out an organization’s web site and figures out the organizational structure and finds names of managers and direct reports. Once they find this, they are all set.

They simply create an email account on gmail, yahoo, or many other email sources, and sets the display name to the name of the manager whom an employee reports to. The email is sent in a very simple form–asking if the employee is in the office. If the employee responds, the ploy begins with the hacker posing as the manager and that the manager is in a meeting and needs some gift cards. And so the impersonator asks the employee for a favor to purchase one or more gift cards with a promise to get paid immediately after the manager gets out of the meeting.

If the employee agrees to help out, the impersonator asks the employee to simply take pictures of the gift cards and email the pictures back. Once the employee does this, the money is gone and the employee is out a few dollars.

This scenario is playing out everyday across the country. And it is happening non-stop because it works!

Extortion

This one is a little different, and it plays into people’s fears of the ability of hackers to capture people’s activities online. A typical extortion email in this class of scam comes in with the FROM address of the email matching the target’s email address. The claim is that the hacker hacked the target’s email account, and that on top of that, the hacker has videos and pictures of the target’s Internet activities. The hacker claims that they will expose these potentially reputation-killing information to the Internet should the target not pay up. All they need to begin this is your email address.

To pay up, the target would need to buy bitcoin click a link in the email and paste a real long string key into that web page. Once the target pays up, they are safe.

Believe it or not, some people fall for this. And it doesn’t take much success rate for the hacker to make money. They make money, and that is why they do this.

A more destructive type of extortion is the type that infects and encrypts files on your computer. These ones preys on people without any computer anti-virus or anti-malware solutions.

These can come in as an email that looks official claiming that there is an invoice you must pay or your credit will be ruined, or some other threatening reason. In the email is an attachment that looks like an invoice, but when you open it, it installs and runs malware on your computer which encrypts all your pictures, videos, and other documents. You won’t know about it until after a few days when it pops open a page saying that you must pay up to decrypt your files.

In this situation, they too ask that you buy bitcoin to pay for this. After you pay, they will give you a string key to decrypt your files.

Now, I don’t know if this is true, but the hackers seem to keep their word. People’s files are restored after they pay up, but I woudn’t really bet on it. Anyway, if you don’t want to fall prey to this, don’t open any attachments you receive via email unless you know what it is.

Conclusion

If you don’t get anything from this article, get at least this:

You cannot trust anything you get via email. If in doubt don’t open attachments or click links. If the email looks like it is coming from someone you know, call them to verify.

—forlanda.net–

Background

I recently purchased a Seagate 1TB Gaming SSHD SATA 8GB NAND SATA 6Gb/s 2.5-Inch Internal Bare Drive (ST1000LM014) (FYI:  this is an Amazon affiliate link) in hopes to provide my wife’s old Gateway NV79 laptop a new lease on life.

Here’s some background:

  1. The existing drive was still functional and served as the root drive (drive C).
  2. It had a capacity of 500GB but was short on space due to the massive amount of photos my wife was saving on her existing desktop.
  3. These photos are priceless.  I can’t imagine losing these pictures as they are irreplaceable.

Here’s what I planned in order to get the new drive to take over without having to redo everything (from re-installing the operating system and re-installing all her existing applications):

  1. Do a backup of her profile, along with all her files, create a recovery image of the system, and create a system repair disk
  2. Remove the old disk drive, then install the new larger disk drive
  3. Boot of the recovery/repair disk and restore the system image
  4. Done

Backing Up User Profile/Create System Image/Create System Repair disk

Using Windows 7’s built-in backup and restore utility, I proceeded to do three things:

  1. Backup my wife’s user files
  2. Create a System Image
  3. Create a System Repair Disk

Backup My Wife’s User Files

Of utmost importance is to first ensure my wife’s priceless photographs are safe.  To do this, I purchased a Seagate Expansion 5TB Desktop External Hard Drive USB 3.0 (STEB5000100) (FYI:  This is an Amazon.com affiliate link).  This should serve me well for storing file backups as well as the system image I will be creating in the next section.

To launch Windows 7 Backup and Restore utility, click START, then in the search field enter “backup and restore” and this will show the Backup and Restore utility.  Select it to open.  You should see this simple utility interface pop up:

Backup and Restore Utility

Backup and Restore Utility

Now click Set up backup and follow the prompts.  You should see a screen just like below.  In the image, you see arrows pointing to potential backup destinations.  In this particular example, my 5TB USB drive isn’t connected, but if it was, it would show up as another disk drive with over 4.5 TB of free space.  That was the drive I actually selected for my backup destination.

Target Backup Destination Drive

Target Backup Destination Drive

In general, you will want to select the target drive with sufficient space to take on large backups.  After you select the destination drive, click Next and follow the prompts.  At a certain point, you will have the opportunity to change any default settings, but in general, unless you really know what you are doing, you can leave default settings as they are.  Then invoke the backup now.  Depending how much data you have, it could take anywhere from several minutes to a few hours.  Mine took a few hours (around 3 hours I think).

Create a System Image

During the backup process, you will have the option to select to have a system image made.  Make sure to set that.  I did this to save myself a lot of time doing software and driver re-installs.  Believe me, it is worth it.

Note that I had problems creating a system image.  I figured that this was due to not having enough disk space left on the root drive (drive C) as my wife’s photos used up most of the disk drive space.  Having backed up the photos, I proceeded to delete all her photo folders.  This was a scary thing because at this point, I am putting my trust in Microsoft’s backup utility to save me should something go south with this process.  After doing this, I was able to build a system image.

Create a System Repair Disk

When the system finishes creating both the user file backups and the system image, it will prompt you about creating a system repair disk.  I opted to do this.  I readied my DVD-R disc; it takes one.

Remove Old Disk Drive and Install New One

At this point in time, I turned off the computer and removed the old disk drive and placed the new one.

Use System Repair Disk to Restore the Saved System Image

This is where the actual recovery process begins.  Before I using the system repair disk, I configured the system BIOS to seek the DVD drive first as the boot device, then pressed F10 to save and exit the BIOS setup. I placed my system repair disk in the DVD drive my Gateway NV79, then restarted the computer by simply turning it OFF then turning it ON.

The laptop began to boot from the DVD and determined that I will be doing an image restore.  At this point, I still had my 5TB external USB drive connected to the laptop.  After the utility gets started, you will opt to restore from an image.

It was at this point that I encountered the error that the system could not restore the image because the system repair disk says “No disk that can be used for recovering the system disk can be found.”  After seeing this, I thought perhaps I needed to match the partition configuration of the original drive, so I ran diskpart.exe and tried this.  It didn’t work.  After trying a few things that didn’t work, I finally gave in by doing a search on google.  I found the answer at answers.microsoft.com.  It turns out, all I needed to do on the disk drive was to run diskpart.exe, select the drive, and invoke CLEAR on it.

After I did this, the image restore process worked as it should have in the first place.

Everything that was on the original disk drive was restored, less the photos.

To fix this, I simply invoked the file/folder restore within the backup and restore utility and selected the photo folders to be restored.

Conclusion

What I thought was going to be a routine process turned out to be one heck of an effort.  What really screwed me up was Windows 7 image restore now working the way it should in the first place without having to execute the DISKPART utility’s CLEAR command on the new drive.

 

Vongo

Vongo acts just like malware

What’s crapware?  They are junk programs that manufacturers include in your computer as a value add for purchasing their product.  Value add my arse!  These crapware are generally trial ware and are typically products you don’t prefer anyway.

Once such crapware is Vongo.  Vongo has long since closed business since 2008; it was an on-demand video service, and it keeps installing itself on one of our old Compaq Presario V6000 laptop, which is still running Windows XP by the way.

First I did what most users would do, just uninstall it from the Add/Remove programs section of the Windows Control Panel.  That didn’t work because after I reboot and login as one of the users, the Vongo install process begins again.

Next, I checked all places where programs put themselves in at startup:

  1. The Windows startup folder (c:\Documents and Settings\All Users\Start Menu\Programs\Startup)
  2. In the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (or RunOnce, RunOnceEx, Setup)
  3. In the registry at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

I actually just ran MSCONFIG.exe (System Configuration Utility) from Windows RUN prompt and looked for anything that seemed associated with Vongo.

I could not find anything that looked like they were associated with Vongo (i.e. I looked for any program that had the term Vongo in it).

So I did a search from the root of drive C for anything with the term “Vongo” on it.  I found and deleted all files, shortcuts and folders with Vongo name on it.  After deleting all these files, I restarted the machine and Vongo would continue to install itself.  It was worse than malware.  No wonder the service didn’t last long!

On startup I did notice this file ISUSPM.exe.  This file didn’t look like anything related to Vongo, but as soon as I used task manager to terminate it, the installation of Vongo stopped.

After this, I rebooted the computer and went into Safe Mode (you can do this by pressing the F8 key just before Windows starts.  I then ran MSCONFIG.exe and checked if this file is invoked in MSCONFIG; I found it in the Startup tab, and I disabled it (i.e. I unchecked it).  Next, I searched for all file instances of ISUSPM.exe and anything that remotely looks like it in drive C.  I found and deleted them.

After doing another reboot and logging into one of the accounts, Vongo no longer tries to install itself.  It’s gone!

I finally got rid of Vongo!  Good riddance!!!

 

Backups

credit: Stuart Miles / FreeDigitalPhotos.net

We all do!

This month has been a very busy one; as such, I have not been able to write something for April 2012; however, I did write something about computer backups on my Hubpages titled Computer Backups:  The Last Thing on Our Mind.

Check it out; it may save you some serious headache later.

I should have something in May 2012.

Have you ever browsed the web then suddenly noticed that your computer is telling you it is infected with all kinds of virus and malware?  And here’s the funny thing…you didn’t even know you had this particular antivirus program!

Here’s another funny thing.  If you opt to fix the infection, it asks you to buy a program.

Don’t fall for it.  Instead turn off  your computer right away (hard power off–hold power down for at least 10 seconds) .  Why?  Because you want to stop your computer before the virus or malware embeds itself in startup process; this will make the malware persistent between computer reboots!

Once you’ve turned off you computer you can do one of the following things:

  • Scan your computer in safe mode.
  • Initiate the recovery of your computer
And for your other computers, you may want to begin backing them up, if they get infected in the future.

Scan In Safe Mode

Turn your computer on in “Safe Mode”.  Do this by pressing F8 a few seconds after you power on but before any sign of Windows shows up on your screen.  In Windows Safe Mode, your computer just runs the bare essentials of the operating system.  So even if the malware was able to embed itself into your computer, it would just lay dormant.

Now do the following to begin finding and removing the pesky virus or malware:

  1. First, using another computer, download the latest Microsoft Malware Removal Tool.  Use a thumb/flash drive to transfer and run it to the infected computer.  Hopefully it detects and removes the malware.  If not, continue to the next step.
  2. Next, if you have an antivirus software, run it and do a full scan of your computer.
  3. If you don’t have an antivirus software, see if you can download one using another computer and use a flash or thumb drive to transfer the program installer to the infected machine.  Microsoft Security Essentials (MSE)  antivirus is free, and could easily suffice for this purpose.  Use it to do a full scan of your computer.
  4. Finally, using another computer download Malware Bytes, and transfer it to the infected machine using a thumb/flash drive.  Like MSE, Malware Bytes is also free.  Install it then run a full scan of the infected computer.  Malware Bytes is one of the best detector and remover of fake antivirus.
  5. If none of the above detect and remove any virus or malware, then you may have to start the built-in recovery process–the last resort.

Initiate The Recovery Process

When you buy a new computer, it normally comes with a separate drive which holds a copy of the manufacturer’s base image of the original computer.  Each computer model has its own way of reaching the recovery process.  There are three types of recovery methods in order of impact severity (low to high).

  1. Re-install the operating system using the recovery volume
  2. Re-install the operating system using the recovery volume drive image

    Recovery on an HP Ultrabook Folio 13

    Recovery options for the HP Ultrabook Folio 13

  3. Re-install the system, C drive, and recovery volume using backups you made long ago

Re-installing the operating system using the recovery volume has the least impact of all.  It retains your data, but restores the operating system to its pristine state; however, you’ll still need to install your programs.

Re-installing the system using the recovery volume drive image completely overwrite drive C on your computer.  You will lose any data (documents, pictures, videos, etc.) you ever stored on drive C.  Make sure you do this only as a last resort.

If the recovery volume is damaged, you will need to restore the system, drive C, and the recovery image using the backup you made long ago.  Hopefully you created one.  If you have other computers, I suggest backing them up before the same thing happens to them.

 Creating a Backup Image for a Computer

A backup image is an exact copy of your system, drive C, and possibly your recovery drive.  On Windows 7, you can start the backup image creation process through the control panel.

Backup and Restore

Backup and Restore: Creating a Backup Image on Windows 7

Next select System and Security, then Backup and Restore.  From there, look at the left column and click Create a system image.  The video below illustrates how this is done.

If you’ve been infected by fake ware, please share us your experience below.

In the last few days there has been reports of a worm designed to wipe out your data.  CNET reports that this worm has already targetted US and South Korean web sites.  The worm travels through emails which has an attachment.  The email is basically a trojan with a payload designed to erase files on your computer–including the master boot record.  When installed on your computer, the malicious load with will basically render your computer inoperable on the next boot.

Don’t wait until this happens to you.  Take action; backup your precious files (documents, pictures, videos).  You have several options.

If you don’t have too many files to back up (i.e. less than 2GB), a free account at mozy.com would do the job.  They provide 2GB of free online backup storage space; however, for unlimited space it is only $4.95 per month!  However, if you are cheap like me, you can try to convince others to to sign up for their free 2GB as well, and you’ll get an additional 250MB of storage space for every referral!

There are other online backup solutions like elephantdrive.com and carbonite.com; however, these don’t provide an initial free online storage space.

The other approach is to simply buy a flash drive or an external high capacity USB drive.  There are many out there.  I’ve seen flash drive with capacities as high as 32GB, but I’m sure there are higher capacity units out there now.  You can buy external USB drives now with over 1TB of storage space for less than $200.  As a matter of fact, I recently purchased one at Best Buy.  Over two weeks ago, I completed a full backup of my drives containing years of accumulated documents and pictures.

I know that if by some chance my drive crashes or I am infected by one of this worm, I’ll have my backup to fall back on.

So don’t wait too long before backing up your data.  Get that peace of mind that you have something to fall back to should the worst happen to your hard drive.



Mozy Remote Backup.  Free.Automatic.Secure.

Encryption: key to secured data transmission

Encryption: key to secured data transmission

Not many people realize that the traffic they generate on the Internet as they check e-mail, upload files, chat, and so on are out in the clear. This means that if someone tapped into the network (wired or wireless) where your traffic is flowing, that someone would be able to capture the information flowing through that network, and possibly interpret or maybe even change the account or various confidential information that may be in that flow. One way to keep those Internet peeping toms from seeing your confidential information is by using some form of encryption technology. There are three general scenarios where encryption technology is crucial. The first is the encryption technology you must ensure is used when accessing confidential information online. The second scenario is when you are sending confidential information to someone or some organization. The third is when you are using wireless technology to access your network or someone else’s in the process of connecting to the Internet.

When accessing confidential information online, you must make sure that the site you are connecting to uses TLS/SSL (Transport Layer Security, the successor to SSL–Secure Socket Layer). You can tell this in three ways:

1) The URL for the sites starts with https://

2) There is an indication in your browser that your connection is secure—typically symbolized by a padlock icon (in Internet Explorer 8, it can be found to the right side of the address field)

3) Your browser indicates that it trusts the site you are visiting (in Internet Explorer 8, the address field background turns green)

For example, when you access your bank online, you will see that their URL begins with “https://”, and that there is a padlock symbol somewhere on the bottom or top of your Internet browser. When you’re browser is using TLS/SSL to communicate with a web server on the Internet, you are doing two things by convention—ensuring that the site you are visiting is who they say they are through the use of an SSL certificate which is certified by a trusted authority (for example Verisign) , and the data you are transmitting are encrypted and thus protected from eavesdropping exposure.

What if you need to send something to someone—like a file or an email containing very confidential information (e.g. a set of social security numbers tied to their corresponding owners’ identity)? If trust and confidentiality are important attributes needed in your communication, then there is a product called PGP Desktop that you and your receiver can use. PGP stands for Pretty Good Privacy. The way it works is as follows:

1) Each user creates two kinds of crypto keys—one key is the secret key, the other the public key

2) The public key can be used to encrypt data. The data can then be decrypted using its corresponding secret key.

3) Say that user A and B have each created their PGP key pairs. User A wants to transmit data to B, and he wants only B to be able to read A’s message. They would first need to exchange public keys. User A would then use B’s public key to encrypt his data before transmitting it. When B receives the message, he can use his secret key to decrypt the message. No one else can decrypt A’s message because B is the only one that has the corresponding secret key to decrypt the message.

The use of PGP in the above example is just one of the many ways people can use the pair of crypto keys to encrypt their Internet traffic. By the way, the existence of PKI (Public Key Infrastructure) facilitates the exchange and certification of public keys.

The third and final scenario where you can encrypt your Internet traffic is WI-FI technology use. If you are using some form of wireless technology, you need to make sure you encrypt your wireless network lest you invite your neighbors to see everything you do on the Internet. Currently, the best form of encryption one should use for your home wireless access point is WPA2. WPA stands for Wi-Fi Protected Access. It is more secure that the previous WEP (wired equivalent privacy) or the WPA standard. By using WPA2, you are ensuring that your neighbors cannot see your private Internet traffic.

Remember, Internet traffic is generally not secure. To help keep your confidential data secured when it has to traverse it, you will need to put into effect the habit of only using web sites that support TLS/SSL. And if you need to transmit data to someone, you can use PGP. Lastly, make sure to use WPA2 encryption for your wireless access point to keep your neighbors from seeing your wireless traffic.

Microsoft Security Essentials, also known as “Morro”, was officially released as BETA to the public Tuesday, 23 Jun 2009.  This article gives you a quick first look at it.  If you want to look at it yourself, you can download it at https://connect.microsoft.com/securityessentials, but you’ll need an account in connect.microsoft.com (just make one if you don’t have one; it’s free).

OK.  Here’s a quick look at MSE’s user interface.

When you’ve installed it, you will see this icon on your traybar:  mse-traybar-icon

When you open it, you will the following four tabs:  Home, Update, History, and Settings.

mse-home

mse-update

mse-history

mse-settings

After you install it, MSE will perform its initial scan.  When it did the scan, I checked to see how it was doing with respect to resources and how it was affecting the performance of my computer.  And to my surprise, it was very forgiving.  I was able to do work without having to wait or be affected by MSE scan because apparently it generally tries to run when your computer is idle.  So, when you are busy doing other things, it does release the CPU resource as needed.  Check the task manager below and you’ll see that when I was idle the CPU was at 100%, then I started working and the CPU utilization went down.

mse-no-takeover-cpu

Also check out the detailed performance below.  If you aren’t idle, it does get out of your way.

mse-cpu

Its memory utilization, for an AV product, doesn’t look that bad.

mse-mem-use

Of course, I can’t really tell at this point how effective it is in catching malware.  I’ll save that for someone else to do.  For now, know that it is out there and seems to be running just fine.

When people think of home computer security, antivirus software always comes to mind. Unfortunately this isn’t enough to cover the basics of home computer security. Since there are many ways computers can be breached, it makes sense to employ multiple solutions to address the various vectors of computer attacks. Regardless of your computer or Internet skill level, you must establish some basic computer setup and practices in the following areas:

  • Tools that keep malware out and help avoid malicious sites or content
  • Safe computing practices to keep malware from getting in and to keep your private information from getting out

Malware (virus, spyware, worms, adware, root kit, Trojan, etc.) can enter your computer using the same path as data—through the network interface (via wireless or the network interface card) by exploiting one or more operating system vulnerability, email, web downloads, flash drives, CD/DVD discs , external hard drives and many others. You can also be lured in through malicious web sites where you can unsuspectingly download malicious content.

When malware makes it into your computer, the damage can range from a minor annoyance, file corruption, computer slowness, computer operating system corruption, identity theft, all the way to financial loss, or a mixture of any of these damages.

Your privacy or identity can be breached through your computer when fraudulent email posing as your bank, the government, or some authority requesting your confidential information is acted upon. Or through some links that takes you to a malicious site disguised as a bank, government, or other authoritative site.

First let’s look at the various tools you can use to keep malware out and help protect your privacy/identity. You will need one or more of these tools to keep malware away and protect your privacy/identity:

  • K9 Web Protection (free)– provides web filter and protection from malicious sites; this is great for keeping you from entering malicious sites.
  • AVG LinkScanner(free) – helps provide web surfing protection while you search; it rates and assess the integrity of sites during web searches and thus can keep you from visiting malicious sites .
  • Avast! Home Edition (free) – provides basic spyware, root kit, and virus protection; has worm protection and malware protection via web shield feature.
  • ZoneAlarm Internet Security Suite – provides a comprehensive protection solution ranging from firewall, root kit detection and protection, antivirus/antispyware, privacy protection, anti-Spam, anti-Phishing, and identity protection.
  • Kaspersky Anti-Virus 2009 – provides virus, spyware, and adware protection; getting the Internet suite version also provides intrusion protection, personal firewall, protection from malware sites, content filtering, spam protection, and identity protection.
  • SurfSecret Privacy Protector – provides privacy and identity protection; also sells a privacy vault product designed to secure through encryption your confidential files and information; the privacy vault can prevent exposure of your confidential information from malicious programs and spyware.
  • SurfSecret Keypad – provides identity theft protection by protecting passwords and usernames; also protects credit cards and other financial information through the use of an external device.
  • CA Anti-Virus 2009 – provides protection against viruses, worms, Trojan horse programs; they have a separate anti-spyware program to protect against spyware.

Tools alone aren’t enough to keep your computer from getting affected or impacted by malware. You need to exercise safe computing as part of your basic computer security. When you exercise safe computing, you avoid opening email attachments that you aren’t expecting. You also learn to spot phishing scams—those fraudulent emails promising millions of dollars if you send personal and bank information, or those emails scaring you into providing your bank account login information to correct supposed account issue.

Should your computer get corrupted as a result of malware getting through, backups of your important files would become very important. Maintaining backups outside your computer is best. Elephant Drive is an Internet service which provides unlimited secure online storage; you’ll need this before your computer files are corrupted by malware. It’s like insurance, you’ll need it when disaster hits.

At the very minimum, your computer security should include the use of tools to protect a computer from malware and malicious sites and reinforced by the exercise of safe computing habits.