Please note the date. And also please note, many of your ISP’s use Yahoo as their ‘engine’/email provider.. such as SBC/AT&T.
“Data on one billion Yahoo users was likely stolen by an unauthorized third party in a data breach that occurred in August 2013, the company said in a Wednesday press release that also noted the breach is “likely distinct” from a breach previously disclosed in September.” Read more..
“It’s time to seriously consider deleting your Yahoo account. Can’t? OK, here’s what you can do to protect it.” Read more..
* * *
I almost titled this article “Yahoo! Scores More Points”.. But didn’t as I don’t want people zeroing in their concern on Yahoo! This kind of thing happens all over the place, to most every company/organization sooner or later — because we’re using quite insecure technologies. You pretty much have to presume your ‘identity’ is already stolen. And you have to be darned reluctant (unwilling, as much as you able) to provide accurate information to any entity.
… it just keeps getting better and better ..
One billion people in a single hack.
I received a letter from a retired English teacher in Iowa.
“My gmail account was hijacked, and everyone in my address book received this…”
Subject: Urgent Assistance Needed!!!
Date: Sat, 11 Sep 2010 12:40:59 +0100
From: [letter writer’s name]
I’m sorry for this urgent assistance request and i am sorry never to have mentioned anything to you about my visit to the UK.
I’m currently stuck in Wales,United Kingdom right now, I came down here on a short visit, it was fun but unfortunately i got robbed last night on my way back to the hotel,lost cash and credit cards, it was such a crazy experience,it was shocking when i had a gun pointed at me but i thank God that never never pulled the trigger,a lady saw them and screamed for help on my behalf. I need help returning back home,i sustained few injuries but i thank GOD for my life and for still having my passport with me.
I’ve been to the authorities but they are not being 100% supportive but the good thing is that i still got my passports but currently having troubles paying off the hotel bills and getting a return ticket.
I need you to loan us 1,800.00 and i promise to refund it back tomorrow.. You have my word !!!
I sent this to you because you already have samples of similar scams at techpaul.wordpress.com.
Spread the news about strong passwords, and about software like lastpass. Using weak passwords (which I have done) is like leaving your car unlocked in a mall parking lot. Note that the cracker/scammer removed the phone number from my gmail .signature file. That reduces the chance that someone will call right away to check up on me.
Glad you have publicized stuff like this. It’s a valuable service to the Internet community. Thanks.
I’m a retired English teacher, so most all of my correspondents know right away, from the atrocious writing, that it is a scam.
In my private exchanges with the letter writer, they informed me that they have yet to regain access to their Gmail account. Updated: the day after posting this, my correspondent told me they had finally regained access.
If you have had your Gmail hijacked: Unfortunately as you probably already know, Google customer service is virtually nonexistent. Everything is done through forms. Use the following form to report your trouble and regain access.
I will not tell you – yet again – that you need to use strong passwords, and change them every so often. All I get is “yeah.. yeah.. I know” and it kills my ratings. (From my Got A Computer? Top 10 Things You Should Do articles -> “#8: Use strong (and complex) passwords. Everywhere. And change them every so often.”)
Today’s free download: LastPass
LastPass is a password manager that makes web browsing easier and more secure.
** Software License Giveaway Drawing **
SPAMFighter is a community-based spam filtering tool for Outlook, Outlook Express, Windows Mail and Thunderbird that automatically and efficiently filters spam and phishing fraud – keeping it out of your Inbox.
For details (and to enter), click here.
Copyright 2007-2010 © “Tech Paul” (Paul Eckstrom). All Rights Reserved. post to jaanix.
>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<
|Share this post :|
It has come to our attention that you are trying to sell/trade your personal World of Warcraft account(s).
As you may or may not be aware of, this conflicts with the EULA and Terms of Agreement.
If this proves to be true, your account can and will be disabled. It will be ongoing for further investigation by Blizzard Entertainment’s employees.
If you wish to not get your account suspended you should immediately verify your account ownership. If the information is deemed accurate, the investigation will be dropped.
This action is taken because we at Blizzard Entertainment take these sales
quite seriously. We need to confirm you are the original owner of the account.
This is easiest done by confirming your personal information along with concealed information about your account.
You can confirm that you are the original owner of the account by replying to this email with:
Use the following template below to verify your account and information via email.
* First and Surname
* Date of birth
* Zip code
* Phone number
* Account e-mail
* Account name
* Account password
* Secret Question and Answer or Cd-Key
If you ignore this mail your account can and will be closed permanently. Once we verify your account, we will reply to your e-mail informing you that we have dropped the investigation.
We ask you to NOT change password until the investigation is fully completed.
Blizzard Entertainment Inc
Account Administration Team
P.O. Box 18979, Irvine, CA 92623
Account Administration Team
Um.. but I have never played WoW…
Copyright 2007-2010 © Tech Paul. All Rights Reserved. post to jaanix.
>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox click here, or to subscribe in your RSS reader, click here. <<
|Share this post :|
“Dear Wells Fargo customer,
Security and confidentiality are at the heart of Wells Fargo. Your details (and your money) is protected by a number of technologies, including Secure Sockets Layer (SSL) encryption.
We like to notify you that Wells Fargo carries out customer details confirmation procedure that is compulsory for all our customers. This procedure is attributed to a routine banking software update.
Please visit our Customer Verification Form using the link below and follow the instructions on the screen.”
There are several things wrong here, and I hope you detect them. Loyal Friends and True to this series should recognize a couple right away. (And if you remember this recent article, the word “compulsory” might have rung a bell.) Here’s how the e-mail actually looks.
* One BIG clue is that in this case Hotmail has detected the Sender and the true source don’t match. That means the Sender has been “spoofed”. The red shield and warning doesn’t always mean a phraudulent e-mail, but 9 times out of ten it does.
* The next clue is the two “Bcc” recipients.. similar in name, but completely unrelated. Why are they there?
* There is some poor grammar.
* The next clue is that I don’t currently bank at Wells Fargo. I haven’t in, oh, about 20 years.
* Another clue is that e-mail contains a hyperlink (you are always suspicious of e-mail hyperlinks, right?), and that hyperlink is a little bit “off”. Yes, it says “wellsfargo.com”.. but what’s the www4? And all that other garbage?
* (now this is interesting) when you place the cursor on the URL (hyperlink), the actual link– shown in the lower left of the bottom bar of Internet Explorer — are different. Clicking on the link that says “www4.wellsfargo.com/blah blah blah” will REALLY take you to someplace called “online7.wellsfargo.com.bnk7.co.uk/blah blah blah”.
Now.. why would they want to put a hidden redirect as the link? Hmmm?
* And lastly, (as you know) legitimate businesses never send you important information, requests, or “notices” via e-mail.
This is a classic phish. It is an attempt by cyber-criminals to get you to visit a webpage they have created which looks very much like a Wells Fargo web page. On that page you will be asked to enter your Wells Fargo logon/password, all your person information, and banking details. When you’re finished giving your identity away, and handing them the keys to your bank account, you will be thanked for your cooperation and “bounced” to the real Wells Fargo website.
Surely.. nobody falls for this anymore, right?
Wrong. The experts will tell you that cyber-criminals have a harder time moving all the money they steal than anything else.
But, if I clicked the link.. and I filled out the “compulsary” Customer Verification Form.. and basically just handed my information over.. is it really stealing?
Tip of the day: Be savvy. And that means always be suspicious and wary. Look for the tell-tales.
Copyright 2007-8 Tech Paul. All rights reserved. post to jaanix
|Share this post :|
My recent article on tweaking IE 7 and using Security Zones has prompted several reader questions whose answers are worth posting here. So today there will not be my usual Tip of the day, but instead there will be several Q’s and their A’s. If for some reason you missed the original article and would like to get up to speed, click here.
Q. Can’t add a site to Trusted Zone, Why are my options “greyed out”?
A. The person who sent me this question did not specify if they were experiencing this at home, or at work, which can have different causes. If you are on your personal machine at home, the most likely cause for having any Settings or Options choices grayed out (unavailable) is that you are running in User mode. You need to be running as an Administrator to make changes to Windows’ behavior. Log out of your current session by clicking on Start >Log Off and switch to a user account with administrator privilege. Now your menu choices will not be grayed out and you can make your changes. When you’re finished, log off and return to your normal user account.
If you’re at work and using the company’s machine, it is likely that there are policies in place that prevent employees from making these kinds of changes. If you have a legitimate change (that will “help improve your productivity”) that you’d like to have made, submit a request to your IT department.
**Also, some types of malware will modify your Trusted Sites zone (adding poisoned, or junk sites such as a bogus lottery) and then change a setting in your Registry which blocks — greys outs — your ability to go in and remove them. Use anti-spyware programs to scan your machine and remove the infection. In this case, I would start with the Microsoft Malicious Software Removal Tool, and then click here for my list of free, safe, and effective antispyware apps.
Q. How do I remove a site from a Zone?
A. You can remove a site from any Zone by navigating to the Security tab of Internet Options as shown in the prior article, click on the zone you want to edit, and then click on the site you want to remove, as shown below.
Now click on the “Remove” button.
Actually, the fella who sent me this question was referring specifically to the Restricted Sites zone. He either really doesn’t trust Microsoft, or is trying purposely to load his machine with malware…either way, I would think twice before removing sites from the Restricted Sites zone!
Q. What should I do with these security warnings?
A. IE displays several types of warnings — suspected phishing, ActiveX, prevented download, open site in your Trusted Zone, et al — and so the answer depends on which warning you are getting…and what you’re doing when you get them.
If you are being warned that the site you’re looking at is a “suspected” Phishing site, then by all means do NOT enter any personal information! As these sites often also try to install trojan horses and malware downloaders, close down your browser and run a full antispyware sweep. Not all “suspected” sites are truly Phishing sites, sometimes mistakes happen, but in this day and age, it’s better to err on the side of caution.
ActiveX is a tool (a bit like Java) that usually is used for good purposes, more often than not actually (Microsoft Update uses ActiveX, and that’s something you definately want enabled), but in keeping with the thought expressed immediately above, you should decide on a case-by-case basis. If you can see and do everything you want to on a site without installing the ActiveX control, why install it?
Preventing unwanted downloads is a very good thing, so I strongly advise you: do not turn this warning feature off. Just click on the yellow bar and select “download this software” when you are downloading code. In fact, I believe this advice can be applied to all of IE’s warnings. We are living in a world where the Internet is relatively unpoliced, and so while it is irritating, it is safer (and wiser) to live with these warnings that to have our identity stolen and used to commit crimes, or have our PCs turned into a spambot.
Today’s free link: if you suspect a site is fraudulent and/or being used to “phish” for your personal information, and IE hasn’t flagged it as such — but you’re suspicious anyway — download McAfee’s free Site Advisor. This IE “plug in” will give you a valuable ‘second opinion’…and is updated more often than IE is.
Copyright 2007-8 © Tech Paul. All rights reserved. post to jaanix
|Share this post :|