QuickBooks Users Be Warned
I saw a new (to me) phishing scam targeting Quickbooks users. It says it is about an “important” update, but guess what?
Important QuickBooks Update
“Intuit Payroll Services” (who knows who that really is) is trying to scam you.
And probably trying to get you to click so a virus can load onto your machine.
I’ll say it again: you simply have to use paranoid common sense when on the Internet — because they are trying to get you. Every day and in every way. Be wary!
2012 is almost over. Computers have been in the home for 30 years. You should know the proper way to update your programs by now — and ABSOLUTELY it ain’t going to be because someone sent you an email.
Further: Only idjits and scammers use an (urgent) exclamation point in emails. Seeing one should be a big “red flag” to you.
Copyright 2007-2012 © “Tech Paul” (Paul Eckstrom). All Rights Reserved.
>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<
All we really have, in the end, are our stories.
Make yours great ones. Ones to be proud of.
PayPal Account Has Been Limited
It’s called “phishing”. And what that translates to is: casting a net (or “a baited hook”) out to catch suckers, rubes, and victimize them.
In this example, Hotmail did a good job, and caught this particular “bait” email, and moved it to the Junk folder for me, but I cannot rely on that happening – I have to learn to spot a “phish”.
This one has several clues: one, it’s scary/alarming. Emails saying there is something wrong with your banking, or email, or such, and you NEED TO ACT NOW BY CLICKING THIS LINK are 99.9999% fake, frauds, cons, criminal attacks on you.
Another clue is the “!”s. Just about any email that has !!! in the subject line is garbage at best. (Usually, it is a scam, like this one.)
Now.. it so happens that I do have a PayPal account. And it also so happens that I do not want it to be “limited” in any way.. but I know better than to even open this email.
If I was really worried that there might be some truth in it, or just might be valid, what I would do would be to open a new browser tab, and go directly to PayPal, login, and check my status there. Or call them on the phone.
I know.. I know.. this is old stuff. Why am I talking about it in 2012? Trust me, there are plenty of people who opened this, even though most webmail mark it as Junk — the fear and curiosity it evokes is too much for them to resist..
Let’s be safe online people – exercise some good healthy “paranoid common sense”. Just viewing an email such as this can have bad consequences.. so I remind you of the old, old watchwords – if you do not know and recognize the Sender > Don’t open it.
Too funny: This just came in..
Today’s quote: “Our doubts are traitors and make us lose the good we oft might win by fearing to attempt.” ~ William Shakespeare
Copyright 2007-2011 © “Tech Paul” (Paul Eckstrom). All Rights Reserved.
>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<
A Heads Up for Twitter Users
If you use the very popular Twitter social networking site, or know someone who does, please be aware of a look-alike fake website “Tvvitter” and an attack that is currently trying to steal login credentials. (“Phishing”)
Graham Cluley of Security firm Sophos has produced this short video that shows this social engineering attack “live”. If you “tweet”, please take a moment to watch.
Vodpod videos no longer available.
As you have seen, the lure says, “check this guy out” and includes a link. Mr. Cluley has also published a sample of other “users” sending this “tweet”.
Gives you an idea how these things work, and why – when you’re on the Internet – you want to use what I call “paranoid common sense” — don’t click the link!
Today’s free link(s): Long a member of my Blogroll, please take a look at Mr. Cluley’s other writings. His manner is very relaxed and friendly, and his topics are important. Graham’s blog.
Also, today Bill Mullins posted a great piece — You Won $1,230,310! Still Believe in Fairy Tales?
Today’s free download(s): TipCam 2.0.1 is a fine specimen of free screen-recording apps. Its best tricks let you record remote PCs using a VNC server, annotate while you record, and zoom in on the mouse position as it travels around the screen. You can also upload finished screencasts to YouTube or send a link privately through e-mail.
And Mr. Cluley mentions a FireFox add-on in the video, LongURL which helps to let you know where shortened links really go.
Copyright 2007-9 © Tech Paul. All rights reserved. post to jaanix
| Share this post : |  |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Tips For Safe Online Shopping*
I think it is a pretty safe bet that quite a few of you are doing some last minute holiday shopping.. and that some of you are going to use the Internet to do some of that shopping.
I would like to remind you that there is a healthy, active, and well-financed underworld of cyber-criminals who are well-aware of the fact that the next few days are prime credit card and “identity” theft opportunities, and are going to be particularly active in trying to GET YOU.
You will see an increase in spam, and bogus pop-opens that tell you you are infected when you’re not. (Note: The phraudulent Skype alert is active again, too. see Skype — “Windows Requires Immediate Attention”.. Not! )
I am posting the following Basic Internet Shopping Tips in the hopes that Tech–for Everyone readers will not join the 9 million Americans who had their identities stolen last year.
- Download Software Updates — Regularly!
- Use Complex Passwords (include numerals and @#$%^&*[])
- Use Onetime Credit Cards
- Verify Secure Connections See that little padlock symbol at the bottom of your screen, and in the URL address bar?
- Check Your Credit
- Enter Your Shopping Site’s Web Address Manually (embedded links=no!)
- Shop From Your Own computer (not a public ‘hotspot’)
- Enable your browser’s phishing filter, or install a add-on. (such as the super-easy WOT toolbar)
- Don’t Send Credit Card Information Over E-mail. Even if you think it’s secure. Don’t send it over IM either. If you feel uncomfortable about sending personal information online, call up the business.
I would like to direct your attention to the first bulletpoint. The programs on your computer need to be fully “patched” with the latest updates, as exploiting weaknesses is the primary method hackers use to infect your machines. (You visit a website that they’ve ‘poisoned’, and if you have an unpatched ‘hole’, bingo – you’re infected.)
How do you know if you have the latest updates? For all your installed programs? Do you think you are patched? Don’t guess. Be sure!
Today’s free link+download: Secunia offers a tool that I highly recommend. The online scanner (which you should bookmark, btw) will scan your machine for roughly 100 programs and tell you if there is a patch/update you need. If you go this route, you will need to visit once or twice a week.)
Better yet, they offer a download, a Personal Edition, which will scan your system against a database of over 7,000 programs.
Even better yet, it includes direct download links to the missing patches it finds.
I just ran it and it found an old ActiveX plug in, and told me that my Java Runtime Environment was out of date.. and I didn’t think I had installed JRE on this machine!
Further reading:
Computer Security – Time to Think About It
A Teen Texting Trend All Parents Should Be Aware Of
Copyright 2007-8 © Tech Paul. All rights reserved. post to jaanix
| Share this post : | |
|
|
|
|
|
|
|
|
|
|
Anatomy of a Phish
“Dear Wells Fargo customer,
Security and confidentiality are at the heart of Wells Fargo. Your details (and your money) is protected by a number of technologies, including Secure Sockets Layer (SSL) encryption.
We like to notify you that Wells Fargo carries out customer details confirmation procedure that is compulsory for all our customers. This procedure is attributed to a routine banking software update.
Please visit our Customer Verification Form using the link below and follow the instructions on the screen.”
There are several things wrong here, and I hope you detect them. Loyal Friends and True to this series should recognize a couple right away. (And if you remember this recent article, the word “compulsory” might have rung a bell.) Here’s how the e-mail actually looks.
* One BIG clue is that in this case Hotmail has detected the Sender and the true source don’t match. That means the Sender has been “spoofed”. The red shield and warning doesn’t always mean a phraudulent e-mail, but 9 times out of ten it does.
* The next clue is the two “Bcc” recipients.. similar in name, but completely unrelated. Why are they there?
* There is some poor grammar.
* The next clue is that I don’t currently bank at Wells Fargo. I haven’t in, oh, about 20 years.
* Another clue is that e-mail contains a hyperlink (you are always suspicious of e-mail hyperlinks, right?), and that hyperlink is a little bit “off”. Yes, it says “wellsfargo.com”.. but what’s the www4? And all that other garbage?
* (now this is interesting) when you place the cursor on the URL (hyperlink), the actual link– shown in the lower left of the bottom bar of Internet Explorer — are different. Clicking on the link that says “www4.wellsfargo.com/blah blah blah” will REALLY take you to someplace called “online7.wellsfargo.com.bnk7.co.uk/blah blah blah”.
Now.. why would they want to put a hidden redirect as the link? Hmmm?
* And lastly, (as you know) legitimate businesses never send you important information, requests, or “notices” via e-mail.
This is a classic phish. It is an attempt by cyber-criminals to get you to visit a webpage they have created which looks very much like a Wells Fargo web page. On that page you will be asked to enter your Wells Fargo logon/password, all your person information, and banking details. When you’re finished giving your identity away, and handing them the keys to your bank account, you will be thanked for your cooperation and “bounced” to the real Wells Fargo website.
Game over.
Surely.. nobody falls for this anymore, right?
Wrong. The experts will tell you that cyber-criminals have a harder time moving all the money they steal than anything else.
But, if I clicked the link.. and I filled out the “compulsary” Customer Verification Form.. and basically just handed my information over.. is it really stealing?
Tip of the day: Be savvy. And that means always be suspicious and wary. Look for the tell-tales.
Copyright 2007-8 Tech Paul. All rights reserved.
post to jaanix
| Share this post : |  |
|
|
|
|
|
 |
|
|
|
 |
AmEx e-Gold Phish– best looking ID Theft e-mail– scam alert
A new e-mail “phish” claiming to be from American Express is the best looking attempt I’ve seen yet.. but clicking the link takes you to a bogus login hosted on computers in Brazil.
Dear customer,
During our regualry scheduled accounts maintenance and verification procedures,
we have detected a slight error regarding your American Express Account.
This might be due to one of the following reasons:
1. A recent change in your personal information (i.e. address changing)
2. Submitting invalid information during the initial sign up process.
4. Multiple failed logins in your personal account.
3. An inabillity to accurately verify your selected option of payment due
to an internal error within our system.
Please update and verify your information by clicking the following link:
Continue To e-gold Online Update Form
*If you account information is not updated within 48 hours then your ability to access your account will be restricted.
Thank you,
e-gold , Billing Department
Skype — “Windows Requires Immediate Attention”.. Not!
Folks, after a quiet period, cyber-crooks are once again using Skype to send phishing “chats” in an attempt to defraud you. So, I am reposting this article. It is the exact same ruse, but the name has changed. It will reappear every so often with a slightly different name and URL…
Yesterday a “chat” window (Skype) opened on my machine, and presented me with a dire warning from someone named “Software Update” “Registry Scan Online®”. It said that “WINDOWS REQUIRES IMMEDIATE ATTENTION” and, it provided me with a solution. 
(Click on image to see large version)
Please, folks, tell me you have spotted this for what it is. Please tell me that you knew –instantly– that this is a cyber-crime attempt; that it is Phraud-ulent.
Please tell me that you know what will happen if the link provided in this message is clicked; and, please, please, please tell me you would never click the link.
Just in case you aren’t sure:
* “Software Update” “Registry Scan Online ®” doesn’t exist.
* “http://www.onlinemonitor.info” “www.registryscan.com” is not registered in ARIN (the registry of Internet addresses).
* clicking the link will allow scripts to run, and/or take you to a poisoned Website which will install malware on your machine, or/and it may take you to a site that will sell you a rogue anti-spyware program (please read my article, Is that antispyware program really spyware).
* Microsoft DOES NOT alert you via Instant Messaging. No legitimate company does. Period. Ever. This is a classic example of a hacker’s attempt to get you to click their link.
All of this so they can rip you off. It’s their full time job.
Please point your less-savvy friends and family to this article and educate them to the dangers of spam (unsolicited) messages and tell them– NEVER CLICK THE LINK.
[Note: while this article directly references the VoIP client Skype, you may see this type of thing in other Instant Messaging/Chat programs.]
[addenda: Peter Parkes (Skype Blogger) wrote and asked me to remind my readers to, quote, “Please report users who send these messages to abuse@skype.net – that will help us to block them where appropriate.”]
Today’s free link(s): I have assembled on my Website a collection of links to the best free anti-malware programs to help you prevent infection.. and clean up if you’ve been infected. To see them, click here.
Also, Bill Mullins has posted a very complete tutorial, Think You Have A Virus?– Some Solutions, which is quite probably the best one-stop lesson on malware I have ever run across. (I also recommend his How Fake/Rogue Software Affects Real People.)
Copyright 2007-8 © Tech Paul. All rights reserved. post to jaanix
| Share this post : | |
|
|
|
|
|
|
|
|
|
|
• About Tech Paul
I am a Retired computer & network technician. I used to think the machines were pretty cool. Now I don’t.
They’re anything but.
I regularly posted how-to’s and tricks & tips and general computing advice here starting in 2007. (Use the Search tool to find answers. But be aware, many are rather dated.) Sometimes I answered (your) specific questions in an article if I believed the answer was generally helpful to “everyone”. All the writing you see was my own, typos and all. There always is/was an implied “IMHO” in what you see here.
Note: You are responsible for using this blog and its content. I am in no way liable for any losses caused by user error, viruses and/or other malware, hardware or software failure, or any other conceivable reason.
-
Say "thank you!" Buy Tech Paul a cup of coffee (and keep T4E ad free).
-
-
McAfee® Cybersafety Resource Portal, an online help center designed to assist victims of computer crime and provide information on how to avoid becoming a victim.
-
Subscribe to Tech--for Everyone by EmailRecent Comments
Anonymous on How To Restore The Menu Bar In… calozaki on How To Keep Your Images In A S… Chad on What Ever Happened To Windows… techpaul on How To Restore "Classic V… carole on How To Restore "Classic V… Rahul Kumar on The Internet techpaul on Just one reason I walked … -
-
-
-
Also:
-
-
Tech - for Everyone 