OCS banner and logo
Keeping clients' computers safe and profitable for over 25 years



Home Forms About Current Newsletter subscribe 
Search All Articles

Browse by Category


powered by pmc2m

 

Security News and Tips

Some of the latest scams to get you to download spyware into your computers

Here are some of the latest scams trying to trick you into installing malware onto your computer

  • Emails claiming to have video you can watch showing the "latest news" about sex scandals involving the presidential or vice presidential candidates.
  • Greeting cards from "Good Friend" or "Family Member" that install malware instead of or in addition to displaying a card. For more information: http:⁄⁄www.snopes.com⁄computer⁄virus⁄postcard.asp
  • Many greeting card sites sell the email addresses they get to spammers, so be VERY careful when you go to a site to send a card to a friend. Even if the site pledges it won't sell the addresses, it doesn't mean that the company that buys them out won't sell the addresses.
  • Microsoft Security updates to special people via email! Microsoft does not update software by sending you emails with security alerts!
  • Notification of a failed package delivery and asking you to click on the invoice and reschedule delivery.
  • Offers to protect you from spam and email fraud!
  • I haven't seen this yet, but fully expect that people will play on the current economic fears by pretending to protect you from banking or mortgage problems, or to safeguard your deposits or pretending to be the government wanting to help you if your bank has problems.

What we can learn from Sarah Palin's Email account hack

One of the security holes that have often amazed me is the use of "security questions" by banks, email providers and others. I call them 'insecurity questions". I've never understood how they can be such fools. The purpose of these questions are to bypass the password for your account. Think about this for a moment. These questions are often used if you "forget" your password, or someone calls or emails claiming to be you, and doesn't know your password. These questions are essentially alternate passwords. Yet they are frequently questions like, "where were you born?", or "What is your mother's maiden name?". If you answer correctly, then those answers can often be found on the Internet or guessed.

In Sarah Palin's case, the question was, "Where did you meet your spouse?" The answer she put in was "Wassila High", which the hacker guessed on the third try. It has been widely reported that she met him in high school in Wassila. Once he'd made that guess, he was allowed to reset her email password and have access to the account.

Whenever you are asked these security bypass questions, always lie! I normally simply repeat my randomly generated password and make sure I have multiple backups of my encrypted password database. I copy and paste my answer into the program. Sometimes, I make up random answers, like Question: "Year your father was born?" Answer: "chocolate covered ants". I don't repeat the answers.

Avoid Re-using the same password

You need to avoid re-using the same password in multiple places. If some low security site get hacked and criminals get your password, they will try and use it at your bank, or Amazon account and other more important places. You need to have a password database program and use it. I've written an article on their use here

 



Date: October 2008


Creative Commons License
This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

 
 
  Please direct questions/suggestions about website to the webmaster