Canada Post Email Spam targetting people sending out Easter Gifts
Do not fall for this email spam saying it is from Canada Post and telling you to click a link for more information. Even though the email says it is from service-epost@canadapost.ca and says at the bottom of the email © 2012 Canada Post Corporation does not actually mean that it really has come from Canada Post.
Also just because the link LOOKS valid and safe does NOT mean it is. I “moused OVER” the link (did NOT click) and you could see in the status bar that the link actually went to a Czech site. Not even from Canada at all!
In the one that I received today the link went to a .pif file extension.
The PIF file type is primarily associated with ‘Windows’ by Microsoft Corporation. A Program Information File dates back to the early versions of Windows. Basically, it’s an information file that when you click on it the information in the file is used by Windows to run some program; including code that can be in the PIF file. It is a potentially dangerous file type and one should never click on one received via E-mail without extensive knowledge of exactly what it will do first. Note: This file type can become infected and should be carefully scanned if someone sends you a file with this extension.
A .pif is a program information file that contains information about how Microsoft Windows should run a non-Windows application. Consider all PIF files that come as e-mail attachments as viruses.
Never open files attached to emails if the attached file’s name ends with any of these sets of three letters: *.EXE, *.VBS, *. LNK, *. PIF, *. COM, *. SCR, *.BAT, *.CMD.
Resources:
http://www.file-extensions.org/filetype/extension/name/dangerous-malicious-files
http://sourcedaddy.com/ms-word/understanding-and-avoiding-office-viruses.html
http://filext.com/file-extension/PIF
http://www.wisegeek.com/what-is-a-pif-file.htm
http://www.file-extensions.org/article/forbidden-file-extension-in-email-attachments
http://pastebin.com/pnBjzPMN
Has your Gmail been compromised?
Do you have Gmail?
“Last account activity: 5 hours ago on this computer. Details.”
How often do you check if your account has been intruded?
You should do so often! These are links I got my information:
- http://mail.google.com/support/bin/answer.py?hl=en&answer=45938
- http://gmailblog.blogspot.com/2010/03/detecting-suspicious-account-activity.html
- http://www.addictivetips.com/internet-tips/how-to-check-if-some-intruder-is-accessing-your-gmail-account/
- http://knol.google.com/k/the-c-man/how-to-recover-a-hacked-or-compromised/3p9k5zywla4ku/7 **EXCELLENT READ!**
But I don’t go to bad sites or give out my password so I don’t have to worry!
What? Are you seriously that naive? I have a good password and good security and even I, a few days ago, found this in mine:
Unknown China (119.39.21.154) Jan 17 (3 days ago)
As you can see it is first accessed through one IP (66.212.31.35) through a browser and then sold to someone else (someone in China (119.39.21.154) who bought the info) who checked it through a browser as well to make sure he could access it, and then accessed it on his own (shown by Gmail highlighting it in dark red) through some “unknown” means.
Actually I am assuming that is what happened as I have no hacking experience what so ever.
So what can be done once you find out someone has accessed your account????
Well you first scan your computer to make sure it doesn’t have a Trojan or key-logger on it giving out your login information. You scan first because if you are infected with those then no matter what you change your login information to they will know it.
And then what? What if it is clean?
Then you access through a clean computer and change your Password AND your Security Question. Make it unique and one that has NOT been used on ANY other sites!
Is that all?
Next I went through my emails looking for any information they could use (such as log ins or emails from sites verifying my log ins) and changed my password and security question with all other sites. I didn’t wait for any other intrusions or invasion of my privacy!
Here is more reading that will help you:
How to recover a Hacked or Compromised Gmail Account
By The “C” Man and Brett Carver
Account Security:
Settings -> Accounts and Import -> Google Account Settings -> Change Password [pick a new secure password]
Settings -> Accounts and Import -> Google Account Settings -> Change Password Recovery Options [verify secret question, SMS and recovery e-mail address]Potential Spam:
Settings -> General -> Signature [make sure nothing as been added]
Settings -> General -> Vacation Responder [make sure it's disabled and empty]E-mail Theft
Settings -> Accounts and Import -> Send Mail As [make sure it is using your correct e-mail address]
Settings -> Filters [no filters that forward or delete e-mail]
Settings -> Forwarding and POP/IMAP -> Forwarding [disabled or correct address]
Settings -> Forwarding and POP/IMAP -> POP Download [disabled]
Settings -> Forwarding and POP/IMAP -> IMAP Access [disabled]Additional Information
Keeping account secure: https://mail.google.com/support/bin/answer.py?hl=en&answer=46526
Protecting your account: https://mail.google.com/support/bin/answer.py?hl=en&answer=29407
More account security info: http://www.google.com/help/security/
If your account is compromised: http://mail.google.com/support/bin/answer.py?hl=en&answer=50270
Someone using your address: http://mail.google.com/support/bin/answer.py?hl=en&answer=50200
Google Employee comments: http://www.google.com/support/forum/p/gmail/thread?tid=560d53dee40be5e6&hl=en&start=70
And even more reading (originally found posted by the same guy (bkc56) at https://www.google.com/support/forum/p/gmail/thread?tid=34cf3f6e6c2d3b87&hl=en):
Hacking Methods
There are many ways an account can be compromised/hacked. A few (but by no means all) of the common ones follow some what in order of frequency used:
Phishing
* Requesting (often with threats of closing an account) a user to provide login/password information by return e-mail or by redirecting to a web-site that masks itself as legitimate.
* Never respond to an e-mail that requests your login:password. Never follow a link that doesn’t go to to a known url (for example: http:\\gmail.google.com\ is NOT the same as http:\\gmail.google.com.junk.ru\). Be aware that the url printed in the message may not be where the link actually goes so verify before you click.
- Phishing: http://mail.google.com/support/bin/answer.py?hl=en&answer=8253
- Reporting: https://mail.google.com/support/bin/answer.py?hl=en&answer=29381
- Scams: http://mail.google.com/support/bin/answer.py?hl=en&answer=29380Common password usage
* Using the same password for multiple accounts so if someone breaks into one (like Facebook) they can get into others. Getting access to an e-mail account can often lead them to Paypal, Ebay, YouTube and many other accounts.
* Make sure you use a unique password for every site where you have an account. Especially critical for financial sites, or sites with links to other accounts (like social networking or e-mail sites).
- Changing passwords: http://mail.google.com/support/bin/answer.py?hl=en&answer=6567
- Selecting passwords: http://mail.google.com/support/bin/answer.py?hl=en&answer=29409Linked accounts
* Related to the above in that one account has information leading to other accounts. If they gain access then they know about the other accounts too. This is hard to protect against when a forum or social networking site requires an e-mail address (if they break into the one site, look at your settings, they know your e-mail address too).
* Do not store login:password information in an e-mail account where it can be accessed should the account be compromised. Also consider a “junk” e-mail address for all forum/web-site registrations so it does not lead back to your primary account.Failing to log out
* Failing to close your account on a computer that others have access to (like at work, school, or library) so that anyone else can access your account.
* Always close your account when you walk away from your computer (even at home for some people).
- Sign out: http://mail.google.com/support/bin/answer.py?hl=en&answer=8154Browser auto-fill enabled
* Like the above, having the browser configured to enter your login/password automatically so anyone using the computer can gain access to your account.
* Never use the browser’s auto-fill capabilities unless you’re on a 100% private, secure, and trusted computer.
- Clear saved data: http://mail.google.com/support/bin/answer.py?hl=en&answer=12095Keylogger
* Any computer accessible by others can have a keylogger installed which will capture your login/password for any site you visit.
* Never log into your account on a public computer (like at a library) and be very cautious using any computer that others have access to (like at work or school).Trojan/Virus/Malware
* While not strictly used to steal an account, could do damage to your account or use it to send spam while you’re logged in.
* Always keep virus scanners enabled, and using up-to-date definition files. Regular use of malware type scanners is good too.
- Virus protection: http://mail.google.com/support/bin/answer.py?hl=en&answer=8493
- Anti-virus scanning: http://mail.google.com/support/bin/answer.py?hl=en&answer=25760Password guessing
* A brute-force method of guessing someone’s password, made easier if they know you in real-life, especially if you use a weak password (like a kid’s or spouse’s name).
* Follow standard password generation safeguards: no common words or proper names, no patterns (1234 or qwerty), use mixed case and include numbers or punctuation, etc.
- Strong passwords: http://mail.google.com/support/bin/answer.py?hl=en&answer=29409Server attack
* When someone compromises a company’s server gaining access to account or private information for a large number of users. This is typically seen in large identity-theft cases.
* Nothing you can really do about this except deal with only reputable companies with good privacy policies.Network packet capture
* Using software or hardware on wireless or free hot-spot networks to capture information.. Pretty rare, but still possible for non-encrypted networks.
* Very little you can do about this except avoid using any unsecured wireless networks.
Am I actually supposed to read all that?
Yeah I know it is long but trust me, you will wish you had read them after you find out your account has been accessed without your permission. The indented parts are quotes of some of the links I checked out myself. Very informative information by The “C” Man and Brett Carver! The rest of the info I found doing Google Searches and the links to those are listed at the top of the blog. Just be glad I did this searching for you! Or else it would take you longer than just reading this!
- K
Has your Gmail been compromised? : http://wp.me/pQWLB-2v
Vote Now for the Top Freeware Product of 2010
Vote Now for the Top Freeware Product of 2010
http://www.techsupportalert.com/content/vote-now-top-freeware-product-2010.htm
Here are the choice in the vote:
Firefox 3.6 – I personally prefer this to IE
Sandboxie – I absolutely love this program and use it in investigating suspicious web links.
7-Zip – Make sure you use .org and not any other extension as there are fake sites out there.
VLC Media Player – I use this to watch my DVD’s on my computer in Windows 7
Open Office Suite – Excellent alternative to MS Office and its free!
NotePad ++ – I love to use this for all my coding as I don’t go for WYSIWYG
Secunia PSI – Great program for telling you if any of your programs you have installed are insecure or out of date and need to be updated!
Superantispyware – Love this one for keeping spyware at bay
Malwarebytes – Good for scanning for Malware
Personally for me it was a hard choice on which one to choose as I have tried 14 of those 20 listed to vote for.
What will YOU pick?
Symantec warns of new Cutwail URL tactics
Symantec warns of new Cutwail URL tactics
Today, 11:30 am
Shaun Nichols in San Francisco
Retail spammers are using new URL shortening to fool existing security systems, say researchers.
Security vendor Symantec has spotted a new round of spam emails believed to be connected to the Cutwail botnet.
Researchers say that the messages attempt to thwart security protections by combining a number of free hosting sites with link-shortening services and JavaScript coding tricks.
According to Symantec Hosted Services senior software engineer Nicholas Johnston, the spam operation begins by directing the user to a link which has been concealed by the use of a URL-shortening service.
Upon clicking on the link, the user is directed from the URL-shortening service to a site created through a free hosting site. Within the free hosting site is specially crafted JavaScript code which redirects the user to yet another site which hosts the actual retail page.
Further complicating matters, the JavaScript code on the page has been obfuscated in an attempt to hide the code from security researchers.
The company said the sites all advertise holiday shopping and gift ideas.
URL shorteners have emerged of late as a favourite tool for spammers to hide the addresses of their pages from users and security protections. Specially crafted and obfuscated JavaScript has also been a favourite technique among cyber criminals.
This latest attack, however, combines the two techniques to add an additional layer of insulation between the spammer and the actual spam email.
“Redirecting users in this way shows that spammers are going to considerable lengths to hide the addresses of their actual spam sites, and actively trying to make detection by anti-spam companies more difficult,” said Johnston.
Originally posted: http://uk.news.yahoo.com/16/20101213/ttc-symantec-warns-of-new-cutwail-url-ta-6315470.html
Beware of URL Shortener Links and where they take you
Be wary of any Shortened webpage link
Scammers use url shorteners just like bloggers do … to shorten a url. However they do it for different reasons. Where as bloggers do it to simply shorten the link or forum users use it in forums in their signature due to character limits, spammers on the other hand do it to trick users into following the link without questioning it and for security browser tools such as WOT or McAfee SiteAdvisor not to alert them because there is no danger in the url shortening service but there is in where the link will redirect you to.
The redirection happens as quick as a flash and will not be noticed by the caller.
For example, a spammer wants you to visit virusinfestedporn.ru but uses a url shortener service such as tinyurl or juniurl or cli.gs or budurl.com or bit.ly or is.gd or goo.gl or traceurl.com or what ever numerous are now out there currently! So you see the url .. and just like any tweet or facebook message out there that you see that is shortened .. it is nothing new so you don’t question it and follow the link out of curiosity. But you don’t expect where it is taking you and wish you never followed that link!
Maybe one day url shorteners / redirectors will have something in place to investigate every single url someone shortens but for the time being it is up to us to educate each other and implement browser plugs (if you use Firefox) such as “Long Url Please“
Bit.ly is different though when it comes to security!
There is one I came across. Bit.ly actually does have warnings! Check this out: http://bit.ly/cgBT8e brings you to this warnings page:
https://bit.ly/a/warning?url=http%3a%2f%2f5z8.info%2fcockdock.gif_z7g9w_openme.exe&hash=cgBT8e instead of directly to http://5z8.info/cockdock.gif_z7g9w_openme.exe
(this link http://f5z8.info/cockdock.gif_z7g9w_openme.exe actually was created by a security person to give an example so it is made to look bad but actually is another redirect to http://safeweb.norton.com/ and is safe)
Also Bit.ly tells us on their blog (http://blog.bit.ly/post/263859706/spam-and-malware-protection) about a Firefox plugin that will preview the link to let you know where you are actually going:
https://addons.mozilla.org/en-US/firefox/addon/10297/
And if you add a + at the end of any bit.ly url you will get more info on where it will take you.
Continue reading about this here:
http://kasha.freeforums.org/be-wary-of-any-shortened-webpage-link-t14.html
There is also a write up about url shorteners / redirecters here:
“How to Avoid Being Caught by Bad Tiny URLs”
http://www.cogniview.com/convert-pdf-to-excel/post/bad-tiny-urls/
What is the issue, why is it a problem, and what can we do about it?
Website address shortening services came about because some times the page you are visiting can have a URL that is extremely long. If you want to send this web address to a friend over email, internet instant messaging, cell phone SMS text messaging, internet relay chat, or more recently, via a Twitter tweet, these addresses could be so long they either break when the person receiving your link tries to click it, or be so long they are rejected by the service altogether.
So rather than send the exact address that you find in the address bar of your web browser, instead you would copy and paste the address into a URL shortening service that would in turn create a shorter URL for you to use.
When someone then clicks the shorter URL they are “redirected” from the service through to your intended destination.
Sounds good so far, right?
The problem is, when someone sees one of these short URLs, instead of seeing where they will be taken, they see an entirely different address. We can not tell anything from the URL we are given about the nature of where we will be taken.
A safe but annoying example would be for us to be sent a “Rick-Roll”, that is we are given a link that purports to be some breaking news or cool site, only to be taken to the famous Rick Astley YouTube video instead. Ha ha. Got me there.
Rather than safe but annoying, more and more malicious and inappropriate content is being shared this way, spread via spam, trolls, phishing emails, and now Twitter.
You might be sent a message saying “Get a free iPod Touch!!!!”, but when you click the link it takes you to a malware site, or something that you would not want your family or boss to see.
To continue reading the rest go to http://www.cogniview.com/convert-pdf-to-excel/post/bad-tiny-urls/
Don’t Fall For Facebook Profile Scam
This is very important as I know Facebook is VERY popular and used by a lot of people who are NOT net savvy.
Because of this I wanted to share this here that was posted on consumeraffairs.com.
Don’t Fall For Facebook Profile Scam
Despite scammers’ claim you can’t see who has accessed your profile
Mark Huffman
ConsumerAffairs.com
October 12, 2010
Most people are curious about who might be curious about them. So when they log onto their Facebook account and see a new tool that will reveal who has accessed their profile, it might be tempting to click on it.
Big mistake.
Graham Cluley, security expert for Sophos software, says scammers are once again using Facebook as a lure for new victims.
“Right now we’re seeing messages spreading across Facebook claiming to have found a way to allow you to sneakily tell who has been looking at your profile,” Cluley writes in his blog. “And it’s no shock to see that many people are intrigued as to who might be checking them out online.”
However, Cluley points out that this is not new legitimate functionality that Facebook has built into its social network. Instead, if you click on the link you are taken to a third-party website which, to the untrained eye, may at first glance appear to still be on the real Facebook site, but is in fact designed to trick you into sharing their link further.
A typical message reads:
See who viewed your profile original version 2.0:
now you can see who viewed your facebook profile
<LINK>
“As we’ve seen in the past in connection with other scams, the page encourages you to ‘like’ it and ‘share’ it numerous times before it will hand over the ability to see who has viewed your Facebook profile,” Cluley warns. “This should, frankly, be enough to trigger your suspicions and have you rapidly retreating.”
Cluley says so far, many Facebook users appear to be falling for the ruse. In doing so, he says, they are helping scammers spread their links across the Internet.
“Ultimately you have to have your wits about you to avoid scams like this,” he said.
Report Your Experience: www.consumeraffairs.com/php/a_report.php
If you’ve had a bad experience — or a good one — with a consumer product or service, we’d like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.
Recent Comments