There is yet another Facebook email scam going around. This time victims receive an email with the subject line “Facebook Password Reset Confirmation! Customer Support”. The email instructs the victim to click on an attachment in order to retrieve the password. The attachment is really a password stealer, and once installed it can potentially access any username and password combination utilized on that computer – not just for the user’s Facebook account. Here is an example of what the Facebook password reset scam email looks like.
Facebook never sends emails alerting a user that they changed his or her password. If you receive this email, delete it right away and do not click on the attachment. To protect your computer from this type of cybercrime, follow The 5 Most Important Steps for Internet Security. Also, visit the Facebook Security page for tips on protecting yourself from scams on Facebook.
To get more details on this Facebook email scam, read the McAfee Labs Blog.
There are a lot of simple things you can do to keep yourself safe online. Here are the 5 most important things you can do today to maximize your web security. Most of these tips are simple enough for even the most novice user. Also, some of these tips assume you are using windows.
- Set a unique password for your administrator account – Some Windows flavors come with a built-in administator account with no password. This is the easiest way to allow a hacker to hijack your computer. You need to set it to something, and it needs to be something hard to guess (more about picking passwords later). To set it, go to Start -> Control Panel. Then click on the Administrative Tools icon. Once in there, there is a Computer Management icon. On the tree view on the left, you should see an entry for “Users”. Clicking on this should give you a view on the right of all the accounts. You can use these to enable or disable accounts, and change the passwords. If you are using Vista or Windows 7, this default admin account is turned off by default, so you shouldn’t have to worry about it.
- Use strong passwords – Setting your password is a waste of time if it can be guessed. What should you not use as a password? Anything that your closest friend could ever, EVER, guess. So don’t use your name, birthday, relative’s name, etc. Don’t use “password”, “123”, etc. Don’t make your password something you would find in a dictionary. What should you use? Use at least 8 characters total. Use something unguessable. Use upper and lowercase. Use numbers. Use symbols. Here is an example of a very strong password. “R8b#5kB2*”. This would take decades at best for a hacker to guess. At least it would have if I hadn’t written it here. Assume this one as guessable now. So this is a strong password. But it is very difficult to remember. To make a password that is almost as strong, but easier to remember, try making up words, mix up the case, and add a number or 2. Like this one “Flard9Glorb2”. This is just about as unguessable as the previous one. Except this one is pronouncable, which means you can remember it. Use a strong password important accounts you have (especially for logging on to your computer).
- Install an antivirus product – Everyone should have some sort of antivirus installed. More importantly, it should be up-to-date. This usually costs around $40 for a year or 2, but it is worth it. There are some free antivirus tools out there, but I have never used them, so I can’t offer any opinion on them. Some internet service providers offer free subscriptions to antivirus for its users. Even if you can’t get antivirus for free, you still need to get it. $40 is not a lot of money to help keep your personal info safe.
- Install (and configure) a software firewall – A lot of the antivirus suites come with a firewall. If your’s didn’t, find another one. There are a ton online, and I haven’t used enough of them to offer a recommendation of one over the others. But once you get one, make sure it is set up to monitor both incoming and outgoing traffic. Most of them only offer incoming protection by default, but if you are behind a router, this is basically useless. Once you turn on outgoing monitoring, you will start seeing notifications popping up asking your permission to allow a program to access the internet. Once you have allowed or disallowed all the programs on your computer which are trying to use the internet, you shouldn’t see any more popups, except when new (possibly bad) software is installed. Why should you care about a firewall? Assume a bad piece of software gets installed on your machine, and your antivirus doesn’t catch it. If it tries to send your personal info out to the internet, or contact its creator to get tasking, hopefully the firewall will stop it, and render it impotent.
- Turn on auto-updates – Both your operating system and your browser should have auto-updating capabilities. This means when a new version is released, you get it automatically, instead of having to go look for it. The most common reason for a new version of software is a patched vulnerability. If you continue using a piece of software with an unpatched vulnerability, you are at a very high risk of having your computer exploited.
Completing these 5 simple tasks shouldn’t take more than an afternoon, and will put you miles ahead of most everyone else on the internet. Hackers usually pick the low hanging fruit. It is quicker, easier, and sadly most of the “fruit” out there is hangs pretty low.
Now, don’t leave this article thinking you are invincible online. There are still some very sophisticated hackers out there. Consider these steps as a good starting point, because if you haven’t done all of these, doing the more advanced things is a waste of time.
I found an interesting post on the McAfee Labs Blog on tax time phishing scams worth sharing.
Every year during tax season, online criminals create fake irs.gov domains in an attempt to trick taxpayers into revealing their personal and financial information. Victims might visit these phishing and malicious websites via any number of effective redirection methods, such as phishing attacks, forum postings, and black-hat search-engine optimizations.
If you get an email from the “IRS”, it’s probably a scam. The IRS Consumer Alert page says, “The IRS does not send taxpayers unsolicited emails about their tax accounts, tax situations, or personal tax issues.” Here is an example of a fraudulent IRS email. To prevent your personal information from being compromised, avoid replying or clicking on any links in the email, and delete these messages.
For the full article visit the McAfee Labs Blog.
Well I hope you found my tax season series to be helpful. Let me know if you have topic suggestions for next year’s tax time series.
Welcome to the Official Light Point Security Blog
Here we go, Post #1. First off, let me say that I have never posted to a blog before, so this is a pretty big deal for me. This whole site is still in its infancy, so expect things to change around.
Who Am I?
My name is Beau Adkins. I am 1 of 2 co-founders of Light Point Security. I am also the CEO and CTO. As of this point, it means I am in charge of all things technical. I am a software guy trying to become a business guy (who still does software).
What Is This Blog About?
Good question. I haven’t yet nailed down where I want the focus of this blog to be. But off of the top of my head, I can say that these are the most likely subjects to be discussed here.
- Web security
- Startups in general
- Programming topics
Since I have zero experience with contributing to blogs, I don’t plan on hammering the subject matter out before I start. I am sure that as I try out different topics, the blog itself will naturally evolve into the best mix of subject matter that I can write on.
If you have any questions or comments for me or about the business, feel free to ask/contribute.