Apps for Security Hackathon in DC
Posted on by Zuly GonzalezCategories Events, SecurityLeave a comment on Apps for Security Hackathon in DC

Apps for Security Hackathon

SINET and SAIC are hosting an Apps for Security hackathon in conjunction with the Amphion Forum in Washington, DC on June 27th from 9:00 AM to 6:00 PM. The goal of Apps for Security is to promote civic engagement, open innovation, and entrepreneurship while making us all safer and more secure in cyberspace.

They’ll spend the day building privacy and security enhancing apps leveraging the data, SDK, and APIs offered up by their data providers: Mocana, SAIC, and the Department of Homeland Security Science & Technology Directorate.

Regardless of skills or interest, they’re encouraging participation from people and organizations who would like to make a difference in privacy and security online. If you have ideas for creating a safer internet through open data, collaborative innovation, and a dash of entrepreneurship, then consider participating. And, if you have a prototype or proof of concept you’d like to work on at Apps for Security, bring the code and invite others to work with you on it.

9:00am-10:00am    Welcome, Introductions, & Motivation
10:00am-11:30pm    Ideation: Unconference style workshops to flesh out ideas
11:30pm-5:00pm    Coding, Designing, Innovating
5:00pm-6:00pm    App Demonstration & Recognition of Achievements

Registration is free and you can register on their Eventbrite page.

Windows Live and Hotmail Account Upgrade Email Phishing Scam
Posted on by Zuly GonzalezCategories Security, Web SecurityLeave a comment on Windows Live and Hotmail Account Upgrade Email Phishing Scam

There’s a Windows Live and Hotmail email phishing scam going around. The email attempts to trick victims into disclosing their Windows Live credentials and other personal information by claiming that a Trojan has been detected in the user’s Windows Live folders. The fraudulent email claims that the personal information is needed to upgrade the user’s email account with a 1024-bit RSA key anti-virus firewall, and that if the user does not comply, their email account will be terminated.

Windows Live and Hotmail Email Phishing Scam: Account Upgrade!!(Verify Now)

This phishing email claims to come from the Windows Live™ team. However, the email address associated with the account is – not exactly an email address I would expect to see from an official Windows Live communication. The subject line of the email is “Account Upgrade!!(Verify Now)”. Note the missing space between the second exclamation mark and the open parenthesis. That mistake was made by the spammers; it’s not a typo on my part.

The email reads as follows:

From: Windows Live™ TEAM (
Subject: Account Upgrade!!(Verify Now)

Dear Windows Live customer,

Windows Live™ MSN is faster, safer than ever before and filled with new ways to stay in touch. Storage space that grows with you means you shouldn’t have to worry about deleting your e-mail, and the new calendar makes it easy to share your schedule with family and friends. Due to increased spam and phishing activities globally, a DGTFX trojan virus has been detected in your windows live folders. Your email account will be upgraded with our new secure 1024-bit RSA key anti-virus firewall to prevent damage to our email servers and to your important files. Click your reply tab, fill the columns below and send back to us or your email account will be terminated to avoid spread of the virus.

* User Name:……………………………………..

* Password:……………………………………….

* Confirm Password:……………………………

* Year of Birth:…………………………………..

* Country Or Territory:………………………..

Note that your password will be encrypted with 1024-bit RSA keys for your password safety.

If you use Hotmail, MSN or Live! you’re using Windows Live. Your Hotmail address and password gives you access to the full suite of Windows Live services so you can stay connected with the people and things that matter to you online. Plan your next event, write a blog, create a discussion group, even get updates from other websites you use. – “Your Life, Your Stuff, All Together at Windows Live.” we wish to serve you better…

This Account Update will Improve our services to you.

You can access your Hotmail, Messenger and SkyDrive faster directly from your phone or phone’s web browser. For more info, see Get mail on your phone, Get Messenger on your phone, and Get SkyDrive on your phone. We remain focused on making Hotmail, Messenger, SkyDrive and your Windows PC the best that they can be. Note that this change has no impact on your ability to access Hotmail, Messenger, and Skydrive. Thanks for your understanding and patience as we update our services. Sincerely,

The Windows Live Team

Microsoft respects your privacy. To learn more, please read our online Privacy Statement.

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052

There are six links in this phishing email. Two of the links point to The other four links point to URLs in the form of*.

How to Identify a Phishing Email?

There are a few telltale signs that this is a phishing scam.

  1. It asks for personal information. No legitimate company, including Microsoft, will ever ask you for personal information via email. That includes your username, password and date of birth. This is the biggest red flag.
  2. It contains poor grammar, misspellings and looks unprofessional. If you receive an email claiming to be from a large enterprise, like Microsoft, with grammatical mistakes and misspellings, you can be sure it did not really originate from them. Large companies ensure that their emails look professional. In the case of this Windows Live phishing email, the subject line and from field are enough to give it away. Note the double exclamation marks and missing space in the subject line. Also note that the word ‘team’ in the from field is written in all capital letters. You don’t even need to click on the email to know it’s a scam.
  3. The sender’s email address is unprofessional. First, it’s from an MSN account, which anyone on the Internet can get for free, instead of from an official Microsoft domain. Second, the first part of the email address is ‘lbhughes100’, again very unprofessional looking (and suspicious).
  4. There is a sense of urgency. This pressures you into feeling like you need to take action right away, and do not have the time to research the legitimacy of it.

How to Protect Yourself From Phishing Emails?

Here are a few things you can do to protect your identity, and personal information, and avoid becoming a victim of phishing email scams.

  • If you receive an email message claiming to be from Hotmail, MSN or Windows Live, with the subject line Account Upgrade!!(Verify Now), or similar, do not open it and delete it immediately.
  • If you mistakenly open the email message, don’t click on any links in the email or download any attachments, and delete it right away.
  • To report spam, Hotmail users should click the “Junk” button. Non-Hotmail users should send an email to, or (depending on the originating mail domain: hotmail or msn or live), and attach a copy of the spam email.
  • Spread the word. Spammers get away with this because most people aren’t aware of these threats, so tell your friends by sharing a link to this post, or any other post on the topic.
  • Read and follow the most important steps for internet security to protect your computer from cybercrimes.

Have you received a similar email?

How Facebook’s Pay to Highlight Feature Can Lead to Scams
Posted on by Zuly GonzalezCategories Security, Web SecurityLeave a comment on How Facebook’s Pay to Highlight Feature Can Lead to Scams

Facebook Pay to Highlight FeatureAccording to TechCrunch, Facebook is testing a new feature. One which I believe will only increase the already huge number of scams and malware present on the social networking site.

The new feature would allow users to pay to “highlight” their status updates in their friends’ news feeds.

Facebook spokeswoman Mia Garlick said, “We’re constantly testing new features across the site. This particular test is simply to gauge people’s interest in this method of sharing with their friends.”

Facebook is getting desperate. Their revenue is declining as a result of more users accessing it via their mobile devices, which do not display ads. Their IPO was a complete failure, and will lead to several lawsuits. I don’t blame them for looking at new ways to monetize their platform. However, what they are doing with these “highlighted” status updates is dangerous.

How Does Facebook’s Highlight Feature Work?

Currently the Highlight option is only being tested with a small sample group of users. And, it is only available for personal accounts, not brand pages. If you are part of the test sample group, when you post an update on Facebook you’ll see the Highlight option next to the Like and comment buttons. Clicking on Highlight will display the message below – giving you the option to highlight (spam?) your update in your friends’ news feeds.

Facebook Pay to Highlight Status Feature

“Highlight an Important Post. Make sure friends see this.”

Highlighted posts may appear higher in the news feed, stay visible for longer, and appear to more friends and subscribers. However, they won’t have any visual indicators that will make them standout (i.e. you won’t know which posts have been paid for, and which haven’t).

Facebook is testing various price points for Highlight, ranging from free to $1 to $2.

How Can Facebook Highlight Lead to Scams?

The Highlight option is a bad idea. It will only lead to more spam, scams and malware on Facebook, and trust me, there is already plenty of it on the social networking site.

Highlighted Posts Are Not Highlighted!

Really? Facebook wants to introduce advertisements into users’ news feeds without identifying them as such? Nothing good can come of this.

Right now Facebook’s algorithm displays your average status update to only 12% of your FB friends. But, by paying a couple of dollars you can ensure that more of your friends see your posts. This seems harmless until you think about the kind of posts people would pay to expose to more users.

People aren’t going to pay to tell their old high school classmates they’re watching the Kardashians, or cleaning dog puke off the carpet. They will, however, pay a nominal fee to advertise their blog or share their affiliate links. Anything were they think they can make their $1 or $2 investment back is fair game.

Now that we have an idea of the kind of posts that will likely be highlighted, let’s consider the fact that these highlighted posts won’t standout, but instead will blend in with the rest of the posts. Not only is this a shady business practice, but even worse, it will lead to an increase in spam as spammers learn to abuse it – not exactly great user experience.

The idea that the Highlight feature will only be available to personal accounts, not business pages, doesn’t make the spam argument any less real. The fact is, scammers are already creating fake Facebook profiles to get away with a host of malicious activities on Facebook; ranging from survey scams to more dangerous deeds like spreading malware.

Facebook Charging Scams Galore

There was a well-known Facebook scam going around tricking users into believing that Facebook would start charging. Those that were tricked into “liking” these scammy Facebook pages became targets of spam and other scams by these perpetrators.

Even after Facebook publicly announced they would not charge users to use their service, many still fell victim to the scam. Imagine how much easier it would be to con users if Facebook did start charging to highlight status updates. If implemented, the Highlight feature would open the door for scammers to explore new twists on the old favorite, Facebook Will Start Charging Scam, and also increase their success rate by creating confusion around a known Facebook feature.

What’s Next for Facebook Highlight?

Facebook hasn’t released many details about the Highlight feature. It’s still too early to tell whether it will ever come to fruition, or how it will evolve. However, based on the information we have so far, implementing it will only serve to degrade the user experience on Facebook. Let’s hope this one goes the way of the dodo.

It’s worth noting that Facebook recently implemented a similar feature, which they are calling Promoted posts, for brand pages. However, Facebook has yet to implement the Highlight feature for personal accounts.

What do you think of the Highlight feature? Would you pay to highlight your posts?