Ransomware’s Devastating Effects on the Healthcare Industry [Infographic]
Posted on by Zuly GonzalezCategories Resources, Security, Web SecurityLeave a comment on Ransomware’s Devastating Effects on the Healthcare Industry [Infographic]

healthcare ransomware effects infographicRansomware has taken its toll on the healthcare industry. With new attacks seemingly every week, are you prepared to fight back, and protect your organization and your patient’s protected health information (PHI)?

As we mentioned previously in Why Ransomware Gangs Love the Healthcare Industry, ransomware is projected to grow 670%, and the healthcare industry has the highest cost per record stolen of any industry at $363 per stolen record. And with your patient’s lives in your hands, the stakes couldn’t be higher.

This infographic highlights the devastating effects ransomware and security breaches have had on the healthcare industry. (Click on the image for a full-sized version.) Are you protected?

Please share to spread the word!

Not into sharing infographics? Tweet these statistics instead:

  • The cost of cyberattacks to U.S. health systems over 5 years is $305 billion. [tweet this]
  • Cyber criminals to collect $1 billion in ransomware payments in 2016. [tweet this]
  • The cost per stolen healthcare record is $363. [tweet this]
  • Healthcare is 4 times more likely to be impacted by advanced malware than the avg industry. [tweet this]
  • Healthcare is 4.5 times more likely to be impacted by ransomware than the avg industry. [tweet this]
  • There are 340% more security incidents and attacks in healthcare than the average industry. [tweet this]
  • Ransomware attacks are projected to grow 670%! [tweet this]
  • Healthcare records are 10 times more valuable than credit card details on the black market. [tweet this]

Looking for more? Check out this article for more interesting statistics and information on ransomware in the healthcare industry.

Embed This Image On Your Site (copy code below):

Will You Be the Next Health System Held for Ransom?
Posted on by Zuly GonzalezCategories Events, Security, Web SecurityLeave a comment on Will You Be the Next Health System Held for Ransom?

This is going to be a great panel! I’ll be moderating a panel for the 2016 CyberMaryland Conference on the topic of preventing ransomware in healthcare. We have a dynamic and engaging group of panelists comprised of CISOs and CIOs with decades of experience in the healthcare industry. They’ll be sharing stories and best practices to help you protect your organization from ransomware and other cyber threats. Come ready to learn!

The 2016 CyberMaryland Conference will be held Oct 20-21, 2016 in Baltimore, MD. Our panel is scheduled for Friday Oct 21, 2016 1:45pm – 2:45pm. I hope you’ll join us as this promises to be an engaging panel.

If you haven’t registered for the conference yet, use our discount code TCMdGuest for a 25% discount.

If you have any topics or questions you’d like our panel to discuss, send them our way. You can email your questions or topic suggestions to info@lightpointsecurity.com, or tweet us at @LightPointSec and use the hashtag #CyberMD2016.

Panel Information

Will You Be the Next Health System Held for Ransom?

All healthcare organizations should have anti-virus and firewalls in place – but that’s just not enough in today’s ever evolving world. As attackers grow more and more sophisticated, and ransomware becomes the new normal, healthcare organizations are struggling to keep up.

Hear from an expert panel of healthcare CIOs and CISOs on best practices for keeping ePHI out of the wrong hands, as well as innovative technologies that can be used to avoid becoming the next ransomware victim. Together they have decades of experience managing and securing healthcare networks, and will share practical ways you can secure yours.

Moderator
Zuly Gonzalez, Co-founder and CEO, Light Point Security

Panelists
Chad Wilson, Director of Information Security, Children’s National Medical Center
James Parren Courtney, SSSE Certified Chief Information Security Officer, University of Maryland Medical System
Darren Lacey, Chief Information Security Officer, Johns Hopkins University
Chris Panagiotopoulos, Chief Technology Officer, LifeBridge Health

Healthcare Ransomware Prevention CyberMaryland 2016 Panel

 

Why Ransomware Gangs Love the Healthcare Industry
Posted on by Zuly GonzalezCategories Computer Security, Security, Web SecurityLeave a comment on Why Ransomware Gangs Love the Healthcare Industry

Ransomware Costs Healthcare MillionsRansomware. It’s the latest buzzword, and everyone is talking about it, especially in healthcare.

Ransomware has become increasingly prevalent over the last year because it’s been so successful for the bad guys. According to the FBI, cyber criminals are on pace to collect $1 billion from ransomware payments in 2016. And data breach response insurance provider, Beazley, projects ransomware attacks will grow 670% from 2014 to 2016. That’s insane!

The statistics for the healthcare industry are even grimmer. Healthcare is the most breached industry. It sees 340% more security incidents and attacks than the average industry, and is more than 200% more likely to encounter data theft. Healthcare is 4 times more likely to be impacted by advanced malware than any other industry, and is 4.5 times more likely to be impacted by ransomware. And healthcare is 74% more likely to be impacted by phishing attacks than any other sector.

The Impact of Ransomware on Healthcare

A successful breach on a healthcare organization can mean:

  1. the loss of money,
  2. the loss of brand reputation,
  3. the loss of Protected Health Information (PHI), and sadly
  4. the potential loss of life.

According to the Ponemon Institute’s 2015 Cost of Data Breach Study, the healthcare industry has the highest cost per record stolen of any industry at $363 per stolen record.

Unique to the healthcare industry, the impact of malware isn’t just a matter of losing money. As dramatic as it may sound, people’s lives are at stake. What happens if a hospital’s systems are down because of malware or a ransomware attack, and they can’t provide emergency services to a patient? Could that patient lose their life? Or could the delay in service cause additional health complications for that patient?

As an example, when MedStar was recently locked out of their systems as a result of a ransomware attack, they were unable to provide radiation treatment to cancer patients for several days. This is serious!

What Makes Healthcare a Prime Target

There are 3 main reasons why the healthcare sector is targeted so much by cyber criminals.

  1. Healthcare records contain the most valuable information. The data healthcare organizations store on patients includes personal identities and medical histories, which makes it a very complete data set. This is a goldmine for identity thieves. This is why healthcare records are about 10 times more valuable than credit card details on the black market.
  2. Healthcare data doesn’t change. Unlike other types of data cyber criminals steal, patient data stored by healthcare organizations can’t be easily changed. If your credit card company gets breached, you can easily change your username and password, and get a new credit card number. No big deal. But if your hospital gets breached, you can’t just go get a new social security number. Compromised health information can haunt you for a lifetime.
  3. Healthcare organizations don’t prioritize security. Because the healthcare sector in general hasn’t kept up-to-date with modern security practices like other industries have, attacks on them are more likely to be successful. If you compare healthcare to the financial industry, for example, the financial industry has devoted so many resources to protecting their data that attackers would rather focus on softer targets, like healthcare.

Luckily, Light Point Security’s isolated web browser can protect healthcare organizations from ransomware and other web-based malware. Our Full Isolation technology is the strongest in the industry, and offers the best user experience. Contact us today to learn how we can keep your data safe.

Two Ways Google Chrome Sacrifices Security in the Name of Speed
Posted on by Beau AdkinsCategories Computer Security, Security, Web SecurityLeave a comment on Two Ways Google Chrome Sacrifices Security in the Name of Speed

Google ChromeGoogle Chrome is now the most popular web browser in the world, with an estimated 45% of all website views. Google claims that security is a top priority, which is why they push frequent, automatic updates and use a sandbox. But an even higher priority for Google is speed.

Sometimes they need to make the choice between speed and security, and this article lists two cases where they chose a minimal speed improvement at the expense of introducing a much larger security risk.

Prerendering

Prerendering is a technology used in Chrome that can make pages appear to load faster. For example, if you browse to http://example1.com and that page includes a link tag like “<link rel=”prerender” href=”http://example2.com”>”, Chrome will automatically and silently load example2.com in the background while you are viewing example1.com. The hope is that the next link you click will be to example2.com, so the browser can display it instantly, making things seem faster.

The most likely place you see this feature in use is on google.com. Based on a user’s search terms, they may decide there is a very high likelihood that they can anticipate which link the user will click next. In that case, they can mark that link to be prerendered, so the page appears to load faster.

Google Chrome itself can also decide to prerender pages. If you start typing “reddit” into the URL bar, there is a decent chance that Chrome will begin prerendering reddit.com in the hopes that is what you were in the process of typing.

What’s so Bad About Prerendering?

  1. Exposure to malware: When a page is prerendered, it has limitations. It can’t initiate downloads, or play audio. But it can execute scripts, and that is all that is needed for a malicious site to infect your computer. Because of prerendering, you can be infected by a site just because a link to it appears in a Google search results page, or you typed something similar to it in the Chrome address bar. You don’t even need to visit the page anymore.
  2. Loss of privacy: When Chrome prerenders a page, it exposes your IP address and browser information to the website. For users performing sensitive online research, this can be a big deal. Some users need to learn about a company or organization without tipping their target off about it. Because of prerendering, just Googling the name of the target will likely expose them.

How to Turn Off Chrome Prerendering

  1. Open the Chrome Settings by clicking the 3 horizontal lines icon in the top-right of Chrome and choose “Settings”.
  2. Scroll to the bottom and click “Show advanced settings”.
  3. Under “Privacy”, uncheck the box labeled “Prefetch resources to load pages more quickly”.

Disable Chrome Prerendering

Automatic Downloads

By default, Google Chrome is configured to automatically download any file that a website decides to push to you. In the interest of speed, instead of asking you if you want to accept a download, it will happily download it immediately, into the “Downloads” folder of your user profile.

The obvious threat here is that malware can get downloaded without your permission. But just downloading a malicious file isn’t actually enough to infect you. You have to execute it somehow.

After the download completes, it will show up in a box in the bottom left corner of Chrome, until the user dismisses it. If the user clicks the box for a download, Chrome will open that file. If this file is malicious, there is a good chance you will be infected.

However, this attack method is weak because it requires the user to decide to click that box. A more sinister approach involves the use of DLL hijacking. When a Windows executable loads, it often also loads a set of DLL files that it requires. These DLLs can be specified with an absolute path (like C:\Windows\System32\user32.dll) or with just a name (like user32.dll). When the DLL is specified with just a name, Windows will search for a DLL with the right name across a few different places. The first place it looks is the same directory as the executable.

An attacker can then create a malicious DLL with the same name as a common Windows DLL, like user32.dll, kernel32.dll, or UxTheme.dll. Chrome will happily automatically download this DLL into the user’s Downloads directory. After that, it’s just a matter of time before the user downloads a legitimate executable (into their Downloads directory) that doesn’t specify an absolute path to the DLL, and when the user executes it, the malicious DLL gets loaded and the user is infected.

How to Turn Off Automatic Downloads

  1. Open the Chrome Settings by clicking the 3 horizontal lines icon in the top-right of Chrome and choose “Settings”.
  2. Scroll to the bottom and click “Show advanced settings”.
  3. Under “Downloads”, check the box labeled “Ask where to save each file before downloading”.

Disable Chrome Automatic Downloads

Light Point Web Protects Against Both of These Threats

Light Point Web protects against these, and other security issues commonly seen in web browsers. Learn how our secure remote browser can protect your home or business.

Why Light Point Security is all about ‘isolation’
Posted on by Zuly GonzalezCategories Light Point Security Update, Security, Web SecurityLeave a comment on Why Light Point Security is all about ‘isolation’

Why Light Point Security is all about ‘isolation’Stephen Babcock, the Lead Reporter for Technical.ly Baltimore, recently interviewed me for a feature story on “Why Light Point Security is all about ‘isolation’” where we discussed Light Point Security’s technology, why isolation is better than detection and our latest partnerships. In case any of you missed it, below is an excerpt from the story.

 

 

Light Point Security is looking to pick up some new customers.

The cybersecurity firm, which is based out of bwtech@UMBC, recently inked a pair of new deals that are designed to grow the customer base, said CEO Zuly Gonzalez.

The five-person company makes a product called Light Point Web, which protects users’ computers from malware by providing a separate server for browsing. That separate server ensures that malware never reaches the users’ computer.

Gonzalez said it’s a different approach from other cybersecurity products, which rely on algorithms to detect potential threats.

“There’s so much new bad stuff being created everyday that these algorithms can’t keep up,” Gonzalez said. “We take a different approach. Our security is based on isolation.”

You can read the full story on Technical.ly Baltimore’s website here.

Light Point Web Integrates With Metascan Online to Protect Against Malicious Downloads
Posted on by Beau AdkinsCategories Computer Security, Light Point Security Update, Light Point Web, Security, Web SecurityLeave a comment on Light Point Web Integrates With Metascan Online to Protect Against Malicious Downloads

OPSWAT LogoWe recently added a new feature to Light Point Web that warrants some extra recognition. We have added a server-side integration with OPSWAT’s Metascan Online service to provide yet another best-in-class layer of security for our users.

Metascan Online is a cloud service that can scan files with over 40 anti-virus engines, and do so in a matter of seconds. The fact that Metascan Online uses so many anti-virus engines is important. Just because one anti-virus engine claims that a file is safe, it doesn’t mean it is. It could be safe… or it could just be that this is a newer virus that has not been identified by that anti-virus vendor yet. It is actually common for new malware to only be identified by a small number of the anti-virus engines. With Metascan Online using so many anti-virus engines, we can get a much greater level of confidence that a safe file is indeed safe.

With our integration with Metascan Online, our users will get an extra level of assurance that every file they download is safe without having to wait around for the results. We offer this service for no extra charge for our cloud users.

How Does It Work?

When a user wants to download a file, Light Point Web will ask for their permission. If they say yes, that file will be downloaded to the Light Point Web server. Light Point Web will then ask Metascan Online to scan that file. If it is safe, the file is streamed to the user’s computer and the user is informed of the scan results.

LPS download no threats detected

If, on the other hand, the file is found to be malicious, the download is blocked and a message informs the user why.

LPS download threat detected

This all happens seamlessly to the user, so no extra work is required by the user to get this additional layer of protection.

Coming soon: If a file is found to be malicious, the dialog will also include a link to the scan results so that you can see further details on the threat detected and which engines detected it.

Enterprise Options

For our enterprise customers, we offer a couple of options: Metascan Online or Metascan on-premises. OPSWAT offers both a cloud version and an on-premise version of Metascan. This gives our enterprise customers the flexibility of choosing the option that works best for them.

If you are interested in learning more about how Light Point Web protects you while browsing the web, contact us, or sign up for a free trial to experience worry free web browsing for yourself.

Securing Your WordPress Site: Top Plugins
Posted on by Beau AdkinsCategories How To, Security, Web Security4 Comments on Securing Your WordPress Site: Top Plugins

WordPress LogoWordPress is huge. It is currently the most popular blogging system in use, and it manages 22% of all new websites. We use it for our site, and I would personally recommend it to anyone thinking of creating a new website.

However, because it is so popular, it becomes a target for hackers. Right now, automated bots are crawling the web looking for WordPress sites to attack. If you take some time to protect yourself, you can greatly reduce your chances of having a problem.

With that, I decided it would be useful to share some of the tips and tricks I have learned to protect our site. There is too much for one blog post, so I will release others over time, but I will start with the most important ones.

So, here are my recommendations for the 4 best WordPress security plugins. All WordPress plugins are easy to install, but some may take some time to configure correctly.

  1. WordPress File Monitor Plus. This plugin is used to alert you anytime a file on your site changes. When a WordPress site gets hacked, what actually happens is the attacker adds one or more files to your site, or they alter one that is already there. A WordPress installation consists of hundreds of files, so it’s very easy to blend in and not be noticed. But with just one file, attackers have the ability to change your site however they want, including attacking your site’s visitors with malware, and eventually getting you banned from Google.

    WordPress File Monitor Plus will regularly check your WordPress installation for new files, deleted files, and changed files. If it finds anything, it will send you an email with details. It is your responsibility to read these emails to see if any changes are unexpected. For example, uploading a new image, or upgrading a plugin will cause an alert. If you see something you can’t explain, investigate it immediately. This plugin will not stop you from being hacked, it will only let you know when you are attacked, and help you clean it up.

    Out of the box, this one is pretty easy to set up. You just tell it how often to scan your files. But most likely, you will want to tell it which files to not scan. For example, if you have a caching plugin, it will cause the File Monitor to tell you things over and over. The best plan is to set it up with no excludes, and when the alerts start coming in, you can identify which directories to not pay attention to anymore. Eventually, it will only tell you about important changes.

  2. Limit Login Attempts. This plugin protects you from automated password guessers. If you install this plugin, it will let you configure how many tries someone gets at logging into your WordPress site before they are locked out for some amount of time. The guess count and lockout time are configurable. If someone guesses incorrectly too many times, you will be sent an email about it, and they will be stopped from trying again for some amount of time.

    So how useful is this? You would be surprised. Once you install this plugin, you will find out that there are automated bots that will find WordPress sites, and try to brute force the password. Without this plugin, they will eventually guess it. Depending on the speed of your server, they could guess hundreds of passwords a second. With this plugin installed, they may get 6 guesses every 2 days.

    This plugin is simple to install and configure. So you have no excuse.

  3. Secure WordPress. This plugin is more of a hardener. It does a lot of little things to make an attackers life harder. While none of these things make it impossible to be hacked, they will make hacking your site harder than hacking someone else’s, and that is usually enough.

  4. TimThumb Vulnerability Scanner. There is a library called TimThumb that people use to dynamically create thumbnail images for websites. It is used by millions of sites. In 2011, a vulnerability was discovered in it that allowed attackers to easily take over any site using it. The vulnerability has been corrected, but sadly old versions are still out there years later. This vulnerability is probably still the most common way WordPress sites get hacked. This plugin will automatically determine if you are using an out of date version of TimThumb, and if so, it will upgrade it for you.

Please let me know if these recommendations helped you, or if you know a WordPress plugin that belongs on this list.

The Motivation Behind Malware
Posted on by Beau AdkinsCategories Light Point Web, Security, Web SecurityLeave a comment on The Motivation Behind Malware

Money from malwareLast night I came across a sobering article from Brian Krebs of KrebsOnSecurity. The article talked about a specific crimeware author that is advertising that he is in the market to buy fresh new browser exploits, but the article had much more information than just that.

The Value of an Exploit Kit

For some background, a crimeware gang has written an exploit kit named Blackhole. Its purpose is to exploit vulnerabilities in web browsers to install a malware payload on victims’ computers. The Blackhole kit itself doesn’t much care what the payload is. Instead, the author of Blackhole will lease his creation to others, and let them supply the malware.

Think about it like a delivery service. If I have a new piece of malware that I want installed on lots of computers around the world, I could pay to have Blackhole deliver it for me. Blackhole doesn’t need to know anything about what it is delivering, its job is only to get it delivered (yes, exactly like Jason Statham in The Transporter).

What is amazing about this is how much it costs to lease Blackhole. A three month license is $700, and a yearly license is $1,500. The creators will even provide hosting for you for $200/week or $500/month.

But that’s not all. The authors of Blackhole have built something even better, a second kit called the Cool Exploit Kit. From the article, it seems like the authors’ newest (and therefore most valuable) exploits are reserved for the Cool Exploit Kit. Only after an exploit becomes known is it moved to Blackhole. Access to the elite Cool Exploit Kit runs $10,000/month!

Additionally, the authors put out a statement that they want to buy more new exploits for browsers and browser plug-ins. They announced that they have set aside an initial budget of $100,000 to buy exploits and vulnerability proof-of-concepts. They stated that they are only interested in purchasing exploits that have not been published and that they will not release this information to the public either. Therefore, the targeted software will remain unpatched indefinitely.

The Motivation Behind Malware

There is only one reason why someone would spend that kind of money to get malware delivered – because it will pay for itself. The article showed that one specific cybergang’s income from just one flavor of ransomware was almost $400,000 a month.

This shows a very dangerous combination of facts. Getting malware onto a victim’s computer is worth a lot of money, so people will pay handsomely for new exploits to make that happen. This makes exploits worth a lot of money, so people will be motivated to continue creating them.

Our Mission

All of this reinforces our motivation here at Light Point Security. The web is now the most common way for malware authors to infect a victim’s computer. Unfortunately, in many cases, such as with the Cool Exploit Kit, cybercriminals use unpublished vulnerabilities in browsers and browser plugins to infect a victim’s computer with malware. By the time the vulnerability is discovered and fixed by the good guys, it is too late. The bad guys have infected tons of computers, and have moved on to the next vulnerability.

We are building Light Point Web to stop not some, not most, but all of these types of exploits – even the ones that have not been made public.

Light Point Web Now Supports PDFs and Office Formats
Posted on by Beau AdkinsCategories Light Point Security Update, Light Point Web, Security, Web SecurityLeave a comment on Light Point Web Now Supports PDFs and Office Formats

Light Point Web Malware ProtectionRecently, we released an update to our servers that allow our users to view many popular document types through Light Point Web. To accomplish this, we are using the Google Docs Viewer. The Google Docs Viewer is a nifty little service from Google that can turn documents into normal webpages.

This addition will greatly enhance the security offered by Light Point Web. Previously, if a user of Light Point Web clicked on a link to a PDF file, the user would see our plugin screen. In order to view the document, the user would click the plugin screen, which would cause the user’s real browser to download and display the PDF file.

Light Point Web Plugin Screen
The Light Point Web Plugin Screen

While this functionality gave our users the ability to view PDFs and other files, it also exposed their computers to any malware that may have been hiding within that document since it required bypassing our security. PDF files can be very dangerous, as it is easy to embed malware within them. With this recent update, our users can now easily view documents without downloading them, which means these types of attacks will no longer be effective on our users.

How to Use the New Viewer

The new plugin viewer works automatically. Now, when you click a link to a supported file, such as a PDF, you will be sent to the Google Docs Viewer for that file. This gives you the ability to read the file without it ever touching your computer. At the top of each page there is a link under the “File” menu item to download the original file. Clicking that link takes you to the old plugin screen, which gives you the ability to open the file in your real browser, if you decide to.

Light Point Web Google Docs Viewer
Light Point Web with the Google Docs Viewer

What File Formats Are Supported?

There are quite a few file types supported by the Google Docs Viewer. Here is the full list. A quick rundown of the most common file types are:

  • Microsoft Word (.doc, .docx)
  • Microsoft Excel (.xls, .xlsx)
  • Microsoft PowerPoint (.ppt, .pptx)
  • Adobe PDF (.pdf)
  • PostScript (.eps, .ps)
  • Archives (.zip, .rar)
Windows Live and Hotmail Account Upgrade Email Phishing Scam
Posted on by Zuly GonzalezCategories Security, Web SecurityLeave a comment on Windows Live and Hotmail Account Upgrade Email Phishing Scam

There’s a Windows Live and Hotmail email phishing scam going around. The email attempts to trick victims into disclosing their Windows Live credentials and other personal information by claiming that a Trojan has been detected in the user’s Windows Live folders. The fraudulent email claims that the personal information is needed to upgrade the user’s email account with a 1024-bit RSA key anti-virus firewall, and that if the user does not comply, their email account will be terminated.

Windows Live and Hotmail Email Phishing Scam: Account Upgrade!!(Verify Now)

This phishing email claims to come from the Windows Live™ team. However, the email address associated with the account is lbhughes100@msn.com – not exactly an email address I would expect to see from an official Windows Live communication. The subject line of the email is “Account Upgrade!!(Verify Now)”. Note the missing space between the second exclamation mark and the open parenthesis. That mistake was made by the spammers; it’s not a typo on my part.

The email reads as follows:

From: Windows Live™ TEAM (lbhughes100@msn.com)
Subject: Account Upgrade!!(Verify Now)

Dear Windows Live customer,

Windows Live™ MSN is faster, safer than ever before and filled with new ways to stay in touch. Storage space that grows with you means you shouldn’t have to worry about deleting your e-mail, and the new calendar makes it easy to share your schedule with family and friends. Due to increased spam and phishing activities globally, a DGTFX trojan virus has been detected in your windows live folders. Your email account will be upgraded with our new secure 1024-bit RSA key anti-virus firewall to prevent damage to our email servers and to your important files. Click your reply tab, fill the columns below and send back to us or your email account will be terminated to avoid spread of the virus.

* User Name:……………………………………..

* Password:……………………………………….

* Confirm Password:……………………………

* Year of Birth:…………………………………..

* Country Or Territory:………………………..

Note that your password will be encrypted with 1024-bit RSA keys for your password safety.

If you use Hotmail, MSN or Live! you’re using Windows Live. Your Hotmail address and password gives you access to the full suite of Windows Live services so you can stay connected with the people and things that matter to you online. Plan your next event, write a blog, create a discussion group, even get updates from other websites you use. – “Your Life, Your Stuff, All Together at Windows Live.” we wish to serve you better…

This Account Update will Improve our services to you.

You can access your Hotmail, Messenger and SkyDrive faster directly from your phone or phone’s web browser. For more info, see Get mail on your phone, Get Messenger on your phone, and Get SkyDrive on your phone. We remain focused on making Hotmail, Messenger, SkyDrive and your Windows PC the best that they can be. Note that this change has no impact on your ability to access Hotmail, Messenger, and Skydrive. Thanks for your understanding and patience as we update our services. Sincerely,

The Windows Live Team

Microsoft respects your privacy. To learn more, please read our online Privacy Statement.

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052

There are six links in this phishing email. Two of the links point to home.live.com. The other four links point to URLs in the form of microsoft.windowslive.com/Key-*.

How to Identify a Phishing Email?

There are a few telltale signs that this is a phishing scam.

  1. It asks for personal information. No legitimate company, including Microsoft, will ever ask you for personal information via email. That includes your username, password and date of birth. This is the biggest red flag.
  2. It contains poor grammar, misspellings and looks unprofessional. If you receive an email claiming to be from a large enterprise, like Microsoft, with grammatical mistakes and misspellings, you can be sure it did not really originate from them. Large companies ensure that their emails look professional. In the case of this Windows Live phishing email, the subject line and from field are enough to give it away. Note the double exclamation marks and missing space in the subject line. Also note that the word ‘team’ in the from field is written in all capital letters. You don’t even need to click on the email to know it’s a scam.
  3. The sender’s email address is unprofessional. First, it’s from an MSN account, which anyone on the Internet can get for free, instead of from an official Microsoft domain. Second, the first part of the email address is ‘lbhughes100’, again very unprofessional looking (and suspicious).
  4. There is a sense of urgency. This pressures you into feeling like you need to take action right away, and do not have the time to research the legitimacy of it.

How to Protect Yourself From Phishing Emails?

Here are a few things you can do to protect your identity, and personal information, and avoid becoming a victim of phishing email scams.

  • If you receive an email message claiming to be from Hotmail, MSN or Windows Live, with the subject line Account Upgrade!!(Verify Now), or similar, do not open it and delete it immediately.
  • If you mistakenly open the email message, don’t click on any links in the email or download any attachments, and delete it right away.
  • To report spam, Hotmail users should click the “Junk” button. Non-Hotmail users should send an email to report_spam@hotmail.com, report_spam@msn.com or report_spam@live.com (depending on the originating mail domain: hotmail or msn or live), and attach a copy of the spam email.
  • Spread the word. Spammers get away with this because most people aren’t aware of these threats, so tell your friends by sharing a link to this post, or any other post on the topic.
  • Read and follow the most important steps for internet security to protect your computer from cybercrimes.

Have you received a similar email?

Categories
Archives